Abstract
Developing emergency and disaster management systems is an important issue in our “computer society”. The primary issue is how to share information about a current disaster and the status of resource allocation for emergency management. System continuity management is another important issue on disaster-related issue. Furthermore, we should consider a solution for constructing a trust network in a disaster situation. In this paper, we focus on security issues that confront IT systems during disasters. The security issues include privacy breach in a disaster situation. We summarize these security and privacy issues in the context of three major areas of operation: information gathering, network access, and system continuity management. Then we provide the results of a survey on techniques for solving these issues.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abul O, Bonchi F, Nanni M (2008) Never walk alone: Uncertainty for anonymity in moving objects databases. In: IEEE 24th international conference on data engineering, ICDE 2008, pp 376 –385
Andrienko G, Andrienko N, Giannotti F, Monreale A, Pedreschi D (2009) Movement data anonymity through generalization. In: Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 international workshop on security and privacy in GIS and LBS, SPRINGL ’09, pp 27–31
Anwar Z, Shankesi R, Campbell R (2008) Automatic security assessment of critical cyber-infrastructures. In: Proceedings of 2008 IEEE international conference on dependable systems and networks with FTCS and DCC, 2008. DSN 2008, pp 366 –375
Aranha D, López J, Hankerson D (2010) High-speed parallel software implementation of the η T pairing. In: Topics in cryptology—CT-RSA 2010, LNCS, vol 5985, Springer, Berlin, pp 89–105
Armando A, Carbone R, Compagna L, Cuellar J, Tobarra L (2008) Formal analysis of saml 2.0 web browser single sign-on: breaking the saml-based single sign-on for google apps. In: Proceedings of the 6th ACM workshop on formal methods in security engineering, FMSE ’08, pp 1–10
Asplund M, Nadjm-Tehrani S, Sigholm J (2009) Emerging information infrastructures: cooperation in disasters. In: Critical information infrastructure security, CRITS2008, Lecture Notes in Computer Science, vol 5508, Springer, Berlin, pp 258–270
Atteih AS, Algahtani SA, Nazmy A (2010) Emergency management information system: case study. In: GM, Unicom for Communication Technologies, http://www.unicomg.com/Home/
Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with privacygrid. In: Proceedings of 17th Iiternational World Wide Web conference (WWW 2008), pp 237–246
Bessis N, Asimakopoulou E (2012) Special issue on smart environments and collective computational intelligence for disaster management. J Ambient Intell Humanized Comput, pp 1–2
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, pp 321–334
Beuchat JL, Gonzalez-Diaz J, Mitsunari S, Okamoto E, Rodriguez-Henriquez F, Teruya T (2010) High-speed software implementation of the optimal Ate pairing over Barreto-Naehrig curves. In: Pairing-based cryptography—Pairing 2010, LNCS, vol 6487, Springer, Berlin, pp 21–39
Bhaduri B, Bright EA, Vijayraj V (2008) Towards a geospatial knowledge discovery framework for disaster management. In: Proceedings of ESA-EUSC, 2008
Bugiel S, Nurnberger S, Sadeghi A, Schneider T (2011) Twin clouds: an architecture for secure cloud computing. In: Proceedings of workshop on cryptography and security in clouds, ECRYPT-II
Castiglione A, Santis AD, Soriente C (2007) Taking advantages of a disadvantage: digital forensics and steganography using document metadata. J Syst Softw 80(5):750–764
Castiglione A, Prisco R, Santis A (2009) Do you trust your phone? In: E-commerce and web technologies, lecture notes in computer science, vol 5692, pp 50–61
Castiglione A, Santis AD, Soriente C (2010) Security and privacy issues in the portable document format. J Syst Softw 83(10):1813–1822
Castiglione A, Cattaneo G, Maio G, Petagna F (2011) Secr3t: Secure end-to-end communication over 3g telecommunication networks. In: Proceedings of the fifth international conference on innovative mobile and internet services in ubiquitous computing (IMIS), pp 520–526
Castiglione A, Cattaneo G, Cembalo M, Santis AD, Faruolo P, Petagna F, Petrillo UF (2012) Engineering a secure mobile messaging framework. Comput Security 31(6):771–781
Chase M (2007) Multi-authority attribute based encryption. In: Theory of Cryptography, LNCS, vol 4392, Springer, Berlin, pp 515–534
Cho JH, Swami A, Chen IR (2011) A survey on trust management for mobile ad-hoc networks. IEEE Commun Surv Tutorials 13(4):562–583
Choi C, Choi J, Ko B, Oh K, Kim P (2012) A design of onto-acm (ontology based access control model) in cloud computing environments. J Wirel Mobile Netw Ubiquitous Comput Dependable Appl 2(3/4):54–64
Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J (2009) Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of the 2009 ACM workshop on cloud computing security, CCSW ’09, pp 85–90
Claycomb WR, Huth CL, Flynn L, McIntire DM, Lewellen TB (2012) Chronological examination of insider threat sabotage: Preliminary observations. J Wirel Mobile Netw Ubiquitous Comput Dependable Appl 3(4):4–20
Collberg C, Thomborson C (2002) Watermarking, tamper-proofing, and obfuscation: tools for software protection. IEEE Trans Softw Eng 28(8):735–746
Cucinotta T, Cecchetti G, Ferraro G (2003) Adopting redundancy techniques for multicast stream authentication. In: Proceedings of the the ninth IEEE workshop on future trends of distributed computing systems, FTDCS ’03
De Maio C, Fenza G, Gaeta M, Loia V, Orciuoli F (2011) A knowledge-based framework for emergency dss. Knowl Based Syst 24(8):1372–1379
DeCapua C, Bhaduri B (2007) Applications of geospatial technology in international disasters and during hurricane katrina. In: Available at the Project Site of “Capturing Hurricane Katrina Data For Analysis and Lessons-Learned Research”
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inform Theory 22(6):644 – 654
Dilmaghani RB, Rao RR (2009) A systematic approach to improve communication for emergency response. In: Proceedings of the 42nd Hawaii international conference on system sciences, IEEE HICSS ’09, pp 1–8
Eltaief H, Youssef H (2010) Efficient sender authentication and signing of multicast streams over lossy channels. In: Proceedings of 2010 IEEE/ACS international conference on computer systems and applications (AICCSA), pp 1 –7
England P, Shi Q, Askwith B, Bouhafs F (2012) A survey on trust management in mobile ad-hoc networks. In: Proceedings of the 13th annual post graduate symposium on the convergence of telecommunications, networking, and broadcasting, PGNET 2012
Fajardo JTB, Oppus CM (2009) A mobile disaster management system using the android technology. Int J Commun 3:77–86
Fujiwara T, Watanabe T (2005) An ad hoc networking scheme in hybrid networks for emergency communications. Ad Hoc Netw 3(5):607–620
Fujiwara T, Iida N, Watanabe T (2004) An ad-hoc routing protocol in hybrid wireless networks for emergency communications. In: Proceedings of the 24th international conference on distributed computing systems workshops , W7: EC (ICDCSW’04), vol 7, ICDCSW ’04, pp 748–754
Fukushima K, Kiyomoto S, Tanaka T (2009) Obfuscation mechanism in conjunction with tamper-proof module. In: International conference on computational science and engineering, 2009. CSE ’09. vol 2, pp 665–670
Fukushima K., Kiyomoto S., Miyake Y. (2011) Towards secure cloud computing architecture. J Internet Services Inform Security Special Issue Cloud Comput 1(1):4–17
Gedik M, Liu L (2005) A customizable k-anonymity model for protecting location privacy. In: Proceedings of the 25th international conference on distributed computing systems (ICDCS 2005), pp 620–629
Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st annual ACM symposium on theory of computing, STOC ’09, pp 169–178
Gentry C, Silverberg A (2002) Hierarchical ID-based cryptography. In: Advances in Cryptology - ASIACRYPT 2002, LNCS, vol 2501, Springer, Berlin, pp 149–155
Ghinita G, Kalnis P, Skiadopoulos S (2007) PRIVÉ: Anonymous location-based queries in distributed mobile systems. In: Proceedings of 16th international world wide web conference (WWW 2007), pp 371–380
Golle P, Modadugu N (2001) Authenticating streamed data in the presence of random packet loss (extended abstract). In: ISOC network and distributed system security symposium, pp 13–22
Gomi H, Hatakeyama M, Hosono S, Fujita S (2005) A delegation framework for federated identity management. In: Proceedings of the 2005 workshop on digital identity management, DIM ’05, pp 94–103
Govindan K, Mohapatra P (2012) Trust computations and trust dynamics in mobile adhoc networks: a survey. IEEE Commun Surv Tutor 14(2):279–298
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, ACM, CCS ’06, pp 89–98
Goyal V, Jain A, Pandey O, Sahai A (2008) Bounded ciphertext policy attribute based encryption. In: Automata, languages and programming, LNCS, vol 5126, Springer, Berlin, pp 579–591
Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st international conference on mobile systems, applications, and services (MobiSys 2003), pp 163–168
Hamlen K, Kantarcioglu M, Khan L, Thuraisingham B (2010) Security issues for cloud computing. Int J Inform Secur Privacy 4(2):39–51
Hiehata Y, Koto H, Nakamura H (2010) A proposal of a communication-broadcasting integrated system to support communication and navigation during disasters. In: Proceedings of the 2010 fifth international conference on internet monitoring and protection, ICIMP ’10, pp 110–116
Hinek MJ, Jiang S, Safavi-Naini R, Shahandashti SF (2008) Attribute-based encryption with key cloning protection. Cryptology ePrint Archive, Report 2008/478, http://eprint.iacr.org/
Hong JI, Landay JA (2004) An architecture for privacy-sensitive ubiquitous computing. In: Proceedings of the 2nd international conference on mobile systems, applications, and services (MobiSys 2004), pp 177–189
International Federation of Red Cross and Red Crescent Societies (2010) The disaster management information system (DMIS). https://www-secureifrcorg/DMISII/Pages/00_Home/loginaspx
Jansen W (2011) Cloud hooks: security and privacy issues in cloud computing. In: Proceedings of 44th Hawaii international conference on system sciences (HICSS), pp 1–10
Jiang T, Baras JS (2006) Trust evaluation in anarchy: a case study on autonomous networks. In: Proceedings of the 25th IEEE international conference on computer communications, IEEE Infocom 2006, pp 1–12
Khorshed M, Ali A, Wasimi S (2011) Monitoring insiders activities in cloud computing using rule based learning. In: Proceedings of 2011 IEEE 10th international conference on trust, security and privacy in computing and communications (TrustCom), pp 757 –764
Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: Proceedings of IEEE international conference on pervasive services 2005 (ICPS 2005), pp 88–97
Kim J, Kim D, Jung SM, Lee C, Lim D, Hong S, Yoo SK (2009) Development of mobile ad hoc network for emergency telemedicine service in disaster areas. In: Proceedings of the 2009 international conference on new trends in information and service science, NISS ’09, pp 1291–1296
Kiyomoto S, Fukushima K, Miyake Y (2012a) Security-and-privacy-related issues on it systems during disasters. In: Proceedings of 2nd IFIP international workshop on security and cognitive informatics for homeland defense, Springer, Berlin/Heidelberg, SecIHD2012, Lecture Notes in computer science
Kiyomoto S, Miyake Y, Tanaka T (2012b) On designing privacy-aware data upload mechanism - towards information-gathering system for disasters -. In: Proceedings of The 11th IEEE international conference on ubiquitous computing and communications (IUCC-2012)
Kushilevitz E, Ostrovsky R (1997) Replication is not needed: single database, computationally-private information retrieval. In: Proceedings of the 38th annual symposium on foundations of computer science, pp 364–373
de Lanerolle TR, Anderson W, DeFabbia-Kane S, Fox-Epstein E, Gochev D, Morelli R (2010) Development of a virtual dashboard for event coordination between multipul groups. In: Proceedings of 7th international conference on information systems for crisis response and management, ISCRAM 2010
Lewko A, Waters B (2011) Unbounded hibe and attribute-based encryption. In: Advances in cryptology - EUROCRYPT 2011, LNCS, vol 6632, Springer, Berlin, pp 547–567
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Advances in Cryptology - EUROCRYPT 2010, LNCS, vol 6110, Springer, Berlin, pp 62–91
Lien YN, Jang HC, Tsai TC (2009) A MANET based emergency communication and information system for catastrophic natural disasters. In: 29th IEEE international conference on Distributed computing systems workshops, 2009. ICDCS Workshops ’09, pp 412–417
Liu Z, Joy A, Thompson R (2004) A dynamic trust model for mobile ad hoc networks. In: Proceedings of the 10th IEEE international workshop on future trends of distributed computing systems, FTDCS ’04, pp 80–85
Mascetti S, Bettini C (2007) A comparison of spatial generalization algorithms for lbs privacy preservation. In: Proceedings of the 1st international workshop on privacy-aware location-based mobile services (PALMS 2007), pp 258–262
Mehendale H, Paranjpe A, Vempala S (2011) Lifenet: a flexible ad hoc networking solution for transient environments. In: Proceedings of the ACM SIGCOMM 2011 conference, SIGCOMM ’11, pp 446–447
Meissner A, Luckenbach T, Risse T, Kirste T, Kirchner H (2002) Design challenges for an integrated disaster management communication and information system. In: Proceedings of DIREN 2002 (co-located with IEEE INFOCOM 2002
Miner S, Staddon J (2001) Graph-based authentication of digital streams. In: Proceedings of 2001 IEEE symposium on security and privacy, pp 232 –246
Mokbel MF (2006) Towards privacy-aware location-based database servers. In: Proceedings of the 22nd internationl conference on Sata Engineering Workshops (ICDEW 2006), pp 93–102
Mokbel MF, Chow CY, Aref WG (2006) The new casper: Query processing for location services without compromising privacy. In: Proceedings of the 32nd international conference on very large data bases (VLDB 2006), pp 763–774
Naehrig M, Niederhagen R, Schwabe P (2010) New software speed records for cryptographic pairings. In: Progress in cryptology - LATINCRYPT 2010, LNCS, vol 6212, Springer, Berlin, pp 109–123
National Institute of Standard and Technology (NIST) (2007) Recommendation for pair-wisekey establishment schemesusing discrete logarithmcryptography (revised). NIST SP800-56A
National Institute of Standard Technology (NIST) (2011) US government cloud computing technology roadmap, volume ii, release 1.0 (draft). NIST SP500-293
Nergiz ME, Atzori M, Saygin Y (2008) Towards trajectory anonymization: a generalization-based approach. In: Proc. of the SIGSPATIAL ACM GIS 2008 international workshop on security and privacy in GIS and LBS, SPRINGL ’08, pp 52–61
Ohya M, Asada J, Harada N, Matsubayashi R, Hara M, Takata R, Naito M, Waga M, Katada T (2006) Disaster information-gathering system using cellular phone with a global positioning system. In: Proceedings of the international symposium on management system for disaster prevention 2006
van Oorschot P (2003) Revisiting software protection. In: Proceedings of the 6th information security conference (ISC2003), LNCS, vol 2851, pp 1–13
Ostrovsky R, Skeith WE III (2007) A survey of single-database private information retrieval: techniques and applications. In: Proceedings of the 10th international conference on practice and theory in public-key cryptography, Springer, Berlin, PKC’07, pp 393–411
Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. Cryptology ePrint Archive, Report 2007/323, http://eprint.iacr.org/
Palmieri F, Fiore U, Castiglione A (2011) Automatic security assessment for next generation wireless mobile networks. Mobile Inform Syst 7(3):217–239
Park JM, Chong E, Siegel H (2002) Efficient multicast packet authentication using signature amortization. In: Proceedings of 2002 IEEE symposium on security and privacy, pp 227–240
Park JM, Chong EKP, Siegel HJ (2003) Efficient multicast stream authentication using erasure codes. ACM Trans Inf Syst Secur 6(2):258–285
Perrig A, Canetti R, Tygar J, Song D (2000) Efficient authentication and signing of multicast streams over lossy channels. In: Proceedings of 2000 IEEE symposium on security and privacy, pp 56 –73
Perry RW (2003) Incident management systems in disaster management. J Disaster Prev Manage 12(5):405–412
Pirzada AA, McDonald C (2006) Trust establishment in pure ad-hoc networks. Wirel Pers Commun 37(1–2):139–168
Popovic K, Hocenski Z (2010) Cloud computing security issues and challenges. In: MIPRO, 2010 proceedings of the 33rd international convention, pp 344–349
Probst MJ, Kasera SK (2007) Statistical trust establishment in wireless sensor networks. In: Proceedings of the 13th international conference on parallel and distributed systems, vol 01, ICPADS ’07, pp 1–8
Reina DG, Toral SL, Barrero F, Bessis N, Asimakopoulou E (2012) Modelling and assessing ad hoc networks in disaster scenarios. J Ambient Intell Humanized Comput, pp 1–9
Sahai A, Waters B (2005a) Fuzzy identity-based encryption. In: Proceedings of EUROCRYPT 2005, LNCS, vol 3494, pp 457–473
Sahai A, Waters B (2005b) Fuzzy identity-based encryption. In: Advances in cryptology - EUROCRYPT 2005, LNCS, vol 3494, Springer, Berlin, pp 557–557
Sakanushi K, Hieda T, Shiraishi T, Ode Y, Takeuchi Y, Imai M, Higashino T, Tanaka H (2012) Electronic triage system for continuously monitoring casualties at disaster scenes. J Ambient Intell Humanized Comput, pp 1–12
Santis AD, Castiglione A, Cattaneo G, Cembalo M, Petagna F, Petrillo UF (2010) An extensible framework for efficient secure SMS. In: Proceedings of the 2010 international conference on complex, intelligent and software intensive systems, pp 843–850
Santos N, Smith SW (2007) Limited delegation for client-side ssl. In: Proceedings of the 6th annual PKI R & D Workshop, pp 76–90
Scott M (2011) On the efficient implementation of pairing-based protocols. Cryptology ePrint Archive, Report 2011/334, http://eprint.iacr.org/
Sengupta S, Kaulgud V, Sharma V (2011) Cloud computing security–trends and research directions. In: Proceedings of 2011 IEEE world congress on services (SERVICES), pp 524 –531
Shimoda K, Gyoda K (2011) Analysis of ad hoc network performance for disaster communication models. In: Proceedings of the 2011 tenth international symposium on autonomous decentralized systems, ISADS ’11, pp 483–488
Shklovski I, Palen L, Sutton J (2008) Finding community through information and communication technology in disaster response. In: Proceedings of the 2008 ACM conference on computer supported cooperative work, CSCW ’08, pp 127–136
Song DX, Wagner D, Perrig A (2000) Practical techniques for searches on encrypted data. In: Proceedings 2000 IEEE symposium on security and privacy, 2000. SP 2000, pp 44–55
Sun YL., Yu W., Han Z., Liu KJ. (2006) Information theoretic framework of trust modeling and evaluation for ad hoc networks. IEEE J Sel A Commun 24(2):305–317
The LifeNet Project (2011) LifeNet. http://wwwthelifenetworkorg/indexhtml
Theodorakopoulos G., Baras JS. (2006) On trust models and trust evaluation metrics for ad hoc networks. IEEE J Selected Areas Commun 24:318–328
Velloso P., Laufer R., de O Cunha D., Duarte O., Pujolle G. (2010) Trust management in mobile ad hoc networks using a scalable maturity-based model. IEEE Trans Netw Service Manag 7(3):172 –185
Wang R, Chen S, Wang X (2012) Signing me onto your accounts through facebook and google: a traffic-guided security study of commercially deployed single-sign-on web services. In: Proceedings of 2012 IEEE symposium on security and privacy (to appear)
Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public key cryptography - PKC 2011, vol 6571, Springer, Berlin, pp 53–70
Waters B, Waters BR, Balfanz D, Balfanz D, Durfee G, Durfee G, Smetters DK, Smetters DK (2004) Building an encrypted and searchable audit log. In: Proceedings of the 11th annual network and distributed system security symposium
Wickler G, Potter S, Tate A, Hansberger J (2011) The virtual collaboration environment: new media for crisis response. In: Proceedings of 8th international conference on information systems for crisis response and management, ISCRAM 2011
Wong CK, Lam S (1999) Digital signatures for flows and multicasts. IEEE/ACM Trans Netw 7(4):502–513
Wood T, Cecchet E, Ramakrishnan KK, Shenoy P, van der Merwe J, Venkataramani A (2010) Disaster recovery as a cloud service: economic benefits & deployment challenges. In: Proceedings of the 2nd USENIX conference on Hot topics in cloud computing, HotCloud’10
Yao AC (1982) Protocols for secure computations. In: 23rd annual symposium on foundations of computer science, pp 160 –164
Yao ACC (1986) How to generate and exchange secrets. In: 27th annual symposium on foundations of computer science, pp 162 –167
Yao X, Turoff M, Hiltz R (2010) A field trial of a collaborative online scenario creation system for emergency management. In: Proceedings of 7th international conference on information systems for crisis response and management, ISCRAM 2010
Yu B, Singh MP (2002) An evidential model of distributed reputation management. In: Proceedings of the first international joint conference on autonomous agents and multiagent systems: part 1, AAMAS ’02, pp 294–301
Zeng QA, Wei H, Joshi V (2008) An efficient communication system for disaster detection and coordinated emergency evacuation. In: Proceedings of wireless telecommunications symposium, WTS 2008, pp 329–333
Zhou Z, Huang D (2011) Efficient and secure data storage operations for mobile cloud computing. Cryptology ePrint Archive, Report 2011/185, http://eprint.iacr.org/
Zouridaki C, Mark BL, Hejmo M, Thomas RK (2005) A quantitative trust establishment framework for reliable data packet delivery in MANETs. In: Proceedings of the 3rd ACM workshop on security of ad hoc and sensor networks, SASN ’05, pp 1–10
Acknowledgments
This work has been supported by the Japanese Ministry of Internal Affairs and Communications funded project, “Study of Security Architecture for Cloud Computing in Disasters.”
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kiyomoto, S., Fukushima, K. & Miyake, Y. Security issues on IT systems during disasters: a survey. J Ambient Intell Human Comput 5, 173–185 (2014). https://doi.org/10.1007/s12652-013-0177-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-013-0177-8