Forthcoming articles

 


International Journal of Information and Computer Security

 

These articles have been peer-reviewed and accepted for publication in IJICS, but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

 

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

 

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

 

Articles marked with this Open Access icon are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.

 

Register for our alerting service, which notifies you by email when new issues of IJICS are published online.

 

We also offer RSS feeds which provide timely updates of tables of contents, newly published articles and calls for papers.

 

International Journal of Information and Computer Security (59 papers in press)

 

Regular Issues

 

  • A Robust and Blind Image Watermarking Scheme in DCT Domain   Order a copy of this article
    by Arup Kumar Pal, Soumitra Roy 
    Abstract: In this paper, the authors have presented a robust and blind watermarking scheme based on Discrete Cosine Transform (DCT) for protecting the copyright ownership of digital images. Initially, the image is decomposed into non overlapping blocks and subsequently DCT is employed on each block. In this work, a binary bit of watermark is embedded into each transformed block by modifying some middle significant AC coefficients using repetition code. During the embedding phase of the proposed method, DC and some higher AC coefficients are kept intact after zigzag scanning of each DCT block to ensure the high visual quality of watermarked image. The proposed scheme is suitable to protect the copyright information even in compressed form of the watermarked image since the scheme exploits the middle bands of DCT coefficients for embedding the watermark bits and in general high frequency bands are filtered in the compression process. The proposed scheme is tested on standard images and the simulation results show that the proposed watermark embedding procedure does not reflect too much impact on the visual quality of watermarked images. The proposed scheme is also tested to verify the withstand capability against several image processing attacks like image enhancement, image noising, cropping operation, sharpening, JPEG compression, geometric operation like image rotation etc. and satisfactory results are achieved.
    Keywords: Blind Watermarking; Discrete Cosine Transform; Digital Image Watermarking; Robust Watermarking; Repetition code.

  • Assessing Cyber-Incidents Using Machine Learning   Order a copy of this article
    by Ross Gore, Saikou Diallo, Jose Padilla, Barry Ezell 
    Abstract: One of the difficulties in effectively analyzing and combating cyber attacks is an inability to identify when, why and how they occur. Victim organizations do not reveal this data for fear of disclosing vulnerabilities and attackers do not reveal themselves for fear of being prosecuted. In this paper, we employ two machine learning algorithms to identify: (1) if a text-based report is related to a cyber-incident and (2) the topic within the field of cyber-security the incident report addresses. First, we evaluate the effectiveness of our approach using a benchmark set of cyber-incident reports from 2006. Then, we assess the current state of cyber-security by applying our approach to a 2014 set of cyber-incident reports we gathered. Ultimately, our results show that the combination of automatically gathering and organizing cyber-security reports in close to real-time yields an assessment technology with actionable results for intelligence and security analysts.
    Keywords: Computer crime prevention and detection; Information warfare; National security; Wireless and mobile network security; Software vulnerabilities; Emerging malware.

  • High frequency implementation of cryptographic hash function keccak-512 on FPGA devices   Order a copy of this article
    by Soufiane El Moumni, Mohamed Fettach, Abderrahim Tragha 
    Abstract: Cryptographic hash functions have an important role in numerous cryptographic mechanisms like computing digital signatures, checking data integrity, storing passwords and generating random numbers. Due to the cryptanalysis attacks on hash functions, NIST expressed its need to a new resistant hash function by announcing a public competition, this competition made Keccak hash function the new secure hash algorithm SHA-3. This new SHA-3 proved its strengths against recent attacks, however it has to be implemented efficiently in order to keep its resistance. In other words, an efficient FPGA design of hash functions is needed, be it increasing frequency, minimizing area consumption, or increasing throughput. In this paper we have focused on increasing frequency of the keccak-512, and we have achieved 401.2 MHz as a maximum frequency, and 9.62 Gbps as a throughput. The proposed design has been implemented in Xilinx Virtex-5 and Virtex-6 FPGA devices and compared to existing FPGA implementations.
    Keywords: SHA-3; Keccak; hardware implementation; FPGA; frequency; hash function; cryptographic protocols.

  • Innovative Data Security Model Using Forensic Audio Video Steganography for Improving Hidden Data Security and Robustness   Order a copy of this article
    by SUNIL MOON 
    Abstract: Data embedding using steganography is not a major issue but recovery of hidden data in a secured way without degradation of both original and secret data are the major problem. To the best of our knowledge many researchers are working on image steganography using (Exploited Modified Direction) EMD algorithm to improve the hiding capacity and security. But nowadays internet is mostly popular due to Face book, YouTube and WhatsApp which consists of videos; hence in this paper we have proposed a combination of video crypto-steganography and digital forensic technique using Modified General EMD (MGEMD) algorithm for enhancing the embedding capacity and security of secret data. We have embedded the secret data as an image and audio behind the selected frames of video and obtained the key security parameters using forensic technique to improve the hiding capacity and the data security which is found to be better than any other existing methods.
    Keywords: Modified general EMD; Normalized cross correlation (NCC); Video Crypto-Steganography; Attacks; Audio steganography; Data security;.
    DOI: 10.1504/IJICS.2018.10007844
     
  • Detection of Phishing attacks in financial and e-banking Websites Using Link and Visual Similarity Relation   Order a copy of this article
    by Ankit Jain, Brij Gupta 
    Abstract: Phishing is one of the major problems faced by the cyber-world and could lead to financial losses for both industries and individuals. In this paper, we present our proposed system which can detect Phishing attacks in financial and e-banking websites using link and visual similarity relation. Our proposed system analyse the keywords, hyperlinks and CSS layout of webpage, as many links point to corresponding legitimate page and phisher always tries to mimic the visual design of the page to steal confidential information. In the proposed system, we make set of all the associate domains and explore the links and similarity relation. In addition, we use the login form and whitelist based filtering to increase the running time and reduce the false positive rate. Our proposed system is not only able to detect phishing page accurately but its source page. Moreover, it does not require any prior training to detect zero-hour phishing attacks. Experiments are conducted over a 6616 phishing and legitimate sites and proposed system gives approximately 99.72% true positive rate and less than 1.89% false positive rate.
    Keywords: Phishing; Anti-phishing system; TF-IDF; Hyperlinks; DOM Tree; Webpage; Cascading Style Sheet (CSS).

  • Detection Algorithm for Internet Worms Scanning that Used User Datagram Protocol   Order a copy of this article
    by Mohammad M. Rasheed 
    Abstract: The Internet pervades almost every aspect of our lives. Also, with the development of network technologies and applications, worm attacks greatly affect the network infrastructure security and safety. As a key technique in network security domain, Intrusion Detection System (IDS) plays a vital role of detecting various kinds of worm scanning. The main purpose of IDS is to find out intrusions among normal audit data and this can be considered as a classification problem. This problem is brought about by the User Datagram Protocol (UDP) which is a connectionless protocol that means it does not require a formal handshake to get the data flowing and has no need for SYNs, ACKs, FINs flags, or any other handshaking. With UDP protocol, the packets are sent and received without warning, and previous notice is not usually expected. Worms also make use of UDP protocol to connect or scan with other hosts. In this research, UDP Scanning Worm Detection (UDPSWD) was proposed to detect UDP worm scanning by checking the failure message connections. UDPSWD focuses on The Internet Control Message Protocol (ICMP) unreachable, ICMP time exceeded and UDP is not responded to. The results show that UDPSWD is faster in comparison to other techniques, with no false positive or negative alarm.
    Keywords: Internet worm detection behavioral worm UDP scanning.

  • Panoramic Image Mosaics Via Distributed Systems Using Color Moments and Local Wavelet-features   Order a copy of this article
    by Feng Guo, Ying Wang 
    Abstract: Panorama has been widely used in virtual reality or the game application. This paper proposed an efficient method to perform the panoramic image mosaics by fusing color moments and local wavelet-features. Firstly, color moments are used to extract the key features of the panoramic image mosaics, which represents the physical quantities of the objects in the input image. Then, wavelet transform method is used to extract the macro characteristics of the input image. At last, the color moments and the features of waveletsub band statistics are combined to construct the feature vectors for image-patch representation. With a distributed system of local area network, the proposed mosaics method can achieve the accuracy of 295 FPS. Experimental results verify the effectiveness and satisfactory of the proposed method.
    Keywords: Panoramic images; local features; wavelet feature; color moments.

  • SPHERES: An Efficient Server-side Web Application Protection System   Order a copy of this article
    by Ouissem Ben Fredj 
    Abstract: While the web attacks grow in number and manner, the current web protection methods fail to follow this evolution. This paper introduces a new design of a Web application protection method called SPHERES. The main idea behind SPHERES is that it is placed in the application server, it intercepts the decrypted traffic, and checks it against a set of filtering rules specific to the requests. This design allows SPHERES to have the most accurate picture of the exchanged traffic, the websites structures and workflows, the user sessions and their states, and the system states. This accurate picture of the total system allows SPHERES to build a protection sphere around the website and checks several types and levels of protections efficiently. In addition to the detection of known attacks, SPHERES is able to detect zero-day attacks at runtime. The performance study of SPHERES shows that it is much better than two famous existing web protection tools.
    Keywords: Web application security; Protection method; Web application firewall; Owasp; Xss; Csrf; Sql injection.

  • A novel verifiable and unconditionally secure (m,t,n)-threshold multi-secret sharing scheme using Overdetermined systems of linear equations over finite Galois fields   Order a copy of this article
    by Faraoun Kamel Mohamed 
    Abstract: Threshold multi-secrets sharing schemes allow sharing a set of m secrets among n participants, while secrets can be revealed only if t or more participants collude. Although many multi-secret sharing schemes have been proposed, several improvements remain essential in order to cope with actual effectiveness and security requirements, including computational performances and compliance for large-scale data. In this paper, we present a novel multi-secrets (m,t,n)-threshold scheme using overdetermined systems of linear equations defined over finite Galois fields. The scheme provides unconditional security, linear sharing /reconstructing complexities and holds secure verifiability and t-consistence. By considering both secrets and shares as elements over finite Galois fields GF(2r), optimal and space-efficient representation is ensured compared to recent sharing schemes. In addition, the scheme provides dynamic secrets sharing, forgery/cheating detection and robustness against common attacks, while lower computational overhead is required.
    Keywords: Verifiable multi-secrets sharing; overdetermined systems of linear equations; Galois field; unconditional security.

  • A generic construction of identity-based proxy signature scheme in the standard model   Order a copy of this article
    by Xiaoming Hu, Huajie Xu, Jian Wang, Wenan Tan, Yinchun Yang 
    Abstract: Recently, numerous identity-based proxy signature (IDPS) schemes are constructed by direct methods or generic methods. However, most of them are proved only to be secure in the random oracle model or are involved high computational cost. In this paper, we present a novel and generic construction method of IDPS scheme secure in the standard model from any identity-based signature (IDS) scheme. The security of IDPS scheme constructed by our method is based on the security of the original IDS scheme. The computational cost of constructing an IDPS scheme is almost the same as that of constructing an original IDS scheme. Compared with other existing IDPS schemes constructed by direct methods or other generic methods, our IDPS scheme has better performance: the signature length and the computational cost of our IDPS scheme are almost half of other existing IDPS schemes. What's more, our method can be applied to construct other identity-based proxy cryptosystems.
    Keywords: cryptography; identity-based proxy signature; identity-based signature; provably secure; standard model.

  • Outsourcing Computation for Private Function Evaluation   Order a copy of this article
    by Henry Carter, Patrick Traynor 
    Abstract: Outsourcing secure multiparty computation (SMC) protocols has allowed resource-constrained devices to take advantage of these developing cryptographic primitives with great efficiency. While the existing constructions for outsourced SMC guarantee input and output privacy, they require that all parties know the function being evaluated. Thus, stronger security guarantees are necessary in applications where the function itself needs to be kept private. We develop the first linear-complexity protocols for outsourcing private function evaluation (PFE), a subset of SMC protocols that provide both input and function privacy. Assuming a semi-honest function holder, we build on the most efficient two-party PFE constructions to develop outsourced protocols that are secure against a semi-honest, covert, or malicious Cloud server and malicious mobile devices providing input to the function. Our protocols require minimal symmetric key operations and only two rounds of communication from the mobile participants. To make these protocols possible, we develop a technique for combining public and private sub-circuits in a single computation called partially-circuit private (PCP) garbling. This novel garbling technique allows us to apply auxiliary circuits to check for malicious behavior using only free-XOR overhead gates rather than the significantly more costly PFE gate construction. These protocols demonstrate the feasibility of outsourced PFE and provide a first step towards developing privacy-preserving applications for use in Cloud computing.
    Keywords: private function evaluation; garbled circuits; server-assisted cryptography.

  • An Ensemble Algorithm for Discovery of Malicious Web Pages   Order a copy of this article
    by Hedieh Sajedi 
    Abstract: Internet has become one of our daily life activities that all of us agree on its important role. It is necessary to know how it can either have misuse. Identity theft, brand reputation damage and loss of customers confidence in e-commerce and online banking are examples of the damages it can cause. In this paper, we proposed an ensemble learning algorithm for discovery of malicious web pages. The goal is to provide more learning chance to the data instances, which are misclassified by previous classifiers. To this aim, we employ a Genetic Algorithms (GA) to improve classification accuracy. In this algorithm a weight is assigned to a weak classifier and GA chooses the best set of committee members of weak classifiers to make an optimal ensemble. Experimental results demonstrate that this algorithm leads to the classification accuracy improvement.
    Keywords: Genetic Algorithms; Malicious Web Pages; Evolutionary Learning; Ensemble Learning.

  • PrivacyContext: Identifying Malicious Mobile Privacy Leak Using Program Context   Order a copy of this article
    by Xiaolei Wang, Yuexiang Yang 
    Abstract: Serious concerns have been raised about users privacy leak in mobile apps, and many detection approaches are proposed. To evade detection, new mobile malware starts to mimic privacy-related behaviors of benign apps, and mix malicious privacy leak with benign ones to reduce the chance of being observed. Since prior proposed approaches primarily focus on the privacy disclosure discovery,these evasive techniques will make differentiating between malicious and benign privacy disclosures difficult during privacy leak analysis. In this paper, we propose PrivacyContext to identify malicious privacy leak using context. PrivacyContext can be used to purify privacy leak detection results for automatic and easy interpretation by filtering benign privacy disclosures.Experiments show PrivacyContext can perform an effective and efficient static privacy disclosure analysis enhancement and identify malicious privacy leak with 92.73% true positive rate. Evaluation also indicates that to keep the accuracy of privacy disclosure classification, our proposed contexts are all necessary.
    Keywords: Privacy Leak; Context; Activation Event; Dependent operation; Sources; Sinks.

  • On Mapping of Address and Port using Translation (MAP-T)   Order a copy of this article
    by Aniruddha Bhattacharjya, Xiaofeng Zhong, Jing Wang, Xing Li 
    Abstract: Due to the shortage of IPv4 addresses, many hosts are currently assigned to a single IPv4 address by using one or a number of NAT devices. In these circumstances, an accessible public IPv4 address is consigned to the NAT device. The 6to4 tunnel endpoint must be executed with that specified NAT device. However, numerous NAT devices are already positioned and cannot be upgraded for executing 6to4 due to technical and/or economic reasons. Solutions depending on Double Network Address Translation 64 are a good way to utilize shared IP4 addressing. In addition, it allows the network operator to optimize his or her work and operations around the IP6 network. Mapping of address and port using translation (MAP-T) is a technique that accomplishes double translation on Border Relay (BR) and customer edge (CE) devices. IPv4 and IPv6 forwarding, IPv4 and IPv6 fragmentation functions, and NAT64 translation functions are used by MAP-T. This enables increasing numbers of IPv6 in both clients and servers in order to possess the best defence against certain attacks, such as routing loop attacks, spoofing attacks, denial-of-service attacks, etc. It is necessary to first evaluate hardware/software support with application porting, as well as limit the scope and interaction mechanisms. We have here proposed some procedures for creating frameworks and sustaining secure IPv6 networks. According to applications, environs and architecture, it is possible to achieve stable and secure IP6 networks.
    Keywords: MAP-T; Border Relay; IPv4 tunnel (6to4); UDP/IPv4 datagrams; NAT; DoS; IPv6.
    DOI: 10.1504/IJICS.2018.10008372
     
  • Video Watermarking Scheme based on IDR frames using MPEG-2 Structure   Order a copy of this article
    by Rakesh Ahuja, Sarabjeet Singh Bedi 
    Abstract: An MPEG-2 based robust, invisible and blind watermarking scheme for video is presented. The proposed algorithm using the DC coefficients from 8 x 8 block of discrete coefficient transforms matrices generated from candidate IDR frames picking periodically in order to embed the scrambled binary watermark. The watermark can only be extracted by using the secret keys, which also enhances the security of watermark itself. Therefore the extraction will never possible without knowing the actual keys. The robustness is evaluated by testing against image processing attacks and video processing intentional and non-intentional attacks by evaluating two parameters as Normalized Correlation and Bit error Rate in order to find the degree of similarity and degree of dissimilarity respectively between the original and extracted watermark. The superiority of the proposed video watermarking algorithm is that the excellent robustness achieved to common video processing unintentional attacks as synchronization attacks and MPEG-2 compression attack by comparing it previous work and also good perceptibility obtained without changing the motion vectors during the DPCM process of MPEG-2 encoding scheme
    Keywords: Discrete cosine transforms (DCT); Information retrieval; MPEG-2 Structure; Video compression.
    DOI: 10.1504/IJICS.2018.10010172
     
  • HYBRID RSA based highly efficient, reliable and strong personal Full Mesh Networked messaging scheme   Order a copy of this article
    by Aniruddha Bhattacharjya, Xiaofeng Zhong, Jing Wang, Xing Li 
    Abstract: Efficient balancing of privacy, and strong authentication in end-to-end (E2E) security constitutes a challenging task in the field of personal messaging. Since RSA is a ubiquitous approach, we here propose a hybrid RSA-based, highly efficient, reliable, and strong personal full mesh networked messaging scheme. M-Prime RSA and CRT-RSA with shared RSA makes our Hybrid RSA decryption much more secure and efficient, and protects our users with complete privacy. However, computational modular exponentiation complexity and partial key exposure vulnerability of RSA present two major obstacles. Low modular complexity and asymptotic very slow speed of decryption of RSA, with the ease and speed problem in encryption of RSA are also problems to be solved. Our Hybrid RSA cipher resolves all of the above issues, and provides protection against exploitation of multiplicative property and homomorphic property of RSA. Our full mesh networking scheme also ensures E2E encryption for all peers. So, our three-way authenticated Hybrid RSA messaging scheme achieves a perfect balance of efficiency, security, authentication, reliability, and privacy. Consequently, our scheme offers a smarter choice for private messaging in existing, as well as future, Internet architectures.
    Keywords: M-Prime RSA; CRT-RSA; Hybrid RSA; PFS; OAEP.
    DOI: 10.1504/IJICS.2018.10010256
     
  • Study on Data Fuzzy Breakpoint Detection in Massive Dynamic Data flow   Order a copy of this article
    by Yingying Mao, Hao Yuan 
    Abstract: The current method obtains the frequency of occurrence of abnormal data detected in the adjacent regions through reading between the sensor and the adjacent conversion data, and uses the frequency of occurrence of abnormal data to describe the spatial correlation, according to readings of sensor data using the Bayesian analysis method of sensor to determine whether the sensor is abnormal. But this method has the problem of low detection accuracy. For this reason, this paper proposes a method to detect the fuzzy breakpoint of data in the massive dynamic data flow. Firstly, this method used the amplitude difference method to determine the abnormal data amplitude and the discrete point difference of data fuzzy breakpoint, and then used the wavelet transform to extract the features of inflection point of the data fuzzy breakpoint. Combined with the features of inflection point of the extracted data fuzzy breakpoint, we carried out the support vector machine classification, and detected the data fuzzy breakpoints in the massive dynamic data flow. Experimental results show that the proposed method can effectively improve the accuracy of fuzzy breakpoint detection.
    Keywords: Massive dynamic; Data flow; Data fuzzy breakpoint; Support vector machine.

  • SAPMS: A Secure and Anonymous Parking Management System for Autonomous Vehicles   Order a copy of this article
    by Oladayo Olakanmi 
    Abstract: Recent surveys on Autonomous Vehicle (AV) (SAE level 5) have shown its potential in transforming road transportation system by not only making roads safer, but enhances car sharing and mobility. Although, its advent will revolutionize road transportation, but before this could be achieved vital operations in road transportation management systems will need to be modified or redesigned. One of these operations is parking system; most of the existing parking system are targeted towards non-autonomous vehicles (level-0 vehicles) where parking is not only distance-bound but parking prices are affected by other factors such as time and location. In this paper we propose a smart and anonymous parking management system using a novel space selection technique and anonymous authentication for space selection and reservation. The parking system is capable of anonymous-search for different parking spaces, and optimally determines whether to perform time-piece parking or single parking based on parking cost. To achieve this, the system determines the parking pattern with the lowest parking cost using the developed space selection algorithm and anonymous authentication scheme. The performance of the system was evaluated in terms of estimated computation cost and possibility of obtaining optimal parking pattern under the dynamic pricing system. The results showed that the proposed system is capable of selecting the best parking pattern in terms of cost. The results of the authentication overhead analysis show the estimated anonymous authentication time of 29:08ms for the propose scheme as against 51.9ms and 48.30ms of the two state-of-the-art anonymous schemes proposed in [32] and [27] respectively.
    Keywords: Smart Parking system; Autonomous vehicle; Transportation management; Privacy;Authentication.

  • Introducing Virtue Ethics Concepts into the Decision Processes of Information Systems Trusted Workers: A Delphi Study   Order a copy of this article
    by John Gray, Gurvirender Tejay 
    Abstract: Human factors affect the incorporation and efficiency of information systems security (ISS). This study examined various factors which affect and shape the ethical perspectives and decision making processes of individuals with access to personal, sensitive, and classified information maintained in information systems. A two-round web-based Delphi survey was completed by a ten member panel of ISS subject matter experts who were convened to identify and establish the key indicators of four virtue ethics based formative constructs for ISS trusted worker decision making and conduct. Consensus was reached on the applicability of a set of indicators for each construct. The high level of agreement among panel members indicates that these constructs can be used to promote conceptual thinking about the influences and implications to the ISS culture in an organization. The controls lay the foundation for future research as they can be incorporated into a new theoretical model of ISS trusted worker ethical behavior.
    Keywords: Information system security; Trusted workers; Virtue ethics; Delphi study; Construct development.

  • Information Hiding: A Novel Algorithm for Enhancement of Cover Text Capacity by Using Unicode Characters   Order a copy of this article
    by Muhammad Azeem, Cai Yongquan, Allah Ditta, Khurram Gulzar Rana, Faheem Akhtar Rajpoot 
    Abstract: From centuries, information security has been an attractive topic for security officials, intruders, hackers and other communication sectors throughout the world. Cryptography and steganography are widely practiced for secure communication over the internet. In steganography, data hiding capacity has been a great challenge for the research community and security officials. In this research, a novel algorithm is elaborated to conceal secret data with higher cover text capacity by using three different Unicode characters such as Zero Width Joiner (ZWJ), Zero Width Non-Joiner (ZWNJ) and Zero Width Character (ZWC). English text is taken as a message carrier. Before embedding a secret message into cover text, ones complement is applied on binary value of specific characters in secret message. Furthermore, Steger is developed for the practical implementation of designed algorithm. The results revealed that newly designed algorithm reported higher data hiding capacity with security and size efficiency. This is an astonishing increase in data hiding capacity of carrier text. The Unicode approach was efficiently and effectively used to reduce the attention of intruders.
    Keywords: Unicode; Zero Width Joiner (ZWJ); Zero Width Non-Joiner (ZWNJ); Zero Width Character (ZWC); Cover Media; Text steganography.
    DOI: 10.1504/IJICS.2018.10012517
     
  • A Novel Approach for Query over Encrypted Data in Database   Order a copy of this article
    by Jaafer AlSaraireh 
    Abstract: Database management is considered an essential component of many information systems to store data. Some database system contains secure data; these data are protected by using encryption techniques. The query performance is affected by encryption techniques. Therefore; should be a balance between the security and performance. A new technique in this research work has been proposed to enhance the query performance over the encrypted fields in a database system. This technique is based on producing a unique hash value for each secure data and transform the SQL query into an appropriate formula to be executed over the hash value fields. The proposed approach has eliminated any statistical relationship between encrypted and hash value fields. The time of execution encryption/decryption is reduced to enhance the performance of the query over encrypted secure data in the proposed technique. A set of experiments are carried out, and the results indicate that the performance of SQL-Query is enhanced by reducing the average response time to 14 compared with others related approaches.
    Keywords: SQL; Hash Value; Secure Data; Database; Security; Encryption.

  • Secure and Privacy-Preserving Multi-Keyword Ranked Information Retrieval from Encrypted Big Data   Order a copy of this article
    by Lija Mohan, Sudheep Elayidom 
    Abstract: Cloud deployment raises some security challenges to the confidentiality of data and the privacy of users. These challenges, along with the pressing demand for adopting Big Data technologies, together call for the development of stronger encryption algorithms. But encrypting the data makes it difficult to retrieve the most matching documents with respect to the query keywords. Therefore, the authors propose a solution for the ranked encrypted information retrieval, using the Modified Homomorphic Encryption Scheme (MHE) still preserving users privacy. The scheme efficiently utilises the processing power of the cloud server to compute the similarity scores, leaving the decryption and ranking to the client side, thus ensuring the security of the data. Vector space model and Term Frequency-Inverse Document Frequency (TF-IDF) concepts are used for similarity matching. The execution is then accelerated using a Hadoop Cluster and is found to be accurate, efficient, scalable and practical for real world applications.
    Keywords: Ranked Information Retrieval; Big Data Security; Privacy; Cloud; Homomorphic Encryption; Similarity Matching ; Encrypted Data Searching.

  • CFM: Collusion-Free Model of Privacy Preserving Frequent Itemset Mining   Order a copy of this article
    by Yoones A. Sekhavat 
    Abstract: Although many privacy preserving frequent itemset mining protocols have been proposed to preserve the privacy of participants, most of them are vulnerable against collusion. Usually, these protocols are designed for semi-honest model, where in this model, it is assumed that the participants do not deviate from the protocol. However, in real world, participants may collude with each other in order to falsify the protocol or to obtain the secret values of other parties. In this paper, we analyzes the vulnerability of previous privacy preserving frequent itemset mining protocols from privacy point of view, and then, we proposes a new protocol (CFM), which preserves the privacy of participants, even in collusion state. CFM is designed for mining frequent itemsets from homogenous (Horizontally partitioned) data, which not only preserves the privacy of participants in collusion states, but also shows better performance in comparison with previous works. In order to achieve this goal, CFM employs a new secret sharing and secret summation scheme, which distributes secret values among participants. Privacy preserving level of CFM is evaluated based on the disclosure of sensitive information.
    Keywords: Privacy preserving data mining; frequent itemset mining; secure computation; association rules.

  • Lightweight R-LWE based Privacy Preservation Scheme for Smart Grid Network   Order a copy of this article
    by Aarti Agarkar, Himanshu Agrawal 
    Abstract: Privacy preservation is one of the important research challenges in IoT applications. In one such IoT application; Smart Grid Network, billing information and energy profiling information of the customer may be collected, aggregated, and forwarded to control center for further analytics. Based on the research findings, traditional public key cryptography is not secured against quantum attacks. Our study is motivated by the recent developments in the lattice-cryptography schemes. This paper presents a lightweight R-LWE lattice-cryptography based scheme to sign and encrypt message traffic in smart grid. Security analysis suggests that proposed scheme preserves the privacy of customer. Performance analysis shows that proposed scheme cause less communication overhead as compared to traditional public key cryptography yet maintain parallel with NTRU based scheme and outperforms both formats of public key cryptography in regards to computation overhead.
    Keywords: Smart grid network; Security; Privacy; Lattice cryptography.

  • Towards Automated SCADA Forensic Investigation: Challenges, Opportunities, and Promising Paradigms   Order a copy of this article
    by Mohamed Elhoseny, Hosny Abbas 
    Abstract: Modern Supervisory Control And Data Acquisition (SCADA) networks represent a challenging domain for forensic investigators who have the responsibility to determine the main causes of the catastrophic incidents that could happen in SCADA systems and provide precise and logical evidences to the legal organizations. They are characterized to be complex, large-scale, and highly distributed systems comprising diversities of proprietary components such as field devices, embedded control systems, computers, communication networks, etc. Providing forensic investigators with automated forensic investigation can be an effective solution against the challenging nature of modern SCADA networks. This review paper discusses the challenges and opportunities towards achieving that goal and highlights the emerging technological paradigms that can be considered as promising in the realization of such a framework. Finally, this paper proposes a conceptual framework for automated forensic investigation in modern secure SCADA networks based on the Multi-Agent Systems and Wireless Sensor Networks promising technological paradigms.
    Keywords: Digital Forensic Investigation; Automated Forensic Investigation; Industrial Environments; SCADA systems; SCADA Forensics; Conceptual framework.

  • Fast Causal Division for Supporting Robust Causal Discovery   Order a copy of this article
    by Guizhen Mai, Shiguo Peng, Yinghan Hong, Pinghua Chen 
    Abstract: Discovering the causal relationship from the observational data is a key problem in many scientific research fields. However, it is not easy to detect the causal relationship by using general causal discovery methods, such as constraint based methods or additive noise model (ANM) based methods, among large scale data with insufficient samples, due to the curse of the dimension. Although some causal dividing frameworks are proposed to alleviate these problems, they are, in fact, also faced with high dimensional problems, as the existing causal partitioning frameworks rely on general conditional independence (CI) tests. These methods can deal with very sparse causal graphs, but they often become unreliable, if the causal graphs get more intensive. In this thesis, we propose a splitting and merging strategy to expand the scalability of generalized causal discovery. Our method first divides the original dataset into two smaller subsets by using low-order CI tests, and then the subsets are further divided into two subsets respectively. In this way, the original dataset are literately divided into a set of smaller subsets. For each subset, we employ the exiting causal learning method to discovery the corresponding structures, by combined all these structures, we finally obtain the complete causal structure w.r.t. the original data set. Various experiments are conducted to verify that compared with other methods, it returns more reliable results and has strong applicability for various cases.
    Keywords: High-dimension;causal inference; causal network.

  • An Improved Key Pre-Distribution Scheme Based on the Security Level Classification of Keys for Wireless Sensor Networks   Order a copy of this article
    by Jianmin Zhang, Hua Li, Jian Li 
    Abstract: The use of wireless sensor networks (WSNs) in any real-world application requires a certain level of security. To provide security of operations such as message exchange, key management schemes have to be well adapted to the particularities of WSNs. Unfortunately, the resource limitation of sensor nodes poses a great challenge for designing an efficient and effective key establishment scheme for WSNs. This paper proposes a novel key management scheme. In the proposed scheme, the pre-distributed keys in nodes are classified different security levels and the higher security level of the pre-distributed key in compromised nodes will disclose the fewer pre-distributed keys in the uncompromised nodes than that of the lower security level of the pre-distributed key. The proposed scheme is analyzed based on connectivity, resistance against attacks, memory consumption and communication overhead. Simulation results confirm that the proposed scheme has a good resilience against node compromising attacks compared to the existing schemes.
    Keywords: wireless sensor networks; key predistribution; security level classification; hash function.

  • CSPS: Catchy Short Passwords Making Offline and Online Attacks Impossible   Order a copy of this article
    by Jaryn Shen, Qingkai Zeng 
    Abstract: This paper proposes to address online and offline guessing attacks to passwords without increasing users\' efforts in choosing and memorizing their passwords.\r\nIn CSPS, a password consists of two parts, a user-chosen short password and a server-generated long password. The short password should be memorized and secured by its user while the long password be encrypted and stored on the server side. To keep the secret key for protecting the long password secure, an additional sever is introduced to store the secret key and provide encryption/decryption services.\r\nOn top of Balloon, CSPS is integrated with the benefits of expensive hash and secure encryption. It is mathematically proved that computationally unbounded attackers cannot succeed in offline dictionary or brute-force attacks or a combination of offline and online attacks. The criteria of security is established, which quantifies the security. To our best knowledge, CSPS is the first technique to make the security quantifiable in password authentication mechanisms.
    Keywords: password; attack; password-guessing; authentication; balloon hashing; hash function; encryption; web service.

  • System for DDoS attack mitigation by discovering the attack vectors through statistical traffic analysis   Order a copy of this article
    by Mircho Mirchev, Seferin Mirtchev 
    Abstract: DDoS attacks are becoming an increasing threat to the Internet due to the easy availability of user-friendly attack tools. In meantime defending from such attacks is very difficult, because it is very hard to differentiate between the legitimate traffic and attack traffic and also maintain the attacked service still accessible while under attack. This paper describes a method for discovering the vector of a DDoS attack using statistical traffic analysis. The discussed methods are based on having a notification of the attack and making a statistical analysis of the attack traffic to find the vector and profiling a statistical baseline of normal traffic and discovering the abnormal traffic as a difference in the statistical parameters of TCP/IP packets in a given moment to the baseline and thus making a decision of the attack and its vector simultaneously.
    Keywords: DDoS attack; vector of attack; statistical analysis; IP network security.

  • HHDSSC: Harnessing Healthcare Data Security in Cloud Using Ciphertext Policy Attribute Based Encryption   Order a copy of this article
    by Ramesh Dharavath, Rashmi Priya Sharma, Damodar Reddy Edla 
    Abstract: The advancement of cloud computing has great impact on the medical sector. Due to its storage facility, e-healthcare has emerged as a promising healthcare solution for providing fast and immediate treatment to patients. The PHRs collected and outsourced in the cloud leads to security concern. The data outsourced in the cloud is no more under the direct control of the patient, hence data should be encrypted prior its storage. Existing works based on group signature require high amount of computation. Other issues like confidentiality of private data, efficient key distribution, scalable and flexible fine-grained data access, revocation and tracing the malicious user is yet to be addressed to maintain the integrity of the patients. In this manuscript, we propose EPOC-1 based multi authority CP-ABE which can trace and revoke the malicious user who leaks the real identity and confidential data of the patient without any storage overhead. This methodology of white-box traceability presented in this manuscript, traces the malicious user efficiently. The proposed scheme is validated with some existing policies and makes the healthcare domain more securable under the cloud setup.
    Keywords: Cloud data storage; Personal health records (PHRs); CP-ABE; EPOC-1; Traceability; Accessibility Revocation.

  • Protecting Composite IoT Server by Secure Secret Key Exchange for Xen Intra Virtual Machines   Order a copy of this article
    by Anil Yadav, Anurag Tripathi, Nitin Rakesh, Sujata Pandey 
    Abstract: Security and privacy challenges are immense in sensor devices and servers interacting with these devices. Assuring security and secrecy of data across these entities is not exclusively the primary necessity, merely is a basis for secure communication. By using Xen hypervisors capabilities as a composite server for the smart home environment, we discover that security threats like sniffing and spoofing compromise the privacy of information across the virtual machines in the virtualized composite server. This paper, highlights the services required for IoT specific devices in a smart home network and proposed a method to protect the secrecy of data by preventing the sniffing and spoofing across intra virtual machines in Xen. The Xen hypervisor acts as a middleman between the Internet and smart home network. The proposed method focuses on providing secrecy to the data by encrypting it before transmiting it from the Host to the Guest operating system. Host encrypts the data with a secret key dedicated to the respective Guest. It also includes a secret key generation mechanism for all the Guests and extend it to a secure key sharing method between them. The secret key generated is unique to each Guest. The implementation is done by incorporating encryption and decryption methods at kernel netfilter drivers at Host and the Guest operating systems. We have presented the results by using encryption over TCP and UDP data and analyzed the results for CPU and network bandwidth utilization with encryption and without encryption. We have also analyzed security threats like sniffing and spoofing with respect to key and data transfer between Host and Guest operating systems of the Xen intra virtual machine.
    Keywords: Smart Objects; Security; Privacy; Xen; Host; Guest; Virtual Machine; IoT; Sensor; Sniffing; Spoofing.

  • Prediction Based Robust Blind Reversible Watermarking for Relational Databases   Order a copy of this article
    by Unni Krishnan K, Pramod K V 
    Abstract: Objectives: As the size of database grows, the possibility of database corruption also increases. One such example is of temporal databases in which deletion never occurs except in case of vacuuming. A strong security mechanism is needed to find any database modification. In case of any tampering, tampered data should be identified and recovery of original data from the tampered one is also essential. Methods: In this work, a new watermarking scheme for database authentication and forensic analysis is developed. The proposed system uses a set of watermark bits to make a validation and recovery mechanism for database authentication. In order to measure the robustness of this approach, online available yahoo financial data is watermarked through this approach and simulation of insertion, modification and deletion attacks are performed. Findings: Normalized Correlation (NC) and Mean Square Error (MSE) are used for measuring the performance of this approach. Extensive analysis shows that the proposed method is robust against various forms of database attacks, including insertion, deletion and modification. Improvement: In future, in order to identify the best possible locations for embedding the watermark, optimization algorithms can be used. Also methods may be developed for enhancing the embedding capacity of the watermark.
    Keywords: Database Watermarking; Database Forensic Analysis; Tuple Insertion Attack; Tuple Deletion Attack; Tuple Modification Attack; Blind Watermarking; Reversible Watermarking;.

  • Improved RSA Lossy Trapdoor Function and Applications   Order a copy of this article
    by Nanyuan Cao, Zhenfu Cao, Xiaolei Dong, Haijiang Wang 
    Abstract: Kakvi and Kiltz (EUROCRYPT'12) proposed the fristtight security reduction for RSA Full Domain Hash signature scheme (RSA-FDH) with public exponent $e < N^{1/4}$ in the random oracle (RO) model, and they left an open problem which called for a tightly secure RSA-FDH for $ N^{frac{1}{4}} Keywords: RSA; Lossy Trapdoor Function; Full Domain Hash; Blind Signatures.

  • On the Adoption of Scramble Keypad for Unlocking PIN-protected Smartphones   Order a copy of this article
    by Geetika Kovelamudi, Bryan Watson, Jun Zheng, Srinivas Mukkamala 
    Abstract: Lock screen is a user interface feature used in mobile operating systems to prevent unauthenticated access and protect sensitive private information in the mobile devices. PIN (Personal Identification Number) is a simple and effective mechanism for screen unlocking used by about one third of smartphone users. However, PIN unlock is also susceptible to a number of attacks such as guessing attacks, shoulder surfing attacks, smudge attacks and side-channel attacks. Scramble keypad is a method proposed to improve the security of PIN by changing the keypad layout in each PIN-entry process. However, scramble keypad has not been provided as a standard feature in popular mobile operating systems like Android and iOS. In this work, we conducted a security and usability analysis of scramble keypad through theoretical analysis and user studies. The security analysis shows that scramble keypad can defend smudge attacks perfectly and greatly reduce the threats of side-channel attacks. The results of our user study demonstrate that scramble keypad has a significant better chance to defend shoulder surfing attacks than standard keypad. We also investigated how the usability of scramble keypad is compromised for the improved security through a user study. Our work suggests that it is worthy to include scramble keypad as a standard option of mobile operating systems for unlocking PIN-protected smartphones.
    Keywords: scramble keypad; PIN unlock; mobile security; usability; attacks.

  • Vulnerability Severity Prediction Model For Software Based on Markov Chain   Order a copy of this article
    by Gul Jabeen, Yang Xi, Ping Luo 
    Abstract: Software vulnerabilities primarily constitute security risks. Commonalities between faults and vulnerabilities prompt developers to utilize traditional fault prediction models and metrics for vulnerability prediction. Although traditional models can predict the number of vulnerabilities and their occurrence time, they fail to accurately determine the seriousness of vulnerabilities, impacts, and severity level. To address these deficits, we propose a method for predicting software vulnerabilities based on a Markov Chain model, which offers a more comprehensive descriptive model with the potential to accurately predict vulnerability type, i.e., the seriousness of the vulnerabilities. The experiments are performed using real vulnerability data of three types of popular software: Windows 10, Adobe Flash Player and Firefox, and our model is shown to produce accurate predictive results.
    Keywords: software vulnerability; VL; severity/seriousness; prediction model; software security; Markov Chain.

  • FairAccess 2.0: a smart contract-based authorization framework for enabling granular access control in IoT   Order a copy of this article
    by Aafaf OUADDAH 
    Abstract: In this paper, we explore access control area as one of the most crucial aspect of security and privacy in IoT. Actually, conventional security and privacy solutions tend to be less tailored for IoT. Then, designing a distributed access control with user-driven approach and privacy-preserving awareness in IoT environment is of a paramount importance. In this direction, we have investigated in our previous work a new way to build a distributed access control framework based on the blockchain technology through our proposed framework FairAccess. The first version of FairAccess was based on the UTXO model. However, this version presents limitations in expressing more granular access control policies. To tackle this issue, this paper upgrades the proposed Framework to FairAccess 2.0 that uses SmartContract concept instead of the unlocking script. Thus, we show a possible working implementation based on ABAC policies, deployed on the Ethereum blockchain. The obtained results show the efficiency of FairAccess 2.0 and its compatibility with a wide range of existing access control models mainly the ABAC model. Finally, a performance and cost evaluation, discussion and future work are elaborated.
    Keywords: security; privacy; access control; authorization; ABAC; blockchain; smart contract; IoT; Raspberry PI; Ethereum.

  • A Complexity Reduced and Reliable Integrity Protection for Large Relational Data over Clouds   Order a copy of this article
    by Waqas Haider, Wasif Nisar, Tanzila Saba, Muhammad Sharif, Raja Umair, Nadeem Bilal, Muhammad Attique 
    Abstract: At present governments and private business operations are highly dependent on relational data applications such as bank accounts, citizen registration etc. These relational data dependent operations require reliable integrity protection while utilizing the cloud computing storage infrastructure. Identification and recovery of stolen bits are a major assistance to the reliable integrity protection services for the sensitive relational data applications. To deal with the problems of detecting and recovering tampering in large relational data at minimum computational complexity, in this paper N8WA (briefed in section 2.1) coding based scheme is presented. Overall the scheme is comprised of two cross functional modules. The first module is labeled as compact code generation using N8WA coding and code registration at registration module (RM). In the second module which is called accurate locating/restoring tampering, utilizing the mismatching of different compact codes based on N8WA from RM, the major/minor tampered data is accurately located and restored. Investigational outcome indicates that the scheme ensures the computational complexity of O(n2) while minimum to maximum alterations is accurately localized and restored successfully.
    Keywords: Cloud Data Recovery; Database Integrity verification; Digital Tamper-proofing; Localization; Restoration; Multiple Data types; Fragile watermarking; Zero Watermarking; Lossless compression.

  • Reversible data hiding methods in Integer Wavelet Transform   Order a copy of this article
    by Amishi Kapadia, Nithyanandam P 
    Abstract: Reversible data hiding is art of concealing secret information such that cover media and secret information are both recovered without any information loss. In this paper high frequency sub-bands of integer wavelet transform are used for data embedding. All coefficients are used for embedding and to improve the security the embedding is carried out in frequency domain using spiral, sequential and random embedding method. The main objective of this research is to hide the maximum data with minimal distortion and to attain reversible hiding phenomenon both in cover and secret image. The experimental result shows the improved capacity, imperceptibility and complete reversibility attained on standard and medical images. The parameter of robustness has not been vastly studied for reversible data hiding and an attempt is made to check the same for basic attacks and results shows that it can withstand geometrical attack.
    Keywords: Reversible data hiding (RDH); Integer wavelet transforms (IWT); Embedding methods; medical images; payload; and cover medium.

  • Secure Session between IoT Device and Cloud Server based on Elliptic Curve Cryptosystem   Order a copy of this article
    by Ting-Fang Cheng, Ying-Chin Chen, Zhu-Dao Song, Ngoc-Tu Huynh, Jung-San Lee 
    Abstract: The Internet of Things (IoT) has brought the properties of convenience, intelligence, and manageability into our daily lives. Nevertheless, it also gives malicious attackers lots of opportunity to compromise our private information. Hence, the security issue over IoT has become an emergent and crucial research topic. Kalra and Sood proposed an authentication scheme for IoT device and cloud server in 2015 [13]. Unfortunately, Chang et al. have pointed out weaknesses of Kalra and Sood scheme and provided proper improvements in 2017 [14]. However, we have found that the improved version still exists potential risks. Thus, we aim to develop a brand-new ECC based authentication mechanism for offering a secure session between IoT device and could server. In particular, the new method is proved secure under the examination of AVISPA, which is a formal verification tool.
    Keywords: IoT; authentication; ECC cryptosystem.

  • A hierarchical method for assessing cyber security situation based on ontology and fuzzy cognitive maps   Order a copy of this article
    by Zhijie Fan, Chengxiang Tan, Xin Li 
    Abstract: The hierarchical analysis method is widely used in the field of cyber security situation assessment, it is a key research topic. However, lots of them have paid less attention to the analysis of interrelationships among cyber security situation elements, and still have no effective cyber security events tracking capability. In this work, we proposed a hierarchical cyber security situation assessment method based on ontology and Fuzzy Cognitive Maps (FCM). Firstly, we collected cyber security events from multiple ways and created a general cyber security risk events according to structured description of events based on ontology. Secondly, we generated semi-automatically the FCM structure according to general cyber security risk events using our FCM build method. Thirdly, we assessed and quantified cyber security situation based on ontology and FCM, and then determined the cyber security situation level according to relevant cyber security risk level table. At last, the cyber security events tracking capability was introduced. In our experiment, we used DARPA2000 dataset to verify and analyze our cyber security assessment method and explained tracing the high-risk events in target network. The result shows that our method can reflect the cyber security situation accurately and has the cyber security tracing capability.
    Keywords: cyber security situation; situation assessment; hierarchical analysis; ontology; fuzzy cognitive maps; tracing back.

  • Image encryption scheme based on a novel fractional order compound chaotic attractor   Order a copy of this article
    by Jian-feng Zhao, Shu-ying Wang, Li Tao Zhang, Xian Feng Li 
    Abstract: Many image encryption algorithms have too small key space to prevent exhaust attacks. Based on a novel compound chaotic system, an algorithm with expanded key space is proposed to aim at the problem. Firstly, an adaptive method is proposed to design switching controllers during creating a novel compound chaos. Secondly, the general Arnold transform is used to realize the pixel scrambling technology. Finally the novel fractional compound chaos is applied in pixel diffusion to improve security of the image encryption algorithm. In numerical simulation, classical color image, gray image, binary image and non-square image are encrypted sufficiently to identify the encryption algorithm. Both theoretical analysis and experimental results show that the algorithm has larger key space and is suitable for different types of digital images, and encryption image can resist some kinds of external attacks.
    Keywords: Image encryption; Compound chaos; Fractional order; Arnold transform; Key secret.

Special Issue on: Security and Privacy for Massive Cloud Data Storage

  • Novel Implementation of Defense Strategy of Relay Attack based on Cloud in RFID systems   Order a copy of this article
    by He Xu 
    Abstract: Radio Frequency Identification technology (RFID) is widely used in identity authentication and payment, and it also becomes an indispensable part of daily life. Cloud based RFID systems have broad application prospects, and can be provided as a service provided to individuals or organizations.For example, RFID cards can be used for cash-less payment, physical access control, temporary rights and identification in cloud environment. When an RFID card is used, there is a wireless transaction between the card and its reader, which could be attacked by several methods, including a relay attack. Relay attacks are difficult to completely prevent and a serious threat to RFID systems security. An attacker could use limited resources to build up this kind of attack and may need little knowledge of the underlying protocol. In recent years, researchers have proposed solutions using second channels to resist relay attack, such as using environmental measurements including noise, light and temperature. This paper describes research on the defense techniques for relay attacks in Cloud based RFID systems.The Cloud based Architecture for RFID systems typically consists of RFID tags, card readers (fixed or mobile) and Cloud-based server functionality.
    Keywords: relay attack; RFID systems; Internet of Things; NFC.
    DOI: 10.1504/IJICS.2019.10007915
     
  • A Study of the Internet Financial Interest Rate Risk Evaluation Index System in Cloud Computing   Order a copy of this article
    by Mu Shengdong, Tian Yi-xiang 
    Abstract: Cloud computing is a product of computer technologies combined with network technologies and it has been widely applied in China. Experts and scholars in all fields begin to make many studies of cloud computing infrastructure construction and effective resource utilization. With the improvement of cloud computing technology (especially security technology), Internet finance will be deployed widely and will develop rapidly. ITFIN (Internet finance) is the results of finance comprehensively combined with network technology. It is also a new ecological finance fermenting in this Internet era. ITFIN integrates online transaction data generated in various social network. It studies and judges the credit standing of customers and completes credit consumption, loan and other borrowing behavior by e-payment. With ITFIN, people can enjoy financial services in dealing with various problems. However, one person can play many identities in the network. This phenomenon posed a severe challenge to ITFIN network security and has largely intensified the risks, including the operational risk, market selection risk and network and information security risk. ITFIN resolves the risks by establishing a reliable, reasonable and effective risk assessment model. We conducted theoretical and empirical analysis, then constructed an assessment model against Chinas ITFIN risk. The model integrates rough set and PSO-SVM (particle swarm optimization support vector machine). Finally, the model was used to assessment the ITFIN risk in China. The empirical research results indicate that the model can effectively reduce redundant data information with rough set theory. The theory also guarantee a reliable, reasonable and scientific model, enhance the classification effect of the model. The parameters of SVM model obtained by optimizing with PSO can effectively avoid local optimum, improve the effect of the classification model. Overall, the model has good generalization ability and learning ability.
    Keywords: Cloud Computing ;ITFIN; Risk assessment; Rough set; PSO; SVM.

  • Reconfigurable design and implementation of nonlinear Boolean function for cloud computing security platform   Order a copy of this article
    by Su Yang 
    Abstract: Nonlinear Boolean function plays a pivotal role in the stream cipher algorithms and cloud computing security platforms. Based on the analysis of multiple algorithms, this paper proposes a hardware structure of reconfigurable nonlinear Boolean function. This structure can realize the number of variables and AND terms less than 80 arbitrary nonlinear Boolean function in stream cipher algorithms. The entire architecture is verified on the FPGA platform and synthesized under the 0.18m CMOS technology, the clock frequency reaches 248.7MHz, the result proves that the design is propitious to carry out the most nonlinear Boolean functions in stream ciphers which have been published, compared with other designs, the structure can achieve relatively high flexibility, and it has an obvious advantage in the area of circuits and processing speed.
    Keywords: nonlinear Boolean function; reconfigurable; cloud computing; security platform.

  • Network Optimization for Improving Security and Safety Level of Dangerous Goods Transportation Based on Cloud Computing   Order a copy of this article
    by Haixing Wang, Guiping Xiao, Zhen Wei 
    Abstract: Network Optimization for Improving Security and Safety Level of Dangerous Goods Transportation (NOISSLDGT) belongs to NP-Hard problems with strict constraints, and that makes it harder to solve. NOISSLDGT is an important part of dangerous goods logistics security monitoring system. Cloud storage is one of the core technology of the system, and it ensure the system security and stability based on data backup and disaster technology. In order to dealing with NOISSLDGT, an improved risk analysis which combining the features and factors in NOISSLDGT is devised. To achieve the purpose of balanncing the security and the cost for the rout, the improved risk model is designed. On the basis of former algorithm, a network optimization model to minimize the total cost is established considering the network capacity and the maximum risk limits. The elements and objectives of the flow distribution process have been analyzed in this dissertation, and a relevant optimization model has been put forward, which deals with the selection process as a multi-objective decision-making problem. The problem has been discussed with LINGO first. Furthermore, the cloud computing technology is introduced, and the task scheduling in cloud computing environment is analysed. Cloud Computing Security Architecture, including Physical Security, Web Services Security, Database Security and Platform Security is presented and it provided a safe Cloud Computing environment for NOISSLDGT. Based on cloud computing task scheduling, a detailed design of the simulated annealing algorithm (SAA) is presented. An example is analyzed to demonstrate that the improved algorithms are efficient and feasible in solving NOISSLDGT.
    Keywords: LINGO; Simulated annealing Algorithm (SAA); Improving Security and Safety Level of Dangerous Goods Transportation; Cloud Computing.

  • Proofs of Retrievability from Linearly Homomorphic Structure-Preserving Signatures   Order a copy of this article
    by Xiao Zhang, Shengli Liu, Shuai Han 
    Abstract: Proofs of Retrievability (PoR) enables clients to outsource huge amount of data to cloud servers, and provides an efficient audit protocol, which can be employed to check that all the data is being maintained properly and can be retrieved from the server. In this paper, we present a generic construction of PoR from Linearly Homomorphic Structure-Preserving Signature (LHSPS), which makes public verification possible. Authenticity and Retrievability of our PoR scheme are guaranteed by the unforgeability of LHSPS. We further extend our result to Dynamic PoR, which supports dynamic update of outsourced data. Our construction is free of complicated data structures like Merkle hash tree. With an instantiation of a recent LHSPS scheme proposed by Kiltz and Wee (EuroCrypt15), we derive a publicly verifiable (dynamic) PoR scheme. The security is based on standard assumptions and proved in the standard model.
    Keywords: Cloud Storage; Cloud Security; Data Outsourcing; Data Integrity; Proofs of Retrievability; Digital Signatures; Linearly Homomorphic Structure-Preserving Signature; Dynamic Update.

Special Issue on: ICCS 2016 Cyber Security, Privacy and Trust Issues in Communication Networks

  • Evaluation of Energy Efficient Wireless Sensor Network by Critical Path Method
    by Ramdayal Pankaj, Rashika Agarwal, Arun Kumar 
    Abstract: Wireless sensor network is defined as a network of devices denoted as nodes that can sense the environment and communicate the information gathered from the monitored field through wireless link. Now a day’s advanced technology of Wireless Sensor Networks used in many applications like health, environment, battle field etc. The sensor nodes equipped with limited power sources. Therefore, efficiently utilizing sensor nodes energy can maintain a prolonged network lifetime. Energy consumption in Wireless Sensor Networks is of paramount importance, which is demonstrated by the large number of algorithms, techniques, and protocols that have been developed to save energy, and thereby extend the lifetime of the network. rnThe proposed concept a typical tree-based aggregation scenario to define the interval during which a sensing device should enables its transceiver in order to collect the results from its children. Minimizing the length of enables to conserve energy that can be used to prolong the longevity of the network and hence the quality of results. The proposed graph is energy efficient in wireless sensor network by using Critical Path Method. In order to establish the superiority of proposed graph we calculated the early time and late time of each node. Our method is established as energy efficient of Sensor nodes in networks by the execution of the Critical Path Method (CPM)rn
    Keywords: Wireless Sensor Network (WSN), Data Aggregation, Binary tree, Critical Path Method (CPM)

Special Issue on: Cyber Security Issues and Solutions

  • Behavioral analysis approach for IDS based on attack pattern and risk assessment in cloud computing   Order a copy of this article
    by B.E.N. CHARHI Youssef, MANNANE Nada, REGRAGUI BOUBKER 
    Abstract: Cloud environments are becoming easy targets for intruders looking for possible vulnerabilities to exploit as many enterprise applications and data are moving into cloud platforms. The use of current generation of IDS have various limitations on their performance making them not effective for cloud computing security and could generate a huge number of false positive alarms. Analyzing intrusion based on attack patterns and risk assessment has demonstrated its efficiency in reducing the number of false alarms and optimizing the IDS performances. However, the use of the same value of likelihood makes the approach lacks of real risk value determination. This paper intended to present a new probabilistic and behavioral approach for likelihood determination to quantify attacks in cloud environment. With the main task to increase the efficiency of IDS and decrease the number of alarms. Experimental results show that our approach is superior to the state-of-the-art approaches for intrusion detection in cloud.
    Keywords: IDS; Cloud Computing; Attack patterns; Risk assessment; Likelihood; False alarms.

  • A Critical Insight into the Effectiveness of Research Methods Evolved to Secure IoT Ecosystem   Order a copy of this article
    by Burhan Ul Islam Khan, Rashidah F. Olanrewaju, Farhat Anwar, Roohie Naaz Mir, Athaur Rahman Najeeb 
    Abstract: Increasing proliferation of IoT has led to an evolution of various devices for realizing the smart features of ubiquitous applications. However, the inclusion of such a massive pool of devices with different computational capabilities, network protocols, hardware configurations, etc. also causes a higher number of security threats. Security professionals, organizations, and researchers are consistently investigating the security problems associated with IoT ecosystem and are coming up with different forms of solution sets. This paper presents a snapshot of the existing research work being carried out towards the security of IoT and assesses their strengths and weaknesses. The paper also explores the current research trend and presents the latest security methods being implemented and outlines the open research issues associated with it. The paper contributes to offering an accurate picture of the effectiveness of the existing security system in IoT.
    Keywords: Internet-of-Things; security; adversary; ransomware; cryptography; encryption.

Special Issue on: Multimedia Information Security Solutions on Social Networks

  • A Coupled Map Lattice based Image Encryption Approach using DNA and bi-objective Genetic Algorithm
    by Shelza Suri, Ritu Vijay 
    Abstract: The paper presents a Coupled Map Lattice (CML) and Deoxyribonucleic acid (DNA) based image encryption algorithm that uses Genetic Algorithm (GA) to get the optimized results. The algorithm uses the chaotic method CML and DNA to create an initial population of DNA masks in its first stage. The GA is applied in the second stage to obtain the best mask for encrypting the given plain image. The paper also discusses the use of two more chaotic functions i.e. Logistic Map (LM) and Transformed Logistic Map (TLM) with DNA-GA based hybrid combination. The paper evaluates and compares the performance of the proposed CML-DNA-GA algorithm with LM-DNA-GA, TLM-DNA-GA hybrid approaches. The results show that the proposed approach performs better than the other two. It also discusses the impact of using a bi-objective GA optimization for image encryption and applies the same to the all three discussed techniques. The results show that bi-objective optimization of the proposed algorithm gives balanced results with respect to the selected fitness functions.
    Keywords: Image Encryption; DNA; Logistic map; CML; GA; without GA (WGA).

  • Nested Context-Aware Sanitization and Feature Injection in Clustered Templates of JavaScript Worms on the Cloud-Based OSN   Order a copy of this article
    by Shashank Gupta, Brij Gupta, Pooja Chaudhary 
    Abstract: This article presents an enhanced JavaScript feature-injection based framework that obstructs the execution of Cross-Site Scripting (XSS) worms from the virtual machines of cloud-based Online Social Network (OSN). It calculates the features of clustered-sanitized compressed templates of JavaScript attack vectors embedded in the HTTP response messages and inject them on the OSN server in the form of comment statements in such code. It further re-executes the feature calculation procedure of JavaScript code on the generation of HTTP response in online phase. Our framework detects the injection of XSS worms by comparing the values of these two injected feature sets. Any variation observed in such JavaScript feature set indicates the injection of XSS worms on the cloud-based OSN server. The injected worms will further undergo through the process of nested context-aware sanitization for its safe interpretation on the web browser. The prototype of our framework was developed in Java and installed in the virtual machines of cloud environment. The experimental evaluation of our framework was performed on the platform of OSN-based web applications deployed in the cloud platform. The performance analysis done (using F-Score and F-test) revealed that our framework detects the injection of malicious JavaScript code with low false negative rate and acceptable performance overhead. The novelty of our cloud-based framework lies in the fact that it optimizes the JavaScript feature calculation procedure by executing it on clustered templates of JavaScript attack payloads, unless its execution on redundant injected JavaScript code adopted by the existing state-of-art.
    Keywords: Cloud Security; Online Social Networking Security; XSS Worms; JavaScript Code Injection Attacks; Context-Aware Sanitization; JavaScript Feature Injection.

  • Fault Prediction for Distributed Computing Hadoop Clusters Using Real-Time Higher Order Differential Inputs to SVM : Zedacross   Order a copy of this article
    by Pooja Jain, Joey Pinto, Tapan Kumar 
    Abstract: Hadoop distributed computing clusters are used worldwide for high-performance computations. Often various hardware and software faults occur, leading to both data and computation time losses. This paper proposes the usage of a fault prediction software called `Zedacross' which uses machine learning principles combined with cluster monitoring tools. Firstly, the paper suggests a model that uses the resource usage statistics of a normally functioning Hadoop cluster to create a machine learning model that can then be used to predict and detect faults in real time. Secondly, the paper explains the novel idea of using higher order differentials as inputs to SVM for highly accurate fault predictions. Predictions of system faults by observing system resource usage statistics in real-time with minimum delay will play a vital role in deciding the need for job rescheduling tasks or even dynamic up-scaling of the cluster. To demonstrate the effectiveness of the design a Java utility was built to perform cluster fault monitoring. The results obtained after running the system on various test cases demonstrate that the proposed method is accurate and effective.
    Keywords: Fault prediction; Ganglia; Hadoop; Higher order differential; SVM.

Special Issue on: Security and Privacy of Multimedia Big Data in the Internet of Things

  • Advanced security of two factor-authentication system using stego QR-Code
    by KOURAOGO Yacouba, ORHANOU Ghizlane, EL HAJJI Said 
    Abstract: Many financial institutions are trying to protect their customers by offering improved and more secure technologies for authentication. One of the most common is two-factor authentication (2FA), which presents many vulnerabilities that allow attackers to retrieve confidential information such as passwords and passcode i.e. OTP (One Time Password) and mTAN (Mobile Transaction Authentication). In addition, according to NIST (National Institute of Standards and Technology), 2FA based on SMS is deprecated and it asks to find a secure communication channel other than SMS. In this article, we propose a two-factor authentication communication channel based on steganography in the QR-Code. The purpose of this proposal is to better secure the mTAN of a 2FA system by using the steganography technique to hide it in the QR-code. In other words, when authenticating, the user sends the login and password to the server that returns a stego QR-Code containing the hidden mTAN in addition to public information. Thus, the mTAN can only be read by a specific scanner that implements the technique of extracting the hidden information while having the shared key and the public information in the QR-Code is readable by the standard scanners. Finally, we implement our proposed method and then do the test by simulating a line banking service.
    Keywords: Steganography, QR-Code, 2FA, mTAN, Mobile Security

  • An improved spatial-temporal correlation algorithm combined with compressed sensing and LEACH protocol in WSNs   Order a copy of this article
    by Xin Xie, Jianan Wang, Songlin Ge, Nan Jiang, Fengping Hu 
    Abstract: The energy of the sensor network nodes is limited, in order to save the energy consumption of the sensor nodes, a compressed sensing method based on the spatial-temporal correlation of nodes is proposed. The LEACH algorithm is used to cluster the network nodes and select the cluster head. Then, the cluster head node is sampled by the compressed sensing theory. The sampled data is passed to the remote sink node through multi-hop routing. Finally, at the sink node, the OMP algorithm can be used to recover the original signal from a small amount of data transmitted by the cluster head nodes. The simulation results show that the method can effectively reduce the amount of data transmission, and save the energy consumption of nodes and prolong the lifetime of the wireless sensor network.
    Keywords: WSNs; Compressed sensing; LEACH protocol; Spatial-temporal correlation.

  • An activity theory model for dynamic evolution of attack graph based on improved least square genetic algorithm   Order a copy of this article
    by Chundong Wang, Tong Zhao, Zheli Liu 
    Abstract: Most of the risk assessments of the attack graph are static and have a fixed assessment scenario, which limit the real-time nature of the situation assessment. This paper presents an activity theory model to analyze the contradictions in the attack behavior. In order to assess the maximum probability path of an attacker, and dynamically remain in control for the overall situation, a definition of attackers benefit (loss/gain) value calculated by contradictory vector is proposed. Loss/gain value is used as the objective function of the genetic algorithm to produce different optimal solutions in the presence of different evidence. Dynamic evolution is based on evidence. Evidence exposes the attacker's actual exploit path in a fuzzy scene. Taking into account the constraints of the attacker budget, an improved genetic algorithm is proposed in this paper. The benefit of each path will vary with the coming evidence and the attacker's budget. The budget is applied as an unbiased amount in the least square genetic algorithm, optimizes the fitness function of the genetic algorithm. It turns constrained optimization problem into unconstrained optimization problem, makes the fitting curve more accurate by the principle of structural risk minimization. Experimental results reveal that the improved least square genetic algorithm with unbiased estimator effectuate higher gains owing to the high fit degree of fitness function. The changes in the different paths with different attackers budgets help to select the optimal attacker's budget in the experiment. The generation of the maximum probability paths for an attacker is obtained by the improved genetic algorithm. With the coming evidence, the evidence-based Bayesian is used in maximum probability attack paths to get a more accurate risk assessment of the situation, and shows the dynamic evolution of attack graphs.
    Keywords: Activity Theory ; risk assessment; genetic algorithm; attack graph.

  • Data Protection and Provenance in Cloud of Things Environment: Research Challenges   Order a copy of this article
    by Chundong Wang, Lei Yang, Hao Guo, Fujin Wan 
    Abstract: Internet of Things are increasingly being deployed over the cloud (also referred to as Cloud of Things) to provide a broader range of services. However, there are serious challenges of CoT in the data protection and security provenance. This paper proposes a data privacy protection and provenance model (DDPM)based on CoT. It can protect the privacy data of the users and trace the source of leaked data. In detail, security encryption and watermarking algorithms are proposed. Meanwhile, we use the improved k-anonymity data masking algorithm and pseudo-row watermarking algorithm in this scheme. Those algorithms can carry out security control over the whole process of data publishing, especially in data encryption, data masking and provenance verification. Finally, the experimental results show that our scheme has good efficiency. It is proved that the data masking time is proportional to the parameters k and L, the results also show good robustness to the common database watermarking attacks.
    Keywords: Data protection; Security provenance Data masking; Data Sharing; Pseudo-row watermarking.

Special Issue on: Advanced Security Mechanisms for Future Internet

  • A NOVEL GAAC OPTIMIZATION ALGORITHM FOR MULTIMODAL FUSION SCORE DECISION MAKING IN SECURED BIOMETRIC SYSTEMS
    by Vinothkanna Rajendran, Sivakannan Subramani, Prabakaran Narayanaswamy 
    Abstract: Increased use of biometric systems on a global scale almost for all services have seen an increasing trend in research trying to improve the quality of authentication and containment of features extracted. A multimodal biometric system based on fusion score decision making has been proposed in this paper using a hybrid evolutionary framework. Genetic and ant colony optimization (GAAC) algorithm has been presented and implemented on features of three biometric traits namely iris, fingerprint and finger vein to obtain a decision on the authenticity of the claiming individual. Features have been extracted using a frequency domain ridgelet transform as they are better able to approximate the fine component of ridges present on the fingerprint. The proposed hybrid technique is experimented on images from CASIA image database and efficiency metrics such as classification accuracy, positive find and negative find have been computed. The computational time has also been observed to be quite satisfactory due to fast converging nature of the hybrid combination.
    Keywords: Multimodal biometrics, fusion score, evolutionary algorithms, genetic algorithm, ant colony optimization, classification, ridgelet transform

  • MITIGATE BLACK HOLE ATTACK USING BEE OPTIMIZED WEIGHTED TRUST WITH AODV IN MANET
    by Keerthika V, Malarvizhi N 
    Abstract: Mobile ad hoc network (MANET) is a decentralized network that can be used without any fixed setup or infrastructure and offers unlimited opportunities in all fields. Both the advantage and disadvantage of this mediums is the wide transmission range of the network that exceeds the area where the network is deployed, giving great opportunities for intruders to hack the network thus making it an unsafe mode of transmission. The conventional approaches for security attacks require high memory and high power consumption and so they cannot be used to tackle the security attacks for ad hoc routing. In this work, trust is used for addressing the maliciousness in the network. In this paper, the proposition is to reduce black hole attack in MANET using Artificial Bee Colony Optimization for finding optimal secure routes. Proposed method outperforms the performance metrics like Packet Delivery Ratio (PDR) and number of hops to sink. Also performs as normal effect for end-to-end delay
    Keywords: MANET, Blackhole attack, Trust, Artificial Bee Colony(ABC)

Special Issue on: Cyber Attacks in Cloud Computing Security, Privacy, and Forensics Issues

  • MONCrypt: A Technique to Ensure the Confidentiality of Outsourced Data in Cloud Storage   Order a copy of this article
    by Manikandasaran S S, Arockiam L, Sheba Kezia Malarchelvi P.D 
    Abstract: Data management is a monotonous task for Small and Medium Scale Enterprises (SMEs). Cloud storage provides enormous virtual storage space to store the cloud users data. Data outsourcing helps the SMEs to reduce headache to manage the data in their premises. Many SMEs are attracted to outsource their data to the cloud. Once the data are outsourced, they are kept by the third party cloud storage providers and it should be controlled and monitored by them. The users dont have the rights to control and monitor their own data in the cloud storage. This causes the data security issue of outsourced data in cloud storage. If anything wrong happens on the data, the users suspect the cloud storage providers. Ensuring the confidentiality of outsourced data plays a vital role in the cloud security. To ensure the confidentiality of outsourced data, this paper proposes a technique called MONcrypt. MONcrypt is based on obfuscation technique. Obfuscation is a process of masking the original text into irrelevant text without using any key unlike encryption. MONcrypt uses key for de-obfuscation. This novel obfuscation technique is used to ensure the confidentiality of outsourced data in cloud storage. The paper compares the proposed technique with existing technique like Base32, Base64, Hexadecimal Encoding, DES, 3DES and Blowfish. The proposed technique shows better performance and security compared with the existing techniques.
    Keywords: Data Outsourcing; Confidentiality; Cloud Storage; Obfuscation; Security;.