sensors-logo

Journal Browser

Journal Browser

Special Issue "Data Privacy, Security, and Trust in New Technological Trends"

A special issue of Sensors (ISSN 1424-8220). This special issue belongs to the section "Sensor Networks".

Deadline for manuscript submissions: 30 July 2023 | Viewed by 11079

Special Issue Editor

Dr. Valderi R. Q. Leithardt
E-Mail Website
Guest Editor
Department of Technologies of the Higher School of Technology and Management, Polytechnic Institute of Portalegre, 7300-110 Portalegre, Portugal
Interests: data privacy; communication protocols; programming
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The tendency is for new technological solutions to increase with the development of 5G communication, as new processes, protocols, and techniques for data control and management appear. Thus, in heterogeneous environments, it is necessary to improve techniques and algorithmic solutions aimed at managing the context of users, communication, environments, and devices. If we consider the current technological scenario that involves the Internet of Things, cloud computing, and big data, the trend and need for control mechanisms become even more necessary. Another problem that has arisen in the various techniques involving blockchain is security, the data encryption algorithms used, and issues that involve data privacy and trust in the transactions carried out. Therefore, we seek to identify contributions that fit these scenarios and mainly that can contribute, presenting news, techniques, and solutions to the problems presented. Contributions are not restricted only to the scenarios presented and the keywords but must have sufficient evidence to prove novelties in relation to the current state of the art in the literature on information security, data privacy, trust, and encryption techniques.

Dr. Valderi R. Q. Leithardt
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Sensors is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • data privacy and trust cryptographic algorithms
  • communication protocols
  • information context
  • management data privacy and trust in cloud computing
  • data security in smart cities
  • blockchain
  • Internet of Things

Published Papers (11 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Article
Securing Session Initiation Protocol
Sensors 2022, 22(23), 9103; https://doi.org/10.3390/s22239103 - 23 Nov 2022
Viewed by 149
Abstract
The session initiation protocol (SIP) is widely used for multimedia communication as a signaling protocol for managing, establishing, maintaining, and terminating multimedia sessions among participants. However, SIP is exposed to a variety of security threats. To overcome the security flaws of SIP, it [...] Read more.
The session initiation protocol (SIP) is widely used for multimedia communication as a signaling protocol for managing, establishing, maintaining, and terminating multimedia sessions among participants. However, SIP is exposed to a variety of security threats. To overcome the security flaws of SIP, it needs to support a number of security services: authentication, confidentiality, and integrity. Few solutions have been introduced in the literature to secure SIP, which can support these security services. Most of them are based on internet security standards and have many drawbacks. This work introduces a new protocol for securing SIP called secure-SIP (S-SIP). S-SIP consists of two protocols: the SIP authentication (A-SIP) protocol and the key management and protection (KP-SIP) protocol. A-SIP is a novel mutual authentication protocol. KP-SIP is used to secure SIP signaling messages and exchange session keys among entities. It provides different security services for SIP: integrity, confidentiality, and key management. A-SIP is based on the secure remote password (SRP) protocol, which is one of standard password-based authentication protocols supported by the transport layer security (TLS) standard. However, A-SIP is more secure and efficient than SRP because it covers its security flaws and weaknesses, which are illustrated and proven in this work. Through comprehensive informal and formal security analyses, we demonstrate that S-SIP is secure and can address SIP vulnerabilities. In addition, the proposed protocols were compared with many related protocols in terms of security and performance. It was found that the proposed protocols are more secure and have better performance. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
Do the Right Thing: A Privacy Policy Adherence Analysis of over Two Million Apps in Apple iOS App Store
Sensors 2022, 22(22), 8964; https://doi.org/10.3390/s22228964 - 19 Nov 2022
Viewed by 196
Abstract
Mobile app developers are often obliged by regulatory frameworks to provide a privacy policy in natural comprehensible language to describe their apps’ privacy practices. However, prior research has revealed that: (1) not all app developers offer links to their privacy policies; and (2) [...] Read more.
Mobile app developers are often obliged by regulatory frameworks to provide a privacy policy in natural comprehensible language to describe their apps’ privacy practices. However, prior research has revealed that: (1) not all app developers offer links to their privacy policies; and (2) even if they do offer such access, it is difficult to determine if it is a valid link to a (valid) policy. While many prior studies looked at this issue in Google Play Store, Apple App Store, and particularly the iOS store, is much less clear. In this paper, we conduct the first and the largest study to investigate the previous issues in the iOS app store ecosystem. First, we introduce an App Privacy Policy Extractor (APPE), a system that embraces and analyses the metadata of over two million apps to give insightful information about the distribution of the supposed privacy policies, and the content of the provided privacy policy links, store-wide. The result shows that only 58.5% of apps provide links to purported privacy policies, while 39.3% do not provide policy links at all. Our investigation of the provided links shows that only 38.4% of those links were directed to actual privacy policies, while 61.6% failed to lead to a privacy policy. Further, for research purposes we introduce the App Privacy Policy Corpus (APPC-451K); the largest app privacy policy corpus consisting of data relating to more than 451K verified privacy policies. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
A Framework for Online Document Verification Using Self-Sovereign Identity Technology
Sensors 2022, 22(21), 8408; https://doi.org/10.3390/s22218408 - 01 Nov 2022
Viewed by 310
Abstract
As the world is gradually moving towards digitization, forgery of vital digital documents has become relatively easy. Therefore, the need for efficient and secure verification and authentication practices of digital documents is also increasing. Self-sovereign identity (SSI) is a set of technologies that [...] Read more.
As the world is gradually moving towards digitization, forgery of vital digital documents has become relatively easy. Therefore, the need for efficient and secure verification and authentication practices of digital documents is also increasing. Self-sovereign identity (SSI) is a set of technologies that build on core concepts in identity management, blockchain technology, and cryptography. SSI enables entities to create fraud-proof verifiable credentials and instantly verify the authenticity of a digital credential. The online document verification solutions must deal with a myriad of issues in regard to privacy and security. Moreover, various challenging and tedious processes have made document verification overly complex and time-consuming which motivated us to conduct this research. This work presents a novel framework for online document verification based on SSI technology. The solution address the complexity and interoperability issues that are present in the current digital document verification systems. We look at a particular use case, i.e., document verification in online loan processing and evaluate how this proposed approach can make an impact on the existing system. Our solution based on SSI standards replaces the intermediary and enables trust between players in the ecosystem. The technology also holds the potential to make the system more efficient, interoperable, and privacy-preserving. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
An Architecture for Managing Data Privacy in Healthcare with Blockchain
Sensors 2022, 22(21), 8292; https://doi.org/10.3390/s22218292 - 29 Oct 2022
Viewed by 317
Abstract
With the fast development of blockchain technology in the latest years, its application in scenarios that require privacy, such as health area, have become encouraged and widely discussed. This paper presents an architecture to ensure the privacy of health-related data, which are stored [...] Read more.
With the fast development of blockchain technology in the latest years, its application in scenarios that require privacy, such as health area, have become encouraged and widely discussed. This paper presents an architecture to ensure the privacy of health-related data, which are stored and shared within a blockchain network in a decentralized manner, through the use of encryption with the RSA, ECC, and AES algorithms. Evaluation tests were performed to verify the impact of cryptography on the proposed architecture in terms of computational effort, memory usage, and execution time. The results demonstrate an impact mainly on the execution time and on the increase in the computational effort for sending data to the blockchain, which is justifiable considering the privacy and security provided with the architecture and encryption. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent
Sensors 2022, 22(7), 2763; https://doi.org/10.3390/s22072763 - 03 Apr 2022
Cited by 3 | Viewed by 2219
Abstract
The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as [...] Read more.
The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
BlockProof: A Framework for Verifying Authenticity and Integrity of Web Content
Sensors 2022, 22(3), 1165; https://doi.org/10.3390/s22031165 - 03 Feb 2022
Viewed by 617
Abstract
In the Literature, we can find several research works to help in the digital crime fight in order to prove integrity and authenticity of a published document, image or video. Among all the crimes, fake news certainly is among the most recurrent ones [...] Read more.
In the Literature, we can find several research works to help in the digital crime fight in order to prove integrity and authenticity of a published document, image or video. Among all the crimes, fake news certainly is among the most recurrent ones and needs to be mitigated. There are several Blockchain-based applications in order to make use of the benefits derived from technology, but little is found to verify the authenticity of Web content records as well as the history of all updates that have taken place in each Web content. Such kind of solution has become important nowadays as a way to cover the gap in the combat against fake news, for example. The purpose of this paper is to present BlockProof, a framework for verifying web content authenticity and integrity that offers a solution for content providers to register Web content, regardless of whether the page has dynamic or static content, in addition to enabling the consultation of the history of all records made for a given URL. We understand that such kind of solution may be useful to data producers/providers to provide evidence that they are in compliance with the fight against fake news, for instance. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
RootLogChain: Registering Log-Events in a Blockchain for Audit Issues from the Creation of the Root
Sensors 2021, 21(22), 7669; https://doi.org/10.3390/s21227669 - 18 Nov 2021
Cited by 1 | Viewed by 1003
Abstract
Logging system activities are required to provide credibility and confidence in the systems used by an organization. Logs in computer systems must be secured from the root user so that they are true and fair. This paper introduces RootLogChain, a blockchain-based audit [...] Read more.
Logging system activities are required to provide credibility and confidence in the systems used by an organization. Logs in computer systems must be secured from the root user so that they are true and fair. This paper introduces RootLogChain, a blockchain-based audit mechanism that is built upon a security protocol to create both a root user in a blockchain network and the first log; from there, all root events are stored as logs within a standard blockchain mechanism. RootLogChain provides security constructs so as to be deployed in a distributed context over a hostile environment, such as the internet. We have developed a prototype based on a microservice architecture, validating it by executing different stress proofs in two scenarios: one with compliant agents and the other without. In such scenarios, several compliant and non-compliant agents try to become a root and register the events within the blockchain. Non-compliant agents simulate eavesdropper entities that do not follow the rules of the protocol. Our experiments show that the mechanism guarantees the creation of one and only one root user, integrity, and authenticity of the transactions; it also stores all events generated by the root within a blockchain. In addition, for audit issues, the traceability of the transaction logs can be consulted by the root. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
A Novel Fingerprinting Technique for Data Storing and Sharing through Clouds
Sensors 2021, 21(22), 7647; https://doi.org/10.3390/s21227647 - 17 Nov 2021
Cited by 6 | Viewed by 790
Abstract
With the emerging growth of digital data in information systems, technology faces the challenge of knowledge prevention, ownership rights protection, security, and privacy measurement of valuable and sensitive data. On-demand availability of various data as services in a shared and automated environment has [...] Read more.
With the emerging growth of digital data in information systems, technology faces the challenge of knowledge prevention, ownership rights protection, security, and privacy measurement of valuable and sensitive data. On-demand availability of various data as services in a shared and automated environment has become a reality with the advent of cloud computing. The digital fingerprinting technique has been adopted as an effective solution to protect the copyright and privacy of digital properties from illegal distribution and identification of malicious traitors over the cloud. Furthermore, it is used to trace the unauthorized distribution and the user of multimedia content distributed through the cloud. In this paper, we propose a novel fingerprinting technique for the cloud environment to protect numeric attributes in relational databases for digital privacy management. The proposed solution with the novel fingerprinting scheme is robust and efficient. It can address challenges such as embedding secure data over the cloud, essential to secure relational databases. The proposed technique provides a decoding accuracy of 100%, 90%, and 40% for 10% to 30%, 40%, and 50% of deleted records. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
Research on Network Security Situation Awareness Based on the LSTM-DT Model
Sensors 2021, 21(14), 4788; https://doi.org/10.3390/s21144788 - 13 Jul 2021
Cited by 8 | Viewed by 1187
Abstract
To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent [...] Read more.
To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent with the actual network situation. The model is focused on the problem of the time sequence of network security situation assessment by using the decision tree algorithm (DT) and long short-term memory(LSTM) network. The biggest innovation of this paper is to change the description of the network situation in the original dataset. The original label only has attack and normal. We put forward a new idea which regards attack as a possibility, obtaining the probability of each attack, and describing the network situation by combining the occurrence probability and attack impact. Firstly, we determine the network risk assessment indicators through the dataset feature distribution, and we give the network risk assessment index a corresponding weight based on the analytic hierarchy process (AHP). Then, the stack sparse auto-encoder (SSAE) is used to learn the characteristics of the original dataset. The attack probability can be predicted by the processed dataset by using the LSTM network. At the same time, the DT algorithm is applied to identify attack types. Finally, we draw the corresponding curve according to the network security situation value at each time. Experiments show that the accuracy of the network situation awareness method proposed in this paper can reach 95%, and the accuracy of attack recognition can reach 87%. Compared with the former research results, the effect is better in describing complex network environment problems. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Article
Blockchain-Based Access Control Scheme for Secure Shared Personal Health Records over Decentralised Storage
Sensors 2021, 21(7), 2462; https://doi.org/10.3390/s21072462 - 02 Apr 2021
Cited by 12 | Viewed by 1836
Abstract
Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible [...] Read more.
Blockchain technology provides a tremendous opportunity to transform current personal health record (PHR) systems into a decentralised network infrastructure. However, such technology possesses some drawbacks, such as issues in privacy and storage capacity. Given its transparency and decentralised features, medical data are visible to everyone on the network and are inappropriate for certain medical applications. By contrast, storing vast medical data, such as patient medical history, laboratory tests, X-rays, and MRIs, significantly affect the repository storage of blockchain. This study bridges the gap between PHRs and blockchain technology by offloading the vast medical data into the InterPlanetary File System (IPFS) storage and establishing an enforced cryptographic authorisation and access control scheme for outsourced encrypted medical data. The access control scheme is constructed on the basis of the new lightweight cryptographic concept named smart contract-based attribute-based searchable encryption (SC-ABSE). This newly cryptographic primitive is developed by extending ciphertext-policy attribute-based encryption (CP-ABE) and searchable symmetric encryption (SSE) and by leveraging the technology of smart contracts to achieve the following: (1) efficient and secure fine-grained access control of outsourced encrypted data, (2) confidentiality of data by eliminating trusted private key generators, and (3) multikeyword searchable mechanism. Based on decisional bilinear Diffie–Hellman hardness assumptions (DBDH) and discrete logarithm (DL) problems, the rigorous security indistinguishability analysis indicates that SC-ABSE is secure against the chosen-keyword attack (CKA) and keyword secrecy (KS) in the standard model. In addition, user collusion attacks are prevented, and the tamper-proof resistance of data is ensured. Furthermore, security validation is verified by simulating a formal verification scenario using Automated Validation of Internet Security Protocols and Applications (AVISPA), thereby unveiling that SC-ABSE is resistant to man-in-the-middle (MIM) and replay attacks. The experimental analysis utilised real-world datasets to demonstrate the efficiency and utility of SC-ABSE in terms of computation overhead, storage cost and communication overhead. The proposed scheme is also designed and developed to evaluate throughput and latency transactions using a standard benchmark tool known as Caliper. Lastly, simulation results show that SC-ABSE has high throughput and low latency, with an ultimate increase in network life compared with traditional healthcare systems. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Review

Jump to: Research

Review
Security in V2I Communications: A Systematic Literature Review
Sensors 2022, 22(23), 9123; https://doi.org/10.3390/s22239123 - 24 Nov 2022
Viewed by 181
Abstract
Recently, the number of vehicles equipped with wireless connections has increased considerably. The impact of that growth in areas such as telecommunications, infotainment, and automatic driving is enormous. More and more drivers want to be part of a vehicular network, despite the implications [...] Read more.
Recently, the number of vehicles equipped with wireless connections has increased considerably. The impact of that growth in areas such as telecommunications, infotainment, and automatic driving is enormous. More and more drivers want to be part of a vehicular network, despite the implications or risks that, for instance, the openness of wireless communications, its dynamic topology, and its considerable size may bring. Undoubtedly, this trend is because of the benefits the vehicular network can offer. Generally, a vehicular network has two modes of communication (V2I and V2V). The advantage of V2I over V2V is roadside units’ high computational and transmission power, which assures the functioning of early warning and driving guidance services. This paper aims to discover the principal vulnerabilities and challenges in V2I communications, the tools and methods to mitigate those vulnerabilities, the evaluation metrics to measure the effectiveness of those tools and methods, and based on those metrics, the methods or tools that provide the best results. Researchers have identified the non-resistance to attacks, the regular updating and exposure of keys, and the high dependence on certification authorities as main vulnerabilities. Thus, the authors found schemes resistant to attacks, authentication schemes, privacy protection models, and intrusion detection and prevention systems. Of the solutions for providing security analyzed in this review, the authors determined that most of them use metrics such as computational cost and communication overhead to measure their performance. Additionally, they determined that the solutions that use emerging technologies such as fog/edge/cloud computing present better results than the rest. Finally, they established that the principal challenge in V2I communication is to protect and dispose of a safe and reliable communication channel to avoid adversaries taking control of the medium. Full article
(This article belongs to the Special Issue Data Privacy, Security, and Trust in New Technological Trends)
Show Figures

Figure 1

Back to TopTop