Iet Information Security 

About: Iet Information Security is an academic journal published by Institution of Engineering and Technology. The journal publishes majorly in the area(s): Cryptography & Encryption. It has an ISSN identifier of 1751-8709. It is also open access. Over the lifetime, 710 publications have been published receiving 9736 citations. The journal is also known as: Institution of Engineering and Technology information security & Information security.

Analysis and improvement on an efficient biometric-based remote user authentication scheme using smart cards

Abstract: The author first reviews the recently proposed Li-Hwang's biometric-based remote user authentication scheme using smart cards; then shows that the Li-Hwang's scheme has some design flaws in their scheme. In order to withstand those flaws in their scheme, an improvement of their scheme is further proposed. The author also shows that the improved scheme provides strong authentication with the use of verifying biometric, password as well as random nonces generated by the user and the server as compared to that for the Li-Hwang's scheme and other related schemes.

One for all - all for one: unifying standard differential power analysis attacks

Abstract: In this study, the authors examine the relationship between and the efficiency of different approaches to standard (univariate) differential power analysis (DPA) attacks. The authors first show that, when fed with the same assumptions about the target device (i.e. with the same leakage model), the most popular approaches such as using a distance-of-means test, correlation analysis and Bayes attacks are essentially equivalent in this setting. Differences observed in practice are not because of differences in the statistical tests but because of statistical artefacts. Then, the authors establish a link between the correlation coefficient and the conditional entropy in side-channel attacks. In a first-order attack scenario, this relationship allows linking currently used metrics to evaluate standard DPA attacks (such as the number of power traces needed to perform a key recovery) with an information theoretic metric (the mutual information). The authors results show that in the practical scenario defined formally in this study, both measures are equally suitable to compare devices with respect to their susceptibility to DPA attacks. Together with observations regarding key and algorithm independence the authors consequently extend theoretical strategies for the sound evaluation of leaking devices towards the practice of side-channel attacks.

Intelligent rule-based phishing websites classification

Abstract: Phishing is described as the art of echoing a website of a creditable firm intending to grab user's private information such as usernames, passwords and social security number. Phishing websites comprise a variety of cues within its content-parts as well as the browser-based security indicators provided along with the website. Several solutions have been proposed to tackle phishing. Nevertheless, there is no single magic bullet that can solve this threat radically. One of the promising techniques that can be employed in predicting phishing attacks is based on data mining, particularly the `induction of classification rules' since anti-phishing solutions aim to predict the website class accurately and that exactly matches the data mining classification technique goals. In this study, the authors shed light on the important features that distinguish phishing websites from legitimate ones and assess how good rule-based data mining classification techniques are in predicting phishing websites and which classification technique is proven to be more reliable.

Trust-based on-demand multipath routing in mobile ad hoc networks

Abstract: A mobile ad hoc network (MANET) is a self-organised system comprised of mobile wireless nodes. All nodes act as both communicators and routers. Owing to multi-hop routing and absence of centralised administration in open environment, MANETs are vulnerable to attacks by malicious nodes. In order to decrease the hazards from malicious nodes, the authors incorporate the concept of trust to MANETs and build a simple trust model to evaluate neighbours’ behaviours – forwarding packets. Extended from the ad hoc on-demand distance vector (AODV) routing protocol and the ad hoc on-demand multipath distance vector (AOMDV) routing protocol, a trust-based reactive multipath routing protocol, ad hoc on-demand trusted-path distance vector (AOTDV), is proposed for MANETs. This protocol is able to discover multiple loop-free paths as candidates in one route discovery. These paths are evaluated by two aspects: hop counts and trust values. This two-dimensional evaluation provides a flexible and feasible approach to choose the shortest path from the candidates that meet the requirements of data packets for dependability or trust. Furthermore, the authors give a routing example in details to describe the procedures of route discovery and the differences among AODV, AOMDV and AOTDV. Several experiments have been conducted to compare these protocols and the results show that AOTDV improves packet delivery ratio and mitigates the impairment from black hole, grey hole and modification attacks.

Identity-based remote data possession checking in public clouds

Abstract: Checking remote data possession is of crucial importance in public cloud storage It enables the users to check whether their outsourced data have been kept intact without downloading the original data The existing remote data possession checking (RDPC) protocols have been designed in the PKI (public key infrastructure) setting The cloud server has to validate the users' certificates before storing the data uploaded by the users in order to prevent spam This incurs considerable costs since numerous users may frequently upload data to the cloud server This study addresses this problem with a new model of identity-based RDPC (ID-RDPC) protocols The authors present the first ID-RDPC protocol proven to be secure assuming the hardness of the standard computational Diffie-Hellman problem In addition to the structural advantage of elimination of certificate management and verification, the authors ID-RDPC protocol also outperforms the existing RDPC protocols in the PKI setting in terms of computation and communication