International Journal of Electronic Security and Digital Forensics (13 papers in press)
- A new identity based ring signcryption scheme
by Lunzhi Deng
Abstract: This paper presents a new identity-based ring signcryption scheme. With
this technique, anyone can choose n − 1 entities to generate a verifiable ring
signcryption on behalf of the group of n members, yet the actual signcrypter
remain anonymous. The scheme is proven to be indistinguishable against
adaptive chosen ciphertext attacks, existentially unforgeable against adaptive
chosen message and identity attacks, and unconditional signcrypter ambiguity
under the random oracle model.
Keywords: Identity-based cryptography, Ring signcryption, Random oracle model, Security
Special Issue on: "INTELLIGENCE MANAGEMENT TO COMBAT CYBERCRIMEâ€™"
- SECURITY CHALLENGES IN THE DISTRIBUTED CLOUD COMPUTING
by Ikechukwu Nwobodo, Hossein Jahankhani, Aloysius Edoh
Abstract: Cloud computing has altered the overall representative picture which distributed computing present in IT environment such as grid and server client computing. Cloud computing has given a new innovative meaning to off-premises and distributed computing. Although cloud computing offers more economical benefits than traditional computing, it undoubtedly introduces an imaginable security challenges to information control, management, access and storage from on-premises to off premises. This paper focuses on security challenges in distributed cloud, describes cloud computing, models and services. Analysis cloud security challenges and presents discussions on considerable solutions to protect threats against confidentiality, integrity and availability of cloud data. This paper also presents an implementation of Private Cloud Computing and evaluates its security features.
Keywords: cloud computing, PaaS, SaaS, IaaS, VM, CIA, threats, vulnerability
- TOWARDS A MODEL FOR THE INTEGRATION OF KNOWLEDGE MANAGEMENT IN LAW ENFORCEMENT AGENCIES
by Ben Brewster, Babak Akhgar, Andrew Staniforth, David Waddington, Simon Andrews, Kayleigh Johnson
Abstract: As law enforcement agencies are presented with ever increasing repositories of data upon which to conduct their intelligence and investigative initiatives, the requirement to effectively manage knowledge grows. The following paper explores the use of knowledge management within law enforcement in terms of defining knowledge in policing, the various forms in which knowledge exists in society and organisations, and the potential barriers to the integration of knowledge management practices in the law enforcement domain. The paper clarifies the role of knowledge in organisational behaviour and the rationale behind its importance in contemporary law enforcement practices before discussing the concepts around practical scenarios, and outlining a number of example approaches to integration.
Keywords: Knowledge Management; Law Enforcement; Intelligence
- Secure cloud based biometric authentication utilizing smart devices for electronic transactions.
by Bobby L. Tait
Abstract: The release of the latest iPhone device by Apple, named the iPhone 5s which incorporates a fingerprint based biometric scanner, was met with a lot of criticism from the security and privacy community. It was soon demonstrated that the biometric reader on this new iPhone is just as vulnerable to spoofing attacks as devised by researchers such as Matsumoto et al . It is an excepted fact that making use of biometrics for effective security during the identification and authentication process, is not recommended. People leave latent biometric prints of their fingerprints on everything they touch. Biometric technology is vexed with this problem a biometric characteristic is not essentially covert, as people deposit their biometric characteristics in various ways in the environment they interact with. \r\nThis paper proposes an approach to allow a person to use a smart device such as the iPhone 5s, for secure biometric authentication over a networked environment for secure electronic transactions. The paper illustrates that a smart device can be considered as a smart token, to address the security concerns associated with biometric technology.\r\n
Keywords: Biometrics; iPhone 5s; Cloud; Security; Authentication; Secure electronic transaction; spoof attack; hacking; smart token;
- Anomaly Detection Using Fuzzy Association Rules
by María Dolores Ruiz Jiménez, Maria J. Martin-Bautista, Daniel Sánchez, M. Amparo Vila, Miguel Delgado
Abstract: Data mining techniques are a very important tool for extracting useful knowledge from databases. Recently some approaches have been developed for mining novel kinds of useful information, such us anomalous rules. These kinds of rules are a good technique for the recognition of normal and anomalous behaviour, that can be of interest in several area domains such us security systems, financial data analysis, network traffic flow, etc. rnThe aim of this paper is to propose an association rule mining process for extracting the common and anomalous patterns in data that is affected by some kind of imprecision or uncertainty, obtaining information that will be meaningful and interesting for the user. This is done by mining fuzzy anomalous rules. We present a new approach for mining such rules, and we apply it to the case of detecting normal and anomalous patterns on credit data
Keywords: Data mining; fuzzy association rules; anomalous rules; anomaly detection; credit
- Enrollment Time as a Requirement for Biometric Fingerprint Recognition
by Vítor Sá, Sérgio Magalhães, Henrique Santos
Abstract: The performance of a biometric system depends on the accuracy, the processing speed, the template size, and the time necessary for enrollment. This last factor is not much addressed in literature. In this work we collected information about the users' availability for enrollment in respect to fingerprint biometrics. Were involved in trials 22 people randomly chosen. The results are presented globally, by sex, by age group and by previous experience in the use of the technology. We found that there is a generalized positive predisposition for enrollment that is expressed in some by the predisposition to try for many times and in others to try over a long time, and that it may be the youngest and the oldest the least available.
Keywords: security; biometrics; enrollment; fingerprint; availability
- New Tackle to Catch A Phisher
by Brad Wardman, Gary Warner, Jason Britt
Abstract: Organizations continue to pursue new strategies to thwart phishing attacks as well as investigate the criminals behind these scams. In order to address these issues, a novel algorithm named Syntactical Fingerprinting is proposed which automatically identifies phishing websites and implies the provenance of these websites using the structural components that compose the website. Syntactical Fingerprinting demonstrates the ability to accurately identify newly observed phishing websites through an experiment on a custom data set consisting of 49,840 URLs collected over three months by the UAB Phishing Data Mine. An additional experiment was run over website content collected during another timeframe exhibiting the ability to use Syntactical Fingerprinting as a distance metric for clustering phishing websites. Varying the threshold value within Syntactical Fingerprinting demonstrates the capability for phishing investigators to identify not only the source of phishing websites, but individual phishers as well.
Keywords: Phishing; Cybercrime; Forensics; Clustering; File Matching Algorithms; Anti-Fraud; Fraud Detection; Social Engineering; Provenance; Attribution; Branding
Special Issue on: "Systems Security, Safety and Sustainability"
- Thresholding Attack on the BSS-Based Cryptosystem which Has Binary Key
by Ali Sadr, Raziyeh Sadat Okhovat
Abstract: In this paper, it has been shown that the BSS-based cryptosystem with binary key which has only two values, does not provide the security goal. In fact, the private key can be fully realized by applying a proper threshold on the encrypted signal. Performance analysis in terms of normalized MSE shows that the original signal can be accurately extracted by the proposed procedure from the encrypted one. Therefore, a key with multiple values has been exploited to enhance the security of the cryptosystem.
Keywords: Blind Source Separation (BSS), Independent Component Analysis (ICA), Cryptography, Cryptanalysis
- Identity based threshold ring signcryption from pairing
by Lunzhi Deng
Abstract: This paper presents an identity-based threshold ring signcryption scheme.rnwith this technique, any group of t entities can choose n − t entities to generate a t-out-of-n signcryption on behalf of the group of n members, yet thernactual signcrypters remain anonymous. The scheme is proven to be indistinguishable against adaptive chosen ciphertext attacks, existentially unforgeable against adaptive chosen message and identity attacks, and unconditional signcrypter ambiguity under the random oracle model. To the best of authors knowledge, the scheme is the first security ID-based threshold ringrnsigncryption scheme.
Keywords: Identity-based cryptography, Signcryption, Threshold ring signature, Pairings, Security
- Vehicular Ad hoc Network Applications and Security: A Study into the Economic and the Legal implications
by Patrice Seuwou, Dilip Patel, George Ubakanma
Abstract: Vehicular ad hoc network (VANET) is an important component of the Intelligent Transportation System. In this context, vehicle are equipped with complex systems and advanced technologies such as communication systems, computing platform with numerous processors, artificial intelligence and automatic control. This emerging technology is attracting more and more attention as it is a combination of multiple academic subjects and the latest technologies representing the developing tendency of future automobile technology. The main benefit of VANET communication is seen in active safety systems that increase passenger safety by exchanging life critical warning messages between vehicles. In this paper, we discuss the background of VANETs, its application and the current security issues, furthermore we study a number of key elements related to the economic and legal aspects to be considered before VANET can be successfully deployed.
Keywords: Vehicular ad hoc network; application; security; economic; legal
- Vulnerability Considerations for Power Line Communications (PLC) Supervisory Control and Data Acquisition
by Amin Hosseinian Far
Abstract: Due to the increasing importance of communication networking, the Power Line (PL) channel has been considered as a good candidate for the communication medium. Power Line Communications (PLC) term stands for the technologies for the data communication over the electrical power supply network. The PL channels were not designed to transmit high speed data; therefore they exhibit hostile medium for communication signal transmission. There are many factors such as noises, attenuation, distance and etc. affecting the quality of the transmission over PL channels. This paper presents PL model in the first sections of the work. Then it covers the security assessment of the PL system in the Supervisory Control and Data Acquisition (SCADA) context.
Keywords: SCADA, Communication network, PL channels, security assessment
- A security enhanced password authentication and update scheme based on elliptic curve cryptography
by Hang Tu
Abstract: As two fundamental requirements to ensure secure communications over an insecure public network channel, password authentication and update of password have received considerable attention. To satisfy the above two requirements, Islam et al. proposed a password authentication and update scheme based on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. Unfortunately, He et al. found Islam et al.s scheme is still vulnerable to off-line password guessing attack and stolen-verifier attack. In this paper, a security enhanced scheme is developed to eliminate the identified weaknesses. The analysis shows that our scheme can not only overcome the security vulnerability in Islam et al.s scheme, but also has better performance than their scheme. Then our scheme is more suitable for practical applications.
Keywords: Password authentication, Elliptic curve cryptography, off-line password guessing attack, stolen-verifier attack
- The Biometric landscape Towards a sustainable biometric terminology framework
by Bobby Tait
Abstract: Biometric technology is by no means a new technology . Authenticating people based on their biometric traits have been used before technology adopted biometrics as a mechanism to authenticate a person. However, various aspects that shape the landscape of biometric technology are often overlooked. Many research papers focus on the fact that biometric technology can be spoofed using various complex approaches . However, biometric technology has a number of role players that must be considered. Many examples exist of companies implementing biometric technology for authentication. Only to learn later those certain aspects preclude the successful implementation of biometric technology.
This paper discusses a number of aspects that form part of the biometric landscape which should be contemplated whenever biometric technology is considered for a sustainable biometric solution. Due to the various formats that biometrics can be presented, this paper also introduces a framework to standardise the terminology used for biometrics.
Keywords: Biometrics, security, terminology, sustainability, liveness testing, standard