Dynamic Access Control Research Articles

Mitigation Services on SDN for Distributed Denial of Service and Denial of Service Attacks Using Machine Learning Techniques

Software-Defined Networking (SDN) offers an innovative model over the separation of the data plane, control plane and management plane. This separation would result in more effective network management, including cost reductions for hardware and manpower, and the ability to deliver on-demand solutions using programmable SDN approaches. As network policy and on-demand services become more impartial, SDN is becoming more popular. However, there are safety risks associated with the SDN network due to malicious floods such as Distributed Denial of Service (DDoS) attacks and Denial of Service (DoS) attacks directed at the SDN Controller, OpenFlow Virtual Switch (OVS), and end nodes, which must be addressed. Because of these assaults, network throughput is reduced, resulting in a lapse in the availability of network services and a reduction in business operations. The main emphasis of this study is on the detection and mitigation of DDoS and DoS assaults in the SDN network, which is accomplished by the use of both unsupervised and supervised learning approaches. The use of the Dynamic Access Control List (DACL) allows for the performance of mitigation operations in the SDN network, which has been implemented using the mininet. The outcome of the experiment demonstrates that malicious (DDoS and DoS) flood is reduced as a consequence of the mitigation technique.

SEMRAchain: A Secure Electronic Medical Record Based on Blockchain Technology

A medical record is an important part of a patient’s follow-up. It comprises healthcare professionals’ views, prescriptions, analyses, and all information about the patient. Several players, including the patient, the doctor, and the pharmacist, are involved in the process of sharing, and managing this file. Any authorized individual can access the electronic medical record (EMR) from anywhere, and the data are shared among various health service providers. Sharing the EMR requires various conditions, such as security and confidentiality. However, existing medical systems may be exposed to system failure and malicious intrusions, making it difficult to deliver dependable services. Additionally, the features of these systems represent a challenge for centralized access control methods. This paper presents SEMRAchain a system based on Access control (Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC)) and a smart contract approach. This fusion enables decentralized, fine-grained, and dynamic access control management for EMR management. Together, blockchain technology as a secure distributed ledger and access control provides such a solution, providing system stakeholders with not just visibility but also trustworthiness, credibility, and immutability.

In-Depth Analysis and Systematic Literature Review on Risk Based Access Control in Cloud

Security in Cloud is one of the most foremost and critical feature, which can ensure the confidence of the Scientific community on Cloud environment. With the dynamic and ever changing nature of the Cloud computing environment, static access control models become obsolete. Hence, dynamic access control models are required, which is still an emergent and underdeveloped domain in Cloud security. These models utilize not only access policies but also contextual and real-time information to determine the access decision. Out of these dynamic models the Risk-based Access control model, estimates the security risk value related to the access request dynamically to determine the access decision. The exclusive working pattern of this access control model makes it an excellent choice for dynamically changing environment that rules the cloud’s environment. This paper provides a systematic literature appraisal and evaluation of risk-based access control models to provide a detailed understanding of the topic. The contributions of selected articles have been summarized. The security risks in cloud environment have been reviewed, taking in the account of both Cloud Service Provider and Cloud Customer perspectives. Additionally, risk factors used to build the risk-based access control model were extracted and analyzed. Finally, the risk estimation techniques used to evaluate the risks of access control operations have also been identified.

A Dynamic and Automated Access Control Management System for Social Networks

In recent years, online social networks (OSNs) have become an essential part of our social life. In OSNs, users can post resources to predefined groups of users, for example, family, friends, close friends. However, due to these predefined groups of users, few irrelevant users may get access to these published resources. Moreover, the users cannot configure privacy settings due to the lack of technical knowledge and the rigidity of the access control management system. To tackle these issues, we propose a text-based dynamic and fine-grain access control system for OSNs. Our proposed model uses a dynamic clustering algorithm to create user clusters based on the mutual interests of the users. After clustering, the proposed system creates automatic access rules based on the relationship between the users’ clusters and their resources. The proposed system will ensure fine-grained access control and automatic assignment of policies to the text-based resources. We have implemented our system to gauge the applicability, and the results are discussed in the experiments section.

Software-defined network-based dynamic access control mechanism for internet of vehicles using Adaboost

Software-defined network-based dynamic access control mechanism for internet of vehicles using Adaboost

Accessing Electronic Health Records of the Unconscious Patient

Electronic Health Records are a digital version of paper-based records. Studying previous treatment, care and medications is important for making diagnosis for the current situation. The aim of this paper relates to the use of EHR as a means of communication between patient and health care provider with a focus on how EHRs communicates health information for unconscious patient to physicians. As accessing records requires credentials of patient and if the patient is not in a condition to enter his credentials, this leads to the scope of dynamic access control. Dynamic access control is provided by dividing EHRs into different levels. The basis for these levels is physician’s specialization and patient’s health status. This framework is implemented with the help of a WAMP server using PHP and MySQL.

Smart contract token-based privacy-preserving access control system for industrial Internet of Things

Due to mobile Internet technology's rapid popularization, the Industrial Internet of Things (IIoT) can be seen everywhere in our daily lives. While IIoT brings us much convenience, a series of security and scalability issues related to permission operations rise to the surface during device communications. Hence, at present, a reliable and dynamic access control management system for IIoT is in urgent need. Up till now, numerous access control architectures have been proposed for IIoT. However, owing to centralized models and heterogeneous devices, security and scalability requirements still cannot be met. In this paper, we offer a smart contract token-based solution for decentralized access control in IIoT systems. Specifically, there are three smart contracts in our system, including the Token Issue Contract (TIC), User Register Contract (URC), and Manage Contract (MC). These three contracts collaboratively supervise and manage various events in IIoT environments. We also utilize the lightweight and post-quantum encryption algorithm-Nth-degree Truncated Polynomial Ring Units (NTRU) to preserve user privacy during the registration process. Subsequently, to evaluate our proposed architecture's performance, we build a prototype platform that connects to the local blockchain. Finally, experiment results show that our scheme has achieved secure and dynamic access control for the IIoT system compared with related research.

Enabling privacy and leakage resistance for dynamic blockchain-based access control systems

With rise of 5G/6G network, low-storage devices usually outsource data for higher rate and less latency. Non-controlled outsourcing and complex communications incur security issues for IoT applications. Specially, user privacy and access reliability pose technical challenges for sensitive data outsourcing and sharing. In this paper, we harmonize functional encryption and blockchain to propose a reliable and privacy-aware access control system named R-PAC. It allows a result-form access without learning raw information and fair interaction against malicious users. With a combination of all-or-nothing encapsulation technology, R-PAC supports users’ dynamic joining and key leakage resistance. We design R-PAC from Boneh–Franklin identity-based encryption, with forward-coverable encryption and reverse-discoverable decryption, and formally prove its indistinguishability security. We implement a R-PAC prototype and deploy it to a simulated Ethereum network to evaluate its performance. Experiments from both data access and transaction overhead show that R-PAC is with reasonable cost and has a trade-off between efficiency and strong security/functionality.

On the Design of Secured and Reliable Dynamic Access Control Scheme of Patient E-Healthcare Records in Cloud Environment.

Traditional healthcare services have changed into modern ones in which doctors can diagnose patients from a distance. All stakeholders, including patients, ward boy, life insurance agents, physicians, and others, have easy access to patients' medical records due to cloud computing. The cloud's services are very cost-effective and scalable, and provide various mobile access options for a patient's electronic health records (EHRs). EHR privacy and security are critical concerns despite the many benefits of the cloud. Patient health information is extremely sensitive and important, and sending it over an unencrypted wireless media raises a number of security hazards. This study suggests an innovative and secure access system for cloud-based electronic healthcare services storing patient health records in a third-party cloud service provider. The research considers the remote healthcare requirements for maintaining patient information integrity, confidentiality, and security. There will be fewer attacks on e-healthcare records now that stakeholders will have a safe interface and data on the cloud will not be accessible to them. End-to-end encryption is ensured by using multiple keys generated by the key conclusion function (KCF), and access to cloud services is granted based on a person's identity and the relationship between the parties involved, which protects their personal information that is the methodology used in the proposed scheme. The proposed scheme is best suited for cloud-based e-healthcare services because of its simplicity and robustness. Using different Amazon EC2 hosting options, we examine how well our cloud-based web application service works when the number of requests linearly increases. The performance of our web application service that runs in the cloud is based on how many requests it can handle per second while keeping its response time constant. The proposed secure access scheme for cloud-based web applications was compared to the Ethereum blockchain platform, which uses internet of things (IoT) devices in terms of execution time, throughput, and latency.

Dynamic permission access control model based on privacy protection

Access control technology is one of the key technologies to ensure safe resource sharing. Identity authentication and authority distribution are two key technologies for access control technology to restrict unauthorized users from accessing resources, and only authorised legal users can access resources. However, user privacy protection and frequent permission changes are two thorny issues that need to be solved urgently by access control technology. In this paper, a dynamic access control model based on privacy protection is proposed to deal with these problems. Compared with existing access control technologies, the main advantages of this paper are as follows: (1) Encrypt and hide the attributes of entities, and use attribute-based identity authentication technology for identity authentication, which not only achieves the purpose of traditional identity authentication, but also ensures the attributes and privacy of entities are not leaked; (2) Binding resource access permissions with entity attributes, dynamically assigning and adjusting resource access control permissions through changes in entity attributes, making resource access control more fine-grained and more flexible. Security proof and performance analysis show that the proposed protocol is secure under the hardness assumption of the discrete logarithm problem and the decision bilinear Diffie–Hellman problem. Compared with the cited references, this model has the advantages of low computational complexity, short computational time, and low communication overhead.

Dynamic Access Control and Trust Management for Blockchain-Empowered IoT

The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

An efficient dynamic access control and security sharing scheme using blockchain

This study seeks to understand the role of institutions and organizations that have used cloud service providers to store and share data as ensuring third-party access to storage is a major challenge to avoid data theft and unwanted access. Hence, in this paper, Blockchain-Based Data Access and Secure Sharing Method (BDASS) is introduced to enhance security processes related to personal data through data access control and secure sharing method, the proposed method uses blockchain aggregation, file system (IPFS), dynamic access control (DAC), and ciphertext-attribute-based encryption (CP-ABE) to enhance the security of personal data. To keep the owner safe, a blockchain-based DAC is designed. To keep data storage and sharing secure, the blockchain-based CP-ABE is designed. In this proposed methodology, the data owner encrypts the data they have stored in IPFS, thus enhancing data security, which has been improved with the help of CP-ABE regarding detailed access policy and data owner. Policy parameters are managed by the DAC. In the proposed methodology, the data owner uses the blockchain to control security and access to the data. Finally, the paper has come up with a set of findings in order to achieve data security and access control for the data owner through the blockchain-based approach. To evaluate the performance of the proposed method, MATLAB was used. The proposed technology also contrasts with existing technologies, such as the Blockchain-Based Security Sharing Scheme for Personal Data (BSSPD) as well as the Rivest-Shamir-Adleman Algorithm (RSA) and Elliptic Curve Cryptography (ECC).

Dynamic Role-Based Access Control Policy for Smart Grid Applications: An Offline Deep Reinforcement Learning Approach

Role-based access control (RBAC) is adopted in the information and communication technology domain for authentication purposes. However, due to a very large number of entities within organizational access control (AC) systems, static RBAC management can be inefficient, costly, and can lead to cybersecurity threats. In this article, a novel hybrid RBAC model is proposed, based on the principles of offline deep reinforcement learning (RL) and Bayesian belief networks. The considered framework utilizes a fully offline RL agent, which models the behavioral history of users as a Bayesian belief-based trust indicator. Thus, the initial static RBAC policy is improved in a dynamic manner through off-policy learning while guaranteeing compliance of the internal users with the security rules of the system. By deploying our implementation within the smart grid domain and specifically within a Distributed Energy Resources (DER) ecosystem, we provide an end-to-end proof of concept of our model. Finally, detailed analysis and evaluation regarding the offline training phase of the RL agent are provided, while the online deployment of the hybrid RL-based RBAC model into the DER ecosystem highlights its key operation features and salient benefits over traditional RBAC models.

Adaptive Access Control and Resource Allocation for Random Access in NGSO Satellite Networks

In non-geostationary orbit (NGSO) satellite networks, users perform random access (RA) to establish connections. Due to the non-uniform traffic demands of RA in time and space, dynamic access control and resource allocation methods with low signaling overhead and high RA efficiency are required, where the RA efficiency is denoted as the number of successfully accessed users per resource block. Existing dynamic adjustment methods provide a feasible approach to improve RA efficiency with short update intervals, but the frequent updates of these methods result in high signaling overhead. Compared with the short-term update, update with a given longer interval could reduce update frequency, while it will lead to a reduction in RA efficiency for the accuracy of long-term prediction decreases. Hence, to improve RA efficiency and decrease signaling overhead at the same time, we propose a new adaptive access control and resource allocation scheme in this paper, where the length of update interval is adaptive to the changes in traffic. First, average random access efficiency (ARAE) is defined to evaluate the RA efficiency between each update. Then, to decrease signaling overhead while keeping high ARAE, adaptive access control and resource allocation scheme is proposed, where the adaptive traffic prediction step is introduced to forecast future traffic with adaptively selected update interval, and the access control and resource allocation step is designed to maximize ARAE based on forecasted traffic. Finally, the effectiveness of the proposed scheme is corroborated by simulations, which indicate our scheme is adaptive to varying demands and outperforms other methods with high ARAE and low signaling overhead.

Smart contract based digital evidence management framework over blockchain for vehicle accident investigation in IoV era

Digital collection and maintenance of evidence corresponding to an accident is of utmost relevance as vehicles become connected and part of Internet of things ecosystem. A conceptual evidence management framework is proposed examining the future of accident investigation forensics in the era of connected vehicles. The framework discusses how evidence generated from vehicles involved in incident along with supporting evidence from nearby vehicles CCTVs and road users can be collected and managed over blockchain using smart contracts in a vehicle to everything connected environment. The management of evidence over blockchain serves as an immutable and auditable means to investigate and settle cases post an accident among the stakeholders. Dynamic access control over evidence data and reports based on location of incident and vehicle involved is implemented with the help of smart contracts. The cost of deploying and carrying out transactions using the smart contracts is evaluated over both public and private Ethereum blockchain. Mechanism and cost involved in storing evidence on chain versus off chain using Inter Planetary File System in most optimised manner saving memory and execution cost is compared and presented. The smart contract codes are deployed on Rinkeby test network and can be accessed using address mentioned.

A novel zero-trust network access control scheme based on the security profile of devices and users

Security constitutes a principal concern for communication networks and services at present. This way, threats should be under control to minimize risks over time in real environments. With this aim, we introduce here a new approach for access control aimed to strengthen security in corporate networks and service providers related environments. Our proposal, named SADAC (Security Attribute-based Dynamic Access Control) presents three main novel features: (i) security related attributes regarding both configuration and operation are considered for network access control of final devices/users; (ii) a dynamic supervision procedure is implemented to evaluate the security profile associated to devices/users over time and, if so, to apply corresponding access restrictions; and (iii) a supervision procedure that also permits to diagnose the causes of inadequate security behaviours, so that the final devices/users can adapt their configuration and/or operation. We describe the overall access control methodology as well as the aspects for its implementation. In particular, we present and evaluate the specific deployment of SADAC for a corporate WiFi environment supported on a Raspberry Pi-based AP to provide Internet access to mobile devices. Through this experimentation we can conclude the convenience of adopting the approach for improving security by minimizing risks in network and communication environments.

Multimedia Automation Access Control of Big Data Open Resources Based on Blockchain.

In order to better mine the value of data, the author proposes a research on the automatic access control of big data open resources multimedia based on blockchain and introduces big data access control BBAC-BD (blockchain-based access control mechanism for big data environment). The author designed a strategy management contract based on the Bloom filter, as a probabilistic data structure with extremely high space utilization efficiency and proposed the strategic management contract (PAP CONTRACT) and the strategic decision contract (PDP CONTRACT). In this way, the nontampering, auditability, and verifiability of the access control information are guaranteed; then, the access control method based on smart contracts is adopted to realize the user-driven, whole-process transparent, and dynamic and automatic access control of big data resources. The simulation results show that the greater the ratio of n/k, the better the optimization effect, and the greater the ratio, the lower the corresponding misjudgment rate, but it will also take up more space costs. At the same time, the true value of the false positive rate is generally less than the theoretical value of the false positive rate. When the performance of Hash (strategy to retrieve) is better, the result of Hash distribution is more uniform. Under the condition of m = 3, the misjudgment rate acceptable for the expected use can be achieved, and the increase in the number of Hashes will not bring a significant increase in revenue. Freed from the traditional model of providing access control services based on third parties, solve the problem of transparency of authority judgments; at the same time, through smart contracts, based on the strategy published by the resource owner on the blockchain, realize automatic access control to big data resources; and make the judicial process more flexible and the judgment result more credible. The BBAC-BD mechanism realizes a safe, reliable, and transparent new access control architecture, and it can effectively promote the safe circulation and sharing of big data.

Zero-Trust-Based Protection Scheme for Users in Internet of Vehicles

At present, the Internet of Vehicles technology is developing rapidly, but in the process of networking it may be attacked by hackers. In view of the tampering attack on the user’s device and identity, we establish a multifactor authentication scheme to achieve dual identity authentication through device fingerprint authentication and PKI authentication. In response to the attack by hackers in the application of data transmission, we use the SM series of state secret algorithms for data encryption and take advantage of the immutable and decentralized characteristics of blockchain to ensure the security and integrity of data collection and transmission. Through the zero-trust security network architecture, the security level of the system in the process of data transmission is effectively improved, the identity-centered dynamic access control is carried out, the user’s behavior is monitored in real time, and the malicious nodes are screened and eliminated, which improves the stability and security of the Internet of Vehicles data transmission system. By adopting the identity authentication pass rate, fingerprint authentication pass rate, API authentication pass rate, and SPA packet transmission acceptance rate as the factor set, the evaluation level of the vehicles is calculated. The experimental results show that compared with the traditional boundary-centered security protection, our scheme can protect a wider range of application security, even if there are security problems, the loss is less. Through the training simulation of the convolutional neural network, the classification accuracy of the trust level is improved.

Privacy-Preserved Electronic Medical Record Exchanging and Sharing: A Blockchain-Based Smart Healthcare System.

The digitization of Electronic Medical Record (EMR) provides potential access to a wealth of medical information, but also presents new challenges in privacy-preserved EMR exchanging and sharing. In this paper, we propose a blockchain-based smart healthcare system with fine-grained privacy protection for reliable data exchanging and sharing among different users. We design a blockchain-enabled dynamic access control framework combined with Local Differential Privacy (LDP) strategies to provide the attribute-based privacy protection in transaction workflow. We design four types of smart contracts in the framework to meet the requirements of anonymous transaction, dynamic access control, beneficial matching decision, and evaluation of published data in an open network. To satisfy fine-grained privacy protection, we classify sensitive attributes of EMRs into different levels and set differential privacy budgets to randomize attributes before data publishing. Also, we design data quality function to depict the disturbance incurred by LDP-based privacy preferences at the requester view, and present appropriate many-to-many matching decisions among participants for beneficial transactions. Finally, we develop a prototype system and test our approach using 200,000 real-world EMRs. Experimental results show that the proposed privacy-preserved scheme can make stable and reliable transactions between EMR publishers and requesters. The prototype system achieves individual-centric privacy configuration at the patient site, while providing error-guaranteed statistics at the requester site. Additionally, the access control policies, logs of anonymous transaction are kept in the blockchain to provide system-level traceability.

Autonomous navigation system based on a dynamic access control architecture for the internet of vehicles

The Internet of Vehicles (IoV) ability to monitor the surrounding environment promotes autonomous activities like determining a trajectory and responding accordingly. Security and transportation are vital components of today's technology-driven society. In addition to search and rescue, it may also be used for planetary exploration and material management. So, the Internet of Vehicles must drive independently in various dynamic situations. Unlocking the potential of the IoV navigation process, a dynamic access control architecture-based autonomous navigation system is proposed. It can perform assigned tasks while also reacting quickly to unexpected situations. The efficiency of AI-based IoV navigation is compared and studied using autonomous decision control systems.