Confidentiality Of Sensitive Data Research Articles

Web of Threats: A Comprehensive Analysis of Various Injection Attacks on Web Application Software

With the ever-increasing reliance on software systems for critical functions across various domains, the threat landscape has evolved to exploit vulnerabilities within these systems. This research paper explores the clandestine domain of software injection attacks, presenting a comprehensive analysis of their methodologies and severity. The study begins by providing an in-depth exploration of various software injection techniques, such as SQL injection, cross-site scripting (XSS), and code injection etc elucidating the mechanisms through which attackers exploit vulnerabilities to compromise the integrity and confidentiality of sensitive data. Through a detailed examination of Dynamic Application Security Testing reports of different websites over the past two years, the paper sheds light on the diverse ways in which software injection attacks have been employed to compromise systems in different industries. This research paper provides a holistic understanding of software injection attacks, aiming to raise awareness among developers, security practitioners, and policymakers about the gravity of this threat. By elucidating the intricacies of these attacks and proposing effective countermeasures, the paper contributes to the ongoing efforts to bolster the resilience of software systems against evolving cyber threats.

Investigation of crypto-algorithms for Stability Assessment

Performance evaluation plays a vital role in the field of cryptography. It is essential to assess the security, efficiency, and suitability of different algorithms in various applications. By evaluating the performance of cryptography algorithms, we can identify vulnerabilities, weaknesses, and strengths, which are crucial for ensuring the integrity and confidentiality of sensitive data. Moreover, performance evaluation allows for benchmarking, algorithm selection, and continuous improvement in the field, driving advancements in cryptography techniques and enhancing the overall security of systems that rely on cryptography. This paper implements a test algorithm that can evaluate the performance of different parameters for a range of cryptography algorithms. The performance of input is evaluated using parameters such as the Avalanche effect, Correlation coefficient, Bit independence test, Frequency test, Encryption and decryption execution time, Throughput, Brute Force attack, and Information entropy. By comparing results obtained from the performance tests, we can gain valuable insights into the relative strengths and weaknesses of the algorithms. This aids in making informed decisions regarding algorithm selection and improvement, ultimately contributing to the advancement of secure communication and data protection.

Ethical and legal implications of digital mental health applications

The digitization of mental health enables significant shifts in clinical practice by harnessing vast amounts of data derived from the use of apps and wearables to enhance medical research, patient care, and health system efficiency. However, this process brings forth pertinent ethical and legal risks. Ethically, concerns primarily revolve around safeguarding the privacy and confidentiality of sensitive data, alongside the transformation of the doctor-patient relationship through technological interaction. Within the regulatory realm, issues encompass the classification of these tools as medical products, ensuring normative assurance of effective protection of mental health data, and addressing potential legal risks within this domain. This article aims to provide an overarching view of this landscape, serving as a catalyst for the technological, ethical, and legal discourse necessitated by digital mental health.

SED-SGC: A scalable, efficient, and distributed secure group communication scheme based on superlattice PUF

A critical challenge in group communication is to guarantee the authenticity, integrity, and confidentiality of sensitive data, especially in scenarios with potential and prospective massive device access, such as the Internet of Everything (IoE). This paper explores a scalable, efficient, distributed secure group communication (SED-SGC) scheme that employs superlattice Physical Unclonable Function (PUF), tree structure, and the Decision Diffie–Hellman Problem. In SED-SGC, superlattice PUF facilitates lightweight, high-security mutual authentication and key generation. The Decision Diffie–Hellman Problem and tree structure construct group key agreement and dynamic member management protocol with logarithmic complexity, achieving forward and backward secrecy. Also, we demonstrate that SED-SGC can effectively guarantee security against multiple attack methods such as collusion attacks, man-in-the-middle attacks (MITM), and impersonation attacks.

Ethical, Legal, Organisational and Social Issues of Teleneurology: A Scoping Review.

Neurological disorders are the leading cause of disability and the second leading cause of death worldwide. Teleneurology (TN) allows neurology to be applied when the doctor and patient are not present in the same place, and sometimes not at the same time. In February 2021, the Spanish Ministry of Health requested a health technology assessment report on the implementation of TN as a complement to face-to-face neurological care. A scoping review was conducted to answer the question on the ethical, legal, social, organisational, patient (ELSI) and environmental impact of TN. The assessment of these aspects was carried out by adapting the EUnetHTA Core Model 3.0 framework, the criteria established by the Spanish Network of Health Technology Assessment Agencies and the analysis criteria of the European Validate (VALues In Doing Assessments of healthcare TEchnologies) project. Key stakeholders were invited to discuss their concerns about TN in an online meeting. Subsequently, the following electronic databases were consulted from 2016 to 10 June 2021: MEDLINE and EMBASE. 79 studies met the inclusion criteria. This scoping review includes 37 studies related to acceptability and equity, 15 studies developed during COVID and 1 study on environmental aspects. Overall, the reported results reaffirm the necessary complementarity of TN with the usual face-to-face care. This need for complementarity relates to factors such as acceptability, feasibility, risk of dehumanisation and aspects related to privacy and the confidentiality of sensitive data.

Secure Distributed Cloud Storage based on the Blockchain Technology and Smart Contracts

Objectives: This paper addresses the problem of secure data storage and sharing over cloud storage infrastructures. A secure, distributed cloud storage structure incorporating the blockchain structure is proposed that supports confidentiality, integrity, and availability. Methods/Analysis: The proposed structure combines two well-known technologies: one of them is the Ethereum Blockchain and its Smart Contracts and the other is the RSA encryption and authentication scheme. The Ethereum Blockchain is used as a data structure, which ensures data availability and integrity while RSA provides sensitive data confidentiality and source authentication. Findings: As a result, users of the proposed structure can trust it and be certain that they can securely exchange information through a publicly accessible and shared cloud storage. The application can be used either through a user interface (UI) or a command-line interface (CLI). Novelty /Improvement:The novelty of this work is that the system that is proposed could be used for secure data storage on the cloud as well as for file sharing and authentication verification. Also, secure data storage and file sharing are already offered by the proposed system. Doi: 10.28991/ESJ-2023-07-02-012 Full Text: PDF

Cryptanalysis of two similar chaos-based image encryption schemes

Chaos based image encryption cryptosystems have garnered much attraction in the recent past. In this regard, recently, two chaos-based image encryption algorithms have been proposed. Both the cryptosystems exhibit very good cryptographic metrics. The first cryptosystem utilizes cryptographic tweaks and other cryptographic primitives to encrypt digital images. This cryptosystem also relies on the idea that a tweak can make the cryptosystem secure. Our paper points out that merely using a tweak doesn’t make the cryptosystem secure and additionally, the structure and stages in the algorithm bear inability to preserve confidentiality of sensitive data. The second cryptosystem is an enhancement of another cryptosystem. Our work indicates that the enhancement in the second cryptosystem is also weak and allows an adversary to retrieve the exact key itself. Both the cryptosystems have similar weaknesses and don’t follow the guidelines laid down by National Institute of Standards and Technology (NIST). It is observed that both the cryptosystems can be broken, to reveal the exact chaotic sequence used for encryption, using a Chosen Plaintext Attack. From this work, it is realized that the weaknesses in the methods can be partially avoided by strictly following the rules laid down by the cryptographic community and NIST. Apart from this, it is expected that future cryptosystems follow all the suggestions mentioned in our work so that, before the cryptosystem is out for attack by cryptanalysts, it is scrutinized sufficiently.

Collusion-resistant protocols for private processing of aggregated queries in distributed databases

Private processing of database queries protects the confidentiality of sensitive data when queries are answered. It is important to design collusion-resistant protocols ensuring that privacy remains protected even when a certain number of honest-but-curious participants collude to share their knowledge in order to gain unauthorised access to sensitive information. A novel setting arises when aggregated queries need to be answered for a large distributed database, but legal requirements or commercial interests forbid making access to records in each subdatabase available to other counterparts. For example, a very large number of medical records may be stored in a distributed database, which is a union of several separate databases from different hospitals, or even from different countries. The present article introduces and investigates two protocols for collusion-resistant private processing of aggregated queries in this novel setting: Accelerated Multi-round Iterative Protocol (AMIP) and Restricted Multi-round Iterative Protocol (RMIP). We define a large collection of query functions and show that AMIP and RMIP protocols can answer all queries in this collection. Our experiments demonstrate that the AMIP protocol outperforms all other applicable algorithms, and this achievement is especially significant in terms of the communication complexity.

Providing Confidentiality for Sensitive Data using Format Preserving Technique in Cloud

Providing Confidentiality for Sensitive Data using Format Preserving Technique in Cloud

Privacy-Preserving Genome-Wide Association Study for Rare Mutations - A Secure FrameWork for Externalized Statistical Analysis

This paper proposes a new privacy-preserving framework to perform rare variant case-control association tests with information provided by two parties: a Genomic Research Unit (GRU) with sequencing data from individuals affected by a disease D (cases); a Genomic Research Center (GRC) with sequencing data from healthy individuals (controls). To identify genes with rare variants involved in D, GRU needs to compare cases against controls using association tests (genome-wide association study). The main originality of our proposal is twofold. First, it positions GRC as a proxy between GRU and the server. Doing so makes it possible to use classical cryptographic tools to securely conduct association tests with no computation complexity increase, contrarily to actual state of the art proposals which are of very high complexity being based on homomorphic encryption, for instance. In particular, we show how sensitive data confidentiality can be ensured with secret key based cryptographic hashing with no need to modify statistical algorithms. In our protocol the server simply conducts statistical analyses on partially hashed data. Secondly, we introduce a novel privacy constraint: GRU's identity should remain unknown to the server as this knowledge can give it clues about GRU's data (e.g., diseases and genes of interest). We exhibit how Pretty Good Privacy (PGP) can be used to solve this problem. We illustrate our protocol in the case of one rare variant association test, the Weighted-Sum Statistic (WSS) algorithm, carried out on real genetic data. This secure WSS achieves the same accuracy as its nonsecure version with no increase of complexity. Furthermore, we establish that our protocol can be extended to the different rare variant association tests available in the literature.

Atlas: Application Confidentiality in Compromised Embedded Systems

Due to the requirements of the Internet-of-Things, modern embedded systems have become increasingly complex, running different applications. In order to protect their intellectual property as well as the confidentiality of sensitive data they process, these applications have to be isolated from each other. Traditional memory protection and memory management units provide such isolation, but rely on operating system support for their configuration. However, modern operating systems tend to be vulnerable and cannot guarantee confidentiality when compromised. We present Atlas, a hardware-based security architecture, complementary to traditional memory protection mechanisms, ensuring code and data confidentiality through transparent encryption, even when the system software has been exploited. Atlas relies on its zero-software trusted computing base to protect against system-level attackers and also supports secure shared memory. We implemented Atlas based on the LEON3 softcore processor, including toolchain extensions for developers. Our FPGA-based evaluation shows minimal cycle overhead at the cost of a reduced maximum frequency.

ASDS: Attribute‐based secure data sharing scheme for reliable cloud environment

Cloud computing is a new revolution of information technology which provides many benefits to customers such as scalability, on‐demand, 24 × 7 × 365 support, and reduce cost usage of computing resources. But storing data on these untrusted cloud servers makes secure data sharing a big challenge issue. On one hand, enforce data access policies on these untrusted storage servers provider is an effective way to ensure data security. On the other hand, confidentiality of sensitive data should be protected against them. This paper presents an attribute‐based secure data sharing (ASDS) scheme for cloud environment, which provides data access control, data confidentiality, data authentication, and flexible user revocation. In addition, the proposed scheme is able to resist collusion attack and replay attack. The analysis of security properties and the comparison performance with other data sharing schemes have demonstrated that ASDS is very suitable for cloud environment.

PERSIST: Policy-Based Data Management Middleware for Multi-Tenant SaaS Leveraging Federated Cloud Storage

NoSQL data stores are often combined to address different requirements within the same application. The implication of this trend is particularly important and relevant in the context of multi-tenant SaaS applications where tenants commonly have different storage- and privacy-related requirements and thus they desire to customize the storage setup according to their specific needs. Consequently, application developers are increasingly combining storage resources: on-premise and public cloud resources in a hybrid cloud setup, different external public cloud storage resources and providers in a federated cloud storage setup, etc. The consequences of these trends are twofold: (i) application developers and SaaS providers have to deal with heterogeneous technologies, different APIs, and implement complex storage logic (to address different requirements of tenants), all within the application layer; and (ii) storage architectures have become less rigid, and techniques are required to flexibly change the storage configuration of running applications, up to the level of individual service requests. To address these challenges, we present PERSIST, a middleware architecture that (i) externalizes the complexity of a federated cloud storage architecture and the complex storage logic from the SaaS application to storage policies, allows tenants to enforce different storage- and privacy-related requirements at a fine-grained level; and (ii) supports the dynamic (re)configurability of the underlying federated cloud storage architecture. Application-specific policies can be customized by individual tenants at run time, and PERSIST offers support for run-time cross-provider polyglot persistence and the confidentiality of sensitive data through encryption. We have validated PERSIST in a working prototype implementation. Our extensive evaluation efforts show (i) the accomplished reduction in the required development effort to support complex storage policies, (ii) the reduction in cost/effort to change the data storage architecture itself, and finally (iii) the acceptability of the performance overhead (around 6% for insert, and 2% for read, update and delete transactions).

Intrusion Detection in Computer Networks using Lazy Learning Algorithm

Intrusion Detection Systems (IDS) are used in computer networks to safeguard the integrity and confidentiality of sensitive data. In recent years, network traffic has become sizeable enough to be considered under the big data domain. Current machine learning based techniques used in IDS are largely defined on eager learning paradigms which lose performance efficiency by trying to generalize training data before receiving queries thereby incurring overheads for trivial computations. This paper, proposes the use of lazy learning methodologies to improve overall performance of IDS. A novel heuristic weight based indexing technique has been used to overcome the drawback of high search complexity inherent in lazy learning. IBk and LWL, two popular lazy learning algorithms have been compared and applied on the NSL-KDD dataset for simulating a real-world like scenario and comparing their relative performances with hw-IBk. The results of this paper clearly indicate lazy algorithms as a viable solution for real-world network intrusion detection.

A swift Cloud-Paillier scheme to protect sensitive data confidentiality in cloud computing

Concerns over the confidentiality of sensitive data are still the main obstacles limiting the wide-spread adoption of cloud services. Actually, scientists have suggested a new encryption form, called homomorphic encryption (HE), which can offer a third-party having the ability to perform operations on encrypted data. The HE property can be considered as a useful method to get over these concerns. Since cloud environments are threatened by outsider/insider security attacks and since the cloud consumers oftentimes access to cloud services utilizing resource-limited devices, the HE schemes need to be promoted in terms of security level and running time to work effectively. At BDAW'16, we boosted a Paillier scheme at the security level, we refer to as Cloud-Paillier. In this paper, we propose a fast variant of Cloud-Paillier scheme to accelerate its decryption process. The variant employs the Chinese remaindering to decrypt. Simulation results show that the proposed variant provides a large decryption speedup over Cloud-Paillier scheme while preserves the same security level.

Privacy Leakage of Physical Activity Levels in Wireless Embedded Wearable Systems

With the ubiquity of sensing technologies in our personal spaces, the protection of our privacy and the confidentiality of sensitive data becomes a major concern. In this letter, we focus on wearable embedded systems that communicate data periodically over the wireless medium. In this context, we demonstrate that private information about the physical activity levels of the wearer can leak to an eavesdropper through the physical layer. Indeed, we show that the physical activity levels strongly correlate with changes in the wireless channel that can be captured by measuring the signal strength of the eavesdropped frames. We practically validate this correlation in several scenarios in a real residential environment, using data collected by our prototype wearable accelerometer-based sensor. Finally, we propose a privacy enhancement algorithm that mitigates the leakage of this private information.

A Survey-Decentralized Access Control with Anonymous Authentication and Deduplication of Data Stored in Clouds

Cloud computing is a rising computing standard in which assets of the computing framework are given as a service over the Internet. It delivers new challenges for data security and access control when clients outsource sensitive data for offering on cloud servers. These results unavoidably present a substantial processing overhead on the data possessor for key distribution and data administration when fine-grained data access control is in demand, and subsequently don't scale well. The issue of at the same time accomplishing fine-graininess, scalability, and data confidentiality of access control really still remains uncertain. The system characterize and implements access policies based on data qualities, and, then again, permits the data owner to represent the majority of the calculation included in fine-grained data access control to un-trusted cloud servers without unveiling the underlying data substance. This can be achieved by exploiting and combining techniques of decentralized key policy Attribute Based Encryption (KP-ABE). The proposed approach is highly efficient and secure. Also Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data, and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before outsourcing it also represents several new deduplication constructions supporting authorized duplicate check in hybrid decentralized cloud architecture.

프라이버시 보존형 소스기반 중복제거 방법

Cloud storage servers do not detect duplication of conventionally encrypted data. To solve this problem, convergent encryption has been proposed. Recently, various client-side deduplication technology has been proposed. However, this propositions still cannot solve the security problem. In this paper, we suggest a secure source-based deduplication technology, which encrypt data to ensure the confidentiality of sensitive data and apply proofs of ownership protocol to control access to the data, from curious cloud server and malicious user.

IJARCCE - Computer and Communication Engineering

When using the secure cloud storage services on resources limited Mobile Devices, the confidentiality of sensitive data must be ensured before uploading the data on cloud storage servers. The complex security operations to ensure security are restricted to execute due to the resource constrained mobile devices. The huge volume of complex security operations are offloaded remotely on cloud storage. By literature review of existing security frameworks focus on reducing the complexity of cryptographic algorithms or methods to offer confidentiality and security. By keep in view the requirements of security and privacy of confidential data of with resource restricted mobile devices, in this paper, We present a proposed security framework for mobile cloud computing. In this framework the cryptographic methods as well as algorithms are used for encryption and decryption of mobile user data. This Framework ensures the additional security and confidentiality of users sensitive or significant data. This paper introduces the scheming flow of proposed security framework. This proposed Security framework is for the purpose to secure and provide privacy and integrity to users confidential data in Mobile Cloud Environment.

A Survey On: Secure Data Deduplication on Hybrid Cloud Storage Architecture

Data deduplication is one of the most important Data compression techniques used for to removing the duplicate copies of repeating data and it is widely used in the cloud storage for the purpose of reduce the storage space and save bandwidth. To keep the confidentiality of sensitive data while supporting the deduplication, to encrypt the data before outsourcing convergent encryption technique has been proposed .To better protect data security, this project makes the first attempt to formally address the problem of authorized data deduplication .Different from the traditional deduplication system, differential benefits of the user are further considered the duplicate check besides the data itself. Hybrid cloud architecture contains several new deduplication constructions supporting authorized duplicate check. The proposed security models contain the demonstration of security analysis scheme. As a proof of concept, contains the implementation framework of proposed authorized duplicate check scheme and conduct testbed experiments using these prototype. In proposed system contain authorized duplicate check scheme incurs minimal overhead compared to normal operations. General Terms Convergent Encryption, Baseline Algorithm, Dekey Algorithm.