Showing papers in "Journal of Information Security in 2018"

Design of the Blockchain Smart Contract: A Use Case for Real Estate

Abstract: Blockchain is a fast-disruptive technology becoming a key instrument in share economy. In recent years, Blockchain has received considerable attention from many researchers and government institutions. This paper aims to present the Blockchain and smart contract for a specific domain which is real estate. A detailed design of smart contract is presented and then a use case for renting residential and business buildings is examined.

Age invariant face recognition using convolutional neural networks and set distances

Abstract: Time lapse, characteristic of aging, is a complex process that affects the reliability and security of biometric face recognition systems. Systems and methods use deep learning, in general, and convolutional neural networks (CNN), in particular, for automatic rather than hand-crafted feature extraction for robust face recognition across time lapse. A CNN architecture using the VGG-Face deep (neural network) learning produces highly discriminative and interoperable features that are robust to aging variations even across a mix of biometric datasets. The features extracted show high inter-class and low intra-class variability leading to low generalization errors on aging datasets using ensembles of subspace discriminant classifiers.

End-to-End Encryption in Messaging Services and National Security—Case of WhatsApp Messenger

Abstract: The ubiquity of instant messaging services on mobile devices and their use of end-to-end encryption in safeguarding the privacy of their users have become a concern for some governments. WhatsApp messaging service has emerged as the most popular messaging app on mobile devices today. It uses end-to-end encryption which makes government and secret services efforts to combat organized crime, terrorists, and child pornographers technically impossible. Governments would like a “backdoor” into such apps, to use in accessing messages and have emphasized that they will only use the “backdoor” if there is a credible threat to national security. Users of WhatsApp have however, argued against a “backdoor”; they claim a “backdoor” would not only be an infringement of their privacy, but that hackers could also take advantage of it. In light of this security and privacy conflict between the end users of WhatsApp and government’s need to access messages in order to thwart potential terror attacks, this paper presents the advantages of maintaining E2EE in WhatsApp and why governments should not be allowed a “backdoor” to access users’ messages. This research presents the benefits encryption has on consumer security and privacy, and also on the challenges it poses to public safety and national security.

Generation of DDoS Attack Dataset for Effective IDS Development and Evaluation

Abstract: Distributed Denial of Service (DDoS) attacks are performed from multiple agents towards a single victim. Essentially, all attacking agents generate multiple packets towards the victim to overwhelm it with requests, thereby overloading the resources of the victim. Since it is very complex and expensive to conduct a real DDoS attack, most organizations and researchers result in using simulations to mimic an actual attack. The researchers come up with diverse algorithms and mechanisms for attack detection and prevention. Further, simulation is good practice for determining the efficacy of an intrusive detective measure against DDoS attacks. However, some mechanisms are ineffective and thus not applied in real life attacks. Nowadays, DDoS attack has become more complex and modern for most IDS to detect. Adjustable and configurable traffic generator is becoming more and more important. This paper first details the available datasets that scholars use for DDoS attack detection. The paper further depicts the a few tools that exist freely and commercially for use in the simulation programs of DDoS attacks. In addition, a traffic generator for normal and different types of DDoS attack has been developed. The aim of the paper is to simulate a cloud environment by OMNET++ simulation tool, with different DDoS attack types. Generation normal and attack traffic can be useful to evaluate developing IDS for DDoS attacks detection. Moreover, the result traffic can be useful to test an effective algorithm, techniques and procedures of DDoS attacks.

Empirical Evidence on the Determinants of Cybersecurity Investments in Private Sector Firms

Abstract: Investments in cybersecurity are critical to the national and economic security of a nation. There is, however, a strong tendency for firms in the private sector to underinvest in cybersecurity activities. This paper reports the results of a survey designed to empirically assess whether treating cybersecurity as an important component of a firm’s internal control system for financial reporting purposes serves as a driver for private sector firms to invest in cybersecurity activities. The findings, in this regard, are significantly positive. The study also shows that a firm’s concern over the risk of incurring a large loss due to a cybersecurity breach and the degree the firm treats cybersecurity investments as generating a competitive advantage are drivers of the level of private sector investment in cybersecurity activities. The implications of the empirical results for designing public policies to mitigate the tendency of private sector firms to underinvest in cybersecurity are also explored.

Social Engineering Threat and Defense: A Literature Survey

Abstract: This article surveys the literature on social engineering. There are lots of security application and hardware in market; still there are several methods that can be used to breach the information security defenses of an organization or individual. Social engineering attacks are interested in gaining information that may be used to carry out actions such as identity theft, stealing password or gaining information for another type of attack. The threat lies with the combinations of social engineering with another type of attacks like Phishing and Watering hole attack which make it hard to defense against. This research aims to investigate the impact of modern Social Engineering on the organization or individual. It describes the categories of Social Engineering, and how the attacker takes advantage of human behavior. At the same time, I also discuss the direct and indirect attack of social engineering and the defense mechanism against this attack.

Novel Hybrid Encryption Algorithm Based on Aes, RSA, and Twofish for Bluetooth Encryption

Abstract: In this paper, we proposed a novel triple algorithm based on RSA (Rivest-Shamir-Adleman), AES (Advanced Encryption Standard), and TwoFish in order to further improve the security of Bluetooth that is currently using only 128-bit AES for encryption in its latest versions (Bluetooth 4.0 - 5.0). Further-more, older Bluetooth 1.0A – 3.0 + HS (High-Speed) devices use E0 stream cipher for encryption that has been shown to be weak by numerous researchers and thus it could be considered insufficient for high security purposes nowadays. In our novel approach, the triple protection of AES, RSA, and TWOFISH would enhance the level of security, which shields the data transmission in the Bluetooth. As the first step of our novel approach, we first encrypted the message by using AES with 128-bit key and then further encrypted it by using Twofish with the same 128-bit key. Finally, the 128-bit key generated in the beginning will be encrypted by using RSA with 1024-bit key to protect its over-the-air transfer. In the receiving end, the decryption process goes in reverse order compared with encryption process. We showed with experimental figures that our novel algorithm improved the security of Bluetooth encryption by eliminating all known weaknesses and thus made data exchange between Bluetooth devices secure.

SecSPS: A Secure and Privacy-Preserving Framework for Smart Parking Systems

Abstract: Smart parking systems are a crucial component of the “smart city” concept, especially in the age of the Internet of Things (IoT). They aim to take the stress out of finding a vacant parking spot in city centers, due to the increasing number of cars, especially during peak hours. To realize the concept of smart parking, IoT-enabling technologies must be utilized, as the traditional way of developing smart parking solutions entails a lack of scalability, compatibility with IoT-constrained devices, security, and privacy awareness. In this paper, we propose a secure and privacy-preserving framework for smart parking systems. The framework relies on the publish/subscribe communication model for exchanging a huge volume of data with a large number of clients. On one hand, it provides functional services, including parking vacancy detection, real-time information for drivers about parking availability, driver guidance, and parking reservation. On the other hand, it provides security approaches on both the network and application layers. In addition, it supports mutual authentication mechanisms between entities to ensure device/ data authenticity, and provide security protection for users. That makes our proposed framework resilient to various types of security attacks, such as replay, phishing, and man-in-the-middle attacks. Finally, we analyze the performance of our framework, which is suitable for IoT devices, in terms of computation and network overhead.

Non-Homogeneous Stochastic Model for Cyber Security Predictions

Abstract: Any computer system with known vulnerabilities can be presented using attack graphs. An attacker generally has a mission to reach a goal state that he expects to achieve. Expected Path Length (EPL) [1] in the context of an attack graph describes the length or number of steps that the attacker has to take in achieving the goal state. However, EPL varies and it is based on the “state of vulnerabilities” [2] [3] in a given computer system. Any vulnerability throughout its life cycle passes through several stages that we identify as “states of the vulnerability life cycle” [2] [3]. In our previous studies we have developed mathematical models using Markovian theory to estimate the probability of a given vulnerability being in a particular state of its life cycle. There, we have considered a typical model of a computer network system with two computers subject to three vulnerabilities, and developed a method driven by an algorithm to estimate the EPL of this network system as a function of time. This approach is important because it allows us to monitor a computer system during the process of being exploited. Proposed non-homogeneous model in this study estimates the behavior of the EPL as a function of time and therefore act as an index of the risk associated with the network system getting exploited.

On the Significance of Cryptography as a Service

Abstract: Cryptography as a service is becoming extremely popular. It eases the way companies deal with securing their information without having to worry about their customer’s information being accessed by someone who should not have access to it. In this overview, we will be taking a closer look at Cryptography as a Service. The ground we will be examining is the effectiveness of it for mobile/wireless and desktop computing. Since we will be looking at something that operates as a service, we will need to first cover the application program interface (API) basics [1] or standard software as a service (SaaS) [2]. Next, what exactly cryptography as a service means for each of the aforementioned platforms. Lastly, other possible solutions and how they compare to CaaS. For the purpose of this review, we will be looking at CaaS in a cloud environment since typical SaaS is used that way. Subsequently most cloud environments utilize a UNIX based operating system or similar solution, which will be the target environment for the purpose of this paper. Popular algorithms that are used in CaaS will be the final part that will be examined on the grounds of how they perform, level of security offered, and usability in CaaS. Upon reading this paper the reader will have a better understanding of how exactly CaaS operates and what it has to offer for mobile, desktop, and wireless users in the present and future.

DDoS Attack Detection Using Heuristics Clustering Algorithm and Naïve Bayes Classification

Abstract: In recent times among the multitude of attacks present in network system, DDoS attacks have emerged to be the attacks with the most devastating effects. The main objective of this paper is to propose a system that effectively detects DDoS attacks appearing in any networked system using the clustering technique of data mining followed by classification. This method uses a Heuristics Clustering Algorithm (HCA) to cluster the available data and Naive Bayes (NB) classification to classify the data and detect the attacks created in the system based on some network attributes of the data packet. The clustering algorithm is based in unsupervised learning technique and is sometimes unable to detect some of the attack instances and few normal instances, therefore classification techniques are also used along with clustering to overcome this classification problem and to enhance the accuracy. Naive Bayes classifiers are based on very strong independence assumptions with fairly simple construction to derive the conditional probability for each relationship. A series of experiment is performed using “The CAIDA UCSD DDoS Attack 2007 Dataset” and “DARPA 2000 Dataset” and the efficiency of the proposed system has been tested based on the following performance parameters: Accuracy, Detection Rate and False Positive Rate and the result obtained from the proposed system has been found that it has enhanced accuracy and detection rate with low false positive rate.

Ontology-Based Cyber Security Policy Implementation in Saudi Arabia

Abstract: Cyber security is an important element of national security and the safekeeping of a nation’s constituency and assets. In Saudi Arabia, the point of interest on cyber security is particularly outstanding due to the fact that Saudi Arabia has a highly cyber attacks all over the Arab countries. This paper displays on contemporary studies done in Saudi Arabia in regards to cyber security policy coverage. The point of interest of this paper is the use of ontology to identify and suggest a formal, encoded description of the cyber security strategic environment, and propose the development of ontology to be able to permit the implementation of the sort of policy. The intention of the ontology is to become aware of and constitute the multi-layered company of gamers and their related roles and obligations within the cyber security environment. This could make contributions in large part to the improvement, implementation and rollout of a country wide cyber security policy in Saudi Arabia.

A Survey of Cloud Computing Detection Techniques against DDoS Attacks

Abstract: A Distributed Denial of Service Attack (DDoS) is an attack in which multiple systems compromised by a Trojan are maliciously used to target a single system. The attack leads to the denial of a certain service on the target system. In a DDoS attack, both the target system and the systems used to perform the attack are all victims of the attack. The compromised systems are also called Botnets. These attacks occur on networked systems, among them the cloud computing facet. Scholars have tried coming up with separate mechanisms for detecting and preventing such attacks long before they occur. However, as technology progresses in advancement so do the attack mechanisms. In cloud computing, security issues affect various stakeholders who plan on cloud adoption. DDoS attacks are such serious concerns that require mitigation in the cloud. This paper presents a survey of the various mechanisms, both traditional and modern, that are applied in detecting cloud-based DDoS attacks.

On the Use of k-NN in Anomaly Detection

Abstract: In this paper, we describe an algorithm that uses the k-NN technology to help detect threatening behavior in a computer network or a cloud. The k-NN technology is very simple and yet very powerful. It has several disadvantages and if they are removed the k-NN can be an asset to detect malicious behavior.

Generating Rule-Based Signatures for Detecting Polymorphic Variants Using Data Mining and Sequence Alignment Approaches

Abstract: Antiviral software systems (AVSs) have problems in detecting polymorphic variants of viruses without specific signatures for such variants. Previous alignment-based approaches for automatic signature extraction have shown how signatures can be generated from consensuses found in polymorphic variant code. Such sequence alignment approaches required variable length viral code to be extended through gap insertions into much longer equal length code for signature extraction through data mining of consensuses. Non-nested generalized exemplars (NNge) are used in this paper in an attempt to further improve the automatic detection of polymorphic variants. The important contribution of this paper is to compare a variable length data mining technique using viral source code to the previously used equal length data mining technique obtained through sequence alignment. This comparison was achieved by conducting three different experiments (i.e. Experiments I-III). Although Experiments I and II generated unique and effective syntactic signatures, Experiment III generated the most effective signatures with an average detection rate of over 93%. The implications are that future, syntactic-based smart AVSs may be able to generate effective signatures automatically from malware code by adopting data mining and alignment techniques to cover for both known and unknown polymorphic variants and without the need for semantic (run-time) analysis.

Security Analysis of Subspace Network Coding

Abstract: This paper analyzed the security of constant dimensional subspace code against wiretap attacks. The security was measured in the probability with which an eavesdropper guessed the source message successfully. With the methods of linear algebra and combinatorics, an analytic solution of the probability was obtained. Performance of subspace code was compared to several secure network coding schemes from the perspective of security, flexibility, complexity, and independence, etc. The comparison showed subspace code did not have perfect security, but it achieved probabilistic security with low complexity. As a result, subspace code was suitable to the applications with limited computation and moderate security requirement.

Handwritten Numeric and Alphabetic Character Recognition and Signature Verification Using Neural Network

Abstract: Handwritten signature and character recognition has become challenging research topic due to its numerous applications. In this paper, we proposed a system that has three sub-systems. The three subsystems focus on offline recognition of handwritten English alphabetic characters (uppercase and lowercase), numeric characters (0 - 9) and individual signatures respectively. The system includes several stages like image preprocessing, the post-processing, the segmentation, the detection of the required amount of the character and signature, feature extraction and finally Neural Network recognition. At first, the scanned image is filtered after conversion of the scanned image into a gray image. Then image cropping method is applied to detect the signature. Then an accurate recognition is ensured by post-processing the cropped images. MATLAB has been used to design the system. The subsystems are then tested for several samples and the results are found satisfactory at about 97% success rate. The quality of the image plays a vital role as the images of poor or mediocre quality may lead to unsuccessful recognition and verification.

Robust Digital Audio Watermarking Based on SVD and Modified Firefly Algorithm

Abstract: Digital Watermarking is a technology, to facilitate the authentication, copyright protection and Security of digital media. The objective of developing a robust watermarking technique is to incorporate the maximum possible robustness without compromising with the transparency. Singular Value Decomposition (SVD) using Firefly Algorithm provides this objective of an optimal robust watermarking technique. Multiple scaling factors are used to embed the watermark image into the host by multiplying these scaling factors with the Singular Values (SV) of the host audio. Firefly Algorithm is used to optimise the modified host audio to achieve the highest possible robustness and transparency. This approach can significantly increase the quality of watermarked audio and provide more robustness to the embedded watermark against various attacks such as noise, resampling, filtering attacks etc.

The Study of Secure Congestion Control for TCP in Ad Hoc Networks

Abstract: Ad hoc networks are vulnerable to various attacks. In addition, congestion caused by limited resources may occur at any time in the transmission of the packets at intermediate nodes. This paper proposes a dynamic congestion control method of the selection of a secure path. By estimating the average queue length at the nodes, the congestion level at present is detected. If the occurrence of the possible congestion is predicted, the network will select a new path where all nodes have been certified as trusted nodes, generating session keys in the TCP three-way handshake to prevent the denial of service attacks. Simulation results show that the new algorithm is superior to TCP Reno algorithm in terms of security, packets loss rate, throughput, and end-to-end delay.

Human Sensor Web Crowd Sourcing Security Incidents Management in Tanzania Context

Abstract: Security incidents affecting information systems in cyberspace keep on rising Researchers have raised interest in finding out how to manage security incidents Various solutions proposed do not effectively address the problematic situation of security incidents The study proposes a human sensor web Crowd sourcing platform for reporting, searching, querying, analyzing, visualizing and responding to security incidents as they arise in real time Human sensor web Crowd sourcing security incidents is an innovative approach for addressing security incidents affecting information systems in cyberspace It employs outsourcing collaborative efforts initiatives outside the boundaries of the given organization in solving a problematic situation such as how to improve the security of information systems It was managed by soft systems methodology Moreover, security maturity level assessment was carried out to determine security requirements for managing security incidents using ISO/IEC 21827: Systems security engineering capability maturity model with a rating scale of 0 - 5 It employed descriptive statistics and non-parametric statistical method to determine the significance of each variable based on a research problem It used Chi-Square Goodness of Fit Test (X2) to determine the statistical significance of result findings The findings revealed that security controls and security measures are implemented in ad-hoc For managing security incidents, organizations should use human sensor web Crowd sourcing platform The study contributes to knowledge base management learning integration: practical implementation of Crowd sourcing in information systems security

Secure Passwords Using Combinatorial Group Theory

Abstract: Password security is a crucial component of modern internet security. In this paper, we present a provably secure method for password verification using combinatorial group theory. This method relies on the group randomizer system, a subset of the MAGNUS computer algebra system and corrects most of the present problems with challenge response systems, the most common types of password verification. Theoretical security of the considered method depends on several results in asymptotic group theory. We mention further that this method has applications for many other password situations including container security.

A Security Architecture for SCADA Systems

Abstract: Supervisory Control and Data Acquisition (SCADA) systems are attractive targets for attackers, as they offer an avenue to attack critical infrastructure (CI) systems controlled by SCADA systems. Ultimately, an attack on any system exploits some undesired (malicious or accidental) functionality in the components of the system. Unfortunately, it is far from practical to eliminate undesired functionality in every component of a system. The contribution of this paper is a novel architecture for securing SCADA systems that guarantee that “any malicious modification of the deployment configuration or the design configuration of the SCADA system will be detected”—even if undesired functionality may exist in SCADA system components.