Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
6.8
3.9
Journals
Sensors
Special Issues
Data Privacy, Security, and Trust in New Technological Trends
sensors-logo
Submit to Sensors Review for Sensors Propose a Special Issue

Journal Menu

Journal Menu

Journal Browser

Journal Browser
share announcement

Data Privacy, Security, and Trust in New Technological Trends

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Sensor Networks".

Deadline for manuscript submissions: closed (30 July 2023) | Viewed by 64575

Special Issue Editor

Prof. Dr. Valderi R. Q. Leithardt

E-Mail Website
Guest Editor
ISEL-Lisbon School of Engineering, Rua Conselheiro Emídio Navarro 1, 1959-007 Lisboa, Portugal
Interests: distributed systems; algorithms; data privacy
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The tendency is for new technological solutions to increase with the development of 5G communication, as new processes, protocols, and techniques for data control and management appear. Thus, in heterogeneous environments, it is necessary to improve techniques and algorithmic solutions aimed at managing the context of users, communication, environments, and devices. If we consider the current technological scenario that involves the Internet of Things, cloud computing, and big data, the trend and need for control mechanisms become even more necessary. Another problem that has arisen in the various techniques involving blockchain is security, the data encryption algorithms used, and issues that involve data privacy and trust in the transactions carried out. Therefore, we seek to identify contributions that fit these scenarios and mainly that can contribute, presenting news, techniques, and solutions to the problems presented. Contributions are not restricted only to the scenarios presented and the keywords but must have sufficient evidence to prove novelties in relation to the current state of the art in the literature on information security, data privacy, trust, and encryption techniques.

Dr. Valderi R. Q. Leithardt
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • data privacy and trust cryptographic algorithms
  • communication protocols
  • information context
  • management data privacy and trust in cloud computing
  • data security in smart cities
  • blockchain
  • Internet of Things

Published Papers (22 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

27 pages, 2829 KiB  
Article
EStore: A User-Friendly Encrypted Storage Scheme for Distributed File Systems
by Yuxiang Chen, Guishan Dong, Chunxiang Xu, Yao Hao and Yue Zhao
Sensors 2023, 23(20), 8526; https://0-doi-org.brum.beds.ac.uk/10.3390/s23208526 - 17 Oct 2023
Viewed by 937
Abstract
In this paper, we propose a user-friendly encrypted storage scheme named EStore, which is based on the Hadoop distributed file system. Users can make use of cloud-based distributed file systems to collaborate with each other. However, most data are processed and stored in [...] Read more.
In this paper, we propose a user-friendly encrypted storage scheme named EStore, which is based on the Hadoop distributed file system. Users can make use of cloud-based distributed file systems to collaborate with each other. However, most data are processed and stored in plaintext, which is out of the owner’s control after it has been uploaded and shared. Meanwhile, simple encryption guarantees the confidentiality of uploaded data but reduces availability. Furthermore, it is difficult to deal with complex key management as there is the problem whereby a single key encrypts different files, thus increasing the risk of leakage. In order to solve the issues above, we put forward an encrypted storage model and a threat model, designed with corresponding system architecture to cope with these requirements. Further, we designed and implemented six sets of protocols to meet users’ requirements for security and use. EStore manages users and their keys through registration and authentication, and we developed a searchable encryption module and encryption/decryption module to support ciphertext retrieval and secure data outsourcing, which will only minimally increase the calculation overhead of the client and storage redundancy. Users are invulnerable compared to the original file system. Finally, we conducted a security analysis of the protocols to demonstrate that EStore is feasible and secure. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

33 pages, 3993 KiB  
Article
Blockchain-Powered Healthcare Systems: Enhancing Scalability and Security with Hybrid Deep Learning
by Aitizaz Ali, Hashim Ali, Aamir Saeed, Aftab Ahmed Khan, Ting Tin Tin, Muhammad Assam, Yazeed Yasin Ghadi and Heba G. Mohamed
Sensors 2023, 23(18), 7740; https://0-doi-org.brum.beds.ac.uk/10.3390/s23187740 - 07 Sep 2023
Cited by 1 | Viewed by 1562
Abstract
The rapid advancements in technology have paved the way for innovative solutions in the healthcare domain, aiming to improve scalability and security while enhancing patient care. This abstract introduces a cutting-edge approach, leveraging blockchain technology and hybrid deep learning techniques to revolutionize healthcare [...] Read more.
The rapid advancements in technology have paved the way for innovative solutions in the healthcare domain, aiming to improve scalability and security while enhancing patient care. This abstract introduces a cutting-edge approach, leveraging blockchain technology and hybrid deep learning techniques to revolutionize healthcare systems. Blockchain technology provides a decentralized and transparent framework, enabling secure data storage, sharing, and access control. By integrating blockchain into healthcare systems, data integrity, privacy, and interoperability can be ensured while eliminating the reliance on centralized authorities. In conjunction with blockchain, hybrid deep learning techniques offer powerful capabilities for data analysis and decision making in healthcare. Combining the strengths of deep learning algorithms with traditional machine learning approaches, hybrid deep learning enables accurate and efficient processing of complex healthcare data, including medical records, images, and sensor data. This research proposes a permissions-based blockchain framework for scalable and secure healthcare systems, integrating hybrid deep learning models. The framework ensures that only authorized entities can access and modify sensitive health information, preserving patient privacy while facilitating seamless data sharing and collaboration among healthcare providers. Additionally, the hybrid deep learning models enable real-time analysis of large-scale healthcare data, facilitating timely diagnosis, treatment recommendations, and disease prediction. The integration of blockchain and hybrid deep learning presents numerous benefits, including enhanced scalability, improved security, interoperability, and informed decision making in healthcare systems. However, challenges such as computational complexity, regulatory compliance, and ethical considerations need to be addressed for successful implementation. By harnessing the potential of blockchain and hybrid deep learning, healthcare systems can overcome traditional limitations, promoting efficient and secure data management, personalized patient care, and advancements in medical research. The proposed framework lays the foundation for a future healthcare ecosystem that prioritizes scalability, security, and improved patient outcomes. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

41 pages, 772 KiB  
Article
Empowering Precision Medicine: Unlocking Revolutionary Insights through Blockchain-Enabled Federated Learning and Electronic Medical Records
by Aitizaz Ali, Bander Ali Saleh Al-rimy, Ting Tin Tin, Saad Nasser Altamimi, Sultan Noman Qasem and Faisal Saeed
Sensors 2023, 23(17), 7476; https://0-doi-org.brum.beds.ac.uk/10.3390/s23177476 - 28 Aug 2023
Cited by 3 | Viewed by 1788
Abstract
Precision medicine has emerged as a transformative approach to healthcare, aiming to deliver personalized treatments and therapies tailored to individual patients. However, the realization of precision medicine relies heavily on the availability of comprehensive and diverse medical data. In this context, blockchain-enabled federated [...] Read more.
Precision medicine has emerged as a transformative approach to healthcare, aiming to deliver personalized treatments and therapies tailored to individual patients. However, the realization of precision medicine relies heavily on the availability of comprehensive and diverse medical data. In this context, blockchain-enabled federated learning, coupled with electronic medical records (EMRs), presents a groundbreaking solution to unlock revolutionary insights in precision medicine. This abstract explores the potential of blockchain technology to empower precision medicine by enabling secure and decentralized data sharing and analysis. By leveraging blockchain’s immutability, transparency, and cryptographic protocols, federated learning can be conducted on distributed EMR datasets without compromising patient privacy. The integration of blockchain technology ensures data integrity, traceability, and consent management, thereby addressing critical concerns associated with data privacy and security. Through the federated learning paradigm, healthcare institutions and research organizations can collaboratively train machine learning models on locally stored EMR data, without the need for data centralization. The blockchain acts as a decentralized ledger, securely recording the training process and aggregating model updates while preserving data privacy at its source. This approach allows the discovery of patterns, correlations, and novel insights across a wide range of medical conditions and patient populations. By unlocking revolutionary insights through blockchain-enabled federated learning and EMRs, precision medicine can revolutionize healthcare delivery. This paradigm shift has the potential to improve diagnosis accuracy, optimize treatment plans, identify subpopulations for clinical trials, and expedite the development of novel therapies. Furthermore, the transparent and auditable nature of blockchain technology enhances trust among stakeholders, enabling greater collaboration, data sharing, and collective intelligence in the pursuit of advancing precision medicine. In conclusion, this abstract highlights the transformative potential of blockchain-enabled federated learning in empowering precision medicine. By unlocking revolutionary insights from diverse and distributed EMR datasets, this approach paves the way for a future where healthcare is personalized, efficient, and tailored to the unique needs of each patient. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

29 pages, 953 KiB  
Article
Securing Secrets in Cyber-Physical Systems: A Cutting-Edge Privacy Approach with Consortium Blockchain
by Aitizaz Ali, Bander Ali Saleh Al-rimy, Abdulwahab Ali Almazroi, Faisal S. Alsubaei, Abdulaleem Ali Almazroi and Faisal Saeed
Sensors 2023, 23(16), 7162; https://0-doi-org.brum.beds.ac.uk/10.3390/s23167162 - 14 Aug 2023
Cited by 6 | Viewed by 1640
Abstract
In the era of interconnected and intelligent cyber-physical systems, preserving privacy has become a paramount concern. This paper aims a groundbreaking proof-of-concept (PoC) design that leverages consortium blockchain technology to address privacy challenges in cyber-physical systems (CPSs). The proposed design introduces a novel [...] Read more.
In the era of interconnected and intelligent cyber-physical systems, preserving privacy has become a paramount concern. This paper aims a groundbreaking proof-of-concept (PoC) design that leverages consortium blockchain technology to address privacy challenges in cyber-physical systems (CPSs). The proposed design introduces a novel approach to safeguarding sensitive information and ensuring data integrity while maintaining a high level of trust among stakeholders. By harnessing the power of consortium blockchain, the design establishes a decentralized and tamper-resistant framework for privacy preservation. However, ensuring the security and privacy of sensitive information within CPSs poses significant challenges. This paper proposes a cutting-edge privacy approach that leverages consortium blockchain technology to secure secrets in CPSs. Consortium blockchain, with its permissioned nature, provides a trusted framework for governing the network and validating transactions. By employing consortium blockchain, secrets in CPSs can be securely stored, shared, and accessed by authorized entities only, mitigating the risks of unauthorized access and data breaches. The proposed approach offers enhanced security, privacy preservation, increased trust and accountability, as well as interoperability and scalability. This paper aims to address the limitations of traditional security mechanisms in CPSs and harness the potential of consortium blockchain to revolutionize the management of secrets, contributing to the advancement of CPS security and privacy. The effectiveness of the design is demonstrated through extensive simulations and performance evaluations. The results indicate that the proposed approach offers significant advancements in privacy protection, paving the way for secure and trustworthy cyber-physical systems in various domains. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

29 pages, 938 KiB  
Article
HealthLock: Blockchain-Based Privacy Preservation Using Homomorphic Encryption in Internet of Things Healthcare Applications
by Aitizaz Ali, Bander Ali Saleh Al-rimy, Faisal S. Alsubaei, Abdulwahab Ali Almazroi and Abdulaleem Ali Almazroi
Sensors 2023, 23(15), 6762; https://0-doi-org.brum.beds.ac.uk/10.3390/s23156762 - 28 Jul 2023
Cited by 13 | Viewed by 2784
Abstract
The swift advancement of the Internet of Things (IoT), coupled with the growing application of healthcare software in this area, has given rise to significant worries about the protection and confidentiality of critical health data. To address these challenges, blockchain technology has emerged [...] Read more.
The swift advancement of the Internet of Things (IoT), coupled with the growing application of healthcare software in this area, has given rise to significant worries about the protection and confidentiality of critical health data. To address these challenges, blockchain technology has emerged as a promising solution, providing decentralized and immutable data storage and transparent transaction records. However, traditional blockchain systems still face limitations in terms of preserving data privacy. This paper proposes a novel approach to enhancing privacy preservation in IoT-based healthcare applications using homomorphic encryption techniques combined with blockchain technology. Homomorphic encryption facilitates the performance of calculations on encrypted data without requiring decryption, thus safeguarding the data’s privacy throughout the computational process. The encrypted data can be processed and analyzed by authorized parties without revealing the actual contents, thereby protecting patient privacy. Furthermore, our approach incorporates smart contracts within the blockchain network to enforce access control and to define data-sharing policies. These smart contracts provide fine-grained permission settings, which ensure that only authorized entities can access and utilize the encrypted data. These settings protect the data from being viewed by unauthorized parties. In addition, our system generates an audit record of all data transactions, which improves both accountability and transparency. We have provided a comparative evaluation with the standard models, taking into account factors such as communication expense, transaction volume, and security. The findings of our experiments suggest that our strategy protects the confidentiality of the data while at the same time enabling effective data processing and analysis. In conclusion, the combination of homomorphic encryption and blockchain technology presents a solution that is both resilient and protective of users’ privacy for healthcare applications integrated with IoT. This strategy offers a safe and open setting for the management and exchange of sensitive patient medical data, while simultaneously preserving the confidentiality of the patients involved. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

29 pages, 10212 KiB  
Article
Evaluation of Open-Source Tools for Differential Privacy
by Shiliang Zhang, Anton Hagermalm, Sanjin Slavnic, Elad Michael Schiller and Magnus Almgren
Sensors 2023, 23(14), 6509; https://0-doi-org.brum.beds.ac.uk/10.3390/s23146509 - 19 Jul 2023
Cited by 1 | Viewed by 1238
Abstract
Differential privacy (DP) defines privacy protection by promising quantified indistinguishability between individuals who consent to share their privacy-sensitive information and those who do not. DP aims to deliver this promise by including well-crafted elements of random noise in the published data, and thus [...] Read more.
Differential privacy (DP) defines privacy protection by promising quantified indistinguishability between individuals who consent to share their privacy-sensitive information and those who do not. DP aims to deliver this promise by including well-crafted elements of random noise in the published data, and thus there is an inherent tradeoff between the degree of privacy protection and the ability to utilize the protected data. Currently, several open-source tools have been proposed for DP provision. To the best of our knowledge, there is no comprehensive study for comparing these open-source tools with respect to their ability to balance DP’s inherent tradeoff as well as the use of system resources. This work proposes an open-source evaluation framework for privacy protection solutions and offers evaluation for OpenDP Smartnoise, Google DP, PyTorch Opacus, Tensorflow Privacy, and Diffprivlib. In addition to studying their ability to balance the above tradeoff, we consider discrete and continuous attributes by quantifying their performance under different data sizes. Our results reveal several patterns that developers should have in mind when selecting tools under different application needs and criteria. This evaluation survey can be the basis for an improved selection of open-source DP tools and quicker adaptation of DP. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

21 pages, 24395 KiB  
Article
Unmasking Cybercrime with Artificial-Intelligence-Driven Cybersecurity Analytics
by Amir Djenna, Ezedin Barka, Achouak Benchikh and Karima Khadir
Sensors 2023, 23(14), 6302; https://0-doi-org.brum.beds.ac.uk/10.3390/s23146302 - 11 Jul 2023
Cited by 3 | Viewed by 2597
Abstract
Cybercriminals are becoming increasingly intelligent and aggressive, making them more adept at covering their tracks, and the global epidemic of cybercrime necessitates significant efforts to enhance cybersecurity in a realistic way. The COVID-19 pandemic has accelerated the cybercrime threat landscape. Cybercrime has a [...] Read more.
Cybercriminals are becoming increasingly intelligent and aggressive, making them more adept at covering their tracks, and the global epidemic of cybercrime necessitates significant efforts to enhance cybersecurity in a realistic way. The COVID-19 pandemic has accelerated the cybercrime threat landscape. Cybercrime has a significant impact on the gross domestic product (GDP) of every targeted country. It encompasses a broad spectrum of offenses committed online, including hacking; sensitive information theft; phishing; online fraud; modern malware distribution; cyberbullying; cyber espionage; and notably, cyberattacks orchestrated by botnets. This study provides a new collaborative deep learning approach based on unsupervised long short-term memory (LSTM) and supervised convolutional neural network (CNN) models for the early identification and detection of botnet attacks. The proposed work is evaluated using the CTU-13 and IoT-23 datasets. The experimental results demonstrate that the proposed method achieves superior performance, obtaining a very satisfactory success rate (over 98.7%) and a false positive rate of 0.04%. The study facilitates and improves the understanding of cyber threat intelligence, identifies emerging forms of botnet attacks, and enhances forensic investigation procedures. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

29 pages, 6477 KiB  
Article
Variable-Length Multiobjective Social Class Optimization for Trust-Aware Data Gathering in Wireless Sensor Networks
by Mohammed Ayad Saad, Rosmina Jaafar and Kalaivani Chellappan
Sensors 2023, 23(12), 5526; https://0-doi-org.brum.beds.ac.uk/10.3390/s23125526 - 12 Jun 2023
Cited by 2 | Viewed by 1104
Abstract
Data gathering in wireless sensor networks (WSNs) is vital for deploying and enabling WSNs with the Internet of Things (IoTs). In various applications, the network is deployed in a large-scale area, which affects the efficiency of the data collection, and the network is [...] Read more.
Data gathering in wireless sensor networks (WSNs) is vital for deploying and enabling WSNs with the Internet of Things (IoTs). In various applications, the network is deployed in a large-scale area, which affects the efficiency of the data collection, and the network is subject to multiple attacks that impact the reliability of the collected data. Hence, data collection should consider trust in sources and routing nodes. This makes trust an additional optimization objective of the data gathering in addition to energy consumption, traveling time, and cost. Joint optimization of the goals requires conducting multiobjective optimization. This article proposes a modified social class multiobjective particle swarm optimization (SC-MOPSO) method. The modified SC-MOPSO method is featured by application-dependent operators named interclass operators. In addition, it includes solution generation, adding and deleting rendezvous points, and moving to the upper and lower class. Considering that SC-MOPSO provides a set of nondominated solutions as a Pareto front, we employed one of the multicriteria decision-making (MCDM) methods, i.e., simple additive sum (SAW), for selecting one of the solutions from the Pareto front. The results show that both SC-MOPSO and SAW are superior in terms of domination. The set coverage of SC-MOPSO is 0.06 dominant over NSGA-II compared with only a mastery of 0.04 of NSGA-II over SC-MOPSO. At the same time, it showed competitive performance with NSGA-III. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

18 pages, 4201 KiB  
Article
DNS Tunnelling, Exfiltration and Detection over Cloud Environments
by Lehel Salat, Mastaneh Davis and Nabeel Khan
Sensors 2023, 23(5), 2760; https://0-doi-org.brum.beds.ac.uk/10.3390/s23052760 - 02 Mar 2023
Cited by 3 | Viewed by 3886
Abstract
The domain name system (DNS) protocol is fundamental to the operation of the internet, however, in recent years various methodologies have been developed that enable DNS attacks on organisations. In the last few years, the increased use of cloud services by organisations has [...] Read more.
The domain name system (DNS) protocol is fundamental to the operation of the internet, however, in recent years various methodologies have been developed that enable DNS attacks on organisations. In the last few years, the increased use of cloud services by organisations has created further security challenges as cyber criminals use numerous methodologies to exploit cloud services, configurations and the DNS protocol. In this paper, two different DNS tunnelling methods, Iodine and DNScat, have been conducted in the cloud environment (Google and AWS) and positive results of exfiltration have been achieved under different firewall configurations. Detection of malicious use of DNS protocol can be a challenge for organisations with limited cybersecurity support and expertise. In this study, various DNS tunnelling detection techniques were utilised in a cloud environment to create an effective monitoring system with a reliable detection rate, low implementation cost, and ease of use for organisations with limited detection capabilities. The Elastic stack (an open-source framework) was used to configure a DNS monitoring system and to analyse the collected DNS logs. Furthermore, payload and traffic analysis techniques were implemented to identify different tunnelling methods. This cloud-based monitoring system offers various detection techniques that can be used for monitoring DNS activities of any network especially accessible to small organisations. Moreover, the Elastic stack is open-source and it has no limitation with regards to the data that can be uploaded daily. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

16 pages, 2122 KiB  
Article
Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks
by Babu R. Dawadi, Bibek Adhikari and Devesh Kumar Srivastava
Sensors 2023, 23(4), 2073; https://0-doi-org.brum.beds.ac.uk/10.3390/s23042073 - 12 Feb 2023
Cited by 11 | Viewed by 7256
Abstract
New techniques and tactics are being used to gain unauthorized access to the web that harm, steal, and destroy information. Protecting the system from many threats such as DDoS, SQL injection, cross-site scripting, etc., is always a challenging issue. This research work makes [...] Read more.
New techniques and tactics are being used to gain unauthorized access to the web that harm, steal, and destroy information. Protecting the system from many threats such as DDoS, SQL injection, cross-site scripting, etc., is always a challenging issue. This research work makes a comparative analysis between normal HTTP traffic and attack traffic that identifies attack-indicating parameters and features. Different features of standard datasets ISCX, CISC, and CICDDoS were analyzed and attack and normal traffic were compared by taking different parameters into consideration. A layered architecture model for DDoS, XSS, and SQL injection attack detection was developed using a dataset collected from the simulation environment. In the long short-term memory (LSTM)-based layered architecture, the first layer was the DDoS detection model designed with an accuracy of 97.57% and the second was the XSS and SQL injection layer with an obtained accuracy of 89.34%. The higher rate of HTTP traffic was investigated first and filtered out, and then passed to the second layer. The web application firewall (WAF) adds an extra layer of security to the web application by providing application-level filtering that cannot be achieved by the traditional network firewall system. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

17 pages, 3311 KiB  
Article
Combined Pseudo-Random Sequence Generator for Cybersecurity
by Volodymyr Maksymovych, Mariia Shabatura, Oleh Harasymchuk, Ruslan Shevchuk, Pawel Sawicki and Tomasz Zajac
Sensors 2022, 22(24), 9700; https://0-doi-org.brum.beds.ac.uk/10.3390/s22249700 - 11 Dec 2022
Cited by 7 | Viewed by 1261
Abstract
Random and pseudo-random number and bit sequence generators with a uniform distribution law are the most widespread and in demand in the market of pseudo-random generators. Depending on the specific field of application, the requirements for their implementation and the quality of the [...] Read more.
Random and pseudo-random number and bit sequence generators with a uniform distribution law are the most widespread and in demand in the market of pseudo-random generators. Depending on the specific field of application, the requirements for their implementation and the quality of the generator’s output sequence change. In this article, we have optimized the structures of the classical additive Fibonacci generator and the modified additive Fibonacci generator when they work together. The ranges of initial settings of structural elements (seed) of these generators have been determined, which guarantee acceptable statistical characteristics of the output pseudo-random sequence, significantly expanding the scope of their possible application, including cybersecurity. When studying the statistical characteristics of the modified additive Fibonacci generator, it was found that they significantly depend on the signal from the output of the logic circuit entering the structure. It is proved that acceptable statistical characteristics of the modified additive Fibonacci generator, and the combined generator realized on its basis, are provided at odd values of the module of the recurrent equation describing the work of such generator. The output signal of the combined generator has acceptable characteristics for a wide range of values of the initial settings for the modified additive Fibonacci generator and the classic additive Fibonacci generator. Regarding the use of information security, it is worth noting the fact that for modern encryption and security programs, generators of random numbers and bit sequences and approaches to their construction are crucial and critical. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

30 pages, 2374 KiB  
Article
Securing Session Initiation Protocol
by Osama Younes and Umar Albalawi
Sensors 2022, 22(23), 9103; https://0-doi-org.brum.beds.ac.uk/10.3390/s22239103 - 23 Nov 2022
Cited by 3 | Viewed by 1894
Abstract
The session initiation protocol (SIP) is widely used for multimedia communication as a signaling protocol for managing, establishing, maintaining, and terminating multimedia sessions among participants. However, SIP is exposed to a variety of security threats. To overcome the security flaws of SIP, it [...] Read more.
The session initiation protocol (SIP) is widely used for multimedia communication as a signaling protocol for managing, establishing, maintaining, and terminating multimedia sessions among participants. However, SIP is exposed to a variety of security threats. To overcome the security flaws of SIP, it needs to support a number of security services: authentication, confidentiality, and integrity. Few solutions have been introduced in the literature to secure SIP, which can support these security services. Most of them are based on internet security standards and have many drawbacks. This work introduces a new protocol for securing SIP called secure-SIP (S-SIP). S-SIP consists of two protocols: the SIP authentication (A-SIP) protocol and the key management and protection (KP-SIP) protocol. A-SIP is a novel mutual authentication protocol. KP-SIP is used to secure SIP signaling messages and exchange session keys among entities. It provides different security services for SIP: integrity, confidentiality, and key management. A-SIP is based on the secure remote password (SRP) protocol, which is one of standard password-based authentication protocols supported by the transport layer security (TLS) standard. However, A-SIP is more secure and efficient than SRP because it covers its security flaws and weaknesses, which are illustrated and proven in this work. Through comprehensive informal and formal security analyses, we demonstrate that S-SIP is secure and can address SIP vulnerabilities. In addition, the proposed protocols were compared with many related protocols in terms of security and performance. It was found that the proposed protocols are more secure and have better performance. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

17 pages, 594 KiB  
Article
Do the Right Thing: A Privacy Policy Adherence Analysis of over Two Million Apps in Apple iOS App Store
by Hamad Alamri, Carsten Maple, Saad Mohamad and Gregory Epiphaniou
Sensors 2022, 22(22), 8964; https://0-doi-org.brum.beds.ac.uk/10.3390/s22228964 - 19 Nov 2022
Cited by 3 | Viewed by 1942
Abstract
Mobile app developers are often obliged by regulatory frameworks to provide a privacy policy in natural comprehensible language to describe their apps’ privacy practices. However, prior research has revealed that: (1) not all app developers offer links to their privacy policies; and (2) [...] Read more.
Mobile app developers are often obliged by regulatory frameworks to provide a privacy policy in natural comprehensible language to describe their apps’ privacy practices. However, prior research has revealed that: (1) not all app developers offer links to their privacy policies; and (2) even if they do offer such access, it is difficult to determine if it is a valid link to a (valid) policy. While many prior studies looked at this issue in Google Play Store, Apple App Store, and particularly the iOS store, is much less clear. In this paper, we conduct the first and the largest study to investigate the previous issues in the iOS app store ecosystem. First, we introduce an App Privacy Policy Extractor (APPE), a system that embraces and analyses the metadata of over two million apps to give insightful information about the distribution of the supposed privacy policies, and the content of the provided privacy policy links, store-wide. The result shows that only 58.5% of apps provide links to purported privacy policies, while 39.3% do not provide policy links at all. Our investigation of the provided links shows that only 38.4% of those links were directed to actual privacy policies, while 61.6% failed to lead to a privacy policy. Further, for research purposes we introduce the App Privacy Policy Corpus (APPC-451K); the largest app privacy policy corpus consisting of data relating to more than 451K verified privacy policies. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

26 pages, 758 KiB  
Article
A Framework for Online Document Verification Using Self-Sovereign Identity Technology
by Abylay Satybaldy, Anushka Subedi and Mariusz Nowostawski
Sensors 2022, 22(21), 8408; https://0-doi-org.brum.beds.ac.uk/10.3390/s22218408 - 01 Nov 2022
Cited by 4 | Viewed by 3184
Abstract
As the world is gradually moving towards digitization, forgery of vital digital documents has become relatively easy. Therefore, the need for efficient and secure verification and authentication practices of digital documents is also increasing. Self-sovereign identity (SSI) is a set of technologies that [...] Read more.
As the world is gradually moving towards digitization, forgery of vital digital documents has become relatively easy. Therefore, the need for efficient and secure verification and authentication practices of digital documents is also increasing. Self-sovereign identity (SSI) is a set of technologies that build on core concepts in identity management, blockchain technology, and cryptography. SSI enables entities to create fraud-proof verifiable credentials and instantly verify the authenticity of a digital credential. The online document verification solutions must deal with a myriad of issues in regard to privacy and security. Moreover, various challenging and tedious processes have made document verification overly complex and time-consuming which motivated us to conduct this research. This work presents a novel framework for online document verification based on SSI technology. The solution address the complexity and interoperability issues that are present in the current digital document verification systems. We look at a particular use case, i.e., document verification in online loan processing and evaluate how this proposed approach can make an impact on the existing system. Our solution based on SSI standards replaces the intermediary and enables trust between players in the ecosystem. The technology also holds the potential to make the system more efficient, interoperable, and privacy-preserving. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

22 pages, 1915 KiB  
Article
An Architecture for Managing Data Privacy in Healthcare with Blockchain
by Anubis Graciela de Moraes Rossetto, Christofer Sega and Valderi Reis Quietinho Leithardt
Sensors 2022, 22(21), 8292; https://0-doi-org.brum.beds.ac.uk/10.3390/s22218292 - 29 Oct 2022
Cited by 18 | Viewed by 2456
Abstract
With the fast development of blockchain technology in the latest years, its application in scenarios that require privacy, such as health area, have become encouraged and widely discussed. This paper presents an architecture to ensure the privacy of health-related data, which are stored [...] Read more.
With the fast development of blockchain technology in the latest years, its application in scenarios that require privacy, such as health area, have become encouraged and widely discussed. This paper presents an architecture to ensure the privacy of health-related data, which are stored and shared within a blockchain network in a decentralized manner, through the use of encryption with the RSA, ECC, and AES algorithms. Evaluation tests were performed to verify the impact of cryptography on the proposed architecture in terms of computational effort, memory usage, and execution time. The results demonstrate an impact mainly on the execution time and on the increase in the computational effort for sending data to the blockchain, which is justifiable considering the privacy and security provided with the architecture and encryption. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

35 pages, 2399 KiB  
Article
Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent
by Tek Raj Chhetri, Anelia Kurteva, Rance J. DeLong, Rainer Hilscher, Kai Korte and Anna Fensel
Sensors 2022, 22(7), 2763; https://0-doi-org.brum.beds.ac.uk/10.3390/s22072763 - 03 Apr 2022
Cited by 17 | Viewed by 8480
Abstract
The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as [...] Read more.
The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

20 pages, 2058 KiB  
Article
BlockProof: A Framework for Verifying Authenticity and Integrity of Web Content
by Meirylene Avelino and Antonio A. de A. Rocha
Sensors 2022, 22(3), 1165; https://0-doi-org.brum.beds.ac.uk/10.3390/s22031165 - 03 Feb 2022
Cited by 1 | Viewed by 1970
Abstract
In the Literature, we can find several research works to help in the digital crime fight in order to prove integrity and authenticity of a published document, image or video. Among all the crimes, fake news certainly is among the most recurrent ones [...] Read more.
In the Literature, we can find several research works to help in the digital crime fight in order to prove integrity and authenticity of a published document, image or video. Among all the crimes, fake news certainly is among the most recurrent ones and needs to be mitigated. There are several Blockchain-based applications in order to make use of the benefits derived from technology, but little is found to verify the authenticity of Web content records as well as the history of all updates that have taken place in each Web content. Such kind of solution has become important nowadays as a way to cover the gap in the combat against fake news, for example. The purpose of this paper is to present BlockProof, a framework for verifying web content authenticity and integrity that offers a solution for content providers to register Web content, regardless of whether the page has dynamic or static content, in addition to enabling the consultation of the history of all records made for a given URL. We understand that such kind of solution may be useful to data producers/providers to provide evidence that they are in compliance with the fight against fake news, for instance. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

28 pages, 1568 KiB  
Article
RootLogChain: Registering Log-Events in a Blockchain for Audit Issues from the Creation of the Root
by Juan Carlos López-Pimentel, Luis Alberto Morales-Rosales and Raúl Monroy
Sensors 2021, 21(22), 7669; https://0-doi-org.brum.beds.ac.uk/10.3390/s21227669 - 18 Nov 2021
Cited by 2 | Viewed by 2563
Abstract
Logging system activities are required to provide credibility and confidence in the systems used by an organization. Logs in computer systems must be secured from the root user so that they are true and fair. This paper introduces RootLogChain, a blockchain-based audit [...] Read more.
Logging system activities are required to provide credibility and confidence in the systems used by an organization. Logs in computer systems must be secured from the root user so that they are true and fair. This paper introduces RootLogChain, a blockchain-based audit mechanism that is built upon a security protocol to create both a root user in a blockchain network and the first log; from there, all root events are stored as logs within a standard blockchain mechanism. RootLogChain provides security constructs so as to be deployed in a distributed context over a hostile environment, such as the internet. We have developed a prototype based on a microservice architecture, validating it by executing different stress proofs in two scenarios: one with compliant agents and the other without. In such scenarios, several compliant and non-compliant agents try to become a root and register the events within the blockchain. Non-compliant agents simulate eavesdropper entities that do not follow the rules of the protocol. Our experiments show that the mechanism guarantees the creation of one and only one root user, integrity, and authenticity of the transactions; it also stores all events generated by the root within a blockchain. In addition, for audit issues, the traceability of the transaction logs can be consulted by the root. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

25 pages, 4782 KiB  
Article
A Novel Fingerprinting Technique for Data Storing and Sharing through Clouds
by Mehvish Fatima, Muhammad Wasif Nisar, Junaid Rashid, Jungeun Kim, Muhammad Kamran and Amir Hussain
Sensors 2021, 21(22), 7647; https://0-doi-org.brum.beds.ac.uk/10.3390/s21227647 - 17 Nov 2021
Cited by 6 | Viewed by 1995
Abstract
With the emerging growth of digital data in information systems, technology faces the challenge of knowledge prevention, ownership rights protection, security, and privacy measurement of valuable and sensitive data. On-demand availability of various data as services in a shared and automated environment has [...] Read more.
With the emerging growth of digital data in information systems, technology faces the challenge of knowledge prevention, ownership rights protection, security, and privacy measurement of valuable and sensitive data. On-demand availability of various data as services in a shared and automated environment has become a reality with the advent of cloud computing. The digital fingerprinting technique has been adopted as an effective solution to protect the copyright and privacy of digital properties from illegal distribution and identification of malicious traitors over the cloud. Furthermore, it is used to trace the unauthorized distribution and the user of multimedia content distributed through the cloud. In this paper, we propose a novel fingerprinting technique for the cloud environment to protect numeric attributes in relational databases for digital privacy management. The proposed solution with the novel fingerprinting scheme is robust and efficient. It can address challenges such as embedding secure data over the cloud, essential to secure relational databases. The proposed technique provides a decoding accuracy of 100%, 90%, and 40% for 10% to 30%, 40%, and 50% of deleted records. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

18 pages, 1054 KiB  
Article
Research on Network Security Situation Awareness Based on the LSTM-DT Model
by Haofang Zhang, Chunying Kang and Yao Xiao
Sensors 2021, 21(14), 4788; https://0-doi-org.brum.beds.ac.uk/10.3390/s21144788 - 13 Jul 2021
Cited by 28 | Viewed by 3155
Abstract
To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent [...] Read more.
To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent with the actual network situation. The model is focused on the problem of the time sequence of network security situation assessment by using the decision tree algorithm (DT) and long short-term memory(LSTM) network. The biggest innovation of this paper is to change the description of the network situation in the original dataset. The original label only has attack and normal. We put forward a new idea which regards attack as a possibility, obtaining the probability of each attack, and describing the network situation by combining the occurrence probability and attack impact. Firstly, we determine the network risk assessment indicators through the dataset feature distribution, and we give the network risk assessment index a corresponding weight based on the analytic hierarchy process (AHP). Then, the stack sparse auto-encoder (SSAE) is used to learn the characteristics of the original dataset. The attack probability can be predicted by the processed dataset by using the LSTM network. At the same time, the DT algorithm is applied to identify attack types. Finally, we draw the corresponding curve according to the network security situation value at each time. Experiments show that the accuracy of the network situation awareness method proposed in this paper can reach 95%, and the accuracy of attack recognition can reach 87%. Compared with the former research results, the effect is better in describing complex network environment problems. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

36 pages, 41011 KiB  
Article
Blockchain-Based Access Control Scheme for Secure Shared Personal Health Records over Decentralised Storage
by Hasan Alobadh, Sharifah Md Yasin, Nur Izura Udzir and Mohd Izuan Hafez Ninggal
Sensors 2021, 21(7), 2462; https://0-doi-org.brum.beds.ac.uk/10.3390/s21072462 - 02 Apr 2021
Cited by 29 | Viewed by 4739
Abstract
Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible [...] Read more.
Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible to everyone on the network and are inappropriate for certain medical applications. By contrast, storing vast medical data, such as patient medical history, laboratory tests, X-rays, and MRIs, significantly affect the repository storage of blockchain. This study bridges the gap between PHRs and blockchain technology by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme for outsourced encrypted medical data. The access control scheme is constructed on the basis of the new lightweight cryptographic concept named smart contract-based attribute-based searchable encryption (SC-ABSE). This newly cryptographic primitive is developed by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve the following: (1) efficient and secure fine-grained access control of outsourced encrypted data, (2) confidentiality of data by eliminating trusted private key generators, and (3) multikeyword searchable mechanism. Based on decisional bilinear Diffie–Hellman hardness assumptions (DBDH) and discrete logarithm (DL) problems, the rigorous security indistinguishability analysis indicates that SC-ABSE is secure against the chosen-keyword attack (CKA) and keyword secrecy (KS) in the standard model. In addition, user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that SC-ABSE is resistant to man-in-the-middle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of SC-ABSE in terms of computation overhead, storage cost and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that SC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Review

Jump to: Research

27 pages, 3058 KiB  
Review
Security in V2I Communications: A Systematic Literature Review
by Pablo Marcillo, Diego Tamayo-Urgilés, Ángel Leonardo Valdivieso Caraguay and Myriam Hernández-Álvarez
Sensors 2022, 22(23), 9123; https://0-doi-org.brum.beds.ac.uk/10.3390/s22239123 - 24 Nov 2022
Cited by 2 | Viewed by 2163
Abstract
Recently, the number of vehicles equipped with wireless connections has increased considerably. The impact of that growth in areas such as telecommunications, infotainment, and automatic driving is enormous. More and more drivers want to be part of a vehicular network, despite the implications [...] Read more.
Recently, the number of vehicles equipped with wireless connections has increased considerably. The impact of that growth in areas such as telecommunications, infotainment, and automatic driving is enormous. More and more drivers want to be part of a vehicular network, despite the implications or risks that, for instance, the openness of wireless communications, its dynamic topology, and its considerable size may bring. Undoubtedly, this trend is because of the benefits the vehicular network can offer. Generally, a vehicular network has two modes of communication (V2I and V2V). The advantage of V2I over V2V is roadside units’ high computational and transmission power, which assures the functioning of early warning and driving guidance services. This paper aims to discover the principal vulnerabilities and challenges in V2I communications, the tools and methods to mitigate those vulnerabilities, the evaluation metrics to measure the effectiveness of those tools and methods, and based on those metrics, the methods or tools that provide the best results. Researchers have identified the non-resistance to attacks, the regular updating and exposure of keys, and the high dependence on certification authorities as main vulnerabilities. Thus, the authors found schemes resistant to attacks, authentication schemes, privacy protection models, and intrusion detection and prevention systems. Of the solutions for providing security analyzed in this review, the authors determined that most of them use metrics such as computational cost and communication overhead to measure their performance. Additionally, they determined that the solutions that use emerging technologies such as fog/edge/cloud computing present better results than the rest. Finally, they established that the principal challenge in V2I communication is to protect and dispose of a safe and reliable communication channel to avoid adversaries taking control of the medium. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-22
Back to TopTop