
显示样式: 排序: IF: - GO 导出
-
A semantic-aware log generation method for network activities Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-04-11 Aun Yichiet, Yen-Min Jasmina Khaw, Ming-Lee Gan, Vasaki Ponnusamy
Context-aware network logging is becoming more prevalent for enterprise networks, data centers, and forensics. Monitoring agents are strategically placed to generate log files from the activity of interests from various network points. In a distributed architecture, these agents are scattered across multiple nodes, and they have limited network visibility. Consequently, the resulting logs become fragmented
-
Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendations Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-03-19 Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, Ali Chehab
The recent digital revolution led robots to become integrated more than ever into different domains such as agricultural, medical, industrial, military, police (law enforcement), and logistics. Robots are devoted to serve, facilitate, and enhance the human life. However, many incidents have been occurring, leading to serious injuries and devastating impacts such as the unnecessary loss of human lives
-
Public key versus symmetric key cryptography in client–server authentication protocols Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-03-08 An Braeken
Every month, several new protocols are popping up, comparing themselves with a few others and claiming to outperform the whole state of the art. The most popular domain of protocols is the one for authentication in a client–server architecture for which both symmetric key- and public key-based protocols are being proposed. The usage of public key-based mechanisms has several consequences, not only
-
Privacy preserving data sharing and analysis for edge-based architectures Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-03-06 Mina Sheikhalishahi, Andrea Saracino, Fabio Martinelli, Antonio La Marra
In this paper, we present a framework for privacy preserving collaborative data analysis among multiple data providers acting as edge of a cloud environment. The proposed framework computes the best trade-off among privacy and result accuracy, based on the privacy requirements of data providers and the specific requested analysis algorithm. Though the presented model is general and can be applied to
-
[m]allotROPism: a metamorphic engine for malicious software variation development Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-03-03 Christos Lyvas, Christoforos Ntantogian, Christos Xenakis
For decades, code transformations have been a vital open problem in the field of system security, especially for cases like malware mutation engines that generate semantically equivalent forms of given malicious payloads. While there are abundant works on malware and on malware phylogenies classification and detection in general, the fundamental principles about malicious transformations to evade detection
-
Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in Industry 4.0 Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-02-27 George Stergiopoulos, Panagiotis Dedousis, Dimitris Gritzalis
Threat models and attack graphs have been used more than 20 years by enterprises and organizations for mapping the actions of potential adversaries, analyzing the effects of vulnerabilities and visualizing attack scenarios. Although efficient when describing high-level interactions in simpler enterprise networks, they fall short in modern decentralized systems, especially in microservices architectures
-
A new smart smudge attack using CNN Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-02-21 Hansub Shin, Sungyong Sim, Hyukyoon Kwon, Sangheum Hwang, Younho Lee
This paper deals with a well-known problem in the area of the smudge attacks: when a user draws a pattern to unlock the pattern lock on a smartphone screen, pattern extraction sometimes becomes difficult owing to the existence of the oily residuals around it. This is because the phone screen becomes obscured by these residuals, which significantly lower the guess rate of the pattern lock. To address
-
DAPP: automatic detection and analysis of prototype pollution vulnerability in Node.js modules Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-02-13 Hee Yeon Kim, Ji Hoon Kim, Ho Kyun Oh, Beom Jin Lee, Si Woo Mun, Jeong Hoon Shin, Kyounggon Kim
The safe maintenance of Node.js modules is critical in the software security industry. Most server-side web applications are built on Node.js, an environment that is highly dependent on modules. However, there is clear lack of research on Node.js module security. This study focuses particularly on prototype pollution vulnerability, which is an emerging security vulnerability type that has also not
-
Thresholdizing HashEdDSA: MPC to the Rescue Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-02-04 Charlotte Bonte, Nigel P. Smart, Titouan Tanguy
Following recent comments in a NIST document related to threshold cryptographic standards, we examine the case of thresholdizing the HashEdDSA signature scheme. This is a deterministic signature scheme based on Edwards elliptic curves. Unlike DSA, it has a Schnorr-like signature equation, which is an advantage for threshold implementations, but it has the disadvantage of having the ephemeral secret
-
Outsourced cheating detection for secret sharing Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-01-25 Louis Cianciullo, Hossein Ghodosi
In a secret sharing scheme, a dealer, D, distributes shares of a secret, S among a set of n participants, such that only authorised subsets of these participants can reconstruct S, by pooling their shares. Unauthorised subsets should gain no information. An extensively researched area within this field is how to cope with participants who arbitrarily modify their shares (i.e. cheaters). A secret sharing
-
Web access monitoring mechanism via Android WebView for threat analysis Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-01-19 Yuta Imamura, Rintaro Orito, Hiroyuki Uekawa, Kritsana Chaikaew, Pattara Leelaprute, Masaya Sato, Toshihiro Yamauchi
Many Android apps employ WebView, a component that enables the display of web content in the apps without redirecting users to web browser apps. However, WebView might also be used for cyberattacks. Moreover, to the best of our knowledge, although some countermeasures based on access control have been reported for attacks exploiting WebView, no mechanism for monitoring web access via WebView has been
-
Securing the controller area network with covert voltage channels Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-01-19 Pal-Stefan Murvay, Lucian Popa, Bogdan Groza
The Controller Area Network (CAN) is the most widely employed communication protocol for in-vehicle applications. While many of its features qualify it as a suitable candidate for future use in automotive networking, the lack of security mechanisms makes it problematic for safety-critical applications. Recently, both the research community and the industry have proposed a large number of solutions
-
Continuous improvement process (CIP)-based privacy-preserving framework for smart connected toys Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-01-19 Benjamin Yankson
Advances within the toy industry and interconnectedness have resulted in the rapid and pervasive development of smart connected toys (SCTs), built with the capacity to collect terabytes of personal identifiable information, device context data, and play data. Any compromise of data stored, process, or transit can introduce privacy concerns, financial fraud concerns, and safety concerns, such as location
-
Attention: there is an inconsistency between android permissions and application metadata! Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-01-07 Huseyin Alecakir, Burcu Can, Sevil Sen
Since mobile applications make our lives easier, there is a large number of mobile applications customized for our needs in the application markets. While the application markets provide us a platform for downloading applications, it is also used by malware developers in order to distribute their malicious applications. In Android, permissions are used to prevent users from installing applications
-
Enabling isolation and recovery in PLC redundancy framework of metro train systems Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-01-04 Edwin Franco Myloth Josephlal, Sridhar Adepu, Zheng Yang, Jianying Zhou
The current train systems are heavily computerized which makes them highly prone to cyberattacks. Many functions in the trains are controlled by programmable logic controllers (PLCs) which make them an attractive target of attacks. By compromising the train’s PLCs, attackers can cause trains to operate in an unsafe environment and even lead to a fatal accident. In this paper, we investigated the current
-
Enhanced models for privacy and utility in continuous-time diffusion networks Int. J. Inf. Secur. (IF 1.494) Pub Date : 2021-01-02 Federica Granese, Daniele Gorla, Catuscia Palamidessi
Controlling the propagation of information in social networks is a problem of growing importance. On one hand, users wish to freely communicate and interact with their peers. On the other hand, the information they spread can bring to harmful consequences if it falls in the wrong hands. There is therefore a trade-off between utility, i.e. reaching as many intended nodes as possible, and privacy, i
-
DEALER: decentralized incentives for threat intelligence reporting and exchange Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-12-09 Florian Menges, Benedikt Putz , Günther Pernul
The exchange of threat intelligence information can make a significant contribution to improving IT security in companies and has become increasingly important in recent years. However, such an exchange also entails costs and risks, preventing many companies from participating. In addition, since legal reporting requirements were introduced in various countries, certain requirements must be taken into
-
Evaluating card-based protocols in terms of execution time Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-11-27 Daiki Miyahara, Itaru Ueda, Yu-ichi Hayashi, Takaaki Mizuki, Hideaki Sone
Card-based cryptography is an attractive and unconventional computation model; it provides secure computing methods using a deck of physical cards. It is noteworthy that a card-based protocol can be easily executed by non-experts such as high school students without the use of any electric device. One of the main goals in this discipline is to develop efficient protocols. The efficiency has been evaluated
-
An efficient privacy-preserving pay-by-phone system for regulated parking areas Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-11-24 Ricard Borges, Francesc Sebé
Traditional pay-and-display ticket machines are currently coexisting, but will probably be replaced in the near future, with pay-by-phone applications. Such applications facilitate the payment for parking in regulated areas. Companies providing this service collect and manage information about all the parking transactions performed by drivers. That information is very sensitive and can be used to generate
-
Attribute-based encryption and sticky policies for data access control in a smart home scenario: a comparison on networked smart object middleware Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-11-23 Sabrina Sicari, Alessandra Rizzardi, Gianluca Dini, Pericle Perazzo, Michele La Manna, Alberto Coen-Porisini
Regulating the access to the Internet of Things (IoT) network’s resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions proposed in the literature to cope with the aforementioned
-
Password-authenticated searchable encryption Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-11-22 Liqun Chen, Kaibin Huang, Mark Manulis, Venkkatesh Sekar
We introduce Password Authenticated Searchable Encryption (PASE), a novel searchable encryption scheme where a single human-memorizable password can be used to outsource (encrypted) data with associated keywords to a group of servers and later retrieve this data through the encrypted keyword search procedure. PASE ensures that only the legitimate user who knows the initially registered password can
-
A context-centered methodology for IoT forensic investigations Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-11-10 Juan Manuel Castelo Gómez, Javier Carrillo Mondéjar, José Roldán Gómez, José Luis Martínez Martínez
The weakness of the security measures implemented on Internet of Things (IoT) devices, added to the sensitivity of the data that they handle, has created an attractive environment for cybercriminals to carry out attacks. This has caused a substantial increase in the number of cyberincidents, requiring the opening of digital investigations in order to shed light on what has occurred. However, the characteristics
-
Risk assessment of cyber-attacks on telemetry-enabled cardiac implantable electronic devices (CIED) Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-10-07 Mikaëla Ngamboé, Paul Berthier, Nader Ammari, Katia Dyrda, José M. Fernandez
Cardiac implantable electronic devices (CIED) are vulnerable to radio frequency (RF) cyber-attacks. Besides, CIED communicate with medical equipment whose telemetry capabilities and IP connectivity are creating new entry points that may be used by attackers. Therefore, it remains crucial to perform a cybersecurity risk assessment of CIED and the systems they rely on to determine the gravity of threats
-
PageDumper: a mechanism to collect page table manipulation information at run-time Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-09-01 Trushna Parida, Suvrojit Das
The state-of-the-art contributions in the area of memory forensics are centered around uncovering potentially hidden processes, control flow and code pointer integrity manipulations and detecting malicious code injections done by attackers. At the same time, deployment of memory protection mechanisms like control flow integrity, data execution prevention/no-execute, address space layout randomization
-
A blockchain-based medical data preservation scheme for telecare medical information systems Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-08-30 Tian-Fu Lee, Hong-Ze Li, Yi-Pei Hsieh
With rapid technological development, mobile computing and wireless transmission have become mature. These two technologies can be combined for sharing medical records on social networks, but doing so depends on the secure sharing of a patient’s data between Pervasive Social Network (PSN) nodes. Previous research has revealed that most human sensors cannot support very heavy computation, so the computation
-
A trust model for popular smart home devices Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-08-29 Davide Ferraris, Daniel Bastos, Carmen Fernandez-Gago, Fadi El-Moussa
Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others. There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies
-
DeTRACT: a decentralized, transparent, immutable and open PKI certificate framework Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-08-27 Thomas Sermpinis, George Vlahavas, Konstantinos Karasavvas, Athena Vakali
Public key infrastructure (PKI) is widely used over the Internet to secure and to encrypt communication among parties. PKI involves digital certificates which are managed by certificate authorities (CAs) that authenticate users identity, in order to establish encrypted communication channels. The centralized operation model of CAs has already caused several targeted attacks due to the distribution
-
K maximum probability attack paths generation algorithm for target nodes in networked systems Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-08-18 Kun Bi, Dezhi Han, Guichen Zhang, Kuan-Ching Li, Aniello Castiglione
As known, security system administrators need to be aware of the security risks and abnormal behaviors in a network system. Given the exploitation probability value of each vulnerability, the cumulative probability of an attack path from an attacker to a target node can be quantified and calculated, namely as the K maximum probability attack paths for a target node. It is proposed in this paper a design
-
Enhancing spatial and temporal utilities in differentially private moving objects database release Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-07-24 Fatemeh Deldar, Mahdi Abadi
The pervasive use of mobile technologies and GPS-equipped vehicles has resulted in a large number of moving objects databases. Privacy protection is one of the most significant challenges related to moving objects databases because of the legal requirements in many application domains. Over the last few years, several differentially private mechanisms have been proposed for moving objects databases
-
A quantitative assessment of security risks based on a multifaceted classification approach Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-07-20 Mouna Jouini, Latifa Ben Arfa Rabai, Ridha Khedri
Information systems and cloud computing infrastructures are frequently exposed to various types of threats. Without detection and prevention mechanisms, the threats can materialize and cause different types of damages that usually lead to significant financial losses. The threats arise from a complex and multifaceted environment. Currently, organizations are struggling to identify the threats to their
-
A secure architecture for TCP/UDP-based cloud communications Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-07-07 Abu Faisal, Mohammad Zulkernine
Cloud communication is an intrinsic aspect of cloud architecture. It is an internet-based communication that enables access to millions of cloud services. These services are provided using TCP/UDP-based communications and protected by traditional security protocols (e.g., SSL/ TLS/DTLS). However, security threats in cloud communications become the most serious issue nowadays. To address some of the
-
Improving the security of direct anonymous attestation under host corruptions Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-07-02 Hyoseung Kim, Kwangsu Lee, Jong Hwan Park, Dong Hoon Lee
Direct anonymous attestation (DAA) enables a platform including a trusted platform module (TPM) to produce a signature in order to remotely attest that it is in a certified state while preserving its anonymity. A main feature of DAA is that a TPM and a host together act as a signer, where the TPM is less powerful but trustworthy, whereas the host is more powerful but vulnerable to corruptions. Although
-
Additional kernel observer: privilege escalation attack prevention mechanism focusing on system call privilege changes Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-25 Toshihiro Yamauchi, Yohei Akao, Ryota Yoshitani, Yuichi Nakamura, Masaki Hashimoto
Cyberattacks, especially attacks that exploit operating system vulnerabilities, have been increasing in recent years. In particular, if administrator privileges are acquired by an attacker through a privilege escalation attack, the attacker can operate the entire system and cause serious damage. In this paper, we propose an additional kernel observer (AKO) that prevents privilege escalation attacks
-
Anti-BlUFf: towards counterfeit mitigation in IC supply chains using blockchain and PUF Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-25 Leonardo Aniello, Basel Halak, Peter Chai, Riddhi Dhall, Mircea Mihalea, Adrian Wilczynski
The complexity of today’s integrated circuit (IC) supply chain, organised in several tiers and including many companies located in different countries, makes it challenging to assess the history and integrity of procured ICs. This enables malicious practices like counterfeiting and insertion of back doors, which are extremely dangerous, especially in supply chains of ICs for industrial control systems
-
Efficient attribute-based encryption with repeated attributes optimization Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-24 Fawad Khan, Hui Li, Yinghui Zhang, Haider Abbas, Tahreem Yaqoob
Internet of Things (IoT) is an integration of various technologies to provide technological enhancements. To enforce access control on low power operated battery constrained devices is a challenging issue in IoT scenarios. Attribute-based encryption (ABE) has emerged as an access control mechanism to allow users to encrypt and decrypt data based on an attributes policy. However, to accommodate the
-
A novel scalable intrusion detection system based on deep learning Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-15 Soosan Naderi Mighan, Mohsen Kahani
This paper successfully tackles the problem of processing a vast amount of security related data for the task of network intrusion detection. It employs Apache Spark, as a big data processing tool, for processing a large size of network traffic data. Also, we propose a hybrid scheme that combines the advantages of deep network and machine learning methods. Initially, stacked autoencoder network is
-
Anonymity in traceable cloud data broadcast system with simultaneous individual messaging Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-16 Mriganka Mandal
Internet of Things (IoT) and cloud computing are separate emerging paradigms, which are both an indispensable part of numerous ubiquitous devices that are connected to our life via the Internet. Their enactment and effectiveness are presumed to be more and more pervasive, making them essential ingredients of the Future Internet. Cloud data broadcast system is a novel framework where the advancement
-
Combining behavioral biometrics and session context analytics to enhance risk-based static authentication in web applications Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-16 Jesus Solano, Luis Camacho, Alejandro Correa, Claudio Deiro, Javier Vargas, Martín Ochoa
The fragility of password-based authentication has been recognized and studied for several decades. It is an increasingly common industry practice to profile users based on their sessions context, such as IP ranges and Browser type in order to build a risk profile on an incoming authentication attempt. On the other hand, behavioral dynamics such as mouse and keyword features have been proposed in the
-
MalFamAware: automatic family identification and malware classification through online clustering Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-16 Gregorio Pitolli, Giuseppe Laurenza, Leonardo Aniello, Leonardo Querzoni, Roberto Baldoni
The skyrocketing growth rate of new malware brings novel challenges to protect computers and networks. Discerning truly novel malware from variants of known samples is a way to keep pace with this trend. This can be done by grouping known malware in families by similarity and classifying new samples into those families. As malware and their families evolve over time, approaches based on classifiers
-
Using homomorphic encryption for privacy-preserving clustering of intrusion detection alerts Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-06-13 Georgios Spathoulas, Georgios Theodoridis, Georgios-Paraskevas Damiris
Cyber-security attacks are becoming more frequent and more severe day by day. To detect the execution of such attacks, organizations install intrusion detection systems. It would be beneficial for such organizations to collaborate, to better assess the severity and the importance of each detected attack. On the other hand, it is very difficult for them to exchange data, such as network traffic or intrusion
-
Evaluating visualization approaches to detect abnormal activities in network traffic data Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-05-22 Soo-Yeon Ji, Bong-Keun Jeong, Dong Hyun Jeong
Designing innovative approaches to detect intrusive network activities is considered as one of the most significant research topics in network security. Various computational methods are proposed to discover unknown attacks, but validating suspicious activities and understanding their unique characteristics are still difficult. To address this limitation, several visualization systems have been designed
-
A wrinkle in time: a case study in DNS poisoning Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-05-15 Harel Berger, Amit Z. Dvir, Moti Geva
The domain name system (DNS) provides a translation between readable domain names and IP addresses. The DNS is a key infrastructure component of the Internet and a prime target for a variety of attacks. One of the most significant threats to DNS’ well-being is a DNS poisoning attack in which the DNS responses are maliciously replaced, or poisoned, by an attacker. To identify this kind of attack, we
-
Studying lattice reduction algorithms improved by quick reordering technique Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-05-13 Yuntao Wang, Tsuyoshi Takagi
Under the threat of quantum computers’ expected powerful computational capacity, the study on post-quantum cryptography is becoming urgent nowadays. Lattice-based cryptography is one of the most promising candidates of post-quantum cryptography. To give a secure instantiation for practical applications, it is necessary to understand the complexity of the best-known attacks. Most of the attacks to lattice-based
-
Cyber security in New Space Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-05-12 M. Manulis, C. P. Bridges, R. Harrison, V. Sekar, A. Davis
Developments in technologies, attitudes and investment are transforming the space environment, achieving greater accessibility for an increasing number of parties. New and proposed constellations will increase the in-orbit satellite population by the order of thousands, expanding the threat landscape of the space industry. This article analyses past satellite security threats and incidents to assess
-
ChoKIFA+: an early detection and mitigation approach against interest flooding attacks in NDN Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-05-08 Abdelmadjid Benarfa, Muhammad Hassan, Eleonora Losiouk, Alberto Compagno, Mohamed Bachir Yagoubi, Mauro Conti
Several ongoing research efforts aim to design potential Future Internet Architectures, among which Named-Data Networking (NDN) introduces a shift from the existing host-centric Internet Protocol-based Internet infrastructure towards a content-oriented one. However, researchers have identified some design limitations in NDN, among which some enable to build up a new type of Distributed Denial of Service
-
An SDN approach to detect targeted attacks in P2P fully connected overlays Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-05-02 Cristóbal Medina-López, L. G. Casado, Vicente González-Ruiz, Yuansong Qiao
Pollution attacks are one of the major concerns facing P2P networks. They have a tremendous impact on push-based fully connected overlays, in which each peer receives an exclusive chunk from the source and is also the only one responsible for relaying it to the rest of the peers. In this study, we propose a novel technique to identify and expel malicious peers which involves using trusted peers, software-defined
-
Risk model development for information security in organization environment based on business perspectives Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-04-19 Prajna Deshanta Ibnugraha, Lukito Edi Nugroho, Paulus Insap Santosa
Digital information plays an essential role in supporting organizational business. However, incidents of sensitive information leakage often happen in organization environment. Therefore, risk analysis needs to be performed to recognize the impact of information security threat in organization. In order to carry out those risk analyses, risk model is needed to map risk of information security threat
-
Cryptanalysis of a non-interactive deniable ring signature scheme Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-04-11 Huiwen Jia, Chunming Tang
A ring signature scheme allows a signer to sign a message anonymously, while the deniable ring signature scheme, introduced by Komano et al., guarantees that the signer should be involved in opening the signer anonymity. Gao et al. proposed the first lattice-based deniable ring signature scheme and claimed that their scheme satisfies the following security requirements: anonymity, traceability and
-
Secure and efficient wildcard search over encrypted data Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-03-30 Sanjit Chatterjee, Manish Kesarwani, Jayam Modi, Sayantan Mukherjee, Shravan Kumar Parshuram Puria, Akash Shah
In this work, we investigate the problem of secure wildcard search over encrypted data. The setting comprises of three entities, viz. the data owner, the server and the client. The data owner outsources the encrypted data to the server, who obliviously services the clients’ queries. We first analyze efficiency and security of two recent proposals from International Journal of Information Security,
-
Obfuscated integration of software protections Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-03-18 Jens Van den Broeck, Bart Coppens, Bjorn De Sutter
To counter man-at-the-end attacks such as reverse engineering and tampering, software is often protected with techniques that require support modules to be linked into the application. It is well known, however, that attackers can exploit the modular nature of applications and their protections to speed up the identification and comprehension process of the relevant code, the assets, and the applied
-
On the insecurity of quantum Bitcoin mining Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-03-14 Or Sattath
Grover’s algorithm confers on quantum computers a quadratic advantage over classical computers for searching in an arbitrary data set, a scenario that describes Bitcoin mining. It has previously been argued that the only side effect of quantum mining would be an increased difficulty. In this work, we argue that a crucial argument in the analysis of Bitcoin security breaks down when quantum mining is
-
NSDroid: efficient multi-classification of android malware using neighborhood signature in local function call graphs Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-03-12 Pengfei Liu, Weiping Wang, Xi Luo, Haodong Wang, Chushu Liu
With the rapid development of mobile Internet, Android applications are used more and more in people’s daily life. While bringing convenience and making people’s life smarter, Android applications also face much serious security and privacy issues, e.g., information leakage and monetary loss caused by malware. Detection and classification of malware have thus attracted much research attention in recent
-
Do not let Next-Intent Vulnerability be your next nightmare: type system-based approach to detect it in Android apps Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-03-06 Mohamed A. El-Zawawy, Eleonora Losiouk, Mauro Conti
Android is currently the most widespread operating system (OS) worldwide, but also the most prone to attacks. Despite the challenges faced by Industry and Academia to improve the Android OS security, it still has several vulnerabilities. Among those, the severity of the Next-Intent Vulnerability (NIV) can be immediately grasped. Android apps are made of components, which by default are private and
-
Measuring and visualizing cyber threat intelligence quality Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-03-02 Daniel Schlette, Fabian Böhm, Marco Caselli, Günther Pernul
The very raison d’être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can
-
Strong leakage-resilient encryption: enhancing data confidentiality by hiding partial ciphertext Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-02-12 Jia Xu, Jianying Zhou
Leakage-resilient encryption is a powerful tool to protect data confidentiality against side channel attacks. In this work, we introduce a new and strong leakage setting to counter backdoor (or Trojan horse) plus covert channel attack, by relaxing the restrictions on leakage. We allow bounded leakage at anytime and anywhere and over anything. Our leakage threshold (e.g., 10,000 bits) could be much
-
Toward a blockchain-based framework for challenge-based collaborative intrusion detection Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-02-11 Wenjuan Li, Yu Wang, Jin Li, Man Ho Au
Network intrusions are a big threat to network and system assets, which have become more complex to date. To enhance the detection performance, collaborative intrusion detection networks (CIDNs) are adopted by many organizations to protect their resources. However, such detection systems or networks are typically vulnerable to insider attacks, so that there is a need to implement suitable trust mechanisms
-
Secure and collusion-resistant data aggregation from convertible tags Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-01-29 Iraklis Leontiadis, Ming Li
The progress in communication and hardware technology increases the computational capabilities of personal devices. Aggregators, acting as third parties, are interested in learning a statistical function as the sum over a census of data. Users are reluctant to reveal their information in cleartext, since it is treated as personal sensitive information. The paradoxical paradigm of preserving the privacy
-
Public data integrity auditing without homomorphic authenticators from indistinguishability obfuscation Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-01-23 Lixue Sun, Chunxiang Xu, Yuan Zhang, Kefei Chen
Cloud storage services allow users to outsource their data to remote cloud servers to relieve from the burden of local data storage and maintenance. Despite the benefits, data outsourcing has also made the data integrity protection in cloud storage a very challenging issue. Plenty of public auditing schemes have been proposed, which allow a third-party auditor to check the data integrity on behalf
-
A language and a pattern system for temporal property specification: advanced metering infrastructure case study Int. J. Inf. Secur. (IF 1.494) Pub Date : 2020-01-09 Tina Tavizi, Mehdi Shajari
Ensuring the satisfaction of security requirements is one of the most vital needs in developing different types of systems. Therefore, it is necessary to apply a method to accurately define security requirements and then, verify them in the design phase before starting system development. One of the key information security requirements is availability of system functionalities for authorized users
-
Lightweight multi-factor mutual authentication protocol for IoT devices Int. J. Inf. Secur. (IF 1.494) Pub Date : 2019-12-13 Reem Melki, Hassan N. Noura, Ali Chehab
The Internet-of-Things (IoT), which refers to the interconnection of heterogeneous devices, has gained a lot of interest lately, and it witnessed a large growth in the number of IoT devices due to the importance of such systems in today’s communication networks. On the other hand, the authentication of entities (devices) is a major concern and a main security challenge in IoT systems since any weakness