Forthcoming articles

International Journal of Security and Networks

International Journal of Security and Networks (IJSN)

These articles have been peer-reviewed and accepted for publication but are pending final changes, are not yet published and may not appear here in their final order of publication until they are assigned to issues. Therefore, the content conforms to our standards but the presentation (e.g. typesetting and proof-reading) is not necessarily up to the Inderscience standard. Additionally, titles, authors, abstracts and keywords may change before publication. Articles will not be published until the final proofs are validated by their authors.

Forthcoming articles must be purchased for the purposes of research, teaching and private study only. These articles can be cited using the expression "in press". For example: Smith, J. (in press). Article Title. Journal Title.

Articles marked with this shopping trolley icon are available for purchase - click on the icon to send an email request to purchase.

Register for our alerting service, which notifies you by email when new issues are published online.

Open AccessArticles marked with this Open Access icon are freely available and openly accessible to all without any restriction except the ones stated in their respective CC licenses.
We also offer which provide timely updates of tables of contents, newly published articles and calls for papers.

International Journal of Security and Networks (28 papers in press)

Regular Issues

  •   Free full-text access Open AccessImpact of Post-Quantum Hybrid Certificates on PKI, Common Libraries, and Protocols
    ( Free Full-text Access ) CC-BY-NC-ND
    by Jinnan Fan, Fabian Willems, Jafar Zahed, John Gray, Serge Mister, Mike Ounsworth, Carlisle Adams 
    Abstract: In this work, we assessed the impact of post-quantum (PQ) cryptography on public key infrastructure (PKI). First, we modified a commercially available certification authority (CA) to issue "hybrid" certificates (X.509 certificates with PQ extensions). Then we assessed the impact of using these certificates on some existing protocols, including TLS, OCSP, CMP, and EST, with open-source libraries OpenSSL and CFSSL, and with a commercially available cryptographic toolkit. We found that most of the protocols and libraries we tested worked with hybrid certificates, and some of the failures could be overcome with minor modifications to the existing software. Our work differentiates from and extends previous work by focusing on the impact of PQ algorithms on certificate issuance, revocation, and management protocols, which are necessary for enterprises to manage PKI in their environments. The impact on TLS is also investigated, allowing consistency with previous results to be evaluated.
    Keywords: post-quantum cryptography; security; certification authority; certificate authority; X.509 certificates; hybrid certificates; public key infrastructure; PKI; openssl; TLS; OCSP; CMP; EST.

  • Taxonomy of Reputation Based Defending Mechanisms Against Types of Attacks in Delay Tolerant Networks   Order a copy of this article
    by Preeti Nagrath, Sandhya Aneja, G.N. Purohit 
    Abstract: Delay Tolerant Networks (DTNs) have been standardized as a solution for wireless networking scenarios with intermittent connectivity. DTNs use a dynamic topology and opportunistic contacts to transfer messages across the network. Limited buffer space and limited battery power in DTNs can give rise to malicious nodes. These malicious nodes misuse network resources and exhibit selfish or malicious behavior which can cripple the network. This paper discusses various forms of malicious behavior: flooding attack, black hole attack, gray hole attack and selfish attack. Several reputation based defending mechanisms against these attacks have been proposed by the DTN research community. In this paper, a taxonomy of these reputation based defending mechanisms is defined, in terms of how reputations are calculated and disseminated. The mechanisms are categorized as source-based, peer-based, trusted-authority-based or destination-based, depending on which node takes decision to assign reputation. Under each category, the mechanisms are further classified as either user-centric (the node itself), or neighbour-centric (neighbour node), based on which node keeps evidences of the job performed. This paper presents a review of all these mechanisms. After the review, it is observed that destination-based reputation mechanism seems to be a better approach than the other mechanisms, because the overhead of evidences is smaller and relies on first hand information.
    Keywords: Delay tolerant networks ; Attacks ; Vulnerabilities; Reputation based defending techniques ; Destination based approach ; Taxonomy.
    DOI: 10.1504/IJSN.2020.10034809
  • An Algorithm of NLOS Error Identification and Mitigation in Mobile Location Estimation   Order a copy of this article
    by Changhong Zhu, Ning Xiao 
    Abstract: For the purpose of improving positioning accuracy of mobile station in the complex environment, a real-time non-line-of-sight (NLOS) identification and elimination method is proposed based on the characteristics of NLOS error. In this algorithm, Kalman filter (KF) is used to identify whether NLOS errors are included in range measurements in real time. According to the positive deviation characteristics of NLOS errors, there is a positive deviation between the smoothing curve of distance measurements and the real distance curve. The reconstructed line-of-sight measurements can be obtained by moving down the curve. The simulation results prove that the algorithm is better than traditional extended Kalman filter (EKF) and Wylie algorithm.
    Keywords: non-line-of-sight; Kalman filter; positioning accuracy; identification; mitigation.

  • An Overall Analysis Method of Urban Road Parking Lots Based on Data Mining   Order a copy of this article
    by Guanlin Chen, Jiapeng Shen, Jiang He, Xu Dai, Wenyong Weng 
    Abstract: In this paper, we first propose a multiple linear regression-autoregressive moving average model(MLR-ARMA) which combines the multiple linear regression model and the autoregressive moving average model to fit and predict a single parking lots parking demand. The experimental results show that this model performs better on predicting future parking amounts than the simple multiple linear regression model and the autoregressive integrated moving average(ARIMA) model. Then, this paper proposes an overall analysis method of urban road parking lots based on cluster analysis and uses the MLR-ARMA model to verify the clustering results. The experimental results show that when reasonable weights are assigned to different dimensions of the feature vector of parking lots, the method proposed in this paper can classify parking lots with similar usage patterns and adjacent locations into one category well, which is conducive to further analysis.
    Keywords: parking management; MLR-ARMA model; data mining; cluster analysis; feature vector; linear regression.

  • A Novel Approach For COVID-19 Outbreak Spread Monitoring and Control Using Smart Grid Technology   Order a copy of this article
    by E.L. Yazid Dari, Ahmed Bendahmane, Mohamed Essaaidi 
    Abstract: The novel Coronavirus SARS-CoV-2 was discovered in November 2019 in Wuhan, Hubei Province, in China. On January 30th, 2020, the World Health Organization (WHO) declared the COVID-19 outbreak a Public Health Emergency of International Concern (PHEIC). On March 11th, 2020, the WHO announced that COVID-19 could be characterized as a pandemic (WHO, 2020a). Then, it was rapidly spread from China to others countries in the worldwide. Coronavirus disease, COVID-19, is a viral infection that generates a severe acute respiratory syndrome with serious clinical symptoms given by such as fever, dry cough, dyspnea, and pneumonia and may result in progressive respiratory failure and death (Kucharski et al. 2020). In addition, this virus is so widespread among people and it is difficult to control.\r\nDespite the unprecedented and huge technological development by many countries, regions and sectors, outbreak of the current COVID-19 reminds the world about vulnerability to combat natural and man-made chemical attacks. To fight the rapid spread of new diseases like COVID-19, the support of technologies such as Machine Learning, Artificial Intelligence (AI), Big Data and Internet of Things (IoT) and robotics has proved to be very useful and provides much better pandemic spread control and monitoring tools than traditional methods. In this paper, we propose to leverage smart grid technology to detect COVID-19 cases clusters, to accelerate pandemic remote monitoring, and to predict probable virus future spread by collecting and analyzing retrieved data.
    Keywords: Smart grid; smart meters; COVID-19; SARS-Cov-2; Coronavirus; Temperature; Communication; Symptoms.

  • Partial Rule Security Information and Event Management Concept in Detecting Cyber Incidents   Order a copy of this article
    by Aleksandar Jokic, Sabina Barakovic, Jasmina Barakovic Husic, Jasna Pleho 
    Abstract: Information communication technologies are evolving rapidly and have huge impact on everyday life. This does not come without dangers, i.e., it is actively followed by wide range of malicious activities that impact the companies forcing them to protect their information at all costs. Cyber-attacks today are usually consisting of multiple carefully planned hardly detectable steps causing severe damage to companies. This paper examines the capability of Security Information and Event Management (SIEM) system with applied partial rules in detecting the multi-step attacks. Fine tuning was focused on detecting partial attack patterns that were important and specific to environment and positive results were gained. The results show that when using the partial rule approach in SIEM for incident detection, the number of detected advanced multistage cyber-attacks has increased, thereby contributing to the overall security in cyber space.
    Keywords: cyber-attack; detection; exfiltration; partial rule; security; SIEM; visibility.

  • Plant Disease Detection for Banana using Long Range Wide Area Network   Order a copy of this article
    by Blessy Annie Flora. J, Radha S, Hemalatha R, Aasha Nandhini. S 
    Abstract: Agriculture is the backbone of India and nearly 70% of the people in the country depend on agriculture. These agricultural practices need to be transformed to overcome the negative impact of yield losses in real-time. A major threat to crop production is plant diseases. With the use of LoRaWAN, it is possible to connect the sensor nodes deployed in the agriculture field over a long distance. In this paper, a low-cost plant disease detection of the banana field using LoRaWAN is proposed to deploy IoT based network for environmental monitoring. LoRaWAN is used for monitoring the environmental parameters of the field to predict the diseases affected in the banana plant. The affected disease information is transmitted using LoRaWAN for covering long distances in the field. Using TTN cloud service and the Ubidots dashboard the data are analyzed and notification given to the farmers.
    Keywords: LoRaWAN; Black Sigatoka; Bunchy top of Banana; Smart Agriculture; TTN.

  • IMMI: An Architecture Integrated for Management of Modern Internet Service Providers   Order a copy of this article
    by Rafael Gomes, Matheus Silveira 
    Abstract: Nowadays, the human society claims for modern computational services based on Internet access through an Internet Service Provider (ISP). Similarly, ISPs expanded their service delivery, giving different alternatives of access networks and interconnected by a edge network. This new reality creates the idea of Modern Internet Service Providers (MISPs), applying Network Virtualization (NV), Software Defined Network (SDN) and Network Function Virtualization (NFV) technologies. However, the MISPs need a solution to perform an integrated management of these network environments. Within this context, this article proposes an architecture, called Integrated Management of Modern Internet Service Providers (IMMI), to perform the management of both edge and access networks, allowing information exchange, the deployment of slices and resources based on the profile of the access network. Additionally, this article analyzes the current status of the ISPs (and their limitations), as well as it discusses the key technical trends and challenges for the management of MISPs. Finally, a case study is presented to show the suitability of the proposed architecture to enhance the management capacity of MISPs.
    Keywords: Edge Network; Access Network; Network Management; Internet Service Provider.

  • Formal Verification of Secondary Authentication Protocol for 5G Secondary Authentication   Order a copy of this article
    by Ed Kamya Kiyemba Edris, Mahdi Aiash, Jonathan Kok-Keong Loo, Mohammad Shadi Alhakeem 
    Abstract: The Fifth-Generation mobile network (5G) will enable interconnectivity between the Home Network (HN) and Data Network (DN) whereby mobile users with their User Equipment (UE) will be able to access services provided by external Service Providers (SP) seamlessly. The mobile user and SP will rely on security assurances provided by authentication protocols used. For 5G, primary authentication between the UE and the HN has been defined and specified by the Third Generation Partnership Project (3GPP) while the secondary authentication has also been defined but not specified. 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP. However, the secondary authentication methods have not been formally verified, so this paper proposes a Secondary Authentication Protocol (SAP) for service authentication and provides a comprehensive formal analysis using ProVerif a security protocol verifier. Finally, it conducts a security analysis on the protocol's security properties.
    Keywords: 5G; Secondary Authentication; Security Protocol; Services; Formal Methods; ProVerif; Applied Pi Calculus.

  • A Smart Urban Management Information Public Opinion Analysis System   Order a copy of this article
    by Guanlin Chen, Rutao Yao, Gang Chen, Jie Chen, Tian Li 
    Abstract: With the continuous development of the times, urban population keeps increasing, the difficulty of urban management has become higher and higher.Today is a information age, and the Internet is flooded with information. If the information can be used, the public opinions of urban residents can be grasped through this information, then problems can be perceived in advance and resolved early. In this paper, we proposed a smart urban management information public opinion analysis system. This system uses Oracle to provide database support, combined with natural language processing technology, aims to create a complete system includes achieve information collection, text analysis of information and final data display, which could contribute to the creation of a smart city.
    Keywords: text analysis;public opinion;Oracle;natural;language processing.

  • Flow-based Profile Generation and Network Traffic Detection for DNS Anomalies using Optimized Entropy-based Features Selection and Modified Holt Winter's Method   Order a copy of this article
    by Rohini Sharma, Ajay Guleria, R.K. Singla 
    Abstract: Network Anomaly Detection Systems can detect zero day anomalies but false positive rate is quite high, and the localization of anomalies require manual intervention. In this paper, Profile-based Network Anomaly Detection System (P-NADS) is proposed that works in three phases. In the first phase, a minimal set of characteristic features for DNS service is identified using proposed Optimized Entropy-based Features Selection (OEFS). Minimum number of characteristic features help in detecting anomalies with the same or higher accuracy and decreases the response time as well. In the second phase, Modified Holt Winter's Method using partial Trend (MHWT) is proposed that generates normal profile of a system to predict future normal behavior. It predicts the normal behavior more accurately than the previous techniques. Normal profile of a system is updated regularly using predicted and actual behavior of the system. In the final phase, anomalies are detected and localized. Experimental results show that the OEFS method works better than Information Gain and Forward Feature Selection Algorithm. The proposed MHWT method gives better prediction for DNS when compared to HWDS Method with the original set of features and with a minimal set of features. The proposed system automatically localizes the anomalies and finds the infected sub-network which can be isolated from the rest of the network until remedial actions are taken. Experiments are performed on Panjab University Flow-based Dataset (PUF-Dataset) which is available for researchers. The dataset was created using real flows collected from Panjab University Chandigarh campus network.
    Keywords: Network Anomaly Detection; Holt Winter's Method; Domain Name System; Features Selection; Entropy; Normal Profile; Network Flows.

  • I-SMITE: An IP Traceback mechanism for Inter-AS SDN Networks using BGP   Order a copy of this article
    by Pynbianglut Hadem, Dilip Kumar Saikia, Soumen Moulik 
    Abstract: In this paper we introduce I-SMITE an inter-AS (Inter Autonomous Systems) IP traceback mechanism based on SMITE to support efficient IP traceback across inter-AS SDN (Software-Defined Networks) networks. The objective is achieved through an integration of SDN, Multiprotocol Label Switching (MPLS) and Border Gateway Protocol (BGP) in OpenFlow. Our proposed work leverages the flexibility of SDN and the strength of MPLS to achieve low false-positive rate, ability to perform post-mortem traceback, reduction in storage pressure/hardware investment and most importantly the ability to perform traceback for a single attack packet. Also, the standard Internet protocol BGP has been used to provide inter-AS IP traceback support, thereby enhancing the acceptability of the proposed work. Moreover, the proposed work also aims to overcome the difficulties and limitations of legacy traceback mechanisms in SDN environment.
    Keywords: Network Security; IP Traceback; I-SMITE; SDN; MPLS; BGP; OpenFlow; Cyber-Attacks.

  • Encryption Key Management as a Trusted Security as a Service for Cloud Computing   Order a copy of this article
    by Saad Fehis, Omar Nouali, Tahar Kechadi 
    Abstract: Cloud computing has become very popular and its users and services are in constant increase. Currently, many mobile IT users are accessing business data and services without going through corporate networks. Consequently, the need for putting appropriate and robust security controls between mobile users and cloud-based services is crucial. This is the main reason behind the proliferation of new Security as a Service (SecaaS) offers. The common security mechanism of most services and communications is based on the encryption / signing keys, which themselves depend highly on the cryptographic key management system (CKMS) itself. This is called trustworthy protocol and its implementation is the most challenging of the whole security and protection policies and mechanisms. To deal with this challenge, we propose an approach that provides a CKMS as a trusted SecaaS based on the trusted platform module (TPM), which is the foundation for the trust, keys generation, and SecaaS authentication. We defi ne an efficient security protocol that creates, certifi es, and encrypts any encryption / signing key inside TPM. Key leaves TPM in encapsulated format, and it delivered to its owner in a secure way without decryption.
    Keywords: Cloud Computing; Security as a Service; Cryptographic Key Management System; Trusted Platform Module.

  • Identifying influential spreaders in complex networks using neighborhood coreness and path diversity   Order a copy of this article
    by Yang Xiong, Xie Guangqian, Li Xiaofang 
    Abstract: The k-shell decomposition method dividing a great deal of nodes with different propagation capabilities into the same k-shell layer is unable to identify the influential spreaders accurately. Previous works improving the k-shell centrality were promising but inadequate, due to local neighborhood and spreading dynamics of information. To solve this problem, the path diversity based on information entropy is proposed. We have investigated the spreading dynamics using Susceptible-Infected Model and Independent Cascade Model to reveal the behavior of influential spreaders on the basis of topological location and neighborhood information. Accordingly, a novel neighborhood coreness method using path diversity to identify the influential spreaders from the point of information dissemination is proposed in this work. The simulation is evaluated with two real network datasets. The experimental results show that the neighborhood coreness centrality with the spreading diversity is capable of identifying the influential spreaders more effectively and rank the spreading influence in a more fine-grained level. The nodes found by our method can produce a wider spreading scope in Independent Cascade Model and can take less time to achieve the saturation point in Susceptible-Infected Model.
    Keywords: spreading capability;neighborhood coreness centrality;k-shell decomposition; influential spreaders.

  • A Review of Security Risks and Countermeasures in Containers   Order a copy of this article
    by Samuel Martinez, Victor Morales, Ramon Parra 
    Abstract: Containers are environments that allow software developers to package applications, along with their libraries, dependencies, and all the resources necessary for their operation. Due to the advantages of containers, compared to virtual machines, their use has increased in recent years. However, the nature of containers to share both, the resources, and the kernel of the host system, produces a variety of security problems. This paper describes how application containers work, to latter present a review of the security risks to this technology, as well as the countermeasures to mitigate them. A classification has been made of the risks as well as the security mechanisms used in this environment. Finally, according to different works that were analysed, a relation of the risks and the corresponding mechanisms to counteract them is presented.
    Keywords: Containers; container security; container risk; application containers.

  • A Novel Security Management System for Hazardous Chemicals   Order a copy of this article
    by Guanlin Chen, Qiao Hu, Kaimin Li, Wenyong Weng, Yubo Peng 
    Abstract: With the increasing use of chemicals by the people, the hidden dangers of hazardous chemicals are also increasing. In recent years, many hazardous chemical explosion accidents have occurred, posing a great threat to people's lives and health. How to prevent hazardous chemical accidents has become an important issue. In this paper, we design a novel security management system for hazardous chemicals(HC-NSMS). This system is developed based on JavaEE, using the MySQL data storage and MVC architecture. This system is mainly composed of four modules: user module; hazardous chemical management and information query module; hazard source query display module, statistical analysis of hazardous chemical information module; and early warning of over-standard hazardous chemicals module. Using this system, we comprehensively collect various indexes and quantities of hazardous chemicals in every location in the city. Then we sort these data and a basic database is established to intelligently predict and warn the real-time status of hazardous chemicals.
    Keywords: hazardous chemicals;security management;JavaEE;MySQL;Ajax.

  • Detecting PE-Infection Based Malware   Order a copy of this article
    by Chia-Mei Chen, Gu-Hsin Lai, Zheng-Xun Cai, Tzu-Ching Chang, Boyi Lee 
    Abstract: Organizations have employed multiple layers of defense mecha-nisms, while numerous attacks still take place every day. Malware is a major vehicle to perform attacks such as stealing confidential information, disrupting services, or sabotaging industrial sys-tems. Attackers customize malware by advanced attack tech-niques, such as PE (portable executable) infection or DLL (dy-namic link library) injection which inserts a malicious DLL to a benign program, to subvert defense systems. Advanced persis-tent threat (APT) attacks had intruded and not been discovered in high profile organizations; they are seeking for a solution to identify the malware. The behavior of DLL injection sometimes occurs during ex-ecution; static analysis might not be able to capture it. To improve the detection performance, this study proposes a hybrid ap-proach combining static and dynamic analysis to detect malware. The experimental results show that the proposed approach could detect malware efficiently and could flag unknown malware before the commercial anti-virus software.
    Keywords: malware detection; DLL injection; advanced persistent threat.

  • An automated method for detecting suspicious nodes in Bitcoin address graph   Order a copy of this article
    by Tala Tafazzoli, Abouzar Arabsorkhi, Amirahmad Chapnevis 
    Abstract: Financial innovation has entered a new era with cryptocurrencies. Bitcoin is the fi rst decentralized cryptocurrency and the most popular in the world. The main features of this new technology are immutability, decentralized trust and anonymity. Bitcoin anonymous and untraceable system facilitates cash-out and laundering of cybercrime proceeds. Bitcoin currency flow provides an address graph that assigns the flow of Bitcoin between two addresses. Identifying suspicious nodes in the Bitcoin network is similar to the problem of recognizing the origins in the contact network of different applications, i.e., virus propagation, rumor source in social networks, poison spread in water networks. In order to investigate money laundering in Bitcoin, we proposed an automated method to identify suspicious addresses in the Bitcoin address graph. We chose two centrality measures to be calculated on the graph. The measures are betweenness centrality and closeness centrality. The nodes with the highest values for the measurements are suspicious. The accuracy of the proposed method is further investigated by comparing the fraudulent candidate nodes with other scenarios. It is shown that the identifi ed nodes are correct candidates for further investigations.
    Keywords: Bitcoin; bteweenness centrality; closeness centrality; money laundering;.

  • An Authorization Certificate Based Access Control Model   Order a copy of this article
    by Wenxin Li, Jingsha He, Nafei Zhu, Shuting Jin, Da Teng 
    Abstract: There are currently many types of access control models and schemes that have been proposed to protect valuable resources in distributed environment. Many such models have failed to take into the consideration of efficiency, security, practical implementation and management at the same time. Based on the analysis of conventional certificate-based access control characteristics, this paper proposes an Authorization Certificate Based Access Control Model (ACBAC) to realize access control in distributed environment. Employing certificates in access control c a n h e l p meet the v a r i o u s requirements in distributed networks or systems while ensuring security to a great extent. Efficiency and security can thus be improved by delegating the functions of making access authorization decisions to the certificate issuer (CI). We will formally describe the model, introduce the application scenarios and the processes of the model, and provide the details of implementation. Finally, the effectiveness and superiority of the model is verified through experiment and analysis.
    Keywords: Authorization certificate; Access control; Access control model; Distributed control; Formalization.

  • IOT Smart Homes Security Challenges and Solution   Order a copy of this article
    by Mansoor Farooq, Mubashir Hassan 
    Abstract: Security in smart homes is becoming more and more relevant because of the ever-growing availability of devices on the market and the confidential information they process. Historic incidents have indicated that intelligent homes can lead to attacks with significant consumer and community implications. While a lot has been achieved to identify security solutions for IoT and intelligent houses, consensus also needs to be found about how the best solutions are. This paper describes the significance of technologies in the field and presents a possible security policy for intelligent households. The safety solution is a network-based solution installed in a smart hub that identifies malicious behavior inside a connected home network. Two attack detection processes, namely botnet detection and Evil-Twin attack detection are introduced as proof of concept. The findings suggest that the security supervisor can identify the former but not the latter.
    Keywords: IoT; Smart Homes; Botnet; and Evil-Twin.

  • A secure and privacy-preserving Scheme for Secure Metering and Cooperative Communication in Advanced Metering Infrastructure of Smart Grid Networks   Order a copy of this article
    by Oladayo Olakanmi, Kehinde Odeyemi 
    Abstract: Advanced Metering Infrastructure (AMI) in a smart grid network performs fine grained metering and communication for effective monitoring of energy consumptions of electric utility customers. However, its reliance on the existing wireless communication facilities, which are not only characterized by high traffic but also vulnerable to different attacks, affects its performance. The high volume of sensitive data on AMI coupled with the vulnerability of its wireless infrastructure has made it one of the major targets for different attacks in the smart grid network. Therefore, to secure metering and communication on an AMI of smart grid network there is a need for an efficient solution that enforces confidentiality, integrity and privacy preservation. Although several schemes had been proposed to secure metering and communication in AMI, most of them are incapable of providing vital security properties at a low cost. In this paper, an efficient privacy-aware and secure metering and communication scheme is proposed to secure metering, and preserve the customers privacy. To achieve this, we adopted low-cost cryptographic primitives to evolve effective metering and communication scheme with non-complex key management and authentication procedures. Our approach allows data aggregation among m number of customers for secure multi-hop transmission of metering data. The simulation results showed that the approach ensures confidentiality, privacy preservation, and integrity in AMI at a low computational and communication overhead.
    Keywords: Smart Grid; Perturbation; Security; Aggregation; Metering; Communication.

  • Desktop and Mobile Operating System Fingerprinting based on IPv6 Protocol using Machine Learning Algorithms   Order a copy of this article
    by Saeed Salah, Mohammed AbuAlhawa, Raid Zaghal 
    Abstract: Operating System (OS) fingerprinting tools are essential to network security because of their relationship to penetrating testing, vulnerability scanning, network inventory and tailoring of exploits. While OS identification is traditionally performed by passive or active tools that use fingerprint datasets, a limited number of proposals has focused on using machine learning techniques. Furthermore, significantly more contributions have focused on IPv4 than IPv6. This paper proposes a new methodology based on machine learning algorithms to build classification models to identify IPv6 OS fingerprinting based on user traffic. Unlike other proposals that mainly depend on TCP and IP generic features for detecting the OS, this work adds other features to improve the detection accuracy. Moreover, the scope of this work is extended beyond the classification of OSes that are installed in desktop and laptop (such as Windows and Linux, etc.), it also considers OSes installed in mobiles and tablets (such as Android and iOS). In addition to that, since IPv6 suffers from lack of such datasets that can be used for OS fingerprinting purposes, due to privacy issue of the IPv6 information (such as IPv6 address and prefix), a newly created dataset was used in this work and will be available for other researchers who conduct relevant research. The experimental results have shown that the algorithms achieved high and acceptable results in the evaluation metrics in classifying the OS. KNN and DT achieve high accuracy of up to 99%. SVM achieves a quite high accuracy of up to 81%. GNB achieves the lowest accuracy up to 75%. Moreover, KNN, RF and DT achieve the best recall, precision and f-score which almost the same as the achieved accuracy. GNB achieves 0.75 recall larger than precision (0.81) due to the high number of False Negative (FN) records.
    Keywords: operating system; fingerprinting; IPv6; network security; machine learning; mobile operating system; performance measures.

  • privacy in content-centric networking against side channel attacks   Order a copy of this article
    by Anmol Agnihotri, Padmavathi R., Santanu Chatterjee, Vinod Mahor 
    Abstract: Content-Centric Network (CCN) is a new networking paradigm to overcome the shortcomings of todays Internet. The central point in CCN is the named and addressable data or the content. Due to a few loopholes within the engineering of CCN, side-channel attacks are conceivable. In this paper, two such types of attacks are investigated, one is time-based and another is inference based. Delivering privacy to consumers comes at the cost of reducing utility. We proposed an algorithm to preserve consumer privacy without much affecting the overall utility of the network to overcome time-based attack on privacy. A comparative study of privacy vs. utility trade-off is presented. The algorithm is analysed both experimentally and theoretically and results are reported.rnInference side-channel attack based on frequency analysis can be achieved by an eavesdropper in the presence of adequate information, to learn the plain-text of encrypted content transmitted in CCN. We analysed the accuracy of this attack and in what extent it can jeopardize consumers privacy. A method is proposed to collect the auxiliary information needed to carry out the attack by probing the cache of the CCN routers. The attack is analysed theoretically as well as experimentally and reported. Possible countermeasures to mitigate the attack are also discussed.
    Keywords: Security & Privacy in CCN; Future Networking Architectures; Side-channel attacks; Cache-Probing attack in CCN; Inferenece Attack in CCN.

  • Uncertain graph generating approach based on differential privacy for preserving link relationship of social networks   Order a copy of this article
    by Jun Yan, Yupan Tian, Hai Liu, Zhenqiang Wu 
    Abstract: With the widespread use of social networks in our daily life, the personal privacy in social networks has become a growing concern. To prevent the link relationship of social networks from disclosing users' sensitive information when the social networks data is released, an uncertain graph approach based on differential privacy is introduced, which can resist attacks based on background knowledge and possesses better data utility. In this approach, we propose a modification of edges based on random response (MERR) algorithm and a injection of uncertainty based on k-edges-differential privacy (IUDP) algorithm. The MERR algorithm can modify the edge of original graph according to random response mechanism, while the IUDP algorithm injects uncertainty to generate an uncertain graph. For evaluating our approach, the expectation of editing distance between two graphs is adapted to measure the level of privacy preserving. In addition, our approach is conducted on different data sets and compared with other approaches. The experimental results indicate that this approach achieves differential privacy and has better data utility.
    Keywords: uncertain graph; k-edges differential privacy; random response mechanism; Laplace mechanism; link relationship.

  • Chebyshev chaotic map based efficient authentication scheme for secure access of VoIP services through SIP   Order a copy of this article
    by Vinod Mahor, R. Padmavathi, Santanu Chatterjee 
    Abstract: In a network of participants who wish to communicate or access multimedia service using voice over IP (VoIP), System Initiation Protocol (SIP) is used. SIP exists in the application layer for signalling to initiate, update and terminate the sessions. Before initiating the session, the security neccessitates authentication of participating entities. A Mutual authentication mechanism is required for SIP in order to establish a secure session between the two entities. In password based authentication, user need to remember his username and password in order to have a session with other user. In this paper , we have proposed an efficient smart card based mutual authentication scheme (CP-MASIP) for SIP which is based on chebyshev chaotic map. In addition to providing security against various known attacks, our scheme provides user anonymity which is very important security parameter in present world. The scheme has been analyzed using BAN logic and informal security analysis.
    Keywords: Mutual Authentication; BAN Logic; Session Initiation Protocol(SIP); Session Security.

  • Enhanced VoD Security in Cloud Computing Against Insider and Outsider Threats   Order a copy of this article
    by Mohammad Alshayeji, Sa'ed Abed 
    Abstract: Many Video-on-Demand (VoD) providers leverage the bene?ts of cloud computing (e.g., Net?ix shifted to Amazon Web Services). However, various security concerns have arisen from this shift. For instance, if the hosted multimedia contents are not encrypted, then the VoD providers must fully trust that the cloud provider will not illegitimately access, distribute, or modify the multimedia contents. This ultimate trust in the cloud provider emerges owing to numerous issues, especially as the latest ENISA report showed that approximately 25% of security threats have been based on internal misuse over the last six years. Moreover, quite a few of these high-pro?le breaches were because of internal threats. In this paper, we introduce a simple yet e?ective scheme to protect contents from internal and external threats. Encrypt Once - Con?dentiality, Privacy, and Integrity (EO-CPI) focuses on protecting data con?dentiality, integrity, and users privacy for untrusted cloud-based VoD systems. We compared our proposed scheme, which is similar to Net?ix latest encryption scheme that uses Transport Layer Security (TLS) with Advance Encryption Standard - Galois Counter Mode (AES-GCM). Our results demonstrated a signi?cant reduction of 79% of the server-side computational overhead when using EO-CPI with a re-encryption degree of one time per ?ve users while maintaining an intact performance for the user side. It also provides security from internal and external threats versus other approaches when there is a supply of security exclusively from external parties. The proposed approach should enhance and facilitate cloud-based VoD security and diminish its carbon footprint.
    Keywords: Cloud Computing; Content Encryption; Insider Threats; Privacy; VoD.

  • VoIP security auditing model based on COBIT 4.1   Order a copy of this article
    by Oscar Danilo Gavilanez Alvarez, Glen Dario Rodriguez Rafael 
    Abstract: The article justifies the need for a specific model of VoIP security auditing that evaluates the incidence of security problems and addresses the challenges in terms of protecting IT resources. The current VoIP security problems are determined based on the analysis of auditing frameworks, and a model based on COBIT 4.1 is proposed to address these problems. As an innovation, the model includes the security culture plan and social engineering from the approach of the user as an IT service customer. In this work, we present the validation of the surveys using Cronbachs alpha and the results of the statistical average of the surveys applied to experts in social engineering and security auditing in VoIP. The proposed VoIP Security Auditing Model, called VoIPSAM, considers four domainsPlan and Organize, Monitor and Evaluate, Acquire and Implement, and Delivery and Supportwhich consider specific security policies for its application.
    Keywords: model of security auditing; social engineering; security culture plan; VoIP; COBIT.

  • Using Blockchains to protect Critical Infrastructures: a comparison between Ethereum and Hyperledger Fabric   Order a copy of this article
    by Wilson Melo, Lucas S. Dos Santos, Lucila M. S. Bento, Paulo R. Nascimento, Carlos A. R. Oliveira, Ramon R. Rezende 
    Abstract: The monitoring and protection of critical infrastructures, especially the ones involving physical assets (e.g., dams, nuclear energy facilities, governmental buildings), constitute a challenging problem. The failure and collapse of these infrastructures can cause untold consequences. Recent works have proposed blockchains as a tool to improve monitoring systems in different critical infrastructures. However, most previous works lack on presenting a more in-depth discussion about how to implement these solutions. In this paper, we develop a practical approach. We propose a comprehensive framework that describes how to implement a blockchain-based system to monitor and protect critical infrastructures. We implement our framework in two distinct blockchain platforms: Ethereum and Hyperledger Fabric. We compare both implementations and discuss their differences in terms of performance, easiness of development, security, privacy, complexity, and costs. We believe that our results can be valuable for professionals interested in applying blockchain-based solutions to protect critical infrastructures.
    Keywords: blockchain; critical infrastructures; cyber-physical systems; security.