Your search keyword '"COMPUTER security research"' showing total 157 results

1. Engineering Trustworthy Systems: A Principled Approach to Cybersecurity.

Author

SAYDJARI, O. SAMI

Subjects

*INTERNET security, *COMPUTER crime prevention, *COMPUTER system failure prevention, *COMPUTER engineering, *COMPUTER security research

Abstract

The article discusses the importance of cybersecurity designs in reducing the risk of system failure from cyberattacks. Topics include the importance of practicing cybersecurity as a principled engineering discipline, and the study of how cyberattacks succeed in order to derive or improve cybersecurity principles.

Published

2019

2. Byzantine Agreement in Expected Polynomial Time.

Author

KING, VALERIE and SAIA, JARED

Subjects

BYZANTINE agreement protocols (Computer network protocols), DISTRIBUTED algorithms, COMPUTER security research, RANDOMIZATION (Statistics), POLYNOMIAL time algorithms

Abstract

We address the problem of Byzantine agreement, to bring processors to agreement on a bit in the presence of a strong adversary. This adversary has full information of the state of all processors, the ability to control message scheduling in an asynchronous model, and the ability to control the behavior of a constant fraction of processors that it may choose to corrupt adaptively. In 1983, Ben-Or proposed an algorithm for solving this problem with expected exponential communication time. In this article, we improve that result to require expected polynomial communication time and computation time. Like Ben-Or's algorithm, our algorithm uses coinflips from individual processors to repeatedly try to generate a fair global coin. We introduce a method that uses spectral analysis to identify processors that have thwarted this goal by flipping biased coins. [ABSTRACT FROM AUTHOR]

Published

2016

3. Constant-Round Nonmalleable Commitments from Any One-Way Function.

Author

HUIJIA LIN and PASS, RAFAEL

Subjects

CRYPTOGRAPHY research, COMPUTER security research, PERMUTATIONS, COMBINATORICS, MATHEMATICAL combinations

Abstract

We show unconditionally that the existence of commitment schemes implies the existence of constant-round nonmalleable commitments; earlier protocols required additional assumptions such as collision-resistant hash functions or subexponential one-way functions. Our protocol also satisfies the stronger notions of concurrent nonmalleability and robustness. As a corollary, we establish that constant-round nonmalleable zero-knowledge arguments for NP can be based on one-way functions and constant-round secure multiparty computation can be based on enhanced trapdoor permutations; also here, earlier protocols additionally required either collision-resistant hash functions or subexponential one-way functions. [ABSTRACT FROM AUTHOR]

Published

2015

4. Keystroke dynamics on Android platform.

Author

Antal, Margit, Szabó, László Zsolt, and László, Izabella

Subjects

COMPUTER user identification, SMARTPHONES, MOBILE communication system security, COMPUTER security research, TOUCH screens, KEYSTROKE timing authentication, SECURITY systems

Abstract

Currently people store more and more sensitive data on their mobile devices. Therefore it is highly important to strengthen the existing authentication mechanisms. The analysis of typing patterns, formally known as keystroke dynamics is useful to enhance the security of password-based authentication. Moreover, touchscreen allows adding features ranging from pressure of the screen or finger area to the classical time-based features used for keystroke dynamics. In this paper we examine the effect of these additional touchscreen features to the identification and verification performance through our dataset of 42 users. Results show that these additional features enhance the accuracy of both processes. [ABSTRACT FROM AUTHOR]

Published

2015

5. Assessing the Security Posture of Cloud Service Providers.

Author

Rivera, Jorge, Huiming Yu, Williams, Ken, Zhan, Justin, and Xiaohong Yuan

Subjects

*CLOUD computing security measures, *INFORMATION technology security, *COMPUTER security research, *FUZZY systems, *COMPUTER systems

Abstract

Cloud computing offers on-demand scalable resources and IT-based solutions without the need to invest in new infrastructure or train new personnel. Despite its economic advantages, cloud computing has faced scrutiny regarding security risks involved with allowing sensitive data to be controlled and handled by third-party, off-site vendors. Many businesses with interest in using cloud services do not have a process to assess cloud providers security posture. To aid this issue, the Cloud Security Alliance (CSA) has developed the Consensus Assessments Initiative Questionnaire (CAIQ), which has quickly become an industry-accepted way to document security controls found within cloud services. The CSA CAIQ document provides prospective clients an in-depth look into the security controls of a given cloud service provider (CSP). The assessment process is very complicated because it requires clients to examine over 140 questions spanning over eleven security control categories in CAIQ, answer yes/no followed by explanatory comments related to the corresponding question. How cloud consumers can objectively use the CAIQ to assess CSP security levels becomes an important and urgent problem. A Fuzzy Likert System (FLS) was employed that uses fuzzy logic, Likert scales and decision making technologies to assess the Security Posture Score (SPS) for cloud service providers based on client evaluations of CSP feedback on the CAIQ document and client-defined weights signifying the relative importance of each CAIQ category. The FLS allows clients to numerically evaluate the CSA CAIQ and provides weights for each CAIQ category. Upon doing so, the FLS provides a score indicating the security posture of the given CSP. A one-tailed F-test is used to perform a statistical analysis comparing the standard deviation between 1000 random SPSs calculated with our FLS and a traditional weighted-average system. Experimental results indicate that the null hypothesis, which states that the two standard deviations are the same, can be rejected in favor of the alternate hypothesis, thus claiming that with 95% confidence there is a significant difference between scoring methods. [ABSTRACT FROM AUTHOR]

Published

2015

6. Wireless Network Security recommendations Using the Application for Security Evaluation.

Author

Skendžić, Aleksandar, Kovačić, Božidar, and Tijan, Edvard

Subjects

WIRELESS LANs, COMPUTER network security, COMPUTER security research, WIRELESS communications, SYSTEMS engineering

Abstract

The proposed system of security recommendations of wireless local area network allows applications to achieve higher levels of security. In order to build a security model, it is crucial to pre-evaluate the parameters that affect the security of the wireless network. When evaluating the parameters, expert literature along with practical experience of network administrators has been used. The results of evaluation parameters are included in the constructed security model of the proposed application. The proposed model contributes to a simpler problem solving of wireless network security through the evaluation of safety parameters. In addition, the proposed system gives recommendations regarding security at two levels, together with an appropriate security evaluation. The chosen safety parameters were evaluated using a questionnaire among CARNet system engineers in educational institutions. The results obtained may help to efficiently prevent wireless network security breaches. [ABSTRACT FROM AUTHOR]

Published

2015

7. An approach of security testing for third-party component based on state mutation.

Author

Chen, Jinfu, Chen, Jiamei, Huang, Rubing, Guo, Yuchi, and Zhan, Yongzhao

Subjects

COMPUTER security research, MATHEMATICAL sequences, ALGORITHMS, FINITE state machines, ANOMALY detection (Computer security)

Abstract

ABSTRACT It is essential to study an effective approach of security testing for third-party component. In this paper, to effectively trigger implicit vulnerabilities of third-party components, an approach of security testing for third-party component is proposed based on state mutation. To start with, executable method sequences of components are transformed into extended finite state machine. Then, according to characteristics of condition conflict and behavior conflict, two test case generation algorithms are addressed, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third-party components, and then, testing report of component security is obtained. In the end, some experiments are conducted on the basis of the proposed approach, and the experimental results show that the proposed approach can effectively detect security exceptions of third-party components. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

8. A Novel NTT-Based Authentication Scheme for 10-GHz Quantum Key Distribution Systems.

Author

Zhao, Baokang, Liu, Bo, Wu, Chunqing, Yu, Wanrong, Su, Jinshu, You, Ilsun, and Palmieri, Francesco

Subjects

*QUANTUM cryptography, *COMPUTER access control, *COMPUTER security research, *QUANTUM mechanics, *ALGORITHMS

Abstract

The quantum key distribution (QKD) technology is achieving a growing interest in both the scientific and industrial communities. Based on principles of quantum mechanics, it can provide unconditional security in key exchanges over end-to-end communication channels. Information-theoretically secure (ITS) authentication, the compulsory procedure of QKD systems, avoids the man-in-the-middle attack during the security key generation. In this paper, we propose a novel family of almost strongly universal (ASU) hash functions based on number-theoretic transforms (N-ASU), and prove that N-ASU hash functions can meet the high security requirement of an ITS authentication procedure. With such N-ASU hash functions, we propose a novel efficient NTT-based authentication algorithm (N-Auth) for QKD systems. Such a solution offers nearly the same security guarantees provided by the available authentication algorithms built upon ASU hash functions, but is characterized by a much lower computational complexity. The experimental results show that the N-Auth algorithm can fully meet the real-time and high-performance demands of modern 10-GHz QKD systems, making it a viable solution for the implementation of industrial-strength unconditionally secure broadband communication solutions. [ABSTRACT FROM PUBLISHER]

Published

2016

9. Information Interoperability System Using Multi-agent with Security.

Author

Chae, Cheol-Joo, Choi, Kwang-Nam, and Choi, Kiseok

Subjects

INTERNETWORKING, MULTIAGENT systems, INTELLIGENT agents, COMPUTER security research, CLIENT/SERVER computing

Abstract

Recently, due to the interoperation of distributed information, the task and task analysis requiring the information connection in the distributed environment increases, and the decision support using the system becomes more important. As the centralized structure of the multi-agent based information interoperability system is composed of master and slave, it is vulnerable to impersonation attack, integrity, non-repudiation, and privacy security. Therefore, this paper adopted EMAF for information interoperability to propose an information interoperability system with security. In addition, to overcome the security vulnerability that may happen to the proposed system based on multi-agent, we are going to propose an agent mutual authentication method where certificates and session keys are combined together. When the proposed method is applied to the information interoperation between the national R&D report registration management system and the project management organization research report management system, not only the information interoperations in the distributed environment but also the safe information interoperability are supplied. [ABSTRACT FROM AUTHOR]

Published

2016

10. A Study on the Authentication and Security of Financial Settlement Using the Finger Vein Technology in Wireless Internet Environment.

Author

Noh, Kyoo

Subjects

WIRELESS Internet, WIRELESS communications security, PREVENTION of computer hacking, BIOMETRIC identification, DATA protection research, COMPUTER security research, SECURITY systems

Abstract

The development of the wireless communication allows all of the information to be saved in the digital storage device rapidly. Due to this, hacking and information leakage incidents are rapidly increasing. The scale of the problem however has gradually increased and the targeted industries have become much more diverse, which further points to the severity of the issue. Consequently, there are efforts to develop a security system in order to protect the information, yet at the same time the hacking technology has also advanced, causing an astronomical damage at an increasing state. This has led to the demand for a more convenient and cutting-edge enhanced security solutions. This demand has birthed the security authentication technology which merges biometrics and ICT capabilities. However, numerous biometrics technologies carry problems when deployed as means of security authentication solution for financial services due to their low level of recognition success rate, easy duplication, avoid recognition, terminal minimization difficulties and more. Finger vein recognition technology which is impossible to duplicate with a very high level of recognition rate has emerged as the biometrics authentication solution for financial services. This study recommended an authentication security model for financial services that use finger vein solution to strengthen financial services' safety and to protect information. [ABSTRACT FROM AUTHOR]

Published

2016

11. Information Security Evaluation Using Multi-Attribute Threat Index.

Author

Je, Young-Man, You, Yen-Yoo, and Na, Kwan-Sik

Subjects

WEB services, INFORMATION technology security, RISK assessment, DECISION making, COMPUTER security research, SECURITY systems

Abstract

Threat to security has been increasing along with proliferation of service through the Web. Multi-attribute risk assessment serves as a useful tool to assess risk quantitatively by prioritizing sets of threats and security requirements. The case study presents decision-making methods as to the selection of information security technology and solution through the process of identifying risk and quantifying threat index. Since the intrusion types and analysis data was analyzed based on the statistics of multiple enterprises, it is advisable to classify the types into more detailed types suitable to the target company, and to reasonably reflect the characteristics of the organization through accumulation and utilization of the company's own data. [ABSTRACT FROM AUTHOR]

Published

2016

12. SecureDom: secure mobile-sensitive information protection with domain separation.

Author

Park, Su-Wan, Kim, JeongNyeo, and Lee, Deok

Subjects

*MOBILE communication systems, *COMPUTER security research, *COMPUTER access control, *ELECTRONIC authentication, *COMPUTER crime prevention

Abstract

The virtualization techniques are receiving more attention lately in mobile device security. In this study, we present SecureDom which is the device security of data-centric that aims to protect private, enterprise or sensitive data from various attacks and threats. To achieve it, we provide the mobile device security platform based on domain separation and suggests three essential secure functions which should be offered for secure domain: authentication/access control (AAC) module, secure storage (STR) module and encryption/key management (EKM) module. In secure functions, the AAC module applies two-factor authentication by user and app to access SD, the STR module introduces the enhanced abilities of secure filesystem and EKM module is in charge of security algorithms for data encryption, integrity validation or key generation. Here, EKM module can utilize the existing encryption module that is certified by cryptographic validation program. In the experiment, it demonstrates that some notable overheads are caused in the performance of virtualization engine and inter-domain communication (IDC) performance based on hypervisor, while it provides the strong isolation in domain, IDC, filesystem and resource and the separation of processes. [ABSTRACT FROM AUTHOR]

Published

2016

13. A secure cloud storage system combining time-based one-time password and automatic blocker protocol.

Author

El-Booz, Sheren, Attiya, Gamal, and El-Fishawy, Nawal

Subjects

CLOUD storage, CLOUD computing security measures, COMPUTER security research

Abstract

Cloud storages in cloud data centers can be used for enterprises and individuals to store and access their data remotely anywhere anytime without any additional burden. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the major problem of cloud data storage is security. Moreover, cloud users must be able to use the cloud storage just like the local storage, without worrying about the need to verify the data integrity and data consistency. Some researchers have been conducted with the aid of a third party auditor (TPA) to verify the data stored in the cloud and be sure that it is not tampered. However, the TPA is leased by the provider, and after a time, a cloud service provider may contract with the TPA to conceal the loss of data from the user to prevent the defamation. This paper presents a novel secure cloud storage system to ensure the protection of organizations' data from the cloud provider, the third party auditor, and some users who may use their old accounts to access the data stored on the cloud. The proposed system enhances the authentication level of security by using two authentication techniques; time-based one-time password (TOTP) for cloud users verification and automatic blocker protocol (ABP) to fully protect the system from unauthorized third party auditor. The experimental results demonstrate the effectiveness and efficiency of the proposed system when auditing shared data integrity. [ABSTRACT FROM AUTHOR]

Published

2016

14. Indifferentiability security of the fast wide pipe hash: Breaking the birthday barrier.

Author

Moody, Dustin, Paul, Souradyuti, and Smith-Tone, Daniel

Subjects

*CRYPTOGRAPHY research, *HASHING, *MESSAGE authentication codes, *DATA encryption, *COMPUTER security research

Abstract

A hash function secure in the indifferentiability framework (TCC 2004) is able to resist all meaningful generic attacks. Such hash functions also play a crucial role in establishing the security of protocols that use them as random functions. To eliminate multi-collision type attacks on the Merkle-Damgård mode (Crypto 1989), Lucks proposed widening the size of the internal state of hash functions (Asiacrypt 2005). The fast wide pipe (FWP) hash mode was introduced by Nandi and Paul at Indocrypt 2010, as a faster variant of Lucks' wide pipe mode. Despite the higher speed, the proven indifferentiability bound of the FWP mode has so far been only up to the birthday barrier of n/2 bits. The main result of this paper is the improvement of the FWP bound to 2n/3 bits (up to an additive constant). We also provide evidence that the bound may be extended beyond 2n/3 bits. [ABSTRACT FROM AUTHOR]

Published

2016

15. On Acceleration and Scalability of Number Theoretic Private Information Retrieval.

Author

Unal, Ecem and Savas, Erkay

Subjects

*INFORMATION retrieval research, *INFORMATION architecture, *COMPUTER security research, *SECURITY systems, *PARALLEL algorithms

Abstract

We present scalable and parallel versions of Lipmaa's computationally-private information retrieval (CPIR) scheme [20] , which provides log-squared communication complexity. In the proposed schemes, instead of binary decision diagrams utilized in the original CPIR, we employ an octal tree based approach, in which non-sink nodes have eight child nodes. Using octal trees offers two advantages: i) a serial implementation of the proposed scheme in software is faster than the original scheme and ii) its bandwidth usage becomes less than the original scheme when the number of items in the data set is moderately high (e.g., 4,096 for 80-bit security level using Damgård-Jurik cryptosystem). In addition, we present a highly-optimized parallel algorithm for shared-memory multi-core/processor architectures, which minimizes the number of synchronization points between the cores. We show that the parallel implementation is about 50 times faster than the serial implementation for a data set with 4,096 items on an eight-core machine. Finally, we propose a hybrid algorithm that scales the CPIR scheme to larger data sets with small overhead in bandwidth complexity. We demonstrate that the hybrid scheme based on octal trees can lead to more than two orders of magnitude faster parallel implementations than serial implementations based on binary trees. Comparison with the original as well as the other schemes in the literature reveals that our scheme is the best in terms of bandwidth requirement. [ABSTRACT FROM PUBLISHER]

Published

2016

16. HEAP: Reliable Assessment of BGP Hijacking Attacks.

Author

Schlamp, Johann, Holz, Ralph, Jacquemart, Quentin, Carle, Georg, and Biersack, Ernst W.

Subjects

BGP (Computer network protocol), COMPUTER network protocols, ROUTING (Computer network management), SECURE Sockets Layer (Computer network protocol), COMPUTER security research

Abstract

The detection of BGP prefix hijacking attacks has been the focus of research for more than a decade. However, the state-of-the-art techniques fall short of detecting more elaborate types of attack. To study such attacks, we devise a novel formalization of Internet routing, and apply this model to routing anomalies in order to establish a comprehensive attacker model. We use this model to precisely classify attacks and to evaluate their impact and detectability. We analyze the eligibility of attack tactics that suit an attacker’s goals and demonstrate that related work mostly focuses on less impactful kinds of attacks. We further propose, implement, and test the Hijacking Event Analysis Program (HEAP), a new approach to investigate hijacking alarms. Our approach is designed to seamlessly integrate with the previous work in order to reduce the high rates of false alarms inherent to these techniques. We leverage several unique data sources that can reliably disprove malicious intent. First, we make use of an Internet routing registry to derive business or organizational relationships between the parties involved in an event. Second, we use a topology-based reasoning algorithm to rule out events caused by legitimate operational practice. Finally, we use Internet-wide network scans to identify SSL/TLS-enabled hosts, which helps to identify non-malicious events by comparing public keys prior to and during an event. In our evaluation, we prove the effectiveness of our approach, and show that day-to-day routing anomalies are harmless for the most part. More importantly, we use HEAP to assess the validity of publicly reported alarms. We invite researchers to interface with HEAP in order to crosscheck and narrow down their hijacking alerts. [ABSTRACT FROM PUBLISHER]

Published

2016

17. Quantum Private Query Protocol Based on Two Non-Orthogonal States.

Author

Yan Chang, Shibin Zhang, Guihua Han, Zhiwei Sheng, Lili Yan, and Jinxin Xiong

Subjects

*CRYPTOGRAPHY research, *QUANTUM cryptography, *QUANTUM computing, *DATA privacy, *COMPUTER security research

Abstract

We propose a loss tolerant quantum private query (QPQ) protocol based on two non-orthogonal states and unambiguous state discrimination (USD) measurement. By analyzing a two-point attack by a third party, we find that our protocol has a stronger ability to resist external attacks than G-protocol and Y-protocol. Our protocol requires a smaller number of compressions than that in G-protocol (Gao et al., Opt. Exp. 2012, 20, 17411-17420) and Y-protocol (Yan et al. Quant. Inf. Process. 2014, 13, 805-813), which means less post-processing. Our protocol shows better database security and user privacy compared with G-protocol. [ABSTRACT FROM AUTHOR]

Published

2016

18. SECURITY MEASURES FOR OPEN SOURCE WEBSITE PLATFORMS.

Author

GARAIS, Gabriel Eugen

Subjects

OPEN source software, WEB development, WEBSITE management, COMPUTER hacking, COMPUTER security research

Abstract

Open Source Website Projects are widely spread among web developers and web users. The ease of installing and handling Open Source Web Site Platforms is known to be a handy solution but also a risky one. The use of such platforms is under heavy discussion because of the transparency that not only a normal user sees but also a hacker. [ABSTRACT FROM AUTHOR]

Published

2016

19. A GPU implementation of secret sharing scheme based on cellular automata.

Author

Hernandez-Becerril, Rogelio, Bucio-Ramirez, Ariana, Nakano-Miyatake, Mariko, Perez-Meana, Hector, and Ramirez-Tachiquin, Marco

Subjects

*CELLULAR automata, *GRAPHICS processing units, *DATA encryption, *COMPUTER security research, *CLOUD computing, *COMPUTER architecture

Abstract

Secret sharing (SS) schemes based on cellular automata (CA) are considered as secure encrypting algorithms, where several secret data can be shared among some persons. Recently the SS schemes can be applied to solve real-world problems, such as security in cloud computing. The principal obstacle of use of the SS scheme is its considerably high computational cost; especially if a large amount of secret data must be encrypted and shared. In this work, we propose a parallel CA-based SS scheme suitable for any kinds of digital data in the graphic processing unit using compute unified device architecture technology. The uses of global memory and shared memory are analyzed from computational effectiveness and security points of view. The experimental results show the proposed parallel implementation provides a speedup rate more than 18-fold compared with its sequential implementation. Also we show the increase of the security level of the parallel implementation with respect to the sequential implementation. [ABSTRACT FROM AUTHOR]

Published

2016

20. An enhanced security framework for reliable Android operating system.

Author

Park, Jong Hyuk, Kim, Dohyun, Park, Ji Soo, and Lee, Sangjin

Subjects

MALWARE, COMPUTER operating systems, COMPUTER security research, COMPUTER files

Abstract

The number of applications loaded with malware is rapidly increasing in Android operating system (OS). These malwares spread through the official Android market 'Play Store', unofficial 'black market', and private web pages. Once the malware activates, personal information can be extracted and some data can be deleted, causing tremendous damage to users. In order to provide reliability on Android OS, there is a need to analyze and address these malwares and recover the modified data. In this paper, we propose an enhanced security framework for a reliable Android OS. The framework provides means to prevent influx of malware by examining the Android OS and file system. In addition, it recovers data once deleted by security breaches. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

21. Introducing touchstroke: keystroke-based authentication system for smartphones.

Author

Kambourakis, Georgios, Damopoulos, Dimitrios, Papamartzivanos, Dimitrios, and Pavlidakis, Emmanouil

Subjects

SMARTPHONES, COMPUTER access control, KEYSTROKE timing authentication, COMPUTER security research, BIOMETRIC identification

Abstract

Keystroke dynamics is a well-investigated behavioural biometric based on the way and rhythm in which someone interacts with a keyboard or keypad when typing characters. This paper explores the potential of this modality but for touchscreen-equipped smartphones. The main research question posed is whether 'touchstroking' can be effective in building the biometric profile of a user, in terms of typing pattern, for future authentication. To reach this goal, we implemented a touchstroke system in the Android platform and executed different scenarios under disparate methodologies to estimate its effectiveness in authenticating the end-user. Apart from typical classification features used in legacy keystroke systems, we introduce two novel ones, namely, speed and distance. From the experiments, it can be argued that touchstroke dynamics can be quite competitive, at least when compared to similar results obtained from keystroke evaluation studies. As far as we are aware of, this is the first time this newly arisen behavioural trait is put into focus. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

22. Small target detection using morphology and modified Gaussian distance function.

Author

Kim, Jong-Ho, Park, Jun-Jae, Ahn, Sang-Ho, Lee, Deok Gyu, Moon, Daesung, and Kim, Sang-Kyoon

Subjects

GAUSSIAN processes, CLOUD computing, OPERATOR theory, IMAGE processing, COMPUTER security research

Abstract

We propose a new small target detection system that detects small target candidates based on morphology operations and detects actual targets using a modified Gaussian distance function. To reduce clutter on the edges of clouds, a median filter is applied as preprocessing. Two kinds of images are calculated with closing and opening morphological operators, respectively. In the morphology operations, various sizes of structure elements that are used to consider the sizes of targets and candidate targets are extracted from different images between the two images in the closing and opening operations. With a modified Gaussian distance function, small targets are detected from the candidate targets. The proposed method is less sensitive to clutters than existing methods and has a detection rate of 98%. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

23. Single authentication through in convergence space using collaborative smart cameras.

Author

Kim, Geon Woo, Han, Jong Wook, Lee, Deok Gyu, and Kim, Sang Wook

Subjects

INFORMATION technology research, DIGITAL cameras, CUSTOMER service research, COMPUTER access control, COMPUTER security research

Abstract

In recent years, the convergence of IT space and physical space is increasingly studied. In the legacy IT-based systems, developments of services were focusing on just the cyber space. However, as ubiquitous computing environment is expanding into the real world, considerations about how to design and develop the systems for ensuring the interoperability between two spaces must be taken. For indeed converging IT/physical spaces and ensuring the ubiquity, a new model to efficiently identify a moving object needs to be established. Although the identifier information resulted from successful authentication procedure is used in the most security systems, each authentication method adopts a variety of identifiable information (II) specification. So in this paper, we suggest a scheme to access any ubiquitous service with single authentication at initial stage for efficiently identifying an object moving multiple convergence spaces by relaying the II along the movement. This is performed by enabling distributed smart cameras to deliver II of the identified moving object. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

24. Optimisation-based collaborative determination of component trustworthiness in service compositions.

Author

Elshaafi, Hisain and Botvich, Dmitri

Subjects

SERVICE-oriented architecture (Computer science), QUALITY of service, COMPUTER security research, CUSTOMER service quality control, CUSTOMER satisfaction research

Abstract

In service-oriented environments, service providers orchestrate distributed services from other providers to create new composite enterprise services. A component service can be invoked jointly by several distributed composite service providers. However, because a composite service is provided to the consumers as an integrated service, when failures or dissatisfaction of the consumers occurs, it is not possible to directly identify the untrustworthy component. In this paper, we describe a collaborative trustworthiness determination approach using optimisation that can provide a solution to selecting trustworthy component service constructs based on monitoring and consumer quality of experience reporting of existing composite services from peer providers. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

25. A histogram-based method for efficient detection of rewriting attacks in simple object access protocol messages.

Author

Nasridinov, Aziz, Jeong, Young-Sik, Byun, Jeong-Yong, and Park, Young-Ho

Subjects

SIMPLE Object Access Protocol (Computer network protocol), XML (Extensible Markup Language), DIGITAL signatures, COMPUTER security research, COMPUTER network security software

Abstract

In order to secure the content of simple object access protocol (SOAP) messages in Web services, several security standards of Web service security, such as XML digital signature, are used. However, the content of a SOAP message, protected with XML digital signature, can be altered without invalidating the signature. Existing methods for detecting XML rewriting attacks are inefficient because the cost of performing detection operation is linear to the height of the SOAP message tree. Thus, each element of SOAP message needs to be accessed and checked. In this paper, we propose an efficient method for detecting XML rewriting attacks on SOAP messages using a histogram. With our method, once the source of attacks is identified, we save it in the form of a histogram, which enables us to maintain a statistical information about the location of the attack in the SOAP message. We can use this information to detect attacks in the future and thus avoid unnecessary check of all elements in the SOAP message. Experiments show that our methods outperform existing methods by several times in many cases. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

26. Server-based code obfuscation scheme for APK tamper detection.

Author

Piao, Yuxue, Jung, Jin-Hyuk, and Yi, Jeong Hyun

Subjects

DECOMPILERS (Computer programs), APPLICATION software research, COMPUTER software security, COMPUTER security research

Abstract

It is easy to decompile Android applications (or apps) owing to the structural characteristics of the app building process, but this ease makes them quite vulnerable to forgery or modification attacks. In particular, users may suffer direct financial loss if this vulnerability is exploited in security-critical private and business applications, such as online banking. One of the solutions to these problems is a code obfuscation technique. In this regard, DexGuard, which is based on ProGuard, which is integrated into the Android software development kit build system, has recently been introduced. Although DexGuard protects Android applications more effectively, an attacker is still able to analyze the hex code of a Dalvix Executable file. To resolve this weakness, we begin by analyzing the DexGuard tool from both a static and dynamic point of view. Our analysis reveals that DexGuard has some weaknesses. In this paper, we propose an obfuscation technique based on a client/server model with one-time secret key delivery using short message service or network protocol. The main concept is to store the core execute class file through obfuscation on the server, so when a program needs to execute core routines, it must request these routines from the server. In this way, we can protect Android apps from reverse engineering. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

27. Secure and efficient data access control in cloud computing environment: A survey.

Author

Namasudra, Suyel and Roy, Pinki

Subjects

CLOUD computing, DATA encryption, INFORMATION technology research, DISTRIBUTED computing, COMPUTER security research

Abstract

Cloud computing is very emerging area in IT industries. In a cloud environment, many distributed systems are interconnected to provide software, hardware and resources over the internet. Since this new paradigm requires users to ensure the security of their personal data, there are gradually increasing security and privacy issues on outsourced data. A natural way to keep the data in a confidential manner is to encrypt it before storing on cloud server. The main problems of this process include building scalable access control for storing data and revoking access rights from users if they are revoked from the system. Many access control schemes have been already developed. In this paper, a taxonomy and brief survey of secure data access control schemes in cloud environment have been presented. The current research issues and future work directions are also presented in this paper in the area of security of cloud computing. [ABSTRACT FROM AUTHOR]

Published

2016

28. A survey of accountability in computer networks and distributed systems.

Author

Xiao, Zhifeng, Kathiresshan, Nandhakumar, and Xiao, Yang

Subjects

COMPUTER networks, COMPUTER systems, COMPUTER security research, INFORMATION storage & retrieval systems, COMPUTER science research

Abstract

Security in computer systems has been a major concern since the very beginning. Although security has been addressed in various aspects, accountability is one of the main facets of security that is lacking in today's computer systems. The ability not only to detect errors but also to find the responsible entity/entities for the failure is crucial. In this paper, we intend to provide a comprehensive investigation of the state-of-the-art accountability research issues in current information systems. Also, we study the various accountability tactics that are available and how each one of them contributes to providing strong accountability of different aspects. Finally, we examine the various merits and tradeoffs. Copyright © 2012 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

29. Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits.

Author

Wang, Xueyang and Karri, Ramesh

Subjects

*KERNEL operating systems, *COMPUTER systems management, *COMPUTER security research, *VIRTUAL machine systems software, *COMPUTER operating systems

Abstract

Kernel rootkits are formidable threats to computer systems. They are stealthy and can have unrestricted access to system resources. This paper presents NumChecker, a new virtual machine (VM) monitor based framework to detect and identify control-flow modifying kernel rootkits in a guest VM. NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring the number of certain hardware events that occur during the system call’s execution. To automatically count these events, NumChecker leverages the hardware performance counters (HPCs), which exist in modern processors. By using HPCs, the checking cost is significantly reduced and the tamper-resistance is enhanced. We implement a prototype of NumChecker on Linux with the kernel-based VM. An HPC-based two-phase kernel rootkit detection and identification technique is presented and evaluated on a number of real-world kernel rootkits. The results demonstrate its practicality and effectiveness. [ABSTRACT FROM PUBLISHER]

Published

2016

30. Detection of Hardware Trojans in Third-Party Intellectual Property Using Untrusted Modules.

Author

Reece, Trey and Robinson, William H.

Subjects

*COMPUTER viruses, *INTELLECTUAL property, *COMPUTER security research, *HARDWARE Trojans (Computers)

Abstract

During the design of an integrated circuit, there are several opportunities for adversaries to make malicious modifications or insertions to a design. These attacks, known as hardware Trojans, can have catastrophic effects on a circuit if left undetected. This paper describes a technique for identifying hardware Trojans with logic-based payloads that are hidden within third-party intellectual property. Through comparison of two similar but untrusted designs, functional differences can be identified for all possible input combinations within a window of time. This technique was tested on multiple Trojan benchmarks and was found to be very effective, both in detectability and in speed of testing. As this technique has very low costs to implement, it represents an easy way for designers to gain a level of trust in previously untrusted designs. [ABSTRACT FROM PUBLISHER]

Published

2016

31. Demographic variables and risk factors in computer-crime: an empirical assessment.

Author

Choi, Kyung-shick, Choo, Kyungseok, and Sung, Yong-eun

Subjects

*COMPUTER security research, *DATA security, *COMPUTER crimes, *STRUCTURAL equation modeling, *CRIME victims

Abstract

The purpose of this research is to examine how demographics variables interact with factors such as online lifestyle, digital-capable guardianship, computer security management, and levels of individual computer crime victimization. The current study used a secondary data which was a self-report survey ( $$N=204$$ ) contained items intended to measure the major constructs of routine activities theory. The findings of SEM (structural equation modeling) analysis showed that: (1) gender did not substantially influence on digital guardian factor and computer crime victimization. However, males are more likely to be engaging in online risky leisure activities such as visiting unknown Web sites, downloading free games, free music, and free movies than females. Simultaneously, males tended to update computer security, change the passwords for e-mail account, search for more effective computer security software, check the operation of computer security online, and use different passwords and user IDs for their Internet accounts than females; (2) individuals with older age are less likely to equip the number of computer security software with less duration; (3) race does not have any statistically significant impact on computer crime victimization. Lastly, the policy implications and the limitations of the current research were discussed at the last part of this study. [ABSTRACT FROM AUTHOR]

Published

2016

32. Factors affecting the continuous use of cloud service: focused on security risks.

Author

Park, Seong-Taek, Park, Eun-Mi, Seo, Joung-Hae, and Li, Guozhong

Subjects

*CLOUD computing, *COMPUTER security research, *COMPUTER security software, *INNOVATION adoption, *CLOUD storage

Abstract

Despite its many technology maturity and significant advantages, the cloud services are still far from success in the market. In accordance with some research, security risks have been regarded as the main factors that impede activating cloud service. Accordingly, this study divides the factors of security risk into Information leakage risk, Fault recovery risk, Compliance risk, Service interruption risk and made an empirical analysis of the impact of these four factors on continuous adoption intention. The effects of security risk and adoption intention of cloud service were analyzed via the moderation effects of trust. The analytical results of China data show that bo th Information Leakage Risk and Compliance Risk have negative impact on continuous adoption intention of cloud service. Neither Fault Recovery Risk nor Service Interruption Risk is significantly related with continuous adoption intention of cloud service. The analytical results of Korea data show that Fault Recovery Risk, Compliance Risk and Service Interruption Risk significantly impact continuous adoption intention of cloud service, whereas Information Leakage Risk insignificantly impact continuous adoption intention of the cloud service. [ABSTRACT FROM AUTHOR]

Published

2016

33. Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation.

Author

Kapoor, Akshay and Dhavale, Sunita

Subjects

MALWARE prevention, FLOWGRAPHS, MACHINE learning, DETECTORS, COMPUTER security research

Abstract

Control flow graphs (CFG) and OpCodes extracted from disassembled executable files are widely used for malware detection. Most of the research in static analysis is focused on binary class malware detection which only classifies an executable as benign or malware. To overcome this issue, CFG based multiclass malware detection system that automatically classifies the malware into their respective families is proposed. The use Bi-normal separation (BNS) as a feature scoring metric. Experimental results show that proposed method using BNS outperforms compared to hitherto use technique of document Frequency for multiclass metamorphic malware detection and achieves detection accuracy of 99.5 per cent. [ABSTRACT FROM AUTHOR]

Published

2016

34. Selectively chosen ciphertext security in threshold public-key encryption.

Author

Kim, Kitak, Park, Jong Hwan, and Lee, Dong Hoon

Subjects

PUBLIC key cryptography, COMPUTER network security, CIPHERS, CRYPTOGRAPHY research, COMPUTER security research

Abstract

Threshold public-key encryption can control decryption abilities of an authorized user group in such a way that each user of the group can produce only a decryption share and at least t of them should collect decryption shares to recover a message. We present a new threshold public-key encryption that is secure against selectively chosen ciphertext attacks. Semantic security against chosen ciphertext adversaries is the de facto level of security for public-key encryption deployed in practice because many encryption systems are broken in a model of chosen ciphertext security. The security of the proposed system is formally proved without random oracles under a new assumption. We also provide proof of the intractability of our assumption in the generic group model. Copyright © 2012 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

35. Efficient and secure multi-functional searchable symmetric encryption schemes.

Author

Changhui Hu, Lidong Han, and Siu Ming Yiu

Subjects

CLOUD computing, DATA encryption, COMPUTER security research, COMPUTER network security, KEYWORDS

Abstract

There is an increasing trend for data owners to outsource their data to an untrusted cloud provider. Besides providing the storage for the data, the service provider could allow the data owner or authorized clients to search over the data. To guarantee the data secure, the owner must encrypt his or her data before sending to the cloud. However, traditional encryption does not allow searching without decrypting the data. Searchable symmetric encryption is one approach that allows users to search over the encrypted data. For data applications, various different functional search have been proposed, such as wildcard search, similarity keyword search and fuzzy keyword search. Moreover, dynamic addition and removal of files should be supported in practice. However, to our knowledge, there does not exist a searchable symmetric encryption scheme that can support many properties such as more than three functions in all the aforementioned operations. In this paper, we propose an efficient multi-functional searchable symmetric encryption scheme that can support wildcard search, similarity search (including hamming distance and edit distance), fuzzy keyword search and disjunctive keyword search simultaneously. In the new scheme, the trapdoor changes with various search requests and it enumerates all possibilities of the keyword of the trapdoor. Moreover, we use an array instead of a matrix to reduce the storage, and the scheme can be constructed efficiently in terms of both computational and space complexity. Our scheme is based on the Bloom filter, and it is secure against non-adaptive chosen keyword attack. With the dynamic technique for the inverted index, our scheme can support dynamic operation such as addition and removal of data files, which can also be secure against adaptive chosen keyword attack. [ABSTRACT FROM AUTHOR]

Published

2016

36. Cryptanalysis of a robust key agreement based on public key authentication.

Author

Toorani, Mohsen

Subjects

PUBLIC key cryptography, CRYPTOGRAPHY research, CRYPTOSYSTEMS, DATA encryption, COMPUTER security research

Abstract

This paper considers security analysis of the YAK, a public key-based authenticated key agreement protocol. The YAK protocol is a variant of the two-pass HMQV protocol but uses zero-knowledge proofs for proving knowledge of ephemeral values. In this paper, we show that the YAK protocol lacks joint key control and perfect forward secrecy attributes and is vulnerable to some attacks including unknown key-share and key-replication attacks. This invalidates the semantic security of the protocol in several security models. There are also other considerations regarding the impersonation and small subgroup attacks. [ABSTRACT FROM AUTHOR]

Published

2016

37. A secure, service priority-based incentive scheme for delay tolerant networks.

Author

Yongming Xie and Yan Zhang

Subjects

DELAY-tolerant networks, COMPUTER network architectures, COMPUTER architecture, COMPUTER network security, COMPUTER security research

Abstract

Delay tolerant networks are resource-constrained networks, where nodes are required to cooperate with each other to relay messages (bundles) in a store-carry-forward fashion. Because of the constrained resources, some selfish nodes are reluctant to relay bundles for other nodes in order to save their own resources. Previous studies focus on one kind of creditbased incentive schemes in which a source pays credits (virtual coins) to intermediates to compensate for their resources consumption. Although these schemes can restrain selfish behaviors to a certain extent, they may cause an undesirable effect on some honest nodes, especially on boundary nodes and inactive nodes. To mitigate this issue, first we propose a service priority-based incentive scheme (SIS) where a relaying (viewed as a service) priority, instead of credits, is used as an incentive metric to stimulate nodes to fairly cooperate. In the SIS, a node which relayed more bundles is granted a higher service priority, and it will obtain a higher bundle delivery ratio correspondingly. Then, to deal with the potential attacks against the SIS, we also present three security solutions including the signature chain, cooperation frequency statistics, and combination clearance. We evaluate the proposed scheme on the opportunistic network environment simulator. The extensive results show that the SIS is able to improve the bundle delivery ratio of honest nodes and efficiently inhibits the selfish behaviors in comparison with credit-based incentive schemes. [ABSTRACT FROM AUTHOR]

Published

2016

38. Securing software defined wireless networks.

Author

He, Daojing, Chan, Sammy, and Guizani, Mohsen

Subjects

*SOFTWARE-defined networking, *COMPUTER networks, *WIRELESS communications, *CYBERTERRORISM, *COUNTERTERRORISM, *COMPUTER security research

Abstract

Software defined wireless networking (SDWN) is a new paradigm of wireless networking, physically separating the data and control planes of various elements in the wireless infrastructure. Similar to its wired counterpart, SDWN is expected to introduce a wide range of benefits to the operation and management of wireless networks. Security is always important to any network. On one hand, SDWN enables new security mechanisms. On the other hand, some new threats are introduced due to the separation of the control and data planes and the introduction of the logically centralized controller. In this article, we discuss its security threat vectors as well as design issues in making it secure. Also, we analyze the security requirements of SDWN, and then summarize the security attacks and countermeasures in this area and suggest some future research directions. [ABSTRACT FROM PUBLISHER]

Published

2016

39. Prediction Using Propagation: From Flu Trends to Cybersecurity.

Author

Prakash, B. Aditya

Subjects

INTERNET security, COMPUTER security research, MALWARE, MACHINE learning, ONLINE social networks research, MATHEMATICAL models

Abstract

This article discusses two applications of propagation-based concepts for predictive analytics: marrying epidemiological models with statistical topic models to tease out user phases for better flu-trends prediction, and using propagation-based models to generatively model estimates of malware attacks. [ABSTRACT FROM PUBLISHER]

Published

2016

40. Critical Times for Organizations: What Should Be Done to Curb Workers’ Noncompliance With IS Security Policy Guidelines?

Author

Ifinedo, Princely

Subjects

INFORMATION technology security, EMPLOYEES, COMPUTER security research, COMPUTER access control

Abstract

This study was designed to examine the impacts of employees’ cost–benefit analysis, deterrence considerations, and top management support and beliefs on information systems security policy compliance. Surveys of Canadian professionals’ perceptions were carried out. A research model was proposed and tested. The results confirmed that top management support and beliefs, sanction severity, and cost–benefit analysis significantly influenced employees’ information systems security policy compliance. The implications of the study findings are discussed, and conclusions are drawn. [ABSTRACT FROM PUBLISHER]

Published

2016

41. Noise protected 1-of-4 coding system with active zero for computing systems.

Author

Losev, V., Chaplygin, Yu., and Orlov, D.

Subjects

*COMPUTER security research, *ENERGY consumption research, *COMPUTER systems

Abstract

The '1-of-4' coding system as the means of hardware-based security of computing systems was proposed. The estimation of the coding system for power consumption, performance and taken area is carried out. The option of coding system '1-of-4' digit implementation as a common cell is considered. The methods allow accelerating the process of designing schemes on quaternary digit cells are presented. [ABSTRACT FROM AUTHOR]

Published

2015

42. A comprehensive fault-tolerant framework for wireless sensor networks.

Author

Afsar, Mehdi

Subjects

FAULT-tolerant computing, WIRELESS sensor network security, WIRELESS sensor nodes, COMPUTER security research, FAULT tolerance (Engineering)

Abstract

In the last decade, wireless sensor networks (WSNs) have increasingly gained the attention of researchers. Depending on the applications of WSNs, the sensor nodes are usually dispersed in harsh environments, which are prone to different types of faults. Hence, fault tolerance seems as an essential characteristic that should be considered in the architecture level of these networks. On the other hand, WSNs are battery-powered so that there is a trade-off between preserving the energy and meeting the quality of service requirements of the network. In this paper, we target these challenges through proposing a fault-tolerant scheme (FTS) for clustered sensor networks. First, all the nodes are grouped into some clusters, and then the FTS alongside the main operation of the network, that is, data acquisition, is performed by the cluster heads. The main idea of the FTS is to efficiently use different kinds of the redundancy, including the hardware, time, and space. We validate the FTS through simulation and probabilistic analysis. While the reliability is significantly improved, we show that a clustered WSN consumes about 5-19% more energy in order to perform the FTS. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

43. Signcryption KEM/tag-KEM, revisited.

Author

Li, Xiangxue, Qian, Haifeng, Yu, Yu, Weng, Jian, and Zhou, Yuan

Subjects

DATA encryption, COMPUTER access control, CIPHERS, COMPUTER network security, COMPUTER security research

Abstract

We revisit the problem of basing signcryption (SC) (tag) key encapsulation mechanism (KEM) on standard assumptions and standard model and present direct constructions of SC-KEM/tag-KEM, which satisfy confidentiality and unforgeability with respect to adversarially chosen keys where the adversary is given more advantageous attack environment than existing models in the literature;, are based on the standard decisional bilinear Diffie-Hellman and computational Diffie-Hellman assumptions without random oracle;, do not use strongly unforgeable signature schemes as building blocks; and, provide comparable performance to existing SC-KEM/tag-KEM schemes., Both constructions do not require the knowledge about the recipient's private keys to verify the validity of the ciphertexts and thus can be used in applications where a ciphertext needs to be validated by any third party that only knows the public key of the sender as in usual signature scheme. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

44. On the security of a lightweight authentication and encryption scheme for mobile ad hoc network.

Author

Yap, Wun-She, Liu, Joseph K., Tan, Syh-Yuan, and Goi, Bok-Min

Subjects

ACCESS control of ad hoc networks, DATA encryption, WIRELESS communication system access control, COMPUTER network security, COMPUTER security research

Abstract

In 2011, Eissa, Razak and Ngadi proposed a lightweight authentication and encryption scheme to enhance the performance for mobile ad hoc network in Wireless Network, Vol. 17, No. 4, 2011. The main building block of such scheme is an identity-based encryption scheme. The scheme was proven secure in the random oracle model assuming the computational Diffie-Hellman assumption is hard. In this paper, we show that the proposed scheme is not even secure against chosen plaintext attack, which is the lowest acceptable level of security. In addition, we demonstrate the RSA parameter suggested by Eissa et al. to yield a better network performance is not appropriate under a wrong security assumption that each mobile node is totally trusted. Such short RSA parameter leads to a key recovery attack. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

45. A strongly secure identity-based authenticated key agreement protocol without pairings under the GDH assumption.

Author

Sun, Haiyan, Wen, Qiaoyan, Zhang, Hua, and Jin, Zhengping

Subjects

KEY agreement protocols (Computer network protocols), COMPUTER network protocol security measures, COMPUTER network security, COMPUTER security research, BILINEAR forms

Abstract

Among the existing identity-based authenticated key agreement (ID-AKA) protocols, there are only a few of them that can resist to leakage of ephemeral secret keys, which is about the protection of the session secret key after the ephemeral secret keys of users are compromised. However, all these ID-AKA protocols with leakage of ephemeral secret keys resistance require expensive bilinear pairing operations. In this paper, we present a pairing-free ID-AKA protocol with ephemeral secrets leakage resistance. We also provide a full proof of its security in the extended Canetti-Krawczyk model, which not only can capture resistance to leakage of ephemeral secret keys but also can capture other basic security properties such as master key forward security and key compromise impersonation resistance. Compared with the existing ID-AKA protocols, our scheme is a good trade-off between security and efficiency. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

46. BAFi: a practical cryptographic secure audit logging scheme for digital forensics.

Author

Kampanakis, Panos and Yavuz, Attila A.

Subjects

DATA logging, COMPUTER crimes, CRIMINAL investigation, DATA security, COMPUTER network security, COMPUTER security research

Abstract

Audit logs provide information about historical states of computer systems. They also contain highly valuable data that can be used by law enforcement in forensic investigations. Thus, ensuring the authenticity and integrity of audit logs is of vital importance. An ideal security mechanism for audit logging must also satisfy security properties such as forward-security (compromise resiliency), compactness, and computational efficiency. Unfortunately, existing secure audit logging schemes lack the computational or storage efficiency for modern performance requirements. Indeed, the practicality of such schemes has not been investigated in real-life systems, where logs generated in various occasions could be terabytes of data per day. To address this limitation, we developed an efficient, publicly verifiable, forward-secure, privacy-preserving, and aggregate logging scheme called blind-aggregate-forward improved (BAFi). BAFi is based on BAF, with new properties and performance improvements as follows: (i) BAFi improves the efficiency of BAF via implementation specific optimizations; (ii) BAFi has the option to not expose sensitive information in logs to protect valuable forensic information; (iii) BAFi was experimentally tested in real-world logs; and (iv) BAFi improves the security of BAF against log substitution. Our analysis shows that BAFi outperforms previous alternatives with similar properties and therefore is an ideal solution for nowadays highly intense logging systems. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

47. An efficient and tunable matrix-disguising method toward privacy-preserving computation.

Author

Wang, Yulong and Li, Yi

Subjects

MATRICES (Mathematics), COMPUTER network security, COMPUTER security research, CONTRACTING out, MATHEMATICAL analysis

Abstract

A matrix is a basic mathematical object that is widely used in various computations. When outsourcing expensive computations to untrusted parties, the involved matrix must be disguised before it's sent out in order to protect the privacy information in it. Some research works on secure computation had presented schemes for protecting the privacy in matrices. However, none of these schemes is defined deliberately for disguising a matrix and thus is neither highly efficient nor flexible. We propose a matrix-disguising method named FMD (fast matrix disguising) that has high time and space efficiency and can tune the trade-off between disguising speed and protecting strength with a parameter. FMD disguises a matrix by multiplying it with a semi-random non-singular matrix which is compose of many bar-shaped sub-matrices. Each of these sub-matrices contains a row/column of random elements with almost the same values. This special matrix structure allows FMD to disguise the original matrix with time complexity proportional to the size of the original matrix. While by adjusting the bar size of the sub-matrices, FMD can smoothly tune between high-disguising speed and high-privacy protection strength. The mathematical analysis and experimental results show that FMD is more efficient than the existing schemes and is especially suitable for resource-limited clients in privacy-preserving computation outsourcing scenarios. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

48. Group authenticated key exchange schemes via learning with errors.

Author

Yang, Xiaopeng, Ma, Wenping, and Zhang, Chengli

Subjects

COMPUTER access control, ACCESS control, ROBUST programming, COMPUTER security research, SECURITY systems

Abstract

We propose a novel passively secure group key exchange (GKE) scheme via learning with errors (LWE). Then, we extend it to a GKE scheme via ring-learning with errors. We show the security analysis of our GKE schemes based on the LWE assumption and the security property of secure sketch in the random oracle model. One of our innovative points is a simple and practical robust extractor that serves as the key derivation function. Based on our GKE scheme, we build a group authenticated key exchange scheme and then prove its security under the LWE assumption and the secure property of secure sketch in the random oracle model. The proposed scheme not only provides authenticated key exchange security and mutually authenticated security but also needs only two round communications to negotiate a shared session key. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

49. Modeling and verification of trust and reputation systems.

Author

Aldini, Alessandro

Subjects

VIRTUAL communities, INTERNET, COMPUTER security research, SECURITY systems, COMPUTER systems

Abstract

Trust is a basic soft-security condition influencing interactive and cooperative behaviors in online communities. Several systems and models have been proposed to enforce and investigate the role of trust in the process of favoring successful cooperations while minimizing selfishness and failure. However, the analysis of their effectiveness and efficiency is a challenging issue. This paper provides a formal approach to the design and verification of trust infrastructures used in the setting of software architectures and computer networks supporting online communities. The proposed framework encompasses a process calculus of concurrent systems, a temporal logic for trust, and model checking techniques. Both functional and quantitative aspects can be modeled and analyzed, while several types of trust models can be integrated. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015

50. Enhanced security and reliability with MIMO communications for smart grid.

Author

Wang, Xin, Zhang, Lijun, Deokar, Amit, and Liang, Qilian

Subjects

SMART power grids, COMPUTER security research, MALWARE, SPACE-time block codes, MIMO systems

Abstract

As a critical infrastructure element, smart grid is facing security and reliability challenges. In this paper, we have investigated the real-time communication between a smart meter and the central control system, a component that provides centralized monitoring and performs control operations for the power grid. To combat severe communication impairments induced by malicious attacks or link failures, we propose to implement space-time block coding over multiple antennas at the transmitter and the receiver. We first investigated the security challenges from malicious attacks, in which the malicious attacks of additive pattern were primarily addressed. Reliability challenges from link failure were then considered. Finally present were extensive numerical studies on multiple-link attacks, multiple-link failures and receiver with detection scenarios. Simulations showed that additive malicious attacks and link failures could be effectively mitigated in virtue of space-time block coding. Meanwhile, it is verified that more antennas will give more diversity gain and better performance. Copyright © 2012 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2015