Sharing in the Rain: Secure and Efficient Data Sharing for the Cloud

Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain – a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.

Secure 5G Wireless Communications: A Joint Relay Selection and Wireless Power Transfer Approach

In this paper, we investigate the secrecy performance of an energy harvesting relay system, where a legitimate source communicates with a legitimate destination via the assistance of multiple trusted relays. In the considered system, the source and relays deploy the time-switching-based radio frequency energy harvesting technique to harvest energy from a multi-antenna beacon. Different antenna selection and relay selection schemes are applied to enhance the security of the system. Specifically, two relay selection schemes based on the partial and full knowledge of channel state information, i.e., optimal relay selection and partial relay selection, and two antenna selection schemes for harvesting energy at source and relays, i.e., maximizing energy harvesting channel for the source and maximizing energy harvesting channel for the selected relay, are proposed. The exact and asymptotic expressions of secrecy outage probability in these schemes are derived. We demonstrate that applying relay selection approaches in the considered energy harvesting system can enhance the security performance. In particular, optimal relay selection scheme outperforms partial relay selection scheme and achieves full secrecy diversity order, regardless of energy harvesting scenarios.

Secure Full-Duplex Small-Cell Networks in a Spectrum Sharing Environment

In this paper, we propose three relay selection schemes for full-duplex heterogeneous networks in the presence of multiple cognitive radio eavesdroppers. In this setup, the cognitive small-cell nodes (secondary network) can share the spectrum licensed to the macro-cell system (primary network) on the condition that the quality-of-service of the primary network is always satisfied subjected to its outage probability constraint. The messages are delivered from one small-cell base station to the destination with the help of full-duplex small-cell base stations, which act as relay nodes. Based on the availability of the network’s channel state information at the secondary information source, three different selection criteria for full-duplex relays, namely: 1) partial relay selection; 2) optimal relay selection; and 3) minimal self-interference relay selection, are proposed. We derive the exact closed-form and asymptotic expressions of the secrecy outage probability for the three criteria under the attack of non-colluding/colluding eavesdroppers. We demonstrate that the optimal relay selection scheme outperforms the partial relay selection and minimal self-interference relay selection schemes at the expense of acquiring full channel state information knowledge. In addition, increasing the number of the full-duplex small-cell base stations can improve the security performance. At the illegitimate side, deploying colluding eavesdroppers and increasing the number of eavesdroppers put the confidential information at a greater risk. Besides, the transmit power and the desire outage probability of the primary network have great influences on the secrecy outage probability of the secondary network. 

Secure Transmission in Cooperative Relaying Networks with Multiple Antennas

We investigate the secrecy performance of dualhop amplify-and-forward (AF) multi-antenna relaying systems over Rayleigh fading channels, by taking into account the direct link between the source and destination. In order to exploit the available direct link and the multiple antennas for secrecy improvement, different linear processing schemes at the relay and different diversity combining techniques at the destination are proposed, namely, 1) Zero-forcing/Maximal ratio combining (ZF/MRC), 2) ZF/Selection combining (ZF/SC), 3) Maximal ratio transmission/MRC (MRT/MRC) and 4) MRT/Selection combining (MRT/SC). For all these schemes, we present new closed-form approximations for the secrecy outage probability. Moreover, we investigate a benchmark scheme, i.e., cooperative jamming/ZF (CJ/ZF), where the secrecy outage probability is obtained in exact closed-form. In addition, we present asymptotic secrecy outage expressions for all the proposed schemes in the high signal-to-noise ratio (SNR) regime, in order to characterize key design parameters, such as secrecy diversity order and secrecy array gain. The outcomes of this paper can be summarized as follows: a) MRT/MRC and MRT/SC achieve a full diversity order of M + 1, ZF/MRC and ZF/SC achieve a diversity order of M, while CJ/ZF only achieves unit diversity order, where M is the number of antennas at the relay. b) ZF/MRC (ZF/SC) outperforms the corresponding MRT/MRC (MRT/SC) in the low SNR regime, while becomes inferior to the corresponding MRT/MRC (MRT/SC) in the high SNR. c) All of the proposed schemes tend to outperform the CJ/ZF with moderate number of antennas, and linear processing schemes with MRC attain better performance than those with SC.

Secure Transmission in Spectrum Sharing MIMO Networks with Generalized Antenna Selection over Nakagami-m Channels

In this paper, we investigate the secrecy outage performance of spectrum sharing multiple-input multiple-output networks using generalized transmit antenna selection with maximal ratio combining over Nakagami-m channels. In particular, the outdated channel state information is considered at the process of antenna selection due to feedback delay. Considering a practical passive eavesdropper scenario, we derive the exact and asymptotic closed-form expressions of secrecy outage probability, which enable us to evaluate the secrecy performance with high efficiency and present a new design insight into the impact of key parameters on the secrecy performance. In addition, the analytical results demonstrate that the achievable secrecy diversity order is only determined by the parameters of the secondary network, while other parameters related to primary or eavesdropper’s channels have a significantly impact on the secrecy coding gain. 

Optimal Power Allocation for Multiuser Secure Communication in Cooperative Relaying Networks

We consider a cooperative relaying network in which a source communicates with a group of users in the presence of one eavesdropper. We assume that there are no source-user links and the group of users receive only retransmitted signal from the relay. Whereas, the eavesdropper receives both the original and retransmitted signals. Under these assumptions, we exploit the user selection technique to enhance the secure performance. We first find the optimal power allocation strategy when the source has the full channel state information (CSI) of all links. We then evaluate the security level through: i) ergodic secrecy rate and ii) secrecy outage probability when having only the statistical knowledge of CSIs.

A secure authentication and key management scheme for Wireless Sensors Network

In recent years, the adaptation of Wireless Sensor Networks (WSNs) to application areas requiring mobility increased the security threats against confidentiality, integrity and privacy of the information as well as against their connectivity. Since, key management plays an important role in securing both information and connectivity, a proper authentication and key management scheme is required in mobility enabled applications where the authentication of a node with the network is a critical issue. In this paper, we present an authentication and key management scheme supporting node mobility in a heterogeneous WSN that consists of several low capabilities sensor nodes and few high capabilities sensor nodes. We analyze our proposed solution by using MATLAB (analytically) and by simulation (OMNET++ simulator) to show that it has less memory requirement and has good network connectivity and resilience against attacks compared to some existing schemes. We also propose two levels of secure authentication methods for the mobile sensor nodes for secure authentication and key establishment.

Secure Wireless Key Establishment Using Retrodirective Array

In this paper a new method of establishing secret keys for wireless communications is proposed. A retrodirective array (RDA) that is configured to receive and re-transmit at different frequencies is utilized as a relay node. Specifically the analogue RDA is able to respond in ‘real-time’, reducing the required number of time slots for key establishment to two, compared with at least three in previous relay key generation schemes. More importantly, in the proposed architecture equivalent reciprocal wireless channels between legitimate keying nodes can be randomly updated within one channel coherence time period, leading to greatly increased key generation rates (KGRs) in slow fading environment. The secrecy performance of this RDA assisted key generation system is evaluated and it is shown that it outperforms previous relay key generation systems.

Secure Multiple Amplify-and-Forward Relaying with Co-Channel Interference

We investigate the impact of co-channel interference on the security performance of multiple amplify-and-forward (AF) relaying networks, where N intermediate AF relays assist the data transmission from the source to the destination. The relays are corrupted by multiple co-channel interferers, and the information transmitted from the relays to destination can be overheard by the eavesdropper. In order to deal with the interference and wiretap, the best out of N relays is selected for security enhancement. To this end, we derive a novel lower bound on the secrecy outage probability (SOP), which is then utilized to present two best relay selection criteria, based on the instantaneous and statistical channel information of the interfering links. For these criteria and the conventional maxmin criterion, we quantify the impact of co-channel interference and relay selection by deriving the lower bound on the SOP. Furthermore, we derive the asymptotic SOP for each criterion, to explicitly reveal the impact of transmit power allocation among interferers on the secrecy performance, which offers valuable insights into practical design. We demonstrate that all selection criteria achieve full secrecy diversity order N, while the proposed in this paper two criteria outperform the conventional max-min scheme. 

Retrodirective Assisted Secure Wireless Key Establishment

In this paper a new type of architecture for secure wireless key establishment is proposed. A retrodirective array (RDA) that is configured to receive and re-transmit at different frequencies is utilized as a relay node. The RDA is able to respond in ‘real-time’, reducing the required number of time slots to two. More importantly, in this architecture equivalent reciprocal wireless channels between legitimate keying nodes can be randomly updated within one channel coherence time period, leading to greatly increased key generation rates (KGRs) in slow fading environment. The secrecy performance of this RDA assisted key generation system is evaluated under several eavesdropping strategies and it is shown that it outperforms previous relay key generation systems.

Secure and Prepared Newsletter, May 2016, Vol. 12, no. 5

A bi-weekly newsletter for those involved in the fields of homeland security and/or emergency management.

Secure and Prepared Newsletter, June/July 2016, Vol. 12, no. 6

A bi-weekly newsletter for those involved in the fields of homeland security and/or emergency management.

Secure Web Service Clients on Mobile Devices

Enterprise apps on mobile devices typically need to communicate with other system components by consuming web services. Since most of the current mobile device platforms (such as Android) do not provide built-in features for consuming SOAP services, extensions have to be designed. Additionally in order to accommodate the typical enhanced security requirements of enterprise apps, it is important to be able to deal with SOAP web service security extensions on client side. In this article we show that neither the built-in SOAP capabilities for Android web service clients are sufficient for enterprise apps nor are the necessary security features supported by the platform as is. After discussing different existing extensions making Android devices SOAP capable we explain why none of them is really satisfactory in an enterprise context. Then we present our own solution which accommodates not only SOAP but also the WS-Security features on top of SOAP. Our solution heavily relies on code generation in order to keep the flexibility benefits of SOAP on one hand while still keeping the development effort manageable for software development. Our approach provides a good foundation for the implementation of other SOAP extensions apart from security on the Android platform as well. In addition our solution based on the gSOAP framework may be used for other mobile platforms in a similar manner.

Role of assessment components and recent adverse outcomes in risk estimation and prediction: use of the Short Term Assessment of Risk and Treatability (START) in an adult secure inpatient mental health service

The Short Term Assessment of Risk and Treatability is a structured judgement tool used to inform risk estimation for multiple adverse outcomes. In research, risk estimates outperform the tool's strength and vulnerability scales for violence prediction. Little is known about what its’component parts contribute to the assignment of risk estimates and how those estimates fare in prediction of non-violent adverse outcomes compared with the structured components. START assessment and outcomes data from a secure mental health service (N=84) was collected. Binomial and multinomial regression analyses determined the contribution of selected elements of the START structured domain and recent adverse risk events to risk estimates and outcomes prediction for violence, self-harm/suicidality, victimisation, and self-neglect. START vulnerabilities and lifetime history of violence, predicted the violence risk estimate; self-harm and victimisation estimates were predicted only by corresponding recent adverse events. Recent adverse events uniquely predicted all corresponding outcomes, with the exception of self-neglect which was predicted by the strength scale. Only for victimisation did the risk estimate outperform prediction based on the START components and recent adverse events. In the absence of recent corresponding risk behaviour, restrictions imposed on the basis of START-informed risk estimates could be unwarranted and may be unethical.

X-Secure: protecting users from big bad wolves

In 2014 over 70% of people in Great Britain accessed the Internet every day. This resource is an optimal vector for malicious attackers to penetrate home computers and as such compromised pages have been increasing in both number and complexity. This paper presents X-Secure, a novel browser plug-in designed to present and raise the awareness of inexperienced users by analysing web-pages before malicious scripts are executed by the host computer. X-Secure was able to detect over 90% of the tested attacks and provides a danger level based on cumulative analysis of the source code, the URL, and the remote server, by using a set of heuristics, hence increasing the situational awareness of users browsing the internet.