Project description:With the development of information technology and the Internet, users can conveniently use roaming services without time and space restrictions. This roaming service is initiated by establishing a session key between a home node, which exists in a home network, and a mobile node, which exists in a foreign network. However, in the process of verifying a legitimate user and establishing a session key, various security threats and privacy exposure issues can arise. This study demonstrates that the authentication scheme for the roaming service proposed in the existing Global Mobility Network (GLOMONET) environment has several vulnerabilities and, hence, is impractical. In addition, the scheme does not satisfy the privacy of the session key or user's identity or password. Accordingly, we propose a new lightweight authentication scheme to compensate for these vulnerabilities and secure a high level of privacy, such as non-traceability. In addition, formal and informal analyses are conducted to examine the safety of the proposed scheme. Based on the results of our analyses, we prove that the proposed scheme is highly secure and applicable to the actual GLOMONET environment.

Project description:Anonymous transmission is an interesting and crucial issue in computer communication area, which plays a supplementary role to data privacy. In this paper, we put forward a privacy preserving quantum anonymous transmission protocol based on entanglement relay, which constructs anonymous entanglement from EPR pairs instead of multi-particle entangled state, e.g. GHZ state. Our protocol achieves both sender anonymity and receiver anonymity against an active adversary and tolerates any number of corrupt participants. Meanwhile, our protocol obtains an improvement in efficiency compared to quantum schemes in previous literature.

Project description:Qiu et al. made a security analysis about the protocols of Chaudhry et al. and Kumari et al. in 2018, and they pointed out that there are many security weaknesses in the protocols. To improve the security, Qiu et al. proposed an advanced authentication scheme for Session Initiation Protocol on the basis of the previous protocols and claimed that their own protocol was very secure and practical. However, we demonstrate that the protocol of Qiu et al. has a serious mistake which causes their protocol cannot be executed normally. Beyond that, we also find out that their protocol cannot withstand insider attack and denial service attack. In order to remove these weaknesses, we propose an efficient provably secure mutual authentication scheme. Furthermore, our scheme provides security analysis with the help of Burrows-Abadi-Needham (BAN) logic. Compared with their protocol, ours has greater security and better performance.

Project description:The traditional username/password or PIN based authentication scheme, which still remains the most popular form of authentication, has been proved insecure, unmemorable and vulnerable to guessing, dictionary attack, key-logger, shoulder-surfing and social engineering. Based on this, a large number of new alternative methods have recently been proposed. However, most of them rely on users being able to accurately recall complex and unmemorable information or using extra hardware (such as a USB Key), which makes authentication more difficult and confusing. In this paper, we propose a Digital Memories based user authentication scheme adopting homomorphic encryption and a public key encryption design which can protect users' privacy effectively, prevent tracking and provide multi-level security in an Internet & IoT environment. Also, we prove the superior reliability and security of our scheme compared to other schemes and present a performance analysis and promising evaluation results.

Project description:An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme.

Project description:MOTIVATION:Personal genomes carry inherent privacy risks and protecting privacy poses major social and technological challenges. We consider the case where a user searches for genetic information (e.g. an allele) on a server that stores a large genomic database and aims to receive allele-associated information. The user would like to keep the query and result private and the server the database. APPROACH:We propose a novel approach that combines efficient string data structures such as the Burrows-Wheeler transform with cryptographic techniques based on additive homomorphic encryption. We assume that the sequence data is searchable in efficient iterative query operations over a large indexed dictionary, for instance, from large genome collections and employing the (positional) Burrows-Wheeler transform. We use a technique called oblivious transfer that is based on additive homomorphic encryption to conceal the sequence query and the genomic region of interest in positional queries. RESULTS:We designed and implemented an efficient algorithm for searching sequences of SNPs in large genome databases. During search, the user can only identify the longest match while the server does not learn which sequence of SNPs the user queried. In an experiment based on 2184 aligned haploid genomes from the 1000 Genomes Project, our algorithm was able to perform typical queries within [Formula: see text] 4.6?s and [Formula: see text] 10.8?s for client and server side, respectively, on laptop computers. The presented algorithm is at least one order of magnitude faster than an exhaustive baseline algorithm. AVAILABILITY AND IMPLEMENTATION:https://github.com/iskana/PBWT-sec and https://github.com/ratschlab/PBWT-sec CONTACTS:shimizu-kana@aist.go.jp or Gunnar.Ratsch@ratschlab.org SUPPLEMENTARY INFORMATION:Supplementary data are available at Bioinformatics online.

Project description:Location-based services (LBS), as one of the most popular location-awareness applications, has been further developed to achieve low-latency with the assistance of fog computing. However, privacy issues remain a research challenge in the context of fog computing. Therefore, in this paper, we present a fine-grained and privacy-preserving query scheme for fog computing-enhanced location-based services, hereafter referred to as FGPQ. In particular, mobile users can obtain the fine-grained searching result satisfying not only the given spatial range but also the searching content. Detailed privacy analysis shows that our proposed scheme indeed achieves the privacy preservation for the LBS provider and mobile users. In addition, extensive performance analyses and experiments demonstrate that the FGPQ scheme can significantly reduce computational and communication overheads and ensure the low-latency, which outperforms existing state-of-the art schemes. Hence, our proposed scheme is more suitable for real-time LBS searching.

Project description:Process mining has been successfully applied in the healthcare domain and has helped touncover various insights for improving healthcare processes. While the benefits of process miningare widely acknowledged, many people rightfully have concerns about irresponsible uses of personaldata. Healthcare information systems contain highly sensitive information and healthcare regulationsoften require protection of data privacy. The need to comply with strict privacy requirements mayresult in a decreased data utility for analysis. Until recently, data privacy issues did not get muchattention in the process mining community; however, several privacy-preserving data transformationtechniques have been proposed in the data mining community. Many similarities between datamining and process mining exist, but there are key differences that make privacy-preserving datamining techniques unsuitable to anonymise process data (without adaptations). In this article, weanalyse data privacy and utility requirements for healthcare process data and assess the suitabilityof privacy-preserving data transformation methods to anonymise healthcare data. We demonstratehow some of these anonymisation methods affect various process mining results using three publiclyavailable healthcare event logs. We describe a framework for privacy-preserving process mining thatcan support healthcare process mining analyses. We also advocate the recording of privacy metadatato capture information about privacy-preserving transformations performed on an event log.

Project description:ObjectiveRecord linkage to integrate uncoordinated databases is critical in biomedical research using Big Data. Balancing privacy protection against the need for high quality record linkage requires a human-machine hybrid system to safely manage uncertainty in the ever changing streams of chaotic Big Data.MethodsIn the computer science literature, private record linkage is the most published area. It investigates how to apply a known linkage function safely when linking two tables. However, in practice, the linkage function is rarely known. Thus, there are many data linkage centers whose main role is to be the trusted third party to determine the linkage function manually and link data for research via a master population list for a designated region. Recently, a more flexible computerized third-party linkage platform, Secure Decoupled Linkage (SDLink), has been proposed based on: (1) decoupling data via encryption, (2) obfuscation via chaffing (adding fake data) and universe manipulation; and (3) minimum information disclosure via recoding.ResultsWe synthesize this literature to formalize a new framework for privacy preserving interactive record linkage (PPIRL) with tractable privacy and utility properties and then analyze the literature using this framework.ConclusionsHuman-based third-party linkage centers for privacy preserving record linkage are the accepted norm internationally. We find that a computer-based third-party platform that can precisely control the information disclosed at the micro level and allow frequent human interaction during the linkage process, is an effective human-machine hybrid system that significantly improves on the linkage center model both in terms of privacy and utility.

Project description:Nowadays, the identity verification of banks' clients at Automatic Teller Machines (ATMs) is a very critical task. Clients' money, data, and crucial information need to be highly protected. The classical ATM verification method using a combination of credit card and password has a lot of drawbacks like Burglary, robbery, expiration, and even sudden loss. Recently, iris-based security plays a vital role in the success of the Cognitive Internet of Things (C-IoT)-based security framework. The iris biometric eliminates many security issues, especially in smart IoT-based applications, principally ATMs. However, integrating an efficient iris recognition system in critical IoT environments like ATMs may involve many complex scenarios. To address these issues, this article proposes a novel efficient full authentication system for ATMs based on a bank's mobile application and a visible light environments-based iris recognition. It uses the deep Convolutional Neural Network (CNN) as a feature extractor, and a fully connected neural network (FCNN)-with Softmax layer-as a classifier. Chaotic encryption is also used to increase the security of iris template transmission over the internet. The study and evaluation of the effects of several kinds of noisy iris images, due to noise interference related to sensing IoT devices, bad acquisition of iris images by ATMs, and any other system attacks. Experimental results show highly competitive and satisfying results regards to accuracy of recognition rate and training time. The model has a low degradation of recognition accuracy rates in the case of using noisy iris images. Moreover, the proposed methodology has a relatively low training time, which is a useful parameter in a lot of critical IoT based applications, especially ATMs in banking systems.