The Experts below are selected from a list of 360 Experts worldwide ranked by ideXlab platform
Elisa Bertino - One of the best experts on this subject based on the ideXlab platform.
-
a lightweight secure scheme for detecting Provenance forgery and packet dropattacks in wireless sensor networks
IEEE Transactions on Dependable and Secure Computing, 2015Co-Authors: Salmin Sultana, Gabriel Ghinita, Elisa Bertino, Mohamed ShehabAbstract:Large-scale sensor networks are deployed in numerous application domains, and the Data they collect are used in decision-making for critical infrastructures. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. A malicious adversary may introduce additional nodes in the network or compromise existing ones. Therefore, assuring high Data trustworthiness is crucial for correct decision-making. Data Provenance represents a key factor in evaluating the trustworthiness of sensor Data. Provenance management for sensor networks introduces several challenging requirements, such as low energy and bandwidth consumption, efficient storage and secure transmission. In this paper, we propose a novel lightweight scheme to securely transmit Provenance for sensor Data. The proposed technique relies on in-packet Bloom filters to encode Provenance. We introduce efficient mechanisms for Provenance verification and reconstruction at the base station. In addition, we extend the secure Provenance scheme with functionality to detect packet drop attacks staged by malicious Data forwarding nodes. We evaluate the proposed technique both analytically and empirically, and the results prove the effectiveness and efficiency of the lightweight secure Provenance scheme in detecting packet forgery and loss attacks.
-
A roadmap for privacy-enhanced secure Data Provenance
Journal of Intelligent Information Systems, 2014Co-Authors: Elisa Bertino, Dang Nguyen, Ravi Sandhu, Salmin Sultana, Gabriel Ghinita, Murat Kantarcioglu, Jae Park, Bhavani ThuraisinghamAbstract:The notion of Data Provenance was formally introduced a decade ago and has since been investigated, but mainly from a functional perspective, which follows the historical pattern of introducing new technologies with the expectation that security and privacy can be added later. Despite very recent interests from the cyber security community on some specific aspects of Data Provenance, there is no long-haul, overarching, systematic framework for the security and privacy of Provenance. The importance of secure Provenance R&D has been emphasized in the recent report on Federal game-changing R&D for cyber security especially with respect to the theme of Tailored Trustworthy Spaces. Secure Data Provenance can significantly enhance Data trustworthiness, which is crucial to various decision-making processes. Moreover, Data Provenance can facilitate accountability and compliance (including compliance with privacy preferences and policies of relevant users), can be an important factor in access control and usage control decisions, and can be valuable in Data forensics. Along with these potential benefits, Data Provenance also poses a number of security and privacy challenges. For example, sometimes Provenance needs to be confidential so it is visible only to properly authorized users, and we also need to protect the identity of entities in the Provenance from exposure. We thus need to achieve high assurance of Provenance without comprising privacy of those in the chain that produced the Data. Moreover, if we expect voluntary large-scale participation in Provenance-aware applications, we must assure that the privacy of the individuals or organizations involved will be maintained. It is incumbent on the cyber security community to develop a technical and scientific framework to address the security and privacy challenges so that our society can gain maximum benefit from this technology. In this paper, we discuss a framework of theoretical foundations, models, mechanisms and architectures that allow applications to benefit from privacy-enhanced and secure use of Provenance in a modular fashion. After introducing the main components of such a framework and the notion of Provenance life cycle, we discuss in details research questions and issues concerning each such component and related approaches.
-
secure Data Provenance compression using arithmetic coding in wireless sensor networks
International Performance Computing and Communications Conference, 2014Co-Authors: Syed Rafiul Hussain, Salmin Sultana, Changda Wang, Elisa BertinoAbstract:Since Data are originated and processed by multiple agents in wireless sensor networks, Data Provenance plays an important role for assuring Data trustworthiness. However, the size of the Provenance tends to increase at a higher rate as it is transmitted from the source to the base station and is processed by many intermediate nodes. Due to bandwidth and energy limitations of wireless sensor networks, such increasing of Provenance size slows down the network and depletes the energy of sensor nodes. Therefore, compression of Data Provenance is an essential requirement. Existing lossy compression schemes based on Bloom filters or probabilistic packet marking approaches have high error rates in Provenance-recovery. In this paper, we address this problem and propose a distributed and lossless arithmetic coding based compression technique which achieves a compression ratio higher than that of existing techniques and also close to Shannon's entropy bound. Unlike other Provenance schemes, the most interesting characteristic of our scheme is that the Provenance size is not directly proportional to the number of hops, but to the occurrence probabilities of the nodes that are on a packet's path. We also ensure the confidentiality, integrity, and freshness of Provenance to prevent malicious nodes from compromising the security of Data Provenance. Finally, the simulation and testbed results provide a strong evidence for the claims in the paper.
-
secure Provenance transmission for streaming Data
IEEE Transactions on Knowledge and Data Engineering, 2013Co-Authors: Salmin Sultana, Mohamed Shehab, Elisa BertinoAbstract:Many application domains, such as real-time financial analysis, e-healthcare systems, sensor networks, are characterized by continuous Data streaming from multiple sources and through intermediate processing by multiple aggregators. Keeping track of Data Provenance in such highly dynamic context is an important requirement, since Data Provenance is a key factor in assessing Data trustworthiness which is crucial for many applications. Provenance management for streaming Data requires addressing several challenges, including the assurance of high processing throughput, low bandwidth consumption, storage efficiency and secure transmission. In this paper, we propose a novel approach to securely transmit Provenance for streaming Data (focusing on sensor network) by embedding Provenance into the interpacket timing domain while addressing the above mentioned issues. As Provenance is hidden in another host-medium, our solution can be conceptualized as watermarking technique. However, unlike traditional watermarking approaches, we embed Provenance over the interpacket delays (IPDs) rather than in the sensor Data themselves, hence avoiding the problem of Data degradation due to watermarking. Provenance is extracted by the Data receiver utilizing an optimal threshold-based mechanism which minimizes the probability of Provenance decoding errors. The resiliency of the scheme against outside and inside attackers is established through an extensive security analysis. Experiments show that our technique can recover Provenance up to a certain level against perturbations to inter-packet timing characteristics.
-
demonstrating a lightweight Data Provenance for sensor networks
Computer and Communications Security, 2012Co-Authors: Bilal Shebaro, Salmin Sultana, Shakthidhar Gopavaram, Elisa BertinoAbstract:The popularity of sensor networks and their many uses in critical domains such as military and healthcare make them more vulnerable to malicious attacks. In such contexts, trustworthiness of sensor Data and their Provenance is critical for decision-making. In this demonstration, we present an efficient and secure approach for transmitting Provenance information about sensor Data. Our Provenance approach uses light-weight in-packet Bloom filters that are encoded as sensor Data travels through intermediate sensor nodes, and are decoded and verified at the base station. Our Provenance technique is also able to defend against malicious attacks such as packet dropping and allows one to detect the responsible node for packet drops. As such it makes possible to modify the transmission route to avoid nodes that could be compromised or malfunctioning. Our technique is designed to create a trustworthy environment for sensor nodes where only trusted Data is processed.
Murat Kantarcioglu - One of the best experts on this subject based on the ideXlab platform.
-
using blockchain and smart contracts for secure Data Provenance management
arXiv: Cryptography and Security, 2017Co-Authors: Aravind Ramachandran, Murat KantarciogluAbstract:Blockchain technology has evolved from being an immutable ledger of transactions for cryptocurrencies to a programmable interactive the environment for building distributed reliable applications. Although, blockchain technology has been used to address various challenges, to our knowledge none of the previous work focused on using blockchain to develop a secure and immutable scientific Data Provenance management framework that automatically verifies the Provenance records. In this work, we leverage blockchain as a platform to facilitate trustworthy Data Provenance collection, verification, and management. The developed system utilizes smart contracts and open Provenance model (OPM) to record immutable Data trails. We show that our proposed framework can efficiently and securely capture and validate Provenance Data, and prevent any malicious modification to the captured Data as long as the majority of the participants are honest.
-
A roadmap for privacy-enhanced secure Data Provenance
Journal of Intelligent Information Systems, 2014Co-Authors: Elisa Bertino, Dang Nguyen, Ravi Sandhu, Salmin Sultana, Gabriel Ghinita, Murat Kantarcioglu, Jae Park, Bhavani ThuraisinghamAbstract:The notion of Data Provenance was formally introduced a decade ago and has since been investigated, but mainly from a functional perspective, which follows the historical pattern of introducing new technologies with the expectation that security and privacy can be added later. Despite very recent interests from the cyber security community on some specific aspects of Data Provenance, there is no long-haul, overarching, systematic framework for the security and privacy of Provenance. The importance of secure Provenance R&D has been emphasized in the recent report on Federal game-changing R&D for cyber security especially with respect to the theme of Tailored Trustworthy Spaces. Secure Data Provenance can significantly enhance Data trustworthiness, which is crucial to various decision-making processes. Moreover, Data Provenance can facilitate accountability and compliance (including compliance with privacy preferences and policies of relevant users), can be an important factor in access control and usage control decisions, and can be valuable in Data forensics. Along with these potential benefits, Data Provenance also poses a number of security and privacy challenges. For example, sometimes Provenance needs to be confidential so it is visible only to properly authorized users, and we also need to protect the identity of entities in the Provenance from exposure. We thus need to achieve high assurance of Provenance without comprising privacy of those in the chain that produced the Data. Moreover, if we expect voluntary large-scale participation in Provenance-aware applications, we must assure that the privacy of the individuals or organizations involved will be maintained. It is incumbent on the cyber security community to develop a technical and scientific framework to address the security and privacy challenges so that our society can gain maximum benefit from this technology. In this paper, we discuss a framework of theoretical foundations, models, mechanisms and architectures that allow applications to benefit from privacy-enhanced and secure use of Provenance in a modular fashion. After introducing the main components of such a framework and the notion of Provenance life cycle, we discuss in details research questions and issues concerning each such component and related approaches.
-
the challenge of assuring Data trustworthiness
Database Systems for Advanced Applications, 2009Co-Authors: Elisa Bertino, Chenyun Dai, Murat KantarciogluAbstract:With the increased need of Data sharing among multiple organizations, such as government organizations, financial corporations, medical hospitals and academic institutions, it is critical to ensure that Data is trustworthy so that effective decisions can be made based on these Data. In this paper, we first discuss motivations and requirement for Data trustworthiness. We then present an architectural framework for a comprehensive system for trustworthiness assurance. We then discuss an important issue in our framework, that is, the evaluation of Data Provenance and survey a trust model for estimating the confidence level of the Data and the trust level of Data providers. By taking into account confidence about Data Provenance, we introduce an approach for policy observing query evaluation. We highlight open research issues and research directions throughout the paper.
-
an approach to evaluate Data trustworthiness based on Data Provenance
Very Large Data Bases, 2008Co-Authors: Chenyun Dai, Elisa Bertino, Dan Lin, Murat KantarciogluAbstract:Today, with the advances of information technology, individual people and organizations can obtain and process Data from different sources. It is critical to ensure Data integrity so that effective decisions can be made based on these Data. An important component of any solution for assessing Data integrity is represented by techniques and tools to evaluate the trustworthiness of Data Provenance. However, few efforts have been devoted to investigate approaches for assessing how trusted the Data are, based in turn on an assessment of the Data sources and intermediaries. To bridge this gap, we propose a Data Provenance trust model which takes into account various factors that may affect the trustworthiness and, based on these factors, assigns trust scores to both Data and Data providers. Such trust scores represent key information based on which Data users may decide whether to use the Data and for what purposes.
Sanjay Jha - One of the best experts on this subject based on the ideXlab platform.
-
securing first hop Data Provenance for bodyworn devices using wireless link fingerprints
IEEE Transactions on Information Forensics and Security, 2014Co-Authors: Syed Taha Ali, Vijay Sivaraman, Diethelm Ostry, Gene Tsudik, Sanjay JhaAbstract:Wireless bodyworn sensing devices are fast becoming popular for fitness, sports training, and personalized healthcare applications. Securing Data generated by these devices is essential if they are to be integrated into the current health infrastructure and employed in medical applications. In this paper, we propose a mechanism to secure the Data Provenance for these devices by exploiting spatio-temporal characteristics of the wireless channel that these devices use for communication. Our solution enables two parties to generate closely matching link fingerprints, which uniquely associate a Data session with a wireless link such that a third party can later verify the details of the transaction, particularly the wireless link on which the Data was transmitted. These fingerprints are very hard for an eavesdropper to forge; they are lightweight compared with traditional Provenance mechanisms and enable interesting security properties such as accountability, nonrepudiation, and resist man-in-the-middle attacks. We validate our technique with experiments using bodyworn sensors in scenarios approximating actual device deployment and present some extensions, which reduce energy consumption. We believe this is a promising first step toward using wireless-link characteristics for the Data Provenance in body area networks.
Salmin Sultana - One of the best experts on this subject based on the ideXlab platform.
-
a lightweight secure scheme for detecting Provenance forgery and packet dropattacks in wireless sensor networks
IEEE Transactions on Dependable and Secure Computing, 2015Co-Authors: Salmin Sultana, Gabriel Ghinita, Elisa Bertino, Mohamed ShehabAbstract:Large-scale sensor networks are deployed in numerous application domains, and the Data they collect are used in decision-making for critical infrastructures. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. A malicious adversary may introduce additional nodes in the network or compromise existing ones. Therefore, assuring high Data trustworthiness is crucial for correct decision-making. Data Provenance represents a key factor in evaluating the trustworthiness of sensor Data. Provenance management for sensor networks introduces several challenging requirements, such as low energy and bandwidth consumption, efficient storage and secure transmission. In this paper, we propose a novel lightweight scheme to securely transmit Provenance for sensor Data. The proposed technique relies on in-packet Bloom filters to encode Provenance. We introduce efficient mechanisms for Provenance verification and reconstruction at the base station. In addition, we extend the secure Provenance scheme with functionality to detect packet drop attacks staged by malicious Data forwarding nodes. We evaluate the proposed technique both analytically and empirically, and the results prove the effectiveness and efficiency of the lightweight secure Provenance scheme in detecting packet forgery and loss attacks.
-
A roadmap for privacy-enhanced secure Data Provenance
Journal of Intelligent Information Systems, 2014Co-Authors: Elisa Bertino, Dang Nguyen, Ravi Sandhu, Salmin Sultana, Gabriel Ghinita, Murat Kantarcioglu, Jae Park, Bhavani ThuraisinghamAbstract:The notion of Data Provenance was formally introduced a decade ago and has since been investigated, but mainly from a functional perspective, which follows the historical pattern of introducing new technologies with the expectation that security and privacy can be added later. Despite very recent interests from the cyber security community on some specific aspects of Data Provenance, there is no long-haul, overarching, systematic framework for the security and privacy of Provenance. The importance of secure Provenance R&D has been emphasized in the recent report on Federal game-changing R&D for cyber security especially with respect to the theme of Tailored Trustworthy Spaces. Secure Data Provenance can significantly enhance Data trustworthiness, which is crucial to various decision-making processes. Moreover, Data Provenance can facilitate accountability and compliance (including compliance with privacy preferences and policies of relevant users), can be an important factor in access control and usage control decisions, and can be valuable in Data forensics. Along with these potential benefits, Data Provenance also poses a number of security and privacy challenges. For example, sometimes Provenance needs to be confidential so it is visible only to properly authorized users, and we also need to protect the identity of entities in the Provenance from exposure. We thus need to achieve high assurance of Provenance without comprising privacy of those in the chain that produced the Data. Moreover, if we expect voluntary large-scale participation in Provenance-aware applications, we must assure that the privacy of the individuals or organizations involved will be maintained. It is incumbent on the cyber security community to develop a technical and scientific framework to address the security and privacy challenges so that our society can gain maximum benefit from this technology. In this paper, we discuss a framework of theoretical foundations, models, mechanisms and architectures that allow applications to benefit from privacy-enhanced and secure use of Provenance in a modular fashion. After introducing the main components of such a framework and the notion of Provenance life cycle, we discuss in details research questions and issues concerning each such component and related approaches.
-
secure Data Provenance compression using arithmetic coding in wireless sensor networks
International Performance Computing and Communications Conference, 2014Co-Authors: Syed Rafiul Hussain, Salmin Sultana, Changda Wang, Elisa BertinoAbstract:Since Data are originated and processed by multiple agents in wireless sensor networks, Data Provenance plays an important role for assuring Data trustworthiness. However, the size of the Provenance tends to increase at a higher rate as it is transmitted from the source to the base station and is processed by many intermediate nodes. Due to bandwidth and energy limitations of wireless sensor networks, such increasing of Provenance size slows down the network and depletes the energy of sensor nodes. Therefore, compression of Data Provenance is an essential requirement. Existing lossy compression schemes based on Bloom filters or probabilistic packet marking approaches have high error rates in Provenance-recovery. In this paper, we address this problem and propose a distributed and lossless arithmetic coding based compression technique which achieves a compression ratio higher than that of existing techniques and also close to Shannon's entropy bound. Unlike other Provenance schemes, the most interesting characteristic of our scheme is that the Provenance size is not directly proportional to the number of hops, but to the occurrence probabilities of the nodes that are on a packet's path. We also ensure the confidentiality, integrity, and freshness of Provenance to prevent malicious nodes from compromising the security of Data Provenance. Finally, the simulation and testbed results provide a strong evidence for the claims in the paper.
-
secure Provenance transmission for streaming Data
IEEE Transactions on Knowledge and Data Engineering, 2013Co-Authors: Salmin Sultana, Mohamed Shehab, Elisa BertinoAbstract:Many application domains, such as real-time financial analysis, e-healthcare systems, sensor networks, are characterized by continuous Data streaming from multiple sources and through intermediate processing by multiple aggregators. Keeping track of Data Provenance in such highly dynamic context is an important requirement, since Data Provenance is a key factor in assessing Data trustworthiness which is crucial for many applications. Provenance management for streaming Data requires addressing several challenges, including the assurance of high processing throughput, low bandwidth consumption, storage efficiency and secure transmission. In this paper, we propose a novel approach to securely transmit Provenance for streaming Data (focusing on sensor network) by embedding Provenance into the interpacket timing domain while addressing the above mentioned issues. As Provenance is hidden in another host-medium, our solution can be conceptualized as watermarking technique. However, unlike traditional watermarking approaches, we embed Provenance over the interpacket delays (IPDs) rather than in the sensor Data themselves, hence avoiding the problem of Data degradation due to watermarking. Provenance is extracted by the Data receiver utilizing an optimal threshold-based mechanism which minimizes the probability of Provenance decoding errors. The resiliency of the scheme against outside and inside attackers is established through an extensive security analysis. Experiments show that our technique can recover Provenance up to a certain level against perturbations to inter-packet timing characteristics.
-
demonstrating a lightweight Data Provenance for sensor networks
Computer and Communications Security, 2012Co-Authors: Bilal Shebaro, Salmin Sultana, Shakthidhar Gopavaram, Elisa BertinoAbstract:The popularity of sensor networks and their many uses in critical domains such as military and healthcare make them more vulnerable to malicious attacks. In such contexts, trustworthiness of sensor Data and their Provenance is critical for decision-making. In this demonstration, we present an efficient and secure approach for transmitting Provenance information about sensor Data. Our Provenance approach uses light-weight in-packet Bloom filters that are encoded as sensor Data travels through intermediate sensor nodes, and are decoded and verified at the base station. Our Provenance technique is also able to defend against malicious attacks such as packet dropping and allows one to detect the responsible node for packet drops. As such it makes possible to modify the transmission route to avoid nodes that could be compromised or malfunctioning. Our technique is designed to create a trustworthy environment for sensor nodes where only trusted Data is processed.
Mohsin Kamal - One of the best experts on this subject based on the ideXlab platform.
-
light weight security and blockchain based Provenance for advanced metering infrastructure
IEEE Access, 2019Co-Authors: Mohsin Kamal, Muhammad TariqAbstract:The protection of smart meters (SMs) from cyberattacks is of utmost importance because SMs in advanced metering infrastructure (AMI) are physically unprotected and produce a large amount of sensitive Data. Due to scalability, the SMs are small-sized and low-cost devices having low computational capabilities. The algorithms that are designed to complete the security requirements of SMs should be lightweight. To address this issue, this paper proposes a lightweight security solution to address the man-in-the-middle attack, Data tempering, and blockchain-based Data Provenance. Received signal strength indicator (RSSI) is used to generate link fingerprints, which are used along with pseudo-random nonce to secure AMI. The proposed algorithm detects the involvement of adversarial node or meter tempering by computing other values along with 0 and 1 as the average of consecutive RSSI and difference between the RSSI of connected static SMs. Pearson correlation coefficient ( $\rho $ ) of 0.9102 is achieved when no adversarial node is present in between the connected SMs having mobility in one or both SMs. Negative or approximately equal to zero values of $\rho $ are computed when the adversary is present in the AMI or any of the SM in the AMI is forged. For blockchain-based Data Provenance, all the hash values of the packet header are 100% matched with the hash functions present at the Data concentrator unit (DCU), which shows no adversary’s involvement in AMI. For cases when the adversary is in the AMI, hash functions show no match with the hash values present at the DCU.
-
Light-Weight Security and Data Provenance for Multi-Hop Internet of Things
IEEE Access, 2018Co-Authors: Mohsin Kamal, Smuhammad TariqAbstract:Due to the limited resources and scalability, the security protocols for the Internet of Things (IoT) need to be light-weighted. The cryptographic solutions are not feasible to apply on small and low-energy devices of IoT because of their energy and space limitations. In this paper, a light-weight protocol to secure the Data and achieving Data Provenance is presented for the multi-hop IoT network. The Received Signal Strength Indicator (RSSI) of communicating IoT nodes are used to generate the link fingerprints. The link fingerprints are matched at the server to compute the correlation coefficient. Higher the value of correlation coefficient, higher the percentage of the secured Data transfers. Lower value gives the detection of adversarial node in between a specific link. Data Provenance has also been achieved by comparison of packet header with all the available link fingerprints at the server. The time complexity is computed at the node and server level, which is O(1). The energy dissipation is calculated for the IoT nodes and overall network. The results show that the energy consumption of the system presented in this paper is 52-53 mJ for each IoT node and 313.626 mJ for the entire network. The RSSI values are taken in real time from MICAz motes and simulations are performed on MATLAB for adversarial node detection, Data Provenance, and time-complexity. Experimental results show that up to 97% correlation is achieved when no adversarial node is present in the IoT network.
