Showing papers in "International Journal of Electronic Security and Digital Forensics in 2014"
TL;DR: The experimental results demonstrate that this algorithm combines the advantages and remove the disadvantages of these two transform techniques and is robust against a number of signal processing attacks without significant degradation of the image quality.
Abstract: In this paper, the effects of different error correction codes on the robustness and the image quality are investigated. Three different error correcting codes such as Hamming, the Bose, Ray-Chaudhuri, Hocquenghem (BCH) and the Reed-Solomon code are considered to encode the watermark. The embedding watermarks method based on the two most popular transform techniques which are discrete wavelet transforms (DWTs) and singular value decomposition (SVD). The proposed algorithm is robust against a number of signal processing attacks without significant degradation of the image quality. The experimental results demonstrate that this algorithm combines the advantages and remove the disadvantages of these two transform. Out of three error correcting codes tested, it has been found that Reed-Solomon shows the best performance. A detailed analysis of the results of implementation is given.
23 citations
TL;DR: An association rule mining process for extracting the common and anomalous patterns in data that is affected by some kind of imprecision or uncertainty, obtaining information that will be meaningful and interesting for the user is proposed.
Abstract: Data mining techniques are a very important tool for extracting useful knowledge from databases. Recently, some approaches have been developed for mining novel kinds of useful information, such as anomalous rules. These kinds of rules are a good technique for the recognition of normal and anomalous behaviour, that can be of interest in several area domains such as security systems, financial data analysis, network traffic flow, etc. The aim of this paper is to propose an association rule mining process for extracting the common and anomalous patterns in data that is affected by some kind of imprecision or uncertainty, obtaining information that will be meaningful and interesting for the user. This is done by mining fuzzy anomalous rules. We present a new approach for mining such rules, and we apply it to the case of detecting normal and anomalous patterns on credit data.
13 citations
TL;DR: This paper covers the security assessment of the PL system in the supervisory control and data acquisition SCADA context and presents PL model in the first sections of the work.
Abstract: Due to the increasing importance of communication networking, the power line PL channel has been considered as a good candidate for the communication medium. Power line communications PLC term stands for the technologies for the data communication over the electrical power supply network. The PL channels were not designed to transmit high speed data; therefore, they exhibit hostile medium for communication signal transmission. There are many factors such as noises, attenuation, distance, etc. affecting the quality of the transmission over PL channels. This paper presents PL model in the first sections of the work. Then it covers the security assessment of the PL system in the supervisory control and data acquisition SCADA context.
9 citations
TL;DR: An implementation of Private Cloud Computing is presented and its security features are evaluated, and discussions on considerable solutions to protect threats against confidentiality, integrity and availability of cloud data are presented.
Abstract: Cloud computing has altered the overall representative picture which distributed computing present in IT environment such as grid and server client computing. Cloud computing has born a new innovative meaning to off-premises and distributed computing. Although cloud computing offers more economical benefits than traditional computing, it undoubtedly introduces an imaginable security challenges to information control, management, access and storage from on-premises to off-premises. This paper focuses on security challenges in distributed cloud, describes cloud computing, models and services. Analysis cloud security challenges and presents discussions on considerable solutions to protect threats against confidentiality, integrity and availability of cloud data. This paper presents an implementation of Private Cloud Computing and evaluates its security features.
7 citations
TL;DR: The role of knowledge in organisational behaviour and the rationale behind its importance in contemporary law enforcement practices are clarified before discussing the concepts around practical scenarios, and outlining a number of example approaches to integration.
Abstract: As law enforcement agencies are presented with ever growing repositories of data upon which to conduct their intelligence and investigative initiatives, the requirement to effectively manage knowledge grows. The following paper explores the use of knowledge management within law enforcement in terms of defining knowledge in policing, the various forms in which knowledge exists in society and organisations, and the potential barriers to the integration of knowledge management practices in the law enforcement domain. The paper clarifies the role of knowledge in organisational behaviour and the rationale behind its importance in contemporary law enforcement practices before discussing the concepts around practical scenarios, and outlining a number of example approaches to integration.
7 citations
TL;DR: This paper discusses the background of VANETs, its application and the current security issues, and studies a number of key elements related to the economic and legal aspects to be considered before VANets can be successfully deployed.
Abstract: Vehicular ad hoc networks VANETs are an important component of intelligent transportation systems. In this context, vehicles are equipped with complex systems and advanced technologies such as communication systems, computing platforms with numerous processors, artificial intelligence and automatic control. This emerging technology is attracting more and more attention as it combines multiple academic disciplines and the latest technologies representing developing trends of future automobile technology. The main benefit of VANET communication is the development of active safety systems that increase passenger safety by exchanging life critical warning messages between vehicles. In this paper, we discuss the background of VANETs, its application and the current security issues. Furthermore, we study a number of key elements related to the economic and legal aspects to be considered before VANETs can be successfully deployed.
7 citations
TL;DR: A novel algorithm named syntactical fingerprinting is proposed which automatically identifies phishing websites and implies the provenance of these websites using the structural components that compose the website.
Abstract: Organisations continue to pursue new strategies to thwart phishing attacks as well as investigate the criminals behind these scams. In order to address these issues, a novel algorithm named syntactical fingerprinting is proposed which automatically identifies phishing websites and implies the provenance of these websites using the structural components that compose the website. Syntactical fingerprinting demonstrates the ability to accurately identify newly observed phishing websites through an experiment on a custom dataset consisting of 49,840 URLs collected over three months by the UAB phishing data mine. An additional experiment was run over a different set of website content in early 2011 which exhibits the use of syntactical fingerprinting as a distance metric for clustering phishing websites. Finally, varying the threshold value used by syntactical fingerprinting demonstrates the capability for phishing investigators to identify not only the source of phishing websites, but individual phishers as well.
7 citations
TL;DR: A security enhanced scheme is developed to eliminate the identified weaknesses in Islam et al.'s scheme and has better performance than their scheme, which is more suitable for practical applications.
Abstract: As two fundamental requirements to ensure secure communications over an insecure public network channel, password authentication and update of password have received considerable attention. To satisfy the above two requirements, Islam and Biswas 2013 proposed a password authentication and update scheme based on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. Unfortunately, He et al. 2012 found Islam and Biswas' scheme is still vulnerable to offline password guessing attack and stolen-verifier attack. In this paper, a security enhanced scheme is developed to eliminate the identified weaknesses. The analysis shows that our scheme not only overcomes the security vulnerability in Islam et al.'s scheme, but also has better performance than their scheme. Then our scheme is more suitable for practical applications.
5 citations
TL;DR: This paper aims to profile recent cyberattacks, investigate trends and relationships between distinct factors and based on those, give security policies as security countermeasures.
Abstract: Today, computers play a prominent role in human life and e-business makes the lives of people easier Online shopping and electronic trade benefit both customers and companies Although the concept of e-business has many advantages, it also furnishes cybercriminals opportunities to access, steal and manipulate data Thus, security requirements ought to be considered by managers who run their businesses via computers and the internet One of the first steps to defining security requirements is threat and risk assessment, which may be done by cyberattack profiling This paper aims to profile recent cyberattacks, investigate trends and relationships between distinct factors and based on those, give security policies as security countermeasures The work described was presented at the 9th ICGSSS Conference in December 2013
4 citations
TL;DR: The scheme is proven to be indistinguishable against adaptive chosen ciphertext attacks, existentially unforgeable against adaptive choices message and identity attacks, and unconditional signcrypter ambiguity under the random oracle model.
Abstract: This paper presents an identity-based threshold ring signcryption scheme. With this technique, any group of t entities can choose n - t entities to generate a t-out-of-n signcryption on behalf of the group of n members, yet the actual signcrypters remain anonymous. The scheme is proven to be indistinguishable against adaptive chosen ciphertext attacks, existentially unforgeable against adaptive chosen message and identity attacks, and unconditional signcrypter ambiguity under the random oracle model. To the best of authors' knowledge, the scheme is the first security ID-based threshold ring signcryption scheme.
4 citations
TL;DR: An analysis of SIP, a popular voice over IP (VoIP) protocol is performed and a framework for capturing and analysing volatile VoIP data is proposed in order to determine forensic readiness requirements for effectively identifying an attacker.
Abstract: In this paper, we perform an analysis of SIP, a popular voice over IP (VoIP) protocol and propose a framework for capturing and analysing volatile VoIP data in order to determine forensic readiness requirements for effectively identifying an attacker. The analysis was performed on real attack data and the findings were encouraging. It seems that if appropriate forensic readiness processes and controls are in place, a wealth of evidence can be obtained. The type of the end user equipment of the internal users, the private IP, the software that is used can help build a reliable baseline information database. On the other hand the private IP addresses of the potential attacker even during the presence of NAT services, as well as and the attack tools employed by the malicious parties are logged for further analysis.
TL;DR: The scheme is proven to be indistinguishable against adaptive chosen ciphertext attacks, existentially unforgeable against adaptive choices message and identity attacks, and unconditional signcrypter ambiguity under the random oracle model.
Abstract: This paper presents a new identity-based ring signcryption scheme. With this technique, anyone can choose n − 1 entities to generate a verifiable ring signcryption on behalf of the group of n members, yet the actual signcrypter remain anonymous. The scheme is proven to be indistinguishable against adaptive chosen ciphertext attacks, existentially unforgeable against adaptive chosen message and identity attacks, and unconditional signcrypter ambiguity under the random oracle model.
TL;DR: Using structural equation modelling, the findings show that 'privacy' correlates with 'security' but these two variables do not have a significant impact on users' trust, and only 'trust' and ' security' affect users' intention to use OSN.
Abstract: According to a report by Vietnam Network Information Center (VNNIC) on Vietnam internet resources in 2012, the number of internet users in Vietnam had increased by 15 times compared to 2000. As a result of increased internet usage, 35.49% of the Vietnamese population had a 53% chance of encountering online threats without even knowing it. The purpose of this research is to investigate the relationship and influence of security and privacy issues on internet users trust, and their intention to participate in a safe online community in order to provide preliminary insights for building a safer online social network (OSN) landscape in Vietnam by examining the relationships among online privacy concerns, security, trust, and intention. Using structural equation modelling, the findings show that 'privacy' correlates with 'security' but these two variables do not have a significant impact on users' trust. Moreover, only 'trust' and 'security' affect users' intention to use OSN.
TL;DR: The proposed work presented in this paper consist of a robust (non-fragile) steganography technique based on the matrix embedding using a self-synchronising variable length T-codes and RS codes to provide robustness to the embedded message against transmission errors.
Abstract: Steganography is a sub-discipline of data hiding with an objective to modify a digital object, known as cover object, to encode and conceal a message so that it cannot be seen while it is transmitted on public communication channels such as computer network. The main requirements of steganography system are imperceptibility, high payload, security and robustness against transmission channel noise. The proposed work presented in this paper consist of a robust (non-fragile) steganography technique based on the matrix embedding using a self-synchronising variable length T-codes (to obtain compressed message from the original message) and RS codes (as error correction coding to provide robustness to the embedded message against transmission errors). The original message is first encoded using T-codes and then with RS-codes. The selection of the plane for embedding is made on the basis of variance of intensity resolutions. The secret message is then embedded in the selected 2nd, 3rd or 4th plane of the cover image using the matrix encoding technique. The proposed method is compared with other existing steganographic schemes based on error correcting codes. Experimental results show that the proposed method is an improvement over the existing methods.
TL;DR: A framework to standardise the terminology used for biometrics is introduced and a number of aspects that form part of the biometric landscape which should be contemplated whenever biometric technology is considered for a sustainable biometric solution are discussed.
Abstract: Biometric technology is by no means a new technology Woodward and Orleans, 2004. Authenticating people based on their biometric traits have been used before technology adopted biometrics as a mechanism to authenticate a person. However, various aspects that shape the landscape of biometric technology are often overlooked. Many research papers focus on the fact that biometric technology can be spoofed using various complex approaches Matsumoto et al., 2002. However, biometric technology has a number of role players that must be considered. Many examples exist of companies implementing biometric technology for authentication. Only to learn later those certain aspects preclude the successful implementation of biometric technology. This paper discusses a number of aspects that form part of the biometric landscape which should be contemplated whenever biometric technology is considered for a sustainable biometric solution. Due to the various formats that biometrics can be presented this paper also introduces a framework to standardise the terminology used for biometrics.
TL;DR: A novel symmetric key sharing method is proposed which emphasises the efficient and secure key sharing and key updates and protects the efficiency aspects.
Abstract: The wireless nature of communication and lack of security infrastructure raises several security problems in MANET. So, security routing is essential for mobile ad hoc networks. A number of routing methods have been proposed for security routing. The key idea in our algorithm is to explore key authentication at the time of key sharing. Authentication is performed for key distribution and communication. This paves an integrity and authenticity. Collisions of source and destination nodes are reduced and internal and external attacks are overcome using less cryptographic techniques with less computation steps. Confidentiality is achieved by encrypting the keys. A novel symmetric key sharing method is proposed which emphasises the efficient and secure key sharing and key updates. In our scheme, digital signature and symmetric key combine together and protects the efficiency aspects. Through extensive simulation analysis it is inferred that our algorithm provides an efficient approach towards security and in the mobile ad hoc network.
TL;DR: It is illustrated that a smart device can be considered as a 'smart token', to address the security concerns associated with biometric technology.
Abstract: The release of the latest iPhone device by Apple, named the iPhone 5s which incorporates a fingerprint-based biometric scanner, was met with a lot of criticism from the security and privacy community. It was soon demonstrated that the biometric reader on this new iPhone is just as vulnerable to spoofing attacks as devised by researchers such as Matsumoto et al. 2002. It is an excepted fact that making use of biometrics for effective security during the identification and authentication process is not recommended Woodward and Orleans, 2004. People leave latent biometric prints of their fingerprints on everything they touch. Biometric technology is vexed with this problem - a biometric characteristic is not essentially covert, as people deposit their biometric characteristics in various ways in the environment they interact with. This paper proposes an approach to allow a person to use a smart device such as the iPhone 5s, for secure biometric authentication over a networked environment for secure electronic transactions. The paper illustrates that a smart device can be considered as a 'smart token', to address the security concerns associated with biometric technology.
TL;DR: There is a generalised positive predisposition for enrolment that is expressed in some by the predisposition to try for many times and in others to try over a long time, and that it may be the youngest and the oldest the least available.
Abstract: The performance of a biometric system depends on the accuracy, the processing speed, the template size, and the time necessary for enrolment. This last factor is not much addressed in literature. In this work, we collected information about the users' availability for enrolment in respect to fingerprint biometrics. Were involved in trials 22 people randomly chosen. The results are presented globally, by sex, by age group and by previous experience in the use of the technology. We found that there is a generalised positive predisposition for enrolment that is expressed in some by the predisposition to try for many times and in others to try over a long time, and that it may be the youngest and the oldest the least available.
TL;DR: The results strongly suggest that hacking projects have helped the students better understanding computer and information security principles and the majority of the students stated that they do not intend to misuse the learned skills.
Abstract: Incorporating hacking projects in information security education is controversial. However, several studies discussed the benefits of including offensive exercises (e.g., hacking) in information security courses. In this paper, we present our experiment in incorporating hacking projects in the laboratory exercises for an undergraduate-level Computer and Information Security (CIS) course at King Abdulaziz University (KAU), Saudi Arabia. We conducted a survey to measure the effectiveness of incorporating hacking projects from the students' perspective. We also questioned the ethical aspects of these projects. The results strongly suggest that hacking projects have helped the students better understanding computer and information security principles. Furthermore, the majority of the students stated that they do not intend to misuse the learned skills, mainly for religious and ethical reasons. We also present the precautions that we took to avoid legal or ethical consequences that may be connected with these activities.
TL;DR: This work proposes a new authentication scheme for the telecare medical information system (TMIS) and shows that this scheme not only overcomes weaknesses in Wu et al.'s scheme, but also has better performance.
Abstract: The telecare medical information system (TMIS) could improve quality of medical care since it allows patients to enjoy healthcare delivery services in their home. However, the privacy and security influence the development of the TMIS since it is employed in open networks. Recently, Wu and Xu proposed a privacy authentication scheme for the TMIS and claimed that their scheme could overcome weaknesses in previous schemes. However, we will demonstrate that their scheme is vulnerable to the server spoofing attack and cannot provide user anonymity. To overcome weaknesses in their scheme, we also propose a new authentication scheme for the TMIS. Analysis shows that our scheme not only overcomes weaknesses in Wu et al.'s scheme, but also has better performance.
TL;DR: This paper proposes a new certificateless short signature scheme and proves that it is secure against strong adversaries, and is more computationally efficient than other certificatelessShort signature schemes.
Abstract: Certificateless cryptography is an attractive paradigm for public key cryptography since it does not require certificates in traditional public key cryptography and also solves the inherent key escrow problem in identity-based cryptography. Currently, certificateless short signature is receiving significant attention from the public key cryptography research community as it is particularly useful in low-bandwidth communication environments. However, most of the certificateless short signature schemes only support low-level security. Recently, Choi et al. presented a certificateless short signature scheme and claimed that it is provably secure against super adversaries in the random oracle model. Unfortunately, in this paper, we show that their scheme is insecure even against a strong adversary. We then propose a new certificateless short signature scheme and prove that it is secure against strong adversaries. Compared with other certificateless short signature schemes, our scheme is more computationally efficient.
TL;DR: This paper proposes a timestamp-based authentication scheme for cloud client with a modified digital envelope and presents a security analysis to show that the scheme can resist various attacks related to cloud environment.
Abstract: Cloud computing provides the capability to use computing and storage resources on a rented basis and reduce the investments in an organisation's computing infrastructure. With all its benefits, cloud computing also brings with it concerns about the security and privacy of information extant on the cloud as a result of its size, structure, and geographical dispersion. Secure communication in cloud environment is necessary to access remote resources in a controlled and efficient way. For validation and authentication digital signatures using public key cryptography is extensively used in cloud computing. Further to keep confidentiality, digital envelope which is the combination of the encrypted message and signature with the encrypted symmetric key is also used. In this paper we propose a timestamp-based authentication scheme for cloud client with a modified digital envelope. As hyperelliptic curve cryptosystem (HECC) is known for its small key size and high security, we have taken HECC encryption technique. We have also presented a security analysis to show that our scheme can resist various attacks related to cloud environment.
TL;DR: Virtual frequency and phase synchronisation algorithm for the sub-carrier is proposed to reduce the BER of MC-CDMA to achieve significant improvement in the system achieved under AWGN and Rayleigh fading channels using BPSK modulation.
Abstract: In recent years, multi-carrier techniques such as multi-carrier code division multiple access CDMA schemes have become popular in wireless communications over multipath fading channels. The MCCDMA used to improve security, data transmission rate and to minimise inter symbol interference ISI. CDMA was suffering from multipath fading which affects its performance. In this research, the performance of multi-carrier code division multiple access MC-CDMA system is studied and evaluated, virtual frequency and phase synchronisation algorithm for the sub-carrier is proposed to reduce the BER of MC-CDMA. The simulation have been done using MATLAB programme, the results indicate that significant improvement in the system achieved under AWGN and Rayleigh fading channels using BPSK modulation. Increasing digital modulation orders and power have led to reduction in the BER for the system.
TL;DR: Performance analysis in terms of normalised MSE shows that the original signal can be accurately extracted by the proposed procedure from the encrypted one, and a key with multiple values has been exploited to enhance the security of the cryptosystem.
Abstract: In this paper, it has been shown that the BSS-based cryptosystem with binary key which has only two values, does not provide the security goal. In fact, the private key can be fully realised by applying a proper threshold on the encrypted signal. Performance analysis in terms of normalised MSE shows that the original signal can be accurately extracted by the proposed procedure from the encrypted one. Therefore, a key with multiple values has been exploited to enhance the security of the cryptosystem.