-
PrivGenDB: Efficient and privacy-preserving query executions over encrypted SNP-Phenotype database
Authors:
Sara Jafarbeiki,
Amin Sakzad,
Shabnam Kasra Kermanshahi,
Raj Gaire,
Ron Steinfeld,
Shangqi Lai,
Gad Abraham
Abstract:
Searchable symmetric encryption (SSE) has been used to protect the confidentiality of genomic data while providing substring search and range queries on a sequence of genomic data, but it has not been studied for protecting single nucleotide polymorphism (SNP)-phenotype data. In this article, we propose a novel model, PrivGenDB, for securely storing and efficiently conducting different queries on…
▽ More
Searchable symmetric encryption (SSE) has been used to protect the confidentiality of genomic data while providing substring search and range queries on a sequence of genomic data, but it has not been studied for protecting single nucleotide polymorphism (SNP)-phenotype data. In this article, we propose a novel model, PrivGenDB, for securely storing and efficiently conducting different queries on genomic data outsourced to an honest-but-curious cloud server. To instantiate PrivGenDB, we use SSE to ensure confidentiality while conducting different types of queries on encrypted genomic data, phenotype and other information of individuals to help analysts/clinicians in their analysis/care. To the best of our knowledge, PrivGenDB construction is the first SSE-based approach ensuring the confidentiality of shared SNP-phenotype data through encryption while making the computation/query process efficient and scalable for biomedical research and care. Furthermore, it supports a variety of query types on genomic data, including count queries, Boolean queries, and k'-out-of-k match queries. Finally, the PrivGenDB model handles the dataset containing both genotype and phenotype, and it also supports storing and managing other metadata like gender and ethnicity privately. Computer evaluations on a dataset with 5,000 records and 1,000 SNPs demonstrate that a count/Boolean query and a k'-out-of-k match query over 40 SNPs take approximately 4.3s and 86.4μs, respectively, that outperforms the existing schemes.
△ Less
Submitted 30 June, 2021; v1 submitted 6 April, 2021;
originally announced April 2021.
-
NFV-based IoT Security for Home Networks using MUD
Authors:
Yehuda Afek,
Anat Bremler-Barr,
David Hay,
Ran Goldschmidt,
Lior Shafir,
Gafnit Abraham,
Avraham Shalev
Abstract:
A new scalable ISP level system architecture to secure and protect all IoT devices in a large number of homes is presented. The system is based on whitelisting, as in the Manufacturer Usage Description (MUD) framework, implemented as a VNF. Unlike common MUD suggestions that place the whitelist application at the home/enterprise network, our approach is to place the enforcement upstream at the pro…
▽ More
A new scalable ISP level system architecture to secure and protect all IoT devices in a large number of homes is presented. The system is based on whitelisting, as in the Manufacturer Usage Description (MUD) framework, implemented as a VNF. Unlike common MUD suggestions that place the whitelist application at the home/enterprise network, our approach is to place the enforcement upstream at the provider network, combining an NFV (Network Function Virtualization) with router/switching filtering capabilities, e.g., ACLs. The VNF monitors many home networks simultaneously, and therefore, is a highly-scalable managed service solution that provides both the end customers and the ISP with excellent visibility and security of the IoT devices at the customer premises.
The system includes a mechanism to distinguish between flows of different devices at the ISP level despite the fact that most home networks (and their IoT devices) are behind a NAT and all the flows from the same home come out with the same source IP address. Moreover, the NFV system needs to receive only the first packet of each connection at the VNF, and rules space is proportional to the number of unique types of IoT devices rather than the number of IoT devices. The monitoring part of the solution is off the critical path and can also uniquely protect from incoming DDoS attacks.
To cope with internal traffic, that is not visible outside the customer premise and often consists of P2P communication, we suggest a hybrid approach, where we deploy a lightweight component at the CPE, whose sole purpose is to monitor P2P communication. As current MUD solution does not provide a secure solution to P2P communication, we also extend the MUD protocol to deal also with peer-to-peer communicating devices. A PoC with a large national level ISP proves that our technology works as expected.
△ Less
Submitted 1 November, 2019;
originally announced November 2019.
-
Securing Web Services Using XML Signature and XML Encryption
Authors:
RA. K. Saravanaguru,
George Abraham,
Krishnakumar Ventakasubramanian,
Kiransinh Borasia
Abstract:
This paper is aimed to evaluate the importance of XML Signature and XML Encryption in Web Service Security. In today's business scenario, organizations are investing huge amount of resources in Web Services. Web Service Transactions are done mainly through plain-text XML formats like SOAP and WSDL, hence hacking into them is not a tedious task. XML Signature and XML Encryption ensure security to X…
▽ More
This paper is aimed to evaluate the importance of XML Signature and XML Encryption in Web Service Security. In today's business scenario, organizations are investing huge amount of resources in Web Services. Web Service Transactions are done mainly through plain-text XML formats like SOAP and WSDL, hence hacking into them is not a tedious task. XML Signature and XML Encryption ensure security to XML documents as well as retain the structure of documents, thereby making it easy to implement them. These two methods are evaluated on the parameters of authentication, authorization, integration, confidentiality and non-repudiation.
△ Less
Submitted 4 March, 2013;
originally announced March 2013.
-
KRAB Algorithm - A Revised Algorithm for Incremental Call Graph Generation
Authors:
Rajasekhara Babu,
Krishnakumar V.,
George Abraham,
Kiransinh Borasia
Abstract:
This paper is aimed to present the importance and implementation of an incremental call graph plugin. An algorithm is proposed for the call graph implementation which has better overall performance than the algorithm that has been proposed previously. In addition to this, the algorithm has been empirically proved to have excellent performance on recursive codes. The algorithm also readily checks f…
▽ More
This paper is aimed to present the importance and implementation of an incremental call graph plugin. An algorithm is proposed for the call graph implementation which has better overall performance than the algorithm that has been proposed previously. In addition to this, the algorithm has been empirically proved to have excellent performance on recursive codes. The algorithm also readily checks for function skip and returns exceptions.
△ Less
Submitted 4 March, 2013;
originally announced March 2013.
-
A Review On Securing Distributed Systems Using Symmetric Key Cryptography
Authors:
Ramesh Babu,
George Abraham,
Kiransinh Borasia
Abstract:
This review is aimed to evaluate the importance of Symmetric Key Cryptography for Security in Distributed Systems. Businesses around the world as well as research and other such areas rely heavily on distributed systems these days. Hence, security is also a major concern due to the openness of the system. Out of the various available security measures, we, in this paper, concentrate in general on…
▽ More
This review is aimed to evaluate the importance of Symmetric Key Cryptography for Security in Distributed Systems. Businesses around the world as well as research and other such areas rely heavily on distributed systems these days. Hence, security is also a major concern due to the openness of the system. Out of the various available security measures, we, in this paper, concentrate in general on the symmetric key cryptographic technique. We review two widely used and popular symmetric key cryptographic algorithms, viz. DES and AES. These two algorithms are evaluated on the parameters such as key size, block size, number of iterations, etc.
△ Less
Submitted 1 March, 2013;
originally announced March 2013.
