DICOM image secure communications with Internet protocols IPv6 and IPv4.

Image-data transmission from one site to another through public network is usually characterized in term of privacy, authenticity, and integrity. In this paper, we first describe a general scenario about how image is delivered from one site to another through a wide-area network (WAN) with security features of data privacy, integrity, and authenticity. Second, we give the common implementation method of the digital imaging and communication in medicine (DICOM) image communication software library with IPv6/IPv4 for high-speed broadband Internet by using open-source software. Third, we discuss two major security-transmission methods, the IP security (IPSec) and the secure-socket layer (SSL) or transport-layer security (TLS), being used currently in medical-image-data communication with privacy support. Fourth, we describe a test schema of multiple-modality DICOM-image communications through TCP/IPv4 and TCP/IPv6 with different security methods, different security algorithms, and operating systems, and evaluate the test results. We found that there are tradeoff factors between choosing the IPsec and the SSL/TLS-based security implementation of IPv6/IPv4 protocols. If the WAN networks only use IPv6 such as in high-speed broadband Internet, the choice is IPsec-based security. If the networks are IPv4 or the combination of IPv6 and IPv4, it is better to use SSL/TLS security. The Linux platform has more security algorithms implemented than the Windows (XP) platform, and can achieve better performance in most experiments of IPv6 and IPv4-based DICOM-image communications. In teleradiology or enterprise-PACS applications, the Linux operating system may be the better choice as peer security gateways for both the IPsec and the SSL/TLS-based secure DICOM communications cross public networks.     

Security, privacy, and accountability in wireless access networks - [Accepted from open call]

The presence of ubiquitous connectivity provided by wireless communications and mobile computing has changed the way humans interact with information. At the same time, it has made communication security and privacy a hot-button issue. In this article we address the security and privacy concerns in wireless access networks. We first discuss the general cryptographic means to design privacy-preserving security protocols, where the dilemma of attaining both security and privacy goals, especially user accountability vs. user privacy, is highlighted. We then present a novel authentication framework that integrates a new key management scheme based on the principle of separation of powers and an adapted construction of Boneh and Shacham's group signature scheme, as an enhanced resort to simultaneously achieve security, privacy, and accountability in wireless access networks.     

云安全技术及实现探究

近年来,我国的社会经济在快速发展的同时,科学技术也获得了很大的进步,大数据以及云计算逐步成为当前最受关注的新一代信息技术应用。随着云计算的不断发展,云安全技术就逐渐成为网络时代信息安全最重要的体现。云安全技术在机密性、数据的完整性、访问的控制、身份的认证、防火墙配置的安全性以及可信性等方面提出了新的安全要求。     

IP网络的侦听研究

Internet网络的广泛应用使得对IP网络上流动的信息进行合法侦听越来越重要，然而IP网络的合法侦听相对来说更加复杂和不成熟。根据ETSI有关合法侦听标准，从合法侦听的角度分析了IP网络数据传输模型，给出了不同传输模型下的侦听点的设置。考虑到侦听数据传输的有效性和安全性，对于IP网络中侦听数据的传送提出具体要求，并且给出了侦听数据在网络中的传递模型。     

A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications

In today's Internet era, group communications have become more and more essential for many emerging applications. Given the openness of today's networks, efficient and secure distribution of common key is an essential issue for secure communications in the group. To maintain confidentiality during communication in the group, all authorized members require a common key called the group key in advance. This paper proposes a group key distribution and authentication protocol for dynamic access control in secure group communication using Chinese remainder theorem (CRT), which is highly secure and computationally efficient. The proposed protocol (1) has drastically reduced the computation complexity of group controller ( GC ) and members, (2) has provided intense security by means of an additional secret parameter used by GC and members, (3) has minimized storage and communication overheads, (4) has been decentralized for higher scalability so that it can efficiently handle large‐scale changes in the group membership, and (5) is suitable for many practical applications due to intense security along with low computation and storage overheads. Detailed security analysis proves that our protocol can guarantee the privacy and security requirements of group communications. Moreover, performance analysis also verifies the efficiency and effectiveness of the proposed protocol. The proposed protocol has been experimented on star topology‐based key distribution system and observed that the protocol significantly reduces the computation cost and minimizes the communication and storage overheads.     

云计算中数据隐私保护研究进展

由于社会分工和资源共享的必然,公共云平台必将成为和电网、互联网等同等重要的国家基础设施。云计算面临的安全问题制约着云计算的广泛使用。数据安全在云计算中尤为重要,如何保证数据的安全性是云计算安全的核心。从数据的隐私保护计算、数据处理结果的完整性认证、数据访问权限控制以及数据的物理安全4个方面对已有研究工作进行了分类和总结,为后续云计算中数据的安全性研究提供参照。     

具有隐私保护的云存储访问控制方案

针对传统的访问控制方案无法在云计算环境下保护用户的属性隐私,提出了具有隐私保护的云存储访问控制方案。采用混合加密体制实现了数据的机密性,即利用对称密钥加密明文数据,再利用公钥密码体制对对称密钥进行加密。在新的访问控制方案中,公钥加密采用了匿名的密文策略下基于属性的加密技术。安全性分析表明,新方案在保护用户属性隐私的同时,达到了选择明文安全性,可抵抗恶意用户及云存储服务器的合谋攻击。     

The European regulatory framework for security and privacy protection in electronic communications

The European Directive 2002/58/Ec of July 12, 2002 introduced important provisions with regard to security and privacy protection in the electronic communications sector. The Directive contains legal rules with regard to widely debated issues such as network security, unsolicited messages (“spam”), spy-ware and cookies, traffic data retention for law enforcement purposes or location based services. In their contribution, the authors give an overview of the most important provisions of the new European regulatory framework and examine their practical consequences for the electronic communications sector.     

Critical issues in Internet commerce

In this article the authors identify reliability, privacy, and security as critical issues in electronic commerce. In other work, designers of information systems have identified other issues as critical, such as the ability to provide offline verification. It is widely agreed that an electronic currency system must provide divisibility, scalability in number of users, conservation of money or tamper resistance, exchangeability or interoperability, and availability. However, by returning to the fundamental definition of money and the essential nature of electronic information systems, the authors argue that privacy, reliability, and security are also critical issues. It is argued that these issues are particularly important in Internet commerce. The authors conclude by noting how some proposed Internet commerce systems provide, or fail to provide, security, reliability, and privacy     

A survey of indoor positioning systems for wireless personal networks

Recently, indoor positioning systems (IPSs) have been designed to provide location information of persons and devices. The position information enables location-based protocols for user applications. Personal networks (PNs) are designed to meet the users' needs and interconnect users' devices equipped with different communications technologies in various places to form one network. Location-aware services need to be developed in PNs to offer flexible and adaptive personal services and improve the quality of lives. This paper gives a comprehensive survey of numerous IPSs, which include both commercial products and research-oriented solutions. Evaluation criteria are proposed for assessing these systems, namely security and privacy, cost, performance, robustness, complexity, user preferences, commercial availability, and limitations.We compare the existing IPSs and outline the trade-offs among these systems from the viewpoint of a user in a PN.     

Key escrowing today

The objective of the US Government's Escrowed Encryption Standard (EES) and associated Key Escrow System (KES) is to provide strong security for communications while simultaneously allowing authorized government access to particular communications for law enforcement and national security purposes. The article describes the EES and the KES. Particular emphasis is given to security, since potential users have been concerned that the hooks which provide authorized government access could be exploited or abused. It describes many of the safeguards that have gone into the design of the KES in order to ensure that the risk of unauthorized access to EES-encrypted communications is negligible     

面向物联网的隐私数据安全问题研究

随着社会的发展,物联网已成为社会发展的重要新兴产业,在各个领域中广泛应用。物联网是基于互联网技术产生的,在物联网的运行过程中势必会产生大量数据,这些数据都是客户的隐私,切实保护好客户隐私是物联网进一步发展的首要条件。在面向物联网的隐私数据安全问题时,相关技术人员一定要清楚威胁物联网隐私数据安全的主要途径,加大安全防护力度,保护人们的隐私。文章从信息获取、信息传输以及信息处理3个途径,对隐私数据安全问题进行探讨,并提出一些加大隐私安全防护的举措。     

Implementation of security policy for clinical information systems over wireless sensor networks

Various healthcare areas such as diagnosis, surgery, intensive care and treatment, and patient monitoring in general, would greatly benefit from light, autonomous devices which can be unobtrusively mounted on the patient’s body in order to monitor and report health-relevant variables to an interconnection device in the vicinity. This interconnection device should be able to connect to access points at different locations within the healthcare institution. In this manner, health-relevant measurements can be forwarded to the central medical database and stored therein. In this scenario, integrity and privacy of personal medical data is of utmost importance. In this paper we address the networking and security architecture of a healthcare information system comprised of patients’ personal sensor networks, department/room networks, hospital network, and medical databases. We discuss confidentiality and integrity policies for clinical information systems and propose the feasible enforcement mechanisms over the wireless hop. We also compare two candidate technologies, IEEE 802.15.1 and IEEE 802.15.4, from the aspect of resilience to jamming and denial-of-service attacks.     

面向6G的雾无线接入网内生安全数据共享机制研究

为解决6G移动通信系统中雾无线接入网中数据共享的数据安全问题,提出了一种实现本地差分隐私和动态批量审计的内生安全数据共享机制.首先,用户本地对数据运行RAPPOR算法保护数据隐私;其次,雾接入点对数据进行缓存和预处理;再次,大功率节点对雾接入点上的数据进行基于BLS签名和Merkle哈希树的数据完整性审计;最后,BBU...     

The Digital Fingerprinting Analysis of Generic Twitter Sessions from Internet of Things Security Aspect

Nowadays, the unparalleled growth of Internet of Things (IoT) is a new digital disruption which intelligent devices are connected and working together. IoT connects personal computers, tablets, and smart phones in our daily communications from leisure purposes to business tasks. However, the security concern of IoT can’t be overemphasized due to the connectivity among communication gadgets. Sustainably, Twitter is one of the most popular Instant Message (IM) toolkits today. When Twitter is being utilized, there will be some negligible and imperceptible digital remnants left in the computing devices, which could be probative digital evidences in a court of law when IoT application is involved. Hence, the digital forensics of IM has been a relatively rigorous, competitive, and novel research field by the law enforcement agency officers and the information security staffs with respect to some cybercrimes concerning IoT. Consequently, this research is targeting on the utilization of Twitter on the desktop PC under Windows 7 operating system via the acquisition of volatile digital bread crumbs inside physical memory of the computing device for the purpose of presenting supportive digital evidences for some information security concerns. The proposed various scenarios in the design of the experiment could be the paradigms for digital forensics specialists or law enforcement agencies to follow in order to reconstruct the previous operations in the Twitter sessions of a certain user under the IoT ecosystems.

     

大数据背景下通信网络信息安全分析

随着我国社会经济的不断发展,信息通信行业发展极为迅速,在信息通信行业高速发展的条件下,由于相关的体制和设备无法满足互联网信息发展的需求,导致信息通信出现了严重的网络安全问题。近年来我国已经进入了大数据时代,在大数据时代中,信息通信,网络安全变得极为重要,相关的企业和部门要通过分析信息通信网络安全问题,找到相应的对策进行解决,避免信息通信网络出现安全问题,影响人们的正常生活和使用。文章将针对大数据背景下通信网络信息安全整改情况的讨论分析。     

区块链技术在信息技术安全与隐私保护中的应用

随着网络和移动设备用户数量的增长,信息安全和隐私保护变得越来越重要。文中提出了一种基于区块链的解决方案,即隐私保护型区块链系统,以保护用户数据的安全性和隐私性。此外,设计并实施了一种利用区块链不可篡改性和分布式特性的系统,以确保数据的完整性和防止未经授权的访问。通过仿真实验,验证了该系统的有效性和效率。实验结果表明,该系统在提高用户数据安全性和隐私性方面表现优异,是一种值得推广的新型数据保护策略。     

Examining Internet privacy policies within the context of user privacy values

Internet privacy policies describe an organization's practices on data collection, use, and disclosure. These privacy policies both protect the organization and signal integrity commitment to site visitors. Consumers use the stated website policies to guide browsing and transaction decisions. This paper compares the classes of privacy protection goals (which express desired protection of consumer privacy rights) and vulnerabilities (which potentially threaten consumer privacy) with consumer privacy values. For this study, we looked at privacy policies from nearly 50 websites and surveyed over 1000 Internet users. We examined Internet users' major expectations about website privacy and revealed a notable discrepancy between what privacy policies are currently stating and what users deem most significant. Our findings suggest several implications to privacy managers and software project managers. Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacy-aware website development efforts.     

Internet and Online Information Privacy: An Exploratory Study of Preteens and Early Teens

Information security and privacy on the internet are critical issues in our society. In this research, we examine factors that influence internet users' private-information-sharing behavior. Based on a survey of 285 preteens and early teens, who are among the most vulnerable groups on the web, this study provides a research framework that explains an internet user's information privacy protection behavior. According to our study results, internet users' information privacy behaviors are affected by two significant factors: (1) users' perceived importance of information privacy and (2) information privacy self-efficacy. The study also found that users believe in the value of online information privacy and that information privacy protection behavior varies by gender. Our findings indicate that educational opportunities regarding internet privacy and computer security as well as concerns from other reference groups (e.g., peer, teacher, and parents) play an important role in positively affecting the internet users' protective behavior regarding online privacy.      

物联网移动RFID系统匿名访问控制认证密钥交换协议

针对物联网移动RFID系统标签隐私信息的访问控制以及用户身份隐私保护问题,本文采用身份加密和属性加密相结合的方法,建立了IB-AB-eCK安全模型,设计了基于身份及属性的认证密钥交换协议IB-AB-AKE。基于IB-AB-AKE协议,提出了移动RFID手机与信息服务器之间认证密钥交换协议,实现了在保护移动RFID手机用户身份隐私的同时,根据标签所有者定制的访问控制策略进行标签信息的访问控制认证和会话密钥交换,防止了隐私信息被非法访问。分析表明,IB-AB-AKE协议在IB-AB-eCK模型下是安全的,且在通信次数、通信量及计算量方面具有优势。