Despite the latest efforts to foster the adoption of privacy-enhancing Attribute-Based Credential (p-ABC) systems in electronic services, those systems are not yet broadly adopted. The main reasons ...behind this are performance efficiency issues, lack of interoperability with standards, and the centralized architectural scheme that relies on a unique Identity Provider (IdP) for credential issuance. To cope with these limitations, this paper describes the first implementation of the Pointcheval–Sanders Multi-Signatures (PS-MS) crypto scheme proposed by Camenisch et al. and its integration in a distributed and privacy-preserving identity management system proposed in OLYMPUS H2020 European research project. Our efficient implementation provides remarkable privacy-preservation features for identity management in online transactions leveraging p-ABC systems, including unforgeability, minimal disclosure of personal data through zero-knowledge proofs, unlinkability in online transactions and fully distributed credential issuance across different IdPs, thereby removing the IdP as a unique point of failure. The performance of the implementation has been exhaustively analyzed and evaluated with different curves, signers and number of attributes, and compared against Identity Mixer, the best known p-ABC system, outperforming significantly the credential issuance and zero-knowledge proving and verification processes (2–4 times less execution time).
•Privacy-preserving ABCs enable identity management providing data minimization.•Distributed issuance of ABCs removes the single point of failure.•The implemented scheme outperforms Identity Mixer in issuance and presentation.•Statistical significance has been tested with permutation tests.•Changing pairing implies a trade-off between security and efficiency.
Network Intelligence management in Beyond 5G networks embraces the exciting challenge of addressing scalability, dynamicity, interoperability, privacy, and security concerns. These are essential ...steps towards achieving the realization of truly ubiquitous AI-based analytics, empowering seamless integration across the entire Continuum (Edge, Fog, Core, Cloud). To address these challenges, this paper presents a model-driven Federated learning approach for managing and Orchestrating the Network intelligence needed to detect and prevent cyber-attacks. The system has been integrated into a B5G Security Framework, leveraging the multi-domain and multi-tenant Orchestrator thereby endowing the Network intelligence with key features for automated and scalable deployment of FL-agents and AI-based anomaly detectors, strengthening the reaction capabilities to counter cyber-attacks. The presented FL-based model-driven system allows interoperability and extensibility in the management of the FL system.
Network Function Virtualization (NFV) and Software Distributed Networking (SDN) technologies play a crucial role in enabling 5G system and beyond. A synergy between these both technologies has been ...identified for enabling a new concept dubbed service function chains (SFC) that aims to reduce both the capital expenditures (CAPEX) and operating expenses (OPEX). The SFC paradigm considers different constraints and key performance indicators (KPIs), that includes QoS and different resources, for enabling network slice services. However, the large-scale, complexity and security issues brought by these technologies create an extra overhead for ensuring secure network slicing. To cope with these challenges, this paper proposes a cost-efficient optimized SFC management system that enables the creation of SFCs for enabling efficient and secure network slices. The proposed system considers the network and computational resources and current network security levels to ensure trusted deployments. The simulation results demonstrated the efficiency of the proposed solution for achieving its designed objectives. The proposed solution efficiently manages the SFCs by optimizing deployment costs and reducing overall end-to-end delay
Despite the latest initiatives and research efforts to increase user privacy in digital scenarios, identity-related cybercrimes such as identity theft, wrong identity or user transactions ...surveillance are growing. In particular, blanket surveillance that might be potentially accomplished by Identity Providers (IdPs) contradicts the data minimization principle laid out in GDPR. Hence, user movements across Service Providers (SPs) might be tracked by malicious IdPs that become a central dominant entity, as well as a single point of failure in terms of privacy and security, putting users at risk when compromised. To cope with this issue, the OLYMPUS H2020 EU project is devising a truly privacy-preserving, yet user-friendly, and distributed identity management system that addresses the data minimization challenge in both online and offline scenarios. Thus, OLYMPUS divides the role of the IdP among various authorities by relying on threshold cryptography, thereby preventing user impersonation and surveillance from malicious or nosy IdPs. This paper overviews the OLYMPUS framework, including requirements considered, the proposed architecture, a series of use cases as well as the privacy analysis from the legal point of view.
Cloud computing is an emerging paradigm to offer on-demand IT services to customers. The access control to resources located in the cloud is one of the critical aspects to enable business to shift ...into the cloud. Some recent works provide access control models suitable for the cloud; however there are important shortages that need to be addressed in this field. This work presents a step forward in the state-of-the-art of access control for cloud computing. We describe a high expressive authorization model that enables the management of advanced features such as role-based access control (RBAC), hierarchical RBAC (hRBAC), conditional RBAC (cRBAC) and hierarchical objects (HO). The access control model takes advantage of the logic formalism provided by the Semantic Web technologies to describe both the underlying infrastructure and the authorization model, as well as the rules employed to protect the access to resources in the cloud. The access control model has been specially designed taking into account the multi-tenancy nature of this kind of environment. Moreover, a trust model that allows a fine-grained definition of what information is available for each particular tenant has been described. This enables the establishment of business alliances among cloud tenants resulting in federation and coalition agreements. The proposed model has been validated by means of a proof of concept implementation of the access control system for OpenStack with promising performance results.
► Advanced multi-tenancy authorization system. ► Advanced features such as RBAC, hierarchical-RBAC and conditional-RBAC. ► Novel trust model proposed enabling a federated cloud environment. ► Implementation for OpenStack has validated the proposal. ► Performance statistics of the system integrated in OpenStack has been proposed.
Nowadays, managers of information systems use ontologies and rules as a powerful tool to express the desired behaviour for the system. However, the use of rules may lead to conflicting situations ...where the antecedent of two or more rules is fulfilled, but their consequent is indicating contradictory facts or actions. These conflicts can be categorised in two different groups, modality and semantic conflicts, depending on whether the inconsistency is owing to the rule language expressiveness or due to the nature of the actions. While there exist certain proposals to detect and solve modality conflicts, the problem becomes more complex with semantic ones. Additionally, current techniques to detect semantic conflicts are usually not considering the use of standard information models. This paper provides a taxonomy of semantic conflicts, analyses the main features of each of them and provides an OWL/SWRL modelling for certain realistic scenarios related with information systems. It also describes different conflict detection techniques that can be applied to semantic conflicts and their pros and cons. Finally, this paper provides a comparison of these techniques based on performance measurements taken in a realistic scenario and suggests a better approach. This approach is then used in other scenarios related with information systems and where different types of semantic conflicts may appear.
The OLYMPUS EU project is addressing the challenges associated to the use of privacy-preserving identity management solutions by establishing an inter-operable European identity management framework, ...based on novel cryptographic approaches applied to currently deployed identity management technologies. In particular, OLYMPUS employs distributed cryptographic techniques to split up the role of the online IDP over multiple authorities, so that no single authority can impersonate or track its users. This paper describes the IdM ecosystem being developed in the scope of OLYMPUS, including its main building blocks, requirements and use cases.
The application of Machine Learning (ML) techniques to the well-known intrusion detection systems (IDS) is key to cope with increasingly sophisticated cybersecurity attacks through an effective and ...efficient detection process. In the context of the Internet of Things (IoT), most ML-enabled IDS approaches use centralized approaches where IoT devices share their data with data centers for further analysis. To mitigate privacy concerns associated with centralized approaches, in recent years the use of Federated Learning (FL) has attracted a significant interest in different sectors, including healthcare and transport systems. However, the development of FL-enabled IDS for IoT is in its infancy, and still requires research efforts from various areas, in order to identify the main challenges for the deployment in real-world scenarios. In this direction, our work evaluates a FL-enabled IDS approach based on a multiclass classifier considering different data distributions for the detection of different attacks in an IoT scenario. In particular, we use three different settings that are obtained by partitioning the recent ToN\_IoT dataset according to IoT devices' IP address and types of attack. Furthermore, we evaluate the impact of different aggregation functions according to such setting by using the recent IBMFL framework as FL implementation. Additionally, we identify a set of challenges and future directions based on the existing literature and the analysis of our evaluation results.
The large scale deployment of the Internet of Things (IoT) increases the urgency to adequately address trust, security and privacy issues. We need to see the IoT as a collection of smart and ...interoperable objects that are part of our personal environment. These objects may be shared among or borrowed from users. In general, they will have only temporal associations with their users and their personal identities. These temporary associations need to be considered while at the same time taking into account security and privacy aspects. In this work, we discuss a selection of current activities being carried out by different standardization bodies for the development of suitable technologies to be deployed in IoT environments. Based on such technologies, we propose an integrated design to manage security and privacy concerns through the lifecycle of smart objects. The presented approach is framed within our ARM-compliant security framework, which is intended to promote the design and development of secure and privacy-aware IoT-enabled services.