
显示样式: 排序: IF: - GO 导出
-
A lightweight and provable secure identity-based generalized proxy signcryption (IBGPS) scheme for Industrial Internet of Things (IIoT) J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-18 Saddam Hussain; Insaf Ullah; Hizbullah Khattak; Muhammad Asghar Khan; Chien-Ming Chen; Saru Kumari
Recently, the Industrial Internet of Things (IIoT) has become increasingly important for applications in the industry. IIoT has essentially become a prime security focus for implementing secure communication. Among the available cryptographic tools, identity-based signcryption provide a sound solution to fulfill the security requirement of IIoT. On the other hand a generalized proxy signcryption can
-
Enhanced (n, n)-threshold QR code secret sharing scheme based on error correction mechanism J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-14 Peng-Cheng Huang; Chin-Chen Chang; Yung-Hui Li; Yanjun Liu
In recent years, QR code is popular online and offline, and it is an ideal media for secret sharing. This paper utilizes the error correction capacity of QR code to propose an (n, n)-threshold secret sharing scheme for QR code. A secret QR code can be split and encoded into n cover QR codes. The generated marked QR codes still carry cover messages so that they will greatly reduce the suspicion of unauthorized
-
Simple and scalable blockchain with privacy J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-14 Wai Kok Chan; Ji-Jian Chin; Vik Tor Goh
The three primary requirements in privacy coin are sender anonymity, receiver anonymity, and transaction amount obscurity. In the process of achieving these three requirements, it can result in some side-effects. Some of the side-effects include large blockchain sizes, unpruneable blockchain, unverifiable total coin mintage, and complicated protocol. In this paper, we propose a coin privacy solution
-
A cancelable biometric authentication system based on feature-adaptive random projection J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-14 Wencheng Yang; Song Wang; Muhammad Shahzad; Wei Zhou
Biometric template data protection is critical in preventing user privacy and identity from leakage. Random projection based cancelable biometrics is an efficient and effective technique to achieve biometric template protection. However, traditional random projection based cancelable template design suffers from the attack via record multiplicity (ARM), where an adversary obtains multiple transformed
-
A mutual authentication scheme for establishing secure device-to-device communication sessions in the edge-enabled smart cities J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-13 Yanbin Zhang; Ke Cheng; Fazlullah Khan; Ryan Alturki; Rahim Khan; Ateeq Ur Rehman
Internet of Things (IoT) and edge-enabled networking infrastructures have been used to provide data processing capabilities at the edge rather than transferring it to the concerned cloud in the smart cities. However, security and privacy of both data and device Ci are among common issues associated with the edge-enabled IoT networking paradigm. Numerous edge-enabled mechanisms have been presented in
-
NATICUSdroid: A malware detection framework for Android using native and custom permissions J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-13 Akshay Mathur; Laxmi Mounika Podila; Keyur Kulkarni; Quamar Niyaz; Ahmad Y. Javaid
The rapid growth of Android apps and its worldwide popularity in the smartphone market has made it an easy and accessible target for malware. In the past few years, the Android operating system (AOS) has been updated several times to fix various vulnerabilities. Unfortunately, malware apps have also upgraded and adapted to this evolution. The ever-increasing number of native AOS permissions and developers’
-
CCA secure and efficient proxy re-encryption scheme without bilinear pairing J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-12 Shilpee Prasad; Purushothama B.R.
Proxy re-encryption enables the conversion of ciphertext of a message encrypted with one users public key into a ciphertext that could be decrypted by another users private key. Proxy re-encryption can be used as tool for delegation in wide variety of applications. Since proxy re-encryption is used as a primitive for delegation in varied applications, the primitive should be secure and efficient. Also
-
Chaos and compressive sensing based novel image encryption scheme J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-12 Jan Sher Khan; Sema Koç Kayhan
Out of various cryptographic attacks, Chosen-Plaintext Attack (CPA) is one of the most powerful and widely used attack on encrypted images. In order to efficiently resist such a strong attack, a novel chaos and compressive sensing based image encryption algorithm is presented in this work. Firstly, the original plaintext image is compressed via Orthogonal Matching Pursuit with Partially Known Support
-
Multi-view deep learning for zero-day Android malware detection J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-13 Stuart Millar; Niall McLaughlin; Jesus Martinez del Rincon; Paul Miller
Zero-day malware samples pose a considerable danger to users as implicitly there are no documented defences for previously unseen, newly encountered behaviour. Malware detection therefore relies on past knowledge to attempt to deal with zero-days. Often such insight is provided by a human expert hand-crafting and pre-categorising certain features as malicious. However, tightly coupled feature-engineering
-
Exploiting statistical and structural features for the detection of Domain Generation Algorithms J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-12 Constantinos Patsakis; Fran Casino
Nowadays, malware campaigns have reached a high level of sophistication, thanks to the use of cryptography and covert communication channels over traditional protocols and services. In this regard, a typical approach to evade botnet identification and takedown mechanisms is the use of domain fluxing through the use of Domain Generation Algorithms (DGAs). These algorithms produce an overwhelming amount
-
An optimized robust watermarking technique using CKGSA in frequency domain J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-12 Roop Singh; Alaknanda Ashok
The existing SVD based watermarking techniques insert watermark into the singular component which causes the false positive problem (FPP). To overcome this problem, a robust watermarking technique using a chaotic kbest gravitational search algorithm (CKGSA) in DCT and SVD domain is proposed. To eliminate the FPP, the watermark is embedded into the principal component (PC) of the cover image rather
-
SEA-BREW: A scalable Attribute-Based Encryption revocable scheme for low-bitrate IoT wireless networks J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-12 Michele La Manna; Pericle Perazzo; Gianluca Dini
Attribute-Based Encryption (ABE) is an emerging cryptographic technique that allows one to embed a fine-grained access control mechanism into encrypted data. In this paper we propose a novel ABE scheme called SEA-BREW (Scalable and Efficient Abe with Broadcast REvocation for Wireless networks), which is suited for Internet of Things (IoT) and Industrial IoT (IIoT) applications. In contrast to state-of-the-art
-
Privacy-preserving batch verification signature scheme based on blockchain for Vehicular Ad-Hoc Networks J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-12 Yanli Ren; Xiangyu Li; Shi-Feng Sun; Xingliang Yuan; Xinpeng Zhang
Along with the development of Internet of Things (IoT) technology and Vehicular Ad-Hoc Networks (VANETs), security and effectiveness of road utilization have also been greatly improved. Currently, many certificateless signature schemes have been proposed to improve the communication speed while protecting the communication contents and real identities of the vehicles. Among others, some schemes realize
-
Understanding cybersecurity behavioral habits: Insights from situational support J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-07 Yuxiang Hong; Steven Furnell
While the Internet has become an indispensable aspect of personal and professional lives, it has also served to render many individuals vulnerable to cybersecurity threats. Thus, the promotion of cybersecurity behaviors can effectively protect individuals from these threats. However, cybersecurity behaviors do not necessarily come naturally, and people need support and encouragement to develop and
-
Blockchain-empowered cloud architecture based on secret sharing for smart city J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-06 Jeonghun Cha; Sushil Kumar Singh; Tae Woo Kim; Jong Hyuk Park
Recent advances in information technology go beyond the simple convenience offered to individuals, leading to smart city technology that provides urban facilities and better quality of life. Smart City is a heterogeneous system consisting of a large IoT-based network, offering various applications for citizens by collecting and analyzing real-time information. As intelligent, efficient digital systems
-
Open code biometric tap pad for smartphones J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-05 Carl Haberfeld; Md Shafaeat Hossain; Lisa Lancor
Poor security practices among smartphone users, such as the use of simple, easily guessed passcodes for logins, are a result of the effort required to memorize stronger ones. In this paper, we devise a concept of “open code” biometric tap pad to authenticate smartphone users, which eliminates the need of memorizing secret codes. A biometric tap pad consists of a grid of buttons each labeled with a
-
Secure memory erasure in the presence of man-in-the-middle attackers J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-05 Rolando Trujillo-Rasua
Memory erasure protocols serve to clean up a device’s memory before the installation of new software. Although this task can be accomplished by direct hardware manipulation, remote software-based memory erasure protocols have emerged as a more efficient and cost-effective alternative. Existing remote memory erasure protocols, however, still rely on non-standard adversarial models to operate correctly
-
Weaponized AI for cyber attacks J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-05 Muhammad Mudassar Yamin; Mohib Ullah; Habib Ullah; Basel Katt
Artificial intelligence (AI)-based technologies are actively used for purposes of cyber defense. With the passage of time and with decreasing complexity in implementing AI-based solutions, the usage of AI-based technologies for offensive purposes has begun to appear in the world. These attacks vary from tampering with medical images using adversarial machine learning for false identification of cancer
-
An efficient biometric-based continuous authentication scheme with HMM prehensile movements modeling J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-05 Feriel Cherifi; Mawloud Omar; Kamal Amroun
Biometric is an emerging technique for user authentication thanks to its efficiency compared to the traditional methods, such as passwords and access-cards. However, most existing biometric authentication systems require the cooperation of users and provide only a login time authentication. To address these drawbacks, we propose in this paper a new, efficient continuous authentication scheme based
-
NaturalAE: Natural and robust physical adversarial examples for object detectors J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-04 Mingfu Xue; Chengxiang Yuan; Can He; Jian Wang; Weiqiang Liu
Recently, many studies show that deep neural networks (DNNs) are susceptible to adversarial examples, which are generated by adding imperceptible perturbations to the input of DNN. However, in order to convince that adversarial examples are real threats in real physical world, it is necessary to study and evaluate the adversarial examples in real-world scenarios. In this paper, we propose a natural
-
Yet another insecure group key distribution scheme using secret sharing J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2021-01-04 Chris J. Mitchell
A recently proposed group key distribution scheme known as UMKESS, based on secret sharing, is shown to be insecure. Not only is it insecure, but it does not always work, and the rationale for its design is unsound. UMKESS is the latest in a long line of flawed group key distribution schemes based on secret sharing techniques.
-
Blockchain and quantum blind signature-based hybrid scheme for healthcare 5.0 applications J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-12-29 Makwana Bhavin; Sudeep Tanwar; Navneet Sharma; Sudhanshu Tyagi; Neeraj Kumar
Insurance agencies and digitally recorded healthcare databases can help society to decrease the high-level complexity and the cost of the entire healthcare ecosystem. The general data protection regulation provides the right to its data owner’s to know how data is stored, and for which purpose his/her data is being used. However, the healthcare data flow through an open channel, i.e., the Internet
-
Intelligent operator: Machine learning based decision support and explainer for human operators and service providers in the fog, cloud and edge networks J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-12-24 Sebastian Łaskawiec; Michał Choraś; Rafał Kozik; Vijayakumar Varadarajan
The growing volume of cloud-based applications, services and cyber-physical IoT solutions presents vital challenges linked to resource allocation, misconfiguration, scaling, and running software updates. Various solutions and applications have different hardware and energy requirements of the involved elements. Hence, the recent technology trends suggests transferring some more complex computational
-
Efficient and secure substitution box and random number generators over Mordell elliptic curves J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-12-08 Ikram Ullah; Naveed Ahmed Azam; Umar Hayat
Elliptic curve cryptography has received great attention in recent years due to its high resistance against modern cryptanalysis. The aim of this article is to present efficient generators to generate substitution boxes (S-boxes) and pseudo random numbers which are essential for many well-known cryptosystems. These generators are based on a special class of ordered Mordell elliptic curves. Rigorous
-
Detection and mitigation of fraudulent resource consumption attacks in cloud using deep learning approach J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-12-08 Abhishek Agarwal; Ayush Prasad; Rishabh Rustogi; Sweta Mishra
Fraudulent Resource Consumption (FRC) attacks can be synthesized by subtly consuming metered resources of the cloud servers over a sustained period of time. The objective of the attacker in such attacks is to exploit the utility pricing model by fraudulently consuming cloud resources. This skillful over-consumption of resources results in a considerable financial burden to the client. These attacks
-
eBook surveillance and the threat to freedom of association J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-11-12 Stephen B. Wicker
eBook reader surveillance can have a strong negative effect on freedom of association and freedom of expression. In this paper we consider the potential for Kindle surveillance through a review of two of Amazon’s patents. We then consider the impact of reader surveillance on freedom of association through a study of US and European law. Particular emphasis is placed on the chilling effect of loss of
-
A provably secure dynamic ID-based authenticated key agreement framework for mobile edge computing without a trusted party J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-11-03 Dheerendra Mishra; Dharminder Dharminder; Preeti Yadav; Y. Sreenivasa Rao; Pandi Vijayakumar; Neeraj Kumar
Mobile Edge Computing (MEC) is an emergent paradigm that brings computation, storage, and network resources close to mobile users. It allows applications to execute near the user, which are delay-sensitive and content-aware. Since the MEC systems comprise distributed edge devices managed by self-governing people, they are more liable to security and privacy threats. Therefore, acure and efficient authentication
-
Reversible and recoverable authentication method for demosaiced images using adaptive coding technique J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-11-01 Xiaoyu Zhou; Wien Hong; Shaowei Weng; Tung-Shou Chen; Jeanne Chen
This paper proposes a reversible authentication scheme for demosaiced images with the capability to approximately recover original contents of tampered parts. The existing methods protect the marked images to a large extent; however, they cannot detect some intentional modifications, or lack the self-recovery capability of tampered regions. The proposed method uses the most significant bits (MSBs)
-
Detection of distributed denial of service attacks based on information theoretic approach in time series models J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-29 Jisa David; Ciza Thomas
DDoS is becoming one of the most powerful and dangerous cyber-attacks. Tremendous research efforts have already been carried out in the detection of DDoS attacks. Entropy is a statistical measure of attack detection. A study on variation in the distribution of network traffic features is undertaken in this work. The network traffic parameters that are used for DDoS detection include the destination
-
A data encryption model based on intertwining logistic map J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-16 Kamlesh Kumar Raghuvanshi; Subodh Kumar; Sunil Kumar
A data encryption model is developed using Brownian Motion based confusion and intertwining logistic map based diffusion method. In the existing encryption models, shuffling is irrelevant for the pixels with same value i.e. (all white/black/same colour) and models are prone to differential and various statistical attacks. This article investigates random data insertion to ensure the validity of shuffling
-
Automated exploration of homomorphic encryption scheme input parameters J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-17 Cyrielle Feron; Loïc Lagadec; Vianney Lapôtre
Homomorphic Encryption (HE) aims to perform computations on encrypted data. Still in research stage, a lot of HE schemes have been created but their comparison remains costly as execution exhibits prohibitive costs. PAnTHErS is a HE schemes modeler. Modeling with a common formalism allows the evaluation of input parameters variation impact on performances of a HE scheme execution i.e. on its execution
-
Lightweight privacy-preserving data aggregation protocol against internal attacks in smart grid J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-15 Xiao-Di Wang; Wei-Zhi Meng; Yi-Ning Liu
Privacy-preserving data aggregation has been studied extensively over the past decades, but there are still some concerns remained. For example, some schemes cannot resist against internal attacks, especially when the internal attack is launched by either the data centers that allocate the system security parameters or the attacker who shares the common information with the targeted user. In this paper
-
Privacy preservation in outsourced mobility traces through compact data structures J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-16 Luca Calderoni; Samantha Bandini; Dario Maio
Indoor localization is widely used as enabling technology for location-based services, such as advertising, indoor routing, and behavioral analysis. To keep these features available, service providers passively collect a large amount of data that may reveal strictly personal information about an individual. As an example, a timestamped mobility trace acquired in a mall may help the business owner to
-
A survey of authenticated key agreement protocols for multi-server architecture J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-16 Inam ul Haq; Jian Wang; Youwen Zhu; Saad Maqbool
This paper presents a comprehensive survey of authenticated key agreement protocols, which have been proposed for multi-server architectures. The growing use of cloud-based services has made multi-server authentication protocols a necessity. For a brief insight into the topic, the break-fix history of these protocols, vital functional and security requirements have been summarized. Protocols are categorized
-
Adaptable feature-selecting and threshold-moving complete autoencoder for DDoS flood attack mitigation J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-30 Ili Ko; Desmond Chambers; Enda Barrett
DDoS attacks remain one of the top cyber threats targeting the financial, health care, retail, gaming, and political sectors, which affects Internet service disruption, data or monetary loss. Security experts have predicted that the development of 5G technology will increase the frequency and the vector of DDoS attacks. Moreover, enhanced DDoS attack technology utilises artificial intelligence [1]
-
A certificateless signature for multi-source network coding J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-15 Huifang Yu; Wen Li
Comparison with traditional network routing technology, multi-source network coding allows the routers to encode the received data and has the merits of large throughput, strong robustness and fast speed. In addition, certificateless public key cryptosystem (CL-PKC) is both certificate-free and key escrow-free. From now, there is no certificateless signature suitable for multi-source network coding
-
Cheating immune k-out-of-n block-based progressive visual cryptography J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-15 Ching-Nung Yang; Yi-Chin Lin; Peng Li
Hou et al. introduced a (2, n) block-based progressive visual cryptographic scheme (BPVCS). In (2, n)-BPVCS, a secret image is subdivided into n non-overlapped image blocks. When t (2 ≤ t ≤ n) participants stack their shadow images, the image blocks belonged to these t participants will be recovered. Unfortunately, Hou et al.’s (2, n)-BPVCS suffers from the cheating problem. Additionally, Hou et al
-
Malware classification for the cloud via semi-supervised transfer learning J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-20 Xianwei Gao; Changzhen Hu; Chun Shan; Baoxu Liu; Zequn Niu; Hui Xie
Malware threats and privacy protection are two of the biggest challenges in the cloud computing environment. Many studies have focused on the accuracy of malware detection, but they did not sufficiently take into account the privacy protection of cloud tenants. This paper proposes a novel malware detection model, based on semi-supervised transfer learning (SSTL) for the cloud, that consists of detection
-
Universal stego post-processing for enhancing image steganography J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-19 Bolin Chen; Weiqi Luo; Peijia Zheng; Jiwu Huang
It is well known that the designing or improving embedding cost becomes a key issue for current steganographic methods. Unlike existing works, we propose a novel framework to enhance the steganography security via post-processing on the embedding units (i.e., pixel values and DCT coefficients) of stego directly. In this paper, we firstly analyze the characteristics of STCs (Syndrome-Trellis Codes)
-
A Guiding Framework for Vetting the Internet of Things J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-19 Fatma Masmoudi; Zakaria Maamar; Mohamed Sellami; Ali Ismail Awad; Vanilson Burégio
Like any emerging and disruptive technology, multiple obstacles are slowing down the Internet of Things (IoT) expansion for instance, multiplicity of things’ standards, users’ reluctance and sometimes rejection due to privacy invasion, and limited IoT platform interoperability. IoT expansion is also accompanied by the widespread use of mobile apps supporting anywhere, anytime service provisioning to
-
Multi-user certificateless public key encryption with conjunctive keyword search for cloud-based telemedicine J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-16 Mimi Ma; Shuqin Fan; Dengguo Feng
With the development of communication and information technologies, the telemedicine system has infiltrated many aspects of medicine field. It allows doctors to simultaneously diagnose patients in different areas, which provides great convenience to people. However, the increasing medical data brings serious challenges to people, such as data storage and processing. To reduce data management costs
-
Database intrusion detection using role and user behavior based risk assessment J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-16 Indu Singh; Narendra Kumar; Srinivasa K.G.; Tript Sharma; Vaibhav Kumar; Siddharth Singhal
Present-day organizations continue to expose their critical information infrastructures over the Internet for facilitating accessibility; substantially raising concerns about the security of data from both outsiders and insiders. In this paper, we propose a novel approach for detecting intrusive attacks on databases by assessing the risk for incoming transaction based upon the conflation of multiple
-
A bandwidth efficient HMAC-based authentication scheme for network coding J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-16 Tandoh Lawrence; Ikram Ali; Tandoh Christopher; Fagen Li
Pollution attacks in network coding result in the waste of bandwidth and computational resources. Several homomorphic message authentication code (HMAC) and signature-based schemes have been proposed to mitigate such attacks. In these schemes, authentication is achieved by appending several HMAC tags with or without a signature to the packet payload. This approach negatively affects the throughput
-
Design and application of a personal credit information sharing platform based on consortium blockchain J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-16 Jing Zhang; Rong Tan; Chunhua Su; Wen Si
The technical features of blockchain, including decentralization, data transparency, tamper-proofing, traceability, privacy protection and open-sourcing, make it a suitable technology for solving the information asymmetry problem in personal credit reporting transactions. Applying blockchain technology to credit reporting meets the needs of social credit system construction and may become an important
-
A Lightweight Signcryption Method for Perception Layer in Internet-of-Things J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-21 Ashish Kumar; Rahul Saha; Mamoun Alazab; Gulshan Kumar
Internet-of-Things (IoTs) are one of the most promising technologies in the present world. It connects people, processes and things. The increasing number of devices in IoT invoking various security and privacy issues. Authentication is one of them which should be measured at the very first level when a device comes into the network. Many authentication schemes are in use which follow the traditional
-
PCHET: An efficient programmable cellular automata based hybrid encryption technique for multi-chat client-server applications J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-27 Satyabrata Roy; Rohit Kumar Gupta; Umashankar Rawat; Nilanjan Dey; Ruben Gonzalez Crespo
This paper demonstrates an efficient programmable Cellular Automata (CA) based hybrid encryption technique (PCHET) for chatting applications involving multiple clients who can chat simultaneously with each other. The proposed scheme is a symmetric key encryption technique, still very lightweight and it is easy to implement. The base of the work lies in the attributes of various CA rules and their cryptographic
-
Real-time and private spatio-temporal data aggregation with local differential privacy J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-23 Xingxing Xiong; Shubo Liu; Dan Li; Zhaohui Cai; Xiaoguang Niu
Technology and usage advances in wireless communication and smart mobile devices with localization capabilities enable a large number of emerging applications of location-based services, e.g. mobile crowdsourcing applications, which are facilitating our daily life. However, collecting and sharing location data to service providers of applications will give rise to mobile users’ concerns on their privacy
-
DART: De-Anonymization of personal gazetteers through social trajectories J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-24 Matteo Francia; Enrico Gallinucci; Matteo Golfarelli; Nicola Santolini
The interest in trajectory data has sensibly increased since the widespread of mobile devices. Simple clustering techniques allow the recognition of personal gazetteers, i.e., the set of main points of interest (also called stay points) of each user, together with the list of time instants of each visit. Due to their sensitiveness, personal gazetteers are usually anonymized, but their inherent unique
-
Towards a secure ITS: Overview, challenges and solutions J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-22 Lama Sleem; Hassan N. Noura; Raphaël Couturier
-
Evaluation metric for crypto-ransomware detection using machine learning J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-23 S.H. Kok; A. Azween; NZ Jhanjhi
Ransomware is a type of malware that blocks access to its victim's resources until a ransom is paid. Crypto-ransomware is a type of ransomware that blocks access to its victim's files by the use of an encryption algorithm. This encrypted file remains permanently blocked, even if the victim is able to remove the ransomware from the infected file. This has forced victims to pay the ransom demanded in
-
Watch out! Doxware on the way… J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-22 Routa Moussaileb; Renzo E. Navas; Nora Cuppens
Malware remains the number one threat for individuals, enterprises, and governments. Malware’s aftermath can cause irreversible casualties if the requirements of the attackers are not met in time. Security researchers’ primary objective is protecting the assets that a person/company possesses. They are in a constant battle in this cyberware facing attackers’ malicious intent. To compete in this arms
-
A certificateless ring signature scheme with batch verification for applications in VANET J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-24 Samra Bouakkaz; Fouzi Semchedine
One of the most important challenges in secure and efficient communications for Vehicular Ad hoc NETworks (VANET) is proposing an appropriate authentication scheme. On the other hand, commonly used authentication approaches cannot be directly applied since they would lead to the violation of the privacy of the involved vehicles. In this paper, to address the security and privacy issues in VANETs, we
-
Security and privacy of UAV data using blockchain technology J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-26 Rupa Ch; Gautam Srivastava; Thippa Reddy Gadekallu; Praveen Kumar Reddy Maddikunta; Sweta Bhattacharya
The utility of virtual circuit (VC) based devices - UAVs, Drones, and similar other IoT based devices have gained immense momentum in the present day and age. These devices are predominantly used for aerial surveying in sensitive and remote areas. It is alarming that issues pertaining to stalking and information control have increased with the growth of technology. This paper presents a Blockchain
-
Globalized firefly algorithm and chaos for designing substitution box J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-24 Hussam S. Alhadawi; Dragan Lambić; Mohamad Fadli Zolkipli; Musheer Ahmad
This study adopted a metaheuristic approach based on the firefly algorithm (FA) optimization to generate an appropriate configuration for an 8 × 8 Substitution boxes (S-boxes). The FA can construct a strong S-box that satisfies the stipulated criteria by rapidly searching for the optimal or near-optimal feature subsets that minimize a given fitness function. The FA is a newly developed computation
-
Application design phase risk assessment framework using cloud security domains J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-13 Amartya Sen; Sanjay Madria
Security risk assessment is done to identify the vulnerabilities of a client’s application and develop strong security measures within budgetary constraints. However, while migrating to the Cloud platform, a generic notion of their publicly available security policies make it challenging for clients to assess the security threats solely relevant to their applications. Additionally, traditional risk
-
Spatiotemporal chaos in multiple dynamically coupled map lattices and its application in a novel image encryption algorithm J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-13 Ye Tao; Wenhua Cui; Zhao Zhang
Spatiotemporal chaotic systems are widely used for image encryption due to their better chaos, more chaotic sequences and more complex dynamic behavior. This paper proposes a new spatiotemporal chaotic system named Multiple dynamically coupled map lattices (MDCML). The proposed system introduces dynamic coupling parameter, which enhances ergodicity and improves pseudo-randomness and chaos of the system
-
Applied graph theory to security: A qualitative placement of security solutions within IoT networks J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-13 Tanguy Godquin; Morgan Barbier; Chrystel Gaber; Jean-Luc Grimault; Jean-Marie Le Bars
The rise of edge computing enables local network management. Services are no longer clustered inside the cloud but rather spread all over the whole network. In this paper, we propose a method for deploying security services within an IoT network according to devices capabilities. Our method models an IoT network as a weighted graph using device capabilities. Using the latter, we propose to identify
-
A two-phase sequential pattern mining framework to detect stealthy P2P botnets J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-13 Fateme Faraji Daneshgar; Maghsoud Abbaspour
The botnet has been one of the most common threats to network security. Among all emerged botnet, Peer to Peer (P2P) botnets are more perilous and resistant due to their distributed nature. In addition to their resiliency against takedown strategies, modern P2P botnets are stealthier in the way they perform fraudulent activities. One of the main challenges to detect P2P bots/botnets is the presence
-
Privacy-preserving fully anonymous ciphertext policy attribute-based broadcast encryption with constant-size secret keys and fast decryption J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-13 Mriganka Mandal
Cloud computing is admired as a notable computing terminology in which facilities of the computing framework are rendered as aid over Internet services. In the era of cloud computing, lightweight devices can be used to afford remote e-healthcare, which facilitates the development of remote healthcare consultations, monitoring of patients’ health reports, and medical research. The downside of the cloud
-
Extending STPA with STRIDE to identify cybersecurity loss scenarios J. Inf. Secur. Appl. (IF 2.327) Pub Date : 2020-10-10 Nivio Paula de Souza; Cecília de Azevedo Castro César; Juliana de Melo Bezerra; Celso Massaki Hirata
Analyzing safety and security together in the concept stage of system development can reduce redundant work and inconsistency in the identification of safety and security requirements. STPA is a safety analysis technique that also allows analyzing security concerns. STPA does not employ threat models to identify loss scenarios. Threat models allow identifying, enumerating, and prioritizing potential