International Journal of Security and Networks http://www.inderscience.com/browse/index.php?journalID=183&year=2011&vol=6&issue=4 Inderscience Publishers Ltd en-uk International Journal of Security and Networks 1747-8405 1747-8413 © 2011 Inderscience Publishers Ltd editor@inderscience.com https://www.inderscience.com/images/files/coverImgs/ijsn_scoverijsn.jpg http://www.inderscience.com/browse/index.php?journalID=183&year=2011&vol=6&issue=4 http://www.inderscience.com/link.php?id=45226 Most networks require that their users have 'identities', i.e., have names that are fixed for a relatively long time, unique, and have been approved by a central authority (in order to guarantee their uniqueness). Unfortunately, this requirement, which was introduced to simplify the design of networks, has its own drawbacks. First, this requirement can lead to the loss of anonymity of communicating users. Second, it can allow the possibility of identity theft. Third, it can lead some users to trust other users who may not be trustworthy. In this paper, we argue that networks can be designed without user identities and their drawbacks. Is that you? Authentication in a network without identities
Taehwan Choi; H.B. Acharya; Mohamed G. Gouda
International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 181 - 190
Most networks require that their users have 'identities', i.e., have names that are fixed for a relatively long time, unique, and have been approved by a central authority (in order to guarantee their uniqueness). Unfortunately, this requirement, which was introduced to simplify the design of networks, has its own drawbacks. First, this requirement can lead to the loss of anonymity of communicating users. Second, it can allow the possibility of identity theft. Third, it can lead some users to trust other users who may not be trustworthy. In this paper, we argue that networks can be designed without user identities and their drawbacks.

]]> 10.1504/IJSN.2011.045226 International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 181 - 190 Taehwan Choi; H.B. Acharya; Mohamed G. Gouda Department of Computer Science, University of Texas at Austin, Austin 78712, Texas, USA. ' Department of Computer Science, University of Texas at Austin, Austin 78712, Texas, USA. ' National Science Foundation, Arlington, Virginia, 22230, USA; University of Texas at Austin, Austin 78712, Texas, USA identity anonymous communication authentication anonymity trust user identities. 2012-01-31T23:20:50-05:00 6 4 181 190 2012-01-31T23:20:50-05:00 http://www.inderscience.com/link.php?id=45227 Joint Encryption and Error Correction (JEEC) is proposed to combine encoding/encryption as one process to boost more compact implementations. In this paper, we provide rigorous investigation on the security of two JECC schemes, namely ECBC and SECC. For ECBC, we found a 3-stage differential-like attack, which breaks it with O(k × 2&lt;SUP align="right"&gt;deg(f)&lt;/SUP&gt; + 2&lt;SUP align="right"&gt;k&lt;/SUP&gt;) effort, where deg(f) is the degree of the core cryptographic function f and k is the block length. For SECC, we found a similar attack of complexity O(k × 2&lt;SUP align="right"&gt;k+1&lt;/SUP&gt;). Additionally, we exhibit that f used in ECBC is particularly vulnerable, which allows the secret matrix to be recovered in O(1). To mitigate this vulnerability, we propose a secure-yet-lightweight construction of f. Finally, the core part of our attack has been implemented. Experimental results confirm that the original implementation of ECBC can be broken in constant time (<0.4 s) regardless of k, whereas the ECBC enhanced by our proposed f can withstand this attack to the maximum extent. On the (in)security of two Joint Encryption and Error Correction schemes
Qi Chai; Guang Gong
International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 191 - 200
Joint Encryption and Error Correction (JEEC) is proposed to combine encoding/encryption as one process to boost more compact implementations. In this paper, we provide rigorous investigation on the security of two JECC schemes, namely ECBC and SECC. For ECBC, we found a 3-stage differential-like attack, which breaks it with O(k × 2&lt;SUP align="right"&gt;deg(f)&lt;/SUP&gt; + 2&lt;SUP align="right"&gt;k&lt;/SUP&gt;) effort, where deg(f) is the degree of the core cryptographic function f and k is the block length. For SECC, we found a similar attack of complexity O(k × 2&lt;SUP align="right"&gt;k+1&lt;/SUP&gt;). Additionally, we exhibit that f used in ECBC is particularly vulnerable, which allows the secret matrix to be recovered in O(1). To mitigate this vulnerability, we propose a secure-yet-lightweight construction of f. Finally, the core part of our attack has been implemented. Experimental results confirm that the original implementation of ECBC can be broken in constant time (<0.4 s) regardless of k, whereas the ECBC enhanced by our proposed f can withstand this attack to the maximum extent.

]]> 10.1504/IJSN.2011.045227 International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 191 - 200 Qi Chai; Guang Gong Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada. ' Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario N2L 3G1, Canada symmetric cryptography cryptanalysis physical layer security error correction vulnerability encryption JEEC wireless networks network security. 2012-01-31T23:20:50-05:00 6 4 191 200 2012-01-31T23:20:50-05:00 http://www.inderscience.com/link.php?id=45228 We present the analysis of virus spread in Wireless Sensor Networks (WSNs) through Susceptible-Infective (SI) epidemic models. We analyse both the traditional SI model and the modified SI model. The traditional SI model does not provide any anti-virus protection for WSNs. The modified SI model can improve the network anti-virus capability without extra hardware effort and signaling overhead. We derive the explicit solutions for the epidemic models. Based on the modified SI model, we propose two adaptive network protection schemes for securing WSNs against virus attacks. Numerical results and simulations are provided for further understanding of the analysis. An epidemic model with adaptive virus spread control for Wireless Sensor Networks
Shensheng Tang; Wei Li
International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 201 - 210
We present the analysis of virus spread in Wireless Sensor Networks (WSNs) through Susceptible-Infective (SI) epidemic models. We analyse both the traditional SI model and the modified SI model. The traditional SI model does not provide any anti-virus protection for WSNs. The modified SI model can improve the network anti-virus capability without extra hardware effort and signaling overhead. We derive the explicit solutions for the epidemic models. Based on the modified SI model, we propose two adaptive network protection schemes for securing WSNs against virus attacks. Numerical results and simulations are provided for further understanding of the analysis.

]]> 10.1504/IJSN.2011.045228 International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 201 - 210 Shensheng Tang; Wei Li Department of Engineering Technology, Missouri Western State University, St. Joseph, MO 64507, USA. ' Department of Computer Science, Texas Southern University, Houston, TX 77004, USA WSNs wireless sensor networks epidemic models virus spread infective node network failure adaptive network protection network security anti-virus protection virus attacks. 2012-01-31T23:20:50-05:00 6 4 201 210 2012-01-31T23:20:50-05:00 http://www.inderscience.com/link.php?id=45229 In this paper, we propose a computationally-efficient data hiding method which achieves Cachin's security criterion: zero Kullback-Liebler (KL) divergence. To preserve statistical properties of the cover medium, we swap pixels rather than modify them to hide information. We theoretically analyse the security of the proposed method from various perspectives. Upper bounds of the KL divergence of second order statistics; The relationship between distortions in the DCT domain and embedding positions in the spatial domain; The upper bound on the conditional entropy in the DCT domain. We then subject our proposed stego method to several practical steganalysis algorithms: Histogram based attacks; A higher-order statistics based universal steganalysis algorithm; A new learning based steganalysis that specifically for this hiding algorithm. Experimental results show that our data hiding method can prevent these statistical detection methods, when the embedding rate is less than or equal to 10%. KL-sense secure image steganography
Guoqi Luo; K.P. Subbalakshmi
International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 211 - 225
In this paper, we propose a computationally-efficient data hiding method which achieves Cachin's security criterion: zero Kullback-Liebler (KL) divergence. To preserve statistical properties of the cover medium, we swap pixels rather than modify them to hide information. We theoretically analyse the security of the proposed method from various perspectives. Upper bounds of the KL divergence of second order statistics; The relationship between distortions in the DCT domain and embedding positions in the spatial domain; The upper bound on the conditional entropy in the DCT domain. We then subject our proposed stego method to several practical steganalysis algorithms: Histogram based attacks; A higher-order statistics based universal steganalysis algorithm; A new learning based steganalysis that specifically for this hiding algorithm. Experimental results show that our data hiding method can prevent these statistical detection methods, when the embedding rate is less than or equal to 10%.

]]> 10.1504/IJSN.2011.045229 International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 211 - 225 Guoqi Luo; K.P. Subbalakshmi Department of Electrical and Computer Engineering, Stevens Institute of Technology, Hoboken, NJ 07030, USA. ' Department of Electrical and Computer Engineering, Stevens Institute of Technology, Hoboken, NJ 07030, USA data hiding steganography Kullback-Liebler divergence Markov chain conditional entropy secure images steganalysis security. 2012-01-31T23:20:50-05:00 6 4 211 225 2012-01-31T23:20:50-05:00 http://www.inderscience.com/link.php?id=45230 Location privacy in Mobile Social Networks (MSNs) has generated significant interest in recent years, with many proposed methods to address the problem. Commercial solutions to this problem have suggested designing better ways for users to determine when to report their locations, while academic researchers have proposed solutions that involve deploying trusted third party servers to protect user privacy. In this paper, we showed that simply omitting location updates does not provide adequate privacy protections, especially in situations where the friendship relationships between users are known. We proposed a fake location update algorithm that allows a user to protect his privacy. A key feature of our approach is that it can be adopted without the use of any third party services, making them more practical. We evaluate our approach using extensive simulation experiments. Friendship-based location privacy in Mobile Social Networks
Wei Chang; Jie Wu; Chiu C. Tan
International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 226 - 236
Location privacy in Mobile Social Networks (MSNs) has generated significant interest in recent years, with many proposed methods to address the problem. Commercial solutions to this problem have suggested designing better ways for users to determine when to report their locations, while academic researchers have proposed solutions that involve deploying trusted third party servers to protect user privacy. In this paper, we showed that simply omitting location updates does not provide adequate privacy protections, especially in situations where the friendship relationships between users are known. We proposed a fake location update algorithm that allows a user to protect his privacy. A key feature of our approach is that it can be adopted without the use of any third party services, making them more practical. We evaluate our approach using extensive simulation experiments.

]]> 10.1504/IJSN.2011.045230 International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 226 - 236 Wei Chang; Jie Wu; Chiu C. Tan Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA. ' Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA. ' Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA closeness inference attacks location privacy MSNs mobile social networks trajectory estimation privacy protection simulation network security. 2012-01-31T23:20:50-05:00 6 4 226 236 2012-01-31T23:20:50-05:00 http://www.inderscience.com/link.php?id=45231 In current Online Social Networks (OSNs), it is necessary for a user to determine whether a claimed public key belongs to a target user. In this paper, we design a system to complete this task. We first find a common friend between two users and let her help to prove the ownership of the public key. The common friend is proved to exist with high probability in fast mixing OSNs. We also propose a protocol to securely compute the intersection of friend sets. The effectiveness of the system is demonstrated by simulation. Authenticating strangers in Online Social Networks
Xinxin Zhao; Lingjun Li; Guoliang Xue
International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 237 - 248
In current Online Social Networks (OSNs), it is necessary for a user to determine whether a claimed public key belongs to a target user. In this paper, we design a system to complete this task. We first find a common friend between two users and let her help to prove the ownership of the public key. The common friend is proved to exist with high probability in fast mixing OSNs. We also propose a protocol to securely compute the intersection of friend sets. The effectiveness of the system is demonstrated by simulation.

]]> 10.1504/IJSN.2011.045231 International Journal of Security and Networks, Vol. 6, No. 4 (2011) pp. 237 - 248 Xinxin Zhao; Lingjun Li; Guoliang Xue School of Computing, Informatics and Decision Systems Engineering, Arizona State University, P.O. Box 878809, Tempe 85287-8809, AZ, USA. ' School of Computing, Informatics and Decision Systems Engineering, Arizona State University, P.O. Box 878809, Tempe 85287-8809, AZ, USA. ' School of Computing, Informatics and Decision Systems Engineering, Arizona State University, P.O. Box 878809, Tempe 85287-8809, AZ, USA authentication OSNs online social networks fast mixing secure set intersection zero-knowledge proof network security public keys simulation. 2012-01-31T23:20:50-05:00 6 4 237 248 2012-01-31T23:20:50-05:00