Showing papers in "International Journal of Network Security in 2010"

Evaluating the Performance of Symmetric Encryption Algorithms

Abstract: Internet and networks applications are growing very fast, so the needs to protect such applications are increased. Encryption algorithms play a main role in information security systems. On the other side, those algorithms consume a significant amount of computing resources such as CPU time, memory, and battery power. This paper provides evaluation of six of the most common encryption algorithms namely: AES (Rijndael), DES, 3DES, RC2, Blowfish, and RC6. A comparison has been conducted for those encryption algorithms at different settings for each algorithm such as different sizes of data blocks, different data types, battery power consumption, different key size and finally encryption/decryption speed. Experimental results are given to demonstrate the effectiveness of each algorithm.

A Digital Image Encryption Algorithm Based a Composition of Two Chaotic Logistic Maps

Abstract: The chaos based cryptographic algorithms have suggested several advantages over the traditional encryption algorithms such as high security, speed, reasonable computational overheads and computational power This paper introduces an efficient chaos-based stream cipher, composing two chaotic logistic maps and a large enough external secret key for image encryption The external secret key is used to derive the initial conditions for the chaotic maps, and is employed with the two chaotic maps to confuse the relationship between the cipher image and the plain image In the encryption phase, the pixels are encrypted using an iterative cipher module based feedback and data-dependent inputs mechanism for mixing the current encryption parameters with previously encrypted information To make the cipher more robust against any attack, the secret key is modified after encryption of each pixel of the plain image The results of several experimental, statistical analysis and key sensitivity tests show that the proposed image encryption scheme provides an efficient and secure way for real-time image encryption and transmission

A Random Bit Generator Using Chaotic Maps

Abstract: Chaotic systems have many interesting features such as sensitivity on initial condition and system parameter, ergodicity and mixing properties In this paper, we exploit these interesting properties of chaotic systems to design a random bit generator, called CCCBG, in which two chaotic systems are cross-coupled with each other To evaluate the randomness of the bit streams generated by the CCCBG, the four basic tests: monobit test, serial test, auto-correlation, Poker test and the most stringent tests of randomness: the NIST suite tests have been performed As a result no patterns have been observed in the bit streams generated by the proposed CCCBG The proposed CCCBG can be used in many applications requiring random binary sequences and also in the design of secure cryptosystems

Evaluating the Effects of Symmetric Cryptography Algorithms on Power Consumption for Different Data Types.

Abstract: As the importance and the value of exchanged data over the Internet or other media types are increasing, the search for the best solution to offer the necessary protection against the data thieves’ attacks. Encryption algorithms play a main role in information security systems. On the other side, those algorithms consume a significant amount of computing resources such as CPU time, memory, and battery power. But Resources in the wireless environment are limited. There is limited battery power available. Technologies such as CPU and memory are increasing and so is their need for power, but battery technology is increasing at a much slower rate, forming a “battery gap”. Because of this, battery capacity plays a major role in the usability of the devices. The increasing demand for services on wireless devices has pushed technical research into finding ways to overcome these limitations. This paper provides evaluation of six of the most common encryption algorithms namely: AES (Rijndael), DES, 3DES, RC2, Blowfish, and RC6. We examine a method for analyzing trade-offs between energy and security. We suggest approach to reduce the energy consumption of security protocols. A comparison has been conducted for those encryption algorithms at different settings for each algorithm such as different sizes of data blocks, different data types, battery power consumption, different key size and finally encryption/decryption speed.

Performance Evaluation of Mobility Speed over MANET Routing Protocols

Abstract: Ad-hoc networking is a concept in computer communications Each node participating in the network acts both as host and a router and must therefore is willing to forward packets for other nodes Research in this area is mostly simulation based; Random waypoint is the commonly used mobility model in these simulations Random waypoint is a simple model that may be applicable to some scenarios In the performance evaluation of a protocol for MANETs, the protocol should be tested under realistic conditions including In recent years, a variety of routing protocols targeted speciflcally at this environment have been developed and some performance simulations are made on numbers of routing protocols likes DSDV, DSR and AODV, Research efiorts haven’t focused much in evaluating their performance when applied to variable number of nodes and constant pause times, We perform extensive simulations using NS-2 simulator, which carried out based on the Rice Monarch Project

Efficient Cancelable Biometric Key Generation Scheme for Cryptography.

Abstract: This paper puts forth a fresh methodology for the secure storage of fingerprint template by generating Secured Feature Matrix and keys for cryptographic techniques applied for data Encryption or Decryption with the aid of cancellable biometric features. Conventional techniques depend on biometric features like face, fingerprint, hand geometry, iris, signature, keystroke, voice and the like for the extraction of key information. If a Biometric Key is missing or stolen, it is lost perpetually and possibly for every application where the biometric is utilized, since a biometric is permanently linked with a user and cannot be altered. In this paper we propose a technique to produce cancellable key from fingerprint so as to surmount these problems. The flexibility and dependability of cryptography is enhanced with the utilization of cancellable biometric features. There are several biometric systems in existence that deal with cryptography, but the proposed cancellable biometric system introduces a novel method to generate Cryptographic Key. We have as well discussed about the Security analysis of the projected Cancellable Biometric System.

Dynamic Key Cryptography and Applications

Abstract: In modern security models, cryptography plays a fundamental role in protecting data integrity and confidentiality in information systems. However, cryptography itself is subject to cryptanalysis attacks. To reduce the cryptanalysis attack risk, a dynamic key theory is presented and analyzed in this paper. Because these dynamic keys are one-time used symmetric cryptographic keys, they can significantly improve the security of cryptographic systems. The dynamic key theory generation scheme and key update mechanism are formally analyzed to demonstrate balance between security and performance. The theory can be applied to enhance the security and performance of cryptographic systems, especially those used in wireless networks communication. Two case studies using the proposed dynamic key theory are also described and analyzed to illustrate the power of the theory.

A New Secure Remote User Authentication Scheme with Smart Cards

Abstract: Remote user authentication scheme is one of the simplest and the most convenient authentication mechanisms to deal with secret data over insecure networks. These types of schemes are applicable to the areas such as computer networks, wireless networks, remote login systems, operation systems and database management systems. The goal of a remote user authentication scheme is to identify a valid card holder as having the rights and privileges indicated by the issuer of the card. In recent years, so many remote user authentication schemes have been proposed to authenticate a legitimate user, but none of them can solve all possible problems and withstand all possible attacks. This paper presents a secure remote user authentication scheme with smart cards. The proposed scheme provides the essential security requirements and achieves particular attributes.

Secure Group Key Management Scheme for Multicast Networks

Abstract: This paper proposes a scheme to provide security to dynamic multicast VoIP systems efficiently. Security is usually provided by encrypting the media packets sent from a user to other users with the help of a shared key called the session encryption key. The most time consuming process in a dynamic multicast VoIP environment is the group key management. Whenever there is a change in the group membership, the key needs to be updated and the updated key has to be sent to all active members in the group. Hence, by decreasing the number of update messages required for an updated key, the performance of the system can be improved considerably, thus making the scheme more efficient. The proposed secure multicast key management scheme combines the advantages of logical-key tree structure and Chinese remainder theorem to achieve an effective scheme. This paper compares the efficiency of the proposed scheme with the existing schemes and the comparison shows that the proposed scheme performs better than the existing schemes in terms of reduction in key update messages.

Cryptanalysis of an Elliptic Curve-based Signcryption Scheme

Abstract: The signcryption is a relatively new cryptographic technique that is supposed to fulfill the functionalities of encryption and digital signature in a single logical step. Although several signcryption schemes are proposed over the years, some of them are proved to have security problems. In this paper, the security of Han et al.'s signcryption scheme is analyzed, and it is proved that it has many security flaws and shortcomings. Several devastating attacks are also introduced to the mentioned scheme whereby it fails all the desired and essential security attributes of a signcryption scheme.

An Enhanced Remote User Authentication Scheme with Smart Card

Abstract: In 2000, Hwang and Li's proposed a new remote user authentication scheme with smart cards. Some researchers pointed out the security weaknesses of Hwang and Li's scheme and they also proposed some modified schemes to avoid these weaknesses. In 2004, Kumar proposed a new remote user authentication scheme and try to solve the security problems of Hwang and Li's scheme. This paper analyzes that Kumar's scheme does not satisfy some essential security requirements. Kumar's scheme does not support mutual authentication, session key generation phase for secure communication. In addition, in Kumar's scheme, the remote user is not free to change his password. This paper present an enhanced remote user authentication scheme with smart card that not only resolves all the security problems of Hwang and Li's scheme, but also adds mutual authentication, session key generation and password change phase to Kumar's scheme and provides forward secrecy to the long term secret key of the remote server. In the proposed scheme, first the server and user authenticate one another and then generate a secret session key for secure communication. In our scheme, the remote user is free to change his/her password without connecting to server.

New Efficient Searchable Encryption Schemes from Bilinear Pairings.

Abstract: Public key encryption with keyword search (PEKS) enables user Alice to send a secret key TW to a server that will enable the server to locate all encrypted messages containing the keyword W, but learn nothing else. In this paper, we propose a new PEKS scheme based on bilinear pairings. There is no pairing operation involved in the encryption procedure and so our new PEKS scheme is more e‐cient than the scheme of Boneh et.al. in [5]. Then, we provide further discussions on removing secure channel from PEKS, and present an e‐cient secure channel free PEKS scheme. Our two new schemes can be proved secure in the random oracle model, under the appropriate computational assumptions.

A Modified Hill Cipher Involving Interweaving and Iteration

Abstract: This paper deals with a modification of the Hill cipher. In this, we have introduced interweaving in each step of the iteration. The interweaving of the resulting plaintext, at each stage of the iteration, and the multiplication with the key matrix leads to confusion and diffusion. From the cryptanalysis performed in this investigation, we have found that the cipher is a strong one.

A Novel Digital Envelope Approach for a Secure E-Commerce Channel

Abstract: Data privacy and integrity will be the crucial and significant factors in recent times for trade which will be transacted over the Internet through e-commerce and m-commerce channels. To deal with these anxieties, various security etiquette related to symmetric and asymmetric key types have been framed. Digital Envelope is one of the practices to attain Privacy, Authentication, Integrity maintenance, and Non-Repudiation in e-commerce channels. In this paper, we suggest a software implementation of a digital envelope for a secure e-commerce channel that combines the hashing algorithm of MD5, the symmetric key algorithm of AES and the asymmetric key algorithm of Hyper Elliptic Curve Cryptography (HECC). The result illustrates that HECC is the best alternative asymmetric key technique rather than ECC and RSA in the digital envelope hybrid cryptosystem.

Integrated Intrusion Detection System Using Soft Computing

Abstract: Intrusion Detection systems are increasingly a key part of system defense. Various approaches to Intrusion Detection are currently being used but they are relatively inefiective. Among the several soft computing paradigms, we investigated genetic algorithms and neural networks to model fast and e‐cient Intrusion Detection Systems. With the feature selection process proposed it is possible to reduce the number of input features signiflcantly which is very important due to the fact that the Radial Basis Function networks can efiectively be prevented from over fltting. The Genetic algorithm employs only the eight most relevant features for each attack category for rule generation. The generated rules signal an attack as well as its category and it is end for training to RBF network. The optimal subset of features combined with the generated rules, can be used to analyze the attacks. Empirical results clearly show that soft computing approach could play a major role for intrusion detection. The model was verifled on KDD99 demonstrating higher detection rates than those reported by the state of art while maintaining low false positive rate.

Phishing Secrets: History, Effects, Countermeasures.

Abstract: This paper presents the results of a study performed over phishing threats and vulnerabilities present in nowadays authentication environments. The main goal of this paper is to present our solution, the anti-phishing model which can be applied to any web environment, and not just to e-banking or the financial sector, without limitations nor additional requirements. We start presenting a brief history of phishing, common solutions, some statistics about phishing attempts, social impact and monetary losses and our patented anti-phishing model. Following is an explanation about how different vulnerabilities have been addressed such as Man-In-The-Middle attacks, phishing, pharming, SQL injection, social engineering, format string attacks, buffer overflow, brute force and many other vulnerabilities. The proposed method has been the basis of a PhD thesis aimed at defining a model for secure operation of an Internet Banking environment, even in the presence of malware on the client side. The authentication model is based on a mutual multi-factor authentication process where both entities must be authenticated with more than one authentication factor. The proposed model has been designed to be easily applicable with minimum impact to the current Internet banking systems. Its goal is to be resistant to the nowadays too frequent phishing and pharming attacks, and also to more classical ones like social engineering or man-in-the-middle attacks. The key point of this model is the need for multi-factor mutual authentication, instead of simply basing the security on the digital certificate of the financial entity, since in many cases users are not able to discern the validity of a certificate, and may not even pay attention to it. Thanks to the rules defined in this proposal, the security level of the Web Banking environment will increase and customers’ trust will be enhanced, thus allowing a more beneficial use of this service. The proposed model has been simulated in order to demonstrate its effectiveness and feasibility.

A Better Improvement on the Integrated Diffie-Hellman-DSA Key Agreement Protocol.

Abstract: Harn et al. proposed a series of Di‐e-Hellman key exchange protocols which are integrated into Digital Signature Algorithm in 2004. Recently, Phan pointed out that Harn et al.’s protocols cannot provide forward secrecy and key freshness, which are two standard security attributes that key exchange protocols should have. Phan also gave his improvement. In this paper we present a better improvement, which is more secure than Phan’s scheme.

Blind Collective Signature Protocol Based on Discrete Logarithm Problem.

Abstract: Using Schnorr’s digital signature (DS) scheme as the underlying scheme there is designed the collective DS protocol. In the proposed collective DS protocol the signature is formed simultaneously by all signers, therefore using this protocol leads to natural solution of the problem of signing simultaneously a contract. Using the proposed collective DS protocol the blind collective DS protocol has been designed, which is a new type of the multi-signature schemes. For simultaneous signing a package of different contracts by different sets of signers it is proposed another new multi-signature scheme called composite signature.

Cryptanalysis of Security Enhancement for a Modified Authenticated Key Agreement Protocol

Abstract: Recently, Chang et al. proposed a security enhancement in Ku and Wang's authenticated key agreement protocol. Two parties employ the pre-shared password to agreement a common session key via insecure network. However, in this article, we will show that Chang et al.'s scheme is suffer from the backward replay attack and the off-line password guessing attack.

Return on Information Security Investment - The Viability Of An Anti-Spam Solution In A Wireless Environment

Abstract: Much is said about the importance of investing in information security [5, 10], but little is known on the extent and effectiveness of such security programmes [4]. A model that analyses the mechanics of an information security programme is presented. The model attempts to put an upper-bound on the information security expenditure. The concepts of ”viability of security expenditure,” ”successfulness of attack” and ”motivation to attack” are introduced. The Return on Information Security Investment (ROISI) model is tested in a real life organisation to determine the viability of an anti-spam solution in a conventional setting and later adapted to a wireless environment.

A Provably Secure and Efficient Strong Designated Verifier Signature Scheme

Abstract: Strong designated verifier signature scheme could make it possible for a signer to convince only the designated verifier that the signature is made by the signer. In 2007, Lee et al. proposed a designated verifier signature scheme with message recovery, attaching target message with signature, to prevent any attack by eavesdropping. In this paper, we propose an efficient strong designated verifier signature scheme, using key distribution mechanism where both sender and designated receiver share encryption/decryption key to fulfill encryption/decryption algorithm with low cost of communication and computation: 30% and 50% of Lee et al. scheme, respectively. We would prove its security based on public problem-Gap Diffie-Hellman (GDH) assumption.

An Improvement on a Three-party Password-based Key Exchange Protocol Using Weil Pairing

Abstract: The three-party password-based key exchange protocols using Weil pairing proposed by Wen is vulnerable to impersonation attack. By introducing hard artificial intelligence problem, we show an improved protocol, which can resist against not only the impersonation attack but also all the other well-known attacks. Analysis also shows that improved protocol reduces about one third computational cost and two thirds throughput. The protocol is suitable for lightweight or mobile equipments.

Verifiable attribute based encryption

Abstract: In this paper, we propose the notion of Verifiable Attribute-Based Encryption (VABE) and give two constructs of key-policy VABE. One is with a single authority, and the other is with multi authorities. Not only our schemes are proved secure as the previous ABE schemes, they also provide a verification property. This could not be trivially solved, such as trying random decryption. Adding the verification property has a few advantages: first, it allows the user to immediately check the correctness of the keys, if not, he only needs the authority to resend the corresponding shares, especially, in multiauthority case, if the key does not pass the check, the user only needs to ask the particular authority to resend its own part, without need to go to all the authorities; second, if the keys pass the verification but the user still does not rightly decrypt out the message, something might be wrong with the attributes or ciphertexts, then, the user has to contact with the encryptor; third, the trick used in this paper could also be used in the ciphertext-policy scenario. We formalize the notion of VABE and prove our schemes in our model.

Comment on Wu et al.'s Server-aided Verification Signature Schemes.

Abstract: In ProvSec 2008, Wu et al. constructed two server-aided verification signature (SAV-Σ) schemes based on BLS signature. In this paper, we provide a new definition of the security of SAV-Σ against collusion and adaptive chosen message attacks. We founded that Wu et al.’s first scheme is secure, while their second scheme is insecure based on our definition.

Formal Specification of Common Criteria Based Access Control Policy Model.

Abstract: One of the major threats that an enterprise Information system networks are facing today is the Insider threat. As part of the Insider Threat study, lack of an efiective access control mechanism is identifled as one of the major causes that facilitated IT sabotage. In this paper we propose a network access control meta model as per ISO/IEC security evaluation criteria - Common Criteria to provide a framework for implementing an Insider threat protection security solution for network computing environment. We used formal speciflcation notation language Z to specify the proposed model. The paper concludes with a case study along with model veriflcation.

Hardware implementation of efficient modified karatsuba multiplier used in elliptic curves

Abstract: The efficiency of the core Galois field arithmetic improves the performance of elliptic curve based public key cryptosystem implementation. This paper describes the design and implementation of a reconfigurable Galois field multiplier, which is implemented using field programmable gate arrays (FPGAs). The multiplier of Galois field based on Karatsuba's divide and conquer algorithm allows for reasonable speedup of the top-level public key algorithms. Binary Karatsuba multiplier is more efficient if it is truncated at n-bit multiplicand level and use an efficient classic multiplier algorithm. In these work three levels to truncate Binary Karatsuba algorithm (4 bits, 8 bits and 16 bits) are chosen showing that 8 bits is the best level for minimum number of slices and time delay to truncate Binary Karatsuba algorithm which is designed on an Xilinx VirtexE XCV2600 FPGA device. The VHDL hardware models are building using Xilinx ISE foundation software. This work is able to compute GF (2191) multiplication in 45.889 ns. experimental results of comparing block and stream ciphers when used to secure VoIP in terms of end-to-end delay and subjective quality of perceived voice.

Identity-based Threshold Signature Secure in the Standard Model.

Abstract: Recently, design of Identity-based (ID-based) threshold signature schemes which are efficient and provably secure in the standard model has drawn great concerns. In this paper, an ID-based threshold signature scheme based on Paterson and Schuldt’s signature scheme is presented. The proposed construction is proved secure in the standard model and its security rests on the hardness of the computational Diffie-Hellman problem. To the best of authors’ knowledge, this is the first ID-based threshold signature scheme in the literature to achieve this security level.

Speeding Scalar Multiplication of Elliptic Curve Over GF(2 mn )

Abstract: Lee et al proposed two methods to speed up the computation of scalar multiplication of elliptic curve deflned over GF(2 mn ) with a medium size of m in the range 10 • m • 20 In these methods, Frobenius map is utilized to expand the integer k and each coe‐cient of the expansion is represented as a binary string In this paper, with the application of joint sparse form (JSF) to the coe‐cients, some variations of Lee et al’s methods are proposed to achieve a better performance at a lower storage requirement

Lightweight PKI for WSN uPKI.

Abstract: ireless sensor networks (WSN) grows in size and gain newapplications in our lives ranging from military applica-tions to civilian ones. However security in WSN was notcarefully carried out, since only some symmetric encryp-tion based protocols are proposed in literature, under theassumption that the nature of sensor nodes does not sup-port public keyencryption due to the limitation in batteryand CPU power. However the new development of sen-sors technologies may allow more computational powerand gives us the possibility to use public key encryptionin WSN if the used algorithm is energy efficient such asECC. Therefore in this paper we propose a lightweightimplementation of Public Key Infrastructure (PKI). Ourproposed protocol called µPKI uses public key encryptiononly for some specific tasks as session key setup betweenthe base station and sensors giving the network an ac-ceptable threshold of confidentiality and authentication.Keywords: Key management, PKI, µPKI, public key en-cryption, WSN

An Autonomous Framework for Early Detection of Spoofed Flooding Attacks

Abstract: One of the challenging tasks on the Internet is differentiating the attack traffic from legitimate traffic. Tackling this challenge would aid in the detection of Denial of Service/Distributed DoS (DoS/DDoS) attacks. In this paper, we propose a flow profiling scheme that adopts itself to detect these flooding attacks by monitoring the trends in the current traffic. Moreover, our scheme filters most of the traffic, which are found to be suspicious, at the source end, thus avoiding flooding at the target. The scheme distinguishes itself from other source end defenses in the manner in which it gathers and profiles the statistics. Information entropy, a measure to find correlation among traffic flows, is used. We made this attempt to infer the current state of the dynamic network. The result of correlation is then used to support the evidences which justify the necessity of filtering the packets. We use Theory of evidence to improve the decision making with regard to filtering. We implemented and tested our scheme using network traffic traces and found the results to be appreciable.