Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

/pdf/the-knowledge-complexity-of-interactive-proof-systems-31apre0ecf.pdf

The knowledge complexity of interactive proof-systems

In a computing context, cybersecurity is undergoing massive shifts in technology and its operations in recent days, and data science is driving the change. Extracting security incident patterns or insights from cybersecurity data and building corresponding data-driven model, is the key to make a security system automated and intelligent. To understand and analyze the actual phenomena with data, various scientific methods, machine learning techniques, processes, and systems are used, which is commonly known as data science. In this paper, we focus and briefly discuss on cybersecurity data science, where the data is being gathered from relevant cybersecurity sources, and the analytics complement the latest data-driven patterns for providing more effective security solutions. The concept of cybersecurity data science allows making the computing process more actionable and intelligent as compared to traditional ones in the domain of cybersecurity. We then discuss and summarize a number of associated research issues and future directions. Furthermore, we provide a machine learning based multi-layered framework for the purpose of cybersecurity modeling. Overall, our goal is not only to discuss cybersecurity data science and relevant methods but also to focus the applicability towards data-driven intelligent decision making for protecting the systems from cyber-attacks.

/pdf/cybersecurity-data-science-an-overview-from-machine-learning-2g5zdq7ti3.pdf

Cybersecurity data science: an overview from machine learning perspective

Book review: Applied cryptography: Protocols, algorithms, and source code in C

The Internet of Things (IoT) is a methodology or a system that encompasses real-world things to interact and communicate with each other with the assistance of networking technologies. This article describes surveys on advances in IoT-based healthcare methods and reviews the state-of-the-art technologies in detail. Moreover, this review classifies an existing IoT-based healthcare network and represents a summary of all perspective networks. IoT healthcare protocols are analyzed in this context and provide a broad discussion on it. It also initiates a comprehensive survey on IoT healthcare applications and services. Extensive insights into IoT healthcare security, its requirements, challenges, and privacy issues are visualized in IoT surrounding healthcare. In this review, we analyze security and privacy features consisting of data protection, network architecture, Quality of Services (QoS), app development, and continuous monitoring of healthcare that are facing difficulties in many IoT-based healthcare architectures. To mitigate the security problems, an IoT-based security architectural model has been proposed in this review. Furthermore, this review discloses the market opportunity that will enhance the IoT healthcare market development. To conduct the survey, we searched through established journal and conference databases using specific keywords to find scholarly works. We applied a filtering mechanism to collect only papers that were relevant to our research works. The selected papers were then examined carefully to understand their contributions/research focus. Eventually, the paper reviews were analyzed to identify any existing research gaps and untouched areas of research and to discover possible features for sustainable IoT healthcare development.

Internet of Things (IoT): A Review of Its Enabling Technologies in Healthcare Applications, Standards Protocols, Security, and Market Opportunities

Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central to the modern websites as they provide necessary data as well as stores critical information such as user credentials, financial and payment information, company statistics etc. These websites have been continuously targeted by highly motivated malicious users to acquire monetary gain. Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS) is perhaps one of the most common application layer attack technique used by attacker to deface the website, manipulate or delete the content through inputting unwanted command strings. Structured Query Language Injection Attacks (SQLIA) is ranked 1st in the Open Web Application Security Project (OWASP) [1] top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. In this paper, we present a detailed review on various types of Structured Query Language Injection attacks, Cross Site Scripting Attack, vulnerabilities, and prevention techniques. Besides presenting our findings from the survey, we also propose future expectations and possible development of countermeasures against Structured Query Language Injection attacks.

A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection

Digital watermarking for relational databases emerged as a candidate so- lution to provide copyright protection, tamper detection, traitor tracing, maintaining integrity of relational data. Many watermarking techniques have been proposed in the literature to address these purposes. In this paper, we survey the current state-of-the- art and we classify them according to their intent, the way they express the watermark, the cover type, the granularity level, and their verifiability.

/pdf/watermarking-techniques-for-relational-databases-survey-4ghct4di08.pdf

Watermarking Techniques for Relational Databases: Survey, Classification and Comparison

The development of a robust, transparent and interoperable E-healthcare infrastructure has been a difficult task due to many regulations and legislatures like HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation). Healthcare service providers prefer to store data about their patients in locked up silos, behind often inadequate layers of security and firewalls. Such an approach results in data breaches and limits the ability to get a holistic view of the medical history of a patient. The obscure cost of treatment is another issue brought to attention recently in media. In this paper, we have proposed a national blockchain framework for managing patients' Electronic Health Records (EHRs) access control and funds in the context of India's National healthcare scheme. We introduce a transparent insurance claim process for healthcare providers and an auditable trail of EHR access using smart contracts. We use a smart card approach allowing beneficiaries to authenticate their identity using zero-knowledge proofs and delegate access to service the providers via proxy re-encryption.

Blockchain-based Interoperable Healthcare using Zero-Knowledge Proofs and Proxy Re-Encryption

Robotic technologies are continuously transforming the domestic and the industrial environments. Recently the Robotic Operating System (ROS), has been widely adopted both by industry and academia, becoming one of the most popular middleware frameworks for developing robot applications. Guaranteeing the correct behaviour of robotic systems is, however, challenging due to their potential for parameterization and heterogeneity. Although different approaches exist, focusing on concrete domain spaces for specific scenarios, no general approach to reason about ROS systems has yet arisen. This paper proposes an approach to model and verify ROS systems using real time properties, focusing on one of the main features of ROS, the communication between nodes. It takes low-level parameters into account, such as queue sizes and timeouts, and uses timed automata as the modelling language. The robot Kobuki is used as a complex case study, over which properties are automatically verified using the UPPAAL model checker, enabling the identification of problematic parameter combinations.

Formal verification of ROS-based robotic applications using timed-automata

/pdf/abstract-interpretation-of-database-query-languages-4rsohag2ec.pdf

Abstract interpretation of database query languages

In this paper, we propose an obfuscation/ deobfuscation based technique to detect the presence of possible SQL Injection Attacks (SQLIA) in a query before submitting it to a DBMS. This technique combines static and dynamic analysis. In the static phase, the queries in the application are replaced by queries in obfuscated form. The main idea behind obfuscation is to isolate all the atomic formulas from other control elements of the query. During the dynamic phase, the user inputs are merged into the obfuscated atomic formulas, and the dynamic verifier analysis the presence of possible SQLIA at atomic formula level. Finally, a deobfuscation step is performed to recover the original query before submitting it to the DBMS.

/pdf/obfuscation-based-analysis-of-sql-injection-attacks-k3q9rg9scv.pdf

Raju Halder

Papers

Watermarking Techniques for Relational Databases: Survey, Classification and Comparison

Blockchain-based Interoperable Healthcare using Zero-Knowledge Proofs and Proxy Re-Encryption

Formal verification of ROS-based robotic applications using timed-automata

Abstract interpretation of database query languages

Obfuscation-based analysis of SQL injection attacks