Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.5
2.7
Journals
Applied Sciences
Special Issues
Advances in Information Security and Privacy
share announcement

Advances in Information Security and Privacy

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Electrical, Electronics and Communications Engineering".

Deadline for manuscript submissions: closed (15 October 2021) | Viewed by 49264

Printed Edition Available!
A printed edition of this Special Issue is available here.

Special Issue Editors

Dr. Gianluca Lax

E-Mail Website
Guest Editor
Department of Information Engineering, Infrastructure and Sustainable Energy (DIIES), University Mediterranea of Reggio Calabria, 89122 Reggio Calabria, Italy
Interests: privacy; access control; blockchain; social network analysis
Special Issues, Collections and Topics in MDPI journals
Dr. Antonia Russo

E-Mail Website
Guest Editor
Department of Information Engineering, Infrastructure and Sustainable Energy (DIIES), University Mediterranea of Reggio Calabria, 89122 Reggio Calabria, Italy
Interests: security; privacy; access control; social network analysis
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

With the recent pandemic emergency, many people are spending their days at home and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims at establishing the state of the art in protecting information by mitigating information risks. Works related to reducing the probability of disclosure, unauthorized access, deletion, corruption, and devaluation of information are welcome. There will be particular interest in works whereby security is achieved using techniques from cryptography and machine learning. This Special Issue also welcomes survey papers that give the reader an overview of the state of the art in these topics.

Prof. Gianluca Lax
Dr. Antonia Russo
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Confidentiality
  • Integrity
  • Availability
  • Non-repudiation
  • Access control
  • Identification
  • Authentication
  • Authorization
  • Risk management

Published Papers (17 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Editorial

Jump to: Research, Review

4 pages, 171 KiB  
Editorial
Advances in Information Security and Privacy
by Gianluca Lax and Antonia Russo
Appl. Sci. 2022, 12(16), 7995; https://0-doi-org.brum.beds.ac.uk/10.3390/app12167995 - 10 Aug 2022
Viewed by 926
Abstract
Due to the recent pandemic crisis, many people are spending their days smart working and have increased their use of digital resources for both work and entertainment [...] Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)

Research

Jump to: Editorial, Review

12 pages, 2855 KiB  
Article
Development of Additive Fibonacci Generators with Improved Characteristics for Cybersecurity Needs
by Volodymyr Maksymovych, Mariia Shabatura, Oleh Harasymchuk, Mikolaj Karpinski, Daniel Jancarczyk and Pawel Sawicki
Appl. Sci. 2022, 12(3), 1519; https://0-doi-org.brum.beds.ac.uk/10.3390/app12031519 - 30 Jan 2022
Cited by 11 | Viewed by 2141
Abstract
Pseudorandom sequence generation is used in many industries, including cryptographic information security devices, measurement technology, and communication systems. The purpose of the present work is to research additive Fibonacci generators (AFG) and modified AFG (MAFG) with modules p prime numbers, designed primarily for [...] Read more.
Pseudorandom sequence generation is used in many industries, including cryptographic information security devices, measurement technology, and communication systems. The purpose of the present work is to research additive Fibonacci generators (AFG) and modified AFG (MAFG) with modules p prime numbers, designed primarily for their hardware implementation. The known AFG and MAFG, as with any cryptographic generators of pseudorandom sequences, are used in arguments with tremendous values. At the same time, there are specific difficulties in defining of their statistical characteristics. In this regard, the following research methodologies were used in work: for each variant of AFG and MAFG, two models were created—abstract, which is not directly related to the circuit solution, and hardware, which corresponds to the proposed structure; for relatively small values of arguments, the identity of models was proved; the research of statistical characteristics, with large values of arguments, was carried out using an abstract model and static tests NIST. Proven identity of hardware and abstract models suggest that the principles laid down in the organization of AFG and MAFG structures with modules of prime numbers ensure their effective hardware implementation in compliance with all requirements for their statistical characteristics and the possibility of application in cryptographic information security devices. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

16 pages, 507 KiB  
Article
Decentralized Inner-Product Encryption with Constant-Size Ciphertext
by Yi-Fan Tseng and Shih-Jie Gao
Appl. Sci. 2022, 12(2), 636; https://0-doi-org.brum.beds.ac.uk/10.3390/app12020636 - 10 Jan 2022
Cited by 2 | Viewed by 1364
Abstract
With the rise of technology in recent years, more people are studying distributed system architecture, such as the e-government system. The advantage of this architecture is that when a single point of failure occurs, it does not cause the system to be invaded [...] Read more.
With the rise of technology in recent years, more people are studying distributed system architecture, such as the e-government system. The advantage of this architecture is that when a single point of failure occurs, it does not cause the system to be invaded by other attackers, making the entire system more secure. On the other hand, inner product encryption (IPE) provides fine-grained access control, and can be used as a fundamental tool to construct other cryptographic primitives. Lots of studies for IPE have been proposed recently. The first and only existing decentralized IPE was proposed by Michalevsky and Joye in 2018. However, some restrictions in their scheme may make it impractical. First, the ciphertext size is linear to the length of the corresponding attribute vector; second, the number of authorities should be the same as the length of predicate vector. To cope with the aforementioned issues, we design the first decentralized IPE with constant-size ciphertext. The security of our scheme is proven under the -DBDHE assumption in the random oracle model. Compared with Michalevsky and Joye’s work, ours achieves better efficiency in ciphertext length and encryption/decryption cost. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

19 pages, 6914 KiB  
Article
A Blockchain-Based Efficient, Secure and Anonymous Conditional Privacy-Preserving and Authentication Scheme for the Internet of Vehicles
by Kashif Naseer Qureshi, Luqman Shahzad, Abdelzahir Abdelmaboud, Taiseer Abdalla Elfadil Eisa, Bandar Alamri, Ibrahim Tariq Javed, Arafat Al-Dhaqm and Noel Crespi
Appl. Sci. 2022, 12(1), 476; https://0-doi-org.brum.beds.ac.uk/10.3390/app12010476 - 04 Jan 2022
Cited by 18 | Viewed by 3386
Abstract
The rapid advancement in the area of the Internet of Vehicles (IoV) has provided numerous comforts to users due to its capability to support vehicles with wireless data communication. The exchange of information among vehicle nodes is critical due to the rapid and [...] Read more.
The rapid advancement in the area of the Internet of Vehicles (IoV) has provided numerous comforts to users due to its capability to support vehicles with wireless data communication. The exchange of information among vehicle nodes is critical due to the rapid and changing topologies, high mobility of nodes, and unpredictable network conditions. Finding a single trusted entity to store and distribute messages among vehicle nodes is also a challenging task. IoV is exposed to various security and privacy threats such as hijacking and unauthorized location tracking of smart vehicles. Traceability is an increasingly important aspect of vehicular communication to detect and penalize malicious nodes. Moreover, achieving both privacy and traceability can also be a challenging task. To address these challenges, this paper presents a blockchain-based efficient, secure, and anonymous conditional privacy-preserving and authentication mechanism for IoV networks. This solution is based on blockchain to allow vehicle nodes with mechanisms to become anonymous and take control of their data during the data communication and voting process. The proposed secure scheme provides conditional privacy to the users and the vehicles. To ensure anonymity, traceability, and unlinkability of data sharing among vehicles, we utilize Hyperledger Fabric to establish the blockchain. The proposed scheme fulfills the requirement to analyze different algorithms and schemes which are adopted for blockchain technology for a decentralized, secure, efficient, private, and traceable system. The proposed scheme examines and evaluates different consensus algorithms used in the blockchain and anonymization techniques to preserve privacy. This study also proposes a reputation-based voting system for Hyperledger Fabric to ensure a secure and reliable leader selection process in its consensus algorithm. The proposed scheme is evaluated with the existing state-of-the-art schemes and achieves better results. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

13 pages, 350 KiB  
Article
A Practical and Efficient Node Blind SignCryption Scheme for the IoT Device Network
by Ming-Te Chen and Hsuan-Chao Huang
Appl. Sci. 2022, 12(1), 278; https://0-doi-org.brum.beds.ac.uk/10.3390/app12010278 - 28 Dec 2021
Cited by 2 | Viewed by 1086
Abstract
In recent years, Internet of Things (IoT for short) research has become one of the top ten most popular research topics. IoT devices also embed many sensing chips for detecting physical signals from the outside environment. In the wireless sensing network (WSN for [...] Read more.
In recent years, Internet of Things (IoT for short) research has become one of the top ten most popular research topics. IoT devices also embed many sensing chips for detecting physical signals from the outside environment. In the wireless sensing network (WSN for short), a human can wear several IoT devices around her/his body such as a smart watch, smart band, smart glasses, etc. These IoT devices can collect analog environment data around the user’s body and store these data into memory after data processing. Thus far, we have discovered that some IoT devices have resource limitations such as power shortages or insufficient memory for data computation and preservation. An IoT device such as a smart band attempts to upload a user’s body information to the cloud server by adopting the public-key crypto-system to generate the corresponding cipher-text and related signature for concrete data security; in this situation, the computation time increases linearly and the device can run out of memory, which is inconvenient for users. For this reason, we consider that, if the smart IoT device can perform encryption and signature simultaneously, it can save significant resources for the execution of other applications. As a result, our approach is to design an efficient, practical, and lightweight, blind sign-cryption (SC for short) scheme for IoT device usage. Not only can our methodology offer the sensed data privacy protection efficiently, but it is also fit for the above application scenario with limited resource conditions such as battery shortage or less memory space in the IoT device network. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

24 pages, 1088 KiB  
Article
Achieving Sender Anonymity in Tor against the Global Passive Adversary
by Francesco Buccafurri, Vincenzo De Angelis, Maria Francesca Idone, Cecilia Labrini and Sara Lazzaro
Appl. Sci. 2022, 12(1), 137; https://0-doi-org.brum.beds.ac.uk/10.3390/app12010137 - 23 Dec 2021
Cited by 5 | Viewed by 2597
Abstract
Tor is the de facto standard used for anonymous communication over the Internet. Despite its wide usage, Tor does not guarantee sender anonymity, even in a threat model in which the attacker passively observes the traffic at the first Tor router. In a [...] Read more.
Tor is the de facto standard used for anonymous communication over the Internet. Despite its wide usage, Tor does not guarantee sender anonymity, even in a threat model in which the attacker passively observes the traffic at the first Tor router. In a more severe threat model, in which the adversary can perform traffic analysis on the first and last Tor routers, relationship anonymity is also broken. In this paper, we propose a new protocol extending Tor to achieve sender anonymity (and then relationship anonymity) in the most severe threat model, allowing a global passive adversary to monitor all of the traffic in the network. We compare our proposal with Tor through the lens of security in an incremental threat model. The experimental validation shows that the price we have to pay in terms of network performance is tolerable. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

24 pages, 2329 KiB  
Article
Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model
by Vitalii Yesin, Mikolaj Karpinski, Maryna Yesina, Vladyslav Vilihura and Stanislaw A. Rajba
Appl. Sci. 2021, 11(23), 11175; https://0-doi-org.brum.beds.ac.uk/10.3390/app112311175 - 25 Nov 2021
Cited by 2 | Viewed by 1589
Abstract
Obtaining convincing evidence of database security, as the basic corporate resource, is extremely important. However, in order to verify the conclusions about the degree of security, it must be measured. To solve this challenge, the authors of the paper enhanced the Clements–Hoffman model, [...] Read more.
Obtaining convincing evidence of database security, as the basic corporate resource, is extremely important. However, in order to verify the conclusions about the degree of security, it must be measured. To solve this challenge, the authors of the paper enhanced the Clements–Hoffman model, determined the integral security metric and, on this basis, developed a technique for evaluating the security of relational databases. The essence of improving the Clements–Hoffmann model is to expand it by including a set of object vulnerabilities. Vulnerability is considered as a separate objectively existing category. This makes it possible to evaluate both the likelihood of an unwanted incident and the database security as a whole more adequately. The technique for evaluating the main components of the security barriers and the database security as a whole, proposed by the authors, is based on the theory of fuzzy sets and risk. As an integral metric of database security, the reciprocal of the total residual risk is used, the constituent components of which are presented in the form of certain linguistic variables. In accordance with the developed technique, the authors presented the results of a quantitative evaluation of the effectiveness of the protection of databases built on the basis of the schema with the universal basis of relations and designed in accordance with the traditional technology of relational databases. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

16 pages, 913 KiB  
Article
AI Model for Predicting Legal Judgments to Improve Accuracy and Explainability of Online Privacy Invasion Cases
by Minjung Park and Sangmi Chai
Appl. Sci. 2021, 11(23), 11080; https://0-doi-org.brum.beds.ac.uk/10.3390/app112311080 - 23 Nov 2021
Cited by 4 | Viewed by 3699
Abstract
Since there are growing concerns regarding online privacy, firms may have the risk of being involved in various privacy infringement cases resulting in legal causations. If firms are aware of consequences from possible cases of invasion of online privacy, they can more actively [...] Read more.
Since there are growing concerns regarding online privacy, firms may have the risk of being involved in various privacy infringement cases resulting in legal causations. If firms are aware of consequences from possible cases of invasion of online privacy, they can more actively prevent future online privacy infringements. Thus, this study attempts to predict the probability of judgment types caused by various invasions within US judicial cases that are related to online privacy invasions. Since legal judgment results are significantly influenced by societal factors and technological development, this study tries to identify a model that can accurately predict legal judgment with explainability. To archive the study objective, it compares the prediction performance by applying five types of classification algorithms (LDA, NNET, CART, SVM, and random forest) of machine learning. We also examined the relationship between privacy infringement factors and adjudications by applying network text analysis. The results indicate that firms could have a high possibility of both civil and criminal law responsibilities if they distributed malware or spyware, intentionally or non-intentionally, to collect unauthorized data. It addresses the needs of reflecting both quantitative and qualitative approach for establishing automatic legal systems for improving its accuracy based on the socio-technical perspective. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

20 pages, 1213 KiB  
Article
CBCIoT: A Consensus Algorithm for Blockchain-Based IoT Applications
by Moin Uddin, Muhammad Muzammal, Muhammad Khurram Hameed, Ibrahim Tariq Javed, Bandar Alamri and Noel Crespi
Appl. Sci. 2021, 11(22), 11011; https://0-doi-org.brum.beds.ac.uk/10.3390/app112211011 - 20 Nov 2021
Cited by 7 | Viewed by 2806
Abstract
Internet of things is widely used in the current era to collect data from sensors and perform specific tasks through processing according to the requirements. The data collected can be sent to a blockchain network to create secure and tamper-resistant records of transactions. [...] Read more.
Internet of things is widely used in the current era to collect data from sensors and perform specific tasks through processing according to the requirements. The data collected can be sent to a blockchain network to create secure and tamper-resistant records of transactions. The combination of blockchain with IoT has huge potential as it can provide decentralized computation, storage, and exchange for IoT data. However, IoT applications require a low-latency consensus mechanism due to its constraints. In this paper, CBCIoT, a consensus algorithm for blockchain-based IoT applications, is proposed. The primary purpose of this algorithm is to improve scalability in terms of validation and verification rate. The algorithm is developed to be compatible with IoT devices where a slight delay is acceptable. The simulation results show the proposed algorithm’s efficiency in terms of block generation time and transactions per second. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

9 pages, 460 KiB  
Article
Data Protection Heterogeneity in the European Union
by Marko Hölbl, Boštjan Kežmah and Marko Kompara
Appl. Sci. 2021, 11(22), 10912; https://0-doi-org.brum.beds.ac.uk/10.3390/app112210912 - 18 Nov 2021
Cited by 2 | Viewed by 1697
Abstract
In light of digitalisation, we are witnessing an increased volume of collected data and data generation and exchange acceleration. Therefore, the European Union (EU) has introduced the General Data Protection Regulation (GDPR) as a new framework for data protection on the European level. [...] Read more.
In light of digitalisation, we are witnessing an increased volume of collected data and data generation and exchange acceleration. Therefore, the European Union (EU) has introduced the General Data Protection Regulation (GDPR) as a new framework for data protection on the European level. However, GDPR allows the member states to change some parts of the regulation, and the member states can always build on top of the GDPR. An example is the collection of biometric data with electronic signatures. This paper aims to compare the legislation on data protection topics in the various EU member states. The findings show that the member states included in the study generally do not have many additional/specific laws (only in 29.4% of the cases). However, almost all have other/additional legislation to the GDPR on at least one topic. The most additional legislation is on the topics of video surveillance, biometry, genetic data and health data. We also introduce a dynamic map that allows for quick navigating between different information categories and comparisons of the EU member states at a glance. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

29 pages, 5145 KiB  
Article
Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain
by Sung-Soo Jung, Sang-Joon Lee and Ieck-Chae Euom
Appl. Sci. 2021, 11(22), 10574; https://0-doi-org.brum.beds.ac.uk/10.3390/app112210574 - 10 Nov 2021
Cited by 5 | Viewed by 2409
Abstract
With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation [...] Read more.
With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

17 pages, 1464 KiB  
Article
Contact Tracing: Ensuring Privacy and Security
by Daan Storm van Leeuwen, Ali Ahmed, Craig Watterson and Nilufar Baghaei
Appl. Sci. 2021, 11(21), 9977; https://0-doi-org.brum.beds.ac.uk/10.3390/app11219977 - 25 Oct 2021
Cited by 5 | Viewed by 1894
Abstract
Faced with the biggest virus outbreak in a century, world governments at the start of 2020 took unprecedented measures to protect their healthcare systems from being overwhelmed in the light of the COVID-19 pandemic. International travel was halted and lockdowns were imposed. Many [...] Read more.
Faced with the biggest virus outbreak in a century, world governments at the start of 2020 took unprecedented measures to protect their healthcare systems from being overwhelmed in the light of the COVID-19 pandemic. International travel was halted and lockdowns were imposed. Many nations adopted measures to stop the transmission of the virus, such as imposing the wearing of face masks, social distancing, and limits on social gatherings. Technology was quickly developed for mobile phones, allowing governments to track people’s movements concerning locations of the virus (both people and places). These are called contact tracing applications. Contact tracing applications raise serious privacy and security concerns. Within Europe, two systems evolved: a centralised system, which calculates risk on a central server, and a decentralised system, which calculates risk on the users’ handset. This study examined both systems from a threat perspective to design a framework that enables privacy and security for contact tracing applications. Such a framework is helpful for App developers. The study found that even though both systems comply with the General Data Protection Regulation (GDPR), Europe’s privacy legislation, the centralised system suffers from severe risks against the threats identified. Experiments, research, and reviews tested the decentralised system in various settings but found that it performs better but still suffers from inherent shortcomings. User tracking and re-identification are possible, especially when users report themselves as infected. Based on these data, the study identified and validated a framework that enables privacy and security. The study also found that the current implementations using the decentralised Google/Apple API do not comply with the framework. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

32 pages, 688 KiB  
Article
Strength Analysis of Real-Life Passwords Using Markov Models
by Viktor Taneski, Marko Kompara, Marjan Heričko and Boštjan Brumen
Appl. Sci. 2021, 11(20), 9406; https://0-doi-org.brum.beds.ac.uk/10.3390/app11209406 - 11 Oct 2021
Cited by 3 | Viewed by 2166
Abstract
Recent literature proposes the use of a proactive password checker as method for preventing users from creating easy-to-guess passwords. Markov models can help us create a more effective password checker that would be able to check the probability of a given password to [...] Read more.
Recent literature proposes the use of a proactive password checker as method for preventing users from creating easy-to-guess passwords. Markov models can help us create a more effective password checker that would be able to check the probability of a given password to be chosen by an attacker. We investigate the ability of different Markov models to calculate a variety of passwords from different topics, in order to find out whether one Markov model is sufficient for creating a more effective password checker. The results of our study show that multiple models are required in order to be able to do strength calculations for a wide range of passwords. To the best of our knowledge, this is the first password strength study where the effect of the training password datasets on the success of the model is investigated. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

14 pages, 1753 KiB  
Communication
Ensuring Data Integrity in Databases with the Universal Basis of Relations
by Vitalii Yesin, Mikolaj Karpinski, Maryna Yesina, Vladyslav Vilihura and Kornel Warwas
Appl. Sci. 2021, 11(18), 8781; https://0-doi-org.brum.beds.ac.uk/10.3390/app11188781 - 21 Sep 2021
Cited by 4 | Viewed by 5236
Abstract
The objective of the paper was to reveal the main techniques and means of ensuring the integrity of data and persistent stored database modules implemented in accordance with the recommendations of the Clark–Wilson model as a methodological basis for building a system that [...] Read more.
The objective of the paper was to reveal the main techniques and means of ensuring the integrity of data and persistent stored database modules implemented in accordance with the recommendations of the Clark–Wilson model as a methodological basis for building a system that ensures integrity. The considered database was built according to the schema with the universal basis of relations. The mechanisms developed in the process of researching the problem of ensuring the integrity of the data and programs of such a database were based on the provisions of the relational database theory, the Row Level Security technology, the potential of the modern blockchain model, and the capabilities of the database management system on the platform of which databases with the universal basis of relations are implemented. The implementation of the proposed techniques and means, controlling the integrity of the database of stored elements, prevents their unauthorized modification by authorized subjects and hinders the introduction of changes by unauthorized subjects. As a result, the stored data and programs remain correct, unaltered, undistorted, and preserved. This means that databases built based on a schema with the universal basis of relations and supported by such mechanisms are protected in terms of integrity. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

15 pages, 2005 KiB  
Article
A Location Privacy Preservation Method Based on Dummy Locations in Internet of Vehicles
by Xianyun Xu, Huifang Chen and Lei Xie
Appl. Sci. 2021, 11(10), 4594; https://0-doi-org.brum.beds.ac.uk/10.3390/app11104594 - 18 May 2021
Cited by 14 | Viewed by 2410
Abstract
During the procedure, a location-based service (LBS) query, the real location provided by the vehicle user may results in the disclosure of vehicle location privacy. Moreover, the point of interest retrieval service requires high accuracy of location information. However, some privacy preservation methods [...] Read more.
During the procedure, a location-based service (LBS) query, the real location provided by the vehicle user may results in the disclosure of vehicle location privacy. Moreover, the point of interest retrieval service requires high accuracy of location information. However, some privacy preservation methods based on anonymity or obfuscation will affect the service quality. Hence, we study the location privacy-preserving method based on dummy locations in this paper. We propose a vehicle location privacy-preservation method based on dummy locations under road restriction in Internet of vehicles (IoV). In order to improve the validity of selected dummy locations under road restriction, entropy is used to represent the degree of anonymity, and the effective distance is introduced to represent the characteristics of location distribution. We present a dummy location selection algorithm to maximize the anonymous entropy and the effective distance of candidate location set consisting of vehicle user’s location and dummy locations, which ensures the uncertainty and dispersion of selected dummy locations. The proposed location privacy-preservation method does not need a trustable third-party server, and it protects the location privacy of vehicles as well as guaranteeing the LBS quality. The performance analysis and simulation results show that the proposed location privacy-preservation method can improve the validity of dummy locations and enhance the preservation of location privacy compared with other methods based on dummy locations. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

Review

Jump to: Editorial, Research

36 pages, 2931 KiB  
Review
Secure Cloud Infrastructure: A Survey on Issues, Current Solutions, and Open Challenges
by Yara Alghofaili, Albatul Albattah, Noura Alrajeh, Murad A. Rassam and Bander Ali Saleh Al-rimy
Appl. Sci. 2021, 11(19), 9005; https://0-doi-org.brum.beds.ac.uk/10.3390/app11199005 - 27 Sep 2021
Cited by 27 | Viewed by 7907
Abstract
Cloud computing is currently becoming a well-known buzzword in which business titans, such as Microsoft, Amazon, and Google, among others, are at the forefront in developing and providing sophisticated cloud computing systems to their users in a cost-effective manner. Security is the biggest [...] Read more.
Cloud computing is currently becoming a well-known buzzword in which business titans, such as Microsoft, Amazon, and Google, among others, are at the forefront in developing and providing sophisticated cloud computing systems to their users in a cost-effective manner. Security is the biggest concern for cloud computing and is a major obstacle to users adopting cloud computing systems. Maintaining the security of cloud computing is important, especially for the infrastructure. Several research works have been conducted in the cloud infrastructure security area; however, some gaps have not been completely addressed, while new challenges continue to arise. This paper presents a comprehensive survey of the security issues at different cloud infrastructure levels (e.g., application, network, host, and data). It investigates the most prominent issues that may affect the cloud computing business model with regard to infrastructure. It further discusses the current solutions proposed in the literature to mitigate the different security issues at each level. To assist in solving the issues, the challenges that are still unsolved are summarized. Based on the exploration of the current challenges, some cloud features such as flexibility, elasticity and the multi-tenancy are found to pose new challenges at each infrastructure level. More specifically, the multi-tenancy is found to have the most impact at all infrastructure levels, as it can lead to several security problems such as unavailability, abuse, data loss and privacy breach. This survey concludes by giving some recommendations for future research. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

27 pages, 2854 KiB  
Review
Empirical Evaluation of Privacy Efficiency in Blockchain Networks: Review and Open Challenges
by Aisha Zahid Junejo, Manzoor Ahmed Hashmani and Mehak Maqbool Memon
Appl. Sci. 2021, 11(15), 7013; https://0-doi-org.brum.beds.ac.uk/10.3390/app11157013 - 29 Jul 2021
Cited by 12 | Viewed by 3335
Abstract
With the widespread of blockchain technology, preserving the anonymity and confidentiality of transactions have become crucial. An enormous portion of blockchain research is dedicated to the design and development of privacy protocols but not much has been achieved for proper assessment of these [...] Read more.
With the widespread of blockchain technology, preserving the anonymity and confidentiality of transactions have become crucial. An enormous portion of blockchain research is dedicated to the design and development of privacy protocols but not much has been achieved for proper assessment of these solutions. To mitigate the gap, we have first comprehensively classified the existing solutions based on blockchain fundamental building blocks (i.e., smart contracts, cryptography, and hashing). Next, we investigated the evaluation criteria used for validating these techniques. The findings depict that the majority of privacy solutions are validated based on computing resources i.e., memory, time, storage, throughput, etc., only, which is not sufficient. Hence, we have additionally identified and presented various other factors that strengthen or weaken blockchain privacy. Based on those factors, we have formulated an evaluation framework to analyze the efficiency of blockchain privacy solutions. Further, we have introduced a concept of privacy precision that is a quantifiable measure to empirically assess privacy efficiency in blockchains. The calculation of privacy precision will be based on the effectiveness and strength of various privacy protecting attributes of a solution and the associated risks. Finally, we conclude the paper with some open research challenges and future directions. Our study can serve as a benchmark for empirical assessment of blockchain privacy. Full article
(This article belongs to the Special Issue Advances in Information Security and Privacy)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-17
Back to TopTop