Your search keyword '"COMPUTER security research"' showing total 620 results

1. Engineering Trustworthy Systems: A Principled Approach to Cybersecurity.

Author

SAYDJARI, O. SAMI

Subjects

*INTERNET security, *COMPUTER crime prevention, *COMPUTER system failure prevention, *COMPUTER engineering, *COMPUTER security research

Abstract

The article discusses the importance of cybersecurity designs in reducing the risk of system failure from cyberattacks. Topics include the importance of practicing cybersecurity as a principled engineering discipline, and the study of how cyberattacks succeed in order to derive or improve cybersecurity principles.

Published

2019

2. Byzantine Agreement in Expected Polynomial Time.

Author

KING, VALERIE and SAIA, JARED

Subjects

BYZANTINE agreement protocols (Computer network protocols), DISTRIBUTED algorithms, COMPUTER security research, RANDOMIZATION (Statistics), POLYNOMIAL time algorithms

Abstract

We address the problem of Byzantine agreement, to bring processors to agreement on a bit in the presence of a strong adversary. This adversary has full information of the state of all processors, the ability to control message scheduling in an asynchronous model, and the ability to control the behavior of a constant fraction of processors that it may choose to corrupt adaptively. In 1983, Ben-Or proposed an algorithm for solving this problem with expected exponential communication time. In this article, we improve that result to require expected polynomial communication time and computation time. Like Ben-Or's algorithm, our algorithm uses coinflips from individual processors to repeatedly try to generate a fair global coin. We introduce a method that uses spectral analysis to identify processors that have thwarted this goal by flipping biased coins. [ABSTRACT FROM AUTHOR]

Published

2016

3. Constant-Round Nonmalleable Commitments from Any One-Way Function.

Author

HUIJIA LIN and PASS, RAFAEL

Subjects

CRYPTOGRAPHY research, COMPUTER security research, PERMUTATIONS, COMBINATORICS, MATHEMATICAL combinations

Abstract

We show unconditionally that the existence of commitment schemes implies the existence of constant-round nonmalleable commitments; earlier protocols required additional assumptions such as collision-resistant hash functions or subexponential one-way functions. Our protocol also satisfies the stronger notions of concurrent nonmalleability and robustness. As a corollary, we establish that constant-round nonmalleable zero-knowledge arguments for NP can be based on one-way functions and constant-round secure multiparty computation can be based on enhanced trapdoor permutations; also here, earlier protocols additionally required either collision-resistant hash functions or subexponential one-way functions. [ABSTRACT FROM AUTHOR]

Published

2015

4. Information Security Outsourcing with System Interdependency and Mandatory Security Requirement.

Author

Hui, Kai-Lung, Hui, Wendy, and Yue, Wei T.

Subjects

INFORMATION technology security, COMPUTER security research, INFORMATION services outsourcing, INFORMATION technology outsourcing, MANAGEMENT information systems, INDUSTRIAL management research, STANDARDS, COMPUTER software

Abstract

The rapid growth of computer networks has led to a proliferation of information security standards. To meet these security standards, some organizations outsource security protection to a managed security service provider (MSSP). However, this may give rise to system interdependency risks. This paper analyzes how such system interdependency risks interact with a mandatory security requirement to affect the equilibrium behaviors of an MSSP and its clients. We show that a mandatory security requirement will increase the MSSP's effort and motivate it to serve more clients. Although more clients can benefit from the MSSP's protection, they are also subjected to greater system interdependency risks. Social welfare will decrease if the mandatory security requirement is high, and imposing verifiability may exacerbate social welfare losses. Our results imply that recent initiatives such as issuing certification to enforce computer security protection, or encouraging auditing of managed security services, may not be advisable. [ABSTRACT FROM AUTHOR]

Published

2012

5. Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model.

Author

Guo, Ken H., Yuan, Yufei, Archer, Norman P., and Connelly, Catherine E.

Subjects

INFORMATION resources, INFORMATION resources management, COMPUTER security research, SECURITY management, INDUSTRIAL psychology research, EMPLOYEES, SECURITY systems

Abstract

End users are said to be "the weakest link" in information systems (IS) security management in the workplace. They often knowingly engage in certain insecure uses of IS and violate security policies without malicious intentions. Few studies, however, have examined end user motivation to engage in such behavior. To fill this research gap, in the present study we propose and test empirically a nonmalicious security violation (NMSV) model with data from a survey of end users at work. The results suggest that utilitarian outcomes (relative advantage for job performance, perceived security risk), normative outcomes (workgroup norms), and self-identity outcomes (perceived identity match) are key determinants of end user intentions to engage in NMSVs. In contrast, the influences of attitudes toward security policy and perceived sanctions are not significant. This study makes several significant contributions to research on security-related behavior by (1) highlighting the importance of job performance goals and security risk perceptions on shaping user attitudes, (2) demonstrating the effect of workgroup norms on both user attitudes and behavioral intentions, (3) introducing and testing the effect of perceived identity match on user attitudes and behavioral intentions, and (4) identifying nonlinear relationships between constructs. This study also informs security management practices on the importance of linking security and business objectives, obtaining user buy-in of security measures, and cultivating a culture of secure behavior at local workgroup levels in organizations. [ABSTRACT FROM AUTHOR]

Published

2011

6. No Free Lunch: Price Premium for Privacy Seal--Bearing Vendors.

Author

Mai, Bin, Menon, Nirup M., and Sarkar, Sumit

Subjects

ELECTRONIC commerce research, MANAGEMENT science research, COMPUTER security research, RIGHT of privacy, PRICING, WILLINGNESS to pay, MARKETING

Abstract

Privacy is a significant concern of customers in the business-to-consumer online environment. Several technical, economic, and regulatory mechanisms have been proposed to address online privacy. A current market-based mechanism is the privacy seal, under which a third party assures adherence by a vendor to its posted privacy policy. In this paper, we present empirical evidence of the effect of displaying a privacy seal on the product prices of online vendors of electronic books, downloadable audiobooks, and textbooks. Using data collected on these relatively homogeneous products sold by online vendors, we find that while controlling for vendor-specific characteristics, vendors bearing privacy seals charge a premium for such products compared to vendors not bearing a seal. The paper provides empirical evidence of the economic value of privacy assurance from the customers' perspective as measured by the price premium charged for products. The research has implications for researchers and policymakers by providing evidence that privacy is another factor that creates friction in e-commerce, and that prices on the Internet for homogeneous products need not converge. [ABSTRACT FROM AUTHOR]

Published

2010

7. Efficient and Secure Authenticated Key Exchange Using Weak Passwords.

Author

KATZ, JONATHAN, OSTROVSKY, RAFAIL, and YUNG, MOTI

Subjects

COMPUTER access control, PUBLIC key infrastructure (Computer security), COMPUTER passwords, DATA protection, COMPUTER network protocol security measures, COMPUTER security research

Abstract

Mutual authentication and authenticated key exchange are fundamental techniques for enabling secure communication over public, insecure networks. It is well known how to design secure protocols for achieving these goals when parties share high-entropy cryptographic keys in advance of the authentication stage. Unfortunately, it is much more common for users to share weak, low-entropy passwords which furthermore may be chosen from a known space of possibilities (say, a dictionary of English words). In this case, the problem becomes much more difficult as one must ensure that protocols are immune to off-line dictionary attacks in which an adversary exhaustively enumerates all possible passwords in an attempt to determine the correct one. We propose a 3-round protocol for password-only authenticated key exchange, and provide a rigorous proof of security for our protocol based on the decisional Diffie-Hellman assumption. The protocol assumes only public parameters—specifically, a "common reference string"—which can be "hardcoded" into an implementation of the protocol; in particular, and in contrast to some previous work, our protocol does not require either party to pre-share a public key. The protocol is also remarkably efficient, requiring computation only (roughly) 4 times greater than "classical" Diffie-Hellman key exchange that provides no authentication at all. Ours is the first protocol for password-only authentication that is both practical and provably-secure using standard cryptographic assumptions. [ABSTRACT FROM AUTHOR]

Published

2009

8. Can Phishing Be Foiled?

Author

Cranor, Lorrie Faith

Subjects

*COMPUTER security research, *PHISHING, *COMPUTER security software, *WEBSITE security, *UNIVERSITY faculty

Abstract

The article describes the anti-phishing research led by Lorrie Faith Cranor, associate professor and director of the Usable Privacy and Security Laboratory at Carnegie Mellon University. The starting point of her research was understanding the critical human factors that phishers exploit for criminal gain. That knowledge is helping researchers in her group develop better ways of educating Internet users and design software that is more effective in detecting phishing attempts.

Published

2008

9. Stopping the Leaks.

Author

Savage, Neil

Subjects

*DATA security, *COMPUTER security research, *APPLICATION software, *VIRTUAL machine systems, *DATA encryption, *SMARTPHONES

Abstract

The article focuses on research into side channel vulnerability and computer security. It states that software applications can gain information about virtual machine servers and infer what other programs are doing, thus increasing the vulnerability of encryption keys and cryptographic algorithms. It mentions research that examines a virtual file of process information in the Unix operating system to determine the amount of memory is allocated to a program and determine what websites a smartphone user is visiting. It comments that malicious mobile device applications can infer telephone, credit card numbers, and social security numbers inputted onto keypads. It talks about methods of increasing security, including increasing data noise or disabling different systems.

Published

2013

10. A Little Privacy, Please.

Author

Walter, Chip

Subjects

*COMPUTER security software, *COMPUTER security research, *IDENTITY theft, *PHISHING, *FALSE personation, *MEDICAL record access control, *ELECTRONIC surveillance, *COMPUTER software

Abstract

This article profiles computer scientist Latanya Sweeney who runs the Data Privacy Laboratory at Carnegie Mellon University. Sweeney's job is to develop software that protects computer privacy and she urges engineers to design new technology with privacy in mind. Sweeney and her students work on issues of identity theft, medical privacy and camera surveillance. She thinks of her team as a digital detective agency.

Published

2007

11. Keystroke dynamics on Android platform.

Author

Antal, Margit, Szabó, László Zsolt, and László, Izabella

Subjects

COMPUTER user identification, SMARTPHONES, MOBILE communication system security, COMPUTER security research, TOUCH screens, KEYSTROKE timing authentication, SECURITY systems

Abstract

Currently people store more and more sensitive data on their mobile devices. Therefore it is highly important to strengthen the existing authentication mechanisms. The analysis of typing patterns, formally known as keystroke dynamics is useful to enhance the security of password-based authentication. Moreover, touchscreen allows adding features ranging from pressure of the screen or finger area to the classical time-based features used for keystroke dynamics. In this paper we examine the effect of these additional touchscreen features to the identification and verification performance through our dataset of 42 users. Results show that these additional features enhance the accuracy of both processes. [ABSTRACT FROM AUTHOR]

Published

2015

12. Assessing the Security Posture of Cloud Service Providers.

Author

Rivera, Jorge, Huiming Yu, Williams, Ken, Zhan, Justin, and Xiaohong Yuan

Subjects

*CLOUD computing security measures, *INFORMATION technology security, *COMPUTER security research, *FUZZY systems, *COMPUTER systems

Abstract

Cloud computing offers on-demand scalable resources and IT-based solutions without the need to invest in new infrastructure or train new personnel. Despite its economic advantages, cloud computing has faced scrutiny regarding security risks involved with allowing sensitive data to be controlled and handled by third-party, off-site vendors. Many businesses with interest in using cloud services do not have a process to assess cloud providers security posture. To aid this issue, the Cloud Security Alliance (CSA) has developed the Consensus Assessments Initiative Questionnaire (CAIQ), which has quickly become an industry-accepted way to document security controls found within cloud services. The CSA CAIQ document provides prospective clients an in-depth look into the security controls of a given cloud service provider (CSP). The assessment process is very complicated because it requires clients to examine over 140 questions spanning over eleven security control categories in CAIQ, answer yes/no followed by explanatory comments related to the corresponding question. How cloud consumers can objectively use the CAIQ to assess CSP security levels becomes an important and urgent problem. A Fuzzy Likert System (FLS) was employed that uses fuzzy logic, Likert scales and decision making technologies to assess the Security Posture Score (SPS) for cloud service providers based on client evaluations of CSP feedback on the CAIQ document and client-defined weights signifying the relative importance of each CAIQ category. The FLS allows clients to numerically evaluate the CSA CAIQ and provides weights for each CAIQ category. Upon doing so, the FLS provides a score indicating the security posture of the given CSP. A one-tailed F-test is used to perform a statistical analysis comparing the standard deviation between 1000 random SPSs calculated with our FLS and a traditional weighted-average system. Experimental results indicate that the null hypothesis, which states that the two standard deviations are the same, can be rejected in favor of the alternate hypothesis, thus claiming that with 95% confidence there is a significant difference between scoring methods. [ABSTRACT FROM AUTHOR]

Published

2015

13. Wireless Network Security recommendations Using the Application for Security Evaluation.

Author

Skendžić, Aleksandar, Kovačić, Božidar, and Tijan, Edvard

Subjects

WIRELESS LANs, COMPUTER network security, COMPUTER security research, WIRELESS communications, SYSTEMS engineering

Abstract

The proposed system of security recommendations of wireless local area network allows applications to achieve higher levels of security. In order to build a security model, it is crucial to pre-evaluate the parameters that affect the security of the wireless network. When evaluating the parameters, expert literature along with practical experience of network administrators has been used. The results of evaluation parameters are included in the constructed security model of the proposed application. The proposed model contributes to a simpler problem solving of wireless network security through the evaluation of safety parameters. In addition, the proposed system gives recommendations regarding security at two levels, together with an appropriate security evaluation. The chosen safety parameters were evaluated using a questionnaire among CARNet system engineers in educational institutions. The results obtained may help to efficiently prevent wireless network security breaches. [ABSTRACT FROM AUTHOR]

Published

2015

14. An approach of security testing for third-party component based on state mutation.

Author

Chen, Jinfu, Chen, Jiamei, Huang, Rubing, Guo, Yuchi, and Zhan, Yongzhao

Subjects

COMPUTER security research, MATHEMATICAL sequences, ALGORITHMS, FINITE state machines, ANOMALY detection (Computer security)

Abstract

ABSTRACT It is essential to study an effective approach of security testing for third-party component. In this paper, to effectively trigger implicit vulnerabilities of third-party components, an approach of security testing for third-party component is proposed based on state mutation. To start with, executable method sequences of components are transformed into extended finite state machine. Then, according to characteristics of condition conflict and behavior conflict, two test case generation algorithms are addressed, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third-party components, and then, testing report of component security is obtained. In the end, some experiments are conducted on the basis of the proposed approach, and the experimental results show that the proposed approach can effectively detect security exceptions of third-party components. Copyright © 2015 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

15. A Novel NTT-Based Authentication Scheme for 10-GHz Quantum Key Distribution Systems.

Author

Zhao, Baokang, Liu, Bo, Wu, Chunqing, Yu, Wanrong, Su, Jinshu, You, Ilsun, and Palmieri, Francesco

Subjects

*QUANTUM cryptography, *COMPUTER access control, *COMPUTER security research, *QUANTUM mechanics, *ALGORITHMS

Abstract

The quantum key distribution (QKD) technology is achieving a growing interest in both the scientific and industrial communities. Based on principles of quantum mechanics, it can provide unconditional security in key exchanges over end-to-end communication channels. Information-theoretically secure (ITS) authentication, the compulsory procedure of QKD systems, avoids the man-in-the-middle attack during the security key generation. In this paper, we propose a novel family of almost strongly universal (ASU) hash functions based on number-theoretic transforms (N-ASU), and prove that N-ASU hash functions can meet the high security requirement of an ITS authentication procedure. With such N-ASU hash functions, we propose a novel efficient NTT-based authentication algorithm (N-Auth) for QKD systems. Such a solution offers nearly the same security guarantees provided by the available authentication algorithms built upon ASU hash functions, but is characterized by a much lower computational complexity. The experimental results show that the N-Auth algorithm can fully meet the real-time and high-performance demands of modern 10-GHz QKD systems, making it a viable solution for the implementation of industrial-strength unconditionally secure broadband communication solutions. [ABSTRACT FROM PUBLISHER]

Published

2016

16. Information Interoperability System Using Multi-agent with Security.

Author

Chae, Cheol-Joo, Choi, Kwang-Nam, and Choi, Kiseok

Subjects

INTERNETWORKING, MULTIAGENT systems, INTELLIGENT agents, COMPUTER security research, CLIENT/SERVER computing

Abstract

Recently, due to the interoperation of distributed information, the task and task analysis requiring the information connection in the distributed environment increases, and the decision support using the system becomes more important. As the centralized structure of the multi-agent based information interoperability system is composed of master and slave, it is vulnerable to impersonation attack, integrity, non-repudiation, and privacy security. Therefore, this paper adopted EMAF for information interoperability to propose an information interoperability system with security. In addition, to overcome the security vulnerability that may happen to the proposed system based on multi-agent, we are going to propose an agent mutual authentication method where certificates and session keys are combined together. When the proposed method is applied to the information interoperation between the national R&D report registration management system and the project management organization research report management system, not only the information interoperations in the distributed environment but also the safe information interoperability are supplied. [ABSTRACT FROM AUTHOR]

Published

2016

17. A Study on the Authentication and Security of Financial Settlement Using the Finger Vein Technology in Wireless Internet Environment.

Author

Noh, Kyoo

Subjects

WIRELESS Internet, WIRELESS communications security, PREVENTION of computer hacking, BIOMETRIC identification, DATA protection research, COMPUTER security research, SECURITY systems

Abstract

The development of the wireless communication allows all of the information to be saved in the digital storage device rapidly. Due to this, hacking and information leakage incidents are rapidly increasing. The scale of the problem however has gradually increased and the targeted industries have become much more diverse, which further points to the severity of the issue. Consequently, there are efforts to develop a security system in order to protect the information, yet at the same time the hacking technology has also advanced, causing an astronomical damage at an increasing state. This has led to the demand for a more convenient and cutting-edge enhanced security solutions. This demand has birthed the security authentication technology which merges biometrics and ICT capabilities. However, numerous biometrics technologies carry problems when deployed as means of security authentication solution for financial services due to their low level of recognition success rate, easy duplication, avoid recognition, terminal minimization difficulties and more. Finger vein recognition technology which is impossible to duplicate with a very high level of recognition rate has emerged as the biometrics authentication solution for financial services. This study recommended an authentication security model for financial services that use finger vein solution to strengthen financial services' safety and to protect information. [ABSTRACT FROM AUTHOR]

Published

2016

18. Information Security Evaluation Using Multi-Attribute Threat Index.

Author

Je, Young-Man, You, Yen-Yoo, and Na, Kwan-Sik

Subjects

WEB services, INFORMATION technology security, RISK assessment, DECISION making, COMPUTER security research, SECURITY systems

Abstract

Threat to security has been increasing along with proliferation of service through the Web. Multi-attribute risk assessment serves as a useful tool to assess risk quantitatively by prioritizing sets of threats and security requirements. The case study presents decision-making methods as to the selection of information security technology and solution through the process of identifying risk and quantifying threat index. Since the intrusion types and analysis data was analyzed based on the statistics of multiple enterprises, it is advisable to classify the types into more detailed types suitable to the target company, and to reasonably reflect the characteristics of the organization through accumulation and utilization of the company's own data. [ABSTRACT FROM AUTHOR]

Published

2016

19. SecureDom: secure mobile-sensitive information protection with domain separation.

Author

Park, Su-Wan, Kim, JeongNyeo, and Lee, Deok

Subjects

*MOBILE communication systems, *COMPUTER security research, *COMPUTER access control, *ELECTRONIC authentication, *COMPUTER crime prevention

Abstract

The virtualization techniques are receiving more attention lately in mobile device security. In this study, we present SecureDom which is the device security of data-centric that aims to protect private, enterprise or sensitive data from various attacks and threats. To achieve it, we provide the mobile device security platform based on domain separation and suggests three essential secure functions which should be offered for secure domain: authentication/access control (AAC) module, secure storage (STR) module and encryption/key management (EKM) module. In secure functions, the AAC module applies two-factor authentication by user and app to access SD, the STR module introduces the enhanced abilities of secure filesystem and EKM module is in charge of security algorithms for data encryption, integrity validation or key generation. Here, EKM module can utilize the existing encryption module that is certified by cryptographic validation program. In the experiment, it demonstrates that some notable overheads are caused in the performance of virtualization engine and inter-domain communication (IDC) performance based on hypervisor, while it provides the strong isolation in domain, IDC, filesystem and resource and the separation of processes. [ABSTRACT FROM AUTHOR]

Published

2016

20. A secure cloud storage system combining time-based one-time password and automatic blocker protocol.

Author

El-Booz, Sheren, Attiya, Gamal, and El-Fishawy, Nawal

Subjects

CLOUD storage, CLOUD computing security measures, COMPUTER security research

Abstract

Cloud storages in cloud data centers can be used for enterprises and individuals to store and access their data remotely anywhere anytime without any additional burden. By data outsourcing, users can be relieved from the burden of local data storage and maintenance. However, the major problem of cloud data storage is security. Moreover, cloud users must be able to use the cloud storage just like the local storage, without worrying about the need to verify the data integrity and data consistency. Some researchers have been conducted with the aid of a third party auditor (TPA) to verify the data stored in the cloud and be sure that it is not tampered. However, the TPA is leased by the provider, and after a time, a cloud service provider may contract with the TPA to conceal the loss of data from the user to prevent the defamation. This paper presents a novel secure cloud storage system to ensure the protection of organizations' data from the cloud provider, the third party auditor, and some users who may use their old accounts to access the data stored on the cloud. The proposed system enhances the authentication level of security by using two authentication techniques; time-based one-time password (TOTP) for cloud users verification and automatic blocker protocol (ABP) to fully protect the system from unauthorized third party auditor. The experimental results demonstrate the effectiveness and efficiency of the proposed system when auditing shared data integrity. [ABSTRACT FROM AUTHOR]

Published

2016

21. Indifferentiability security of the fast wide pipe hash: Breaking the birthday barrier.

Author

Moody, Dustin, Paul, Souradyuti, and Smith-Tone, Daniel

Subjects

*CRYPTOGRAPHY research, *HASHING, *MESSAGE authentication codes, *DATA encryption, *COMPUTER security research

Abstract

A hash function secure in the indifferentiability framework (TCC 2004) is able to resist all meaningful generic attacks. Such hash functions also play a crucial role in establishing the security of protocols that use them as random functions. To eliminate multi-collision type attacks on the Merkle-Damgård mode (Crypto 1989), Lucks proposed widening the size of the internal state of hash functions (Asiacrypt 2005). The fast wide pipe (FWP) hash mode was introduced by Nandi and Paul at Indocrypt 2010, as a faster variant of Lucks' wide pipe mode. Despite the higher speed, the proven indifferentiability bound of the FWP mode has so far been only up to the birthday barrier of n/2 bits. The main result of this paper is the improvement of the FWP bound to 2n/3 bits (up to an additive constant). We also provide evidence that the bound may be extended beyond 2n/3 bits. [ABSTRACT FROM AUTHOR]

Published

2016

22. On Acceleration and Scalability of Number Theoretic Private Information Retrieval.

Author

Unal, Ecem and Savas, Erkay

Subjects

*INFORMATION retrieval research, *INFORMATION architecture, *COMPUTER security research, *SECURITY systems, *PARALLEL algorithms

Abstract

We present scalable and parallel versions of Lipmaa's computationally-private information retrieval (CPIR) scheme [20] , which provides log-squared communication complexity. In the proposed schemes, instead of binary decision diagrams utilized in the original CPIR, we employ an octal tree based approach, in which non-sink nodes have eight child nodes. Using octal trees offers two advantages: i) a serial implementation of the proposed scheme in software is faster than the original scheme and ii) its bandwidth usage becomes less than the original scheme when the number of items in the data set is moderately high (e.g., 4,096 for 80-bit security level using Damgård-Jurik cryptosystem). In addition, we present a highly-optimized parallel algorithm for shared-memory multi-core/processor architectures, which minimizes the number of synchronization points between the cores. We show that the parallel implementation is about 50 times faster than the serial implementation for a data set with 4,096 items on an eight-core machine. Finally, we propose a hybrid algorithm that scales the CPIR scheme to larger data sets with small overhead in bandwidth complexity. We demonstrate that the hybrid scheme based on octal trees can lead to more than two orders of magnitude faster parallel implementations than serial implementations based on binary trees. Comparison with the original as well as the other schemes in the literature reveals that our scheme is the best in terms of bandwidth requirement. [ABSTRACT FROM PUBLISHER]

Published

2016

23. HEAP: Reliable Assessment of BGP Hijacking Attacks.

Author

Schlamp, Johann, Holz, Ralph, Jacquemart, Quentin, Carle, Georg, and Biersack, Ernst W.

Subjects

BGP (Computer network protocol), COMPUTER network protocols, ROUTING (Computer network management), SECURE Sockets Layer (Computer network protocol), COMPUTER security research

Abstract

The detection of BGP prefix hijacking attacks has been the focus of research for more than a decade. However, the state-of-the-art techniques fall short of detecting more elaborate types of attack. To study such attacks, we devise a novel formalization of Internet routing, and apply this model to routing anomalies in order to establish a comprehensive attacker model. We use this model to precisely classify attacks and to evaluate their impact and detectability. We analyze the eligibility of attack tactics that suit an attacker’s goals and demonstrate that related work mostly focuses on less impactful kinds of attacks. We further propose, implement, and test the Hijacking Event Analysis Program (HEAP), a new approach to investigate hijacking alarms. Our approach is designed to seamlessly integrate with the previous work in order to reduce the high rates of false alarms inherent to these techniques. We leverage several unique data sources that can reliably disprove malicious intent. First, we make use of an Internet routing registry to derive business or organizational relationships between the parties involved in an event. Second, we use a topology-based reasoning algorithm to rule out events caused by legitimate operational practice. Finally, we use Internet-wide network scans to identify SSL/TLS-enabled hosts, which helps to identify non-malicious events by comparing public keys prior to and during an event. In our evaluation, we prove the effectiveness of our approach, and show that day-to-day routing anomalies are harmless for the most part. More importantly, we use HEAP to assess the validity of publicly reported alarms. We invite researchers to interface with HEAP in order to crosscheck and narrow down their hijacking alerts. [ABSTRACT FROM PUBLISHER]

Published

2016

24. Quantum Private Query Protocol Based on Two Non-Orthogonal States.

Author

Yan Chang, Shibin Zhang, Guihua Han, Zhiwei Sheng, Lili Yan, and Jinxin Xiong

Subjects

*CRYPTOGRAPHY research, *QUANTUM cryptography, *QUANTUM computing, *DATA privacy, *COMPUTER security research

Abstract

We propose a loss tolerant quantum private query (QPQ) protocol based on two non-orthogonal states and unambiguous state discrimination (USD) measurement. By analyzing a two-point attack by a third party, we find that our protocol has a stronger ability to resist external attacks than G-protocol and Y-protocol. Our protocol requires a smaller number of compressions than that in G-protocol (Gao et al., Opt. Exp. 2012, 20, 17411-17420) and Y-protocol (Yan et al. Quant. Inf. Process. 2014, 13, 805-813), which means less post-processing. Our protocol shows better database security and user privacy compared with G-protocol. [ABSTRACT FROM AUTHOR]

Published

2016

25. SECURITY MEASURES FOR OPEN SOURCE WEBSITE PLATFORMS.

Author

GARAIS, Gabriel Eugen

Subjects

OPEN source software, WEB development, WEBSITE management, COMPUTER hacking, COMPUTER security research

Abstract

Open Source Website Projects are widely spread among web developers and web users. The ease of installing and handling Open Source Web Site Platforms is known to be a handy solution but also a risky one. The use of such platforms is under heavy discussion because of the transparency that not only a normal user sees but also a hacker. [ABSTRACT FROM AUTHOR]

Published

2016

26. A GPU implementation of secret sharing scheme based on cellular automata.

Author

Hernandez-Becerril, Rogelio, Bucio-Ramirez, Ariana, Nakano-Miyatake, Mariko, Perez-Meana, Hector, and Ramirez-Tachiquin, Marco

Subjects

*CELLULAR automata, *GRAPHICS processing units, *DATA encryption, *COMPUTER security research, *CLOUD computing, *COMPUTER architecture

Abstract

Secret sharing (SS) schemes based on cellular automata (CA) are considered as secure encrypting algorithms, where several secret data can be shared among some persons. Recently the SS schemes can be applied to solve real-world problems, such as security in cloud computing. The principal obstacle of use of the SS scheme is its considerably high computational cost; especially if a large amount of secret data must be encrypted and shared. In this work, we propose a parallel CA-based SS scheme suitable for any kinds of digital data in the graphic processing unit using compute unified device architecture technology. The uses of global memory and shared memory are analyzed from computational effectiveness and security points of view. The experimental results show the proposed parallel implementation provides a speedup rate more than 18-fold compared with its sequential implementation. Also we show the increase of the security level of the parallel implementation with respect to the sequential implementation. [ABSTRACT FROM AUTHOR]

Published

2016

27. An enhanced security framework for reliable Android operating system.

Author

Park, Jong Hyuk, Kim, Dohyun, Park, Ji Soo, and Lee, Sangjin

Subjects

MALWARE, COMPUTER operating systems, COMPUTER security research, COMPUTER files

Abstract

The number of applications loaded with malware is rapidly increasing in Android operating system (OS). These malwares spread through the official Android market 'Play Store', unofficial 'black market', and private web pages. Once the malware activates, personal information can be extracted and some data can be deleted, causing tremendous damage to users. In order to provide reliability on Android OS, there is a need to analyze and address these malwares and recover the modified data. In this paper, we propose an enhanced security framework for a reliable Android OS. The framework provides means to prevent influx of malware by examining the Android OS and file system. In addition, it recovers data once deleted by security breaches. Copyright © 2013 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

28. Introducing touchstroke: keystroke-based authentication system for smartphones.

Author

Kambourakis, Georgios, Damopoulos, Dimitrios, Papamartzivanos, Dimitrios, and Pavlidakis, Emmanouil

Subjects

SMARTPHONES, COMPUTER access control, KEYSTROKE timing authentication, COMPUTER security research, BIOMETRIC identification

Abstract

Keystroke dynamics is a well-investigated behavioural biometric based on the way and rhythm in which someone interacts with a keyboard or keypad when typing characters. This paper explores the potential of this modality but for touchscreen-equipped smartphones. The main research question posed is whether 'touchstroking' can be effective in building the biometric profile of a user, in terms of typing pattern, for future authentication. To reach this goal, we implemented a touchstroke system in the Android platform and executed different scenarios under disparate methodologies to estimate its effectiveness in authenticating the end-user. Apart from typical classification features used in legacy keystroke systems, we introduce two novel ones, namely, speed and distance. From the experiments, it can be argued that touchstroke dynamics can be quite competitive, at least when compared to similar results obtained from keystroke evaluation studies. As far as we are aware of, this is the first time this newly arisen behavioural trait is put into focus. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

29. Small target detection using morphology and modified Gaussian distance function.

Author

Kim, Jong-Ho, Park, Jun-Jae, Ahn, Sang-Ho, Lee, Deok Gyu, Moon, Daesung, and Kim, Sang-Kyoon

Subjects

GAUSSIAN processes, CLOUD computing, OPERATOR theory, IMAGE processing, COMPUTER security research

Abstract

We propose a new small target detection system that detects small target candidates based on morphology operations and detects actual targets using a modified Gaussian distance function. To reduce clutter on the edges of clouds, a median filter is applied as preprocessing. Two kinds of images are calculated with closing and opening morphological operators, respectively. In the morphology operations, various sizes of structure elements that are used to consider the sizes of targets and candidate targets are extracted from different images between the two images in the closing and opening operations. With a modified Gaussian distance function, small targets are detected from the candidate targets. The proposed method is less sensitive to clutters than existing methods and has a detection rate of 98%. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

30. Single authentication through in convergence space using collaborative smart cameras.

Author

Kim, Geon Woo, Han, Jong Wook, Lee, Deok Gyu, and Kim, Sang Wook

Subjects

INFORMATION technology research, DIGITAL cameras, CUSTOMER service research, COMPUTER access control, COMPUTER security research

Abstract

In recent years, the convergence of IT space and physical space is increasingly studied. In the legacy IT-based systems, developments of services were focusing on just the cyber space. However, as ubiquitous computing environment is expanding into the real world, considerations about how to design and develop the systems for ensuring the interoperability between two spaces must be taken. For indeed converging IT/physical spaces and ensuring the ubiquity, a new model to efficiently identify a moving object needs to be established. Although the identifier information resulted from successful authentication procedure is used in the most security systems, each authentication method adopts a variety of identifiable information (II) specification. So in this paper, we suggest a scheme to access any ubiquitous service with single authentication at initial stage for efficiently identifying an object moving multiple convergence spaces by relaying the II along the movement. This is performed by enabling distributed smart cameras to deliver II of the identified moving object. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

31. Optimisation-based collaborative determination of component trustworthiness in service compositions.

Author

Elshaafi, Hisain and Botvich, Dmitri

Subjects

SERVICE-oriented architecture (Computer science), QUALITY of service, COMPUTER security research, CUSTOMER service quality control, CUSTOMER satisfaction research

Abstract

In service-oriented environments, service providers orchestrate distributed services from other providers to create new composite enterprise services. A component service can be invoked jointly by several distributed composite service providers. However, because a composite service is provided to the consumers as an integrated service, when failures or dissatisfaction of the consumers occurs, it is not possible to directly identify the untrustworthy component. In this paper, we describe a collaborative trustworthiness determination approach using optimisation that can provide a solution to selecting trustworthy component service constructs based on monitoring and consumer quality of experience reporting of existing composite services from peer providers. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

32. A histogram-based method for efficient detection of rewriting attacks in simple object access protocol messages.

Author

Nasridinov, Aziz, Jeong, Young-Sik, Byun, Jeong-Yong, and Park, Young-Ho

Subjects

SIMPLE Object Access Protocol (Computer network protocol), XML (Extensible Markup Language), DIGITAL signatures, COMPUTER security research, COMPUTER network security software

Abstract

In order to secure the content of simple object access protocol (SOAP) messages in Web services, several security standards of Web service security, such as XML digital signature, are used. However, the content of a SOAP message, protected with XML digital signature, can be altered without invalidating the signature. Existing methods for detecting XML rewriting attacks are inefficient because the cost of performing detection operation is linear to the height of the SOAP message tree. Thus, each element of SOAP message needs to be accessed and checked. In this paper, we propose an efficient method for detecting XML rewriting attacks on SOAP messages using a histogram. With our method, once the source of attacks is identified, we save it in the form of a histogram, which enables us to maintain a statistical information about the location of the attack in the SOAP message. We can use this information to detect attacks in the future and thus avoid unnecessary check of all elements in the SOAP message. Experiments show that our methods outperform existing methods by several times in many cases. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

33. Server-based code obfuscation scheme for APK tamper detection.

Author

Piao, Yuxue, Jung, Jin-Hyuk, and Yi, Jeong Hyun

Subjects

DECOMPILERS (Computer programs), APPLICATION software research, COMPUTER software security, COMPUTER security research

Abstract

It is easy to decompile Android applications (or apps) owing to the structural characteristics of the app building process, but this ease makes them quite vulnerable to forgery or modification attacks. In particular, users may suffer direct financial loss if this vulnerability is exploited in security-critical private and business applications, such as online banking. One of the solutions to these problems is a code obfuscation technique. In this regard, DexGuard, which is based on ProGuard, which is integrated into the Android software development kit build system, has recently been introduced. Although DexGuard protects Android applications more effectively, an attacker is still able to analyze the hex code of a Dalvix Executable file. To resolve this weakness, we begin by analyzing the DexGuard tool from both a static and dynamic point of view. Our analysis reveals that DexGuard has some weaknesses. In this paper, we propose an obfuscation technique based on a client/server model with one-time secret key delivery using short message service or network protocol. The main concept is to store the core execute class file through obfuscation on the server, so when a program needs to execute core routines, it must request these routines from the server. In this way, we can protect Android apps from reverse engineering. Copyright © 2014 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

34. Secure and efficient data access control in cloud computing environment: A survey.

Author

Namasudra, Suyel and Roy, Pinki

Subjects

CLOUD computing, DATA encryption, INFORMATION technology research, DISTRIBUTED computing, COMPUTER security research

Abstract

Cloud computing is very emerging area in IT industries. In a cloud environment, many distributed systems are interconnected to provide software, hardware and resources over the internet. Since this new paradigm requires users to ensure the security of their personal data, there are gradually increasing security and privacy issues on outsourced data. A natural way to keep the data in a confidential manner is to encrypt it before storing on cloud server. The main problems of this process include building scalable access control for storing data and revoking access rights from users if they are revoked from the system. Many access control schemes have been already developed. In this paper, a taxonomy and brief survey of secure data access control schemes in cloud environment have been presented. The current research issues and future work directions are also presented in this paper in the area of security of cloud computing. [ABSTRACT FROM AUTHOR]

Published

2016

35. A survey of accountability in computer networks and distributed systems.

Author

Xiao, Zhifeng, Kathiresshan, Nandhakumar, and Xiao, Yang

Subjects

COMPUTER networks, COMPUTER systems, COMPUTER security research, INFORMATION storage & retrieval systems, COMPUTER science research

Abstract

Security in computer systems has been a major concern since the very beginning. Although security has been addressed in various aspects, accountability is one of the main facets of security that is lacking in today's computer systems. The ability not only to detect errors but also to find the responsible entity/entities for the failure is crucial. In this paper, we intend to provide a comprehensive investigation of the state-of-the-art accountability research issues in current information systems. Also, we study the various accountability tactics that are available and how each one of them contributes to providing strong accountability of different aspects. Finally, we examine the various merits and tradeoffs. Copyright © 2012 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

36. Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits.

Author

Wang, Xueyang and Karri, Ramesh

Subjects

*KERNEL operating systems, *COMPUTER systems management, *COMPUTER security research, *VIRTUAL machine systems software, *COMPUTER operating systems

Abstract

Kernel rootkits are formidable threats to computer systems. They are stealthy and can have unrestricted access to system resources. This paper presents NumChecker, a new virtual machine (VM) monitor based framework to detect and identify control-flow modifying kernel rootkits in a guest VM. NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring the number of certain hardware events that occur during the system call’s execution. To automatically count these events, NumChecker leverages the hardware performance counters (HPCs), which exist in modern processors. By using HPCs, the checking cost is significantly reduced and the tamper-resistance is enhanced. We implement a prototype of NumChecker on Linux with the kernel-based VM. An HPC-based two-phase kernel rootkit detection and identification technique is presented and evaluated on a number of real-world kernel rootkits. The results demonstrate its practicality and effectiveness. [ABSTRACT FROM PUBLISHER]

Published

2016

37. Detection of Hardware Trojans in Third-Party Intellectual Property Using Untrusted Modules.

Author

Reece, Trey and Robinson, William H.

Subjects

*COMPUTER viruses, *INTELLECTUAL property, *COMPUTER security research, *HARDWARE Trojans (Computers)

Abstract

During the design of an integrated circuit, there are several opportunities for adversaries to make malicious modifications or insertions to a design. These attacks, known as hardware Trojans, can have catastrophic effects on a circuit if left undetected. This paper describes a technique for identifying hardware Trojans with logic-based payloads that are hidden within third-party intellectual property. Through comparison of two similar but untrusted designs, functional differences can be identified for all possible input combinations within a window of time. This technique was tested on multiple Trojan benchmarks and was found to be very effective, both in detectability and in speed of testing. As this technique has very low costs to implement, it represents an easy way for designers to gain a level of trust in previously untrusted designs. [ABSTRACT FROM PUBLISHER]

Published

2016

38. Demographic variables and risk factors in computer-crime: an empirical assessment.

Author

Choi, Kyung-shick, Choo, Kyungseok, and Sung, Yong-eun

Subjects

*COMPUTER security research, *DATA security, *COMPUTER crimes, *STRUCTURAL equation modeling, *CRIME victims

Abstract

The purpose of this research is to examine how demographics variables interact with factors such as online lifestyle, digital-capable guardianship, computer security management, and levels of individual computer crime victimization. The current study used a secondary data which was a self-report survey ( $$N=204$$ ) contained items intended to measure the major constructs of routine activities theory. The findings of SEM (structural equation modeling) analysis showed that: (1) gender did not substantially influence on digital guardian factor and computer crime victimization. However, males are more likely to be engaging in online risky leisure activities such as visiting unknown Web sites, downloading free games, free music, and free movies than females. Simultaneously, males tended to update computer security, change the passwords for e-mail account, search for more effective computer security software, check the operation of computer security online, and use different passwords and user IDs for their Internet accounts than females; (2) individuals with older age are less likely to equip the number of computer security software with less duration; (3) race does not have any statistically significant impact on computer crime victimization. Lastly, the policy implications and the limitations of the current research were discussed at the last part of this study. [ABSTRACT FROM AUTHOR]

Published

2016

39. Factors affecting the continuous use of cloud service: focused on security risks.

Author

Park, Seong-Taek, Park, Eun-Mi, Seo, Joung-Hae, and Li, Guozhong

Subjects

*CLOUD computing, *COMPUTER security research, *COMPUTER security software, *INNOVATION adoption, *CLOUD storage

Abstract

Despite its many technology maturity and significant advantages, the cloud services are still far from success in the market. In accordance with some research, security risks have been regarded as the main factors that impede activating cloud service. Accordingly, this study divides the factors of security risk into Information leakage risk, Fault recovery risk, Compliance risk, Service interruption risk and made an empirical analysis of the impact of these four factors on continuous adoption intention. The effects of security risk and adoption intention of cloud service were analyzed via the moderation effects of trust. The analytical results of China data show that bo th Information Leakage Risk and Compliance Risk have negative impact on continuous adoption intention of cloud service. Neither Fault Recovery Risk nor Service Interruption Risk is significantly related with continuous adoption intention of cloud service. The analytical results of Korea data show that Fault Recovery Risk, Compliance Risk and Service Interruption Risk significantly impact continuous adoption intention of cloud service, whereas Information Leakage Risk insignificantly impact continuous adoption intention of the cloud service. [ABSTRACT FROM AUTHOR]

Published

2016

40. Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation.

Author

Kapoor, Akshay and Dhavale, Sunita

Subjects

MALWARE prevention, FLOWGRAPHS, MACHINE learning, DETECTORS, COMPUTER security research

Abstract

Control flow graphs (CFG) and OpCodes extracted from disassembled executable files are widely used for malware detection. Most of the research in static analysis is focused on binary class malware detection which only classifies an executable as benign or malware. To overcome this issue, CFG based multiclass malware detection system that automatically classifies the malware into their respective families is proposed. The use Bi-normal separation (BNS) as a feature scoring metric. Experimental results show that proposed method using BNS outperforms compared to hitherto use technique of document Frequency for multiclass metamorphic malware detection and achieves detection accuracy of 99.5 per cent. [ABSTRACT FROM AUTHOR]

Published

2016

41. Selectively chosen ciphertext security in threshold public-key encryption.

Author

Kim, Kitak, Park, Jong Hwan, and Lee, Dong Hoon

Subjects

PUBLIC key cryptography, COMPUTER network security, CIPHERS, CRYPTOGRAPHY research, COMPUTER security research

Abstract

Threshold public-key encryption can control decryption abilities of an authorized user group in such a way that each user of the group can produce only a decryption share and at least t of them should collect decryption shares to recover a message. We present a new threshold public-key encryption that is secure against selectively chosen ciphertext attacks. Semantic security against chosen ciphertext adversaries is the de facto level of security for public-key encryption deployed in practice because many encryption systems are broken in a model of chosen ciphertext security. The security of the proposed system is formally proved without random oracles under a new assumption. We also provide proof of the intractability of our assumption in the generic group model. Copyright © 2012 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2016

42. Efficient and secure multi-functional searchable symmetric encryption schemes.

Author

Changhui Hu, Lidong Han, and Siu Ming Yiu

Subjects

CLOUD computing, DATA encryption, COMPUTER security research, COMPUTER network security, KEYWORDS

Abstract

There is an increasing trend for data owners to outsource their data to an untrusted cloud provider. Besides providing the storage for the data, the service provider could allow the data owner or authorized clients to search over the data. To guarantee the data secure, the owner must encrypt his or her data before sending to the cloud. However, traditional encryption does not allow searching without decrypting the data. Searchable symmetric encryption is one approach that allows users to search over the encrypted data. For data applications, various different functional search have been proposed, such as wildcard search, similarity keyword search and fuzzy keyword search. Moreover, dynamic addition and removal of files should be supported in practice. However, to our knowledge, there does not exist a searchable symmetric encryption scheme that can support many properties such as more than three functions in all the aforementioned operations. In this paper, we propose an efficient multi-functional searchable symmetric encryption scheme that can support wildcard search, similarity search (including hamming distance and edit distance), fuzzy keyword search and disjunctive keyword search simultaneously. In the new scheme, the trapdoor changes with various search requests and it enumerates all possibilities of the keyword of the trapdoor. Moreover, we use an array instead of a matrix to reduce the storage, and the scheme can be constructed efficiently in terms of both computational and space complexity. Our scheme is based on the Bloom filter, and it is secure against non-adaptive chosen keyword attack. With the dynamic technique for the inverted index, our scheme can support dynamic operation such as addition and removal of data files, which can also be secure against adaptive chosen keyword attack. [ABSTRACT FROM AUTHOR]

Published

2016

43. Cryptanalysis of a robust key agreement based on public key authentication.

Author

Toorani, Mohsen

Subjects

PUBLIC key cryptography, CRYPTOGRAPHY research, CRYPTOSYSTEMS, DATA encryption, COMPUTER security research

Abstract

This paper considers security analysis of the YAK, a public key-based authenticated key agreement protocol. The YAK protocol is a variant of the two-pass HMQV protocol but uses zero-knowledge proofs for proving knowledge of ephemeral values. In this paper, we show that the YAK protocol lacks joint key control and perfect forward secrecy attributes and is vulnerable to some attacks including unknown key-share and key-replication attacks. This invalidates the semantic security of the protocol in several security models. There are also other considerations regarding the impersonation and small subgroup attacks. [ABSTRACT FROM AUTHOR]

Published

2016

44. A secure, service priority-based incentive scheme for delay tolerant networks.

Author

Yongming Xie and Yan Zhang

Subjects

DELAY-tolerant networks, COMPUTER network architectures, COMPUTER architecture, COMPUTER network security, COMPUTER security research

Abstract

Delay tolerant networks are resource-constrained networks, where nodes are required to cooperate with each other to relay messages (bundles) in a store-carry-forward fashion. Because of the constrained resources, some selfish nodes are reluctant to relay bundles for other nodes in order to save their own resources. Previous studies focus on one kind of creditbased incentive schemes in which a source pays credits (virtual coins) to intermediates to compensate for their resources consumption. Although these schemes can restrain selfish behaviors to a certain extent, they may cause an undesirable effect on some honest nodes, especially on boundary nodes and inactive nodes. To mitigate this issue, first we propose a service priority-based incentive scheme (SIS) where a relaying (viewed as a service) priority, instead of credits, is used as an incentive metric to stimulate nodes to fairly cooperate. In the SIS, a node which relayed more bundles is granted a higher service priority, and it will obtain a higher bundle delivery ratio correspondingly. Then, to deal with the potential attacks against the SIS, we also present three security solutions including the signature chain, cooperation frequency statistics, and combination clearance. We evaluate the proposed scheme on the opportunistic network environment simulator. The extensive results show that the SIS is able to improve the bundle delivery ratio of honest nodes and efficiently inhibits the selfish behaviors in comparison with credit-based incentive schemes. [ABSTRACT FROM AUTHOR]

Published

2016

45. Securing software defined wireless networks.

Author

He, Daojing, Chan, Sammy, and Guizani, Mohsen

Subjects

*SOFTWARE-defined networking, *COMPUTER networks, *WIRELESS communications, *CYBERTERRORISM, *COUNTERTERRORISM, *COMPUTER security research

Abstract

Software defined wireless networking (SDWN) is a new paradigm of wireless networking, physically separating the data and control planes of various elements in the wireless infrastructure. Similar to its wired counterpart, SDWN is expected to introduce a wide range of benefits to the operation and management of wireless networks. Security is always important to any network. On one hand, SDWN enables new security mechanisms. On the other hand, some new threats are introduced due to the separation of the control and data planes and the introduction of the logically centralized controller. In this article, we discuss its security threat vectors as well as design issues in making it secure. Also, we analyze the security requirements of SDWN, and then summarize the security attacks and countermeasures in this area and suggest some future research directions. [ABSTRACT FROM PUBLISHER]

Published

2016

46. Prediction Using Propagation: From Flu Trends to Cybersecurity.

Author

Prakash, B. Aditya

Subjects

INTERNET security, COMPUTER security research, MALWARE, MACHINE learning, ONLINE social networks research, MATHEMATICAL models

Abstract

This article discusses two applications of propagation-based concepts for predictive analytics: marrying epidemiological models with statistical topic models to tease out user phases for better flu-trends prediction, and using propagation-based models to generatively model estimates of malware attacks. [ABSTRACT FROM PUBLISHER]

Published

2016

47. Critical Times for Organizations: What Should Be Done to Curb Workers’ Noncompliance With IS Security Policy Guidelines?

Author

Ifinedo, Princely

Subjects

INFORMATION technology security, EMPLOYEES, COMPUTER security research, COMPUTER access control

Abstract

This study was designed to examine the impacts of employees’ cost–benefit analysis, deterrence considerations, and top management support and beliefs on information systems security policy compliance. Surveys of Canadian professionals’ perceptions were carried out. A research model was proposed and tested. The results confirmed that top management support and beliefs, sanction severity, and cost–benefit analysis significantly influenced employees’ information systems security policy compliance. The implications of the study findings are discussed, and conclusions are drawn. [ABSTRACT FROM PUBLISHER]

Published

2016

48. USER AUTHENTICATION TO A WEB SITE USING FINGERPRINTS.

Author

PURA, Mihai Lica

Subjects

*WEBSITE access control, *HUMAN fingerprints, *COMPUTER access control, *BIOMETRIC identification, *COMPUTER security research

Abstract

Nowadays, authenticated access to web sites becomes more and more important. Usernames and passwords are one of the easiest ways to accomplish it. But a more secure approach is to use biometrics. This article presents a very simple modality to use fingerprints to control the access to a web site. The client component of the proposed architecture is an ActiveX control that communicates with the fingerprint reader and sends data back to the web server. The server component is an ISAPI Server that processes the requests of the client regarding authentication and does or does not grant access to the web site. The ActiveX is integrated in the web page with the help of Java Script. [ABSTRACT FROM AUTHOR]

Published

2014

49. IDENTITY-BASED CHRYPTOGRAPHY: FROM PROPOSALS TO EVERYDAY USE.

Author

PURA, Mihai Lica and PATRICIU, Victor Valeriu

Subjects

*CRYPTOGRAPHY research, *DATA encryption, *PUBLIC key cryptography, *COMPUTER security research, *DATA protection research

Abstract

Since the invention of public key cryptographic algorithms, researchers have also proposed what will later be known as identity based cryptography: the use of identities as public keys. Over the years, different identity based encryption and signature algorithms were developed, making possible what others only predicted some 30 years ago. This paper is a survey over what identity based cryptography is, what advantages it has over classical PKI, what success stories of its use already exists, and on how can one benefit from it, in different civilian and even military scenarios. The purpose of the paper is to set a background for latter research on developing an identity base cryptographic scheme for military use. [ABSTRACT FROM AUTHOR]

Published

2014

50. Security Incident Tracking in Virtualized Linux Environment.

Author

Manghui Tu and Shiming Xue

Subjects

*VIRTUAL reality, *HUMAN fingerprints, *LINUX operating systems, *FORENSIC sciences, *COMPUTER security research

Abstract

Virtualized environment provides a heaven for malicious and criminal activities. It is expected that illegal activities in virtualized environments will be increased as virtualization gains its popularity. Meanwhile, numerous digital security and privacy laws and regulations have put business and organizations under obligations to prepare for auditing and legal investigations. Therefore, businesses must prepare for the responsiveness to unforeseen security incidents in virtualized environments. To establish forensics readiness for businesses and organizations, it is essential to identify what fingerprints are relevant and where they can be located, and whether all the needed fingerprints are available to reconstruct the incidents successfully. Also, fingerprint identification and locating mechanisms should be provided to guide potential forensics investigation in the future. Furthermore, mechanisms should be established to automate the security incident tracking and reconstruction processes. All these rely on the knowledge of security attacks and the fingerprints left by them. In this research, we will explore potential security exploitations and their corresponding fingerprints left in the virtualized Linux environment. Attacks are modeled as augmented attack trees and then are conducted against a simulated virtualized environment, which is followed by a forensic investigation. Finally, an evidence tree is built for each attack based on fingerprints identified within the system. With evidence tree, it is possible to identify sensitive fingerprints for each attack. Also, the evidence tree is expected to provide contextual information needed for automating forensics investigation of a security incident. [ABSTRACT FROM AUTHOR]

Published

2014