IAES Nawala: Data privacy on IoT

Greetings, fellow Nawala! May you always be in good health.

This is the IAES Nawala of the Institute of Advanced Engineering and Science. Today we will share some news about data privacy in IoT. The necessity of cyberattack awareness is a must in this modern era. Fareed and Yassin (2022) proposed a multi-factor authentication scheme for e-healthcare systems. This scheme overcomes the limitations of previous schemes and uses cryptographic hash functions and Schnorr digital signature. The results show that the proposed scheme offers better security features and robustness against attacks. In addition, they still maintain efficiency in terms of computation and communication costs.

E-healthcare assists medical specialists in remotely collecting patient health data and providing remote health diagnoses. The roles are distributed among the system’s users, contrasted between admin to data entry within certain rules and policies. Role-based access control (RBAC) is a technique of advanced access control that restricts key operations of users (addition, deletion and modification) access based on a user’s role within a healthcare system. This paper proposes a privacy-preserving using RBAC and smart multi-factor authentication for the healthcare system to overcome the limitation flaw in previous schemes such as security risk tolerance, scalability and dynamism. This work relies on low-complexity cryptographic hash functions and symmetric operations to authenticate users while using an asymmetric cryptosystem based on the Schnorr digital signature lightweight operation to authenticate the administrator to provide multi-factor authentication. The administrator represents the system’s core, and any his information leak could attack the entire system and its components. The proposed scheme conducted two thorough formal security proofs for the proposed work based on informal analysis and the Scyther tool. Furthermore, comparisons with other schemes reveal that the proposed scheme provides greater security features, and resisting attacks than the others while also being efficient in computing and communication costs.

Privacy-preserving multi-factor authentication and role-based access control scheme for the E-healthcare system
Mohammad Fareed, Ali A. Yassin

Saputra and Alfian (2023) proposed a privacy-aware federated learning (FL) framework to protect data sharing on Internet of things (IoT) devices. FL trains prediction models locally on each IoT device without sharing local data with a cloud server. However, there are concerns about privacy leakage when the local data being trained and the model that has been trained are shared with the cloud server to update the global prediction model. To address this issue, this research introduces a fully homomorphic encryption method used to protect the privacy of data and models. This framework uses a logistic regression approach. Experimental results using random datasets show that the proposed framework can achieve better results than other methods.

Federated learning (FL) has emerged as one of the most effective solutions to deal with the rapid utilization of internet of things (IoT) in big data markets. Through FL, local data at each IoT device can be trained locally without sharing the local data to the cloud server. However, this conventional FL may still suffer from privacy leakage when the local data are trained, and the trained model is shared to the cloud server to update the global prediction model. This paper proposes a FL framework with privacy awareness to protect data including the trained model for IoT devices. First, a data/model encryption method using fully homomorphic encryption is introduced, aiming at protecting the data/model privacy. Then, the FL framework for the IoT with the encryption method leveraging logistic regression approach is discussed. Experimental results using random datasets show that the proposed framework can obtain higher global model accuracy (up to 4.84%) and lower global model loss (up to 66.4%) compared with other baseline methods.

Privacy aware-based federated learning framework for data sharing protection of internet of things devices
Yuris Mulya Saputra, Ganjar Alfian

The above articles are a small part of the research on data privacy in IoT. To get more information, readers can visit the page and read articles for FREE through the following links: https://beei.org/ and https://ijeecs.iaescore.com/.

By: I. Busthomi