Cooperative Jamming-Based Physical-Layer Group Secret and Private Key Generation.

This paper explores physical layer group key generation in wireless relay networks with a star topology. In this setup, the relay node plays the role of either a trusted or untrusted central node, while one legitimate node (Alice) acts as the reference node. The channel between the relay and Alice serves as the reference channel. To enhance security during the channel measurement stage, a cooperative jamming-based scheme is proposed in this paper. This scheme allows the relay to obtain superimposed channel observations from both the reference channel and other relay channels. Then, a public discussion is utilized to enable all nodes to obtain estimates of the reference channel. Subsequently, the legitimate nodes can agree on a secret key (SK) that remains secret from the eavesdropper (Eve), or a private key (PK) that needs to be secret from both the relay and Eve. This paper also derives the lower and upper bounds of the SK/PK capacity. Notably, it demonstrates that there exists only a small constant difference between the SK/PK upper and lower bounds in the high signal-to-noise ratio (SNR) regime. Simulation results confirm the effectiveness of the proposed scheme for ensuring security and efficiency of group key generation.

Private Key and Decoder Side Information for Secure and Private Source Coding.

We extend the problem of secure source coding by considering a remote source whose noisy measurements are correlated random variables used for secure source reconstruction. The main additions to the problem are as follows: (1) all terminals noncausally observe a noisy measurement of the remote source; (2) a private key is available to all legitimate terminals; (3) the public communication link between the encoder and decoder is rate-limited; and (4) the secrecy leakage to the eavesdropper is measured with respect to the encoder input, whereas the privacy leakage is measured with respect to the remote source. Exact rate regions are characterized for a lossy source coding problem with a private key, remote source, and decoder side information under security, privacy, communication, and distortion constraints. By replacing the distortion constraint with a reliability constraint, we obtain the exact rate region for the lossless case as well. Furthermore, the lossy rate region for scalar discrete-time Gaussian sources and measurement channels is established. An achievable lossy rate region that can be numerically computed is also provided for binary-input multiple additive discrete-time Gaussian noise measurement channels.

Blockchain Enabled Anonymous Privacy-Preserving Authentication Scheme for Internet of Health Things.

The Internet of Health Things (IoHT) has emerged as an attractive networking paradigm in wireless communications, integrated devices and embedded system technologies. In the IoHT, real-time health data are collected through smart healthcare sensors and, in recent years, the IoHT has started to have an important role in the Internet of Things technology. Although the IoHT provides comfort in health monitoring, it also imposes security challenges in maintaining patient data confidentiality and privacy. To overcome such security issues, in this paper, a novel blockchain-based privacy-preserving authentication scheme is proposed as an approach for achieving efficient authentication of the patient without the involvement of a trusted entity. Moreover, a secure handover authentication mechanism that ensures avoiding the patient re-authentication in multi-doctor communication scenarios and revoking the possible malicious misbehavior of medical professionals in the IoHT communication with the patient is developed. The performance of the proposed authentication and handover scheme is analyzed concerning the existing state-of-the-art authentication schemes. The results of the performance analyses reveal that the proposed authentication scheme is resistant to different types of security attacks. Moreover, the results of analyses show that the proposed authentication scheme outperforms similar state-of-the-art authentication schemes in terms of having lower computational, communication and storage costs. Therefore, the novel authentication and handover scheme has proven practical applicability and represents a valuable contribution to improving the security of communication in IoHT networks.

Privacy-Preserving Record Grouping and Consent Management Based on a Public-Private Key Signature Scheme: Theoretical Analysis and Feasibility Study.

BACKGROUND: Clinical and social trials create evidence that enables medical progress. However, the gathering of personal and patient data requires high security and privacy standards. Direct linking of personal information and medical data is commonly hidden through pseudonymization. While this makes unauthorized access to personal medical data more difficult, a centralized pseudonymization list can still pose a security risk. In addition, medical data linked via pseudonyms can still be used for data-driven reidentification. OBJECTIVE: Our objective was to propose a novel approach to pseudonymization based on public-private key cryptography that allows (1) decentralized patient-driven creation and maintenance of pseudonyms, (2) 1-time pseudonymization of each data record, and (3) grouping of patient data records even without knowing the pseudonymization key. METHODS: Based on public-private key cryptography, we set up a signing mechanism for patient data records and detailed the workflows for (1) user registration, (2) user log-in, (3) record storing, and (4) record grouping. We evaluated the proposed mechanism for performance, examined the potential risks based on cryptographic collision, and carried out a threat analysis. RESULTS: The performance analysis showed that all workflows could be performed with an average runtime of 0.057 to 42.320 ms (user registration), 0.083 to 0.606 ms (record creation), and 0.005 to 0.198 ms (record grouping) depending on the chosen cryptographic tools. We expected no realistic risk of cryptographic collision in the proposed system, and the threat analysis revealed that 3 distinct server systems of the proposed setup had to be compromised to allow access to combined medical data and private data. However, this would still allow only for data-driven deidentification. For a full reidentification, all 3 trial servers and all study participants would have to be compromised. In addition, the approach supports consent management, automatically anonymizes the data after trial closure, and provides basic mechanisms against data forging. CONCLUSIONS: The proposed approach has a high security and privacy level in comparison with traditional centralized pseudonymization approaches and does not require a trusted third party. The only drawback in comparison with central pseudonymization is the directed feedback of accidental findings to individual participants, as this is not possible with a quasi-anonymous storage of patient data.

Method for enabling a root of trust in support of product-data certification and traceability.

Trust in product-data quality (PDQ) is critical to successful implementation of model-based enterprise (MBE). Such trust does not extend to the exchange and reuse of three-dimensional (3D)-product models across the product lifecycle because verifiable traceability in product data is lacking. This assurance is especially crucial when "siloed" manufacturing functions produce product data that is not fully interoperable and thus requires frequent reworking to enable reuse. Previous research showed how Public Key Infrastructure (X.509-PKI) from the X.509 standard could be used to embed digital signatures into product data for the purposes of certification and traceability. This paper first provides an overview and review of technologies that could be integrated to support trust throughout the product lifecycle. The paper then proposes a trust structure that supports several data-transaction types. Next, the paper presents a case study for common configuration management (CM) workflows that are typically found in regulated industries. Finally, the paper draws conclusions and provides recommendations for further research for enabling the product lifecycle of trust (PLOT).