Forthcoming articles

International Journal of Security and Networks

International Journal of Security and Networks (IJSN)

These articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Register for our alerting service, which notifies you by email when new issues are published online.

Open AccessArticles marked with this Open Access icon are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.
We also offer which provide timely updates of tables of contents, newly published articles and calls for papers.

International Journal of Security and Networks (15 papers in press)

Regular Issues

  • Efficient Revocable CP-ABE for Big Data Access Control in Cloud Computing   Order a copy of this article
    by Praveen Kumar Premkamal, Syam Kumar Pasupuleti, P.J.A. Alphonse 
    Abstract: Due to huge volume of big data, cloud is a better choice to store big data. Since the cloud is not trustworthy, privacy and access control is a big concern. Ciphertext Policy Attribute Based Encryption (CP-ABE) is a promising technique to enable both privacy and access control in the cloud. However, directly applying CP-ABE scheme for big data in the cloud is a challenging task because of revocation. Existing CP-ABE with revocation schemes are lacking in efficiency. In this paper, we propose an efficient revocable CP-ABE (R-CP-ABE) scheme for big data access control in cloud using proxy based updates in which the proxy server performs the ciphertext and secret key updates instead of data owner and data user respectively during revocation. This outsourced updates during revocation reduces the communication and computation overhead of data owner and data users. In security analysis, we prove that our R-CP-ABE scheme is secure against chosen plain-text and user collusion attacks. In addition, we also show that our scheme achieves forward and backward secrecy. The performance analysis demonstrates that our method is efficient when comparing with existing schemes.
    Keywords: Cloud computing; Privacy; Access control; CP-ABE; Big data; User revocation; Attribute revocation.

  • Efficient and Secure Data Sharing with Outsourced Decryption and Efficient Revocation for Cloud Storage Systems   Order a copy of this article
    by Imad El Ghoubach, Rachid Ben Abbou, Fatiha Mrabti 
    Abstract: Data access control is one of the major issues in cloud storage systems, especially when having multiple co-existing authorities requiring a multi-authority access control scheme. Existing multi-authority systems were able to achieve the required level of security and fine-grained access control, but since the cloud services can be accessed using devices with various computation capabilities, it is highly required to have a scheme with efficient encryption and decryption operations. In this paper, we propose a scheme able to achieve the desired level of security and fine-grained access control while having an efficient revocation operation. Moreover, we were able to increase the efficiency of the decryption operation by outsourcing most of the computation to a proxy-server without compromising the confidentiality of the data. In addition, we propose the usage of parallel processing in order to increase the efficiency of the various operations to efficiently use the computational power in low-end devices and the proxy-server. The analysis and simulation results show that ESS-ODER is efficient and provably secure.
    Keywords: Access Control ; Encryption; CP-ABE ; Decryption Outsourcing ; Fine-grained Access Control; Attribute Revocation ; Multi-authority Cloud ; Forward Security; Backward Security;Parallel Computing;.

  • Techniques to Detect Data Leakage in Mobile Applications   Order a copy of this article
    by Thiago Rocha, Eduardo Souto, Khalil El-Khatib 
    Abstract: The popularity of mobile devices has skyrocketed over the past few years and has consequently given rise to various attacks in mobile platforms. The most serious among these threats is data leakage as most devices store sensitive information about their users, including location, bank information, to list a few. There has been a large number of data leakage detection proposals for mobile platforms, and a number of researches have looked at specific aspects of the mobile environment and used several techniques to provide protection. This survey provides an analysis of the data leakage problem, explains what it is, what kind of data it can expose, and the main techniques that have been used to circumvent this problem. It also looks at these various individual efforts and group them into categories. We also discuss the strengths and shortcomings of these efforts. Finally, some future works and opportunities of research are presented.
    Keywords: Data Leakage; Mobile Applications; Security; Mobile Devices; Android; Taint Tracking; Machine Learning.

  • Why What & How to Measure and Improve the Security of Networks (A snapshot of the current situation of security metrics and the way forward)   Order a copy of this article
    by Naveen Bindra, Manu Sood 
    Abstract: Networks are vulnerable to many threats. Every now and then incidents happen in the networks causing damage to the businesses. Terrorists and cyber-criminals exploit the existing vulnerabilities of the networks to their advantage. In traditional networks, i.e. the networks before the advent of Software Defined Networks (SDNs), implementation of security policies was very cumbersome. One augments/overhauls the security of the network if he has assessed the present situation. The answers to queries like how susceptible the networks are, what security solutions are required and the degree of a security deterrent for the network may lie embedded in security metrics. Nevertheless, the security of current systems needs to be revisited for taking timely actions according to the demand of the situation. SDNs architecture with centralized control and availability of Active Programming Interfaces (APIs) help to devise novel security metrics. The factors like challenges of finding sources, defining parameters and focal areas to develop novel metrics have motivated the authors to analyze the existing work and suggest a new framework to design simple, quantifiable, practical and customized security metrics for Networks of organizations. Our work is unique and different from other studies in the sense that not only it critically analyzed the existing work but also suggest the much-needed approaches to build security metrics. This study presented here deals with all existing uncertainties in the development of metrics and put forth the review of the need and utility of security metrics for improving the situation of networks.
    Keywords: Security metrics; vulnerabilities; network threats; DDoS detection; DDoS mitigation; SDN security.

  • Optimizing the DTLS handshake design for Trusted Execution Environment enabled sensor nodes   Order a copy of this article
    by Anil Yadav, Nitin Rakesh, Sujata Pandey, Rajat Kumar Singh 
    Abstract: Time consumed in the handshake process between dtls client and server is optimized by introducing the pre-shared key based handshake process between the remotely located entities. It reduces the number of message exchange between client and resource server without compromising the communication security. However, the pre-shared key based approach is still vulnerable to software attacks. This paper focuses on highlighting the vulnerabilities of dtls handshake process and then optimizing the handshake process of the dtls protocol to prevent the software based attacks in the smart sensor client and sensors (resource servers). We discussed the scenarios where the handshake process is prone to software attacks and proposed the trusted execution environment based design of the dtls handshake to enhance the communication security by eliminating the risk of intermediate keying materials being exposed to a non-secure environment. Our design also considers the resource constrained nature of the sensor nodes and thus split the handshake process such that the memory footprint of the implementation does not overload the TEE. We implemented a dtls client and a dtls server on a TEE enabled hardware and compared the performance thereof. Our preliminary experimental results show significant gain for memory footprint, but with a minor penalty in handshake time consumption.
    Keywords: Handshake; pre-shared key; Trust zone; TEE; REE; DTLS; smart sensors.

  • Hidden Markov models for advanced persistent threats   Order a copy of this article
    by Guillaume Brogi, Elena Di Bernardino 
    Abstract: Advanced Persistent Threats (APT) are a serious security risk and tools suited to their detection are needed. These attack campaigns do leave traces in the system, and it is possible to reconstruct part of the attack campaign from these traces. In this article, we describe a hidden Markov model for the evolution of an APT. The aim of this model is to validate whether the evolution of the partially reconstructed attack campaigns are indeed consistent with the evolution of an APT. Since APTs are hard to detect, we also introduce a score to take into account potentially undetected attacks. In addition, the score also allows comparing the fit of APTs of different lengths. We validate and illustrate both the model and the score using data obtained from experts.
    Keywords: intrusion detection; advanced persistent threats; attack campaign; machine learning; hidden Markov models; score; missing observations; undetected attacks; expert knowledge.

  • Non-malleable encryption with proofs of plaintext knowledge and applications to voting   Order a copy of this article
    by Ben Smyth, Yoshikazu Hanatani 
    Abstract: Non-malleable asymmetric encryption schemes which prove plaintext knowledge are sufficient for secrecy in some domains. For example, ballot secrecy in voting. In these domains, some applications derive encryption schemes by coupling malleable ciphertexts with proofs of plaintext knowledge, without evidence that the sufficient condition (for secrecy) is satisfied nor an independent security proof (of secrecy). Consequently, it is unknown whether these applications satisfy desirable secrecy properties. In this article, we propose a generic construction for such a coupling and show that our construction produces non-malleable encryption schemes which prove plaintext knowledge. Furthermore, we show how our results can be used to prove ballot secrecy of voting systems. Accordingly, we facilitate the development of applications satisfying their security objectives.
    Keywords: Asymmetric encryption; ballot secrecy; homomorphic encryption; indistinguishability; non-malleability; privacy; secrecy; voting.

  • OAP-WMN: Optimized and Secure Authentication Protocol for Wireless Mesh Networks   Order a copy of this article
    by Nicopolitidis Petros 
    Abstract: WMN (Wireless Mesh Networks) proposes many attractive features to mobile networking area such: self-reconfiguration and self-organization which make it more flexibile, easy deployed and not expensive. But, these features make it constantly overwhelmed with different types of security threats. In this article, we propose an optimized and secure authentication and re-authentication schemes based on the EAP (Extensible Authentication Protocol) mechanism. The proposed solution ensures security of WMN handoff and with a better QoS. It achieves this by reducing the number of exchanging messages and computations in the proposed authentication and re-authentication processes. Besides, we choose to secure the link layer that makes the authentication process more efficient and optimized. For performance evaluation, we use the OPENSSL tool to compare our work with some related work and the result is good. Moreover, the security of our authentication scheme has been affirmed with the AVISPA tool.
    Keywords: Wireless Mesh Network; IEEE 802.11s; EAP; authentication; handoff; QoS; AVISPA.

  • Characterizing Spatial Dependence on Epidemic Thresholds in Networks   Order a copy of this article
    by Zesheng Chen 
    Abstract: Epidemic processes are an important security research topic for both the Internet and social networks. The epidemic threshold is a fundamental metric used to evaluate epidemic spread in networks. Previous work has shown that the epidemic threshold of a network is $1/lambda_{max}(A)$, i.e., the inverse of the largest eigenvalue of its adjacency matrix. In this work, however, we indicate that such a theoretical threshold ignores spatial dependence among nodes and hence underestimates the actual epidemic threshold. Moreover, inspired by the Markov Random Field, we analytically derive a more accurate epidemic threshold based on a spatial Markov dependence assumption. Our model shows that the epidemic threshold is indeed $1/lambda_{max}(A)(1-rho)$, where $rho$ is the average spatial correlation coefficient between neighboring nodes. We then apply simulations to compare the performance of these two theoretical epidemic thresholds in different networks, including regular graphs, synthesized irregular graphs, and a real topology. We find that our proposed epidemic threshold incorporates a certain spatial dependence and thus achieves greater accuracy in characterizing the actual epidemic threshold in networks.
    Keywords: Epidemic thresholds; susceptible-infected-susceptible (SIS) model; spatial dependence; Markov Random Field; Markov model; mean-field approach.

  • A novel Cryptographic Solution to secure Mobile Wireless Sensors Networks   Order a copy of this article
    by Imen Bouabidi, Mahmoud ABDELLAOUI 
    Abstract: Due to the constraints of sensors networks, implementing a secure network requires the development of new approaches dedicated and adapted to these networks. In this context, we proposed in this paper a new cryptographic solution based on grouping a modifed AES in CTR mode and a new key management protocol. The originality of our solution is to obtain a high security level with regard to a minimal resources use (storage only three keys whatever the network density). Our goal is to secure communications between nodes. Simulations are executed by OMNet++ and visual c++ studio. Compared to existing protocols, our cryptographic solution present better results in WSN metrics: it achieves lower energy consumption (the energy cost does not exceed 0.512
    Keywords: AES; CTR mode; ESKMS; integrity; Mobile WSN; OMNet++; privacy;resistance to attacks; symmetric cryptography.

  • Medical Image protection using Diffusion, Substitution and Reversible Data Hiding based on Prediction   Order a copy of this article
    by Mancy Lovidhas, S.Maria Celestin Vigila 
    Abstract: Owing to the expanding benefit for tele-health amenities have developed awareness in the practice of medicinal image protection expertise. It mostly condensed with patient report that are cautious and must only offered to allowable personality. So the medicinal image safety becomes a very great complexity, when victim data are fetched through the open system. Reversible data hiding is mainly an outstanding pledge to grant security for various applications such as satellite, medical images etc. At first, a secret key of 128-bits level is developed by an image histogram. At first the light perceptive characteristic of Digital Imaging and Communications in Medicine image is decayed by the mixing procedure. The ensuing image is dispersed in key conditional blocks and additional, these blocks are conceded in the course of key conditional diffusion and substitution operations. In encryption process, overall five rounds are used. At last the generated covert key is implanted within the cipher image in the method of steganography. Once the medical image is encrypted, the spare information can be fixed into the key embedded cipher image by changing a miniature amount of encrypted information. By means of a cipher image enclosing spare information, one might first haul out the embedded information and then extract the key from the cipher image. At last with the extracted key the cipher image is decrypted and the original image can be successfully obtained.
    Keywords: Diffusion; Substitution; Histogram; Encryption; Decryption; Steganography; Reversible Data Hiding.

  • Location big data differential privacy dynamic partition release method   Order a copy of this article
    by Yan Yan, Lianxiu Zhang, Bingqian Wang, Xin Gao 
    Abstract: Aiming at the privacy protection requirements in real-time statistical publishing process of location big data, a dynamic partition method is proposed based on differential privacy mechanism. The temporal redundancy between adjacent data snapshots has been eliminated by sampling and differential processing of dynamic location big data, and the spatial redundancy of location big data has been reduced by adaptive density meshing and uniformity heuristic quadruple partitioning. Differential privacy protection has been realized by adjusting partition structures of the current data set on the spatial structure of previous moment and adding Laplace noise. Experiments carried out on the cloud computing platform and real location big data sets show that the proposed algorithm can meet the dynamic partition release requirements of real-time location big data, and the query precision of single-released location big data is better than other similar methods.
    Keywords: location big data; dynamic partition release; differential privacy; temporal redundancy; spatial redundancy.

  • Data Integrity Attack Detection in Smart Grid: A Deep Learning Approach   Order a copy of this article
    by Sunitha Basodi, Song Tan, WenZhan Song, Yi Pan 
    Abstract: Cybersecurity in smart grids plays a crucial role in determining reliable functioning and availability. Data integrity attacks at the physical layer of smart grids are mainly addressed in this paper. State Vector Estimation(SVE) methods are widely used to detect such attacks, but such methods fail to identify attacks that comply with physical properties of the grid, known as unobservable attacks. In this paper, we formulate a distance measure to be employed as the cost function in deep-learning models using feedforward neural network architectures to classify malicious and secured measurements. Efficiency and performance of these models are compared with existing state-of-the-art detection algorithms and supervised machine learning models. Our analysis shows better performance for deep learning models in detecting centralized data attacks.
    Keywords: smart grids; bad data detection; state vector estimation; deep learning; IEEE test bus systems; matpower; keras with tensorflow.

  • A real-time botnet detection model based on an efficient wrapper feature selection method   Order a copy of this article
    by Akram Farahmand-Nejad, Samira Noferesti 
    Abstract: Botnets are one of the most widespread and serious threats of cybersecurity that have infected millions of computers around the world over the past few years. Previous research has shown that machine learning methods can accurately detect botnet attacks. However, these methods often do not address the problem of real-time botnet detection, which is one of the main challenges in this area and is essential to prevent the damage caused by botnet attacks. This paper aims to present an efficient real-time model for botnet detection. In the proposed method, a subset of the effective features in detecting the bot traffic is initially selected using the World Competitive Contests Algorithm. Then, based on the selected features, a support vector machine model is created offline to detect real-time bot traffic from the normal one. The test results show that the proposed method can detect botnets with 95% accuracy and outperforms other methods.
    Keywords: network security; botnets; real time; machine learning; support vector machine; SVM; feature selection; world competitive contests algorithm; WCC; wrapper methods; botnet attacks.

  • AudioKey: A Usable Device Pairing System Using Audio Signals on Smartwatches   Order a copy of this article
    by Jiacheng Shang, Jie Wu 
    Abstract: Smartwatches are expected to replace smartphones in some applications with better user experience because of a greater range of features and new innovations such as audio recording, activity recognition, and data transmission. In this paper, we develop a system called AudioKey, aiming to pair two smartwatches by generating a unique secret key between them. Compared with existing works, our system does not need extra infrastructure to synchronize devices and trigger the key generation process, and only uses the existing sensors (gyroscope and microphone) that are deployed on most smartwatches. AudioKey triggers the key generation process on two devices at the same time by detecting the handshake between two normal users. A secret key is extracted from both the frequency domain and the time domain of audio signals and used to authenticate each other or encrypt the sensitive data. Evaluation results collected on 9 volunteers in three different scenarios show that our system can achieve a bit generation rate of 13.4 bits/s with the mean key agreement rate of $96.7\\%$ for a 128-bit secret key, while a strong attacker can only achieve a mean key agreement of $10.8\\%$.
    Keywords: Human activity recognition; Secret key generation.