Showing papers in "International journal of security and its applications in 2015"
TL;DR: The experimental results show that the detection accuracy getting by the hybrid detection method proposed in this paper is higher than that of single DBN and has better detection performance.
Abstract: In this paper, we propose a hybrid malicious code detection scheme based on AutoEncoder and DBN (Deep Belief Networks). Firstly, we use the AutoEncoder deep learning method to reduce the dimensionality of data. This could convert complicated high-dimensional data into low dimensional codes with the nonlinear mapping, thereby reducing the dimensionality of data, extracting the main features of the data; then using DBN learning method to detect malicious code. DBN is composed of multilayer Restricted Boltzmann Machines (RBM, Restricted Boltzmann Machine) and a layer of BP neural network. Based on unsupervised training of every layer of RBM, we make the output vector of the last layer of RBM as the input vectors of BP neural network, then conduct supervised training to the BP neural network, finally achieve the optimal hybrid model by fine-tuning the entire network. After inputting testing samples into the hybrid model, the experimental results show that the detection accuracy getting by the hybrid detection method proposed in this paper is higher than that of single DBN. The proposed method reduces the time complexity and has better detection performance.
178 citations
TL;DR: This paper has analysed various encryption algorithms on the basis of different parameters and compared them to choose the best data encryption algorithm so that the user can use it in their future work.
Abstract: Now days, Data security is very challenging issue that touches many areas including computers and communication. Recently, we came across many attacks on cyber security that have played with the confidentiality of the users. These attacks just broke all the security algorithms and affected the confidentiality, authentication, integrity, availability and identification of user data. Cryptography is one such way to make sure that confidentiality, authentication, integrity, availability and identification of user data can be maintained as well as security and privacy of data can be provided to the user. Encryption is the process of converting normal data or plaintext to something incomprehensible or cipher-text by applying mathematical transformations or formulae. These mathematical transformations or formulae used for encryption processes are called algorithms. We have analysed ten data encryption algorithms DES, Triple DES, RSA, AES, ECC, BLOWFISH, TWOFISH, THREEFISH, RC5 and IDEA etc. Among them DES, Triple DES, AES, RC5, BLOWFISH, TWOFISH, THREEFISH and IDEA are symmetric key cryptographic algorithms. RSA and ECC are asymmetric key cryptographic algorithms. In this paper, we have analysed various encryption algorithms on the basis of different parameters and compared them to choose the best data encryption algorithm so that we can use it in our future work.
115 citations
TL;DR: A comparison of two encryption standards, 3DES and AES is presented, which shows that AES will provide more security in the long term since it has a large block size and a longer keys.
Abstract: A comparison of two encryption standards, 3DES and AES is presented. It may seem that DES is insecure and no longer of any use, but that is not the case since the DES and 3DES algorithms are still beyond the capability of most attacks in the present day. However, the power of computers is increasing and stronger algorithms are required to face hacker attacks. AES has been designed in software and hardware and it works quickly and efficiently, even on small devices such as smart phones. With a large block size and a longer keys, AES will provide more security in the long term.
48 citations
TL;DR: This paper proposes a security framework assuring the security of cyber physical systems and analyzes main universities and institutes studying CPS security and their relations in three levels: CPS security objectives, CPS security approaches and security in specific CPS applications.
Abstract: Today, cyber physical systems (CPS) are becoming popular in power networks, healthcare devices, transportation networks, industrial process and infrastructures. As cyber physical systems are used more and more extensively and thoroughly, security of cyber physical systems has become the utmost important concern in system design, implementation and research. Many kinds of attacks arise (e.g. the Stuxnet worm), causing heavy losses and serious potential security risks. For the past few years, researchers are focusing their researches on different aspects of security of cyber physical systems. In this paper, we propose a security framework assuring the security of cyber physical systems and analyze main universities and institutes studying CPS security and their relations in three levels: CPS security objectives, CPS security approaches and security in specific CPS applications. Finally, a conclusion of this article is given.
36 citations
TL;DR: A CPS security model is put forward, which contains security objectives, basic theories, simulation, and CPS framework, and summarizes security attacks to cyber-physical systems as a theoretical reference for the study of cyber–physical systems and to provide useful security defense.
Abstract: Governments, companies, universities and research institutes are pushing the research and development of cyber-physical systems (CPS). However, the development of cyberphysical systems is constrained by security factors. According to this situation, this paper put forward a CPS security model, which contains security objectives, basic theories, simulation, and CPS framework, summarizes security attacks to cyber-physical systems as a theoretical reference for the study of cyber–physical systems and to provide useful security defense. Based on the cyber-physical systems framework, the paper classifies attacks for the execution layer, transport layer and control layer. The execution layer attacks include security attacks for nodes such as sensors and actuators. Transport layer attacks include data leakage or damage and security issues during massive data integration. Control layer attacks include the loss of user privacy, incorrect access control policies and inadequate security standards. This paper gives security defenses and recommendations for all types of security attacks. Finally, this paper introduces categorizations of CPS application fields and explores their relationships.
31 citations
TL;DR: A technique to detect and prevent this ki nd of manipulation and hence eliminate Cross-Site Scripting attack is described.
Abstract: In present-day time, securing the web application against hacking is a big challenge. One of the common types of hacking technique to attack the web application is Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser’s resources such as cookies, credentials etc. by injecting the malicious JavaScript code on the victim’s web applications. Since Web browsers support the execution of commands embedded in Web pages to enable dynamic Web pages attackers can make use of this feature to enforce the execution of malicious code in a user’s Web browser. The analysis of detection and prevention of Cross-Site Scripting (XSS) help to avoid this type of attack. We describe a technique to detect and prevent this ki nd of manipulation and hence eliminate Cross-Site Scripting attack.
31 citations
TL;DR: A digital door lock system that can work with the IoT environment is proposed and provides strengthened security functions that can transfer recorded images to a user’s mobile device when an invalid user attempts an illegal operation and deliver alarm information when the door lock is physically damaged.
Abstract: Recently, digital door locks have been widely used as part of the IoT (Internet of Things). However, the media has reported digital door locks being opened by invalid users to invade homes and offices. In this study, a digital door lock system that can work with the IoT environment is proposed. It is designed and implemented to enhance security and convenience. The proposed system provides strengthened security functions that can transfer recorded images to a user’s mobile device when an invalid user attempts an illegal operation; it can also deliver alarm information to the mobile device when the door lock is physically damaged. The proposed system enables a user to check the access information and remotely operate the door lock to enhance convenience.
31 citations
TL;DR: An efficient lossless image cryptographic algorithm to transmit pictorial data securely and some parametric tests show that the proposed work is resilient and robust in the field of cryptography.
Abstract: Presently a number of techniques are used to restrict confidential image data from unauthorized access. In this paper, the authors have proposed an efficient lossless image cryptographic algorithm to transmit pictorial data securely. Initially we take a 64 bit key, we convert our decimal pixel value into binary 8 bits and we XOR the first 8 bits of the key with the pixel value. After that we take the next 8 bits of the key and XOR with the next pixel value. We perform the circular right shit operation when the key gets exhausted. We perform the first level haar wavelet decomposition thereafter. Dividing the LL1 into four equal sections we perform some swapping operations. Decryption follows the reverse of the encryption .Evaluation is done by some parametric tests which includes correlation analysis, NPCR, UACI readings etc. show that the proposed work is resilient and robust in the field of cryptography.
31 citations
TL;DR: This paper has shown that Mishra et al.'s multi-server authenticated key agreement scheme using smart cards is not secure as they have claimed and can suffer from impersonation attacks and stolen smart card attack.
Abstract: To protect the resources from unauthorized users, the remote user authentication have become an essential part in the communication network. Currently, smart card-based remote user authentication for multi-server environment is a widely used and researched method. Remote user authentication for multi-server environment has resolved the problem of users to manage the different identities and passwords. Recently, Mishra et al. proposed a multi-server authenticated key agreement scheme using smart cards, where they claim that their scheme is secure enough and could resist the various well known attacks. However, in this paper, we have shown that their scheme is not secure as they have claimed and can suffer from impersonation attacks and stolen smart card attack. Later in the paper, we propose an improved multi-server authentication scheme using smart cards, which not only overcomes the mentioned weaknesses but also can provide more functionality features.
31 citations
TL;DR: The improved PSO-BP neural network is applied to intrusion detection system model in this paper, aiming at the defects of the traditional BP neural network intrusion detection model in the detection rate and the convergence speed.
Abstract: In recent years, the problem of network security has been more and more people's attention, as one of the most important technology of network security, intrusion detection technology has gone through nearly thirty years of development, but it still exists some deficiency factors. Aiming at the defects of the traditional BP neural network intrusion detection model in the detection rate and the convergence speed, the improved PSO-BP neural network is applied to intrusion detection system model in this paper. Experimental and simulation, verifying the improved effect of system in the false negative rate, false positives rate and convergence speed of. Detailed analysis of the standard BP neural network algorithm and improved way of common, including gradient descent algorithm and additional momentum algorithm. Local search capability of BP neural network and the global search ability of particle swarm optimization , we have a detailed description of the PSO algorithm is applied to the case of BP neural network and discusses the improved PSO-BP neural network algorithm flow.
29 citations
TL;DR: This paper systematically introduced CPS's conception, development and applications assisted, and analyzed CPS’s risks and new requirements as an up-to-date technique brings, and proposed a security framework for CPS.
Abstract: Cyber-Physical System (CPS) is a system of systems which integrates physical system with cyber capability in order to improve the physical performance [1]. So far, it is being widely applied in areas closely related to national economy and people’s daily lives. Therefore, CPS security problems have drawn a global attention and an appropriate risk assessment for CPS is in urgent need. According to the researches and discussions in recent years, we believe that most researchers have already established a comprehensive understanding about CPS. This paper systematically introduced CPS’s conception, development and applications assisted. In addition, concerning about its aspects of safety and security, we also analyzed CPS’s risks and new requirements as an up-to-date technique brings. We elaborate the existing work and propose a research focus that has not been paid enough attention to, and proposed a security framework for CPS. At last, after providing a classic modeling and simulation method of CPS, we bring forward a new idea for accessing the experimental results into existing systems.
TL;DR: The ISCF could be used by all types of organizations in order to assess whether an acceptable level of information security culture has been implemented and, if not, corrective actions are suggested.
Abstract: An information security-aware culture will minimize internal threats to information assets through the construction of appropriate information security beliefs and values that guide employee behavior when interacting with information assets and information technology systems. This paper aims to illustrate the application of the Information Security Culture Framework (ISCF) to asses and cultivate an information security aware culture within an organization through an empirical study. The ISCF is a comprehensive framework that consists of five dimensions (Strategy, Technology, Organization, People, and Environment) and integrates change management and the human factor in information security. The empirical study includes three case studies, selected to demonstrate the effectiveness of ISCF in describing and explaining the organizational information security culture. A sequential mixed method, to collect quantitative survey data and qualitative interview data, is used to demonstrate the validity and reliability of the framework. The ISCF therefore could be used by all types of organizations in order to assess whether an acceptable level of information security culture has been implemented and, if not, corrective actions are suggested.
TL;DR: This paper will discuss the different cryptography of algorithms, which are important for the company to secure data when transferring data to cloud.
Abstract: Cloud computing appear to be a very popular and interesting computing technology. Every third person is using cloud computing directly or indirectly for example e-mail, most commonly used application of cloud computing, you can access your mail anywhere anytime. Your e-mail account is not visible on your personal computer but you have to access that with the help of internet. Like e-mail cloud computing provide many other services such as storage of any kind of data, access to different applications, resources etc. So users can easily access and store data with low cost and without worrying about how these services are provided to user. Due to this flexibility everyone is transferring data to cloud. To store data on cloud user has to send their data to the third party who will manage and store data. So it is very important for the company to secure that data. Data is said to be secured if confidentiality, availability, integrity is present. To secure data we have different algorithms. In this paper we will discuss the different cryptography of algorithms.
TL;DR: This paper analyzes various countries' cyber security strategy by focusing on public-private partnership, which is one of the common grounds of the strategies, and focuses on how each country establishes institutional framework of the partnership related to infra-protection.
Abstract: It is expected that utilization and expansion of cyber-space on the basis of big data, cloud computing and IoT(Internet of Things) will be a critical factor which determines national competitiveness. In the meantime, cyber threat accompanied by the utilization of cyber space, attacks targeting cyber space, became enhanced and complicated. Besides this, attackers were also more organized with economic and political intention. As a result, damage caused by the attacks targeting cyber-space has already brought about social confusion. This paper analyzes various countries' cyber security strategy by focusing on public-private partnership, which is one of the common grounds of the strategies. Especially, it focuses on how each country establishes institutional framework of the partnership related to infra-protection. The subject of analysis is limited to U. S. A, EU and Japan. Consequently, the countries, to some degree, adopt intervention policy through cyber security strategy, and government control is changing from voluntary self-regulation to enforced self-regulation in general. Additionally, public-partnership is more and more emphasized.
TL;DR: In this article, the authors focused on study of existing intrusion detection task by using data mining techniques and discussing on various issues in existing IDS based on data mining technique and discussed on different issues in IDS.
Abstract: With the incredible expansion of network-based services and responsive information on networks, network protection and security is getting more and more significance than ever. Intrusion poses a serious security risk in network surroundings. The ever rising new intrusion or attacks type poses severe difficulties for their detection. The human labeling of the accessible network audit information instances is generally tedious, expensive as well as time consuming. This paper focuses on study of existing intrusion detection task by using data mining techniques and discussing on various issues in existing intrusion detection system (IDS) based on data mining techniques.
TL;DR: A quantitative analysis based on the urn model is introduced, which quantifies the probability of attacker success in terms of port pool size, number of probes,Number of vulnerable services, and hopping frequency, and shows that port hopping is an effective and promising proactive defense technology in thwarting cyber attacks.
Abstract: Port hopping is a typical proactive cyber defense technology, which hides the service identity and confuses attackers during reconnaissance by constantly altering service ports. Although several kinds of port hopping mechanisms have been proposed and implemented, but it is still unknown how effective port hopping is and under what circumstances it is a viable moving target defense because the existed works are limited and they usually discuss only a few parameters. Besides, in many cases the defense effectiveness has been studied empirically. In order to have an insight into the effectiveness of port hopping, this paper introduces a quantitative analysis based on the urn model, which quantifies the probability of attacker success in terms of port pool size, number of probes, number of vulnerable services, and hopping frequency. Theoretical analysis shows that port hopping is an effective and promising proactive defense technology in thwarting cyber attacks.
TL;DR: Concrete solutions for improving the degree of security achievable are shown and a design of an e-learning user authentication system is introduced that prevents manipulation from the side of the students during learning, thus allowing a reliable control of learning success.
Abstract: The user authentication is very crucial in developing an e-learning system. Emerging standards for distance learning and education influence in a major way the development of e-learning systems. E-learning system must be secured against manipulation from the side of the students and also it protects user's privacy. This paper examines privacy and security issues associated with e-learning. It presents the basic principles behind privacy practices and legislation. Concrete solutions for improving the degree of security achievable are shown. A design of an e-learning user authentication system is introduced. This framework prevents manipulation from the side of the students during learning, thus allowing a reliable control of learning success.
TL;DR: A network intrusion detection method (ACO-FS -SVM) combining ant colony algorithm to select the features with a feature weighting SVM can effectively reduce the dimension of features, and have improved network intrusion Detection accuracy and detection speed.
Abstract: Feature selection and classifier design is the key to network intrusion detection. In order to improve network intrusion detection rate for feature selection problem, this paper proposed a network intrusion detection method (ACO-FS -SVM) combining ant colony algorithm to select the features with a feature weighting SVM. First, the use of support vector machine classification accuracy and feature subset dimension construct a comprehensive fitness weighting index. Then use the ant colony algorithm for global optimization and multiple search capabilities to achieve optimal solutions feature subset search feature. And then selected the key feature of network data and calculated information gain access to various features weights and heavy weights to build support vector machine classifier based on the characteristics of network attacks right. At last, refine the final design of the local search methods to make the feature selection results without redundant features while improve the convergence resistance, and verify the data set by KDD1999 effectiveness of the algorithm. The results show that ACO-FS-SVM can effectively reduce the dimension of features, and have improved network intrusion detection accuracy and detection speed.
TL;DR: A novel approach for robust design by amalgam of S-box of RECTANGLE & LED structure, and key scheduling by SPECK is introduced, which is secure against linear and differential cryptanalysis.
Abstract: Pervasive computing is the emerging field that needs ultra lightweight secure designs. In this paper, we have proposed a robust hybrid structure by fusion of RECTANGLE, LED and SPECK. With the help of a hybrid design, we have improved the key scheduling aspect of LED and related key attacks which were neglected in the LED cipher. In this paper, we also aimed at providing robust architecture by reducing footprint area to as less as possible. By using the S-box of RECTANGLE and the bit slicing technique, clustering of linear and differential trails are avoided which also strengthens the cipher. S-box of RECTANGLE is perfectly interfaced with LED design as their combination results in a differential path probability which is has an upper bound of 2 -50 in its first round. The use of Bit slicing technique in this hybrid design results in good differential and linear properties, which provide resistance to cache and timing attacks. LED cipher which uses S-box of PRESENT results in clustering of linear and differential trails as Sbox of PRESENT is specifically designed for compact hardware implementation. Column wise substitution and robust S-box design of RECTANGLE will make LED design robust and secure and enables it to provide resistance against any type of attack. SPECK which is designed by NSA has compact key scheduling and is best suited for our hybrid design, which helps in improving key scheduling of LED. In this paper, we have introduced a novel approach for robust design by amalgam of S-box of RECTANGLE & LED structure, and key scheduling by SPECK. This hybrid cipher design is secure against linear and differential cryptanalysis.
TL;DR: This paper focuses on the wormhole attack, its classification and the modes by which they are launched, and the effect of worm hole attack on various performance parameters.
Abstract: Security is the one of the major issue that exists in Mobile Ad hoc network. Mobile Ad hoc network is infrastructure less network so it is vulnerable to several security attacks that are on different layers. Wormhole attack is one of the serious routing attack on network layer. This paper focuses on the wormhole attack, its classification and the modes by which they are launched. This paper summarizes various detection techniques proposed for wormhole attack and also present the effect of wormhole attack on various performance parameters.
TL;DR: There is 50-60% reduction in power dissipation, which is possible with proper selection of the most energy efficient IO standards i.e. SSTL135_R among S STL logic families.
Abstract: In this particular work, we have done power dissipation analysis of DES algorithm, implemented on 28nm FPGA. We have used Xilinx ISE software development kit for all the observation done in this particular research work. Here, we have taken SSTL (StubSeries Terminated Logic) as input-output standard. We have considered six subcategories of SSTL (i.e. SSTL135, SSTL135_R, SSTL15, SSTL15_R, SSTL18_I and SSTL18_II) for four different WLAN frequencies (i.e. 2.4GHz, 3.6GHz, 4.9GHz, and 5.9GHz). We have done analysis considering five basic powers i.e. clock power, logic power, signal power, IOs power, leakage power and total power. There is 50-60% reduction in power dissipation, which is possible with proper selection of the most energy efficient IO standards i.e. SSTL135_R among SSTL logic families.
TL;DR: GA with an improved crossover operator was used for the cryptanalysis of Simplified data encryption standard problem (S-DES) and results have shown that GA performance is better than brute force search technique in breaking S-DES key.
Abstract: A genetic algorithm (GA) is a search algorithm for solving optimization problems due to it is robustness; it offers benefits over optimization techniques in searching ndimensional surface. In today's information age, information transfer has increased exponentially. Hence, security, confidentiality and authentication have become important factors in multimedia communications. Encryption is an effective technique that is preserving the confidentiality of data in Internet applications. Cryptanalysis is a technique of encoding and decoding ciphertext in such way it cannot be interpreted by anyone expects sender and receiver. In this paper, GA with an improved crossover operator was used for the cryptanalysis of Simplified data encryption standard problem (S-DES). Results have shown that GA performance is better than brute force search technique in breaking S-DES key.
TL;DR: This paper study the types and characteristics of these weaknesses as well as the risk elements, introducing a safer usage of smartphones.
Abstract: As smartphones are generalized, various technologies and services have been introduced and are in wide use. From simply using calling or texting services, Internet banking and transaction system that require sensitive personal information emerged. Google’s Android, one of the representative OS of smartphones, was developed based on an open source, having various weaknesses and exposed to security threats. In this paper, we study the types and characteristics of these weaknesses as well as the risk elements, introducing a safer usage of smartphones.
TL;DR: Experimental results show that the quantitative driving performance can be correctly estimated through analyzing driver’s EEG signals by the SDPEA system.
Abstract: Safety driving performance estimation and alertness (SDPEA) has drawn the attention of researchers in preventing traffic accidents caused by drowsiness while driving. Psychophysiological measures, such as electroencephalogram (EEG), are accurately investigated to be robust candidates for drivers’ drowsiness evaluation. This paper presents an effective EEG-based driver drowsiness monitoring system by analyzing the changes of brain activities in a simulator driving environment. The proposed SDPEA system can translate EEG signals into drowsiness level. Firstly, Independent component analysis (ICA) is performed on EEG data to remove artifacts. Then, eight EEG-band powers-related features: beta, alpha, theta, delta, (alpha plus theta)/beta, alpha / beta, (alpha plus theta)/(alpha plus beta) and theta / beta are extracted from the preprocessed EEG signals by employing the Fast Fourier Transform (FFT). Subsequently, fisher score technique selects the most descriptive features for further classification. Finally, Support Vector Machine (SVM) is employed as a classifier to distinguish drowsiness level. Experimental results show that the quantitative driving performance can be correctly estimated through analyzing driver’s EEG signals by the SDPEA system.
TL;DR: A solution to prevent and detect Sybil attacks in VANETs that prevents attackers from tracking the mobility of the vehicles and avoids false negatives in vehicle nodes is proposed.
Abstract: With the rapid development of wireless technologies, Privacy of personal location information of a vehicle ad-hoc network (VANET) users is becoming an increasingly important issue. Services provided by Location based services to VANETs users can breached by Sybil attacks i.e. by malicious vehicles claim multiple identities at the same time. The prevention of these attacks, which could occur in or out of the Road Side Units (RSUs) coverage have a challenge to detect, as it should meet a compromise between the ability to identify the real identity of the malicious vehicle, and prevention of vehicle users from being tracked by malicious entities (i.e. unauthorized users). This paper propose a solution to prevent and detect Sybil attacks in VANETs. The identification of attackers is based on two types of authentication techniques. The first uses identification tags (for example: RFID etc.) embedded in the vehicle to authenticate them to the RSU and obtain short lifetime certificates. The second uses certificates to authenticate vehicles to their neighbors. The vehicular network is divided into different zones brought under the control of different certification authorities (CAs), forcing a vehicle to change its certificate when moving from a zone to another. One important characteristic of the proposed solution is that it prevents attackers from tracking the mobility of the vehicles. Avoiding false negatives is also addressed using observers (for example: software components in charge of monitoring) in vehicle nodes. A set of simulation scenarios also are conducted to evaluate the performance of the proposed solution. In last, this paper summarizes the comparison between our proposed approach and other various existed techniques to detect Sybil attacks in LBSs.
TL;DR: This paper presents an anomaly-based intrusion detection algorithm, i.e., multiclass support vector machine (MSVM) with parameters optimized by particle swarm optimization (PSO) (termed MSVM-PSO), to detect anomalous connections.
Abstract: Intrusion detection systems (IDS) play an important role in defending network systems from insider misuse as well as external attackers. Compared with misuse-based techniques, anomaly-based intrusion detection techniques perform well in detecting new attacks. Firstly, this paper proposes a feature selection algorithm based on SVM (termed FS-SVM) to reduce the dimensionality of sample data. Moreover, this paper presents an anomaly-based intrusion detection algorithm, i.e., multiclass support vector machine (MSVM) with parameters optimized by particle swarm optimization (PSO) (termed MSVM-PSO), to detect anomalous connections. To verify the effectiveness of these two proposed algorithms (FS-SVM and MSVM-PSO) and the detection precision of MSVM-PSO, this paper conducts experiments on the famous KDD Cup dataset. This paper compares MSVM-PSO with three commonly adopted algorithms, namely, Bayesian, K-Means, and multiclass SVM with parameters optimized grid method (MSVM-grid). The experimental results show that MSVM-PSO outperforms these three algorithms in detection accuracy, FP rate, and FN rate.
TL;DR: The security against a conspiracy of some entities in the proposed system is considered and the possibility of establishing a more secure system is shown.
Abstract: In 1984, Shamir [1] introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a public key generation (PKG) and identify himself before joining a communication network. Once a user is accepted, the PKG will provide him with a secret key. In this way, if a user wants to communicate with others, he only needs to know the “identity” of his communication partner and the public key of the PKG. There is no public file required in this system. However, Shamir did not succeed in constructing an identity based cryptosystem, but only in constructing an identity-based signature scheme. Meshram and Meshram [5] have proposed an identity-based beta cryptosystem, security under the generalized discrete logarithm problem with distinct discrete exponents in the multiplicative group of finite fields and integer factorization problem. In this paper, we propose some modification in identity-based beta cryptosystem based on generalized discrete logarithm problem with distinct discrete exponents in the multiplicative group of finite fields and integer factorization problem and we consider the security against a conspiracy of some entities in the proposed system and show the possibility of establishing a more secure system.
TL;DR: An image-based one-time password scheme for the cloud environment called (imOTPc) is proposed, which uses an image as onetime password and mobile network, which makes the system more robust and, therefore, can withstand common types of attacks.
Abstract: Authentication can be considered as the first wall of protection from unauthorized access of any system and most notably cloud environment. Its aim is to verify user’s identity and thus the user’s legitimacy of access to services. Nowadays, The most used method for policing user access is text password. However, Several studies have shown the inadequacy of this method due to the growth of network threats. In order to mitigate the deficiency of text password scheme, we propose an image-based one-time password scheme for the cloud environment called (imOTPc). The scheme uses an image as onetime password and mobile network, which makes the system more robust and, therefore, can withstand common types of attacks. The security of the proposed scheme is based on the one-way hash function, secret extraction and the IMEI.