Internet of Things (IoTs) are set to revolutionize our lives and are widely being adopted nowadays. The IoT devices have a range of applications including smart homes, smart industrial networks and healthcare. Since these devices are responsible for generating and handling large amounts of sensitive data, the security of the IoT devices always poses a challenge. It is observed that a security breach could effect individuals and eventually the world at large. Artificial intelligence (AI), on the other hand, has found many applications and is widely being explored in providing security specifically for IoT devices. Malicious insider attack is the biggest security challenge associated with the IoT devices. Although, most of the research in IoT security has pondered on the means of preventing illegal and unauthorized access to systems and information; unfortunately, the most destructive malicious insider attacks that are usually a consequence of internal exploitation within an IoT network remains unaddressed. Therefore, the focus of this research is to detect malicious insider attacks in the IoT environment using AI. This research presents a lightweight approach for detecting insider attacks and has the capability of detecting anomalies originating from incoming data sensors in resource constrained IoT environments. The results and comparison show that the proposed approach achieves better accuracy as compared to the state of the art in terms of: a) improved attack detection accuracy; b) minimizing false positives; and c) reducing the computational overhead.
This is the accepted version of the paper.This version of the publication may differ from the final published version. Permanent ABSTRACTThis paper presents a strategy for enabling speech recognition to be performed in the cloud whilst preserving the privacy of users. The approach advocates a demarcation of responsibilities between the client and server-side components for performing the speech recognition task. On the client-side resides the acoustic model, which symbolically encodes the audio and encrypts the data before uploading to the server. The server-side then employs searchable encryption to enable the phonetic search of the speech content. Some preliminary results for speech encoding and searchable encryption are presented.
Internet of Things (IoT) is a system of interconnected devices that have the ability to monitor and transfer data to peers without human intervention. Authentication, Authorization and Audit Logs (AAA) are prime features of Network Security and easily attained in legacy systems, however, remains unachieved in IoT. The IoTs require due security considerations as the conventional security mechanisms are not optimized for such devices due to various aspects such as heterogeneity, resource constrained processing, storage and multiple factors. Additionally, the legacy systems are mostly centralized and thus introduce a single point of failure. In this research, a novel framework, FBASHI is presented that is based on fuzzy logic and blockchain technology to achieve AAA services. The proposed system is developed using Hyperledger that is a blockchain platform providing privacy and fast response capability, therefore, it is best suited for the healthcare IoT environments. This work proposes behavior driven adaptive security mechanism for healthcare IoTs and networks based on blockchain by utilizing fuzzy logic and presents a heuristic approach towards behavior driven adaptive security providing AAA services. FBASHI is implemented to analyze its security and practicality. Furthermore, a comparison is drawn with other blockchain-based solutions.
Globally, the surge in disease and urgency in maintaining social distancing has reawakened the use of telemedicine/telehealth. Amid the global health crisis, the world adopted the culture of online consultancy. Thus, there is a need to revamp the conventional model of the telemedicine system as per the current challenges and requirements. Security and privacy of data are main aspects to be considered in this era. Data-driven organizations also require compliance with regulatory bodies, such as HIPAA, PHI, and GDPR. These regulatory compliance bodies must ensure user data privacy by implementing necessary security measures. Patients and doctors are now connected to the cloud to access medical records, e.g., voice recordings of clinical sessions. Voice data reside in the cloud and can be compromised. While searching voice data, a patient’s critical data can be leaked, exposed to cloud service providers, and spoofed by hackers. Secure, searchable encryption is a requirement for telemedicine systems for secure voice and phoneme searching. This research proposes the secure searching of phonemes from audio recordings using fully homomorphic encryption over the cloud. It utilizes IBM’s homomorphic encryption library (HElib) and achieves indistinguishability. Testing and implementation were done on audio datasets of different sizes while varying the security parameters. The analysis includes a thorough security analysis along with leakage profiling. The proposed scheme achieved higher levels of security and privacy, especially when the security parameters increased. However, in use cases where higher levels of security were not desirous, one may rely on a reduction in the security parameters.
Searchable Encryption (SE) allows a client to search over large amounts of encrypted data outsourced to the Cloud. Although, this helps to maintain the confidentiality of the outsourced data but achieving privacy is a difficult and resource intensive task. With the increase in the query effectiveness, i.e., by shifting from single keyword SE to multikeyword SE there is a notable drop in the efficiency. This motivates to make use of the advances in the multi-core architectures and multiple threads where the search can be delegated across different threads to perform search in a parallel fashion. The proposed scheme is based on probabilistic trapdoors that are formed by making use of the property of modular inverses. The use of probabilistic trapdoors helps resist distinguishability attacks. The rigorous security analysis helps us to appreciate the advantage of having a probabilistic trapdoor. Furthermore, to validate the performance of the proposed scheme, it is implemented and deployed onto the British Telecommunication's Public Cloud offering and tested over a real speech corpus. The implementation is also extended to anticipate the performance gain by using the multi-core architecture that helps to maintain the lightweight property of the scheme.
Searchable Encryption allows a user or organization to outsource their encrypted documents to a Cloudbased storage service, while maintaining the ability to perform keyword searches over the encrypted text. However, most of the existing search schemes do not take the almost certain presence of typographical errors in the documents under consideration, when trying to obtain meaningful and accurate results. This paper presents a novel ranked searchable encryption scheme that addresses this issue by supporting fuzzy keywords. The proposed construction is based on probabilistic trapdoors that help resist distinguishability attacks. This paper for the first time proposes Searchable Encryption as a Service (SEaaS). The proposed construction is deployed on the British Telecommunication's public Cloud architecture and evaluated over a real-life speech corpus. Our security analysis yields that the construction satisfies strong security guarantees and is also quiet lightweight, by analyzing its performance over the speech corpus.
Abstract-Cloud computing motivates data owners to economically outsource large amounts of data to the cloud. To preserve the privacy and confidentiality of the documents, the documents need to be encrypted prior to being outsourced to the cloud. In this paper, we propose a lightweight construction that facilitates ranked disjunctive keyword (multi-keyword) searchable encryption based on probabilistic trapdoors. The security analysis yields that the probabilistic trapdoors help resist distinguishability attacks. Through the computational complexity analysis we realize that our scheme outperforms similar existing schemes. We explore the use of searchable encryption in the telecom domain by implementing and deploying our proof of concept prototype onto the British Telecommunication's Public Cloud offering and testing it over a real corpus of audio transcriptions. The extensive experimentation thereafter validates our claim that our scheme is lightweight.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.