Privacy-Preserving Techniques in Cloud/Fog and Internet of Things

A special issue of Cryptography (ISSN 2410-387X).

Deadline for manuscript submissions: closed (10 January 2023) | Viewed by 51284

Special Issue Editors


E-Mail Website
Guest Editor
Department of Computer Science, Islamic Azad University, Tehran, Iran
Interests: privacy-preserving on the Internet of Things (IoT); wireless sensor networks; security; smart city

E-Mail Website
Guest Editor
Computer Engineering Department, University of Science and Culture, Tehran, Iran
Interests: cryptography; BlockChain; Web; data science; distributed systems

E-Mail Website
Guest Editor
Faculty Member at IMShool, Nanjing University, Nanjing, China
Interests: applied cryptography; information hiding; text mining & retrieval; malware analysis; misinformation detection; authentication systems of smartphones; IoT security
Department of Computer Science and Technology, Harbin Institute of Technology, Shenzhen, China
Interests: security and privacy problems; the privacy issues related to mobile and IoT devices

Special Issue Information

Dear Colleagues,

Recently, wireless networks have been developed using cloud infrastructure and software-based networks. Their connections to the new generation Internet and the Internet of Things have reduced costs and improved reliability. It is critical for people, factories, vehicles, road and transportation environments, and much more to use IoT sensors and devices for daily tasks in these vast and complex networks. It is also important to leverage privacy-preservation patterns in large networks such as BigData, software-based networks. Several supporting technologies for IoT are Cloud Computing and Fog Computing. However, the possibility of privacy breaches in these three technologies is high. The main purpose of this leading series is to present and compile articles about this topic that can help us.

Submission Guideline:

This Special Issue is looking for original articles that are not under consideration for publication elsewhere. The "Submit Online" button on the journal's submission page allows authors to follow the journal's formatting and submission instructions. Please mention that your article is for this Special Issue in your cover letter.

The following topics are possible, but not limited to:

  • Privacy-preserving models for big data networks
  • Privacy-preserving models for sensor networks and the Internet of Things
  • Privacy-preserving mathematical models for IoT networks and Cloud Computing
  • Privacy-preservation in Fog Computing
  • Machine learning methods for privacy-preservation

Prof. Dr. Cheng-Chi Lee
Dr. Mehdi Gheisari
Dr. Mohammad Javad Shayegan
Dr. Milad Taleby Ahvanooey
Dr. Yang Liu
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Cryptography is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • privacy-preservation
  • security
  • fog
  • cloud
  • Internet of Things

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (11 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Editorial

Jump to: Research

4 pages, 181 KiB  
Editorial
Privacy-Preserving Techniques in Cloud/Fog and Internet of Things
by Cheng-Chi Lee, Mehdi Gheisari, Mohammad Javad Shayegan, Milad Taleby Ahvanooey and Yang Liu
Cryptography 2023, 7(4), 51; https://doi.org/10.3390/cryptography7040051 - 16 Oct 2023
Cited by 2 | Viewed by 2142
Abstract
Recently, wireless networks have been developed using cloud infrastructure and software-based networks [...] Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)

Research

Jump to: Editorial

14 pages, 1127 KiB  
Article
Revisiting Multiple Ring Oscillator-Based True Random Generators to Achieve Compact Implementations on FPGAs for Cryptographic Applications
by Luis Parrilla, Antonio García, Encarnación Castillo, Juan Antonio López-Villanueva and Uwe Meyer-Baese
Cryptography 2023, 7(2), 26; https://doi.org/10.3390/cryptography7020026 - 10 May 2023
Cited by 3 | Viewed by 3651
Abstract
The generation of random numbers is crucial for practical implementations of cryptographic algorithms. In this sense, hardware security modules (HSMs) include true random number generators (TRNGs) implemented in hardware to achieve good random number generation. In the case of cryptographic algorithms implemented on [...] Read more.
The generation of random numbers is crucial for practical implementations of cryptographic algorithms. In this sense, hardware security modules (HSMs) include true random number generators (TRNGs) implemented in hardware to achieve good random number generation. In the case of cryptographic algorithms implemented on FPGAs, the hardware implementation of RNGs is limited to the programmable cells in the device. Among the different proposals to obtain sources of entropy and process them to implement TRNGs, those based in ring oscillators (ROs), operating in parallel and combined with XOR gates, present good statistical properties at the cost of high area requirements. In this paper, these TRNGs are revisited, showing a method for area optimization independently of the FPGA technology used. Experimental results show that three ring oscillators requiring only three LUTs are enough to build a TRNG on Artix 7 devices from Xilinx with a throughput of 33.3 Kbps, which passes NIST tests. A throughput of 50 Kbps can be achieved with four ring oscillators, also requiring three LUTs in Artix 7 devices, while 100 Kbps can be achieved using an structure with four ring oscillators requiring seven LUTs. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

17 pages, 2753 KiB  
Article
Neural Crypto-Coding Based Approach to Enhance the Security of Images over the Untrusted Cloud Environment
by Pallavi Kulkarni, Rajashri Khanai, Dattaprasad Torse, Nalini Iyer and Gururaj Bindagi
Cryptography 2023, 7(2), 23; https://doi.org/10.3390/cryptography7020023 - 4 May 2023
Cited by 3 | Viewed by 2283
Abstract
The cloud provides on-demand, high-quality services to its users without the burden of managing hardware and software. Though the users benefit from the remote services provided by the cloud, they do not have their personal data in their physical possession. This certainly poses [...] Read more.
The cloud provides on-demand, high-quality services to its users without the burden of managing hardware and software. Though the users benefit from the remote services provided by the cloud, they do not have their personal data in their physical possession. This certainly poses new security threats for personal and confidential data, bringing the focus back on trusting the use of the cloud for sensitive data. The benefits of the cloud outweigh the concerns raised earlier, and with an increase in cloud usage, it becomes more important for security services to evolve in order to address the ever-changing threat landscape. Advanced encryption standard (AES), being one of the most widely used encryption techniques, has inherent disadvantages related to the secret key that is shared, and predictable patterns in subkey generation. In addition, since cloud storage involves data transfer over a wireless channel, it is important to address the effect of noise and multipath propagation on the transmitted data. Catering to this problem, we propose a new approach—the secure and reliable neural cryptcoding (SARNC) technique—which provides a superior algorithm, dealing with better encryption techniques combined with channel coding. A chain is as strong as the weakest link and, in the case of symmetric key encryption, the weakest link is the shared key. In order to overcome this limitation, we propose an approach wherein the key used for cryptographic purposes is different from the key shared between the sender and the receiver. The shared key is used to derive the secret private key, which is generated by the neural key exchange protocol. In addition, the proposed approach emphasizes strengthening the sub-key generation process and integrating advanced encryption standard (AES) with low-density parity check (LDPC) codes to provide end-to-end security and reliability over wireless channels. The proposed technique was tested against research done in related areas. A comparative study shows a significant improvement in PSNR, MSE, and the structural similarity index (SSIM). The key strength analysis was carried out to understand the strength and weaknesses of the keys generated. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

22 pages, 5893 KiB  
Article
Attacking Windows Hello for Business: Is It What We Were Promised?
by Joseph Haddad, Nikolaos Pitropakis, Christos Chrysoulas, Mouad Lemoudden and William J. Buchanan
Cryptography 2023, 7(1), 9; https://doi.org/10.3390/cryptography7010009 - 14 Feb 2023
Cited by 1 | Viewed by 10539
Abstract
Traditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication [...] Read more.
Traditional password authentication methods have raised many issues in the past, including insecure practices, so it comes as no surprise that the evolution of authentication should arrive in the form of password-less solutions. This research aims to explore the problems that password authentication and password policies present and aims to deploy Windows Hello for Business (WHFB) on-premises. This includes creating three virtual machines (VMs) and evaluating WHFB as a password-less solution and showing how an attacker with privileged access may retrieve the end user’s domain password from the computer’s memory using Mimikatz and describing the possible results. The conducted research tests are in the form of two attack methods. This was feasible by the creation of three VMs operating in the following way. The first VM will act as a domain controller (DC) and certificate authority server (CA server). The second VM will act as an Active Directory Federation Service (ADFS). The third VM will act as the end-user device. The test findings research summarized that password-less authentication is far more secure than the traditional authentication method; this is evidenced throughout the author’s tests. Within the first test, it was possible to retrieve the password from an enrolled device for WHFB while it was still in the second phase of the deployment. The second test was a brute-force attack on the PIN of WHFB; since WHFB has measures to prevent such attacks, the attack was unsuccessful. However, even though the retrieval of the password was successful, there are several obstacles to achieving this outcome. It was concluded that many organizations still use password authentication as their primary authentication method for accessing devices and applications. Larger organizations such as Microsoft and Google support the adoption of password-less authentication for end-users, and the current usage of password-less authentication shared by both organizations is encouraged. This usually leads organizations to adopt this new solution for their IT infrastructure. This is because it has been used and tested by millions of people and has proven to be safe. This supports the findings of increased usage and the need for password-less authentication by today’s users. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

18 pages, 4948 KiB  
Article
Blockchain of Resource-Efficient Anonymity Protection with Watermarking for IoT Big Data Market
by Chia-Hui Wang and Chih-Hao Hsu
Cryptography 2022, 6(4), 49; https://doi.org/10.3390/cryptography6040049 - 30 Sep 2022
Cited by 3 | Viewed by 2307
Abstract
According to the ever-growing supply and demand of IoT content, IoT big data in diversified applications are deemed a valuable asset by private and public sectors. Their privacy protection has been a hot research topic. Inspired by previous work on bounded-error-pruned IoT content [...] Read more.
According to the ever-growing supply and demand of IoT content, IoT big data in diversified applications are deemed a valuable asset by private and public sectors. Their privacy protection has been a hot research topic. Inspired by previous work on bounded-error-pruned IoT content market, we observe that the anonymity protection with robust watermarking can be developed by further pruning data for better resource-efficient IoT big data without violating the required quality of sensor service or quality of decision-making. In this paper, resource-efficient anonymity protection with watermarking is thus proposed for data consumers and owners of IoT big data market via blockchain. Our proposed scheme can provide the IoT data with privacy protections of both anonymity and ownership in IoT big data market with resource efficiency. The experiments of four different-type IoT datasets with different settings included bounded-errors, sub-stream sizes, watermark lengths, and ratios of data tampering. The performance results demonstrated that our proposed scheme can provide data owners and consumers with ownership and anonymity via watermarking the IoT big data streams for lossless compressibility. Meanwhile, the developed DApp with our proposed scheme on the Ethereum blockchain can help data owners freely share and trade with consumers in convenience with availability, reliability, and security without mutual trust. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

33 pages, 7851 KiB  
Article
Combining Markov and Semi-Markov Modelling for Assessing Availability and Cybersecurity of Cloud and IoT Systems
by Vyacheslav Kharchenko, Yuriy Ponochovnyi, Oleg Ivanchenko, Herman Fesenko and Oleg Illiashenko
Cryptography 2022, 6(3), 44; https://doi.org/10.3390/cryptography6030044 - 29 Aug 2022
Cited by 16 | Viewed by 3156
Abstract
This paper suggests a strategy (C5) for assessing cloud and IoT system (CIS) dependability, availability, and cybersecurity based on the continuous collection, comparison, choice, and combination of Markov and semi-Markov models (MMs and SMMs). It proposes the systematic building of an adequate and [...] Read more.
This paper suggests a strategy (C5) for assessing cloud and IoT system (CIS) dependability, availability, and cybersecurity based on the continuous collection, comparison, choice, and combination of Markov and semi-Markov models (MMs and SMMs). It proposes the systematic building of an adequate and accurate model to evaluate CISs considering (1) continuous evolution of the model(s) together with systems induced by changes in the CIS or physical and cyber environment parameters; (2) the necessity of collecting data on faults, failures, vulnerabilities, cyber-attacks, privacy violations, and patches to obtain actual data for assessment; (3) renewing the model set based on analysis of CIS operation; (4) the possibility of choice and utilizing “off-the-shelf” models with understandable techniques for their development to assure improved accuracy of assessment; (5) renewing the models during application of CIS by time, component or mixed combining, taking into consideration different operation and maintenance events. The results obtained were algorithms for data collection and analysis, choice, and combining appropriate MM and SMMs and their different types, such as multi-fragmental and multiphase models, considering changing failure rates, cyber-attack parameters, periodical maintenance, etc. To provide and verify the approach, several private and public clouds and IoT systems were researched and discussed in the context of C5 and proposed algorithms. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

15 pages, 2849 KiB  
Article
Light Weight Authentication Scheme for Smart Home IoT Devices
by Vipin Kumar, Navneet Malik, Jimmy Singla, N. Z. Jhanjhi, Fathi Amsaad and Abdul Razaque
Cryptography 2022, 6(3), 37; https://doi.org/10.3390/cryptography6030037 - 20 Jul 2022
Cited by 23 | Viewed by 4501
Abstract
In today’s world, the use of computer networks is everywhere, and to access the home network we use the Internet. IoT networks are the new range of these networks in which we try to connect different home appliances and try to give commands [...] Read more.
In today’s world, the use of computer networks is everywhere, and to access the home network we use the Internet. IoT networks are the new range of these networks in which we try to connect different home appliances and try to give commands from a remote place. Access to any device over an insecure network invites various types of attacks. User authentication can be performed using some password or biometric technique. However, when it comes to authenticating a device, it becomes challenging to maintain data security over a secure network such as the Internet. Many encryptions and decryption algorithms assert confidentiality, and hash code or message authentication code MAC is used for authentication. Traditional cryptographic security methods are expensive in terms of computational resources such as memory, processing capacity, and power consumption. They are incompatible with the Internet of Things devices that have limited resources. Although automatic Device-to-Device communication enables new potential applications, the limited resources of the networks’ machines and devices impose various constraints. This paper proposes a home device authentication scheme when these are accessed from a remote place. An authentication device is used for the home network and controller device to control home appliances. Our scheme can prevent various attacks such as replay attacks, server spoofing, and man-in-the-middle attack. The proposed scheme maintains the confidentiality and authenticity of the user and devices in the network. At the same time, we check the system in a simulated environment, and the results show that the network’s performance does not degrade much in terms of delay, throughput, and energy consumed. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

14 pages, 857 KiB  
Article
BFV-Based Homomorphic Encryption for Privacy-Preserving CNN Models
by Febrianti Wibawa, Ferhat Ozgur Catak, Salih Sarp and Murat Kuzlu
Cryptography 2022, 6(3), 34; https://doi.org/10.3390/cryptography6030034 - 1 Jul 2022
Cited by 18 | Viewed by 6701
Abstract
Medical data is frequently quite sensitive in terms of data privacy and security. Federated learning has been used to increase the privacy and security of medical data, which is a sort of machine learning technique. The training data is disseminated across numerous machines [...] Read more.
Medical data is frequently quite sensitive in terms of data privacy and security. Federated learning has been used to increase the privacy and security of medical data, which is a sort of machine learning technique. The training data is disseminated across numerous machines in federated learning, and the learning process is collaborative. There are numerous privacy attacks on deep learning (DL) models that attackers can use to obtain sensitive information. As a result, the DL model should be safeguarded from adversarial attacks, particularly in medical data applications. Homomorphic encryption-based model security from the adversarial collaborator is one of the answers to this challenge. Using homomorphic encryption, this research presents a privacy-preserving federated learning system for medical data. The proposed technique employs a secure multi-party computation protocol to safeguard the deep learning model from adversaries. The proposed approach is tested in terms of model performance using a real-world medical dataset in this paper. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

26 pages, 1497 KiB  
Article
A Batch Processing Technique for Wearable Health Crowd-Sensing in the Internet of Things
by Abigail Akosua Addobea, Qianmu Li, Isaac Obiri Amankona and Jun Hou
Cryptography 2022, 6(3), 33; https://doi.org/10.3390/cryptography6030033 - 29 Jun 2022
Cited by 3 | Viewed by 3329
Abstract
The influx of wearable sensor devices has influenced a new paradigm termed wearable health crowd-sensing (WHCS). WHCS enables wearable data collection through active sensing to provide health monitoring to users. Wearable sensing devices capture data and transmit it to the cloud for data [...] Read more.
The influx of wearable sensor devices has influenced a new paradigm termed wearable health crowd-sensing (WHCS). WHCS enables wearable data collection through active sensing to provide health monitoring to users. Wearable sensing devices capture data and transmit it to the cloud for data processing and analytics. However, data sent to the cloud is vulnerable to on-path attacks. The bandwidth limitation issue is also another major problem during large data transfers. Moreover, the WHCS faces several anonymization issues. In light of this, this article presents a batch processing method to solve the identified issues in WHCS. The proposed batch processing method provides an aggregate authentication and verification approach to resolve bandwidth limitation issues in WHCS. The security of our scheme shows its resistance to forgery and replay attacks, as proved in the random oracle (ROM), while offering anonymity to users. Our performance analysis shows that the proposed scheme achieves a lower computational and communication cost with a reduction in the storage overhead compared to other existing schemes. Finally, the proposed method is more energy-efficient, demonstrating that it is suitable for the WHCS system. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

18 pages, 849 KiB  
Article
Privacy Issues in Stylometric Methods
by Antonios Patergianakis and Konstantinos Limniotis
Cryptography 2022, 6(2), 17; https://doi.org/10.3390/cryptography6020017 - 7 Apr 2022
Cited by 2 | Viewed by 3555
Abstract
Stylometry is a well-known field, aiming to identify the author of a text, based only on the way she/he writes. Despite its obvious advantages in several areas, such as in historical research or for copyright purposes, it may also yield privacy and personal [...] Read more.
Stylometry is a well-known field, aiming to identify the author of a text, based only on the way she/he writes. Despite its obvious advantages in several areas, such as in historical research or for copyright purposes, it may also yield privacy and personal data protection issues if it is used in specific contexts, without the users being aware of it. It is, therefore, of importance to assess the potential use of stylometry methods, as well as the implications of their use for online privacy protection. This paper aims to present, through relevant experiments, the possibility of the automated identification of a person using stylometry. The ultimate goal is to analyse the risks regarding privacy and personal data protection stemming from the use of stylometric techniques to evaluate the effectiveness of a specific stylometric identification system, as well as to examine whether proper anonymisation techniques can be applied so as to ensure that the identity of an author of a text (e.g., a user in an anonymous social network) remains hidden, even if stylometric methods are to be applied for possible re-identification. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

22 pages, 15030 KiB  
Article
A Searchable Encryption Scheme with Biometric Authentication and Authorization for Cloud Environments
by Marius Iulian Mihailescu and Stefania Loredana Nita
Cryptography 2022, 6(1), 8; https://doi.org/10.3390/cryptography6010008 - 14 Feb 2022
Cited by 18 | Viewed by 5519
Abstract
Cloud computing offers the possibility of providing suitable access within a network for a set of resources. Many users use different services for outsourcing their data within the cloud, saving and mitigating the local storage and other resources involved. One of the biggest [...] Read more.
Cloud computing offers the possibility of providing suitable access within a network for a set of resources. Many users use different services for outsourcing their data within the cloud, saving and mitigating the local storage and other resources involved. One of the biggest concerns is represented by storing sensitive data on remote servers, which can be found to be extremely challenging within different situations related to privacy. Searchable Encryption (SE) represents a particular case of Fully Homomorphic Encryption (FHE) and at the same time represents a method composed from a set of algorithms meant to offer protection for users’ sensitive data, while it preserves the searching functionality on the server-side. There are two main types of SE: Searchable Symmetric Encryption (SSE), where the ciphertexts and trapdoors for searching are performed using private key holders, and Public Key Searchable Encryption (PKSE), in which a specific number of users have the public key based on which are capable of outputting ciphertexts and giving the possibility of producing the trapdoors by using the private key from the holder. In this article, we propose a searchable encryption system that uses biometric authentication. Additionally, biometric data are used in the trapdoor generation process, such that an unauthorized user cannot submit search queries. The proposed system contains three components: classic user authentication (based on username, password, and a message with a code using short message service (SMS), biometric authentication, and the searchable encryption scheme. The first two components can be seen as two-factor authentication (2FA), and the second component represents the initialization step of the searchable encryption scheme. In the end, we show and demonstrate that the proposed scheme can be implemented with success for medium to complex network infrastructures. We have granted special attention to the trapdoor function, which generates a value that can be used to perform the search process and search function that is based on the trapdoor pair for searching within the index structure. We provide the correctness and security proof of the operations, which gives us the guarantee that the cloud servers return the correct documents. Additionally, we discuss measuring the performance of the authentication scheme in terms of performance indicators, introducing two indicators for measuring purposes—namely, cloud average number of non-legitim the user actions for cloud purposes (CANNL) and cloud average number of legitim user actionsCANLU. Full article
(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)
Show Figures

Figure 1

Back to TopTop