An enhanced sensitive information security model

2012 ◽  
Author(s):  
Sona Kaushik ◽  
Shalini Puri
Keyword(s):  
Information Security ◽  
Sensitive Information ◽  
Security Model

A Novel Information Security Model for Securing Information Systems

2014 ◽  
Vol 685 ◽  
pp. 493-496
Author(s):  
Xia Yang
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Sensitive Information ◽  
Control Mechanisms ◽  
Security Model ◽  
Current Information ◽  
Secure Information ◽  
Development Lifecycle ◽  
And Control

Securing information system in current information era is very important task. This paper presents a novel security model in order to secure sensitive information systems. This model combines protection, detection, recovery and control mechanisms to secure information system in their development lifecycle, which is more effective than the traditional ones.

scholarly journals Ciphertext-policy attribute-based encryption with hidden sensitive policy from keyword search techniques in smart city

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Fei Meng ◽  
Leixiao Cheng ◽  
Mingqiang Wang
Keyword(s):  
Smart City ◽  
Keyword Search ◽  
Sensitive Information ◽  
Security Model ◽  
Computational Overhead ◽  
Diffie Hellman ◽  
Attribute Based Encryption ◽  
Iot Devices ◽  
Ciphertext Policy ◽  
Access Policies

AbstractCountless data generated in Smart city may contain private and sensitive information and should be protected from unauthorized users. The data can be encrypted by Attribute-based encryption (CP-ABE), which allows encrypter to specify access policies in the ciphertext. But, traditional CP-ABE schemes are limited because of two shortages: the access policy is public i.e., privacy exposed; the decryption time is linear with the complexity of policy, i.e., huge computational overheads. In this work, we introduce a novel method to protect the privacy of CP-ABE scheme by keyword search (KS) techniques. In detail, we define a new security model called chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and hidden. If user's attributes don't satisfy the public policy, he/she cannot get any information (attribute name and its values) of the hidden one. Previous CP-ABE schemes with hidden policy only work on the “AND-gate” access structure or their ciphertext size or decryption time maybe super-polynomial. Our scheme is more expressive and compact. Since, IoT devices spread all over the smart city, so the computational overhead of encryption and decryption can be shifted to third parties. Therefore, our scheme is more applicable to resource-constrained users. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

scholarly journals Ciphertext-Policy Attribute-based Encryption with Hidden Sensitive Policy for Recruitment in Smart City

2020 ◽  
Author(s):  
Fei Meng ◽  
Leixiao Cheng ◽  
Mingqiang Wang
Keyword(s):  
Smart City ◽  
End Users ◽  
The Other ◽  
Sensitive Information ◽  
Security Model ◽  
Access Policy ◽  
Computational Overhead ◽  
Attribute Based Encryption ◽  
Ciphertext Policy ◽  
Access Policies

Abstract Smart city, as a promising technical tendency, greatly facilitates citizens and generates innumerable data, some of which is very private and sensitive. To protect data from unauthorized users, ciphertext-policy attribute-based encryption (CP-ABE) enables data owner to specify an access policy on encrypted data. However, There are two drawbacks in traditional CP-ABE schemes. On the one hand, the access policy is revealed in the ciphertext so that sensitive information contained in the policy is exposed to anyone who obtains the ciphertext. For example, both the plaintext and access policy of an encrypted recruitment may reveal the company's future development plan. On the other hand, the decryption time scales linearly with the complexity of the access, which makes it unsuitable for resource-limited end users. In this paper, we propose a CP-ABE scheme with hidden sensitive policy for recruitment in smart city. Specifically, we introduce a new security model chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and fully hidden, only if user's attributes satisfy the public policy, it's possible for him/her to learn about the hidden policy, otherwise he/she cannot get any information (attribute name and its values) of it. When the user satisfies both access policies, he/she can obtain and decrypt the ciphertext. Compared with other CP-ABE schemes, our scheme supports a more expressive access policy, since the access policy of their schemes only work on the ``AND-gate'' structure. In addition, intelligent devices spread all over the smart city, so partial computational overhead of encryption of our scheme can be outsourced to these devices as fog nodes, while most part overhead in the decryption process is outsourced to the cloud. Therefore, our scheme is more applicable to end users with resource-constrained mobile devices. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

scholarly journals Blockchain-Based Security Model for LoRaWAN Firmware Updates

2022 ◽  
Vol 11 (1) ◽  
pp. 5
Author(s):  
Njabulo Sakhile Mtetwa ◽  
Paul Tarwireyi ◽  
Cecilia Nombuso Sibeko ◽  
Adnan Abu-Mahfouz ◽  
Matthew Adigun
Keyword(s):  
Use Cases ◽  
Smart Devices ◽  
Area Network ◽  
Sensitive Information ◽  
Security Model ◽  
Functional Requirements ◽  
Wide Area Network ◽  
Proposed Model ◽  
Attack Surface ◽  
Iot Devices

The Internet of Things (IoT) is changing the way consumers, businesses, and governments interact with the physical and cyber worlds. More often than not, IoT devices are designed for specific functional requirements or use cases without paying too much attention to security. Consequently, attackers usually compromise IoT devices with lax security to retrieve sensitive information such as encryption keys, user passwords, and sensitive URLs. Moreover, expanding IoT use cases and the exponential growth in connected smart devices significantly widen the attack surface. Despite efforts to deal with security problems, the security of IoT devices and the privacy of the data they collect and process are still areas of concern in research. Whenever vulnerabilities are discovered, device manufacturers are expected to release patches or new firmware to fix the vulnerabilities. There is a need to prioritize firmware attacks, because they enable the most high-impact threats that go beyond what is possible with traditional attacks. In IoT, delivering and deploying new firmware securely to affected devices remains a challenge. This study aims to develop a security model that employs Blockchain and the InterPlanentary File System (IPFS) to secure firmware transmission over a low data rate, constrained Long-Range Wide Area Network (LoRaWAN). The proposed security model ensures integrity, confidentiality, availability, and authentication and focuses on resource-constrained low-powered devices. To demonstrate the utility and applicability of the proposed model, a proof of concept was implemented and evaluated using low-powered devices. The experimental results show that the proposed model is feasible for constrained and low-powered LoRaWAN devices.

scholarly journals The Challenges of Effectively Anonymizing Network Data

2013 ◽  
pp. 15-22
Author(s):  
Ch. Himabindu
Keyword(s):  
Network Security ◽  
Information Security ◽  
Data Collection ◽  
Network Data ◽  
Sensitive Information ◽  
Security Testing ◽  
The Past ◽  
Technical Leadership ◽  
Security Research ◽  
Privacy Issues

The availability of realistic network data plays a significant role in fostering collaboration and ensuring U.S. technical leadership in network security research. Unfortunately, a host of technical, legal, policy, and privacy issues limit the ability of operators to produce datasets for information security testing. In an effort to help overcome these limitations, several data collection efforts (e.g., CRAWDAD[14], PREDICT [34]) have been established in the past few years. The key principle used in all of these efforts to assure low-risk, high-value data is that of trace anonymization—the process of sanitizing data before release so that potentially sensitive information cannot be extracted.

scholarly journals An Approach for Risk Estimation in Information Security Using Text Mining and Jaccard Method

2018 ◽  
Vol 7 (3) ◽  
pp. 393-399
Author(s):  
Prajna Deshanta Ibnugraha ◽  
Lukito Edi Nugroho ◽  
Paulus Insap Santosa
Keyword(s):  
Text Mining ◽  
Information Security ◽  
Risk Estimation ◽  
Information Leakage ◽  
Information Value ◽  
Sensitive Information ◽  
Digital Information ◽  
Security Threat ◽  
Business Impact ◽  
Related Information

Involvement of digital information in almost of enterprise sectors makes information having value that must be protected from information leakage. In order to obtain proper method for protecting sensitive information, enterprise must perform risk analysis of threat. However, enterprises often get limitation in measuring risk related information security threat. Therefore, this paper has goal to give approach for estimating risk by using information value. Techniques for measuring information value in this paper are text mining and Jaccard method. Text mining is used to recognize information pattern based on three classes namely high business impact, medium business impact and low business impact. Furthermore, information is given weight by Jaccard method. The weight represents risk levelof information leakage in enterprise quantitatively. Result of comparative analysis with existing method show that proposed method results more detailed output in estimating risk of information security threat.

Information security model of block chain based on intrusion sensing in the IoT environment

2018 ◽  
Vol 22 (S1) ◽  
pp. 451-468 ◽  
Author(s):  
Daming Li ◽  
Zhiming Cai ◽  
Lianbing Deng ◽  
Xiang Yao ◽  
Harry Haoxiang Wang
Keyword(s):  
Information Security ◽  
Security Model ◽  
Block Chain
Sign in / Sign up

Export Citation Format

Share Document