جستجوی مقالات مرتبط با کلیدواژه "privacy" در نشریات گروه "برق"

Security of communications is a foundation for interactions in the cyber space.  Recent advances in the field of quantum computing has attracted attentions to quantum attacks. Post-quantum cryptography is a relatively new field of research and few post-quantum protocols have been proposed for secure communications. In particular, authentication of the two communicating peers while preserving their privacy and anonymity is a real challenge. In this paper, we propose a comprehensive protocol for secure authentication, key agreement, and message encryption which is resistant to quantum attacks. We use the blockchain technology and a smart contract for authentication, and the double-ratchet protocol for end-to-end encryption. Our initial key agreement uses post-quantum cryptography which brings a high level of security to our protocol. We store public keys on a cloud storage for saving costs but authenticate them using smart contracts. Our analysis of the proposed protocol demonstrates our superiority from privacy, security, and performance aspects in comparison to the related works.Security of communications is a foundation for interactions in the cyber space.  Recent advances in the field of quantum computing has attracted attentions to quantum attacks. Post-quantum cryptography is a relatively new field of research and few post-quantum protocols have been proposed for secure communications. In particular, authentication of the two communicating peers while preserving their privacy and anonymity is a real challenge. In this paper, we propose a comprehensive protocol for secure authentication, key agreement, and message encryption which is resistant to quantum attacks. We use the blockchain technology and a smart contract for authentication, and the double-ratchet protocol for end-to-end encryption. Our initial key agreement uses post-quantum cryptography which brings a high level of security to our protocol. We store public keys on a cloud storage for saving costs but authenticate them using smart contracts. Our analysis of the proposed protocol demonstrates our superiority from privacy, security, and performance aspects in comparison to the related works.

This paper aims to identify, analyze, and organize the literature on the applications of blockchain technology in electronic/online voting, as well as provide insights for future research. This study tries to show the most important applications of blockchain in e-voting and identify the most important e-voting challenges that blockchain offers a solution to them. This study follows the method of Systematic Literature Review (SLR) to analyze the existing literature on blockchain integration with e-voting. In this study, 30 articles from conferences and journals between 2017 and May 2021 were reviewed. It seems that the integration of blockchain with e-voting is in the early stages of its operation and researchers and experts are not fully aware of the potential of blockchain for e-voting. The most important results of merging or using blockchain for e-voting are voter privacy protection, anonymity, security increase, and voting system reliability. But on the other hand, there are serious discrepancies among researchers in terms of the cost-efficiency and scalability of blockchain-based voting systems. The limitations of this study are mainly due to the scarcity of studies on the applications of blockchain for e-voting (large-scale) in journals and conferences, as well as information on private-university projects that are implementing their idea is not available.

Blockchain is a distributed and undeniable digital ledger that stores transactions in a chain of high-security blocks. Blockchain solves security and privacy issues in different domains. This study aims to investigate a scientific study on blockchain security and privacy researches in Web of Science database to provide a status view of this area of research using scientometric techniques. The research community has 1226 records that have been indexed by blockchain researchers in the field of security and privacy over five years (between 2015 and 2019). In this article, the most influential countries, the network of cooperation between countries and top universities, top researchers, the most frequent keywords and cluster analysis of keywords in this field are examined. Based on the results of this study, it can be stated that security and privacy researches in the field of blockchain in ISI has been grown exponentially over the past five years, and blockchain has been mostly used to address security and privacy issues in IoT and its applications.

eHealth is the concept of using the stored digital data to achieve clinical, educational, and administrative goals and meet the needs of patients, experts, and medical care providers. Expansion of the utilization of information technology and in particular, the Internet of Things (IoT) in eHealth, raises various challenges, where the most important one is security and access control. In this regard, different security requirements have been defined; such as the physician’s access to the patient’s EHR (electronic health record) based on the physician’s physical location, detection of emergency conditions and dynamically granting access to the existing physician or nurse, preserving patients’ privacy based on their preferences, and delegation of duties and related permissions. In security and access control models presented in the literature, we cannot find a model satisfying all these requirements altogether. To fill this gap, in this paper, we present a privacy preserving dynamic access control model with access delegation capability in eHealth (called TbDAC). The proposed model is able to tackle the security challenges of these environments when the physicians and nurses access the patients’ EHR. The model also includes the data structures, procedures, and the mechanisms necessary for providing the access delegation capability. The proposed access control model in this paper is in fact a family of models named TbDAC for access control in eHealth considering the usual hospital procedures. In the core model (called TbDAC0), two primitive concepts including team and role are employed for access control in hospitals. In this model, a set of permission-types is assigned to each role and a medical team (including a set of hospital staff with their roles) is assigned to each patient. In fact the role of a person in a team determines his/her permissions on the health information of the patient. Since patients’ vital information is collected from some IoT sensors, a dynamic access control using a set of dynamic and context-aware access rules is considered in this model. Detecting emergency conditions and providing proper permissions for the nearest physicians and nurses (using location information) is a key feature in this model. Since health information is one of the most sensitive individuals’ personal information, the core model has been enhanced to be a privacy preserving access control model (named TbDAC1). To this aim, the purpose of information usage and the privacy preferences of the patients are considered in the access control enforcement procedure. Delegation of duties is a necessity in medical care. Thus, we added access delegation capability to the core model and proposed the third member of the model family, which is named TbDAC2. The complete model that considers all security requirements of these environments including emergency conditions, privacy, and delegation is the last member of this family, named TbDAC3. In each one of the presented models, the therapeutic process carried out in the hospitals, the relational model, and the entities used in the model are precisely and formally defined. Furthermore in each model, the access control process and the dynamic access rules for different situations are defined. Evaluation of the proposed model is carried out using three approaches; comparing the model with the models proposed in related research, assessing the real-world scenarios in a case study, and designing and implementing a prototype of an access control system based on the proposed model for mobile Android devices. The evaluations show the considerable capabilities of the model in satisfying the security requirements in comparison to the existing models which proposed in related research and also its applicability in practice for different simple and complicated access scenarios.

Due to explosive growth of users, increasing energy demand and also the need to improve efficiency and maintain the stability of the electricity grid, smart grid is the only option available to electrical industry engineers. In fact, the smart grid is a physical-cyber system that provides coherent and integrated communication, processing and control functions. The smart grid provides control and management of millions of devices in the electricity industry in a reliable, scalable, cost-effective, real time and two-sided manner. Given the increasing growth of cyber threats in the last decade, the need to protect the electricity industry and its critical systems seems essential. The slightest disruption to the power industry's systems results in disruption to other industries, reduced productivity, and discontent. Hence we proposed an efficient cloud based architecture to improve smart grid performance. Proposed architecture provides data security and privacy against different types of cyber-attacks such as replay attack, modification attack and so on.

IoT has the potential to become the most important concept that has led to a huge information and communication technology revolution in recent decades. In fact, the concept of the Internet of Things defines a global Internet-based network in which all objects can connect, exchange information and perform intelligent activities. This new concept has affected both civilian and military applications of its new definitions. With the advent of the Internet of Things, as well as the ability to connect various weapons systems to the network, the opportunity for commanders to facilitate weapons control and the speed of action in the reactions arises. In the meantime, and more than civilian applications, military IoT applications, known as the MIoT domain, are more important because they can have positive or destructive direct impacts on battlefields. Therefore, the security issues associated with different parts of the Militarily Internet of Things are critical. In this article, we will first discuss the concepts and architecture of the Military Internet of Things (MIoT) and review the mechanism of the Military Internet of Things with a focus on the United States MIoT. Then, we discuss security challenges and concerns, and finally, outline the Internet of Things security requirements for military things.

The internet of things (IoT) concept forms the real digital world in which all objects and things are connected to each other. This new concept has made major changes in almost all existing applications. The smart health (e-health) domain is one of the most widely used IoT subcategories that bring new medical and healthcare facilities and services. In addition to increasing the use of the IoT and its various sub-domains, security and privacy concerns and problems have also grown dramatically and have become the first dilemma of implementing the final concept of the IoT. Though so far, much has been done to maintain the security and privacy of the IoT and sub-domains, but there is not yet a complete and efficient security and privacy framework that can meet various security features. In this paper, we try at the first to evaluate a new security and privacy framework for the e-health domain that has been recently introduced and then, propose a new more complete framework that first preserves the privacy of the patient's identity and the content of his/her records, and second, covers more security features. We also propose a new authentication scheme for privacy preserving of patient's identity. The proposed scheme is an efficient-lightweight scheme and satisfies all the security features.