Formal Modelling and Automated Trade-off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud

To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers). To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we propose a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs.

Medium access control protocol design for wireless communications and networks review

<p><span>Medium access control (MAC) protocol design plays a crucial role to increase the performance of wireless communications and networks. The channel access mechanism is provided by MAC layer to share the medium by multiple stations. Different types of wireless networks have different design requirements such as throughput, delay, power consumption, fairness, reliability, and network density, therefore, MAC protocol for these networks must satisfy their requirements. In this work, we proposed two multiplexing methods for modern wireless networks: Massive multiple-input-multiple-output (MIMO) and power domain non-orthogonal multiple access (PD-NOMA). The first research method namely Massive MIMO uses a massive number of antenna elements to improve both spectral efficiency and energy efficiency. On the other hand, the second research method (PD-NOMA) allows multiple non-orthogonal signals to share the same orthogonal resources by allocating different power level for each station. PD-NOMA has a better spectral efficiency over the orthogonal multiple access methods. A review of previous works regarding the MAC design for different wireless networks is classified based on different categories. The main contribution of this research work is to show the importance of the MAC design with added optimal functionalities to improve the spectral and energy efficiencies of the wireless networks.</span></p>

Centralized, Distributed, and Everything in between

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Door Lock Security System Using Recent Technology

In terms of house security, the door is pivotal. To keep the hearthstone secure, the proprietor will keep the door locked at all times. Still, owing to a rush when leaving the house, the proprietor may forget to lock the door, or they may be doubtful if they’ve closed the door or not. Wireless security grounded operation have fleetly increased due to the dramatic enhancement of ultramodern technologies. Numerous access control systems were designed and/or enforced grounded on different types of wireless communication technologies by different people. Radio Frequency identification (RFID) is a contactless technology that’s extensively used in several diligences for tasks like access control system, book shadowing in libraries, tollgate system, forced chain operation, and so on. For enforcing this design, we will be using Arduino mega 2560 pro mini, a fingerprint sensor, Keypad module. ESP-32 CAM module, RFID sensor, solenoid lock and ESP8266. We have also created an application for monitoring and controlling the security features of the door lock. We can also open the door through mobile fingerprint. Keywords: Arduino mega 2560 pro mini, ESP32-CAM, ESP8266, Fingerprint sensor, Keypad module, RFID sensor.

BCST-APTS: Blockchain and CP-ABE Empowered Data Supervision, Sharing, and Privacy Protection Scheme for Secure and Trusted Agricultural Product Traceability System

Blockchain provides new technologies and ideas for the construction of agricultural product traceability system (APTS). However, if data is stored, supervised, and distributed on a multiparty equal blockchain, it will face major security risks, such as data privacy leakage, unauthorized access, and trust issues. How to protect the privacy of shared data has become a key factor restricting the implementation of this technology. We propose a secure and trusted agricultural product traceability system (BCST-APTS), which is supported by blockchain and CP-ABE encryption technology. It can set access control policies through data attributes and encrypt data on the blockchain. This can not only ensure the confidentiality of the data stored in the blockchain, but also set flexible access control policies for the data. In addition, a whole-chain attribute management infrastructure has been constructed, which can provide personalized attribute encryption services. Furthermore, a reencryption scheme based on ciphertext-policy attribute encryption (RE-CP-ABE) is proposed, which can meet the needs of efficient supervision and sharing of ciphertext data. Finally, the system architecture of the BCST-APTS is designed to successfully solve the problems of mutual trust, privacy protection, fine-grained, and personalized access control between all parties.

Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.