Your search keyword '"Computer security model"' showing total 12,677 results

51. Simple and efficient FE for quadratic functions

Author

Junqing Gong and Haifeng Qian

Subjects

Theoretical computer science, Generic group model, business.industry, Applied Mathematics, 020206 networking & telecommunications, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Quadratic function, Computer security model, computer.software_genre, 01 natural sciences, Computer Science Applications, 010201 computation theory & mathematics, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Compiler, business, computer, Mathematics, Functional encryption, Standard model (cryptography)

Abstract

This paper presents two functional encryption schemes for quadratic functions (or degree-2 polynomials) achieving simulation-based security in the semi-adaptive model with constant-size secret keys. Prior constructions in the standard model either achieve weaker security model [CRYPTO 17] or require linear-size secret keys (in the message length) [PKC 20]. One of our proposed schemes is comparable to existing schemes in the generic group model in terms of ciphertext size. Technically, we combine Wee’s compiler [TCC 17] with Gay’s paradigm [PKC 20]. However, we avoid (partially) function-hiding inner-product functional encryption used in Gay’s paradigm which makes our work conceptually simpler.

Published

2021

52. Restructuring and Automation of Security Model for Sustainable Development in Nigeria

Author

Mike Akhaze Okedion

Subjects

Sustainable development, Government, National security, business.industry, Restructuring, Nigerians, Capital (economics), Development economics, Business, Computer security model, Pace

Abstract

Nigeria has on daily basis experienced an upsurge of activities that threatens and endangers its national security. In recent times, the Nigerian nation suddenly metamorphosed into an abode of insecurity. Security is presently a major challenge in Nigeria especially in Northern Nigeria. Nigerians and non-Nigerians are killed on daily basis and in their numbers even the United Nations building and the Police Headquarters at the Federal Capital were bombed. Though the government claims to be on top of the situation, the problem persists. Despite its abundant oil wealth, there has been unimaginable level of lack of infrastructure, automated security amenities and negligible development generally. One of the major setbacks to development in Nigeria is insecurity. Until very recently, plethora of explanations on the crawling pace of development in Nigeria tends to pay infinitesimal attention to the centrality of security to national development. It is no surprise therefore that since 1999 when Nigeria returned to civil rule insecurity tends to have hampered national development. Security is evidently the pillar upon which every meaningful development could be achieved and sustained. In view of this scenario, the paper basically analyses and recommends ways of ascertaining the impact of automated and improved security model for sustainable development in Nigeria. It therefore concludes and recommends amongst others, the formulation and effective implementation of policies capable of addressing the root causes of insecurity in Nigeria. Keywords: Restructuring, Automation, Security Model, Development.

Published

2021

53. Authenticated logarithmic-order supersingular isogeny group key exchange

Author

Atsuko Miyaji and Hector Hougaard

Subjects

Isogeny, 021110 strategic, defence & security studies, Reduction (recursion theory), Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, Construct (python library), Computer security model, Tree (data structure), Order (group theory), Safety, Risk, Reliability and Quality, business, Protocol (object-oriented programming), Software, Information Systems

Abstract

We present the first constant-round, tree-based, group key exchange protocol based on SIDH with logarithmic-order communication and memory complexity, where the only previous isogeny-based group key exchange, SIBD, has linear-order communication and memory complexity. We call our protocol the supersingular isogeny tree-based group key exchange (SIT). We show that our protocol satisfies post-quantum security through a reduction to the supersingular decisional Diffie–Hellman (SSDDH) problem in the security model of Manulis, Suzuki, and Ustaoglu. We also construct a peer-to-peer (sequential) version of SIT. Finally, we present a compiler that turns SIT into an authenticated group key exchange while maintaining the same complexity and security as SIT, resulting in the authenticated SIT group key exchange (A-SIT).

Published

2021

54. ISM-AC: an immune security model based on alert correlation and software-defined networking

Author

Douglas Dyllon Jeronimo de Macedo, Alessandra De Benedictis, Diego Kreutz, Roberto Vasconcelos Melo, Maurício Fiorenza, Melo, R. V., de Macedo, D. D. J., Kreutz, D., De Benedictis, A., and Fiorenza, M. M.

Subjects

021110 strategic, defence & security studies, Artificial immune system, Computer Networks and Communications, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 0211 other engineering and technologies, Denial-of-service attack, Network security, 02 engineering and technology, Computer security model, Correlation, Anomaly, Key (cryptography), False positive paradox, Intrusion detection, Anomaly detection, False positive rate, Safety, Risk, Reliability and Quality, Software-defined networking, business, Software, Information Systems, Computer network

Abstract

Anomaly-based detection techniques have a high number of false positives, which degrades the detection performance. To address this issue, we propose a distributed intrusion detection system, named ISM-AC, based on anomaly detection using artificial immune system and attack graph correlation. To analyze network traffic, we use negative selection, clonal selection, and immune network algorithms to implement an agent-based detection system. ISM-AC leverages the programmability of software-defined networking to reduce the false positive rate. Our findings show that ISM-AC achieves better detection performance for denial of service, user to root, remote to local, and probe attack classes. Alert correlation plays a key role in this achievement.

Published

2021

55. Blockchain-Based Security Framework for a Critical Industry 4.0 Cyber-Physical System

Author

Ziaur Rahman, Xun Yi, Ibrahim Khalil, and Mohammed Atiquzzaman

Subjects

Authentication, Industry 4.0, Computer Networks and Communications, business.industry, Computer science, Cyber-physical system, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Computer Science Applications, Certificate authority, 0202 electrical engineering, electronic engineering, information engineering, Data Protection Act 1998, Single point of failure, Electrical and Electronic Engineering, business, computer

Abstract

There has been intense concern for security alternatives because of the recent rise of cyber attacks, mainly targeting critical systems such as industry, medical, and energy ecosystems. Although the latest industry infrastructures largely depend on AI-driven maintenance, prediction based on corrupted data undoubtedly results in loss of life and capital. Admittedly, an inadequate data protection mechanism can readily challenge the security and reliability of the network. The shortcomings of the conventional cloud or trust-ed-certificate-driven techniques have motivated us to exhibit a unique blockchain-based framework for a secure and efficient Industry 4.0 system. The demonstrated framework obviates the long-established certificate authority after enhancing the consortium blockchain that reduces the data processing delay and increases cost-effective throughput. Nonetheless, the distributed Industry 4.0 security model entails cooperative trust rather than depending on a single party, which in essence indulges the costs and threat of the single point of failure. Therefore, the multi-signature technique of the proposed framework accomplishes multi-party authentication, which confirms its applicability for a real-time and collaborative cyber-physical system.

Published

2021

56. Security and Energy-aware Collaborative Task Offloading in D2D communication

Author

Victor Chang, Hua Hu, Haiyang Hu, Jidong Ge, Zhongjin Li, and Binbin Huang

Subjects

Computer Networks and Communications, Wireless network, Computer science, Distributed computing, Data security, 020206 networking & telecommunications, Lyapunov optimization, Throughput, 02 engineering and technology, Energy consumption, Computer security model, Task (project management), Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Mobile device, Software

Abstract

Device-to-device (D2D) communication technique is used to establish direct links among mobile devices (MDs) to reduce communication delay and increase network capacity over the underlying wireless networks. Existing D2D schemes for task offloading focus on system throughput, energy consumption, and delay without considering data security. This paper proposes a Security and Energy-aware Collaborative Task Offloading for D2D communication (Sec2D). Specifically, we first build a novel security model, in terms of the number of CPU cores, CPU frequency, and data size, for measuring the security workload on heterogeneous MDs. Then, we formulate the collaborative task offloading problem that minimizes the time-average delay and energy consumption of MDs while ensuring data security. In order to meet this goal, the Lyapunov optimization framework is applied to implement online decision-making. Two solutions, greedy approach and optimal approach, with different time complexities, are proposed to deal with the generated mixed-integer linear programming (MILP) problem. The theoretical proofs demonstrate that Sec2D follows a [ O ( 1 ∕ V ) , O ( V ) ] energy-delay tradeoff. Simulation results show that Sec2D can guarantee both data security and system stability in the collaborative D2D communication environment.

Published

2021

57. User authentication using Blockchain based smart contract in role-based access control

Author

Shivang Khare, Priyanka Kamboj, and Sujata Pal

Subjects

User authentication, Blockchain, Smart contract, Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, Access control, 02 engineering and technology, Information security, Computer security model, Computer security, computer.software_genre, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, Overhead (computing), business, computer, Software

Abstract

Since the last few decades, information security has become a significant challenge for organizations’ system administrators. However, the Role-Based Access Control (RBAC) model has emerged as a viable solution for organizations to meet the security requirement due to its less administrative overhead. Blockchain technology is distributive and can be used effectively in user authentication and authorization challenges. This paper proposes an RBAC model using a blockchain-based smart contract for managing user-role permissions in the organization. We design a threat and security model to resist attacks such as man-in-the-middle attacks in an organization scenario. The proposed approach uses the Ethereum blockchain platform and its smart contract functionalities to model user-resource communications. The proposed method is tested on Ropsten Ethereum Test Network and evaluated to analyze user authentication, verification, cost, and security.

Published

2021

58. Confronting DDoS Attacks in Software-Defined Wireless Sensor Networks based on Evidence Theory

Author

Nazbanoo Farzaneh and Reyhaneh Hoseini

Subjects

Computer Networks and Communications, business.industry, Computer science, Denial-of-service attack, Computer security model, Computer Science Applications, Software, Artificial Intelligence, Control theory, Dempster–Shafer theory, Entropy (information theory), Computer Vision and Pattern Recognition, Routing control plane, business, Wireless sensor network, Information Systems, Computer network

Abstract

DDoS attacks aim at making the authorized users unable to access the network resources. In the present paper, an evidence theory based security method has been proposed to confront DDoS attacks in software-defined wireless sensor networks. The security model, as a security unit, is placed on the control plane of the software-defined wireless sensor network aiming at detecting the suspicious traffic. The main purpose of this paper is detection of the DDoS attack using the central controller of the software-defined network and entropy approach as an effective light-weight and quick solution in the early stages of the detection and, also, Dempster-Shafer theory in order to do a more exact detection with longer time. Evaluation of the attacks including integration of data from the evidence obtained using Dempster-Shafer and entropy modules has been done with the purpose of increasing the rate of detection of the DDoS attack, maximizing the true positive, decreasing the false negative, and confronting the attack. The results of the paper show that providing a security unit on the control plane in a software-defined wireless sensor network is an efficient method for detecting and evaluating the probability of DDoS attacks and increasing the rate of detection of an attacker.

Published

2021

59. Secure and Efficient Image Cryptography Technique using Choas and DNA Encoding Methodology

Author

Bahubali Akiwate

Subjects

Pixel, Computer science, Group method of data handling, business.industry, General Mathematics, Digital data, Cryptography, Computer security model, Encryption, Education, Scrambling, Computational Mathematics, Computational Theory and Mathematics, Computer engineering, Encoding (memory), business

Abstract

In this era of the digital world, handling digital data with a secure passion is more important. At the height of maximum interest with the attainment of the data confidentiality with the miniature information is the tedious and most challenging concern of the system with the data handling and operating in the real-time environment. With the latest data confidentiality security model, such as image encryption over the communication networks in the distributed data environment, advanced hacking efforts such as cropping attack, brute force, differential, mathematical, and many more need to be addressed. In terms of bit scrambling, the security function plays a vital role in the pixel-based approach with minimum pixels are followed in the current security model for a better correlation with the available pixels with the continued higher runtime complexity. In this research paper, along with the DNA encoding process, an efficient image cryptographic technique is shown with the reduced runtime complexity. The discussion in the article begins with the chaotic sequence EIIS (Efficient Image Information Scrambling) method. Progressed with the DNA (Deoxyribo Nucleic Acid) encoding is done with the data for resistance against different kinds of attacks by considering the suitable parameters from the existing security models.

Published

2021

60. Linear feedback shift register and integer theory: a state-of-art approach in security issues over e-commerce

Author

Anirban Bhowmik and Sunil Karforma

Subjects

Authentication, business.industry, Computer science, 05 social sciences, Economics, Econometrics and Finance (miscellaneous), Data security, 02 engineering and technology, E-commerce, Computer security model, Cryptographic protocol, Computer security, computer.software_genre, Human-Computer Interaction, Goods and services, 020204 information systems, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Session key, 050211 marketing, The Internet, business, computer

Abstract

Electronic commerce is the buying and selling of goods and services, or the funds transfer between independent organizations and/or persons over an electronic wireless network, primarily the Internet. It focuses on the use of ICT to enable the external activities and relationship among the business and individuals, groups and other business. These business transactions occur in many formats such as business-to-business, business-to-consumer, consumer-to-consumer or consumer-to-business. It is the one type of trading in products or services using wireless networks like Internet or online social media networks etc. Here the computers, telephones, fax machines, barcode readers, credit cards, debit cards, ATM etc. are used for conducting business in e-commerce system. E-commerce includes the activities such as order entry, transaction processing, online payment, authentication, order fulfillment, inventory control, shipment, and customer support. At present most of the people are participating in e-commerce. In E-commerce system privacy and security of user’s information is the most crucial issue at present. Electronic record related to organization or person is sensitive in nature so, it is very significant to impose an advanced security protocol, technical solutions in the system. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. In this paper we have focused on security issue like technical safeguards for e-commerce. Our technique proposes an LFSR, pell’s method and Linear congruence based security model for data security in e-commerce. Here two types of keys i.e., intermediate key, session key are used for encryption-decryption and authentication purpose. This new approach of key generation provides extra robustness in our technique. The different types of experiments on this technique and their results conforms that our technique is very secure and efficient for e-business, e-commerce.

Published

2021

61. Secured Multi-Party Data Release on Cloud for Big Data Privacy-Preserving Using Fusion Learning

Author

Divya Dangi et.al

Subjects

Complex data type, business.industry, Serial communication, Computer science, General Mathematics, Big data, Cloud computing, Computer security model, computer.software_genre, Education, Data aggregator, Computational Mathematics, Computational Theory and Mathematics, Standard algorithms, Data mining, business, computer, Anonymity

Abstract

Previous computer protection analysis focuses on current data sets that do not have an update and need one-time releases. Serial data publishing on a complex data collection has only a little bit of literature, although it is not completely considered either. They cannot be used against various backgrounds or the usefulness of the publication of serial data is weak. A new generalization hypothesis is developed on the basis of a theoretical analysis, which effectively decreases the risk of re-publication of certain sensitive attributes. The results suggest that our higher anonymity and lower hiding rates were present in our algorithm. Design and Implementation of new proposed privacy preserving technique: In this phase proposed technique is implemented for demonstrating the entire scenario of data aggregation and their privacy preserving data mining. Comparative Production between the proposed technology and the traditional technology for the application of C.45: In this stage, the performance is evaluated and a comparative comparison with the standard algorithm for the proposed data mining security model is presented

Published

2021

62. Analysis of formal models for ensuring data integrity and their applicability to databases

Author

V.I. Yesin, V.V. Vilihura, and S.G. Rassomakhin

Subjects

SQL, Computer science, General Medicine, Computer security model, Security policy, Computer security, computer.software_genre, Biba Model, Data integrity, Information system, Confidentiality, Implementation, computer, computer.programming_language

Abstract

Information systems in general and databases in particular are vulnerable to accidental or malicious attacks aimed at compromising data integrity. Security is easier if you have a clear model that is the formal expression of security policy. The paper explores known security models related to data integrity, their applicability and significance for databases. The analysis of formal models for ensuring data integrity revealed that each of them, having certain advantages and disadvantages, has the right to use. The decisive factor in making a decision is an assessment of a specific situation, which will make it possible to make the right choice, including their complex application. In this regard, the paper notes that the Clark-Wilson model, the undoubted advantages of which are its simplicity and ease of joint use with other security models, is advisable to use as a set of practical recommendations for building an integrity assurance system in information systems. While stating the fact that traditional DBMSs support many of the mechanisms of the Clark-Wilson model, the article points out that implementations based on standard SQL require some compromise solutions. Analyzing the Biba model, the paper concludes about its relative simplicity and the use of a well-studied mathematical apparatus. It is noted that in practice, for the creation of secure information systems, as systems that ensure the confidentiality and data integrity, it is important to unite the Bell-LaPadula and Biba models. Moreover, this union should be on the basis of one common lattice, but with two security labels (confidentiality and integrity) with the opposite character of their definition. This is exactly the variant of combining the Bell-LaPadula and Biba models that is recommended for use in modern information systems and DBMSs, where a mandatory security policy is implemented.

Published

2021

63. A Secure Communicating MD5 based DICOM Annotation tool

Author

Sweta Dey

Subjects

Information Systems and Management, Information retrieval, Computer science, Computer security model, Python (programming language), Metadata, DICOM, Annotation, MD5, Cryptographic hash function, computer, Software, Information Systems, Volume (compression), computer.programming_language

Abstract

DICOM proceeds through a volume of .dcm files and maintaining all standard as well but still it is not free from attacks. In this paper I present the RTStructure based GUI and the security model of DICOM communication. Here, I use massage digest with the metadata of each volume of DICOM. Metadata is nothing but data about data and it is required for constructing each volume of .dcm files. In my case, it is standardized and static with the help of python packages. After successful construction .dcm files, cryptographic hash function is applied. Hence, a secure RT-Structured based annotation model is ready for storing and accessing medical information among various medical devices by maintaining HIPPA and PACS standard.

Published

2021

64. Scalable Trust Management model for Machine To Machine communication in Internet of Things using Fuzzy approach

Author

Gitanjali R. Shinde, Poonam N. Railkar, and Parikshit N. Mahalle

Subjects

Computer science, business.industry, General Mathematics, Cryptography, Access control, Computer security model, Computer security, computer.software_genre, Education, Computational Mathematics, Information sensitivity, Machine to machine, Computational Theory and Mathematics, Scalability, Trust management (information system), business, computer, Heterogeneous network

Abstract

Revolution in Machine to Machine (M2M) Communication in Internet of Things (IoT) provides smart services in all verticals. These smart heterogeneous devices can be constraint or powerful devices that are generating sensitive information and introducing new challenges in security, privacy, and trust in devices to get and provide services in a distributed fashion. These challenges are overcome by providing scalable decentralized trust management for the access control system. Trust-based security models are more reliable over cryptographic security to identify and mitigate different inside threats by assessing the trust scores. This paper proposed Scalable Trust Management (STM) using a fuzzy approach and parameters like Experience, Recommendation, and device classification are used to calculate the crisp value of the trust score. While designing rule for trust score capacity of device is considered. The simulation of STM in NS2 ensures good performance and its result guarantees scalability and energy efficiency in the heterogeneous network.

Published

2021

65. Attribute-based proxy re-encryption from standard lattices

Author

Saif Al-Kuwari, Fuqun Wang, Fucai Luo, and Kefei Chen

Subjects

Theoretical computer science, General Computer Science, Computer science, business.industry, Plaintext, 0102 computer and information sciences, 02 engineering and technology, Computer security model, Encryption, 01 natural sciences, Proxy re-encryption, Theoretical Computer Science, 010201 computation theory & mathematics, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Proxy (statistics), business, Cloud storage, Learning with errors

Abstract

Attribute-based proxy re-encryption (ABPRE), which combines the notions of proxy re-encryption (PRE) and attribute-based encryption (ABE), allows a semi-trusted proxy to transform a ciphertext under a particular access-policy into a ciphertext under another access policy, without revealing any information about the underlying plaintext. This primitive is very useful in some applications, where encrypted data needs to be stored in untrusted environments, such as cloud storage. In its key-policy flavor, the secret key is associated with an access policy that specifies which type of ciphertexts can be decrypted by that key, where ciphertexts are marked with different sets of attributes. However, all existing key-policy attribute-based proxy re-encryption (KP-ABPRE) schemes are based on classical number-theoretic assumptions, which are vulnerable to quantum attacks. This paper proposes the first KP-ABPRE scheme based on the learning with errors (LWE) problem, which is widely believed to be quantum-resistant. Our scheme is multi-hop, supports polynomial-depth policy circuits and has short private keys, where the size of the keys is dependent only on the depth of the supported policy circuits. In addition, we prove that our scheme is CPA secure in the selective security model, based on the LWE assumption.

Published

2021

66. Using Security Models to Assess and Predict a Military-Political Situation

Author

K.T. Malitsky

Subjects

Politics, Political science, Economic system, Computer security model

Published

2021

67. Definitions and Security of Quantum Electronic Voting

Author

Myrto Arapinis, Anna Pappa, Elham Kashefi, and Nikolaos Lamprou

Subjects

Correctness, business.industry, Computer science, Electronic voting, Cryptography, General Medicine, Computer security model, Cryptographic protocol, Computer security, computer.software_genre, 01 natural sciences, 010305 fluids & plasmas, Quantum cryptography, 0103 physical sciences, 010306 general physics, business, Quantum, computer, Computer Science::Cryptography and Security, Quantum computer

Abstract

Recent advances indicate that quantum computers will soon be reality. Motivated by this ever more realistic threat for existing classical cryptographic protocols, researchers have developed several schemes to resist “quantum attacks.” In particular, for electronic voting (e-voting), several schemes relying on properties of quantum mechanics have been proposed. However, each of these proposals comes with a different and often not well-articulated corruption model, has different objectives, and is accompanied by security claims that are never formalized and are at best justified only against specific attacks. To address this, we propose the first formal security definitions for quantum e-voting protocols. With these at hand, we systematize and evaluate the security of previously proposed quantum e-voting protocols; we examine the claims of these works concerning privacy, correctness, and verifiability, and if they are correctly attributed to the proposed protocols. In all non-trivial cases, we identify specific quantum attacks that violate these properties. We argue that the cause of these failures lies in the absence of formal security models and references to the existing cryptographic literature.

Published

2021

68. Users’ attitude on perceived security of enterprise systems mobility: an empirical study

Author

Yang Wu and Ramaraj Palanisamy

Subjects

Information Systems and Management, Cloud computing security, Computer Networks and Communications, business.industry, Computer science, 05 social sciences, Internet privacy, Cloud computing, 02 engineering and technology, Data breach, Computer security model, Management Information Systems, Empirical research, Enterprise system, 020204 information systems, Management of Technology and Innovation, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Mobile technology, business, Mobile device, 050203 business & management, Software, Information Systems

Abstract

Purpose This study/ paper aims to empirically examine the user attitude on perceived security of enterprise systems (ES) mobility. Organizations are adopting mobile technologies for various business applications including ES to increase the flexibility and to gain sustainable competitive advantage. At the same time, end-users are exposed to security issues when using mobile technologies. The ES have seen breaches and malicious intrusions thereby more sophisticated recreational and commercial cybercrimes have been witnessed. ES have seen data breaches and malicious intrusions leading to more sophisticated cybercrimes. Considering the significance of security in ES mobility, the research questions in this study are: What are the security issues of ES mobility? What are the influences of users’ attitude towards those security issues? What is the impact of users’ attitude towards security issues on perceived security of ES mobility? Design/methodology/approach These questions are addressed by empirically testing a security model of mobile ES by collecting data from users of ES mobile systems. Hypotheses were evolved and tested by data collected through a survey questionnaire. The questionnaire survey was administered to 331 users from Chinese small and medium-sized enterprises (SME). The data was statistically analysed by tools such as correlation, factor analysis, regression and the study built a structural equation model (SEM) to examine the interactions between the variables. Findings The study results have identified the following security issues: users’ attitude towards mobile device security issues; users’ attitude towards wireless network security issues; users’ attitude towards cloud computing security issues; users’ attitude towards application-level security issues; users’ attitude towards data (access) level security issues; and users’ attitude towards enterprise-level security issues. Research limitations/implications The study results are based on a sample of users from Chinese SMEs. The findings may lack generalizability. Therefore, researchers are encouraged to examine the model in a different context. The issues requiring further investigation are the role of gender and type of device on perceived security of ES mobile systems. Practical implications The results show that the key security issues are related to a mobile device, wireless network, cloud computing, applications, data and enterprise. By understanding these issues and the best practices, organizations can maintain a high level of security of their mobile ES. Social implications Apart from understanding the best practices and the key issues, the authors suggest management and end-users to work collaboratively to achieve a high level of security of the mobile ES. Originality/value This is an empirical study conducted from the users’ perspective for validating the set of research hypotheses related to key security issues on the perceived security of mobile ES.

Published

2021

69. Zero Trust Federation: Sharing Context under User Control towards Zero Trust in Identity Federation

Author

Daisuke Kotani, Koudai Hatakeyama, and Yasuo Okabe

Subjects

020203 distributed computing, 021110 strategic, defence & security studies, Access controls, business.industry, Computer science, 0211 other engineering and technologies, Joins, Access control, Context (language use), 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Semantics, Zero (linguistics), User control, Identity Federation, 0202 electrical engineering, electronic engineering, information engineering, Identity (object-oriented programming), business, computer, Zero Trust, User Managed Access

Abstract

Perimeter models, which provide access control for protecting resources on networks, make authorization decisions using the source network of access requests as one of critical factors. However, such models are problematic because once a network is intruded, the attacker gains access to all of its resources. To overcome the above problem, a Zero Trust Network (ZTN) is proposed as a new security model in which access control is performed by authenticating users who request access and then authorizing such requests using various information about users and devices called contexts. To correctly make authorization decisions, this model must take a large amount of various contexts into account. However, in some cases, an access control mechanism cannot collect enough context to make decisions, e.g., when an organization that enforces access control joins the identity federation and uses systems operated by other organizations. This is because the contexts collected using the systems are stored in individual systems and no federation exists for sharing contexts. In this study, we propose the concept of a Zero Trust Federation (ZTF), which applies the concept of ZTN under the identity federation, and a method for sharing context among systems of organizations. Since context is sensitive to user privacy, we also propose a mechanism for sharing contexts under user control. We also verify context sharing by implementing a ZTF prototype.

Published

2021

70. SearchBC: A Blockchain-Based PEKS Framework for IoT Services

Author

Liehuang Zhu, Keke Gai, Peng Jiang, and Baoqi Qiu

Subjects

Cryptographic primitive, Computer Networks and Communications, business.industry, Computer science, Reliability (computer networking), 020207 software engineering, Plaintext, Cloud computing, 02 engineering and technology, Computer security model, Encryption, Computer security, computer.software_genre, Computer Science Applications, Public-key cryptography, Hardware and Architecture, Server, Signal Processing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, Information Systems

Abstract

Internet of Things (IoT) makes great development and gains popularity with a mature combination with cloud computing. Plaintext data can be encrypted when data owners try to secure the confidentiality, while the encrypted data retrieval can be achieved by a cryptographic primitive named searchable encryption. Public-key encryption with keyword search (PEKS) is built on the asymmetric setting, however, the “honest-but-curious” assumption in PEKS creates challenges on the search reliability when malicious behaviors happen. It is nontrivial to enable the reliable search while preserving keyword privacy, as users who have paid need to receive either correct-and-wanted results or compensations. In this work, we apply blockchain to resolve this problem and design SearchBC, a blockchain-based PEKS framework supporting private, reliable, and fair encrypted search over the asymmetric setting. SearchBC is built on top of the blockchain and a keyword server to allow fairness in transactions and keyword preprocessing. We present a SearchBC instantiation and formally prove its security under the newly defined security model. SearchBC guarantees that search operations are fair and reliable and that the used keyword keeps privacy. The implementation results show that SearchBC provides a feasible means with reasonable communication and computation costs.

Published

2021

71. BDKM: A Blockchain-Based Secure Deduplication Scheme with Reliable Key Management

Author

Wenyin Liu, Haoran Xie, Guipeng Zhang, Xiaohui Tao, and Zhenguo Yang

Subjects

0209 industrial biotechnology, Security analysis, Convergent encryption, Computer Networks and Communications, Computer science, General Neuroscience, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Secret sharing, 020901 industrial engineering & automation, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, Data deduplication, Overhead (computing), 020201 artificial intelligence & image processing, Confidentiality, Key management, computer, Software

Abstract

Secure deduplication aims to efficiently eliminate redundant data in cloud storage system, where convergent encryption (CE) is widely-used to provide the data confidentiality. As the number of convergent keys (CKs) in CE will increase dramatically with enlarging data, there is a critical issue that how to safely manage the CKs. Previous works usually introduce a fully-trusted key management server (KS) to ensure the CKs security, resulting in data leakage by KS in reality. In this paper, we propose a blockchain-based secure deduplication scheme with reliable CK management, denoted as BDKM, which introduces different secret information to CE to enhance the data confidentiality in different level deduplications. To realize secure and reliable CK management, the CK will be divided into key segments by using secret sharing scheme and distributed on blockchain as transactions. Therefore, only the valid data owner can recover the CK from the blockchain and the original data will be protected even if the adversaries have colluded with cloud service provider. Security analysis and performance evaluation demonstrate that our proposed scheme can remain secure under the proposed security models with a limited overhead.

Published

2021

72. Dynamic Reciprocal Authentication Protocol for Mobile Cloud Computing

Author

Muhammad Nomani Kabir, Abdulghani Ali Ahmed, Ali Safaa Sadiq, and Kwan Wendy

Subjects

Computer Networks and Communications, Computer science, 0211 other engineering and technologies, Servers, Cloud computing, 02 engineering and technology, Diffie–Hellman key exchange, Electrical and Electronic Engineering, Password, Authentication, 021103 operations research, Diffie–Hellman, business.industry, mobile cloud computing (MCC), Multi-factor authentication, Computer security model, Computer Science Applications, Mobile cloud computing, Mobile handsets, Control and Systems Engineering, Authentication protocol, business, Protocols, Information Systems, Computer network

Abstract

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link. A combination of mobile and cloud computing delivers many advantages such as mobility, resources, and accessibility through seamless data transmission via the Internet anywhere at any time. However, data transmission through vulnerable channels poses security threats such as man-in-the-middle, playback, impersonation, and asynchronization attacks. To address these threats, we define an explicit security model that can precisely measure the practical capabilities of an adversary. A systematic methodology consisting of 16 evaluation criteria is used for comparative evaluation, thereby leading other approaches to be evaluated through a common scale. Finally, we propose a dynamic reciprocal authentication protocol to secure data transmission in mobile cloud computing (MCC). In particular, our proposed protocol develops a secure reciprocal authentication method, which is free of Diffie–Hellman limitations, and has immunity against basic or sophisticated known attacks. The protocol utilizes multifactor authentication of usernames, passwords, and a one-time password (OTP). The OTP is automatically generated and regularly updated for every connection. The proposed protocol is implemented and tested using Java to demonstrate its efficiency in authenticating communications and securing data transmitted in the MCC environment. Results of the evaluation process indicate that compared with the existing works, the proposed protocol possesses obvious capabilities in security and in communication and computation costs.

Published

2021

73. Traceable Monero: Anonymous Cryptocurrency with Enhanced Accountability

Author

Man Ho Au, Yannan Li, Guomin Yang, Willy Susilo, Dongxi Liu, and Yong Yu

Subjects

021110 strategic, defence & security studies, Cryptocurrency, Traceability, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Tracing, Computer security model, Computer security, computer.software_genre, System model, Accountability, Electrical and Electronic Engineering, Database transaction, computer, Anonymity

Abstract

Monero provides a high level of anonymity for both users and their transactions. However, many criminal activities might be committed with the protection of anonymity in cryptocurrency transactions. Thus, user accountability (or traceability) is also important in Monero transactions, which is unfortunately lacking in the current literature. In this paper, we fill this gap by introducing a new cryptocurrency named Traceable Monero to balance the user anonymity and accountability. Our framework relies on a tracing authority, but is optimistic, in that it is only involved when investigations in certain transactions are required. We formalize the system model and security model of Traceable Monero. We present a detailed construction of Traceable Monero by overlaying Monero with two types of tracing mechanisms, tracing the one-time addresses with money flows and tracing the long-term addresses. We prove the security of Traceable Monero and implement a prototype of the system, which demonstrates that Traceable Monero incurs merely a very small overhead in generating and verifying a transaction compared to Monero transactions.

Published

2021

74. Privacy-Preserving Proof of Storage for the Pay-As-You-Go Business Model

Author

Fuchun Guo, Tong Wu, Robert H. Deng, Yi Mu, and Guomin Yang

Subjects

Protocol (science), 021110 strategic, defence & security studies, business.industry, Computer science, 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, Computer security model, System model, Data modeling, Timestamp, Electrical and Electronic Engineering, business, Retrievability, Cloud storage, Computer network

Abstract

Proof of Storage (PoS) enables a cloud storage provider to prove that a client’s data is intact. However, existing PoS protocols are not designed for the pay-as-you-go business model in which payment is made based on both storage volume and duration. In this paper, we propose two PoS protocols suitable for the pay-as-you-go storage business model. The first is a time encapsulated Proof of Retrievability (PoR) protocol that ensures retrievability of the original file upon successful auditing by a client. Considering the large size of outsourced data, we then extend the protocol to a privacy-preserving public auditing protocol which allows a third party auditor to audit outsourced data on behalf of its clients without sacrificing the privacy of the data or the timestamp (i.e., time of storage). We formalize the definition, system model and security model of the proposed PoS system and prove the security of the proposed protocols by a sequence of games in the algebraic group model with a random oracle. We analyze the performance of the protocols both theoretically and experimentally and show that the protocols are practical.

Published

2021

75. Network Security Model Based on Active and Passive Defense Hybrid Strategy

Author

Zhaofang Du

Subjects

Network defense, Network security, business.industry, Computer science, General Chemical Engineering, Active Defense, Information security, Computer security model, Computer security, computer.software_genre, Industrial and Manufacturing Engineering, Technical support, Evaluation methods, General Materials Science, Architecture, business, computer

Abstract

This paper studies a new network information security system and its evaluation method based on the security threat situation network security model. This paper expounds the application of active defense system and passive defense system in network security, and uses advanced technical support platform and network security model. In this paper, the active defense system and the passive defense system are organically combined to form a new model of computer network security with characteristics. At the same time, based on the idea of security threat situation evaluation, this paper extends the traditional PDRR security model and proposes a network active defense security model and defense in depth security strategy. On this basis, a hybrid architecture of active and passive defense is proposed. The architecture integrates some new network active defense technologies, and constructs a comprehensive and deep network defense system together with network passive defense means. The experimental results show that the proposed defense model improves the security defense efficiency and effective defense rate of the traditional PDRR security model.

Published

2021

76. A metamorphic cryptography approach towards securing medical data using chaotic sequences and Ramanujan conjecture

Author

Abhilash Kumar Das, Nirmalya Kar, and Abhrajyoti Das

Subjects

Information retrieval, General Computer Science, Steganography, business.industry, Computer science, Key space, Cryptography, 02 engineering and technology, Computer security model, Asset (computer security), Encryption, 030218 nuclear medicine & medical imaging, 03 medical and health sciences, Information sensitivity, DICOM, 0302 clinical medicine, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business

Abstract

Medical Images has evolved from time to time and the need to protect sensitive information related to such images have also grown significantly. Nowadays data being the primary asset of an individual, protecting them has posed new challenges from time and again. With the advancement of the digital medium, the medical image has been at greater risk and there is an urgent need to protect the information and the raw pixel data of such images. This research focuses on ensuring the confidentiality of DICOM medical images and protecting the Electronic Patient Report (EPR) by applying both cryptographic and steganographic protection techniques. The encryption keys are generated using the Logistic Chaotic Map and Non-Linear Feedback Shift Register. the electronic patient report (EPR) is converted into a 9-space-format using Continued Fraction of Ramanujan conjecture and then using steganography techniques EPR is embedded into the Most Significant Bits of Medical Images. The final encrypted image contains the EPR as well as encrypted medical image. The key sequence used in order to encrypt the medical image is highly pseudo random and the Key Space Analysis depicted that the algorithm is very strong. This work has paved a better way of securely storing 16-bit DICOM medical images and EPR into the Picture Archive and Communication System repository. The proposed security model has shown promising results in comparison to other research and the various analysis did show significant improvements over past studies.

Published

2021

77. Hybrid Secure Equivalent Computing Model for Distributed Computing Applications

Author

Aldosary Saad

Subjects

Revocation, Computer science, business.industry, Concurrency, Distributed computing, Security as a service, Probabilistic logic, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Computer security model, Computer Science Applications, Robustness (computer science), 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Security management, Electrical and Electronic Engineering, business

Abstract

Distributed computing applications provide concurrent processing and services executed from different systems through a common cloud platform. However, without modifications or adaptable security measures, such concurrency presents a great challenge to the proper administration of security. This paper introduces a hybrid secure equivalent computing model to address this security issue. The proposed security model was designed using a genetic algorithm for equivalent measure distribution over the processing systems. Via this model, variations in security management owing to differences in the processing times of various services can be mitigated using the probabilistic annealing method. This method helps to preserve the stability of the security method without decreasing its robustness. For robust processing, the model exploits parallel security as a service feature from the cloud with a non-tokenized key sharing method. The key sharing and revocation processes are determined using the probabilistic outcomes of the annealing method. The genetic process verifies the distribution of security measures in the key sequence of any possible processing combination without compromise. The performance of the proposed model was verified using the metrics of process failure, computational complexity, time delay, false rate, and computing level.

Published

2021

78. IB-VPRE: adaptively secure identity-based proxy re-encryption scheme from LWE with re-encryption verifiability

Author

Zhang Minqing, Wang Xu’an, Wu Liqiang, and Yang Xiaoyuan

Subjects

021110 strategic, defence & security studies, Key generation, Theoretical computer science, General Computer Science, Computer science, business.industry, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Computer security model, Encryption, Proxy re-encryption, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), business, Learning with errors, Standard model (cryptography)

Abstract

Identity-based proxy re-encryption (IB-PRE) can convert the ciphertext encrypted under Alice’s identity to Bob’s ciphertext of the same message by a semi-trusted proxy with the proper transformation key. The main purpose of our work is to enhance the security of IB-PRE. For outside attacks, all existing IB-PRE constructions from lattices have only achieved a limited or weak security model called IND-sID-CPA security. Therefore, by embedding re-encryption key generation and re-encryption algorithms appropriately in Agrawal et al.’s identity-based encryption scheme from lattices, we construct an IND-ID-CPA secure IB-PRE scheme over decisional learning with errors (LWE) under the standard model. For inside attacks, we propose a new primitive IB-VPRE by extending the basic IB-PRE scheme with a new functionality called re-encryption verifiability, meaning that a re-encrypted ciphertext receiver or a third party can verify whether the received ciphertext is correctly transformed from an original ciphertext or not, and thus can detect illegal activities of the proxy. We realize re-encryption verifiability using the homomorphic signature technique as a black box, making the resulting scheme non-interactive and quantum-immune after instanced by a lattice-based homomorphic signature scheme.

Published

2021

79. Blockchain-based multi-party proof of assets with privacy preservation

Author

Debiao He, Xi Chen, Huaqun Wang, and Kim-Kwang Raymond Choo

Subjects

Cryptocurrency, Information Systems and Management, Blockchain, Computer science, Process (engineering), 05 social sciences, Control (management), 050301 education, 02 engineering and technology, Computer security model, Computer security, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Artificial Intelligence, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0503 education, Protocol (object-oriented programming), computer, Software

Abstract

There are a number of requirements associated with cryptocurrency transactions, and one such requirement is to preserve the privacy in proof of assets for multiple parties. Specifically, multi-party proof of assets assures one that a large number of guarantors control sufficient assets that satisfy the lender’s predefined value, for example in credit guarantee transactions. However, privacy-preserving multi-party proof of assets for cryptocurrency transactions remains challenging to achieve. This paper introduces a novel concept of privacy-preserving multi-party proof of assets for cryptocurrency transactions, where the proof process does not disclose their cryptocurrency addresses and individual holding. We formalize both the system model and the security model, and present a concrete protocol. Finally, we show that the proposed protocol is provably secure and efficient.

Published

2021

80. Attack and defense in the layered cyber-security model and their (1 ± ϵ)-approximation schemes

Author

Supachai Mukdasanit and Sanpawat Kantabutra

Subjects

Multiset, General Computer Science, Computer Networks and Communications, Applied Mathematics, 0102 computer and information sciences, 02 engineering and technology, Computer security model, 01 natural sciences, Theoretical Computer Science, Combinatorics, Computational Theory and Mathematics, 010201 computation theory & mathematics, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Tree (set theory), Enhanced Data Rates for GSM Evolution, Bijection, injection and surjection, Security system, Mathematics

Abstract

Let M = ( T , C , P ) be a security model, where T is a rooted tree, C is a multiset of costs and P is a multiset of prizes and let ( T , c , p ) be a security system, where c and p are bijections of costs and prizes. The problems of computing an optimal attack on a security system and of determining an edge e ∈ E ( T ) such that the maximum sum of prizes obtained from an optimal attack in ( T , c , p ) is minimized when c ( e ) = ∞ are considered. An O ( G 2 n ) -time algorithm to compute an optimal attack as well as an O ( G 2 n 2 ) -time algorithm to determine such an edge are given, in addition to a (1-ϵ) FPTAS with the time bound O ( 1 ϵ 2 n 3 log ⁡ G ) and a (1+ϵ) FPTAS with the time bound O ( 1 ϵ 2 n 4 log ⁡ G ) for the first and second problems, respectively.

Published

2021

81. Mutual heterogeneous signcryption schemes with different system parameters for 5G network slicings

Author

Ming Luo, Wei Huang, and Yusi Pei

Subjects

Computer Networks and Communications, Computer science, business.industry, Distributed computing, Certificateless cryptography, 020206 networking & telecommunications, 020302 automobile design & engineering, Public key infrastructure, Cryptography, 02 engineering and technology, Information security, Computer security model, Random oracle, 0203 mechanical engineering, Discrete logarithm, 0202 electrical engineering, electronic engineering, information engineering, Cryptosystem, Session key, Electrical and Electronic Engineering, business, Information Systems, Signcryption

Abstract

The fifth-generation (5G) network has attracted extensive attention in both industry and academia in the last few years. Network slicing is an important technique for 5G networks to carry out diversity of networks and applications. In order to ensure the information security in network communication, cryptosystem will be deployed in 5G network slicings, so proposing a secure heterogeneous scheme for communication between different 5G network slicings is necessary, in which different 5G network slicings may use different cryptosystems and cryptographic system parameters. In this article, generic model and security model of heterogeneous signcryption with different system parameters (DSPHS) are defined. We propose two DSPHS schemes between certificateless cryptography (CLC) and public key infrastructure (PKI), and in random oracle model (ROM) we prove that our schemes are secure under the discrete logarithm problem (DLP) and decisional Diffie-Hellman Problem (DDHP). Compared with the existing schemes through performance analysis, our advantages lie in using different cryptographic system parameters in different cryptosystems, requiring less computation cost and energy consumption, satisfying known temporary session key security (KTSKS) and message anonymity.

Published

2021

82. Self-adaptive and secure mechanism for IoT based multimedia services: a survey

Author

Seok-Won Lee and Irish Singh

Subjects

Multimedia, Computer Networks and Communications, business.industry, Computer science, Mechanism (biology), 020207 software engineering, Self adaptive, 02 engineering and technology, Computer security model, computer.software_genre, Hardware and Architecture, Home automation, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Internet of Things, business, Adaptation (computer science), computer, Software

Abstract

With the advent of internet of things (IoT) and IoT multimedia services in real-time applications, including smart healthcare, smart home, and smart connected transportation, IoT multimedia systems have significantly enhanced the lifestyle. However, the increased number of connected heterogeneous IoT multimedia devices have resulted in several vulnerabilities and cyberattacks. The existing multimedia in IoT multimedia security solutions are insufficient for detecting such complex attacks and require a self-adaptive security mechanism that can monitor the changing environment and detect, mitigate, plan, and prevent future prospective attacks in real time. In this study, we conduct a study of several self-adaptive security approaches for IoT multimedia and analyze them based on critical, security metrics to determine their level of support and the achieved satisfaction for IoT multimedia services. The evaluation results show significant insights, challenges, and concerns in the existing approaches, which can provide vital information for the development of future IoT multimedia security research. We propose a self-adaptive security model for IoT multimedia and discuss a case utilizing a mobile e-health system, where we use an adaptation model (using monitor-analyze-plan-execute over a shared knowledge adaptation loop) to determine the adaptation requirement based on the confidence level of several security factors. The adaptation requirement depicts that adaptation is required for stabilizing the security factors in a continuous context-changing sustainable e-health IoT multimedia environment.

Published

2021

83. Online Social Network Security: A Comparative Review Using Machine Learning and Deep Learning

Author

Taran Singh Bharati, Shiv Prakash, and Chanchal Kumar

Subjects

0209 industrial biotechnology, Social network, Computer Networks and Communications, Computer science, business.industry, General Neuroscience, Deep learning, Identity (social science), Computational intelligence, 02 engineering and technology, Computer security model, Machine learning, computer.software_genre, 020901 industrial engineering & automation, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Confidentiality, Artificial intelligence, business, Publication, Private information retrieval, computer, Software

Abstract

In the present era, Online Social Networking has become an important phenomenon in human society. However, a large section of users are not aware of the security and privacy concerns involve in it. People have a tendency to publish sensitive and private information for example date of birth, mobile numbers, places checked-in, live locations, emotions, name of their spouse and other family members, etc. that may potentially prove disastrous. By monitoring their social network updates, the cyber attackers, first, collect the user’s public information which is further used to acquire their confidential information like banking details, etc. and to launch security attacks e.g. fake identity attack. Such attacks or information leaks may gravely affect their life. In this technology-laden era, it is imperative for users must be well aware of the potential risks involved in online social networks. This paper comprehensively surveys the evolution of the online social networks, their associated risks and solutions. The various security models and the state of the art algorithms have been discussed along with a comparative meta-analysis using machine learning, deep learning, and statistical testing to recommend a better solution.

Published

2021

84. Security in Next Generation Mobile Payment Systems: A Comprehensive Survey

Author

Natalia Kryvinska, Zunera Jalil, Abdul Rehman Javed, Aamir Rasool, Waqas Ahmed, Thippa Reddy Gadekallu, and Neeraj Kumar

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, General Computer Science, cyberattacks, Computer Vision and Pattern Recognition (cs.CV), media_common.quotation_subject, Computer Science - Computer Vision and Pattern Recognition, Developing country, Encryption, Computer security, computer.software_genre, Firewall (construction), online system, Mobile payment, mobile commerce, General Materials Science, media_common, Authentication, transaction, business.industry, General Engineering, Computer security model, Payment, TK1-9971, Mobile payment method, Mobile phone, Business, Electrical engineering. Electronics. Nuclear engineering, Cryptography and Security (cs.CR), computer

Abstract

Cash payment is still king in several markets, accounting for more than 90% of the payments in almost all the developing countries. The usage of mobile phones is pretty ordinary in this present era. Mobile phones have become an inseparable friend for many users, serving much more than just communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and affordability. Every person wants to manage his/her daily transactions and related issues by using his/her mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed models of the mobile payment system (MPS), their technologies and comparisons, payment methods, different security mechanisms involved in MPS, and provide analysis of the encryption technologies, authentication methods, and firewall in MPS. We also identify current challenges and future directions of mobile phone security.

Published

2021

85. Comments on 'Efficient Public Verification of Data Integrity for Cloud Storage Systems From Indistinguishability Obfuscation'

Author

Liang Zhao, Neeraj Kumar, and Su Peng

Subjects

Scheme (programming language), Computer Networks and Communications, Computer science, business.industry, Distributed computing, Cloud computing, Computer security model, Data modeling, Obfuscation (software), Data integrity, Safety, Risk, Reliability and Quality, business, Cloud storage, computer, computer.programming_language, Block (data storage)

Abstract

Recently, Zhang et al. proposed a novel public data integrity verification scheme for the cloud storage using indistinguishability obfuscation ( $iO$ ), and extend it to support batch verification and data dynamic operations ( IEEE Transactions on Information Forensics and Security , vol. 12, no. 3, pp. 676–688, Mar. 2017). However, we find that the scheme has two flaws: (a) the self-checking of the uploaded blocks and tags in Store phase is not reliable, i.e., it is easy to generate invalid block-tag pairs without being detected; (b) the extended scheme for data dynamic operations suffers from a chosen message attack, i.e., if some uploaded blocks match a certain pattern, the cloud storage is able to replace any existing block by a forged one without being detected, which violates the scheme’s security model. Then, we provide solutions to these problems while preserving all the desirable features of the original scheme.

Published

2021

86. Security Threats and Artificial Intelligence Based Countermeasures for Internet of Things Networks: A Comprehensive Survey

Author

Shakila Zaman, Mohammed Aseeri, M. Shamim Kaiser, Mufti Mahmud, Risala Tasin Khan, Khaled Alhazmi, and Muhammad R. Ahmed

Subjects

IoT protocols, General Computer Science, Network security, business.industry, Computer science, General Engineering, Data security, Cryptography, Computer security model, IoT applications, Encryption, TK1-9971, Fuzzy logic, Safeguard, SAFER, Node (computer science), machine leaning, General Materials Science, Artificial intelligence, Electrical engineering. Electronics. Nuclear engineering, business, attack vector

Abstract

The Internet of Things (IoT) has emerged as a technology capable of connecting heterogeneous nodes/objects, such as people, devices, infrastructure, and makes our daily lives simpler, safer, and fruitful. Being part of a large network of heterogeneous devices, these nodes are typically resource-constrained and became the weakest link to the cyber attacker. Classical encryption techniques have been employed to ensure the data security of the IoT network. However, high-level encryption techniques cannot be employed in IoT devices due to the limitation of resources. In addition, node security is still a challenge for network engineers. Thus, we need to explore a complete solution for IoT networks that can ensure nodes and data security. The rule-based approaches and shallow and deep machine learning algorithms– branches of Artificial Intelligence (AI)– can be employed as countermeasures along with the existing network security protocols. This paper presented a comprehensive layer-wise survey on IoT security threats, and the AI-based security models to impede security threats. Finally, open challenges and future research directions are addressed for the safeguard of the IoT network.

Published

2021

87. A Taxonomy of Security Issues in Industrial Internet-of-Things: Scoping Review for Existing Solutions, Future Implications, and Research Challenges

Author

Pls Jayalaxmi, Rahul Saha, Gulshan Kumar, Neeraj Kumar, and Tai-Hoon Kim

Subjects

IoT, General Computer Science, industrial, Process (engineering), Computer science, detection, 02 engineering and technology, Domain (software engineering), Taxonomy (general), 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Internet, Scope (project management), business.industry, 020208 electrical & electronic engineering, General Engineering, 020206 networking & telecommunications, Computer security model, Data science, Automation, intrusion, Security, lcsh:Electrical engineering. Electronics. Nuclear engineering, Internet of Things, business, lcsh:TK1-9971

Abstract

Industrial Internet of Things (IIoTs) are the extensions of the Internet of Things (IoTs) and have paved the way towards the industry revolution 4.0. IIoT accelerates the industry automation of internal and external working process including transport, manufacturing, and marketing units with a number of connected devices. Being the extension of IoT, it inherits the insecurities of the technology; however, this sensor-configured infrastructure of IIoT needs some extra effort to customize the existing security solutions. In spite of the reconstructions of security models, the scope of improved developments is open to detect unknown attacks. The present study helps the researchers to understand the cause for intrusion by classifying and comparing various attacks of each IIoT layers. The main focus of this survey is to analyze various security issues faced by IIoT and provide a comparative analysis on the available solutions to enhance the industrial IoTs' protection systems. This study also notifies some open research problems for academia, technologists, and researchers to flourish the IIoT domain and its security aspects.

Published

2021

88. Performance Analysis of the Hybrid MQTT/UMA and Restful IoT Security Model

Author

Omar H. Alhazmi and Khalid S. Aloufi

Subjects

Structure (mathematical logic), MQTT, Network security, business.industry, Computer science, Distributed computing, Scale (chemistry), 020206 networking & telecommunications, 02 engineering and technology, General Medicine, Computer security model, Set (abstract data type), Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Message queue

Abstract

Internet of Things (IoT) environments are being deployed all over the globe. They have the potential to form solutions to applications, from small scale applications to national and international ones. Therefore, scalability, performance, and security form a triangle of requirements that must be carefully set. Furthermore, IoT applications require higher security standards. A previously proposed IoT application framework with a security embedded structure using the integration between message queue telemetry transport (MQTT) and user-managed access (UMA) is analyzed in this work. The performance analysis of the model is presented. Comparing the model with existing models and different design structures shows that the model presented in this work is promising for a functioning IoT design model with security. The results and analysis showed that the built-in security model had performed better than models with other frameworks, especially with fog implementation.

Published

2021

89. K-Time Modifiable and Epoch-Based Redactable Blockchain

Author

Jianting Ning, Robert H. Deng, Xinyi Huang, Jinhua Ma, and Shengmin Xu

Subjects

Immutability, Blockchain, Computer Networks and Communications, Right to be forgotten, Computer science, Hash function, Computer security model, Computer security, computer.software_genre, Mathematical proof, Digital signature, Rewriting, Safety, Risk, Reliability and Quality, computer

Abstract

As an immutable append-only distributed ledger, blockchain allows a group of participants to reach a consensus in an untrustworthy ecosystem. Immutability is a blockchain feature that persists data forever, but it is no longer legal in reality. Blockchain has unchangeable improper contents that violate laws. Moreover, data regulation toward “the right to be forgotten” requires blockchain must be modifiable. To address this problem, redactable blockchain has been introduced to relax immutability in a controlled way. However, once a participant is authorized, she/he can rewrite any content and no penalty for the malicious behavior that hinders the wide deployment of redactable blockchain in practice. In this paper, we introduce a new notion, dubbed $k$ -time modifiable and epoch-based redactable blockchain (KERB) with a monetary penalty to control rewriting privileges and penalize malicious behaviors. Our solution is built up from simple building blocks: digital signatures and chameleon hashes. We give a formal definition and security models of KERB, and present a generic construction along with formal proofs. The extensive comparison and experimental analysis illustrate that our solution enjoys superior functionalities and performances than the state-of-the-art solutions.

Published

2021

90. Analysis of Multiplicative Low Entropy Masking Schemes Against Correlation Power Attack

Author

Yanbin Li, Ming Tang, Zhe Liu, and Sylvain Guilley

Subjects

Masking (art), Computer Networks and Communications, business.industry, Computer science, Multiplicative function, Dirac delta function, Computer security model, symbols.namesake, Distribution (mathematics), Software, symbols, Entropy (information theory), Overhead (computing), Safety, Risk, Reliability and Quality, business, Algorithm

Abstract

Low Entropy Masking Schemes (LEMS) had been proposed to mitigate the high-performance overhead results from the Full Entropy Masking Schemes (FEMS) while offering good protection against side-channel attacks. The masking schemes usually rely on Boolean masking, however, splitting sensitive variables in a multiplicative way is more amenable to non-linear functions and it had been applied to both software and hardware with a competitive alternative to state-of-the-art masked design. Compared to the comprehensive analysis done for Boolean LEMS, the specific leakage characteristics of Multiplicative LEMS have not yet been analyzed. In this paper, we introduce security models for LEMS to characterize the balance of the mask set. Based on the security model, we present an inherent weakness of Multiplicative LEMS. We prove that this defect of Multiplicative LEMS cannot be compensated by choosing a proper mask set, and the security of FEMS is guaranteed thanks to the Dirac function which is used to resist zero-value attack. Then, we exhibit the leakages in the implementation of Multiplicative LEMS. In particular, we propose a new attack against Multiplicative LEMS more efficient by utilizing the distribution of masked intermediate values. The feasibility of the attack is verified by both simulation and practical experiments.

Published

2021

91. Security Model of Authentication at the Physical Layer and Performance Analysis over Fading Channels

Author

Xie Ning, Changsheng Chen, and Zhong Ming

Subjects

021110 strategic, defence & security studies, Computer science, business.industry, 0211 other engineering and technologies, Physical layer, Cryptography, 02 engineering and technology, Computer security model, PHY, Robustness (computer science), Fading, False alarm, Electrical and Electronic Engineering, business, Computer Science::Cryptography and Security, Communication channel, Computer network

Abstract

Compared with conventional authentication schemes, which utilize cryptographic mechanisms and operate at an upper layer, authentication at the physical (PHY) layer possesses many advantages, such as, higher information-theoretic security by introducing uncertainty to an adversary, better efficiency, and better compatibility by avoiding any operations at the upper layer. An effective PHY-layer authentication scheme should consider covertness, security, and robustness together. However, in published literature, these three properties have been separately analyzed. This paper proposes a generic security model for PHY-layer authentication, and we design a new systematic metric, which is referred to as the probability of security authentication (PSA). According to the proposed generic security model, we can not only systematically analyze the effect of the parameter of a certain PHY-layer authentication scheme on the final performance, but also fairly compare the performance of different PHY-layer authentication schemes under the same channel conditions at the legitimate and adversary receivers. For performance analysis, the probability of detection (PD) and the probability of false alarm (PFA) of two PHY-layer authentication schemes over fading channels are defined, and their closed-form expressions are well derived. On the basis of the proposed generic security model, a systematic performance comparison between different PHY-layer schemes is provided.

Published

2021

92. Efficient All-or-Nothing Public Key Encryption With Authenticated Equality Test

Author

Zhi-Yan Zhao and Peng Zeng

Subjects

all-or-nothing, Authentication, Theoretical computer science, Cryptographic primitive, General Computer Science, Computer science, business.industry, authenticated equality test, General Engineering, Plaintext, Cryptography, Computer security model, Public key encryption, Encryption, TK1-9971, Public-key cryptography, Ciphertext, General Materials Science, CDH, Electrical engineering. Electronics. Nuclear engineering, business, random oracle

Abstract

Public key encryption with equality test (PKEET for short) is a new cryptographic primitive which allows a proxy to check whether two ciphertexts encrypted under different public keys are of the same plaintext. PKEET has become a prospective candidate for various application scenarios, such as data management on encrypted databases, personal health record systems, spam filtering in encrypted email systems. In this paper, we propose an efficient all-or-nothing public key encryption scheme with authenticated equality test (AoN-PKEAET for short). In comparison with the existing PKEET schemes, the proposed scheme provides a new feature of ciphertext authentication before the plaintext equality test. It ensures that no misjudgement occurs when testing the equality between ciphertexts. Specially, the $\mathsf {Test}$ algorithm in the proposed scheme first authenticates the compared ciphertexts and the equality test is fulfilled only if the ciphertexts are authenticated as valid. With this new feature, the $\mathsf {Test}$ algorithm cannot output 0 (which means that the encrypted messages are different) when the two input ciphertexts are of an identical message, or it cannot output 1 (which means that the encrypted messages are identical) when the two input ciphertexts are of different messages. Under a redefined security model for AoN-PKEAET, we give the detailed security proof of the proposed scheme.

Published

2021

93. Contemporary trends in privacy-preserving data pattern recognition

Author

Sergey Zapechnikov

Subjects

Privacy preserving, Data processing, Computer science, business.industry, General Earth and Planetary Sciences, Cryptography, Data patterns, Computer security model, business, Data science, Field (computer science), General Environmental Science

Abstract

The article is devoted to the recent scientific problem of privacy-preserving data pattern recognition. The purposes of the work are to systematize the security models for such tasks, to identify algorithmic tools that can be used to ensure the privacy of the data processing, and application of models and to analyze the privacy-preserving data pattern recognition systems. The article presents the main concepts and some definitions related to privacy-preserving machine learning, gives a systematization of related problems, and notes modern and promising areas of development of machine learning. Special cryptographic methods and protocols are correlated to the solved problems. A brief description of the known privacy-preserving data pattern recognition systems is given. Unsolved problems in the field of privacy-preserving data pattern recognition are considered.

Published

2021

94. Integrity Auditing for Multi-Copy in Cloud Storage Based on Red-Black Tree

Author

Zhenpeng Liu, Yi Liu, Xianwei Yang, and Xiaofei Li

Subjects

Cloud storage, General Computer Science, Computer science, data integrity auditing, 0211 other engineering and technologies, Cloud computing, 02 engineering and technology, Data integrity, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), General Materials Science, dynamic data update, 020203 distributed computing, 021110 strategic, defence & security studies, red-black tree, business.industry, Dynamic data, General Engineering, Computer security model, TK1-9971, Hash tree, Tree (data structure), Electrical engineering. Electronics. Nuclear engineering, business, Computer network

Abstract

With the rapid development of cloud storage, cloud users are willing to store data in the cloud storage system, and at the same time, the requirements for the security, integrity, and availability of data storage are getting higher and higher. Although many cloud audit schemes have been proposed, the data storage overhead is too large and the data cannot be dynamically updated efficiently when most of the schemes are in use. In order to solve these problems, a cloud audit scheme for multi-copy dynamic data integrity based on red-black tree full nodes is proposed. This scheme uses ID-based key authentication, and improves the classic Merkel hash tree MHT to achieve multi-copy storage and dynamic data manipulation, which improves the efficiency of real-time dynamic data update (insertion, deletion, modification). The third-party audit organization replaces users to verify the integrity of data stored on remote cloud servers, which reduces the computing overhead and system communication overhead. The security analysis proves that the security model based on the CDH problem and the DL problem is safe. Judging from the results of the simulation experiment, the scheme is safe and efficient.

Published

2021

95. Outsourcing Proofs of Retrievability

Author

Frederik Armknecht, Ghassan Karame, Jens-Matthias Bohli, and Wenting Li

Subjects

Cloud computing security, Computer Networks and Communications, Computer science, business.industry, Cryptography, Cloud computing, Computer security model, Computer security, computer.software_genre, Computer Science Applications, Public-key cryptography, Digital signature, Hardware and Architecture, Overhead (computing), business, Retrievability, computer, Software, Information Systems

Abstract

Proofs of Retrievability (POR) are cryptographic proofs that enable a cloud provider to prove that a user can retrieve his file in its entirety. POR need to be frequently executed by the user to ensure that their files stored in the cloud can be fully retrieved at any point in time. To conduct and verify POR, users need to be equipped with devices that have network access, and that can tolerate the (non-negligible) computational overhead incurred by the verification process. This clearly hinders the large-scale adoption of POR by cloud users, since many users increasingly rely on portable devices that have limited computational capacity, or might not always have network access. In this paper, we introduce the notion of outsourced proofs of retrievability ( $\sf{ OPOR}$ OPOR ), in which users can task an external auditor to perform and verify POR with the cloud provider. We argue that the $\sf{ OPOR}$ OPOR setting is subject to security risks that have not been covered by existing POR security models. To remedy that, we propose a formal framework and a security model for $\sf{ OPOR}$ OPOR . We then propose a generic procedure for transforming a public POR into an OPOR and we show the security of the resulting OPOR in our proposed security model. We demonstrate the transformation on two different instantiations of public POR schemes due to Shacham and Waters (Asiacrypt'08)—one based on BLS signatures and one using RSA signatures. A shortcoming of this transformation is that the generated OPOR inherits the high computational overhead from the underlying public key cryptography. Consequently, we propose afterwards an OPOR that is build from a private POR by Shacham and Waters. We implement a prototype based on our solutions, and evaluate their performance in a realistic cloud setting. Our evaluation results show that our proposals minimize user effort, and incur negligible overhead on the auditor.

Published

2021

96. A Metric for Evaluating Security Models based on Implementation of Public Key Infrastructure

Author

Mussa Kissaka, Kosmas Kapis, and Sigsbert Rwiza

Subjects

Computer science, Public key infrastructure, Metric (unit), Computer security model, Computer security, computer.software_genre, computer

Published

2020

97. Integrating RBAC, MIC, and MLS in Verified Hierarchical Security Model for Operating System

Author

Petr N. Devyanin, Victor Kuliamin, Ilya V. Shchepetkov, Alexey Khoroshilov, and Alexander K. Petrenko

Subjects

Correctness, Computer science, business.industry, 020207 software engineering, Access control, 0102 computer and information sciences, 02 engineering and technology, Computer security model, computer.software_genre, Formal methods, 01 natural sciences, Security controls, Linux Security Modules, 010201 computation theory & mathematics, Software security assurance, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Role-based access control, business, computer, Software

Abstract

Designing a trusted access control mechanism of an operating system (OS) is a complex task if the goal is to achieve high level of security assurance and guarantees of unwanted information flows absence. Even more complex it becomes when the integration of several heterogeneous mechanisms, like role-based access control (RBAC), mandatory integrity control (MIC), and multi-level security (MLS) is considered. This paper presents results of development of a hierarchical integrated model of access control and information flows (HIMACF), which provides a holistic integration of RBAC, MIC, and MLS preserving key security properties of all those mechanisms. Previous version of this model is called MROSL DP-model. Now the model is formalized using Event-B formal method and its correctness is formally verified. In the hierarchical representation of the model, each hierarchy level (module) corresponds to a separate security control mechanism, so the model can be verified with less effort reusing the results of verification of lower level modules. The model is implemented in a Linux-based operating system using the Linux Security Modules infrastructure.

Published

2020

98. Certificateless Homomorphic Signature Scheme for Network Coding

Author

Yanyan Ji, Maozhi Xu, Rui Xue, Jinyong Chang, and Bilin Shao

Subjects

Authentication, Cryptographic primitive, Computer Networks and Communications, business.industry, Computer science, Computer security model, Computer security, computer.software_genre, Computer Science Applications, Public-key cryptography, Linear network coding, Certificate authority, Electrical and Electronic Engineering, Bilinear map, business, computer, Software, Key escrow

Abstract

Homomorphic signature is an extremely important public key authentication technique for network coding to defend against pollution attacks. As a public key cryptographic primitive, it also encounters the same problem of how to confirm the relationship between some public key $pk$ and the identity $ID$ of its owner. In the setting of distributed network coding, the intermediate and destination nodes need to use the public key of source node S to check the validity of vector-signature pairs. Therefore, the binding of S and its corresponding public key becomes crucial. The popular and traditional solution is based on certificates which are issued by a trusted certification authority (CA) center. However, the generation and management of certificates is extremely cumbersome. Hence, in recent work, Lin et al. proposed a new notion of identity-based homomorphic signature, which intends to avoid using certificates. But the key escrow problem is inevitable for identity-based primitives. In this article, we propose another new notion (for network coding): certificateless homomorphic signature (CLHS), which is a compromise for the above two techniques. In particular, we first describe the definition and security model of certificateless homomorphic signature. Then based on bilinear map and the computational Diffie-Hellman (CDH) assumption, give a concrete implementation and detailedly analyze its security. Finally, performance analysis illustrates that our construction is practical.

Published

2020

99. TO THE PROBLEM OF DEVELOPING A SECURITY MODEL ON THE BASIS OF INTELLECTUAL AGENTS IN THE CORPORATE INFORMATION SYSTEM

Subjects

Risk analysis (engineering), Basis (linear algebra), Computer science, Information system, Computer security model

Abstract

В статье предложена модель безопасности информационной системы с использованием многоагентной технологии. Проанализированы основные проблемы информационной безопасности корпоративных систем, представлены направления для реализации механизмов аутентификации пользователя. The article proposes a security model for an information system using multi-agent technology. The main problems of information security of corporate systems are analyzed, directions for the implementation of user authentication mechanisms are presented.

Published

2020

100. The Group Key Agreement Protocol Based on Multi-Dimensional Virtual Permutation

Author

Chaofei Hu, Yong Gan, Kunpeng Liu, and Yifeng Yin

Subjects

Security analysis, Authentication, Computer science, business.industry, Key distribution, 020206 networking & telecommunications, 02 engineering and technology, Information security, Trusted third party, Computer security model, Encryption, Computer Science Applications, Public-key cryptography, Modeling and Simulation, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, business, Protocol (object-oriented programming), Computer network

Abstract

In current network environment, it is difficult to determine a completely trusted third party to achieve secure key distribution. To solve this problem, this article proposes a method to build a secure communication channel for communication without a trusted third party. It is suitable for the environment with wide distribution, limited computing power and storage capacity, such as intelligent terminal sensor network. This letter realizes multi-dimensional virtual permutation, designs the security model and detailed process of the protocol for virtual permutation function. It can generate a large number of keys conforming to the security rules quickly. Then we carry out security analysis and performance evaluation for the group key agreement protocol based on multi-dimensional virtual permutation. The result shows this protocol improves the security and efficiency.

Published

2020