A Smart and Interactive Edge-Cloud Big Data System

Jake M Stauffer (10987104)

22 June 2021

<p>Data and information have increased exponentially in recent years. The promising era of big data is advancing many new practices. One of the emerging big data applications is healthcare. Large quantities of data with varying complexities have been leading to a great need in smart and secure big data systems. </p> <p>Mobile edge, more specifically the smart phone, is a natural source of big data and is ubiquitous in our daily lives. Smartphones offer a variety of sensors, which make them a very valuable source of data that can be used for analysis. Since this data is coming directly from personal phones, that means the generated data is sensitive and must be handled in a smart and secure way. In addition to generating data, it is also important to interact with the big data. Therefore, it is critical to create edge systems that enable users to access their data and ensure that these applications are smart and secure. As the first major contribution of this thesis, we have implemented a mobile edge system, called s²Edge. This edge system leverages Amazon Web Service (AWS) security features and is backed by an AWS cloud system. The implemented mobile application securely logs in, signs up, and signs out users, as well as connects users to the vast amounts of data they generate. With a high interactive capability, the system allows users (like patients) to retrieve and view their data and records, as well as communicate with the cloud users (like physicians). The resulting mobile edge system is promising and is expected to demonstrate the potential of smart and secure big data interaction.</p> <p>The smart and secure transmission and management of the big data on the cloud is essential for healthcare big data, including both patient information and patient measurements. The second major contribution of this thesis is to demonstrate a novel big data cloud system, s²Cloud, which can help enhance healthcare systems to better monitor patients and give doctors critical insights into their patients' health. s²Cloud achieves big data security through secure sign up and log in for the doctors, as well as data transmission protection. The system allows the doctors to manage both patients and their records effectively. The doctors can add and edit the patient and record information through the interactive website. Furthermore, the system supports both real-time and historical modes for big data management. Therefore, the patient measurement information can, not only be visualized and demonstrated in real-time, but also be retrieved for further analysis. The smart website also allows doctors and patients to interact with each other effectively through instantaneous chat. Overall, the proposed s²Cloud system, empowered by smart secure design innovations, has demonstrated the feasibility and potential for healthcare big data applications. This study will further broadly benefit and advance other smart home and world big data applications. </p>

Computer Engineering

Cloud

Smart Cloud

Secure Cloud

Big Data

Studies in incoercible and adaptively secure computation

Poburinnaya, Oxana

05 November 2020

Despite being a relatively young field, cryptography taught us how to perform seemingly-impossible tasks, which now became part of our everyday life. One of them is secure multiparty computation (MPC), which allows mutually distrustful parties to jointly perform a computation on their private inputs, so that each party only learns its prescribed output, but nothing else. In this work we deal with two longstanding challenges of MPC: adaptive security and deniability (or, incoercibility). A protocol is said to be adaptively secure, if it still guarantees security for the remaining honest parties, even if some parties turn dishonest during the execution of the protocol, or even after the execution. (In contrast, statically secure protocols give security guarantees only when the set of dishonest parties is fixed before the execution starts.) While adaptive security threat model is often more realistic than the static one, there is a huge gap between efficiency of statically and adaptively secure protocols: adaptively secure protocols often require more complicated constructions, stronger assumptions, and more rounds of interaction. We improve in efficiency over the state of the art in adaptive security for a number of settings, including the first adaptively secure MPC protocol in constant number of rounds, under assumptions comparable to those of static protocols (previously known protocols required as many rounds of interaction as the depth of the circuit being computed). The second challenge we deal with is providing resilience in the situation where an external coercer demands that participants disclose their private inputs and all their secret keys - e.g. via threats, bribe, or court order. Deniable (or, incoercible) protocols allow coerced participants to convincingly lie about their inputs and secret keys, thereby still maintaining their privacy. While the concept was proposed more than twenty years ago, to date secure protocols withstanding coercion of all participants were not known, even for the simple case of encryption. We present the first construction of such an encryption scheme, and then show how to combine it with adaptively secure protocols to obtain the first incoercible MPC which withstands coercion of all parties.

Computer science

Cryptography

Deniable encryption

Secure multiparty computation

Security

Exécutions de requêtes respectueuses de la vie privée par utilisation de composants matériels sécurisés / Privacy-Preserving Query Execution using Tamper Resistant Hardware

To, Quoc-Cuong

16 October 2015

Les applications actuelles, des systèmes de capteurs complexes (par exemple auto quantifiée) aux applications de e-commerce, acquièrent de grandes quantités d'informations personnelles qui sont habituellement stockées sur des serveurs centraux. Cette quantité massive de données personnelles, considéré comme le nouveau pétrole, représente un important potentiel pour les applications et les entreprises. Cependant, la centralisation et le traitement de toutes les données sur un serveur unique, où elles sont exposées aux indiscrétions de son gestionnaire, posent un problème majeur en ce qui concerne la vie privée.Inversement, les architectures décentralisées aident les individus à conserver le plein de contrôle sur leurs données, toutefois leurs traitements en particulier le calcul de requêtes globales deviennent complexes.Dans cette thèse, nous visons à concilier la vie privée de l'individu et l'exploitation de ces données, qui présentent des avantages manifestes pour la communauté (comme des études statistiques) ou encore des perspectives d'affaires. Nous promouvons l'idée de sécuriser l'acquisition des données par l'utilisation de matériel sécurisé. Grâce à ces éléments matériels tangibles de confiance, sécuriser des protocoles d'interrogation distribués permet d'effectuer des calculs globaux, tels que les agrégats SQL, sans révéler d'informations sensibles à des serveurs centraux.Cette thèse étudie le sous-groupe de requêtes SQL sans jointures et montre comment sécuriser leur exécution en présence d'attaquants honnêtes-mais-curieux. Cette thèse explique également comment les protocoles d'interrogation qui en résultent peuvent être intégrés concrètement dans une architecture décentralisée. Nous démontrons que notre approche est viable et peut passer à l'échelle d'applications de la taille d'un pays par un modèle de coût et des expériences réelles sur notre prototype, SQL/AA. / Current applications, from complex sensor systems (e.g. quantified self) to online e-markets acquire vast quantities of personal information which usually end-up on central servers. This massive amount of personal data, the new oil, represents an unprecedented potential for applications and business. However, centralizing and processing all one's data in a single server, where they are exposed to prying eyes, poses a major problem with regards to privacy concern.Conversely, decentralized architectures helping individuals keep full control of their data, but they complexify global treatments and queries, impeding the development of innovative services.In this thesis, we aim at reconciling individual's privacy on one side and global benefits for the community and business perspectives on the other side. It promotes the idea of pushing the security to secure hardware devices controlling the data at the place of their acquisition. Thanks to these tangible physical elements of trust, secure distributed querying protocols can reestablish the capacity to perform global computations, such as SQL aggregates, without revealing any sensitive information to central servers.This thesis studies the subset of SQL queries without external joins and shows how to secure their execution in the presence of honest-but-curious attackers. It also discusses how the resulting querying protocols can be integrated in a concrete decentralized architecture. Cost models and experiments on SQL/AA, our distributed prototype running on real tamper-resistant hardware, demonstrate that this approach can scale to nationwide applications.

Confidentialité

Matériel sécurisé

Protocole

Privacy

Secure hardware

Protocol

INFRASTRUCTURE-FREE SECURE PAIRING OF MOBILE DEVICES

Liu, Chunqiu

07 November 2016

Mobile devices have advanced tremendously during the last ten years and have changed our daily life in various ways. Secure pairing of mobile devices has become a significant issue considering the huge quantity of active mobile device connections and mobile traffic. However, current commonly used file sharing mobile applications rely on servers completely that are always targeted by attackers. In this thesis work, an innovative mechanism is proposed to generate symmetric keys on both mobile devices independently from a shared movement in arbitrary pattern, which means no server needs to be involved and no data exchange needed. A secret wireless-communication channel can then be established with a particular network strategy.

Mobile devices

secure pairing

features extraction

Digital Communications and Networking

Secure Identification in Social Wireless Networks

Nawaz, Omer

January 2011

The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP’s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future.

Secure Identification

Internet Security

GBA

UICC

Computer Sciences

Datavetenskap (datalogi)

A Novel Multiple Access Quantum Key Distribution Network for Secure Communication. An Investigation into The Use of Laws of Quantum Physics And Communication Protocols To Enable Multiple Clients To Exchange Quantum Keys In A Lan Environment For Secure Communication

Saleem, Faisal

January 2019

Every business and household rely on internet in this day and age. We are using electronic devices connected to the Internet. These devices are generating a considerable amount of data, which is usually transmitted using public/insecure communication channels. On the one hand, the technological advancement of universal connectivity brought so much ease for humans’ race in business, shopping, and financial transactions. The rapid pace of this technological advancement also introduced several concerns in terms of the security and secrecy of data. Security researchers developed several encryption algorithms that are in use to ensure the safety and confidentiality of data. The mathematical difficulty of prime factorisation is the fundamental element of modern encryption algorithms, and they require a considerable amount of processing power to reverse engineer (or break) these algorithms. Scientists and government agencies are trying to build quantum computers to solve some complex problems. These problems include prime factorisation of large numbers, a critical factor in the field of cryptography. Quantum computers are much more potent because of their nature. It processes information by using laws of quantum. The successful development of quantum computers will pit the security and secrecy of our data at risk because it is trivial for the quantum computer to break the currently used encryption algorithms. Bearing this in mind, Research have started working on systems that will provide secure communications in the age of quantum computing. Considering the importance of quantum physics-based communication systems, we have some working examples of these systems, which are called quantum key distribution systems (QKD). These system uses quantum physics to transmit quantum states from one party to another. In case of the presence of Eavesdropping, the whole system will be disturbed, letting both parties know the existence of eve. QKD systems have some success and have different protocols, but until now, they have a very long way to go. When these systems are mature enough, they will require to work with current internet infrastructure, which is very costly and brings so much complexity to the network that it will not be feasible to implement. This thesis proposes a Multiple Access QKD Network integrated with Internet infrastructure to addresses these issues of Secure Communication. The system proposed in this thesis takes existing protocols of data communication, QKD, along with hardware architecture of communication devices. A QKD based client and network switch have been designed and developed along with its operating system to enable multi-access communication in the LAN environment. A simulation model of the model proposed in this thesis has been by using OMNet++ simulation framework to test and evaluate the viability of this model. The proposed QKD mechanism will reduce the complexity for network administrators, reduce the cost of implementation for businesses, and ensure the secrecy and security of the data even in the age of quantum computing.

Quantum Key Distribution (QKD)

Network

Security

Secure communications

Private data querying in the precomputation model

Li, Boyang

15 August 2011

No description available.

Computer Science

Private Data Querying

Secure Two-party Computation

Precomputation

Secure and efficient query processing in outsourced databases

Bogatov, Dmytro

16 September 2022

As organizations struggle with processing vast amounts of information, outsourcing sensitive data to third parties becomes a necessity. Various cryptographic techniques are used in outsourced database systems to ensure data privacy while allowing for efficient querying. This thesis proposes a definition and components of a new secure and efficient outsourced database system, which answers various types of queries, with different privacy guarantees in different security models. This work starts with the survey of five order-preserving and order-revealing encryption schemes that can be used directly in many database indices, such as the B+ tree, and five range query protocols with various tradeoffs in terms of security and efficiency. The survey systematizes the state-of-the-art range query solutions in a snapshot adversary setting and offers some non-obvious observations regarding the efficiency of the constructions. The thesis then proceeds with Epsolute - an efficient range query engine in a persistent adversary model. In Epsolute, security is achieved in a setting with a much stronger adversary where she can continuously observe everything on the server, and leaking even the result size can enable a reconstruction attack. Epsolute proposes a definition, construction, analysis, and experimental evaluation of a system that provably hides both access pattern and communication volume while remaining efficient. The dissertation concludes with k-anon - a secure similarity search engine in a snapshot adversary model. The work presents a construction in which the security of kNN queries is achieved similarly to OPE / ORE solutions - encrypting the input with an approximate Distance Comparison Preserving Encryption scheme so that the inputs, the points in a hyperspace, are perturbed, but the query algorithm still produces accurate results. Analyzing the solution, we run a series of experiments to observe the tradeoff between search accuracy and attack effectiveness. We use TREC datasets and queries for the search, and track the rank quality metrics such as MRR and nDCG. For the attacks, we build an LSTM model that trains on the correlation between a sentence and its embedding and then predicts words from the embedding. We conclude on viability and practicality of the solution.

Computer science

Differential privacy

ORAM

ORE

Secure range queries

Health and social care services for women offenders: current provision and a future model of care

Bartlett, A., Walker, Tammi, Harty, M.A., Abel, K.M.

20 August 2014

No / Secure provision for women in both the Criminal Justice System and the Health Service has evolved in the last decade, in line with emerging gender-specific policy. Notable gains have been the approach to self-harm in prison and a reduction in the inappropriately high levels of secure hospital care. Although treatment pilots in UK settings are in progress, much practice remains poorly described and insufficiently evaluated. Recent strategic initiatives by both the Ministry of Justice and the Department of Health, as well as the commissioning changes that have followed the Health and Social Care Act 2012, provide a basis for reconsideration and a further paradigm shift. Suggestions for a reinvigorated model of gender-sensitive provision are made, relying on principles of resilience and autonomy. / Secure provision for women in both the Criminal Justice System and the Health Service has evolved in the last decade, in line with emerging gender-specific policy. Notable gains have been the approach to self-harm in prison and a reduction in the inappropriately high levels of secure hospital care. Although treatment pilots in UK settings are in progress, much practice remains poorly described and insufficiently evaluated. Recent strategic initiatives by both the Ministry of Justice and the Department of Health, as well as the commissioning changes that have followed the Health and Social Care Act 2012, provide a basis for reconsideration and a further paradigm shift. Suggestions for a reinvigorated model of gender-sensitive provision are made, relying on principles of resilience and autonomy.

Physical Layer Security for Wireless Position Location in the Presence of Location Spoofing

Lee, Jeong Heon

14 March 2011

While significant research effort has been dedicated to wireless position location over the past decades, most location security aspects have been overlooked. Recently, with the proliferation of diverse wireless devices and the desire to determine their position, there is an increasing concern about the security of location information which can be spoofed or disrupted by adversaries or unreliable signal sources. This dissertation addresses the problem of securing a radio location system against location spoofing, specifically the characterization, analysis, detection, and localization of location spoofing attacks by focusing on fundamental location estimation issues. The objective of this dissertation is four-fold. First, it provides an overview of fundamental security issues for position location, particularly associated with range-based localization. Of particular interest are security risks and vulnerabilities in location estimation, types of localization attacks, and their impact. The second objective is to characterize the effects of signal strength and beamforming attacks on range estimates and the resulting position estimate. The characterization can be generalized to a variety of location spoofing attacks and provides insight into the anomalous behavior of range and location estimators when under attack. Through this effort we can also identify effective attacks that are of particular interest to attack detection and localization. The third objective is to develop an effective technique for attack detection which requires neither prior environmental nor statistical knowledge. This is accomplished by exploiting the bilateral behavior of a hybrid framework using two received signal strength (RSS) based location estimators. We show that the resulting approach is effective at detecting attacks with the detection rate increasing with the severity of the induced location error. The last objective of this dissertation is to develop a localization method resilient to attacks and other adverse effects. Since the detection and localization approach relies solely on RSS measurements in order to be applicable to a wide range of wireless systems and scenarios, this dissertation focuses on RSS-based position location. Nevertheless, many of the basic concepts and results can be applied to any range-based positioning system. / Ph. D.

Location Security

Attack Detection

Secure Positioning

Location Estimation