PRIVACY AND SECURITY FOR TELEHEALTH DEVICES

Abstract In this research, we study the privacy and security capabilities provided by telehealth devices. Our aim is to evaluate how vulnerable these popular devices are in the presence of malicious cyber attackers. As older adults increasingly rely on telehealth devices, it is crucial that cybersecurity aspects of these devices are clearly communicated to them. Moreover, older adults frequently lack the technical expertise to evaluate the security and privacy capabilities of the devices. The lack of control over telehealth devices is a major concern for older adults. Older adults view certain limitations within these devices as decreasing their privacy and security. These limitations include the lack of control over accepting calls, taking screenshots, and assigning access privileges. For large scale adaptation of telehealth devices by older adults, it is crucial that these devices not only satisfy their intended purpose but also exhibit user friendly features and strong security and privacy capabilities. Modeling cyber threats against telehealth devices is not studied sufficiently . Malicious actors may compromise telehealth devices and create further threats to security and privacy of the users. In this research, we studied the cyber threats against telehealth devices. We built a threat model that ranks cyber threats based on their impact. We investigated how the operating system of popular devices supports access control. We found that none of the current technologies support location-based access control. We claim that this represents a major limitation and that supporting location-based access control is necessary to ensure users’ privacy in their own home.

Download Full-text

Improvement of Privacy and Security in Hybrid Cloud with Attribute Group Based Access Control

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit19518 ◽

2019 ◽

pp. 57-61

Author(s):

Kayalvili S ◽

Sowmitha V

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Storage ◽

Service Providers ◽

Cloud Service ◽

Security Requirements ◽

Security And Privacy ◽

Data Outsourcing ◽

Privacy And Security ◽

Control Approach

Cloud computing enables users to accumulate their sensitive data into cloud service providers to achieve scalable services on-demand. Outstanding security requirements arising from this means of data storage and management include data security and privacy. Attribute-based Encryption (ABE) is an efficient encryption system with fine-grained access control for encrypting out-sourced data in cloud computing. Since data outsourcing systems require flexible access control approach Problems arises when sharing confidential corporate data in cloud computing. User-Identity needs to be managed globally and access policies can be defined by several authorities. Data is dual encrypted for more security and to maintain De-Centralization in Multi-Authority environment.

Download Full-text

User-Friendly Security Patterns for Designing Social Network Websites

International Journal of Technology and Human Interaction ◽

10.4018/ijthi.2017010103 ◽

2017 ◽

Vol 13 (1) ◽

pp. 39-60 ◽

Cited By ~ 1

Author(s):

Khalid Alemerien

Keyword(s):

Social Network ◽

Social Networking ◽

User Interfaces ◽

Social Networking Sites ◽

Development Process ◽

Graphical User Interfaces ◽

Security And Privacy ◽

Privacy And Security ◽

Security Patterns ◽

User Friendly

The number of users in Social Networking Sites (SNSs) is increasing exponentially. As a result, several security and privacy problems in SNSs have appeared. Part of these problems is caused by insecure Graphical User Interfaces (GUIs). Therefore, the developers of SNSs should take into account the balance between security and usability aspects during the development process. This paper proposes a set of user-friendly security patterns to help SNS developers to design interactive environments which protect the privacy and security of individuals while being highly user friendly. The authors proposed four patterns and evaluated them against the Facebook interfaces. The authors found that participants accepted the interfaces constructed through the proposed patterns more willingly than the Facebook interfaces.

Download Full-text

A Fine-Grained IoT Data Access Control Scheme Combining Attribute-Based Encryption and Blockchain

Security and Communication Networks ◽

10.1155/2021/5308206 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Xiaofeng Lu ◽

Songbing Fu ◽

Cheng Jiang ◽

Pietro Lio

Keyword(s):

Access Control ◽

Distributed Storage ◽

Data Access ◽

Security And Privacy ◽

Privacy And Security ◽

Fine Grained ◽

Blockchain Technology ◽

Data Access Control ◽

Attribute Based Encryption ◽

Control Scheme

IoT technology has been widely valued and applied, and the resulting massive IoT data brings many challenges to the traditional centralized data management, such as performance, privacy, and security challenges. This paper proposes an IoT data access control scheme that combines attribute-based encryption (ABE) and blockchain technology. Symmetric encryption and ABE algorithms are utilized to realize fine-grained access control and ensure the security and openness of IoT data. Moreover, blockchain technology is combined with distributed storage to solve the storage bottleneck of blockchain systems. Only the hash values of the data, the hash values of the ciphertext location, the access control policy, and other important information are stored on the blockchain. In this scheme, smart contract is used to implement access control. The results of experiments demonstrate that the proposed scheme can effectively protect the security and privacy of IoT data and realize the secure sharing of data.

Download Full-text

A Policy-Driven Approach to Secure Extraction of COVID-19 Data From Research Papers

Frontiers in Big Data ◽

10.3389/fdata.2021.701966 ◽

2021 ◽

Vol 4 ◽

Author(s):

Lavanya Elluri ◽

Aritran Piplai ◽

Anantaa Kotal ◽

Anupam Joshi ◽

Karuna Pande Joshi

Keyword(s):

Access Control ◽

Academic Community ◽

Security And Privacy ◽

Knowledge Graph ◽

Privacy Policies ◽

Sensitive Data ◽

Research Papers ◽

Policy Compliance ◽

Privacy And Security ◽

The Impact

The entire scientific and academic community has been mobilized to gain a better understanding of the COVID-19 disease and its impact on humanity. Most research related to COVID-19 needs to analyze large amounts of data in very little time. This urgency has made Big Data Analysis, and related questions around the privacy and security of the data, an extremely important part of research in the COVID-19 era. The White House OSTP has, for example, released a large dataset of papers related to COVID research from which the research community can extract knowledge and information. We show an example system with a machine learning-based knowledge extractor which draws out key medical information from COVID-19 related academic research papers. We represent this knowledge in a Knowledge Graph that uses the Unified Medical Language System (UMLS). However, publicly available studies rely on dataset that might have sensitive data. Extracting information from academic papers can potentially leak sensitive data, and protecting the security and privacy of this data is equally important. In this paper, we address the key challenges around the privacy and security of such information extraction and analysis systems. Policy regulations like HIPAA have updated the guidelines to access data, specifically, data related to COVID-19, securely. In the US, healthcare providers must also comply with the Office of Civil Rights (OCR) rules to protect data integrity in matters like plasma donation, media access to health care data, telehealth communications, etc. Privacy policies are typically short and unstructured HTML or PDF documents. We have created a framework to extract relevant knowledge from the health centers’ policy documents and also represent these as a knowledge graph. Our framework helps to understand the extent to which individual provider policies comply with regulations and define access control policies that enforce the regulation rules on data in the knowledge graph extracted from COVID-related papers. Along with being compliant, privacy policies must also be transparent and easily understood by the clients. We analyze the relative readability of healthcare privacy policies and discuss the impact. In this paper, we develop a framework for access control decisions that uses policy compliance information to securely retrieve COVID data. We show how policy compliance information can be used to restrict access to COVID-19 data and information extracted from research papers.

Download Full-text

Federated Learning in Smart City Sensing: Challenges and Opportunities

Sensors ◽

10.3390/s20216230 ◽

2020 ◽

Vol 20 (21) ◽

pp. 6230 ◽

Cited By ~ 1

Author(s):

Ji Chu Jiang ◽

Burak Kantarci ◽

Sema Oktug ◽

Tolga Soyata

Keyword(s):

Data Acquisition ◽

Smart City ◽

Large Scale ◽

Smart Cities ◽

Security And Privacy ◽

Privacy And Security ◽

Security Issues ◽

Challenges And Opportunities ◽

Data Provision ◽

Novel Concept

Smart Cities sensing is an emerging paradigm to facilitate the transition into smart city services. The advent of the Internet of Things (IoT) and the widespread use of mobile devices with computing and sensing capabilities has motivated applications that require data acquisition at a societal scale. These valuable data can be leveraged to train advanced Artificial Intelligence (AI) models that serve various smart services that benefit society in all aspects. Despite their effectiveness, legacy data acquisition models backed with centralized Machine Learning models entail security and privacy concerns, and lead to less participation in large-scale sensing and data provision for smart city services. To overcome these challenges, Federated Learning is a novel concept that can serve as a solution to the privacy and security issues encountered within the process of data collection. This survey article presents an overview of smart city sensing and its current challenges followed by the potential of Federated Learning in addressing those challenges. A comprehensive discussion of the state-of-the-art methods for Federated Learning is provided along with an in-depth discussion on the applicability of Federated Learning in smart city sensing; clear insights on open issues, challenges, and opportunities in this field are provided as guidance for the researchers studying this subject matter.

Download Full-text

Privacy-Aware MapReduce Based Multi-Party Secure Skyline Computation

Information ◽

10.3390/info10060207 ◽

2019 ◽

Vol 10 (6) ◽

pp. 207

Author(s):

Saleh Ahmed ◽

Mahboob Qaosar ◽

Asif Zaman ◽

Md. Anisuzzaman Siddique ◽

Chen Li ◽

...

Keyword(s):

Data Privacy ◽

Large Scale ◽

Communication Complexity ◽

Cost Effective ◽

Privacy Preserving ◽

Secure Computation ◽

Security And Privacy ◽

Computation Method ◽

Computation Model ◽

Privacy And Security

Selecting representative objects from a large-scale dataset is an important task for understanding the dataset. Skyline is a popular technique for selecting representative objects from a large dataset. It is obvious that the skyline computation from the collective databases of multiple organizations is more effective than the skyline computed from a database of a single organization. However, due to privacy-awareness, every organization is also concerned about the security and privacy of their data. In this regards, we propose an efficient multi-party secure skyline computation method that computes the skyline on encrypted data and preserves the confidentiality of each party’s database objects. Although several distributed skyline computing methods have been proposed, very few of them consider the data privacy and security issues. However, privacy-preserving multi-party skyline computing techniques are not efficient enough. In our proposed method, we present a secure computation model that is more efficient in comparison with existing privacy-preserving multi-party skyline computation models in terms of computation and communication complexity. In our computation model, we also introduce MapReduce as a distributive, scalable, open-source, cost-effective, and reliable framework to handle multi-party data efficiently.

Download Full-text

Blockchain Platforms and Access Control Classification for IoT Systems

Symmetry ◽

10.3390/sym12101663 ◽

2020 ◽

Vol 12 (10) ◽

pp. 1663

Author(s):

Adam Ibrahim Abdi ◽

Fathy Elbouraey Eassa ◽

Kamal Jambi ◽

Khalid Almarhabi ◽

Abdullah Saad AL-Malaise AL-Ghamdi

Keyword(s):

Access Control ◽

Single Point ◽

Security And Privacy ◽

Future Research ◽

Control Mechanisms ◽

Privacy And Security ◽

Security Issues ◽

Massive Growth ◽

Blockchain Technology ◽

Comparison Table

The Internet of Things paradigm is growing rapidly. In fact, controlling this massive growth of IoT globally raises new security and privacy issues. The traditional access control mechanisms provide security to IoT systems such as DAC (discretionary access control) and mandatory access control (MAC). However, these mechanisms are based on central authority management, which raises some issues such as absence of scalability, single point of failure, and lack of privacy. Recently, the decentralized and immutable nature of blockchain technology integrated with access control can help to overcome privacy and security issues in the IoT. This paper presents a review of different access control mechanisms in IoT systems. We present a comparison table of reviewed access control mechanisms. The mechanisms’ scalability, distribution, security, user-centric, privacy and policy enforcing are compared. In addition, we provide access control classifications. Finally, we highlight challenges and future research directions in developing decentralized access control mechanisms for IoT systems.

Download Full-text

Blockchain-Based Secured Access Control in an IoT System

Applied Sciences ◽

10.3390/app11041772 ◽

2021 ◽

Vol 11 (4) ◽

pp. 1772

Author(s):

Sultan Algarni ◽

Fathy Eassa ◽

Khalid Almarhabi ◽

Abduallah Almalaise ◽

Emad Albassam ◽

...

Keyword(s):

Access Control ◽

Secure Communication ◽

Large Scale ◽

Third Party ◽

Security And Privacy ◽

Multi Agent System ◽

Secure Access ◽

Multi Agent ◽

Iot Devices ◽

Privacy Issues

The distributed nature of Internet of Things (IoT) and its rapid increase on a large scale raises many security and privacy issues. Access control is one of the major challenges currently addressed through centralized approaches that may rely on a third party and they are constrained by availability and scalability, which may result in a performance bottleneck. Therefore, this paper proposes a novel solution to manage the delivery of lightweight and decentralized secure access control of an IoT system based on a multi-agent system and a blockchain. The main objective of the proposed solution is to build Blockchain Managers (BCMs) for securing IoT access control, as well as allowing for secure communication between local IoT devices. Moreover, the solution also enables secure communication between IoT devices, fog nodes and cloud computing.

Download Full-text

Dynamic and semantic-aware access-control model for privacy preservation in multiple data center environments

International Journal of Distributed Sensor Networks ◽

10.1177/1550147720921778 ◽

2020 ◽

Vol 16 (5) ◽

pp. 155014772092177

Author(s):

Aiguo Chen ◽

Guoming Lu ◽

Hanwen Xing ◽

Yuan Xie ◽

Shunwei Yuan

Keyword(s):

Access Control ◽

Data Center ◽

High Performance ◽

Large Scale ◽

Privacy Preservation ◽

Rapid Development ◽

Control Model ◽

Access Control Model ◽

Privacy And Security ◽

Multiple Data

With the rapid development of intelligent perception and other data acquisition technologies in the Internet of things, large-scale scientific workflows have been widely used in geographically distributed multiple data centers to realize high performance in business model construction and computational processing. However, insider threats pose very significant privacy and security risks to systems. Traditional access-control models can no longer satisfy the reasonable authorization of resources in these new cross-domain environments. Therefore, a dynamic and semantic-aware access-control model is proposed for privacy preservation in multiple data center environments, which implements a semantic dynamic authorization strategy based on an anomaly assessment of users’ behavior sequences. The experimental results demonstrate that this dynamic and semantic-aware access-control model is highly dynamic and flexible and can improve the security of the application system.

Download Full-text

BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

Computers ◽

10.3390/computers7030039 ◽

2018 ◽

Vol 7 (3) ◽

pp. 39 ◽

Cited By ~ 40

Author(s):

Ronghua Xu ◽

Yu Chen ◽

Erik Blasch ◽

Genshe Chen

Keyword(s):

Access Control ◽

Large Scale ◽

Smart Cities ◽

Single Point ◽

Raspberry Pi ◽

Role Based Access Control ◽

Privacy And Security ◽

Smart Contract ◽

Attribute Based Access Control ◽

Role Based

While Internet of Things (IoT) technology has been widely recognized as an essential part of Smart Cities, it also brings new challenges in terms of privacy and security. Access control (AC) is among the top security concerns, which is critical in resource and information protection over IoT devices. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanism to meet the requirements of IoT systems. Another weakness in today’s AC is the centralized authorization server, which can cause a performance bottleneck or be the single point of failure. Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices, services and information in large-scale IoT systems. A federated capability-based delegation model (FCDM) is introduced to support hierarchical and multi-hop delegation. The mechanism for delegate authorization and revocation is explored. A robust identity-based capability token management strategy is proposed, which takes advantage of the smart contract for registration, propagation, and revocation of the access authorization. A proof-of-concept prototype has been implemented on both resources-constrained devices (i.e., Raspberry PI nodes) and more powerful computing devices (i.e., laptops) and tested on a local private blockchain network. The experimental results demonstrate the feasibility of the BlendCAC to offer a decentralized, scalable, lightweight and fine-grained AC solution for IoT systems.

Download Full-text