• Title/Summary/Keyword: Data confidentiality

Search Result 321, Processing Time 0.026 seconds

A Review on Preserving Data Confidentiality in Blockchain-based IoT-Supply Chain Systems

  • Omimah Alsaedi;Omar Batarfi;Mohammed Dahab
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.11
    • /
    • pp.110-116
    • /
    • 2023
  • Data confidentiality refers to the characteristic that information kept undisclosed or hidden from unauthorized parties. It considered a key security requirement in current supply chain management (SCM) systems. Currently, academia and industry tend to adopt blockchain and IoT technologies in order to develop efficient and secure SCM systems. However, providing confidential data sharing among these technologies is quite challenging due to the limitations associated with blockchain and IoT devices. This review paper illustrates the importance of preserving data confidentiality in SCM systems by highlighting the state of the art on confidentiality-preserving methodologies in the context of blockchain based IoT-SCM systems and the challenges associated with it.

Hyper-encryption Scheme for Data Confidentiality in Wireless Broadband (WiBro) Networks

  • Hamid, Abdul;Hong, Choong-Seon
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2007.05a
    • /
    • pp.1096-1097
    • /
    • 2007
  • We address the data confidentiality for wireless broadband (WiBro) networks. In WiBro, as the channel is wireless in nature, it suffers from passive and active attack. Passive attack, for example is to decrypt traffic based on statistical analysis and active attack is to modify traffic or inject new traffic from unauthorized mobile stations. Due to high mobility, frequent session key distribution is a bottleneck for the mobile stations. In aspect of WiBro, there is a communication between mobile station to base station, and also in mobile station to mobile station. It is expected to ensure data confidentiality while maintaining minimum overhead for the resource constrained mobile stations. In this paper, we proposed a security framework based on the concept of hyper-encryption to provide data confidentiality for wireless broadband networks.

The Importance of Anonymity and Confidentiality for Conducting Survey Research

  • Eungoo KANG;Hee-Joong HWANG
    • Journal of Research and Publication Ethics
    • /
    • v.4 no.1
    • /
    • pp.1-7
    • /
    • 2023
  • Purpose: Poor anonymity and confidential strategies by a researcher not only develop unprecedented and precedented harm to participants but also impacts the overall critical appraisal of the research outcomes. Therefore, understanding and applying anonymity and confidentiality in research is key for credible research. As such, this research expansively presents the importance of anonymity and confidentiality for research surveys through critical literature reviews of past works. Research design, data and methodology: This research has selected the literature content approach to obtain proper literature dataset which was proven by high degree of validity and reliability using only books and peer-reviewed research articles. The current authors have conducted screening procedure thoroughly to collect better fitted resources. Results: Research findings consistently mentioned the confidentiality and anonymity principles are preserved and implemented as a means of protecting the privacy of all individuals, establishing trust and rapport between researchers and study participants, as a way of critically upholding research ethical standards, and preserving the integrity of research processes. Conclusions: Confidentiality and anonymity are research ethical principles that help in providing informed consent to participants assuring subjects of the privacy of their personal data. As provided by research bodies and organizations, every research process has to incorporate the principles to meet credibility.

Ensuring Data Confidentiality and Privacy in the Cloud using Non-Deterministic Cryptographic Scheme

  • John Kwao Dawson;Frimpong Twum;James Benjamin Hayfron Acquah;Yaw Missah
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.7
    • /
    • pp.49-60
    • /
    • 2023
  • The amount of data generated by electronic systems through e-commerce, social networks, and data computation has risen. However, the security of data has always been a challenge. The problem is not with the quantity of data but how to secure the data by ensuring its confidentiality and privacy. Though there are several research on cloud data security, this study proposes a security scheme with the lowest execution time. The approach employs a non-linear time complexity to achieve data confidentiality and privacy. A symmetric algorithm dubbed the Non-Deterministic Cryptographic Scheme (NCS) is proposed to address the increased execution time of existing cryptographic schemes. NCS has linear time complexity with a low and unpredicted trend of execution times. It achieves confidentiality and privacy of data on the cloud by converting the plaintext into Ciphertext with a small number of iterations thereby decreasing the execution time but with high security. The algorithm is based on Good Prime Numbers, Linear Congruential Generator (LGC), Sliding Window Algorithm (SWA), and XOR gate. For the implementation in C, thirty different execution times were performed and their average was taken. A comparative analysis of the NCS was performed against AES, DES, and RSA algorithms based on key sizes of 128kb, 256kb, and 512kb using the dataset from Kaggle. The results showed the proposed NCS execution times were lower in comparison to AES, which had better execution time than DES with RSA having the longest. Contrary, to existing knowledge that execution time is relative to data size, the results obtained from the experiment indicated otherwise for the proposed NCS algorithm. With data sizes of 128kb, 256kb, and 512kb, the execution times in milliseconds were 38, 711, and 378 respectively. This validates the NCS as a Non-Deterministic Cryptographic Algorithm. The study findings hence are in support of the argument that data size does not determine the execution.

Secure and Scalable Blockchain-Based Framework for IoT-Supply Chain Management Systems

  • Omimah, Alsaedi;Omar, Batarfi;Mohammed, Dahab
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.12
    • /
    • pp.37-50
    • /
    • 2022
  • Modern supply chains include multiple activities from collecting raw materials to transferring final products. These activities involve many parties who share a huge amount of valuable data, which makes managing supply chain systems a challenging task. Current supply chain management (SCM) systems adopt digital technologies such as the Internet of Things (IoT) and blockchain for optimization purposes. Although these technologies can significantly enhance SCM systems, they have their own limitations that directly affect SCM systems. Security, performance, and scalability are essential components of SCM systems. Yet, confidentiality and scalability are one of blockchain's main limitations. Moreover, IoT devices are lightweight and have limited power and storage. These limitations should be considered when developing blockchain-based IoT-SCM systems. In this paper, the requirements of efficient supply chain systems are analyzed and the role of both IoT and blockchain technologies in providing each requirement are discussed. The limitations of blockchain and the challenges of IoT integration are investigated. The limitations of current literature in the same field are identified, and a secure and scalable blockchain-based IoT-SCM system is proposed. The proposed solution employs a Hyperledger fabric blockchain platform and tackles confidentiality by implementing private data collection to achieve confidentiality without decreasing performance. Moreover, the proposed framework integrates IoT data to stream live data without consuming its limited resources and implements a dualstorge model to support supply chain scalability. The proposed framework is evaluated in terms of security, throughput, and latency. The results demonstrate that the proposed framework maintains confidentiality, integrity, and availability of on-chain and off-chain supply chain data. It achieved better performance through 31.2% and 18% increases in read operation throughput and write operation throughput, respectively. Furthermore, it decreased the write operation latency by 83.3%.

Blockchain-based Data Storage Security Architecture for e-Health Care Systems: A Case of Government of Tanzania Hospital Management Information System

  • Mnyawi, Richard;Kombe, Cleverence;Sam, Anael;Nyambo, Devotha
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.3
    • /
    • pp.364-374
    • /
    • 2022
  • Health information systems (HIS) are facing security challenges on data privacy and confidentiality. These challenges are based on centralized system architecture creating a target for malicious attacks. Blockchain technology has emerged as a trending technology with the potential to improve data security. Despite the effectiveness of this technology, still HIS are suffering from a lack of data privacy and confidentiality. This paper presents a blockchain-based data storage security architecture integrated with an e-Health care system to improve its security. The study employed a qualitative research method where data were collected using interviews and document analysis. Execute-order-validate Fabric's storage security architecture was implemented through private data collection, which is the combination of the actual private data stored in a private state, and a hash of that private data to guarantee data privacy. The key findings of this research show that data privacy and confidentiality are attained through a private data policy. Network peers are decentralized with blockchain only for hash storage to avoid storage challenges. Cost-effectiveness is achieved through data storage within a database of a Hyperledger Fabric. The overall performance of Fabric is higher than Ethereum. Ethereum's low performance is due to its execute-validate architecture which has high computation power with transaction inconsistencies. E-Health care system administrators should be trained and engaged with blockchain architectural designs for health data storage security. Health policymakers should be aware of blockchain technology and make use of the findings. The scientific contribution of this study is based on; cost-effectiveness of secured data storage, the use of hashes of network data stored in each node, and low energy consumption of Fabric leading to high performance.

An Individual Privacy Protection Design for Smart Tourism Service based on Location (위치 기반 스마트 관광 서비스를 위한 개인 프라이버시 보호 설계)

  • Cho, Cook-Chin;Jeong, Eun-Hee
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.9 no.5
    • /
    • pp.439-444
    • /
    • 2016
  • This paper proposes the technique to protect the privacy of those who uses Smart Tourism Service based on location. The proposed privacy protection technique (1) generates a shared private key, OTK(One Time Key) without information exchanging Users with a Tourism Server and provides Users and a Tourism Server with message confidentiality by encrypting data with the key, (2) concatenates users' ID, login time(timestamp), and randomly-generated nonce, generates OTK by hashing with a hash function, encrypts users' location information and query by using the operation of OTK and XOR and provides Users and a Tourism Server with message confidentiality by sending the encrypted result. (3) protects a message replay attack by adding OTK and timestamp. Therefore, this paper not only provides data confidentiality and users' privacy protection but also guarantees the safety of location information and behavior pattern data.

Smart-Coord: Enhancing Healthcare IoT-based Security by Blockchain Coordinate Systems

  • Talal Saad Albalawi
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.8
    • /
    • pp.32-42
    • /
    • 2024
  • The Internet of Things (IoT) is set to transform patient care by enhancing data collection, analysis, and management through medical sensors and wearable devices. However, the convergence of IoT device vulnerabilities and the sensitivity of healthcare data raises significant data integrity and privacy concerns. In response, this research introduces the Smart-Coord system, a practical and affordable solution for securing healthcare IoT. Smart-Coord leverages blockchain technology and coordinate-based access management to fortify healthcare IoT. It employs IPFS for immutable data storage and intelligent Solidity Ethereum contracts for data integrity and confidentiality, creating a hierarchical, AES-CBC-secured data transmission protocol from IoT devices to blockchain repositories. Our technique uses a unique coordinate system to embed confidentiality and integrity regulations into a single access control model, dictating data access and transfer based on subject-object pairings in a coordinate plane. This dual enforcement technique governs and secures the flow of healthcare IoT information. With its implementation on the Matic network, the Smart-Coord system's computational efficiency and cost-effectiveness are unparalleled. Smart-Coord boasts significantly lower transaction costs and data operation processing times than other blockchain networks, making it a practical and affordable solution. Smart-Coord holds the promise of enhancing IoT-based healthcare system security by managing sensitive health data in a scalable, efficient, and secure manner. The Smart-Coord framework heralds a new era in healthcare IoT adoption, expertly managing data integrity, confidentiality, and accessibility to ensure a secure, reliable digital environment for patient data management.

Secure Data Management based on Proxy Re-Encryption in Mobile Cloud Environment (모바일 클라우드 환경에서 안전한 프록시 재암호화 기반의 데이터 관리 방식)

  • Song, You-Jin;Do, Jeong-Min
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.37 no.4B
    • /
    • pp.288-299
    • /
    • 2012
  • To ensure data confidentiality and fine-grained access control in business environment, system model using KP-ABE(Key Policy-Attribute Based Encryption) and PRE(Proxy Re-Encryption) has been proposed recently. However, in previous study, data confidentiality has been effected by decryption right concentrated on cloud server. Also, Yu's work does not consider a access privilege management, so existing work become dangerous to collusion attack between malicious user and cloud server. To resolve this problem, we propose secure system model against collusion attack through dividing data file into header which is sent to privilege manager group and body which is sent to cloud server and prevent modification attack for proxy re-encryption key using d Secret Sharing, We construct protocol model in medical environment.

A Cloud Storage Gateway to Guarantee the Confidentiality of User Data (사용자 데이터 기밀성을 보장하기 위한 클라우드 스토리지 게이트웨이)

  • Kim, Hong-Sung;Kim, Hyong-Shik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.1
    • /
    • pp.131-139
    • /
    • 2012
  • The cloud storage has the client lend and use the device as a form of service rather than owning it, and thus the client pays the charge for the service that he or she actually uses, making it beneficial over the self-managed data center. When the storage service is provided on public cloud, however, the clients does not have any control over the user data, which brings a problem of violating data confidentiality. In this paper, we propose a gateway that works between the public cloud and the client for the purpose of guaranteeing the confidentiality of user data stored in cloud. The gateway encrypts or decrypts, and then delivers the user data without the client's intervention. In addition, it provides the function of exchanging keys to allow the client to access through another gateway. The proposed idea has been tested on a commercial public cloud and verified to satisfy security and compatibility.