International Journal of Electronic Security and Digital Forensics (11 papers in press)
- A new identity based ring signcryption scheme
by Lunzhi Deng
Abstract: This paper presents a new identity-based ring signcryption scheme. With
this technique, anyone can choose n − 1 entities to generate a verifiable ring
signcryption on behalf of the group of n members, yet the actual signcrypter
remain anonymous. The scheme is proven to be indistinguishable against
adaptive chosen ciphertext attacks, existentially unforgeable against adaptive
chosen message and identity attacks, and unconditional signcrypter ambiguity
under the random oracle model.
Keywords: Identity-based cryptography, Ring signcryption, Random oracle model, Security
- A security enhanced user authentication scheme for multi-server environment without using smart cards
by Pengshuai Qiao
Abstract: With the popularity of Internet and wireless networks, more and more network architectures are used in multi-server environment, in which users remotely access servers through open networks. For the reliability of accessing these remote services, user must pass a verification procedure to obtain the authorization for legal resource acquisition and data exchange. In 2008, Lee et al. proposed an authentication scheme for multi-server architecture. Recently, Yeh et al. demonstrated that Lee et al.s scheme is insecure against server spoofing attack, user impersonation attack and undetectable online password guessing attacks. Yeh et al. also proposed an improved authentication scheme and claimed their scheme could withstand various attacks. Unfortunately, we find that Yeh et al.s scheme is still vulnerable to offline password guessing attack and stolen-verifier attack. Furthermore, a security enhanced authentication scheme is developed to eliminate the identified weaknesses.
Keywords: Authentication, Communication, Key agreement, Multi-server, Security
- Cryptanalysis and improvement of an authentication scheme for telecare medical information systems
by Yun Zhao
Abstract: The telecare medical information system (TMIS) could improve quality of medical care since it allows patients to enjoy health-care delivery services in their home. However, the privacy and security influence the development of the TMIS since it is employed in open networks. Recently, Wu and Xu proposed a privacy authentication scheme for the TMIS and claimed that their scheme could overcome weaknesses in previous schemes. However, we will demonstrate that their scheme is venerable to the server spoofing attack and cannot provide user anonymity. To overcome weaknesses in their scheme, we also propose a new authentication scheme for the TMIS. Analysis shows that our scheme not only overcome weaknesses in Wu et al.s scheme, but also has better performance.
Keywords: Mutual authentication, Anonymity, Smart card, Telecare medical information system
Special Issue on: "
ICGS3 articles from 9th ICGS3-13 Conference,"
- E-business, Recent Threats and Security Countermeasures
by Sina Pournouri, Matthew Craven
Abstract: Today, computers play a prominent role in human life and e-business makes the lives of people easier. Online shopping and electronic trade benefit both customers and companies. Although the concept of e-business has many advantages, it also furnishes cybercriminals opportunities to access, steal and manipulate data. Thus, security requirements ought to be considered by managers who run their businesses via computers and the Internet. One of the first steps to defining security requirements is threat and risk assessment, which may be done by cyberattack profiling. This paper aims to profile recent cyberattacks, investigate trends and relationships between distinct factors, and based on those, give security policies as security countermeasures. The work described was presented at the 9th ICGSSS conference in Dec 2013.
Keywords: E-business, Security, Electronic documents, Customers, Cybercriminals, Cyberattacks, Profiling, Threats, Risk.
Special Issue on: "Systems Security, Safety and Sustainability"
- Thresholding Attack on the BSS-Based Cryptosystem which Has Binary Key
by Ali Sadr, Raziyeh Sadat Okhovat
Abstract: In this paper, it has been shown that the BSS-based cryptosystem with binary key which has only two values, does not provide the security goal. In fact, the private key can be fully realized by applying a proper threshold on the encrypted signal. Performance analysis in terms of normalized MSE shows that the original signal can be accurately extracted by the proposed procedure from the encrypted one. Therefore, a key with multiple values has been exploited to enhance the security of the cryptosystem.
Keywords: Blind Source Separation (BSS), Independent Component Analysis (ICA), Cryptography, Cryptanalysis
- Identity based threshold ring signcryption from pairing
by Lunzhi Deng
Abstract: This paper presents an identity-based threshold ring signcryption scheme.rnwith this technique, any group of t entities can choose n − t entities to generate a t-out-of-n signcryption on behalf of the group of n members, yet thernactual signcrypters remain anonymous. The scheme is proven to be indistinguishable against adaptive chosen ciphertext attacks, existentially unforgeable against adaptive chosen message and identity attacks, and unconditional signcrypter ambiguity under the random oracle model. To the best of authors knowledge, the scheme is the first security ID-based threshold ringrnsigncryption scheme.
Keywords: Identity-based cryptography, Signcryption, Threshold ring signature, Pairings, Security
- Vehicular Ad hoc Network Applications and Security: A Study into the Economic and the Legal implications
by Patrice Seuwou, Dilip Patel, George Ubakanma
Abstract: Vehicular ad hoc network (VANET) is an important component of the Intelligent Transportation System. In this context, vehicle are equipped with complex systems and advanced technologies such as communication systems, computing platform with numerous processors, artificial intelligence and automatic control. This emerging technology is attracting more and more attention as it is a combination of multiple academic subjects and the latest technologies representing the developing tendency of future automobile technology. The main benefit of VANET communication is seen in active safety systems that increase passenger safety by exchanging life critical warning messages between vehicles. In this paper, we discuss the background of VANETs, its application and the current security issues, furthermore we study a number of key elements related to the economic and legal aspects to be considered before VANET can be successfully deployed.
Keywords: Vehicular ad hoc network; application; security; economic; legal
- Vulnerability Considerations for Power Line Communications (PLC) Supervisory Control and Data Acquisition
by Amin Hosseinian Far
Abstract: Due to the increasing importance of communication networking, the Power Line (PL) channel has been considered as a good candidate for the communication medium. Power Line Communications (PLC) term stands for the technologies for the data communication over the electrical power supply network. The PL channels were not designed to transmit high speed data; therefore they exhibit hostile medium for communication signal transmission. There are many factors such as noises, attenuation, distance and etc. affecting the quality of the transmission over PL channels. This paper presents PL model in the first sections of the work. Then it covers the security assessment of the PL system in the Supervisory Control and Data Acquisition (SCADA) context.
Keywords: SCADA, Communication network, PL channels, security assessment
- A security enhanced password authentication and update scheme based on elliptic curve cryptography
by Hang Tu
Abstract: As two fundamental requirements to ensure secure communications over an insecure public network channel, password authentication and update of password have received considerable attention. To satisfy the above two requirements, Islam et al. proposed a password authentication and update scheme based on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. Unfortunately, He et al. found Islam et al.s scheme is still vulnerable to off-line password guessing attack and stolen-verifier attack. In this paper, a security enhanced scheme is developed to eliminate the identified weaknesses. The analysis shows that our scheme can not only overcome the security vulnerability in Islam et al.s scheme, but also has better performance than their scheme. Then our scheme is more suitable for practical applications.
Keywords: Password authentication, Elliptic curve cryptography, off-line password guessing attack, stolen-verifier attack
- The Biometric landscape Towards a sustainable biometric terminology framework
by Bobby Tait
Abstract: Biometric technology is by no means a new technology . Authenticating people based on their biometric traits have been used before technology adopted biometrics as a mechanism to authenticate a person. However, various aspects that shape the landscape of biometric technology are often overlooked. Many research papers focus on the fact that biometric technology can be spoofed using various complex approaches . However, biometric technology has a number of role players that must be considered. Many examples exist of companies implementing biometric technology for authentication. Only to learn later those certain aspects preclude the successful implementation of biometric technology.
This paper discusses a number of aspects that form part of the biometric landscape which should be contemplated whenever biometric technology is considered for a sustainable biometric solution. Due to the various formats that biometrics can be presented, this paper also introduces a framework to standardise the terminology used for biometrics.
Keywords: Biometrics, security, terminology, sustainability, liveness testing, standard
- Multi-Carrier Coded Division Multiple Access (MC-CDMA) Multiplexing Against Multi-Path Fading
by Haider Albonda, Sufian Yousef
Abstract: In recent years Multicarrier techniques such as Multicarrier CDMA (Code Division Multiple Access) Schemes has become popular in wireless communications over multipath fading channels .The (MC-CDMA) used to improve security, data transmission rate and to minimize Inter Symbol Interference (ISI). CDMA was suffering from multipath fading which affects its performance.rnIn this research, the performance of multi-carrier Code Division Multiple Access (MC-CDMA) system is studied and evaluated, virtual frequency and phase synchronization algorithm for the sub - carrier is proposed to reduce the BER of MC-CDMA. The simulation have been done using Matlab program, the results indicate that significant improvement in the system achieved under AWGN and Rayleigh fading channels using BPSK modulation. Increasing digital modulation orders and power have led to reduction in the BER for the system.
Keywords: MC-CDMA, BER, BPSK, QPSK, AWGN