Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

/pdf/the-knowledge-complexity-of-interactive-proof-systems-31apre0ecf.pdf

The knowledge complexity of interactive proof-systems

Personal Health Records (PHRs) should remain the lifelong property of patients, who should be able to show them conveniently and securely to selected caregivers and institutions. In this paper, we present My PHR Machines, a cloud-based PHR system taking a radically new architectural solution to health record portability. In My PHR Machines, health-related data and the application software to view and/or analyze it are separately deployed in the PHR system. After uploading their medical data to My PHR Machines, patients can access them again from remote virtual machines that contain the right software to visualize and analyze them without any need for conversion. Patients can share their remote virtual machine session with selected caregivers, who will need only a Web browser to access the pre-loaded fragments of their lifelong PHR. We discuss a prototype of My PHR Machines applied to two use cases, i.e., radiology image sharing and personalized medicine.

Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute–Based Encryption

On cloud security attacks

The Internet-of-Things (IoT) is rapidly becoming ubiquitous. However the heterogeneous nature of devices and protocols in use, the sensitivity of the data contained within, as well as the legal and privacy issues, make security for the IoT a growing research priority and industry concern. With many security practices being unsuitable due to their resource intensive nature, it is deemed important to include second line defences into IoT networks. These systems will also need to be assessed for their efficacy in a variety of different network types and protocols. To shed light on these issues, this paper is concerned with advancements in intrusion detection practices in IoT. It provides a comprehensive review of current intrusion detection systems (IDSs) for IoT technologies, focusing on architecture types. A proposal for future directions in IoT based IDS are then presented and evaluated. We show how traditional practices are unsuitable due to their inherent features providing poor coverage of the IoT domain. In order to develop a secure, robust and optimized solution for these networks, the current research for intrusion detection in IoT will need to move in a different direction. An example of which is proposed in order to illustrate how malicious nodes might be passively detected.

/pdf/a-critical-review-of-practices-and-challenges-in-intrusion-225kz6b7gj.pdf

A Critical Review of Practices and Challenges in Intrusion Detection Systems for IoT: Toward Universal and Resilient Systems

Authentication in mobile cloud computing

Advances in cloud computing and Internet technologies have pushed more and more data owners to outsource their data to remote cloud servers to enjoy with huge data management services in an efficient cost. However, despite its technical advances, cloud computing introduces many new security challenges that need to be addressed well. This is because, data owners, under such new setting, loss the control over their sensitive data. To keep the confidentiality of their sensitive data, data owners usually outsource the encrypted format of their data to the untrusted cloud servers. Several approaches have been provided to enable searching the encrypted data. However, the majority of these approaches are limited to handle either a single keyword search or a Boolean search but not a multikeyword ranked search, a more efficient model to retrieve the top documents corresponding to the provided keywords. In this paper, we propose a secure multi-keyword ranked search scheme over the encrypted cloud data. Such scheme allows an authorized user to retrieve the most relevant documents in a descending order, while preserving the privacy of his search request and the contents of documents he retrieved. To do so, data owner builds his searchable index, and associates with each term document with a relevance score, which facilitates document ranking. The proposed scheme uses two distinct cloud servers, one for storing the secure index, while the other is used to store the encrypted document collection. Such new setting prevents leaking the search result, i.e. the document identifiers, to the adversary cloud servers. We have conducted several empirical analyses on a real dataset to demonstrate the performance of our proposed scheme.

Secure Rank-Ordered Search of Multi-keyword Trapdoor over Encrypted Cloud Data

Cloud security represents a main hindrance that causes to retard its widespread adoption. Authentication considers a significance element of security in cloud environment, aiming to verify a user's identity when a user wishes to request services from cloud. There are many authentication schemes that depend on username/password, but they are considered weak techniques of cloud authentication. A more secure scheme is the two-factor authentication that does not only verify the username/password pair, but also needs a second factor such as a token device, biometric. However, the feasibility of second-factor authentication is limited by the deployment complexity, high cost and the cloud security is compromised when the token is missing or purloined. Furthermore, these schemes are failed to resist well-known attacks such as replay attacks, reflection attacks. This paper proposes two-factor authentication scheme based on Schnorr digital signature and feature extraction from fingerprint to overcome above aforementioned issues. Security analysis and experimental results illustrate that our proposed scheme can withstand the common security attacks as well, and has a good performance of password authentication.

Anonymous Password Authentication Scheme by Using Digital Signature and Fingerprint in Cloud Computing

Security threats are considered the main barrier that precluded potential users from reaping the compelling benefits of the cloud computing model. Unfortunately, traditional password authentication jeopardizes user privacy. Anonymous password authentication (APA) represents a promising method to maintain users’ privacy. However, the major handicap that faces the deployment of APA is the high computation cost and inherent shortcomings of conventional password schemes. In our proposed scheme, we present a new setting where users do not need to register their passwords to service provider. They are supplied with the necessary credential information from the data owner. Furthermore, for enabling the service provider to know the authorized users, data owner provides the service provider with some secret identity information that is derived from the pair (username/password) of each user. Our approach shows good results in terms of high scalability which makes our scheme more suitable to the cloud environment, strong authentication that withstands different known attacks.

Efficient Password-based Two Factors Authentication in Cloud Computing

An era of cloud computing allows users to profit from many privileges. However, there are several new security challenges. In fact, anonymous password authentication in the traditional setting has been suffered from many inherent drawbacks such as ease of exposure to malicious attacks and users registered their passwords in the server. Our scheme proposes the phenomenal context according to three main components: data owner, users, and service provider in cloud where users do not need to register their passwords in the service provider. Moreover, the data owner is contributed to make secure decisions, so that he manages the significant keys to other components distributedly. The proposal enjoys several advantages such as preserving privacy of password, unlink ability, and secrecy of session key. We have given a mechanism to prove the identity of the users authenticated without a need to reveal their passwords. Our approach has been achieved good results of reliability, and validity for cloud password authentication. The experimental results show an effective level of performance.

A Practical Privacy-preserving Password Authentication Scheme for Cloud Computing

Cloud computing contains many enterprise applications that require from each user to perform authenticate at first step. Then, he will gain a permit from the service provider to access resources at second step. The issue breach remains facing a modern computing model. A more secure scheme is the two-factor authentication (2FA) that requires a second factor (such as finger print, token) with username/password. Nevertheless, the feasibility of 2FA is largely limited by high device cost, malicious attack and the deployment complexity. In this paper, we propose a scheme of 2FA in cloud computing systems that depends on One-Time Password (OTP), Asymmetric Scalar-product Preserving Encryption (ASPE) and RSA digital signature as two factors. Furthermore, it overcomes aforementioned issues and does not require extra devices such as token device, card reader in smart card and scanner in physiological biometrics. The proposed scheme distinguishes to resist practical attacks, high-security level, anonymous password, mutual authentication, identity management, the cloud server and a user can establish authenticated session keys, reduces the cost, and good performance.

Ayad Ibrahim

Papers

Secure Rank-Ordered Search of Multi-keyword Trapdoor over Encrypted Cloud Data

Anonymous Password Authentication Scheme by Using Digital Signature and Fingerprint in Cloud Computing

Efficient Password-based Two Factors Authentication in Cloud Computing

A Practical Privacy-preserving Password Authentication Scheme for Cloud Computing

Cloud Authentication Based on Anonymous One-Time Password