| 1. |
- Atiiq, Syafiq Al, et al.
(författare)
-
X-Pro : Distributed XDP Proxies Against Botnets of Things
- 2021
-
Ingår i: Secure IT Systems - 26th Nordic Conference, NordSec 2021, Proceedings. - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. - 9783030916244 ; 13115 LNCS, s. 51-71
-
Konferensbidrag (refereegranskat)abstract
- The steadily increasing Internet of Things (IoT) devices are vulnerable to be used as bots to launch distributed-denial-of-service (DDoS) attacks. In this paper, we present X-Pro, a distributed XDP proxy to counteract DDoS attacks. We propose a source-based defense mechanism where proxies located between the IoT devices and the victim performs flow policing on all IoT traffic from a single administrative domain. The proposed proxy architecture can be integrated in widely used IoT frameworks as well as telecommunication networks. The proxies are working synchronously to block bogus messages and to detect traffic levels above predefined thresholds. Our implementation leverages eXpress Data Path (XDP), a programmable packet processing in the Linux kernel, as the main engine in the proxy. We evaluate X-Pro from several standpoints and conclude that our solution offers efficient DoS traffic blocking for both low-rate or massive attacks. Depending on the device side implementation selection, the computational overhead is cheap at the cost of some bandwidth loss.
|
|
| 2. |
- Bakas, Alexandros, et al.
(författare)
-
Power Range : Forward Private Multi-Client Symmetric Searchable Encryption with Range Queries Support
- 2020
-
Ingår i: Proceedings - IEEE Symposium on Computers and Communications. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728180861
-
Konferensbidrag (refereegranskat)abstract
- Symmetric Searchable encryption (SSE) is an encryption technique that allows users to search directly over their outsourced encrypted data while preserving the privacy of both the files and the queries. In this paper, we present Power Range - a dynamic SSE scheme (DSSE) that supports range queries in the multi-client model. We prove that our construction captures the very crucial notion of forward privacy in the sense that additions and deletions of files do not reveal any information about the content of past queries. Finally, to deal with the problem of synchronization in the multi-client model, we exploit the functionality offered by Trusted Execution Environments and Intel's SGX.
|
|
| 3. |
- Dimitriou, Tassos, et al.
(författare)
-
Incentivizing Participation in Crowd-Sensing Applications Through Fair and Private Bitcoin Rewards
- 2022
-
Ingår i: IEEE Access. - : Institute of Electrical and Electronics Engineers Inc.. - 2169-3536. ; 10, s. 129004-129018
-
Tidskriftsartikel (refereegranskat)abstract
- In this work we develop a rewarding framework that can be used to enhance existing crowd-sensing applications. Although a core requirement of such systems is user engagement, people may be reluctant to participate because sensitive information about them may be leaked or inferred from submitted data. The use of monetary rewards can help incentivize participation, thereby increasing not only the amount but also the quality of sensed data. Our framework allows users to submit data and obtain Bitcoin payments in a privacy-preserving manner, preventing curious providers from linking the data or the payments back to the user. At the same time, it prevents malicious user behavior such as double-redeeming attempts, where a user tries to obtain rewards for multiple submissions of the same data. More importantly, it ensures the fairness of the exchange in a completely trustless manner; by relying on the Blockchain, the trust placed on third parties in traditional fair exchange protocols is eliminated. Finally, our system is highly efficient as most of the protocol steps do not utilize the Blockchain network. When they do, only the simplest of Blockchain transactions are used as opposed to prior works that are based on the use of more complex smart contracts.
|
|
| 4. |
- Khan, Tanveer, et al.
(författare)
-
Love or Hate? : Share or Split? Privacy-Preserving Training Using Split Learning and Homomorphic Encryption
- 2023
-
Ingår i: 2023 20th Annual International Conference on Privacy, Security and Trust (PST). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 1-7
-
Konferensbidrag (refereegranskat)abstract
- Split learning (SL) is a new collaborative learning technique that allows participants, e.g. a client and a server, to train machine learning models without the client sharing raw data. In this setting, the client initially applies its part of the machine learning model on the raw data to generate activation maps and then sends them to the server to continue the training process. Previous works in the field demonstrated that reconstructing activation maps could result in privacy leakage of client data. In addition to that, existing mitigation techniques that overcome the privacy leakage of SL prove to be significantly worse in terms of accuracy. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data. More precisely, in our approach, the client applies homomorphic encryption on the activation maps before sending them to the server, thus protecting user privacy. This is an important improvement that reduces privacy leakage in comparison to other SL-based works. Finally, our results show that, with the optimum set of parameters, training with HE data in the U-shaped SL setting only reduces accuracy by 2.65% compared to training on plaintext. In addition, raw training data privacy is preserved.
|
|
| 5. |
- Khan, Tanveer, et al.
(författare)
-
Split Ways : Privacy-Preserving Training of Encrypted Data Using Split Learning
- 2023
-
Ingår i: CEUR Workshop Proceedings. - : CEUR-WS.
-
Konferensbidrag (refereegranskat)abstract
- Split Learning (SL) is a new collaborative learning technique that allows participants, e.g. a client and a server, to train machine learning models without the client sharing raw data. In this setting, the client initially applies its part of the machine learning model on the raw data to generate activation maps and then sends them to the server to continue the training process. Previous works in the field demonstrated that reconstructing activation maps could result in privacy leakage of client data. In addition to that, existing mitigation techniques that overcome the privacy leakage of SL prove to be significantly worse in terms of accuracy. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data. More precisely, in our approach, the client applies Homomorphic Encryption (HE) on the activation maps before sending them to the server, thus protecting user privacy. This is an important improvement that reduces privacy leakage in comparison to other SL-based works. Finally, our results show that, with the optimum set of parameters, training with HE data in the U-shaped SL setting only reduces accuracy by 2.65% compared to training on plaintext. In addition, raw training data privacy is preserved. © 2023 Copyright for this paper by its authors.
|
|
| 6. |
- Liu, Bin, et al.
(författare)
-
Cryptographic Role-Based Access Control, Reconsidered
- 2022
-
Ingår i: <em>Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)</em>Volume 13600 LNCS, Pages 282 - 2892022. - Cham : Springer Science and Business Media Deutschland GmbH. - 9783031209161 ; , s. 282-289
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we follow the line of existing study on cryptographic enforcement of Role-Based Access Control (RBAC). Inspired by the study of the relation between the existing security definitions for such system, we identify two different types of attacks which cannot be captured by the existing ones. Therefore, we propose two new security definitions towards the goal of appropriately modelling cryptographic enforcement of Role-Based Access Control policies and study the relation between our new definitions and the existing ones. In addition, we show that the cost of supporting dynamic policy update is inherently expensive by presenting two lower bounds for such systems which guarantee correctness and secure access. © 2022, The Author(s).
|
|
| 7. |
- Michalas, Antonis, et al.
(författare)
-
A report on design and implementation of protected searchable data in IaaS
- 2016. - 6
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- In the first part of this report we present a survey of the state of the art in searchable encryption and its relevance for cloud computing. In particular we focus on the OpenStack open-source cloud platform and investigate which searchable encryption schemes are more amenable for adoption in conjunction with platforms based on OpenStack. Based on that survey we chose one of the schemes to implement and test if it is practical enough to deploy in real systems. On the second part of this report we discuss the results of the implementation.
|
|
| 8. |
- Michalas, Antonis, et al.
(författare)
-
Security Aspects of e-Health Systems Migration to the Cloud
- 2014. - 7
-
Konferensbidrag (refereegranskat)abstract
- As adoption of e-health solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. Based on our experience with deploying part of the Swedish electronic health records management system in an infrastructure cloud, we make an overview of major requirements that must be considered when migrating e-health systems to the cloud. Furthermore, we describe in-depth a new attack vector inherent to cloud deployments and present a novel data confidentiality and integrity protection mechanism for infrastructure clouds. This contribution aims to encourage exchange of best practices and lessons learned in migrating public e-health systems to the cloud.
|
|
| 9. |
- Michalas, Antonis, et al.
(författare)
-
The Lord of the Sense: A Privacy Preserving Reputation System for Participatory Sensing Applications
- 2014. - 9
-
Konferensbidrag (refereegranskat)abstract
- Electronic devices we use on a daily basis collect sensitive information without preserving user's privacy. In this paper, we propose the lord of the sense (LotS), a privacy preserving reputation system for participatory sensing applications. Our system maintains the privacy and anonymity of information with the use of cryptographic techniques and combines voting approaches to support users' reputation. Furthermore, LotS maintains accountability by tracing back a misbehaving user while maintaining k-anonymity. A detailed security analysis is presented with the current advantages and disadvantages of our system.
|
|
| 10. |
- Michalas, Antonis, et al.
(författare)
-
Towards Trusted eHealth Services in the Cloud
- 2015
-
Ingår i: Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015. - : Institute of Electrical and Electronics Engineers Inc.. - 9780769556970 ; , s. 618-623
-
Konferensbidrag (refereegranskat)abstract
- As adoption of eHealth solutions advances, new computing paradigms - such as cloud computing - bring the potential to improve efficiency in managing medical health records and help reduce costs. However, these opportunities introduce new security risks which can not be ignored. In this paper, we present a forward-looking design for a privacy-preserving eHealth cloud system. The proposed solution, is based on a Symmetric Searchable Encryption scheme that allows patients of an electronic healthcare system to securely store encrypted versions of their medical data and search directly on them without having to decrypt them first. As a result, the proposed protocol offers better protection than the current available solutions and paves the way for the next generation of eHealth systems.
|
|
