International Journal of Information and Computer Security (67 papers in press)
Secure Zero-Effort Two-Factor Authentication Based on Time-Frequency Audio Analysis
by Mingyue Wang, Shen Yan, Wei Wang, Jiwu Jing
Abstract: Two-factor authentication (2FA) protects users online account even if his/her password is leaked. Conventional 2FA systems require extra interaction like typing a verification code, which might not be very user-friendly. To improve user experience, recent researchers aim at zero-effort 2FA, in which a smart phone placed close to a client computer (browser) automatically assists with the authentication. In this paper, we propose SoundAuth, a secure zero-effort 2FA mechanism based on (two kinds of) ambient audio signals. We consider the comparison of the surrounding sounds and certain unpredictable near-ultrasounds as a classification problem and employ machine learning techniques for analysis. To evaluate the usability and security of SoundAuth, we study the effects of the recording duration and distance between two devices. Experiments show SoundAuth outperforms existent schemes for specific simulation attacks.
Keywords: zero-effort two-factor authentication; 2FA; audio signals; ambient sound; near-ultrasound; challenge-response protocol; co-presence detection; machine learning technique; time synchronization.
Revocable Key Aggregate Searchable Encryption with User Privacy and Anonymity
by Mukti Padhya, Devesh Jinwala
Abstract: The Key Aggregate Searchable Encryption (KASE) schemes serve the advantages of both, searching over the encrypted dataset and delegating search rights using a constant size key, opening up many possible applications that require both these features. In particular, searchable group data sharing in the cloud is a prime example. However, when the existing KASE schemes are deployed in real-time applications, it is highly required to manage users' access control. Specifically, in a delegation system, if the shared documents are modified or if the delegated rights for the shared documents need to be revoked, the revocation of delegated rights must be supported by the system for managing the users' authorities. Furthermore, as the KASE schemes allow fine-grained delegation of search rights over a selected dataset using an aggregate key, the revocation should be at a fine-grained level. Therefore, in this paper we propose two solutions for the fine-grained revocation of delegated rights considering two different scenarios. First, we present a basic scheme that supports fine-grained revocation of the delegated rights on document level, instead of coarse-grained all-or-nothing access. The user is not allowed to search the document by the old trapdoor computed from the old secret key if his search privileges are revoked on that document. Under a multi-user setting, we propose an advance scheme that can make the fine-grained revocation of the delegated rights on the user level. In the proposed solutions, the re-encryption of ciphertexts is not required to make the revocation of the delegated rights. Additionally, the revocation in the proposed approaches does not affect the non-revoked users, as they do not require updating their corresponding delegated keys. The proposed approaches also preserve users' privacy and anonymity. We present the schemes' correctness proof, formal security analysis as well as performance analysis, which confirm that they are provably secure and practically efficient.
Keywords: Revocation; User Privacy; Annonyity; Searchable encryption; Data sharing; Data retrieval; Cloud server.
On a secured channel selection in Cognitive Radio Networks
by Asma Amraoui
Abstract: Cognitive radio is a technology that improves the use of the radio spectrum by allowing opportunistic exploitation of the wireless spectrum. In this paper, we are interested in securing the cognitive radio network against the PUE (Primary User Emulation) attack. Firstly, our work is concerned with securing the cognitive radio network, by proposing two methods: Secure CR and Optimal CR using a Multi Criteria Decision Making (MCDM) algorithm to choose the best offer and another algorithm which is Blowfish for the authentication. Secondly, we proposed a method using machine learning. After a comparative study, we found that the Secure CR algorithm is more efficient in response time, secured but it does not give the best offer. On the other hand, the Optimal CR algorithm is less efficient than the first, optimal and gives a better result.
Keywords: cognitive radio; multicriteria decision making; machine learning; security; PUE attack.
A Feature Selection Method based on Neighborhood Rough Set and Genetic Algorithm for Intrusion Detection
by Min Ren, Zhihao Wang, Peiying Zhao
Abstract: This paper put forward a feature selection algorithm based on neighborhood rough set and genetic algorithm. Firstly, neighborhood rough set model, expanding the equivalence relation of discrete space to that of continuous space, was improved from two aspects. One was that class average distance of decision attributes was defined to automatically calculate the parameter neighborhood according to the characteristic of the data set. The other was that attribute significance of neighborhood rough set was improved, considering both the impact on decision of a single attribute and the dependency between an attribute and others. Then, genetic algorithm was used to select optimal feature subset based on improved attribute significance. Finally, in order to verify the feasibility, experiments were done on KDD CUP 99, and the results showed that the feature subset selected by the proposed algorithm ensured FCM getting higher accuracy.
Keywords: Rough Set; Neighborhood Relation; Genetic Algorithm; Feature Selection; Attribute Reduction.
Research on intrusion detection method based on SMOTE and DBN-LSSVM
by Gang Ke, Ruey-Shun Chen, Yeh-Cheng Chen
Abstract: Aiming at the problems of low accuracy and high false alarm rate when traditional machine learning algorithm processes massive and complex intrusion detection data, this paper proposes a network intrusion detection method (dbn-smote-lssvm) which combines deep belief network (DBN), synthetic minority oversampling technique(SMOTE) and least square support vector machine (LSSVM). In this algorithm, intrusion detection data is input to the DBN for depth feature extraction, and then a small number of samples are added through smote algorithm. Finally, lssvm is used for classification. Through the effective evaluation of dbn-smote-lssvm model by NSL-KDD data set, the experimental results show that dbn-smote-lssvm algorithm has the advantages of high accuracy and low false alarm rate compared with other algorithms, and improves the detection rate of small sample attacks.
Keywords: deep belief network; least square support vector machine; SMOTE; intrusion detection; nsl-kdd data set;.
A N-Party Authenticated Group Key Distribution protocol using quantum-reflection Architecture
by Hongfeng Zhu, Zhiqin Du, Liwei Wang, Yuanle Zhang
Abstract: Password-based group key agreement protocol (PGKA) can be widely used in situations where multiple participants participate and the participants have high requirements for communication security. For example, the security of communication between many people in social software, privacy protection between teams and so on. In this paper, quantum reflection security protocol is studied and an n-party authenticated group key distribution protocol (N-AGKDP) based on semi-quantum reflection architecture is proposed. The N-AGKDP is a protocol that can implement identity authentication between participants and quickly distribute group keys. In this protocol, a trusted third party (server) selects the session key and sends the quantum sequence containing the session key through the quantum channel to the first participant entering the session in chronological order. The first session participant used the shared base with the server to receive information and put the quantum information he did not need into the delay line device. After the quantum sequence is fully received, the quantum sequence in the delay line device is sent to the next participant. Repeat the above operation until all participants get the session key. The protocol has a general structure for implementing the n-party PGKA program .In addition, we give an example of n=3 so that readers can better understand our agreement. Compared with the traditional password-based group key protocol, our new protocol can resist the attack of quantum computers and is more secure.
Keywords: Semi-quantum protocol; Group key; Authentication; N-party; Quantum-reflection.
Obfuscated Code is Identifiable by a Token Based Code Clone Detection Technique
by Junaid Akram, Danish Vasan, Ping Luo
Abstract: Recently developers use obfuscation techniques to make their code difficult to understand or analyze, especially malware developers. In Android applications, if the application is obfuscated, it is hard to retrieve the exact
source code after applying reverse engineering techniques on it. In this paper, we propose an approach which is based on clone detection technique and it can detect obfuscated code in Android applications very efficiently. We perform two experiments on different types of datasets including obfuscated and non-obfuscated applications source code. We successfully detected the obfuscated code of two types, including identifier-renaming and string-encryption with a high accuracy of 95%. A comparative study with other state-of-the-art tools prove the
efficiency of our proposed approach. Experimental results show that our approach is reliable, efficient and can be implemented at a large-scale level.
Keywords: Obfuscation handling; Code clones; Software security; Malware detection; Android applications; Code reuse.
Safety monitoring of machinery equipment and fault diagnosis method based on support vector machine and improved evidence theory
by Xingtong Zhu
Abstract: Safe and reliable operation of machinery is the primary requirement of enterprise production and the basis for realising the economic benefits. Some of the fault diagnosis methods use evidence theory to determine the fault type by collecting the vibration signals. However, in a complex operating environment, the evidence of vibration signal is high-conflict, so it is difficult to obtain the correct fault type. In order to solve this problem, an improved evidence theory based fault diagnosis method is proposed. First, vibration sensors are used to monitor operating conditions of mechanical equipment and collect vibration signals, and then the dimensionless indicators of these vibration signals are calculated to build the feature dataset. Next, the support vector machine (SVM) is applied to the preliminary fault diagnosis, and the probability of various fault types obtained by the SVM primary fault diagnosis is used as the basic probability assignment (BPA) of evidence. Finally, the improved evidence combination rule based on the Tanimoto coefficient and information entropy is used to fuse the evidence, thus forming the final diagnosis result. The experiments show that the proposed method is effective, achieving the fault diagnosis accuracy of 93.33%.
Keywords: Safety monitoring; fault diagnosis; support vector machine; D-S evidence theory; Tanimoto coefficient; information entropy.
Reinforcement learning based Cooperative Sensing in Cognitive Radio Networks for Primary User Detection
by K. Venkata Vara Prasad, Trinatha Rao
Abstract: Cognitive Radio Networks achieve a better utilization of spectrum through spectrum sharing. Due to interference, power levels and hidden terminal problem, it becomes challenging to detect the presence of primary users accurately and without this spectrum sharing cannot be optimized. Thus detection of primary users has become an important research problem in cognitive radio network. Existing solutions have low accuracy when effect of multipath fading and shadowing are considered. Reinforcement based learning solutions are able to learn the environment dynamically and able to achieve higher accuracy in detection of primary users. However the computational complexity and latency is higher in the previous solutions on application of reinforcement learning to spectrum sensing. In this work,Reinforcementlearningmodel is proposedto detect the presence of primary user.This approach has higher accuracy due to reliance on multi objective functions and reduced computational complexity.
Keywords: Reinforcement learning; Machine Learning; cooperative spectrum sensing; Intelligent Systems.
Searching the Space of Tower Field Implementations of the F(2^8) Inverter - with Applications to AES, Camellia, and SM4
by Zihao Wei, Siwei Sun, Lei Hu, Man Wei, René Peralta
Abstract: The tower field implementation of the F(2^8) inverter is not only the key technique for compact implementations of the S-boxes of several internationally standardized block ciphers such as AES, Camellia, and SM4, but also the underlying structure many side-channel attack resistant AES implementations rely on. In this work, we conduct an exhaustive study of the tower field representations of the F(2^8) inverter with normal bases by applying several state-of-the-art combinatorial logic minimization techniques. As a result, we achieve improved implementations of the AES, Camellia and SM4 S-boxes in terms of area footprint. Surprisingly, we are still able to improve the currently known most compact implementation of the AES S-box from CHES 2018 by 5.5 GE, beating the record again. For Camellia and SM4, the improvements are even more significant. The Verilog codes of our implementations of the AES, Camellia and SM4 S-boxes are openly available.
Keywords: Tower field; Inverter; S-box; AES; Camellia; SM4.
Emerging DNA Cryptography based Encryption Schemes: A Review
by Pratyusa Mukherjee, Chittaranjan Pradhan, Rabindra Kumar Barik, Harishchandra Dubey
Abstract: Security has been the fundamental apprehension during information transmission and storage. Communication network is inordinately susceptible to intrusion from unpredictable adversaries thus threatening the confidentiality, integrity and authenticity of data. This is where cryptography facilitates us and encodes the original message into an incomprehensible and unintelligible form. DNA cryptography is the latest propitious field in cryptography that has transpired with the advancement of DNA computing. The immense parallelism, unrivalled energy efficiency and exceptional information density of DNA molecules is being traversed for cryptographic purpose. Currently, it is in the preliminary stage and necessitates avid scrutinization. The foremost hindrance in the field of DNA cryptography is computational complexity and lack of sophisticated laboratories. In this paper, we discuss the existing DNA cryptographic approaches and compare their achievements and limitations to provide a better perception. In the end, a modified version of the DNA cryptography combined with soft computing is also suggested.
Keywords: Security; DNA Cryptography; DNA Computing; Bio-inspired Cryptography; Encryption.
Acquiring or Accessing Control Technologies for Big Data Management System: Application and Future Prospective
by Jiying Wu, JEAN-JACQUES DOMINIQUE BERAUD
Abstract: Since Roger Mougalas of O'Relly media coined the word "big data" in 2005, it has been of great interest and has become an area of in-depth research. While most studies have focused on big data in many research areas, the security and confidentiality of data depend on the size, variety, and speed of big data, as well as the lack of reference data models and data manipulation language application associated with them. In this study, we focus on one of the important functions of data security, namely access control to information, diversity of data, management practices and the definition of Data Security Services, namely Access Control, highlighting the differences with traditional Data Management Systems and highlighting some requirements that any large Data Access solution can answer by defining the state of the art and tackle the problems in public. We collected data on some of the best research databases in various research databases. The results showed that Google Scholar has the largest collection of big data. Also, content issues, integration of ideas, key methods, target groups, and big data security, and variable management were integrated into a detailed architectural structure. Finally, critical criticism has been taken into account and the results will add a variety of ways to help researchers interested in learning more about big data management and security by providing new ideas and perspectives for big data access control and management in the future.
Keywords: Big Data; Access control; Data Management System; Security.
Hierarchical Data Partition Defense against Co-resident Attacks
by Junfeng Tian, Zilong Wang, Zhen Li
Abstract: Co-resident attacks are one of the most dangerous types of attack in the cloud environment, posing a great threat to data security and survivability for users. The existing data partition-based and data backup solutions provide users with higher storage overhead while improving the data security and survivability for users. A hierarchical data partitioning scheme is proposed that enables the multilevel partitioning of the data and makes the data have a certain order, which improves the security of user data while facilitating data management. At the same time, through the encrypted data backup, under the premise of improving the survivability of the users data, the users storage overhead is reduced. Finally, experiments prove that the proposed scheme improves the data security and survivability and reduces the users storage overhead.
Keywords: Cloud computing; Co-resident attack; Hierarchical data partition; Encrypted backup; Data theft; Data corruption.
Attack Resistant Chaos-based Cryptosystem by Modified Baker Map and Logistic Map
by Debanjan Chatterjee, Barnali Gupta Banik, Abhinandan Banik
Abstract: In recent years, information security has become a crucial aspect of data storage and communication. A large portion of digital data transfer takes place in the form of images such as social media images, satellite images, medical imaging; hence there is a requirement for fast and secure image encryption techniques. Conventional encryption schemes such as DES, AES, prove ineffective due to specific intrinsic properties of images. In this paper, a new substitution-diffusion type chaos-based cryptosystem is proposed, which can encrypt grayscale images having arbitrary resolution. In the substitution stage, image pixels are permuted using a modified form of the discretized 2-D Baker map. Substitution is followed by a two-step diffusion approach that employs a chaotic logistic map. The proposed cryptosystem is resistant to brute force attacks (measured by key-space and key-sensitivity analysis), statistical attacks (tested by Histogram and Chi-Square test) and differential attacks (measured against NPCR, UACI, and Hamming Distance); The proposed method has also been tested for Encryption Quality, Correlation Analysis, Entropy Analysis, and Performance Analysis by measuring Encryption Speed as well as Time Complexity. Therefore, it is sufficiently secured to be used in real-world applications. To prove the unparalleled outcome of the proposed system, four sets of comparisons have been presented with respect to NPCR & UACI, Encryption throughput, and, lastly, with similar & non-similar existing cryptosystems.
Keywords: Data Security; Encryption; Image Communication; Chaos; Sensitivity Analysis; Statistical Analysis;.
A Comprehensive Study of Watermarking Schemes for 3-D Polygon Mesh Objects
by Hitendra Garg
Abstract: Three-Dimensional (3-D) objects have been used in machine design, architecture design, entertainment, cultural heritage, medical field, etc during the last two decades. Increasing trends of 3-D objects attract the researcher, academician, and industry persons for various processing operations on 3-D objects. Extensive growth in specific areas requires Intellectual Property Rights protection and authentication problems. The proposed survey paper provides a comprehensive study of various watermarking solution for 3-D Polygon Mesh Objects (3-D PMO). This comprehensive survey includes an introduction, strength, and limitations to the relevant state of the art. The proposed study write down various problems encountered and their respective solution suggested in various state of art. The robustness of various algorithms is also studied against various attacks applied to watermarked models. At last, future scope and new directions for the robustness and optimization of watermarks on various parameters are suggested.
Keywords: 3-D Object; Polygon Mesh; Robust watermarking; fragile watermarking; attacks; Spatial Domain;Transform frequency Domain.
Cryptanalysis and Improvement of an Authentication Scheme for IoT
by Rahul Kumar, Mridul K. Gupta, Saru Kumari
Abstract: With the interference of various types of embedded devices, sensors and gadgets in day-to-day life, the buzzword Internet of Things (IoT) has become very popular. In the context of the IoT environment, proper device authentication is important. Recently, Wang et al. introduced an authentication protocol for secure communication between the embedded device and the cloud server over IoT networks. They insisted that their protocol is secure from various attacks in the open network. However, we show that Wang et al.'s protocol is not secure against impersonation attack, replay attack and it does not provide devices anonymity. To conquer these problems, we design an improvement of Wang et al.s protocol. We show that our protocol is secure against various attacks; specifically it is free from the attacks pointed out in Wang et al.s protocol. Through performance evaluation of our proposed protocol with the existing related protocols, we show that the proposed protocol is suitable for the IoT environment.
Keywords: Internet of Things; Impersonation attack; Device’s anonymity; ECC; Embedded device.
Game theory approach for analyzing attack graphs
by Khedoudja BOUAFIA, Lamia HAMZA
Abstract: Many real problems involve the simultaneous security of computer networks and systems
as it penetrates all areas of our daily lives. The purpose of attack graph analysis is to be able to protect
computer systems and networks against attacks related to them. In this paper, we have proposed a new
approach to analyzing attack graphs based on game theory in order to reduce network vulnerabilities.
This approach consists of turning a computer security problem into a two-player game and extracting
the best strategies for each of the both of them. The purpose of this work is to help administrator to
take a good decision to better secure network by using game theory methods.
Keywords: Computer security; Network; Vulnerability; Game Theory; Strategies; Attack graph.
Volatile Memory Forensics of Privacy Aware Browsers
by Nilay Mistry, Krupa Gajjar, S.O. Junare
Abstract: Internet Privacy has become a notable concern in todays world. Aside from the common usage of web browsers, users are using such browsers which can protect their privacy using anonymity. Such growing concerns regarding privacy over the Internet have led to the development of privacy-enhanced web browsers whose main aim is to provide better privacy to its users by not storing any information on users personal computers,and at the same time also keeps the users anonymous while browsing. Some users have found an alternative use of these web browsers somewhat illegal in nature. This research encompasses the acquisition and analysis of such kind of Privacy Browsers and compares its outcomes with that of the Portable Web Browsers and Private Modes of Commonly-used Web Browsers to establish the claim of these Privacy Browsers of keeping providing a higher level of privacy
Keywords: Privacy Browser; Portable Browser; Memory Forensics; RAM Analysis; Digital Forensics; Cyber Crime.
A Novel Traceback Model for DDoS Attacks Using Modified Floyd-Warshall Algorithm
by Mohamed Zaki, Sherif Emara, Sayed Abdelhady
Abstract: Distributed denial of service, DDoS, attacks are drastically increasing, therefore, they cause serious threats for information networks. One of the most dangerous aspects of such attacks is phishing i.e. the ability of masking the attacker IP address. Thus, it is extremely difficult to traceback DDoS attackers. However, there are different reasonable methods that are capable of tracing them back. These methods include packet marking, logging, combination of both marking and logging and entropy variation techniques. This paper proposes, for the first time, the use of a graph theoretic approach to exploit the entropy techniques for detecting and tracing back DDoS attackers. It presents a novel approach to traceback DDoS Attacks using modified Floyd-Warshall Algorithm, TDA/MFWA. Such model starts by feeding the network adjacency matrix in which the link weights are changed to comply with the network traffic entropy, accordingly the reachability from node to node can be examined. Then we borrowed the idea of enumerating all the intermediate points between every pair of
network nodes from Floyd-Warshall algorithm and modified it to find out the victim node(s).
The fact that entropy at network nodes is systematically accounted using a modified Floyd-Warshall algorithm contributes to the smartness and dependability of TDA/MFWA. This fact is confirmed by a large set of experiments that emphasized not only the effectiveness of the model but also its superiority with respect to other DoS/DDoS traceback algorithms.
Keywords: Packet logging; Packet marking; Entropy variation; Modified Floyd-Warshall Algorithm; Traceback; DoS/DDoS attack.
Data Privacy with Heuristic Anonymization
by Sevgi Arca, Rattikorn Hewett
Abstract: Data are abundant. This makes data privacy more vulnerable than ever as attackers can infer confidential data from different query sources. Anonymization ad-dresses the issue of data privacy by making sure that each set of "critical" data values belongs to more than one individual so that the identity of the individual can be protected. Techniques for anonymization have been studied extensively but most have been designed to address each specific goal as opposed to providing an integrated system solution for computation, optimality, and data usage. This paper articulates and compares various aspects of privacy objectives for data anonymization. Most importantly, the paper also presents HeuristicMin, a new anonymization approach that applies generalizations along with optimal Artificial intelligence search to securing privacy by satisfying user-specified anonymity requirements while maximizing information preservation. By exploiting monotonicity property of generalization and using simple heuristics with appropriate generalization grain size (to prune and narrow down the search space), HeuristicMin is both effective for practice and theoretically grounded. We illustrate and provide analytical and empirical comparisons of our approach with other representatives including those designed for optimal generalization and classification. We differentiate the meanings of optimality. Furthermore, experimental results show that in addition to achieving the optimal generalized data to satisfy anonymity requirements, HeuristicMin can sustain the data quality for classification relatively well even though its intent is to keep the generalized data as close as possible to the original.
Keywords: privacy; anonymization; data generalization; bottom-up generalization.
Collaborative Filtering based Recommendations against Shilling Attacks with Particle Swarm Optimizer and Entropy Based Mean Clustering
by Anjani Kumar Verma, Veer Sain Dixit
Abstract: Recommender System (RS) in the present web
environment is required to gain the knowledge of the users and
their commitments such as like and dislike about any items
available on the e-commerce sites. Movie recommendations are
one of such type in which shilling attack is increasing day by day,
this will destroy or abruptly disturb the meaning of the data when
recommended to others. Also, the hazards of shilling attacks
degrade the performance of web recommendations. Hence, to
address this issue the paper, Collaborative Filtering (CF) based
hybrid model is proposed for movie recommendations. The
Entropy-Based Mean (EBM) clustering technique is used to filter
out the different clusters out of which the top-N profile
recommendations have been taken and then applied with Particle
Swarm Optimization (PSO) technique to get the more optimized
recommendations. This research is focused is on getting secure
recommendations from different recommender systems.
Keywords: Collaborative Filtering; Entropy Based Mean;
Particle Swarm Optimizer; Recommender System; Shilling
DIP-QGA: A Secure and Robust Watermarking Technique Based-on Direct Image Projection and Quantum Genetic Algorithm.
by Djalila Belkebir
Abstract: This paper presents three novel methods for hiding and extracting a watermark. The strategy of the first method is to project pixels into a new image. The key is a combination of the rotation and distance related to the viewer. The new pixel positions resulted from the direct image projection (DIP) are then used to hide the secret message. The aim of the second method relies on improving the security of a message against image manipulations (i.e., histogram analysis and RS steganalysis) where a combination between DIP and genetic algorithm (DIP-GA) is done. After that, we highlight the main challenges and issues that occur from the use of GA. Due to that, we propose the main contribution in our paper which is the use of quantum genetic algorithm (QGA) in the DIP method (DIP-QGA). QGA is based on the concepts and principles of quantum computing, such as quantum bits, quantum gates, and superposition of states. We evaluate our proposals performance on the USC-SIPI dataset As a result, an improvement in PNSR and MSE is obtained (90.15% and 94.34% respectively).
Keywords: direct image projection; DIP; steganography; watermarking; quantum computing; genetic algorithms.
Push and Nuke Attacks Detection using DNN-HHO Algorithm
by Veer Sain Dixit, Akanksha Bansal Chopra
Abstract: Collaborative recommender systems are widely used as a tool to offer recommendation for a product to its users. These systems produce recommendations to its users using information based on user-item ratings. However, these systems are highly vulnerable to biased ratings injected by malicious users. These biased ratings lead to attacks, namely, push attacks and nuke attacks that degrade the performance of collaborative recommender systems. To handle this problem, the paper proposes a novel model to improve the detection of attack profiles in collaborative recommender systems by using a hybrid approach. The proposed algorithm is then compared with baseline algorithms. The study also evaluates and compares various measure metrics for both proposed and traditional algorithms.
Keywords: push attack; nuke attack; DNN-HHO.
User Anonymity based Secure Authentication Protocol for Telemedical Server Systems
by Sunil Gupta, Pradeep Arya, Hitesh Kumar Sharma
Abstract: Telemedical server system enables a user to support the monitoring of health at home and access the medical facility over the network. Recently, many schemes have been proposed for providing security in the medical server system. Recently in year 2017, Limbasiya and Shivam proposed a scheme for medical applications using two-factor key verification. They claimed that the protocol provides security against all types of known active and passive attacks. In this paper we show that the Limbasiya and Shivam scheme suffers from user anonymity, replay and impersonation attack. The Limbasiya and Shivam scheme fails to provide low power consumption in terms of cryptographic computational operation and over head to the server. We propose a secure user anonymity-based authentication protocol to remove the weakness of formerly protocols. Our scheme is more effective in terms of mutual authentication and low power consumption. The performance analysis of our protocol shows less cryptographic computational cost and the server overload. The proposed protocol is tested and analysed using AVISPA security verification to confirm the secure and authentic protocol for telemedical server system.
Keywords: authentication; telemedical server; AVISPA; efficiency; smart card.
Malware Detection Approach Based on Deep Convolutional Neural Networks
by Hoda EL MERABET, Abderrahmane HAJRAOUI
Abstract: Malware detection field becomes more valuable nowadays regarding the continuously growing number of malware codes emerging every day. Besides, machine learning techniques have been widely used in various fields. For the purpose of employing machine learning in malware detection, an executable file should be represented by its features. Therefore, a dataset of labelled benign and malicious files is considered. Then, the developers extract the appropriate features to their model from each file. These features are displayed as inputs to a machine learning classifier. In previous researches, multiple features and classifiers were adopted in different combinations for a better classification. In this paper, we have been interested to PE header fields features, and a deep convolutional neural network for classification. We extracted the bytes of the PE header fields values and fed them to our model as greyscale images. Our model is constituted of 31 consecutive convolutional layers. The model was trained on the train dataset, and finally tested on the test dataset. The results were impressive reaching a test accuracy of 97.85%.
Keywords: Convolutional neural networks; residual networks; deep learning; PE features; machine learning; malware detection.
Distributed integrity and non-repudiation scheme in the dynamic vehicular cloud environment
by Nayana Hegde, Sunilkumar Manvi
Abstract: Data storage is one of the major applications of vehicular cloud computing (VCC) where the data is shared concurrently among many vehicles participating in vehicular communications. Integrity and non-repudiation are some of the important security challenges encountered during the provisioning of data storage services. This paper proposes an integrity and non-repudiation verification scheme in dynamic vehicular cloud storage environment. Vehicle authentication is performed by employing Boneh-Lynn-Shacham (BLS) short signature mechanism. The cryptographic hash function and bitwise exclusive-OR (XOR) operation provide data integrity checking of messages which are uploaded from the vehicle to the cloud. RSU acts as a trusted verifier for data transactions. We evaluated the efficiency of the proposed scheme against standard attacks such as replay attack and tampering attack. Extensive simulations are carried out and the results are compared to ID-based cryptographic schemes. The scheme proposed achieved better in terms of computation overhead, average throughput and communication overhead.
Keywords: security; non-repudiation; integrity; vehicular cloud; trusted verifier; road side unit; RSU.
FPGA Implementation of AES Encryptor based on Rolled and Masked Approach
by Monika Mathur, Nidhi Goel
Abstract: The present work proposes a modified 8-bit AES architecture that performs AES core operations in a single round wherein data is iterated ten times instead of having ten different rounds leading to substantial decrease in area and power consumption. To enhance the security of AES encryption, boolean masking has been employed for all AES operations, rounds and intermediate data. Modified architecture for AddRoundKey and ByteSubstitution operation has been proposed that employs high order masking. Also, an enhanced key expansion algorithm is proposed that makes AES less vulnerable to saturation attacks and differential power analysis (DPA) attacks. Implementation of the proposed architecture has been done using Vivado Design Suite on Virtex-7 FPGA. Result analysis depicts that, during the performance explore strategy, 179.73 MHz maximum frequency with a throughput of 143.78 Mbps has been achieved whereas, the proposed architecture utilises 757 slices, 962 LUTs and 0.313 watt power using area explore strategy.
Keywords: advanced encryption standard; AES; field-programmable gate array; FPGA; Boolean masking; enhanced key expansion algorithm; DPA attack; rolled architecture.
SecureAuthKey: Design and Evaluation of a Lightweight Key Agreement technique for Smart Home Applications
by Sandip Thite, J. NaveenKumar
Abstract: Cyber physical systems (CPS) is a ubiquitous concept where objects are connected to the internet and equipped with an ability to sense physical medium and transmit data through network. In recent years, smart home applications have gained popularity due to their various benefits like time-saving, low cost, optimised electricity use. The main component of the CPS is a low-capacity sensor node. Due to resource limitations like low storage space and limited processing power, the well-known security mechanisms used in desktop devices fail to run on these systems. For secure smart home systems, this research paper proposes a lightweight key agreement and authentication mechanism. It protects against various cyberattacks. It also provides communication security, privacy protection for end-users, and a low-cost system for sustainable production. The system's proof-of-concept prototype has been implemented, demonstrating the system's feasibility. The real-world experiments show the system's effectiveness and efficiency in various scenarios.
Keywords: cyber physical system; CPS; content restriction; web security; content delivery networks; CDN; cryptographic hash.
RFID tag-based Mutual Authentication protocol with improved Security for TMIS
by Bhanu Chander, Kumaravelan Gopalakrishnan
Abstract: With the progressive and continuous development in micro-electro-mechanical technologies, intelligent internet of things, and the propagation of 5G communication technology, the security of resource-controlled IoT appliances like RFID-based TMIS applications has received predominant attention. Typically, wireless communication channel utilised among tag, reader and back-end server, which is easily vulnerable to various intimidations such as spoofing, DoS, replay, and de-synchronisation. Therefore, the privacy and integrity of the communicated information cannot be guaranteed. Researchers proposed various symmetric and asymmetric encryptions, hash functions, key management, CRC, and ECC-based techniques for solving privacy and integrity issues of RFID authentication for TMIS systems. In related work, we discussed up-to-date RFID-based authentication for TMIS systems. However, most do not solve formal, informal attacks; moreover, they suffer from communication and computational complexities. Thus, this manuscript describes an enhanced mutual authentication practice for RFID components with hash and random functions. We further demonstrate that the proposed scheme offers all the desired security requirements by verifying AVISPA, Scyther, and GNY logic.
Keywords: radio frequency identification; RFID tag; telecare medicine information system; TMIS; authentication; security analysis; Scyther and AVISPA tools; GNY logic precision.
CloudSec (3FA): A Multifactor with Dynamic Click Colour Based Dynamic Authentication for Securing Cloud Environment
by A. Saravanan, Sathya Bama S
Abstract: Availability, scalability, and security are the main concerns in a cloud environment and so it undergoes various challenges in the availability and security of sensitive and critical data stored in it. Multifactor authentication is one solution that offers layered defence in order to perform verification and validation of the users credentials that makes it difficult for an adversary to access the data stored in the cloud. This paper addresses the security issues in the cloud environment by suggesting a multifactor authentication model that utilises three significant factors such as static authentication, click colour based dynamic authentication and behavioural biometrics specifically keystroke with cryptographic encryption and hashing technique. Based on the experimental results, it is clear that the proposed method verifies and validates the authorised users thereby eliminating the adversaries with more than 96% of accuracy. Also, the model decreases the false positive and error rate to an extent of 3%.
Keywords: cloud computing; multifactor authentication; click colour authentication; behavioural biometrics; layered defence; cryptographic two-fish encryption; bcrypt hash algorithm.
Design of automatic monitoring system for network information security in cloud computing environment
by Jing NIU
Abstract: Aiming at the problems of incomplete monitoring, slow response speed and low accuracy of the existing network information security automatic monitoring system, the paper designs an automatic network information security monitoring system in a cloud computing environment. Based on the overall system architecture, the design of information collection, information transmission and information security early warning modules has realised the acquisition of network information changes, the transmission and integration of network information, and the risk warning of network abnormalities. Using relative protection entropy as the theoretical basis, the network information security threshold under the cloud computing environment is further set, and the automatic monitoring of network information security is realised by judging the threshold risk coefficient. Experimental results show that the system has a high comprehensive monitoring capability, the response speed is within 0.5s, and the accuracy of information monitoring is as high as 99%.
Keywords: cloud computing; network information; monitoring system; information collection; response speed.
Comprehensive Review on Distributed Denial-of-Service (DDoS) Attacks in Wireless Sensor Networks
by Shalini Subrmani, Selvi M
Abstract: Distributed denial of service (DDoS) is the most popular disruptive type of attack in wireless sensor networks (WSNs) and it is extremely harmful for the functioning of the network, since it is generating a huge amount of traffic through flooding of the spam packets into the target system. The malicious nodes present in the network prevent the legitimate users from the access to the network through flooding. Hence, it is necessary to handle this issue. Intrusion detection systems (IDSs) are used to monitor all incoming packets and they can compare the traffic patterns to detect the anomalous network activity. In this paper, a survey of works on DDoS attacks launched by the malicious users and the detection of such attacks using IDS are discussed. Moreover, this survey focuses on the IDSs developed using classification techniques since they have been used for detecting and preventing the DDoS attacks more efficiently.
Keywords: DoS attacks; distributed denial of service; DDoS attacks; intrusion detection systems; IDSs; artificial intelligence and machine learning approaches; wireless sensor networks; WSNs.
Two-Level Machine Learning Driven Intrusion Detection Model for IoT Environments
by Yuvraj Singh Malhi, Virendra Singh Shekhawat
Abstract: As a consequence of the growing number of cyber-attacks on IoT devices, the need for defences like intrusion detection systems (IDSs) has significantly risen. But current IDS implementations for IoT are complex to design, difficult to incorporate, platform-specific, and limited by IoT devices resource constraints. This paper proposes a deployment-ready network IDS for IoT that overcomes the shortcomings of the existing IDS solutions and can detect 22 types of attacks. The proposed IDS provides the flexibility to work in multiple modes as per IoT device computing power, made possible via development of three machine learning-based IDS modules. The intrusion detection task has been divided at two levels: at edge devices (using two light modules based on neural network and decision tree) and at centralised controller (using a random forest and XGBoost combination). To ensure the best working tandem of developed modules, different IDS deployment strategies are also given.
Keywords: deep learning; machine learning; intrusion detection system; IDS; random forest; network security; internet of things; IoT; denial-of-service.
A Stable Cryptographic Key Generation from Fingerprint Biometrics Using Gray Code for Secure Data Storage
by Suresh Kaliyannan, Rajarshi Pal, S.R. Balasundaram
Abstract: Cryptographic techniques play a major role in digital information security. In cryptography, securing/storing the cryptographic key is an arduous task. The proposed stable cryptographic key generation directly from fingerprint biometrics overcomes this security concern. It eradicates the need of storing a cryptographic key. Rather, the key can be generated from a fingerprint biometrics on a need basis. In this work, a novel Gray code-based method is introduced to generate a stable cryptographic key from fingerprint. Usage of Gray code representation significantly reduces the number of mismatch bits between the generated bit strings from the two instances of the same fingerprint. Hence, Reed-Solomon error correction code is able to successfully correct the errors which may occur due to variations in captured images of the same fingerprint. This generated bit string is used in a symmetric key setup for secure data storage.
Keywords: cryptographic key; key generation; bio-cryptosystems; fingerprint; biometrics; secure storage; reed-solomon code; Gray code.
You Are Safe When You Tell the Truth: A Blockchain-based Privacy-preserving Evidence Collection and Distribution System for Digital Forensics
by Junjie Xiong, Biyi Lin
Abstract: With the development of information technology, digital evidence has played a crucial role in the court trial. However, digital evidence incurs serious security threats and privacy issues in the process of collection, storage and distribution, and the real scenarios also raise the requirements of openness and transparency in evidence-related operation. To satisfy the above requirements, some existing research works provide transparency, immutability, and public auditability of evidence-related operations. However, they do not give a specific cryptographic schemes, or do not cover the whole evidence management process, or suffer from heavy computational overhead. To address the above issues, in this paper we proposed a blockchain-based and privacy-preserving evidence collection and distribution system that covers the whole evidence management process for digital forensics. This scheme uses certificateless signature and attribute-based encryption schemes to attain the security and privacy-preserving evidence collection and distribution, and provides flexible keyword search and access policy update over the ciphertext. We conducted rigorously security proof and the security analysis. The comparison and experimental results show that the proposed system is practical and efficient in the blockchain-based digital forensics scenario, and is superior to relevant works in performance.
Keywords: digital forensics; blockchain; data sharing; attribute-based encryption; ABE; privacy-preserving.
Lightweight Authentication Scheme based on Modified EAP Security for CoAP Protocol based IoMT Applications
by Pritam Salankar, Vinay Avasthi, Ashutosh Pasricha
Abstract: The medical data generated from the patients that are communicated and stored on servers are highly sensitive, and also the IoMT network creates open spaces for an adversary. The proposed work designs a lightweight authentication scheme to support the extensible authentication protocol (EAP) called lightweight EAP (L-EAP). The proposed L-EAP modifies the EAP model and dynamically changes the security service as per healthcare application requirements. The L-EAP selectively applies the data encryption and integrity without frequent re-handshaking with the server using one-bit epoch field in the EAP message header. The L-EAP performs such a key generation process as a part of the authentication phase and enlarges the lifetime of the IoMT network. The advanced encryption standard (AES) is improved for providing data confidentiality in L-EAP. The L-EAP improves the confusion property of cipher text in AES and applies shift row and XOR operations to all the words.
Keywords: internet of medical things; IoMT; lightweight mutual authentication; improved AES-based encryption; modified EAP; dynamic service change.
An Efficient Two-level Image Encryption System using Chaotic Maps
by K. Abhimanyu Kumar Patro, Bibhudendra Acharya
Abstract: This paper proposes an image securing technique that aims to provide two-level security on two images in terms of encryption at the same time. In this technique, both bit and pixel-level encryptions are carried out, first, the pixel-level-shuffling is performed using the piece-wise linear chaotic map (PWLCM) and then the diffusion in bit-level is performed using the key-image. The bit-level diffusion using chaos not just to confuse the pixels, but is also diffuses them intensely. In addition, the bit and pixel-level processes improve that algorithms security. Additionally, the parallel bit-plane diffusion process reduces the methods computational complexity. This technique uses one type of one-dimensional chaotic map in both permutation and diffusion, thereby increasing the algorithms hardware and software efficiency. The results of the security analysis and simulation show that the suggested method is more effective in encoding and improves the security of the encrypted images.
Keywords: security; dual-image encryption; chaos; hash algorithm; permutation; diffusion.
An Approach for Secure Data Transmission in Smart grids
by Jagdish Pandey, Mala Kalra
Abstract: Smart grids (SG) require data compression and encryption algorithms to communicate large amount of data in the secure way. However, existing algorithms are not appropriate for smart grid as they consume huge memory and take significant amount of execution time. Consequently, we explored other algorithms and choose the neighbourhood indexing sequence algorithm (NIS) for data compression and the PICO algorithm for cryptography. Further, PICO algorithm is enhanced in two ways. Firstly, random bits are generated and added to the plaintext to increase the block size that improves the security of the algorithm. The random bits are generated by hybrid of cuckoo search and genetic algorithm. Secondly, software optimisation algorithms namely loop unrolling and binary search algorithms are used to reduce execution time. The experimental results demonstrate the better performance of proposed algorithm EPICO over PICO in terms of memory consumption, execution time, correlation coefficient and avalanche effect.
Keywords: smart grid security; binary search; cryptography; loop unrolling; neighbourhood indexing sequence algorithm; NIS; PICO algorithm.
Robust Message Authentication in the context of Quantum Key Distribution
by Dillibabu Shanmugam, JOTHI RANGASAMY
Abstract: Universal hashing-based message authentication code (MAC) is used as the de facto method to achieve information-theoretically secure authentication in quantum key distribution. We present a critical look at the most widely used type, namely Wegman-Carter MAC based on polynomial hashing and analyse its robustness against physical attacks exploiting side information. In particular, we mount a classical DPA attack on the hash part of the Wegman-Carter MAC which leads to a possible intercept-and-resend attack on the BB84-like QKD protocols. We illustrate this case with polynomial-evaluation MACs as their variants are used in commercial QKD systems. We show that our attack methodology is much simpler compared to that of Belaid et al. at ASIACRYPT 2014. Finally, we present an algebraic countermeasure so that the resulting MAC is not susceptible to the identified attack.
Keywords: universal hashing; polynomial-evaluation MACs; information leakage; quantum key distribution.
Generation of 8
by Vikas Tiwari, Ajeet S., Appala Naidu Tentu, Ashutosh Saxena
Abstract: Substitution boxes (S-boxes) have a very important role in the recent developments of block ciphers as it provides the nonlinearity for the ciphers. To resist different kinds of attacks, S-boxes must be constructed very cautiously. There are some schemes which are known to design S-boxes, interestingly these are based on evolutionary heuristics. In this paper, we have proposed a new approach for the construction of 8
Keywords: substitution-box; nonlinearity; strict avalanche criterion; differential approximation; linear approximation.
Multiple backup method of financial encrypted data on Internet of things platform
by Suhong Bi
Abstract: In order to overcome the problems of data access time-consuming and poor security existing in the traditional multiple backup method of financial encrypted data, a new multiple backup methods of financial encrypted data is proposed under the platform of internet of things. On the platform of internet of things, the internet of things access processing of financial encrypted data is completed by calculating the expected value of successful access request and access delay of financial encrypted data. The shared nearest neighbour method is used to cluster the financial encrypted data. Finally, based on the theory of genetic algorithm, the optimal multiple backup solutions are iteratively calculated to complete the multiple backup of financial encrypted data. The experimental results show that compared with the traditional multiple backup methods, the proposed method has shorter access time and higher security, with the highest security factor of 0.99.
Keywords: internet of things platform; financial encrypted data; multiple backup.
Performance Driven Hyperledger-Fabric Based Blockchain Framework for Mass e-Voting in India
by Amith K. K, SANJAY H. A, Ajay Venkat, Harshitha K, Eshwar D, K. Aditya Shastry
Abstract: The Indian voting infrastructure of today currently has a high cost per voter and low voter turnout. Several other countries have tried to tackle these issues by providing a way for voters to vote online, and the most promising and trustworthy solutions come in the form of blockchain-backed voting. But most current blockchain voting systems do not provide a verifiable secret ballot and use computationally expensive Byzantine fault tolerant proof of work algorithms that are often slow at appending new transactions/votes. To address the issues, we propose a performance driven Hyperledger Fabric-based voting framework that can sustain over 200 votes/sec with a reasonable end user latency. This effort introduces a multitude of solutions to the current age dilemma of voting, both offline and online with unique features including cost effective deployments, instantaneous vote counting, cast as intended verifiability and an observable and auditable architecture.
Keywords: blockchain; hyperledger; consensus; e-voting; proof of work; deterministic consensus; India.
BYOD security issues and controls framework: An outcome of a systematic literature review
by Thembekile Mayayise
Abstract: Various organisations and individuals consider the bring your own device (BYOD) practice as a flexible method for remote working. However, as cybercrime continues to surge under the current teleworking climate, organisations are compelled to strengthen their existing security posture. The aim of this study was to uncover the BYOD security issues and appropriate controls through a systematic literature review (SLR) of peer-reviewed journal articles from 2010
Keywords: bring your own device; BYOD; information security; mobile devices; IT consumerisation; cybersecurity; security controls; systematic literature reviews; theories.
A Cyberstalking-Free Global Network with Artificial Intelligence Approach
by NURENI AYOFE AZEEZ, Odejinmi Oluwatobi Samuel
Abstract: Cyber harassment is a cybercrime that has posed a great danger to social media users. This work aims at comparing the traditional classifiers and deep learning in detecting cyber harassment. Seven machine learning algorithms
Keywords: cyber-harassment; deep-learning; cybercrime; machine-learning; algorithms; metrics; ensemble.
Auto-Encoder based Technique for Effective Detection of Frauds in Social Networks
by Jamuna Rani, Vagdevi S
Abstract: Detection of these spam accounts has recently attracted significant attraction in the literature. Most of the spam-account detection techniques presented in the literature employ supervised learning models to achieve their goal. These models require sufficient size of spam-account samples in their training set to be trained effectively. However, obtaining such large sample sizes is a significant challenge. In many real-world scenarios, the number of such available samples is extremely limited. Due to this limitation in the training set, the spam-account detection techniques can exhibit extremely poor detection accuracy. Hence, in this paper, an effective supervised learning model-based spam-account detection technique is presented, which utilises only limited size of spam-account samples in its training set, and to achieve this desired goal, the dimension of the feature vectors in the training set is reduced through the aid of auto-encoders. Further, the spam-accounts are detected based on their corresponding hazard rates. The hazard rates are generated through recurrent neural network. An empirical analysis study is presented, in which, the proposed spam-account detection technique is compared against the contemporary technique. In this study, the proposed technique exhibits relatively superior performance in-terms of classification accuracy.
Keywords: social networks; survival analysis model; fraud detection.
Secure Proof of Ownership for Deduplicated Cloud Storage System
by J.A.Y. DAVE, MEGHNA BHATT, DEEP PANCHOLI
Abstract: Deduplication is a popular data reduction technique that minimises storage and communication costs. However, in a deduplicated system, an adversary can obtain access to the entire file on the server by showing just hash of file. A standard solution is that the server sends a file-based challenge to verify the clients file-ownership. Unfortunately, in the state-of-the-art schemes, adversary can correctly respond to the challenge with knowledge of the hash of file-blocks, where 'Hash(blocks)'
Keywords: deduplication; proof of ownership; ownership authenticity; cloud storage security.
Correlation Power Analysis Attack on Software Implementation of TRIVIUM Stream Cipher
by Rangana De Silva, Iranga Navaratna, Malitha Kumarasiri, CHUAH CHAI WEN, Janaka Alawatugoda
Abstract: Power analysis attacks are a category of attacks against cryptographic implementations. In this case, the power consumption of a cryptosystem is analysed to extract its secret values such as secret keys and key streams. This has become a huge threat to modern day cryptosystems. Therefore, identifying cryptographic implementations which are vulnerable to power analysis attacks is very important. Many studies have been carried out on power analysis attacks on block cipher implementations, but relatively less number of studies have been carried out on power analysis attacks on stream cipher implementations. This paper presents a power analysis attack on a software implementation of TRIVIUM stream cipher. In order to analyse the power consumption, correlation power analysis (CPA) is done, and the keystream is successfully recovered.
Keywords: side-channel attacks; correlation power analysis attacks; stream ciphers; TRIVIUM.
A Comprehensive Survey on Fuzzy based Intelligent Intrusion Detection System for Internet of Things
by Nandhini U, Santhosh Kumar SVN
Abstract: Internet of things (IoT) is rapidly expanding, and it is having a greater impact on daily life. The internet of things is widely applied in a wide range of industries, from small to large. IoT-based is a collection of distributed smart devices with software that is capable of detecting data from a sensing domain, collaborate, and transmit the sensed data to a sink via internet as a backbone using multi-hop communication. Due to its resource constrained nature and also since the communication between the devices takes place via an open channel, providing security and monitoring the behaviour of the devices is a major challenge. It attracts cybercriminals attention, who have made IoT an easy target for malicious attacks. In the literature, various IoT-based intrusion detection systems (IDSs) have been proposed to address the security challenges of the IoT network. In this paper, a survey on fuzzy-based IDSs is carried out for highlighting their contribution and limitations with reference to intrusion detection accuracy, false positive rate and overall network performance. Moreover, this survey provides a detail analysis on fuzzy-based intrusion detection systems which aims in analysing intrusion detection accuracy and minimising false data rate to show the way for the future direction.
Keywords: intrusion detection system; IDS; internet of things; IoT; security; malicious attacks; soft computing.
Unified Identity Authentication Scheme of System Wide Information Management Based on SAML-PKI-LDAP
by Lizhe Zhang, Zhuoning Bai, Zhijun Wu, Kenian Wang
Abstract: System wide information management (SWIM) is a platform to share and exchange information on the new air traffic management (ATM) services between different departments and systems in the civil aviation field. Through the connection of SWIM and various application services, a virtual information pool is formed to solve the interconnection issues of different systems. To ensure data security in the system and quick authentication of legitimate users, we propose a unified identity authentication scheme for SWIM. This scheme improves the security assertion markup language (SAML) cross-domain authentication model and integrates it with the public key infrastructure (PKI) authentication system and lightweight directory access protocol (LDAP). Experimental results show that this scheme realises the functions of user management, identity authentication, and cross-domain access, which can meet requirements of the SWIM gateway.
Keywords: system wide information management; SWIM; security assertion markup language; SAML; identity authentication; digital certificate; directory access protocol.
Blockchain Based EHR Storage and Access Control System
by Sunil Gupta, Akansha Bhansiya, Mansi Saini, Amuleek Sidhu
Abstract: Medical records of patients are stored digitally as electronic health record (EHR) for maintaining large data and easy accessibility from anywhere. Medical data is highly confidential and must not be tampered because it affects the treatment given to patient and if the data is tampered, it may lead to wrong medication. There are some technical challenges and vulnerabilities to storage and access of EHRs in cloud databases. Major challenges include ensuring confidentiality, privacy and integrity while sharing medical records with other users/doctors. Patient does not have complete ownership over their medical records. Even if access control is applied there are chances of data leak if an adversary gets access to the database in which EHRs are stored. Other than this a proper history of EHR access and update should be maintained and patients permission should be required while editing his/her records to ensure that data is not edited by an unauthorised person or by an adversary. In this paper we will discuss some approaches to overcome the above-mentioned challenges and ensure complete control of owner over their medical records.
Keywords: electronic health record; EHR; access control; blockchain.
The Hybrid Framework of Ensemble Technique in Machine Learning for Phishing Detection
by Akanksha Mahajan, Pradnya Navale, Vaishnavi Patil, Vijay Khadse, Parikshit Mahalle
Abstract: The benefit of online systems has been availed by users and cybercrimes alike. Phishing has become a popular cybercrime. Phishing is a significant criminal activity for financial gains. Studies about different machine learning algorithms are a perpetual journey to detect malicious data. There are lots of algorithms proposed for detecting a phishing website. The selection of the best solution for the problem is not an easy task in a phishing domain. In this study, the focus is on experimental study of ensemble learning methods, feature reduction techniques and hybrid approach. In machine learning, for improvement in performance ensemble learning plays a crucial role. In this study, we do a comparative analysis of bagging, boosting and stacking ensemble learning models and propose a new hybrid model in the phishing domain.
Keywords: machine learning; phishing; hybrid ensemble models; ensemble techniques; feature reduction techniques; principal component analysis; PCA; linear discriminant analysis; LDA; isometric mapping.
Ciphertext-Policy Attribute-Based Delay Encryption
by Lijiao Chen, Kewei Lv
Abstract: Timed-release CP-ABE can provide fine-grained and timed-release access control while ensuring data confidentiality. Existing schemes usually rely on a trusted third-party called time server. This paper proposes a novel timed-release CP-ABE scheme named ciphertext-policy attribute-based delay encryption (CP-ABDE), which does not require a time server. Specifically, we formalise the notion of CP-ABDE and its system model and security model. Furthermore, we provide a formal construction that is secure under the decisional bilinear Diffie-Hellman assumption and repeated squaring assumption. Finally, performance analysis shows that the scheme performs well while achieving timed-release access control.
Keywords: ciphertext-policy attribute-based encryption; CP-ABE; time-lock puzzle; TLP; access control; timed-release; delay.
Implementation of a Secret Sharing based Masking Scheme against Side-channel attack for Ultra-lightweight Ciphers in IoT
by Swapnil Sutar, Vikas Tiwari, Ajeet Singh
Abstract: IoT applications consist of a group of small physical devices with sensing capabilities, working collaboratively to provide a specific functionality. Collaboration is realised by sending data from one or more devices in a network to another device or group of devices. Data stored or processed across an IoT ecosystem is likely to contain sensitive information, requiring strong confidentiality. Cryptographic algorithmic modules embedded on these physical devices are particularly vulnerable to side channel analysis. The most common countermeasure for block cipher implementations is masking, which basically randomises the variables to be protected by combining them with numerous random values. In this paper, masked implementation of lightweight block ciphers PRESENT and BORON is demonstrated. In the framework, secret sharing-based masking procedure is adapted as an alternative to Boolean masking. We then conduct a security analysis and empirical observations of our framework. To prove the novelty and practical adaptability of the proposed framework, implementation and obtained results are also presented in the paper.
Keywords: masked nonlinear transformation; lightweight block cipher; PRESENT; BORON; randomised propagation; countermeasures; secret sharing.
Artificial Neural Network based Intrusion Detection System using Multi-objective Genetic Algorithm
by Narottam Patel, B.M. Mehtre, Rajeev Wankar
Abstract: With recent advances in cyber-attacks, traditional rule-based intrusion detection systems are not adequate to meet the present-day challenge. Recently machine learning-based intrusion detection system (IDS) has been proposed to detect such advanced/unknown cyber-attacks. The performance of such machine learning-based IDS largely depends upon the feature set used. Generally, using more features increases the accuracy of attack detection and increases detection time. This paper proposes a new network intrusion detection system based on an artificial neural network (ANN), which uses a multi-objective genetic algorithm to satisfy the requirements: accuracy of attack detection and faster response. The performance of the proposed method is tested by using the KDD
Keywords: intrusion detection system; IDS; advanced persistent threat; KDD99; NSL-KDD; CIC-IDS-2017; feature selection; artificial neural network; ANN; multi-objective genetic algorithm.
Blockchain Based Image Encryption with Spiral Mapping and Hashing Techniques in Dual Level Security Scheme
by Chithra PL, Aparna R.
Abstract: As the technology is growing, the value of data is tremendously increasing. Different ways of security threats and hacking techniques are initiated by intruders to obtain the secret data. Image dataset holds huge information. Hence, its crucial to safeguard the secret image data. In this paper, a blockchain-based strong encryption method combined with stegano to withstand security breaching is proposed. 2D Image data segments are scrambled by random permutation and spiral mapped to obtain the cipher blocks. Each cipher blocks are chained by SHA-512 hash and embedded in covering audio signal to enhance protection. LSB encoding is adapted to maximise the correlation coefficient. Standard datasets for secret image and covering audio signal are used and the PSNR, SSIM, Correlation values are compared with existing methods to prove the efficacy of the proposed method. The ideology of applying blockchain technique in cryptography upholds the novelty of our work. Dual level security scheme (DLSS) strengthens the overall performance by sending the cipher blocks embedded within audio signals.
Keywords: blockchain; hash matrix; encryption; spiral mapping; dual level security scheme; DLSS; cipherblocks.
A Shallow based Neural Network Model for Fake News Detection in Social Networks
by S.P. Ramya, Eswari Rajagopal
Abstract: The convenience of connecting through the internet and eagerness to spread any news through online social media is very intriguing as it can be done rapidly and with very little effort. This permits the very quick spread of fake news globally and misleads the people against democracy and freedom. The content of fake news very closely resembles true news. So, technically, it is tough for a deep neural network to
Keywords: attention mechanism; deep learning; optimisation; natural language processing; NLP; convolution neural networks; CNN.
Development of Adaptive Adaboost Classifier with Optimal Feature Selection for Enhanced Intrusion Detection in IoT
by Mantripragada Yaswanth Bhanu Murthy, Thonduri Vineela, Godavarthi Amar Tej, Movva Vasantha Lakshmi
Abstract: The fundamental intention of this paper is to model IDS in IoT platforms using an adaptive AdaBoost classifier. In the data collection phase, the intrusion dataset of IoT is collected from the standard benchmark sources. Further, data cleaning is performed, which is to identify and remove errors and duplicate data. The subsequent phase after data cleaning is optimal feature selection, in which the relevant features by eradicating the redundant information are extracted to minimise the classifier complexity. The main contribution of the proposed model is the development of an adaptive AdaBoost classifier, where the tuning of the number of estimators is done by the novel hybrid active electrolocation-based group search optimisation (AE-GSO). From the results, the accuracy of the AE-GSO-AdaBoost is 0.93%, 1.89%, 0.83%, and 1.25% advanced than AdaBoost, RNN, DBN, and DNN, respectively. Based on the comparative study of state-of-the-art works, the numerical outcomes describe the promising part of the suggested techniques, offering comparable detection accuracy to the traditional methods between the accuracy and other performance metrics.
Keywords: enhanced intrusion detection; internet of things; IoT; adaptive AdaBoost classifier; optimal feature selection; active electrolocation-based group search optimisation; AE-GSO.
Outsourcing decryption of KP-ABE using elliptic curve cryptography
by Dilip Kumar, Manoj Kumar
Abstract: Internet of things (IoT) has changed our lives greatly and impacted almost everything in the digital world. Devices used in IoT are connected with each other through the internet for communication. These devices are vulnerable to various interceptions and suffer from resource limitations. Key policy attribute-based encryption (KP-ABE) is a modern cryptographic scheme that provides security and access control mechanism in an IoT environment. Therefore, an outsourcing scheme is proposed to outsource decryption of KP-ABE to reduce decryption overhead for resource-constrained devices (RCDs). In our scheme, computational complexity is reduced by using elliptic curve cryptography (ECC) and a linear secret sharing (LSS) scheme is utilised to represent the access policy. The security of our scheme is given under the replayable chosen-ciphertext attacks (RCCAs) model. The implementation shows that our proposed scheme reduces the complexity of decryption and computational time as compared to other schemes.
Keywords: internet of things; IoT; key policy attribute-based encryption; KP-ABE; elliptic curve cryptography; ECC; point scalar multiplication; PSM; access structure; LSS scheme.
GENDroid - A Graph-Based Ensemble Classifier for Detecting Android Malware
by Shikha Badhani, Sunil Kumar Muttoo
Abstract: Recent years have witnessed a noticeable growth in the development of stealthy Android-based malware which has led to a pressing need for accurate malware detection systems. In this paper, we propose a graph-based ensemble classifier
Keywords: Android malware; graph-based; classifier; ensemble learning; code graphs; Jaccard distance.
Dynamic Group Signature Scheme Using Ideal Lattices
by Abhilash M. H, Amberker B. B
Abstract: Group signature scheme is a cryptographic primitive that allows its registered group members to generate signatures on behalf of the whole group without revealing their identity. Ling et al. (2018) proposed the first constant size group signature scheme using ideal lattices, where signatures size is independent of number of users N in the group. This is a partial dynamic scheme that supports only registration of new users. It doesnt allow revocation of group users. In this paper, we construct an ideal lattice based constant size dynamic group signature scheme that supports both revocation and registration. In addition, an efficient revocation technique based on time bound signing keys is proposed to reduces the verification cost. The security of the proposed scheme is proved in the random oracle model based on the hardness of Ring Short Integer Solution (RSIS) and Ring Learning With Errors (RLWE) assumptions.
Keywords: Group signature scheme; Lattice based cryptography; Ideal lattices; Dynamic group signature scheme; VLR; Time bound keys.
A Method of Speech Information Hiding in Inactive Frame Based on Pitch Modulation
by Zhijun Wu, Chenlei Zhang, Junjun Guo
Abstract: To solve the problem that the speech information hiding algorithm based on random position selection and matrix coding has insufficient hiding capacity, the paper proposes a novel pitch modulation steganography method based on inactive frame. In this method, the least significant bit (LSB) replacement method is adopted for inactive frames, and the speech information hiding algorithm based on random position selection and matrix coding is adopted for active frames, which realises the pitch modulation information hiding method based on inactive frames. Finally, simulation experiments are carried out for the pitch modulation information hiding method based on inactive frames. The results indicate that the maximum hiding capacity of the algorithm in this paper can reach 241.67 bps, which significantly improves the hiding capacity, and at the same time the concealment has also been improved to a certain extent.
Keywords: information hiding; random position selection; matrix encoding; pitch modulation; inactive frame.
JPBlock: Augmenting Security of Current Journal and Paper Publication Processes using Blockchain and Smart Contract
by Justice Odoom, Huang Xiaofang, Richlove S. Soglo
Abstract: Scholarly journals (SJ) play an indispensable role in the scrutiny and dissemination of research. However, the current SJ and academic paper publishing infrastructure is fragmented and dependent on centralized servers compelling researchers to hop from one journal platform to another for familiarity, account registration and subsequent usage. In this work, we advance a secure blockchain-based multi-tenant decentralized framework dubbed JPBlock to facilitate paper submission through to publication and discoverability. Leveraging fundamental attributes of blockchain, smart contract and decentralized storage technology, we advance novel capabilities including paper tracking, proof of authorship and voting on reputation of journals while enforcing core security principles on-chain and off-chain. Open access papers are made available on a global scale while non-open access papers are securely encrypted supporting the subscription-like model. Proof-of-concept implementation reveals that the framework is feasible and satisfies fundamental security requirements with journals and authors incurring overall costs of $46.66 and $25.61 respectively.
Keywords: Authors; Blockchain; Decentralized applications (DApps); Ethereum; Journals; Smart contract.
An Effective Ensemble Method for Missing Data Imputation
by Bikash Baruah, Manash Pratim Dutta, Dhruba K. Bhattacharyya
Abstract: The presence of missing data in a dataset plays a vital role in the design of classification, clustering, or regression methods. An efficient missing data imputation can enhance the overall performance of a machine learning method. This paper ensembles k-nearest neighbour imputation, local least square imputation, miss forest imputation, and k-means clustering imputation using the bagging approach to handle missing values over a wide range of datasets. The method has been tested with eight different datasets in terms of root mean square error, median absolute percentage error, mean absolute percentage error, and standard deviation. Experimental results show that our method gives a low error rate compared to its closed competitors.
Keywords: missing data imputation; ensemble method; k-nearest neighbour; KNN; local least square; LLC; miss forest; k-means clustering; KMC.
Tree Derived Feature Importance and Bayesian Optimization For Improved Multi-class classification of DDoS Attacks in Software Defined Networks
by Ancy Sherin Jose, Latha R. Nair, Varghese Paul
Abstract: Software defined networking (SDN) is an emerging networking paradigm which mitigates the inadequacies of traditional networks. The centralised controller in SDN allows for the global view of network as well as for controlling the network operations from a single point. Like the traditional networks, SDN is also prone to network vulnerabilities. Intrusion detection based on machine learning techniques is effectively used in traditional networks and have found promising results. The research in security of SDN is in its early stages and researchers from academia and industry are working for this cause. In this paper, machine learning-based intrusion detection is attempted for multi-class classification of distributed denial of service (DDoS) attacks in a software defined networking (SDN) environment. The feature importance derived from tree-based classifiers has been used for the feature selection to reduce the feature space which in turn reduces the time and space complexities. Hyperparameter tuning with TPE driven Bayesian optimisation (BO) has also been used for performance enhancement of the classifier. This multistage machine learning model achieves DDoS detection accuracy of 99.87%. The experimental evaluation is performed with SDN DDoS dataset and the results have been tabulated.
Keywords: software defined networking; SDN; DDoS attack detection; machine learning; ML; multi-class classification; Bayesian optimisation; feature importance.
Outlier Detection in WSN with SVDD via Multi-Interpolation Auto-encoder
by Bhanu Chander, Kumaravelan Gopalakrishnan
Abstract: Due to limited resources and harsh deployment environments, data outliers frequently rise in wireless sensor networks (WSNs). Hence, the collected data observations contain poor data quality and reliability. In recent years, research attempts have focused on utilising temporal and spatial correlation of the sensed data in WSNs but ignored the dependencies among the sensor nodes attributes, which reduce overall communication. Instead of transmitting every sensed data of a corresponding sensor node to the base station, this paper pursues a novel approach to incorporating a representation method using an auto-encoder to identify the redundant data in its transmission path through cluster head (CH). With this scenario, this paper also empirically assesses the integration of auto-encoders and SVDD to learn a condensed form of a low dimensional data point by interpolating the convex combination of the sensed data, which can semantically mix their characteristics in a distributed manner and identify the outlier respectively.
Keywords: wireless sensor network; WSN; anomaly detection; outlier; auto-encoder; support vector data description; Parzen neural networks.
Applying swarm intelligence and data mining approach in detecting online and digital theft
by Saba Malakpoor Bejandi, Mohammad Reza Taghva, P. Hanafizadeh
Abstract: Various methods have been proposed to deal with phishing attacks. Using machine learning along with data mining, such as MLP techniques, is one of these practical approaches to detect these attacks. To detect phishing attacks by the neural network with proper accuracy, it is necessary to feature selection, intelligently. In this research, the emperor penguin optimiser algorithm has been used to feature selection in detecting phishing attacks by a MLP. Experiments show that the error of the proposed method for detecting phishing is less than those of WOA, BOA, and SHO algorithms. The results show that the population increase in the proposed method reduces the value of the feature selection function and phishing detection error by about 69.57% and 24.56%, respectively. The RMSE error in detecting phishing attacks in the proposed method occurred to a lesser degree in comparison with MLP, DT, SVM, and BN. The accuracy, sensitivity, and precision of the proposed method in detecting phishing attacks are 98.12%, 97.92%, and 97.88%, respectively. The proposed method is more accurate in detecting phishing attacks than methods such as GA and PSO algorithms and is more accurate than BPNN, SVM, NB, C4.5, RF, and kNN.
Keywords: phishing; fake web pages; swarm intelligence; feature selection.
A Comparative Study of Deep Transfer Learning Models for Malware Classification using Image Datasets
by Ranjeet Kumar Ranjan, AMIT SINGH
Abstract: This paper proposes deep convolution neural network-based malware classification approach. The proposed work is a transfer learning approach, where we have developed multiple deep learning classification models. The classification models are built by adapting multiple pre-trained convolutional neural networks, namely; Xception, VGG19, InceptionResNetV2, MobileNet, InceptionV3, DenseNet, and ResNet50. In the current work, weights of pre-trained models are embellished by adding three fully connected (FC) layers. The proposed models have been evaluated on two different malware datasets, Microsoft and MalImg, consisting of malware images. The focus of this paper is to analyse the performance of fine-tuned CNN models for malware classification. The results of our experiments show that InceptionResNetV2 and Xception models have performed considerably well for the Microsoft dataset with accuracy equal to 96% and 95%, respectively. In the case of the MalImg dataset, InceptionResNetV2, InceptionV3, and Xception models have achieved excellent performance with an accuracy of up to 96%.
Keywords: cyber security; malware classification; deep learning; transfer learning; convolutional neural network; malware image dataset.