Preventing and controlling intra-hospital spread of COVID-19 in Taiwan - Looking back and moving forward.

COVID-19 has exposed major weaknesses in the healthcare settings. The surge in COVID-19 cases increases the demands of health care, endangers vulnerable patients, and threats occupational safety. In contrast to a hospital outbreak of SARS leading to a whole hospital quarantined, at least 54 hospital outbreaks following a COVID-19 surge in the community were controlled by strengthened infection prevention and control measures for preventing transmission from community to hospitals as well as within hospitals. Access control measures include establishing triage, epidemic clinics, and outdoor quarantine stations. Visitor access restriction is applied to inpatients to limit the number of visitors. Health monitoring and surveillance is applied to healthcare personnel, including self-reporting travel declaration, temperature, predefined symptoms, and test results. Isolation of the confirmed cases during the contagious period and quarantine of the close contacts during the incubation period are critical for containment. The target populations and frequency of SARS-CoV-2 PCR and rapid antigen testing depend on the level of transmission. Case investigation and contact tracing should be comprehensive to identify the close contacts to prevent further transmission. These facility-based infection prevention and control strategies help reduce hospital transmission of SARS-CoV-2 to a minimum in Taiwan.

IHIBE: A Hierarchical and Delegated Access Control Mechanism for IoT Environments.

Ensuring authorized access control in the IoT is vital for privacy and safety protection. Our study presents the novel IHIBE framework, which combines IOTA (a distributed ledger technology) with hierarchical identity-based encryption (HIBE), thereby enhancing both IoT security and scalability. This approach secures access tokens and policies while reducing the computational demand on data owners. Our empirical findings reveal a significant performance gap, with access rights delegation on the Raspberry Pi 4 exceeding those on AWS by over 250%. Moreover, our analysis uncovers optimal identity policy depths: up to 640 identities on AWS and 640 on the Raspberry Pi 4 for systems with higher tolerable delays, and 320 identities on AWS versus 160 on the Raspberry Pi 4 for systems with lower tolerable delays. The system shows practical viability, exhibiting insignificant operational time differences compared to Zhang et al.'s schemes, particularly in access rights verification processes, with a minimal difference of 33.35%. Our extensive security assessment, encompassing scenarios like encrypted token theft and compromise of authority, affirms the efficacy of our challenge-response and last-word challenge (LWC) mechanisms. This study underscores the importance of platform choice in IoT system architectures and provides insights for deploying efficient, secure, and scalable IoT environments.

SDACS: Blockchain-Based Secure and Dynamic Access Control Scheme for Internet of Things.

With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

A Novel IDS with a Dynamic Access Control Algorithm to Detect and Defend Intrusion at IoT Nodes.

The Internet of Things (IoT) is the underlying technology that has enabled connecting daily apparatus to the Internet and enjoying the facilities of smart services. IoT marketing is experiencing an impressive 16.7% growth rate and is a nearly USD 300.3 billion market. These eye-catching figures have made it an attractive playground for cybercriminals. IoT devices are built using resource-constrained architecture to offer compact sizes and competitive prices. As a result, integrating sophisticated cybersecurity features is beyond the scope of the computational capabilities of IoT. All of these have contributed to a surge in IoT intrusion. This paper presents an LSTM-based Intrusion Detection System (IDS) with a Dynamic Access Control (DAC) algorithm that not only detects but also defends against intrusion. This novel approach has achieved an impressive 97.16% validation accuracy. Unlike most of the IDSs, the model of the proposed IDS has been selected and optimized through mathematical analysis. Additionally, it boasts the ability to identify a wider range of threats (14 to be exact) compared to other IDS solutions, translating to enhanced security. Furthermore, it has been fine-tuned to strike a balance between accurately flagging threats and minimizing false alarms. Its impressive performance metrics (precision, recall, and F1 score all hovering around 97%) showcase the potential of this innovative IDS to elevate IoT security. The proposed IDS boasts an impressive detection rate, exceeding 98%. This high accuracy instills confidence in its reliability. Furthermore, its lightning-fast response time, averaging under 1.2 s, positions it among the fastest intrusion detection systems available.

Underwater Multi-Channel MAC with Cognitive Acoustics for Distributed Underwater Acoustic Networks.

The advancement of underwater cognitive acoustic network (UCAN) technology aims to improve spectral efficiency and ensure coexistence with the underwater ecosystem. As the demand for short-term underwater applications operated under distributed topologies, like autonomous underwater vehicle cluster operations, continues to grow, this paper presents Underwater Multi-channel Medium Access Control with Cognitive Acoustics (UMMAC-CA) as a suitable channel access protocol for distributed UCANs. UMMAC-CA operates on a per-frame basis, similar to the Multi-channel Medium Access Control with Cognitive Radios (MMAC-CR) designed for distributed cognitive radio networks, but with notable differences. It employs a pre-determined data transmission matrix to allow all nodes to access the channel without contention, thus reducing the channel access overhead. In addition, to mitigate the communication failures caused by randomly occurring interferers, UMMAC-CA allocates at least 50% of frame time for interferer sensing. This is possible because of the fixed data transmission scheduling, which allows other nodes to sense for interferers simultaneously while a specific node is transmitting data. Simulation results demonstrate that UMMAC-CA outperforms MMAC-CR across various metrics, including those of the sensing time rate, controlling time rate, and throughput. In addition, except for in the case where the data transmission time coefficient equals 1, the message overhead performance of UMMAC-CA is also superior to that of MMAC-CR. These results underscore the suitability of UMMAC-CA for use in challenging underwater applications requiring multi-channel cognitive communication within a distributed network architecture.

A Novel Framed Slotted Aloha Medium Access Control Protocol Based on Capture Effect in Vehicular Ad Hoc Networks.

The capture effect is a frequently observed phenomenon in vehicular ad hoc networks (VANETs) communication. When conflicts arise during time slot access, failure to access does not necessarily occur; instead, successful access may still be achieved. The capture effect can enhance the likelihood of multiple access and improve communication efficiency. The security of VANETs communication is undoubtedly the primary concern. One crucial approach to enhance security involves the design of an efficient and reliable medium access control (MAC) protocol. Taking into account both aspects, we propose a novel framed slotted Aloha (FSA) MAC protocol model. Firstly, we derive the closed-form expression for the capture probability in the Rician fading channel in this paper. Subsequently, we analyze how the number of vehicles and time slots influence the success probability of vehicle access channels as well as examine the impact of the capture effect on this success probability. Then, under constraints regarding vehicle access channel success probability, we derive optimal values for slot numbers, access times, and transmission power while proposing a comprehensive implementation method to ensure high access channel success probabilities. We verify both theoretical derivations and proposed methods through simulation experiments.

A Blockchain-Based Authentication and Authorization Scheme for Distributed Mobile Cloud Computing Services.

Authentication and authorization constitute the essential security component, access control, for preventing unauthorized access to cloud services in mobile cloud computing (MCC) environments. Traditional centralized access control models relying on third party trust face a critical challenge due to a high trust cost and single point of failure. Blockchain can achieve the distributed trust for access control designs in a mutual untrustworthy scenario, but it also leads to expensive storage overhead. Considering the above issues, this work constructed an authentication and authorization scheme based on blockchain that can provide a dynamic update of access permissions by utilizing the smart contract. Compared with the conventional authentication scheme, the proposed scheme integrates an extra authorization function without additional computation and communication costs in the authentication phase. To improve the storage efficiency and system scalability, only one transaction is required to be stored in blockchain to record a user's access privileges on different service providers (SPs). In addition, mobile users in the proposed scheme are able to register with an arbitrary SP once and then utilize the same credential to access different SPs with different access levels. The security analysis indicates that the proposed scheme is secure under the random oracle model. The performance analysis clearly shows that the proposed scheme possesses superior computation and communication efficiencies and requires a low blockchain storage capacity for accomplishing user registration and updates.

A Scalable Cross-Chain Access Control and Identity Authentication Scheme.

Cross-chain is an emerging blockchain technology which builds the bridge across homogeneous and heterogeneous blockchains. However, due to the differentiation of different blockchains and the lack of access control and identity authentication of cross-chain operation subjects, existing cross-chain technologies are struggling to accomplish the identity transformation of cross-chain subjects between different chains, and also pose great challenges in terms of the traceability and supervision of dangerous transactions. To address the above issues, this paper proposes a scalable cross-chain access control and identity authentication scheme, which can authenticate the legitimacy of blockchains in the cross-chain system and ensure that all cross-chain operations are carried out by verified users. Furthermore, it will record all cross-chain operations with the help of Superchain in order to regulate and trace illegal transactions. Our scheme is scalable and, at the same time, has low invasiveness to blockchains in the cross-chain system. We implement the scheme and accordingly conduct the evaluations, which prove its security, efficiency, and scalability.

N-Accesses: A Blockchain-Based Access Control Framework for Secure IoT Data Management.

With the rapid advancement of network communication and big data technologies, the Internet of Things (IoT) has permeated every facet of our lives. Meanwhile, the interconnected IoT devices have generated a substantial volume of data, which possess both economic and strategic value. However, owing to the inherently open nature of IoT environments and the limited capabilities and the distributed deployment of IoT devices, traditional access control methods fall short in addressing the challenges of secure IoT data management. On the one hand, the single point of failure issue is inevitable for the centralized access control schemes. On the other hand, most decentralized access control schemes still face problems such as token underutilization, the insecure distribution of user permissions, and inefficiency.This paper introduces a blockchain-based access control framework to address these challenges. Specifically, the proposed framework enables data owners to host their data and achieves user-defined lightweight data management. Additionally, through the strategic amalgamation of smart contracts and hash-chains, our access control scheme can limit the number of times (i.e., n-times access) a user can access the IoT data before the deadline. This also means that users can utilize their tokens multiple times (predefined by the data owner) within the deadline, thereby improving token utilization while ensuring strict access control. Furthermore, by leveraging the intrinsic characteristics of blockchain, our framework allows data owners to gain capabilities for auditing the access records of their data and verifying them. To empirically validate the effectiveness of our proposed framework and approach, we conducted extensive simulations, and the experimental results demonstrated the feasibility and efficiency of our solution.

DR-ALOHA-Q: A Q-Learning-Based Adaptive MAC Protocol for Underwater Acoustic Sensor Networks.

Underwater acoustic sensor networks (UASNs) are challenged by the dynamic nature of the underwater environment, large propagation delays, and global positioning system (GPS) signal unavailability, which make traditional medium access control (MAC) protocols less effective. These factors limit the channel utilization and performance of UASNs, making it difficult to achieve high data rates and handle congestion. To address these challenges, we propose a reinforcement learning (RL) MAC protocol that supports asynchronous network operation and leverages large propagation delays to improve the network throughput.he protocol is based on framed ALOHA and enables nodes to learn an optimal transmission strategy in a fully distributed manner without requiring detailed information about the external environment. The transmission strategy of sensor nodes is defined as a combination of time-slot and transmission-offset selection. By relying on the concept of learning through interaction with the environment, the proposed protocol enhances network resilience and adaptability. In both static and mobile network scenarios, it has been compared with the state-of-the-art framed ALOHA for the underwater environment (UW-ALOHA-Q), carrier-sensing ALOHA (CS-ALOHA), and delay-aware opportunistic transmission scheduling (DOTS) protocols. The simulation results show that the proposed solution leads to significant channel utilization gains, ranging from 13% to 106% in static network scenarios and from 23% to 126% in mobile network scenarios.oreover, using a more efficient learning strategy, it significantly reduces convergence time compared to UW-ALOHA-Q in larger networks, despite the increased action space.

Access Control Design Practice and Solutions in Cloud-Native Architecture: A Systematic Mapping Study.

Protecting the resources of a cloud-native application is essential to meet an organization's security goals. Cloud-native applications manage thousands of user requests, and an organization must employ a proper access control mechanism. However, unfortunately, developers sometimes grumble when designing and enforcing access decisions for a gigantic scalable application. It is sometimes complicated to choose the potential access control model for the system. Cloud-native software architecture has become an integral part of the industry to manage and maintain customer needs. A microservice is a combination of small independent services that might have hundreds of parts, where the developers must protect the individual services. An efficient access control model can defend the respective services and consistency. This study intends to comprehensively analyze the current access control mechanism and techniques utilized in cloud-native architecture. For this, we present a systematic mapping study that extracts current approaches, categorizes access control patterns, and provides developers guidance to meet security principles. In addition, we have gathered 234 essential articles, of which 29 have been chosen as primary studies. Our comprehensive analysis will guide practitioners to identify proper access control mechanisms applicable to ensuring security goals in cloud-native architectures.

Statement Recognition of Access Control Policies in IoT Networks.

Access Control Policies (ACPs) are essential for ensuring secure and authorized access to resources in IoT networks. Recognizing these policies involves identifying relevant statements within project documents expressed in natural language. While current research focuses on improving recognition accuracy through algorithm enhancements, the challenge of limited labeled data from individual clients is often overlooked, which impedes the training of highly accurate models. To address this issue and harness the potential of IoT networks, this paper presents FL-Bert-BiLSTM, a novel model that combines federated learning and pre-trained word embedding techniques for access control policy recognition. By leveraging the capabilities of IoT networks, the proposed model enables real-time and distributed training on IoT devices, effectively mitigating the scarcity of labeled data and enhancing accessibility for IoT applications. Additionally, the model incorporates pre-trained word embeddings to leverage the semantic information embedded in textual data, resulting in improved accuracy for access control policy recognition. Experimental results substantiate that the proposed model not only enhances accuracy and generalization capability but also preserves data privacy, making it well-suited for secure and efficient access control in IoT networks.

XACML for Mobility (XACML4M)-An Access Control Framework for Connected Vehicles.

The automotive industry is experiencing a transformation with the rapid integration of software-based systems inside vehicles, which are complex systems with multiple sensors. The use of vehicle sensor data has enabled vehicles to communicate with other entities in the connected vehicle ecosystem, such as the cloud, road infrastructure, other vehicles, pedestrians, and smart grids, using either cellular or wireless networks. This vehicle data are distributed, private, and vulnerable, which can compromise the safety and security of vehicles and their passengers. It is therefore necessary to design an access control mechanism around the vehicle data's unique attributes and distributed nature. Since connected vehicles operate in a highly dynamic environment, it is important to consider context information such as location, time, and frequency when designing a fine-grained access control mechanism. This leads to our research question: How can Attribute-Based Access Control (ABAC) fulfill connected vehicle requirements of Signal Access Control (SAC), Time-Based Access Control (TBAC), Location-Based Access Control (LBAC), and Frequency-Based Access Control (FBAC)? To address the issue, we propose a data flow model based on Attribute-Based Access Control (ABAC) called eXtensible Access Control Markup Language for Mobility (XACML4M). XACML4M adds additional components to the standard eXtensible Access Control Markup Language (XACML) to satisfy the identified requirements of SAC, TBAC, LBAC, and FBAC in connected vehicles. Specifically, these are: Vehicle Data Environment (VDE) integrated with Policy Enforcement Point (PEP), Time Extensions, GeoLocation Provider, Polling Frequency Provider, and Access Log Service. We implement a prototype based on these four requirements on a Raspberry Pi 4 and present a proof-of-concept for a real-world use case. We then perform a functional evaluation based on the authorization policies to validate the XACML4M data flow model. Finally, we conclude that our proposed XACML4M data flow model can fulfill all four of our identified requirements for connected vehicles.

Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions.

Internet of Things (IoT) provides a wide range of services in domestic and industrial environments. Access control plays a crucial role in granting access rights to users and devices when an IoT device is connected to a network. However, many challenges exist in designing and implementing an ideal access control solution for the IoT due to the characteristics of the IoT including but not limited to the variety of the IoT devices, the resource constraints on the IoT devices, and the heterogeneous nature of the IoT. This paper conducts a comprehensive survey on access control in the IoT, including access control requirements, authorization architecture, access control models, access control policies, access control research challenges, and future directions. It identifies and summarizes key access control requirements in the IoT. The paper further evaluates the existing access control models to fulfill the access control requirements. Access control decisions are governed by access control policies. The existing approaches on dynamic policies' specification are reviewed. The challenges faced by the existing solutions for policies' specification are highlighted. Finally, the paper presents the research challenges and future directions of access control in the IoT. Due to the variety of IoT applications, there is no one-size-fits-all solution for access control in the IoT. Despite the challenges encountered in designing and implementing the access control in the IoT, it is desired to have an access control solution to meet all the identified requirements to secure the IoT.

Deep Reinforcement Learning for Joint Trajectory Planning, Transmission Scheduling, and Access Control in UAV-Assisted Wireless Sensor Networks.

Unmanned aerial vehicles (UAVs) can be used to relay sensing information and computational workloads from ground users (GUs) to a remote base station (RBS) for further processing. In this paper, we employ multiple UAVs to assist with the collection of sensing information in a terrestrial wireless sensor network. All of the information collected by the UAVs can be forwarded to the RBS. We aim to improve the energy efficiency for sensing-data collection and transmission by optimizing UAV trajectory, scheduling, and access-control strategies. Considering a time-slotted frame structure, UAV flight, sensing, and information-forwarding sub-slots are confined to each time slot. This motivates the trade-off study between UAV access-control and trajectory planning. More sensing data in one time slot will take up more UAV buffer space and require a longer transmission time for information forwarding. We solve this problem by a multi-agent deep reinforcement learning approach that takes into consideration a dynamic network environment with uncertain information about the GU spatial distribution and traffic demands. We further devise a hierarchical learning framework with reduced action and state spaces to improve the learning efficiency by exploiting the distributed structure of the UAV-assisted wireless sensor network. Simulation results show that UAV trajectory planning with access control can significantly improve UAV energy efficiency. The hierarchical learning method is more stable in learning and can also achieve higher sensing performance.

Non-Contact Face Temperature Measurement by Thermopile-Based Data Fusion.

Thermal imaging cameras and infrared (IR) temperature measurement devices act as state-of-the-art techniques for non-contact temperature determination of the skin surface. The former is cost-intensive in many cases for widespread application, and the latter requires manual alignment to the measuring point. Due to this background, this paper proposes a new method for automated, non-contact, and area-specific temperature measurement of the facial skin surface. It is based on the combined use of a low-cost thermopile sensor matrix and a 2D image sensor. The temperature values as well as the 2D image data are fused using a parametric affine transformation. Based on face recognition, this allows temperature values to be assigned to selected facial regions and used specifically to determine the skin surface temperature. The advantages of the proposed method are described. It is demonstrated by means of a participant study that the temperature absolute values, which are achieved without manual alignment in an automated manner, are comparable to a commercially available IR-based forehead thermometer.

Enhancing Microservices Security with Token-Based Access Control Method.

Microservices are compact, independent services that work together with other microservices to support a single application function. Organizations may quickly deliver high-quality applications using the effective design pattern of the application function. Microservices allow for the alteration of one service in an application without affecting the other services. Containers and serverless functions, two cloud-native technologies, are frequently used to create microservices applications. A distributed, multi-component program has a number of advantages, but it also introduces new security risks that are not present in more conventional monolithic applications. The objective is to propose a method for access control that ensures the enhanced security of microservices. The proposed method was experimentally tested and validated in comparison to the centralized and decentralized architectures of the microservices. The obtained results showed that the proposed method enhanced the security of decentralized microservices by distributing the access control responsibility across multiple microservices within the external authentication and internal authorization processes. This allows for easy management of permissions between microservices and can help prevent unauthorized access to sensitive data and resources, as well as reduce the risk of attacks on microservices.

Widening Blockchain Technology toward Access Control for Service Provisioning in Cellular Networks.

The attention on blockchain technology (BCT) to create new forms of relational reliance has seen an explosion of new applications and initiatives, to assure decentralized security and trust. Its potential as a game-changing technology relates to how data gets distributed and replicated over several organizations and countries. This paper provides an introduction to BCT, as well as a review of its technological aspects. A concrete application of outsource access control and pricing procedures in cellular networks, based on a decentralized access control-as-a-service solution for private cellular networks, is also presented. The application can be used by service and content providers, to provide new business models. The proposed method removes the single point of failure from conventional centralized access control systems, increasing scalability while decreasing operational complexity, regarding access control and pricing procedures. Design and implementation details of the new method in a real-world scenario using a private cellular network and a BCT system that enables smart contracts are also provided.

EVOAC-HP: An Efficient and Verifiable Outsourced Access Control Scheme with Hidden Policy.

As medical data become increasingly important in healthcare, it is crucial to have proper access control mechanisms, ensuring that sensitive data are only accessible to authorized users while maintaining privacy and security. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an attractive access control solution that can offer effective, fine-grained and secure medical data sharing, but it has two major drawbacks: Firstly, decryption is computationally expensive for resource-limited data users, especially when the access policy has many attributes, limiting its use in large-scale data-sharing scenarios. Secondly, existing schemes are based on data users' attributes, which can potentially reveal sensitive information about the users, especially in healthcare data sharing, where strong privacy and security are essential. To address these issues, we designed an improved CP-ABE scheme that provides efficient and verifiable outsourced access control with fully hidden policy named EVOAC-HP. In this paper, we utilize the attribute bloom filter to achieve policy hiding without revealing user privacy. For the purpose of alleviating the decryption burden for data users, we also adopt the technique of outsourced decryption to outsource the heavy computation overhead to the cloud service provider (CSP) with strong computing and storage capabilities, while the transformed ciphertext results can be verified by the data user. Finally, with rigorous security and reliable performance analysis, we demonstrate that EVOAC-HP is both practical and effective with robust privacy protection.

An Access Control System Based on Blockchain with Zero-Knowledge Rollups in High-Traffic IoT Environments.

The access control (AC) system in an IoT (Internet of Things) context ensures that only authorized entities have access to specific devices and that the authorization procedure is based on pre-established rules. Recently, blockchain-based AC systems have gained attention within research as a potential solution to the single point of failure issue that centralized architectures may bring. Moreover, zero-knowledge proof (ZKP) technology is included in blockchain-based AC systems to address the issue of sensitive data leaking. However, current solutions have two problems: (1) systems built by these works are not adaptive to high-traffic IoT environments because of low transactions per second (TPS) and high latency; (2) these works cannot fully guarantee that all user behaviors are honest. In this work, we propose a blockchain-based AC system with zero-knowledge rollups to address the aforementioned issues. Our proposed system implements zero-knowledge rollups (ZK-rollups) of access control, where different AC authorization requests can be grouped into the same batch to generate a uniform ZKP, which is designed specifically to guarantee that participants can be trusted. In low-traffic environments, sufficient experiments show that the proposed system has the least AC authorization time cost compared to existing works. In high-traffic environments, we further prove that based on the ZK-rollups optimization, the proposed system can reduce the authorization time overhead by 86%. Furthermore, the security analysis is presented to show the system's ability to prevent malicious behaviors.