SECOUT: Parallel Secure Outsourcing of Large-scale Optimization Problems

Liu, Yida

01 June 2020

No description available.

Computer Science

Cloud Computing, Secure Outsourcing

A Smart and Interactive Edge-Cloud Big Data System

Stauffer, Jake

08 1900

Indiana University-Purdue University Indianapolis (IUPUI) / Data and information have increased exponentially in recent years. The promising era of big data is advancing many new practices. One of the emerging big data applications is healthcare. Large quantities of data with varying complexities have been leading to a great need in smart and secure big data systems. Mobile edge, more specifically the smart phone, is a natural source of big data and is ubiquitous in our daily lives. Smartphones offer a variety of sensors, which make them a very valuable source of data that can be used for analysis. Since this data is coming directly from personal phones, that means the generated data is sensitive and must be handled in a smart and secure way. In addition to generating data, it is also important to interact with the big data. Therefore, it is critical to create edge systems that enable users to access their data and ensure that these applications are smart and secure. As the first major contribution of this thesis, we have implemented a mobile edge system, called s2Edge. This edge system leverages Amazon Web Service (AWS) security features and is backed by an AWS cloud system. The implemented mobile application securely logs in, signs up, and signs out users, as well as connects users to the vast amounts of data they generate. With a high interactive capability, the system allows users (like patients) to retrieve and view their data and records, as well as communicate with the cloud users (like physicians). The resulting mobile edge system is promising and is expected to demonstrate the potential of smart and secure big data interaction. The smart and secure transmission and management of the big data on the cloud is essential for healthcare big data, including both patient information and patient measurements. The second major contribution of this thesis is to demonstrate a novel big data cloud system, s2Cloud, which can help enhance healthcare systems to better monitor patients and give doctors critical insights into their patients' health. s2Cloud achieves big data security through secure sign up and log in for the doctors, as well as data transmission protection. The system allows the doctors to manage both patients and their records effectively. The doctors can add and edit the patient and record information through the interactive website. Furthermore, the system supports both real-time and historical modes for big data management. Therefore, the patient measurement information can, not only be visualized and demonstrated in real-time, but also be retrieved for further analysis. The smart website also allows doctors and patients to interact with each other effectively through instantaneous chat. Overall, the proposed s2Cloud system, empowered by smart secure design innovations, has demonstrated the feasibility and potential for healthcare big data applications. This study will further broadly benefit and advance other smart home and world big data applications. / 2023-06-01

Big Data

Cloud

Smart Cloud

Secure Cloud

Secure Block Storage

Drennan, James

January 2011

No description available.

Computer Engineering

Secure Storage

Signing requests

Encryption

Securing the Public Cloud: Host-Obscure Computing with Secure Enclaves

Cain, Chandler Lee

12 January 2021

As the practice of renting remote computing resources from a cloud computing platform becomes increasingly popular, the security of such systems is a subject of continued scrutiny. This thesis explores the current state of cloud computing security along with critical components of the cloud computing model. It identifies the need to trust a third party with sensitive information as a substantial obstacle for cloud computing customers. It then proposes a new model, Host-Obscure Computing, for a cloud computing service using secure enclaves and encryption that allows a customer to execute code remotely without exposing sensitive information, including program flow control logic. It presents a proof of concept for a secure cloud computing service using confidential computing technology, cryptography, and an emulator that runs in a secure memory space. It then provides an analysis of its effectiveness at reducing data exposure and its performance impact. Finally, it analyzes this model's advantages and its potential impact on the cloud computing industry. / Master of Science / The use of public cloud computing services continues to rise as a solution to many of the problems associated with on-premises data centers. Customers who would otherwise move to the cloud have resisted this change for security reasons. This research investigates what these security barriers are. Then, it proposes a novel model for a cloud computing service, referred to as Host-Obscure Computing, that is designed to mitigate these issues. Specifically, it addresses the need of a customer to share their program code and working data with the cloud provider. It outlines the development of a prototype implementation of this model. It then presents an analysis of this new service model from both a performance and security perspective. Finally, it suggests how the adoption of a service model similar to Host-Obscure Computing could improve the state of the cloud computing industry.

Cloud computing

cybersecurity

encryption

secure enclaves

Secure Wavelet-based Coding of Images, and Application to Privacy Protected Video Surveillance

Martin, Karl

16 February 2011

The protection of digital images and video from unauthorized access is important for a number of applications, including privacy protection in video surveillance and digital rights management for consumer applications. However, traditional cryptographic methods are not well suited to digital visual content. Applying standard encryption approaches to the entire content can require significant computational resources due to the large size of the data. Furthermore, digital images and video often need to be manipulated,such as by resizing or transcoding, which traditional encryption would hinder. A number of image and video-specific encryption approaches have been proposed in the literature, but many of the them have significant negative impact on the ability to compress the data, which is a necessary requirement of most imaging systems. In this work, a secure image coder, called Secure Set Partitioning in Hierarchical Trees (SecSPIHT), is proposed. It combines wavelet-based image coding (compression) with efficient encryption. The encryption is applied to a small number of selected bits in the code domain, to achieve complete confidentiality of all the content while having no negative impact on compression performance. The output of the system is a secure code that cannot be decrypted and decoded without the provision of a secret key. It has superior rate-distortion performance compared to JPEG and JPEG2000, and the bit-rate can be easily scaled via a simple truncation operation. The computational overhead of the encryption operation is very low, typically requiring less than 1% of the coded image data to be encrypted. A related secure object-based coding approach is also presented. Called Secure Shape and Texture Set Partitioning in Hierarchical Trees (SecST-SPIHT), it codes and encrypts arbitrarily-shaped visual objects. A privacy protection system for video surveillance is proposed, using SecST-SPIHT to protect private data, such as face and body images appearing in surveillance footage. During normal operation of the system, the private data objects are protected via SecST-SPIHT. If an incident occurs that requires access to the data (e.g., for investigation), a designated authority must release the key. This is superior to other methods of privacy protection which irreversibly blur or mask the private data.

wavelet

image coding

encryption

security

privacy

video coding

secure image coding

secure object coding

0544

Secure Wavelet-based Coding of Images, and Application to Privacy Protected Video Surveillance

Martin, Karl

16 February 2011

The protection of digital images and video from unauthorized access is important for a number of applications, including privacy protection in video surveillance and digital rights management for consumer applications. However, traditional cryptographic methods are not well suited to digital visual content. Applying standard encryption approaches to the entire content can require significant computational resources due to the large size of the data. Furthermore, digital images and video often need to be manipulated,such as by resizing or transcoding, which traditional encryption would hinder. A number of image and video-specific encryption approaches have been proposed in the literature, but many of the them have significant negative impact on the ability to compress the data, which is a necessary requirement of most imaging systems. In this work, a secure image coder, called Secure Set Partitioning in Hierarchical Trees (SecSPIHT), is proposed. It combines wavelet-based image coding (compression) with efficient encryption. The encryption is applied to a small number of selected bits in the code domain, to achieve complete confidentiality of all the content while having no negative impact on compression performance. The output of the system is a secure code that cannot be decrypted and decoded without the provision of a secret key. It has superior rate-distortion performance compared to JPEG and JPEG2000, and the bit-rate can be easily scaled via a simple truncation operation. The computational overhead of the encryption operation is very low, typically requiring less than 1% of the coded image data to be encrypted. A related secure object-based coding approach is also presented. Called Secure Shape and Texture Set Partitioning in Hierarchical Trees (SecST-SPIHT), it codes and encrypts arbitrarily-shaped visual objects. A privacy protection system for video surveillance is proposed, using SecST-SPIHT to protect private data, such as face and body images appearing in surveillance footage. During normal operation of the system, the private data objects are protected via SecST-SPIHT. If an incident occurs that requires access to the data (e.g., for investigation), a designated authority must release the key. This is superior to other methods of privacy protection which irreversibly blur or mask the private data.

wavelet

image coding

encryption

security

privacy

video coding

secure image coding

secure object coding

0544

Secure Key Establishment for Mobile Networks

Tin, Yiu Shing (Terry)

January 2005

Informal analysis of authenticated key establishment (ake) protocols was commonly accepted as the valid argument for their security in the past. Although it can provide some confidence in protocol correctness, experience has shown time and again that ake protocols are likely to contain flaws even after an informal analysis is completed. Therefore, it has become increasingly common to expect a formal analysis, and preferably a mathematical proof, of any published ake protocol in order to obtain increased confidence in its security. In this research we use an appropriate model for analysing ake protocols based on its features and properties. The model allows us to design ake protocols modularly and reuse existing protocol components. We provide a detailed description of its formalisation, operations and usage. This description also includes ways of extracting new protocol components from existing ake protocols. Following the description of the model, we propose a new unauthenticated key establishment protocol for two-party communications. By composing this protocol with authentication protocols, we can construct several new secure ake protocols. These new protocols are compared with existing protocols for their computational efficiency. The comparison shows that our new proven secure protocols are as efficient as the existing protocols with an informal security analysis. We then propose a three-party key establishment protocol which involves a trusted server and two users. We also propose a non-interactive authentication protocol and discuss it and a variant of it. These components are used to construct a secure three-party ake protocol that supports a privacy framework. This framework allows users to remain anonymous while conducting electronic transactions with an independent service provider. A new password-based authentication protocol is proposed to address the problem of authentication using passwords. This protocol carries a proof of security and satisfies a slightly relaxed definition of security. We demonstrate its application by composing it with existing key establishment protocols. To maximise its use, we modified a two-party key establishment protocol to become three-party server based. By using the server for authentication, two users within a common network domain can establish a secure session key. Only a small number of ake protocols are demonstrated in this thesis. There exist many more provably secure ake protocols that can be constructed using the protocol components presented by applying the approach of "mix and match". That is, each new component results in a number of new ake protocols depending on the number of existing components.

Provable security

modular approach

Canetti-Krawczyk model

secure protocol

secure protocol design

mobile key establishment

Evaluation and Implementation for Pushing Automatic Updates to IoT Devices

Min, Menglei

January 2017

In recent years, Internet of Things has developed rapidly, and now has penetrated into human life and industrial production. It is speculated that the internet of things will become ubiquitous in the future, which will bring a series of problems. First, the large number of things will lead to operated system and software updates consuming a lot of manpower and resources. Another problem is the Internet of things facing security issues, in recent years for the means of Internet of things and tools have been increasing largely. Therefore, to achieve a secure automatic update on the Internet of Things is essential. This report will follow such an automatic update system based on Internet of things to expand. First it elaborated on the main motive of this problem, found three existing related works and three security methods for communication to analyze. Then combined results of analysis, put forward own a secure automatic update solution: manager and devices connect and mutual authentication in real time, at the same time, the manager will regularly check the database to see if there is new version application. When the administrator uploads a new version, the manager will download the version and then sends to all devices, then device installs and finally restart itself. Next, the report described how to implement this system in detail and evaluated it. In the end, this report summarized and introduces the future work.

Automatic update

Internet of things

Digital signature

Secure sockets layer communication

Secure hash algorithm

Software Engineering

Programvaruteknik

Realizing Homomorphic Secure Protocols through Cross-Layer Design Techniques / クロスレイヤ設計による準同型暗号プロトコルの実現

Bian, Song

23 May 2019

京都大学 / 0048 / 新制・課程博士 / 博士(情報学) / 甲第21975号 / 情博第703号 / 新制||情||121(附属図書館) / 京都大学大学院情報学研究科通信情報システム専攻 / (主査)教授 佐藤 高史, 教授 小野寺 秀俊, 教授 岡部 寿男 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM

Homomorphic encryption

Approximate computing

Secure Email Filter

Secure Inference

007

Cybersäkerhet på väg : Säker mjukvaruutveckling i fordonsindustrin

Alfredsson, Anders

January 2023

Moderna vägfordon är i högre grad än tidigare styrda av mjukvara, och det är även vanligt att de har någon form av internetuppkoppling. För att fordonen ska kunna uppfylla de säkerhetskrav som ställs är det därför viktigt att mjukvaran är utvecklad på ett säkert sätt och under säkra former. Denna fallstudie undersöker med hjälp av strukturerade intervjuer hur några personer som arbetar med mjukvaruutveckling inom fordonsindustrin beskriver arbetet med säkerhet i utvecklingsprocessen. Resultatet visar att det finns en rad olika rutiner och riktlinjer som syftar till att skapa en säker produkt ur ett cybersäkerhetsperspektiv, men att det finns en tendens bland vissa utvecklare att förlita sig på processer och rutiner när det gäller att skapa en säker mjukvara.

secure software

secure development

säker mjukvara

säker utveckling

Computer Systems

Datorsystem