International Journal of Internet Technology and Secured Transactions http://www.inderscience.com/browse/index.php?journalID=190&year=2012&vol=4&issue=1 Inderscience Publishers Ltd en-uk International Journal of Internet Technology and Secured Transactions 1748-569X 1748-5703 © 2012 Inderscience Publishers Ltd editor@inderscience.com https://www.inderscience.com/images/files/coverImgs/ijitst_scoverijitst.jpg http://www.inderscience.com/browse/index.php?journalID=190&year=2012&vol=4&issue=1 http://www.inderscience.com/link.php?id=45160 Secret image sharing is a technique to share a secret image among n participants using Shamir's secret sharing scheme. Secret image is revealed if any k of the n shares is processed according to the scheme. Research reported in the literature is focused on improving known issues of the method. Reconstruction without distortion, reducing the size expansion of the share images, improving stego image quality and enhancing authentication ability of the method are some of the issues. Recovering cover images after the revealing procedure is an important issue. In 2009, Wu et al. proposed a technique based on reversible steganography to solve this problem. A location map is used to recover cover images, which needs extra information. The proposed method outlined in this paper does not need any information except shares to recover cover images. In addition, visual quality of the shares or the peak signal to noise ratio (PSNR) values of stego images are improved which is used to demonstrate the effectiveness of the method. Experimental results indicate a 3 dB PSNR improvement on the average compared to Wu et al.'s method. Secret image sharing with reversible capabilities
Guzin Ulutas; Mustafa Ulutas; Vasif V. Nabiyev
International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 1 - 11
Secret image sharing is a technique to share a secret image among n participants using Shamir's secret sharing scheme. Secret image is revealed if any k of the n shares is processed according to the scheme. Research reported in the literature is focused on improving known issues of the method. Reconstruction without distortion, reducing the size expansion of the share images, improving stego image quality and enhancing authentication ability of the method are some of the issues. Recovering cover images after the revealing procedure is an important issue. In 2009, Wu et al. proposed a technique based on reversible steganography to solve this problem. A location map is used to recover cover images, which needs extra information. The proposed method outlined in this paper does not need any information except shares to recover cover images. In addition, visual quality of the shares or the peak signal to noise ratio (PSNR) values of stego images are improved which is used to demonstrate the effectiveness of the method. Experimental results indicate a 3 dB PSNR improvement on the average compared to Wu et al.'s method.

]]> 10.1504/IJITST.2012.045160 International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 1 - 11 Guzin Ulutas; Mustafa Ulutas; Vasif V. Nabiyev Department of Computer Engineering, Karadeniz Technical University, Trabzon, 61080, Turkey. ' Department of Computer Engineering, Karadeniz Technical University, Trabzon, 61080, Turkey. ' Department of Computer Engineering, Karadeniz Technical University, Trabzon, 61080, Turkey secret image sharing peak signal to noise ratio PSNR peak SNR reversible steganography secret images image quality authentication. 2012-01-29T23:20:50-05:00 4 1 1 11 2012-01-29T23:20:50-05:00 http://www.inderscience.com/link.php?id=45161 Although cryptosystem designers frequently assume that secret parameters will be manipulated in closed reliable computing environments, Kocher et al. reported in 1998 that microchips leak information correlated with the data handled and introduced a new kind of attacks which were radically different from software and algorithmic attacks. These attacks use leaking or side-channel information, like power consumption data, electromagnetic emanations or computing time to recover the secret key. While FPGAs are becoming increasingly popular for cryptographic applications, there are only a few articles that assess their vulnerability to such attacks. This paper describes the principles of differential power analysis (DPA) attack and also illustrates a practical and successful implementation of this attack against an FPGA implementation of the advanced encryption standard (AES) algorithm. The results obtained in this work clearly demonstrate that DPA is a serious threat against realisation of encryption algorithms on SRAM-based FPGAs without effective countermeasures. Differential power analysis: a serious threat for FPGA security
Massoud Masoumi
International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 12 - 25
Although cryptosystem designers frequently assume that secret parameters will be manipulated in closed reliable computing environments, Kocher et al. reported in 1998 that microchips leak information correlated with the data handled and introduced a new kind of attacks which were radically different from software and algorithmic attacks. These attacks use leaking or side-channel information, like power consumption data, electromagnetic emanations or computing time to recover the secret key. While FPGAs are becoming increasingly popular for cryptographic applications, there are only a few articles that assess their vulnerability to such attacks. This paper describes the principles of differential power analysis (DPA) attack and also illustrates a practical and successful implementation of this attack against an FPGA implementation of the advanced encryption standard (AES) algorithm. The results obtained in this work clearly demonstrate that DPA is a serious threat against realisation of encryption algorithms on SRAM-based FPGAs without effective countermeasures.

]]> 10.1504/IJITST.2012.045161 International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 12 - 25 Massoud Masoumi Islamshahr Azad University, Islamshahr Branch, P.O. Box: 33135-369, Sayad Shirazi Ave., Namaz Sqr., Tehran, Iran side-channel attacks differential power analysis FPGA implementation advanced encryption standard AES algorithm cryptography FPGA vulnerability power consumption electromagnetic emanations computing time field programmable gate arrays SRAM static RAM random access memory. 2012-01-29T23:20:50-05:00 4 1 12 25 2012-01-29T23:20:50-05:00 http://www.inderscience.com/link.php?id=45147 Although information security is critical for organisations to survive, a number of studies continue to report incidents of critical information loss. To this end, there is still an increasing interest to study information security from a non-technical perspective. In doing so, this research focuses on the effect of strong corporate cultures and organisational commitment as important aspects in managing information security through e-banking. That is, manipulating more effectively e-banking security development and management within organisations. Achieving the required level of e-banking security within organisations usually requires more than security awareness and control but also a better understanding of the organisations' culture in which e-banking security measures are developed and tailored to. In effect, organisations may have a clearer insight into how to commit more effectively to such security measures and ultimately, offer more secure e-banking services to their customers. Cultural and organisational commitment in the context of e-banking
Ioannis V. Koskosas
International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 26 - 41
Although information security is critical for organisations to survive, a number of studies continue to report incidents of critical information loss. To this end, there is still an increasing interest to study information security from a non-technical perspective. In doing so, this research focuses on the effect of strong corporate cultures and organisational commitment as important aspects in managing information security through e-banking. That is, manipulating more effectively e-banking security development and management within organisations. Achieving the required level of e-banking security within organisations usually requires more than security awareness and control but also a better understanding of the organisations' culture in which e-banking security measures are developed and tailored to. In effect, organisations may have a clearer insight into how to commit more effectively to such security measures and ultimately, offer more secure e-banking services to their customers.

]]> 10.1504/IJITST.2012.045147 International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 26 - 41 Ioannis V. Koskosas Department of Informatics and Telecommunications Engineering, University of Western Macedonia; Department of Finance, Technological Educational Institute of Western Macedonia, 50100, Kozani, Greece electronic banking e-banking security corporate culture organisational commitment information technology organisational culture information security secure services banking industry bank information. 2012-01-29T23:20:50-05:00 4 1 26 41 2012-01-29T23:20:50-05:00 http://www.inderscience.com/link.php?id=45149 The volume of mass unsolicited e-mail, often known as spam, has recently increased enormously and has become a serious threat to not only internet but also to society. It is challenging to develop spam filters that can effectively eliminate the increasing volume of unwanted e-mails automatically. The present work presents a combination of support vector machine classifier for non-linear data (using an eligible kernel function) with appropriate data pre-processing as a spam filter. Data pre-processing is a vital part of text classification where the objective is to generate feature vectors usable by SVM kernels. The pre-processing steps include HTML removal, HTML replacement, de-obfuscation and stop-word-remover. The results obtained using the pre-processing level showed an improvement in the classification level. The estimated training and classification time for different document sizes indicate that the adopted method is practical and computationally efficient. Experimental results show that the approach can enhance the filtering performance effectively. An effective spam filter based on a combined support vector machine approach
Mumtaz M. Al-Mukhtar; Yasmine M. Tabra
International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 42 - 54
The volume of mass unsolicited e-mail, often known as spam, has recently increased enormously and has become a serious threat to not only internet but also to society. It is challenging to develop spam filters that can effectively eliminate the increasing volume of unwanted e-mails automatically. The present work presents a combination of support vector machine classifier for non-linear data (using an eligible kernel function) with appropriate data pre-processing as a spam filter. Data pre-processing is a vital part of text classification where the objective is to generate feature vectors usable by SVM kernels. The pre-processing steps include HTML removal, HTML replacement, de-obfuscation and stop-word-remover. The results obtained using the pre-processing level showed an improvement in the classification level. The estimated training and classification time for different document sizes indicate that the adopted method is practical and computationally efficient. Experimental results show that the approach can enhance the filtering performance effectively.

]]> 10.1504/IJITST.2012.045149 International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 42 - 54 Mumtaz M. Al-Mukhtar; Yasmine M. Tabra Department of Internet Engineering, College of Information Engineering, Al-Nahrain University, P.O. Box 64074, Aljadria, Baghdad, Iraq. ' Department of Internet Engineering, College of Information Engineering, Al-Nahrain University, P.O. Box 64074, Aljadria, Baghdad, Iraq spam filters kernel function classification support vector machines SVM unsolicited email filtering performance. 2012-01-29T23:20:50-05:00 4 1 42 54 2012-01-29T23:20:50-05:00 http://www.inderscience.com/link.php?id=45150 The need for 'role engineering' becomes evident once a decision has been made to adopt role-based access control (RBAC) to ensure access control in a computer system. Role engineering is a process to define roles, permissions, and role hierarchies. Therefore, it is a critical step in deploying any RBAC-oriented system. The question is even more crucial for workflow management systems: additionally to role engineering, a 'task engineering' process could be needed to allow the satisfaction of access control constraints even in critical situations. In this paper, we propose an approach of task engineering to improve access control enforcement in workflow management systems. By task engineering, we mean the process to examine the granularity of each workflow's task in a way to meet – at run time – the main access control requirements, precisely the least privilege and separation of duties principles. This approach uses the constraints satisfaction problem (CSP) formulation and resolution method. Enforcing access control in workflow systems with a task engineering approach
Hamid Hatim; Hanan El Bakkali; Ilham Berrada
International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 55 - 70
The need for 'role engineering' becomes evident once a decision has been made to adopt role-based access control (RBAC) to ensure access control in a computer system. Role engineering is a process to define roles, permissions, and role hierarchies. Therefore, it is a critical step in deploying any RBAC-oriented system. The question is even more crucial for workflow management systems: additionally to role engineering, a 'task engineering' process could be needed to allow the satisfaction of access control constraints even in critical situations. In this paper, we propose an approach of task engineering to improve access control enforcement in workflow management systems. By task engineering, we mean the process to examine the granularity of each workflow's task in a way to meet – at run time – the main access control requirements, precisely the least privilege and separation of duties principles. This approach uses the constraints satisfaction problem (CSP) formulation and resolution method.

]]> 10.1504/IJITST.2012.045150 International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 55 - 70 Hamid Hatim; Hanan El Bakkali; Ilham Berrada Université Mohammed V-Souissi, ENSIAS, BP: 713, Agdal – Rabat, Morocco. ' Université Mohammed V-Souissi, ENSIAS, BP: 713, Agdal – Rabat, Morocco. ' Université Mohammed V-Souissi, ENSIAS, BP: 713, Agdal – Rabat, Morocco workflow role-based access control RBAC role engineering task engineering granulatrity atomicity constraints satisfaction problem CSP. 2012-01-29T23:20:50-05:00 4 1 55 70 2012-01-29T23:20:50-05:00 http://www.inderscience.com/link.php?id=45153 In this paper, we propose a new payment instrument, i.e., mobile traveller's check (MTC) in the realm of mobile commerce. This payment instrument provides the merits of both e-cash and e-check, i.e., MTC can be used freely as an e-cash and it is as secure as an e-check. We present the mobile payment protocol based on MTC which uses elliptic curve digital signature algorithm (ECDSA) for generating and verifying digital signatures and DES for encrypting and decrypting the messages which are suitable for resource constrained devices like mobile phones. We use 'extended BAN' logic (Abadi et al., 1993) to provide a concise and clear understanding of this secure payment instrument (MTC). We formalise and verify the interactions and trust relationships among engaging entities. A new mobile payment system with formal verification
Shaik Shakeel Ahamad; Siba K. Udgata; V.N. Sastry
International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 71 - 103
In this paper, we propose a new payment instrument, i.e., mobile traveller's check (MTC) in the realm of mobile commerce. This payment instrument provides the merits of both e-cash and e-check, i.e., MTC can be used freely as an e-cash and it is as secure as an e-check. We present the mobile payment protocol based on MTC which uses elliptic curve digital signature algorithm (ECDSA) for generating and verifying digital signatures and DES for encrypting and decrypting the messages which are suitable for resource constrained devices like mobile phones. We use 'extended BAN' logic (Abadi et al., 1993) to provide a concise and clear understanding of this secure payment instrument (MTC). We formalise and verify the interactions and trust relationships among engaging entities.

]]> 10.1504/IJITST.2012.045153 International Journal of Internet Technology and Secured Transactions, Vol. 4, No. 1 (2012) pp. 71 - 103 Shaik Shakeel Ahamad; Siba K. Udgata; V.N. Sastry Institute for Development and Research in Banking Technology (IDRBT), Castle Hills, Masab Tank, Hyderabad-57, India; Department Computers and Information Sciences, University of Hyderabad, Hyderabad-46, India. ' Department of Computers and Information Sciences, University of Hyderabad, Hyderabad-46, India. ' Institute for Development and Research in Banking Technology (IDRBT), Castle Hills, Masab Tank, Hyderabad-57, India mobile payment m-payment mobile travellers checks travellers cheques MTC extended BAN logic elliptic curve digital signature algorithm ECDSA DES digital signatures electronic signatures mobile commerce m-commerce signature verification encryption mobile phones cell phones trust secure payment payment security authentication. 2012-01-29T23:20:50-05:00 4 1 71 103 2012-01-29T23:20:50-05:00