Biometric Blockchain-based Multifactor Privacy Perserving Authentication Scheme for VANETs

To provide the most suitable or compatible scheme to work against various attack toward vehicular ad hoc networks (VANETs) is very challenging. Not only that the high authentication and communication overhead also became a problem for VANETs. Thus, in this paper we use multifactor authentication that could resist various attack toward VANETs. A biometric blockchain-based multifactor privacy-preserving authentication scheme for VANETs. This scheme is proposed by using a new robust pseudo-identity multifactor VANET scheme based on Physical Unclonable Functions (PUF) and biometric data of the vehicle’s authorized user. To calculate the computational cost and the authentication overhead, we compare three of our computational cost and authentication overhead below. From the complexity analysis this proposed scheme has a lower authentication overhead and offers better security level and a low computational cost can be achieved. From the perspective of future, we hope that the cost that involve in this scheme still can be reduce as we offer a high security level. Not only that, but we also hope that this scheme can be implemented practically.

Files Storage & Sharing Platform Using Cloud

The concept of cloud computing becomes more popular in latest years. Data storage is very important and valuable research field in cloud computing. Cloud based file sharing is a file sharing security in cloud. The required security from unauthorized access of the file in the cloud is provided by the encryption and decryption function. The admin can provide file access option to the authorized users. This facility limits the number and time of access of the shared files by the admin for the authorized user. Cloud data storage technology is the core area in cloud computing and solves the data storage mode of cloud environment. This project introduces the concept of cloud computing and cloud storage as well as the architecture of cloud storage firstly. Then we analyze the cloud data storage technology amazon web services, wasabi, Digital Ocean etc. We will improve the traditional file storage method and we will make a platform which will get more privileges. Keywords: Cloud, Storage, AWS, Wasabi, File Management, Files Storage, Files Sharing, DMS, CMS, Drive store, Private Cloud.

A Workflow Criticality-Based Approach to Bypass the Workflow Satisfiability Problem

Workflow management systems are very important for any organization to manage and model complex business processes. However, significant work is needed to keep a workflow resilient and secure. Therefore, organizations apply a strict security policy and enforce access control constraints. As a result, the number of available and authorized users for the workflow execution decreases drastically. Thus, in many cases, such a situation leads to a workflow deadlock situation, where there no available authorized user-task assignments for critical tasks to accomplish the workflow execution. In the literature, this problem has gained interest of security researchers in the recent years, and is known as the workflow satisfiability problem (WSP). In this paper, we propose a new approach to bypass the WSP and to ensure workflow resiliency and security. For this purpose, we define workflow criticality, which can be used as a metric during run-time to prevent WSP. We believe that the workflow criticality value will help workflow managers to make decisions and start a mitigation solution in case of a critical workflow. Moreover, we propose a delegation process algorithm (DP) as a mitigation solution that uses workflow instance criticality, delegation, and priority concepts to find authorized and suitable users to perform the critical task with low-security risks.

Security and Privacy Analysis of Vinoth et al.’s Authenticated Key Agreement Scheme for Industrial IoT

Vinoth et al. proposed an authenticated key agreement scheme for industrial IoT (Internet of Things) applications. Vinoth et al.’s scheme aimed to protect the remote sensing data of industrial IoT devices under hostile environments. The scheme is interesting because the authorized user is allowed simultaneously to access the multiple IoT sensing devices. Therefore, we carefully analyzed the security and privacy implications of Vinoth et al.’s scheme. Our findings are summarized as follows. One, Vinoth et al.’s scheme failed to defeat user impersonation attacks. Second, Vinoth et al.’s scheme did not prevent IoT sensing device impersonation attacks. Third, Vinoth et al.’s scheme suffered from replay attacks. Fourth, Vinoth et al.’s scheme was vulnerable to desynchronization attacks. Fifth, Vinoth et al.’s scheme could not maintain user privacy. As a case study, our analysis results enlighten researchers and engineers on the design of robust and efficient authenticated key agreement schemes for IoT applications.

A Blockchain-Based Streaming Data Sharing Scheme with Incentives and Trust Access Control

The fifth-generation of cellular mobile communications (5G) networks promotes the internet of everything, smart devices are setting to penetrate each piece of our life, generating a large amount of data. Data sharing is essential to derive the inherent value, either in the form of social/financial gain or strategic competitive advantage. However, the concerns of security and the deficiency of effective incentive in the Internet of things (IoT) lead to the poor willingness of data sharing. Such considerations call for novel IoT data-sharing protocols that can achieve better data security and provide a more attractive incentive mechanism. In this paper, we exploit smart contracts, re-encryption, and hash-chain to propose a reliable streaming data sharing scheme. Firstly, the incentives to stimulate the owner’s enthusiasm of sharing data is considered, our scheme provides authorized user accessible to the shared data and provides data providers profits to share data. Secondly, a n-time query mechanism that provided flexible data access is designed, in which authorized users can query the data n times within an agreed time. Since the query voucher and every successful query is recorded and verified by smart contract, everyone in the blockchain network can validate it, the trustfulness of data access are ensured. The analysis showed that our scheme has better performance than some of the current data sharing schemes, and the experiment is conducted to demonstrate the effectiveness of our design.

Road to becoming Y-90 authorized user as an integrated vascular and interventional radiology resident (NRC alternate pathway)

Yttrium-90 (Y-90) radioembolization, also called transarterial radioembolization (TARE), is a catheter-directed therapy for direct delivery of internal radiation to tumors in the form of microspheres. It is currently available in two forms, either as a constituent of glass microspheres called TheraSphere® (BTG Ltd., London, UK [now Boston Scientific, Marlborough, MA, USA]) or as a biocompatible resin-based microsphere called SIR-Spheres® (Sirtex Medical Ltd., Woburn, MA, USA). Once these microspheres are delivered to the tumor through an arterial pathway, they are embedded within the tumor microcirculation and emit β-radiation at therapeutic levels. TARE is a commonly used treatment for unresectable primary or secondary hepatic malignancies and has led to improved survival rates and increased success rates in downstaging patients before liver resection or transplantation. Immediately following the pre-treatment angiogram, each patient undergoes a nuclear medicine study, otherwise known as technetium (99mTc) macroaggregated albumin scan, to determine the amount of radiotracer that has accumulated in the lungs (lung shunt fraction). Finally, after several calculations, the appropriate radiation dose to be delivered to the tumor is determined. While the technical aspects of radioembolization are quite complex, the collective clinical experience presented in the literature supports the use of Y-90 radioembolization for unresectable hepatic malignancies. Those ordering and administering radioembolization particles must be deemed an authorized user (AU) by the Nuclear Regulatory Commission (NRC). The NRC defines an AU as the individual responsible for ensuring that radioactive materials are handled and used safely and following NRC regulations and the terms and conditions of the NRC license. The NRC has published licensing guidance on Y-90 brachytherapy with the 10th revision released on November 8, 2019. This guidance has outlined specific requirements for obtaining a license for the use of TheraSphere and SIR-Spheres. Following the revised licensure guidelines from the NRC on Y-90 usage, a conditional authorization has been obtained at our institution by the PGY-6 interventional radiology/diagnostic radiology (IR/DR) resident. While the full guidelines and extensive alternative requirements can be found online, we will highlight the specific guidelines applicable to and fulfilled by IR/DR residents. The traditional ABR pathway takes approximately 18 months after graduation, including passing the ABR certification examination to become an AU. With the proposed alternate pathway, trainees will potentially become AU immediately after graduation. The primary aim of this submission is to describe the process for obtaining conditional authorization for Y-90 microspheres for PGY-6 IR/DR residents.

Implementation of Meltdown Attack Simulation for Cybersecurity Awareness Material

One of the rising risk in cybersecurity is an attack on cyber physical system. Today’s computer systems has evolve through the development of processor technology, namely by the use of optimization techniques such as out-of-order execution. Using this technique, processors can improve computing system performance without sacrificing manufacture processes. However, the use of these optimization techniques has vulnerabilities, especially on Intel processors. The vulnerability is in the form of data exfiltration in the cache memory that can be exploit by an attack. Meltdown is an exploit attack that takes advantage of such vulnerabilities in modern Intel processors. This vulnerability can be used to extract data that is processed on that specific computer device using said processors, such as passwords, messages, or other credentials. In this paper, we use qualitative research which aims to describe a simulation approach with experience meltdown attack in a safe environment with applied a known meltdown attack scheme and source code to simulate the attack on an Intel Core i7 platform running Linux OS. Then we modified the source code to prove the concept that the Meltdown attack can extract data on devices using Intel processors without consent from the authorized user.

MOBILE ATM USING ANDROID APPLICATION

Nowadays, dependency on banking in the virtual world has been increased to the peak position. To make it consistent advanced technologies should be used. As OTP is currently used worldwide for security purposes, it can be overruled by QR code. Main advantage of QR code over OTP data storage. OTP can only confirm that the user is authorized user and not some third party is involved in this transaction while QR code not only confirms the authorized user but QR code itself can store information such as transaction id, transaction date, time and also amount of transaction. So, there is no need of explicitly keeping track of transaction every transaction. Aim of this paper to enhance the functionality of ATM machine using android application. Proposed system is combining the ATM and mobile banking and minimizes the time of withdrawing cash from ATM. This will increase the speed of transaction almost three times fast; could have excellent impact on customer’s satisfaction. With the help of QR code information get encrypted so it also increases security. As the population increasing ATM queues will be longer day by day. By implementing proposed system current system will not hampered, by doing some minor changes in existing system it will be possible to get cash within seconds. According to analyst report, cost of transaction using mobile application i almost ten times less than ATM and about fifty times less, if physical bank branch used.

Privacy-preserving Data Aggregation against Malicious Data Mining Attack for IoT-enabled Smart Grid

Internet of Things (IoT)-enabled smart grids can achieve more reliable and high-frequency data collection and transmission compared with existing grids. However, this frequent data processing may consume a lot of bandwidth, and even put the user’s privacy at risk. Although many privacy-preserving data aggregation schemes have been proposed to solve the problem, they still suffer from some security weaknesses or performance deficiency, such as lack of satisfactory data confidentiality and resistance to malicious data mining attack. To address these issues, we propose a novel privacy-preserving data aggregation scheme (called PDAM) for IoT-enabled smart grids, which can support efficient data source authentication and integrity checking, secure dynamic user join and exit. Unlike existing schemes, the PDAM is resilient to the malicious data mining attack launched by internal or external attackers and can achieve perfect data confidentiality against not only a malicious aggregator but also a curious control center for an authorized user. The detailed security and performance analysis show that our proposed PDAM can satisfy several well-known security properties and desirable efficiency for a smart grid system. Moreover, the comparative studies and experiments demonstrate that the PDAM is superior to other recently proposed works in terms of both security and performance.

Adaptive Speech Analysis Techniques for Biometrics Applications

Using biometrics for personal identity authentication is becoming more reliable and accurate than current methods because it links the event to a particular individual (e.g. a password may be used by someone other that the authorized user), is convenient (nothing to carry or remember), accurate (provides positive authentication) and is socially acceptable. Adaptive frequency sub-band or time frame recombination approaches are introduced in this thesis.