scholarly journals DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽  
2021 ◽  
Vol 1 (2) ◽  
pp. 75-94
Author(s):  
Ed Kamya Kiyemba Edris ◽  
Mahdi Aiash ◽  
Jonathan Loo
Keyword(s):  
Mobile Networks ◽  
Service Providers ◽  
Security Analysis ◽  
Mobile Network ◽  
End Users ◽  
Third Party ◽  
Control Mechanisms ◽  
Security Measures ◽  
Data Caching ◽  
Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

scholarly journals Formal Verification of Authentication and Service Authorization Protocols in 5G-Enabled Device-to-Device Communications Using ProVerif

Electronics ◽  
2021 ◽  
Vol 10 (13) ◽  
pp. 1608
Author(s):  
Ed Kamya Kiyemba Edris ◽  
Mahdi Aiash ◽  
Jonathan Loo
Keyword(s):  
Service Providers ◽  
Security Analysis ◽  
Mobile Network ◽  
Network Services ◽  
Control Mechanisms ◽  
D2d Communications ◽  
Fifth Generation ◽  
Device To Device ◽  
Pi Calculus ◽  
Authentication And Authorization

Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols.

SECURITY IN CLOUD COMPUTING IN INDIAN GOVERNMENT

2021 ◽  
Vol 12 (3) ◽  
Author(s):  
Nitin Vishnu Choudhari ◽  
Dr. Ashish B Sasankar
Keyword(s):  
Cloud Computing ◽  
Service Delivery ◽  
Service Providers ◽  
Cloud Service ◽  
Cloud Security ◽  
End Users ◽  
Security Architecture ◽  
Security Measures ◽  
End User ◽  
Cloud Service Providers

Abstract –Today Security issue is the topmost problem in the cloud computing environment. It leads to serious discomfort to the Governance and end-users. Numerous security solutions and policies are available however practically ineffective in use. Most of the security solutions are centered towards cloud technology and cloud service providers only and no consideration has been given to the Network, accessing, and device securities at the end-user level. The discomfort at the end-user level was left untreated. The security of the various public, private networks, variety of devices used by end-users, accessibility, and capacity of end-users is left untreated. This leads towards the strong need for the possible modification of the security architecture for data security at all levels and secured service delivery. This leads towards the strong need for the possible adaption of modified security measures and provisions, which shall provide secured hosting and service delivery at all levels and reduce the security gap between the cloud service providers and end-users. This paper investigates the study and analyze the security architecture in the Cloud environment of Govt. of India and suggest the modifications in the security architecture as per the changing scenario and to fulfill the future needs for the secured service delivery from central up to the end-user level. Keywords: Cloud Security, Security in GI Cloud, Cloud Security measures, Security Assessment in GI Cloud, Proposed Security for GI cloud

scholarly journals Automatic Security Assessment for Next Generation Wireless Mobile Networks

2011 ◽  
Vol 7 (3) ◽  
pp. 217-239 ◽  
Author(s):  
Francesco Palmieri ◽  
Ugo Fiore ◽  
Aniello Castiglione
Keyword(s):  
Mobile Networks ◽  
Security Analysis ◽  
Mobile Node ◽  
Malicious Code ◽  
Third Party ◽  
Security Assessment ◽  
Security Risk ◽  
Concept Model ◽  
Reliable Knowledge ◽  
Automated Support

Wireless networks are more and more popular in our life, but their increasing pervasiveness and widespread coverage raises serious security concerns. Mobile client devices potentially migrate, usually passing through very light access control policies, between numerous and heterogeneous wireless environments, bringing with them software vulnerabilities as well as possibly malicious code. To cope with these new security threats the paper proposes a new active third party authentication, authorization and security assessment strategy in which, once a device enters a new Wi-Fi environment, it is subjected to analysis by the infrastructure, and if it is found to be dangerously insecure, it is immediately taken out from the network and denied further access until its vulnerabilities have been fixed. The security assessment module, that is the fundamental component of the aforementioned strategy, takes advantage from a reliable knowledge base containing semantically-rich information about the mobile node under examination, dynamically provided by network mapping and configuration assessment facilities. It implements a fully automatic security analysis framework, based on AHP, which has been conceived to be flexible and customizable, to provide automated support for real-time execution of complex security/risk evaluation tasks which depends on the results obtained from different kind of analysis tools and methodologies. Encouraging results have been achieved utilizing a proof-of-concept model based on current technology and standard open-source networking tools.

scholarly journals Securing Open Banking with Model-View-Controller Architecture and OWASP

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Deina Kellezi ◽  
Christian Boegelund ◽  
Weizhi Meng
Keyword(s):  
Data Storage ◽  
Web Applications ◽  
Service Providers ◽  
Third Party ◽  
Security Level ◽  
The European Union ◽  
Security Measures ◽  
Security Issues ◽  
Separation Of Concern ◽  
The Right

In 2015, the European Union passed the PSD2 regulation, with the aim of transferring ownership of bank accounts to the private person. As a result, Open Banking has become an emerging concept, which provides third-party financial service providers open access to bank APIs, including consumer banking, transaction, and other financial data. However, such openness may also incur many security issues, especially when the data can be exposed by an API to a third party. Focused on this challenge, the primary goal of this work is to develop one innovative web solution to the market. We advocate that the solution should be able to trigger transactions based on goals and actions, allowing users to save up money while encouraging positive habits. In particular, we propose a solution with an architectural model that ensures clear separation of concern and easy integration with Nordea’s (the largest bank in the Nordics) Open Banking APIs (sandbox version), and a technological stack with the microframework Flask, the cloud application platform Heroku, and persistent data storage layer using Postgres. We analyze and map the web application’s security threats and determine whether or not the technological frame can provide suitable security level, based on the OWASP Top 10 threats and threat modelling methodology. The results indicate that many of these security measures are either handled automatically by the components offered by the technical stack or are easily preventable through included packages of the Flask Framework. Our findings can support future developers and industries working with web applications for Open Banking towards improving security by choosing the right frameworks and considering the most important vulnerabilities.

scholarly journals A Decentralized Personal Data Store based on Ethereum: Towards GDPR Compliance

2019 ◽  
Vol 15 (2) ◽  
Author(s):  
Marco Alessi ◽  
Alessio Camillò ◽  
Enza Giangreco ◽  
Marco Matera ◽  
Stefano Pino ◽  
...  
Keyword(s):  
Data Sharing ◽  
Data Protection ◽  
Service Providers ◽  
Personal Data ◽  
End Users ◽  
Third Party ◽  
Smart Devices ◽  
Sensitive Data ◽  
Data Store ◽  
Mandatory Requirement

Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users' awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The  certification assures compliance to  the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services.  Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real.

scholarly journals Unbending the Winding Path of a Low-Income Country’s Energy Sector amid the COVID-19 Pandemic: Perspectives from Malawi

Energies ◽  
2021 ◽  
Vol 14 (21) ◽  
pp. 7184
Author(s):  
Collen Zalengera ◽  
Maxon L. Chitawo ◽  
Isaac Chitedze ◽  
Long Seng To ◽  
Vincent Mwale ◽  
...  
Keyword(s):  
Low Income ◽  
Service Providers ◽  
Energy Systems ◽  
Mobile Network ◽  
Energy System ◽  
Energy Sector ◽  
Third Party ◽  
Low Income Countries ◽  
Continuity Of Operations ◽  
The Impact

This paper discusses the impact of COVID-19’s vulnerability context on Malawi’s Energy Sector and outlines mechanisms for enhancing Malawi’s energy-sector resilience based on experiences from a range of stakeholders. The investigation was conducted online by inviting purposively selected stakeholders to create presentations responding to thematic questions. The final sample had 19 stakeholders with representation from policy-makers, regulatory bodies, national grid supply players, off-grid players, development agencies, bankers, professional bodies, civil society, and women’s rights bodies. The presentations from the stakeholders highlighted how COVID-19 affects the operation costs of energy systems and implementation of energy systems projects in areas that require stimulus packages to contain energy system delivery costs and prevent disruption of essential services amid the COVID-19 pandemic. These services include stakeholder responses to COVID-19 in the energy sector, the role of digital payments particularly when purchasing electricity units, and the state of third-party service providers such as banks and mobile network operators to enhance preparedness and continuity of operations for the energy sector. Based on the findings in these thematic areas and an application of systems thinking in the analysis, the paper finally makes recommendations on how Malawi and similar low-income countries can strategise to enhance energy systems resilience.

scholarly journals Secure Drone Network Edge Service Architecture Guaranteed by DAG-Based Blockchain for Flying Automation under 5G

Sensors ◽  
2020 ◽  
Vol 20 (21) ◽  
pp. 6209
Author(s):  
Ying Gao ◽  
Yangliang Liu ◽  
Quansi Wen ◽  
Hongliang Lin ◽  
Yijian Chen
Keyword(s):  
Real Time ◽  
Service Providers ◽  
Mobile Network ◽  
Edge Computing ◽  
Third Party ◽  
Security And Privacy ◽  
Network Service ◽  
Specific Service ◽  
Service Architecture ◽  
Service Environment

With the development of the Internet of Things (IoT), the number of drones, as a consumer-level IoT device, is rapidly increasing. The existence of a large number of drones increases the risk of misoperation during manual control. Therefore, it has become an inevitable trend to realize drone flying automation. Drone flying automation mainly relies on massive drone applications and services as well as third-party service providers, which not only complicate the drone network service environment but also raise some security and privacy issues. To address these challenges, this article proposes an innovative architecture called Secure Drone Network Edge Service (SDNES), which integrates edge computing and blockchain into the drone network to provide real-time and reliable network services for drones. To design a feasible and rational SDNES architecture, we first consider the real-time performance and apply edge computing technology in it to provide low-latency edge services for drones under 5G mobile network. We use DAG-based blockchain to guarantee the security and reliability of the drone network service environment and effectively avoid malicious behaviors. In order to illustrate the feasibility of this architecture, we design and implement a specific service case named Drone Collision Avoidance Navigation Service based on SDNES. Finally, a simulation experiment for the specific service case and a series of other performance-related experiments were carried out to verify the feasibility and rationality of our proposed architecture. The experimental results demonstrate that SDNES is a promising architecture to assist and accelerate drone flying automation.

scholarly journals INTERDEPENDENCE OF FINTECH INNOVATIONS, FINANCIAL, CYBERNETIC CRIMES AND LEGALIZATION OF CRIMINAL INCOME MEDIATED BY FINANCE INSTITUTIONS

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
O. Kuzmenko ◽  
T. Dotsenko ◽  
S. Mynenko ◽  
E. Shramko
Keyword(s):  
Money Laundering ◽  
Financial Services ◽  
Service Providers ◽  
Criminal Activity ◽  
Third Party ◽  
Security Measures ◽  
Current Trends ◽  
Financial Infrastructure ◽  
Financial Transactions ◽  
The Impact

Current trends in Ukrainian society, the decline of economic development and, on the other hand, digitalization, development of financial services and innovation lead to a review and rethinking of the causes and consequences of criminal activity in the financial and economic sphere. FinTech innovations provide the latest tools to protect financial transactions, and, as the range of services expands, provide more targets for cybercriminals. The goals of cybercriminals, in turn, are often financial in nature, as the goals of criminals, for example, are not only to obtain confidential information, but also to use it for their own benefit or to meet the needs of a third party. Funds obtained illegally should be legalized for their quiet further use. All these processes to some extent depend on the available financial infrastructure - the existing financial organizations-service providers. The purpose of this study is to determine the relationship between FinTech innovation, financial crime, cybercrime and money laundering by building an economic and mathematical model, taking into account the functioning of financial institutions as major intermediaries in the financial services market. The method of structural modeling of interrelations between processes was chosen as the basic for research. Missed values ​​were predicted using a simple mean, the results were generated by analysis, synthesis, comparison and logical generalization. STATISTICA statistical software was used for simulation. The study found that the development of FinTech will lead to a reduction in financial offenses. If the number of cybercrimes and the number of crimes for money laundering increase, so will the number of financial crimes, but the impact of money laundering is stronger. The growth of fintech innovation will lead to an increase in cybercrime. With formalized linkages between these processes, law enforcement and government regulators will be able to better plan and manage the development of fintech innovation, risk-based digitalisation of the economy, and additional security measures.

scholarly journals Improved Data Security for Storing and Authenticating in Cloud using ERSA Algorithm

2019 ◽  
Vol 8 (12S) ◽  
pp. 863-867
Keyword(s):  
Data Security ◽  
Service Providers ◽  
Cloud Service ◽  
Third Party ◽  
Security And Privacy ◽  
Security Measures ◽  
Huge Amount ◽  
The Third ◽  
Cloud Service Providers ◽  
Data Auditing

Present days, huge amount of data stored with cloud service providers. The Third- party auditors (TPAs), with support of cryptography, are frequently utilized to prove this data. Auditing will be capability for cloud clients to prove the existence &functioning of their supplier's security measures. Authentication is done by using username and password. The important point in authentication is to protect data from the access of unauthorized people. The proposed scheme is Enhanced RSA (ERSA) Algorithm. This paper presents solution to enhance the security and privacy to stored data in cloud. Result demonstrates that this scheme can progress the security of data that stored in cloud

Sign in / Sign up

Export Citation Format

Share Document