-
Use of SHDM in commutative watermarking encryption EURASIP J. Info. Secur. Pub Date : 2021-01-05 Roland Schmitz
SHDM stands for Sphere-Hardening Dither Modulation and is a watermarking algorithm based on quantizing the norm of a vector extracted from the cover work. We show how SHDM can be integrated into a fully commutative watermarking-encryption scheme and investigate implementations in the spatial, DCT, and DWT domain with respect to their fidelity, robustness, capacity, and security of encryption. The watermarking
-
Smooth adversarial examples EURASIP J. Info. Secur. Pub Date : 2020-11-17 Hanwei Zhang; Yannis Avrithis; Teddy Furon; Laurent Amsaleg
This paper investigates the visual quality of the adversarial examples. Recent papers propose to smooth the perturbations to get rid of high frequency artifacts. In this work, smoothing has a different meaning as it perceptually shapes the perturbation according to the visual content of the image to be attacked. The perturbation becomes locally smooth on the flat areas of the input image, but it may
-
A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm EURASIP J. Info. Secur. Pub Date : 2020-08-18 Oluwakemi Christiana Abikoye; Abdullahi Abubakar; Ahmed Haruna Dokoro; Oluwatobi Noah Akande; Aderonke Anthonia Kayode
Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents
-
Scalable, efficient, and secure RFID with elliptic curve cryptosystem for Internet of Things in healthcare environment EURASIP J. Info. Secur. Pub Date : 2020-07-29 Davood Noori; Hassan Shakeri; Masood Niazi Torshiz
The rapid development of IoT technology has led to the usage of various devices in our daily life. Along with the ever-increasing rise of the Internet of Things, the use of appropriate methods for establishing secure communications in health care systems is vital. The adoption of high-security optimal mechanisms for this purpose has been more effective regarding the efficiency of medical information
-
Trembling triggers: exploring the sensitivity of backdoors in DNN-based face recognition EURASIP J. Info. Secur. Pub Date : 2020-06-23 Cecilia Pasquini; Rainer Böhme
Backdoor attacks against supervised machine learning methods seek to modify the training samples in such a way that, at inference time, the presence of a specific pattern (trigger) in the input data causes misclassifications to a target class chosen by the adversary. Successful backdoor attacks have been presented in particular for face recognition systems based on deep neural networks (DNNs). These
-
Reversible data hiding for binary images based on adaptive overlapping pattern EURASIP J. Info. Secur. Pub Date : 2020-06-01 Keming Dong; Hyoung Joong Kim; Xiaohan Yu; Xiaoqing Feng
Pattern substitution (PS) method (Ho et al., Comput. Stand. Interfaces 31:787–794, 2009) is a recent reversible data hiding method for binary images. It generates one pattern pair, the patterns in which are called PM and PF, and substitutes between them to embed one bit. Two types of PS have been proposed: non-overlapping PS and overlapping PS. However, Dong et al. (ETRI J. 37:990–1000, 2015) states
-
Machine learning through cryptographic glasses: combating adversarial attacks by key-based diversified aggregation. EURASIP J. Info. Secur. Pub Date : 2020-06-01 Olga Taran,Shideh Rezaeifar,Taras Holotyak,Slava Voloshynovskiy
In recent years, classification techniques based on deep neural networks (DNN) were widely used in many fields such as computer vision, natural language processing, and self-driving cars. However, the vulnerability of the DNN-based classification systems to adversarial attacks questions their usage in many critical applications. Therefore, the development of robust DNN-based classifiers is a critical
-
ELSA: efficient long-term secure storage of large datasets (full version) ∗ EURASIP J. Info. Secur. Pub Date : 2020-05-27 Philipp Muth; Matthias Geihs; Tolga Arul; Johannes Buchmann; Stefan Katzenbeisser
An increasing amount of information today is generated, exchanged, and stored digitally. This also includes long-lived and highly sensitive information (e.g., electronic health records, governmental documents) whose integrity and confidentiality must be protected over decades or even centuries. While there is a vast amount of cryptography-based data protection schemes, only few are designed for long-term
-
IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process EURASIP J. Info. Secur. Pub Date : 2020-05-26 Kamalanathan Kandasamy; Sethuraman Srinivas; Krishnashree Achuthan; Venkat P. Rangan
Security vulnerabilities of the modern Internet of Things (IoT) systems are unique, mainly due to the complexity and heterogeneity of the technology and data. The risks born out of these IoT systems cannot easily fit into an existing risk framework. There are many cybersecurity risk assessment approaches and frameworks that are under deployment in many governmental and commercial organizations. Extending
-
Low-cost data partitioning and encrypted backup scheme for defending against co-resident attacks EURASIP J. Info. Secur. Pub Date : 2020-05-24 Junfeng Tian; Zilong Wang; Zhen Li
Aiming at preventing user data leakage and the damage that is caused by co-resident attacks in the cloud environment, a data partitioning and encryption backup (P&XE) scheme is proposed. After the data have been divided into blocks, the data are backed up using the XOR operation between the data. Then, the backup data are encrypted using a random string. Compared with the existing scheme, the proposed
-
Swapped face detection using deep learning and subjective assessment EURASIP J. Info. Secur. Pub Date : 2020-05-19 Xinyi Ding; Zohreh Raziei; Eric C. Larson; Eli V. Olinick; Paul Krueger; Michael Hahsler
The tremendous success of deep learning for imaging applications has resulted in numerous beneficial advances. Unfortunately, this success has also been a catalyst for malicious uses such as photo-realistic face swapping of parties without consent. In this study, we use deep transfer learning for face swapping detection, showing true positive rates greater than 96% with very few false alarms. Distinguished
-
Deep neural rejection against adversarial examples EURASIP J. Info. Secur. Pub Date : 2020-04-07 Angelo Sotgiu; Ambra Demontis; Marco Melis; Battista Biggio; Giorgio Fumera; Xiaoyi Feng; Fabio Roli
Despite the impressive performances reported by deep neural networks in different application domains, they remain largely vulnerable to adversarial examples, i.e., input samples that are carefully perturbed to cause misclassification at test time. In this work, we propose a deep neural rejection mechanism to detect adversarial examples, based on the idea of rejecting samples that exhibit anomalous
-
Evaluation of stability of swipe gesture authentication across usage scenarios of mobile device EURASIP J. Info. Secur. Pub Date : 2020-03-17 Elakkiya Ellavarason; Richard Guest; Farzin Deravi
User interaction with a mobile device predominantly consists of touch motions, otherwise known as swipe gestures, which are used as a behavioural biometric modality to verify the identity of a user. Literature reveals promising verification accuracy rates for swipe gesture authentication. Most of the existing studies have considered constrained environment in their experimental set-up. However, real-life
-
Understanding visual lip-based biometric authentication for mobile devices EURASIP J. Info. Secur. Pub Date : 2020-03-12 Carrie Wright; Darryl William Stewart
This paper explores the suitability of lip-based authentication as a behavioural biometric for mobile devices. Lip-based biometric authentication is the process of verifying an individual based on visual information taken from the lips while speaking. It is particularly suited to mobile devices because it contains unique information; its potential for liveness over existing popular biometrics such
-
Keystroke biometrics in the encrypted domain: a first study on search suggestion functions of web search engines EURASIP J. Info. Secur. Pub Date : 2020-02-21 Nicholas Whiskerd; Nicklas Körtge; Kris Jürgens; Kevin Lamshöft; Salatiel Ezennaya-Gomez; Claus Vielhauer; Jana Dittmann; Mario Hildebrandt
A feature of search engines is prediction and suggestion to complete or extend input query phrases, i.e. search suggestion functions (SSF). Given the immediate temporal nature of this functionality, alongside the character submitted to trigger each suggestion, adequate data is provided to derive keystroke features. The potential of such biometric features to be used in identification and tracking poses
-
Combining PRNU and noiseprint for robust and efficient device source identification EURASIP J. Info. Secur. Pub Date : 2020-02-12 Davide Cozzolino; Francesco Marra; Diego Gragnaniello; Giovanni Poggi; Luisa Verdoliva
PRNU-based image processing is a key asset in digital multimedia forensics. It allows for reliable device identification and effective detection and localization of image forgeries, in very general conditions. However, performance impairs significantly in challenging conditions involving low quality and quantity of data. These include working on compressed and cropped images or estimating the camera
-
Long-term integrity protection of genomic data EURASIP J. Info. Secur. Pub Date : 2019-10-29 Johannes Buchmann; Matthias Geihs; Kay Hamacher; Stefan Katzenbeisser; Sebastian Stammler
Genomic data is crucial in the understanding of many diseases and for the guidance of medical treatments. Pharmacogenomics and cancer genomics are just two areas in precision medicine of rapidly growing utilization. At the same time, whole-genome sequencing costs are plummeting below $ 1000, meaning that a rapid growth in full-genome data storage requirements is foreseeable. While privacy protection
-
Multi-layer intrusion detection system with ExtraTrees feature selection, extreme learning machine ensemble, and softmax aggregation EURASIP J. Info. Secur. Pub Date : 2019-10-22 Jivitesh Sharma; Charul Giri; Ole-Christoffer Granmo; Morten Goodwin
Recent advances in intrusion detection systems based on machine learning have indeed outperformed other techniques, but struggle with detecting multiple classes of attacks with high accuracy. We propose a method that works in three stages. First, the ExtraTrees classifier is used to select relevant features for each type of attack individually for each (ELM). Then, an ensemble of ELMs is used to detect
-
Managing confidentiality leaks through private algorithms on Software Guard eXtensions (SGX) enclaves EURASIP J. Info. Secur. Pub Date : 2019-09-05 Kubilay Ahmet Küçük; David Grawrock; Andrew Martin
Many applications are built upon private algorithms, and executing them in untrusted, remote environments poses confidentiality issues. To some extent, these problems can be addressed by ensuring the use of secure hardware in the execution environment; however, an insecure software-stack can only provide limited algorithm secrecy. This paper aims to address this problem, by exploring the components
-
Situation prediction of large-scale Internet of Things network security EURASIP J. Info. Secur. Pub Date : 2019-08-28 Wenjun Yang; Jiaying Zhang; Chundong Wang; Xiuliang Mo
The Internet of Things (IoT) is a new technology rapidly developed in various fields in recent years. With the continuous application of the IoT technology in production and life, the network security problem of IoT is increasingly prominent. In order to meet the challenges brought by the development of IoT technology, this paper focuses on network security situational awareness. The network security
-
Fingerprint template protection using minutia-pair spectral representations EURASIP J. Info. Secur. Pub Date : 2019-08-27 Taras Stanko; Bin Chen; Boris Škorić
Storage of biometric data requires some form of template protection in order to preserve the privacy of people enrolled in a biometric database. One approach is to use a Helper Data System. Here it is necessary to transform the raw biometric measurement into a fixed-length representation. In this paper, we extend the spectral function approach of Stanko and Škorić (IEEE Workshop on Information Forensics
-
Crowdsourcing for click fraud detection EURASIP J. Info. Secur. Pub Date : 2019-07-22 Riwa Mouawi; Imad H. Elhajj; Ali Chehab; Ayman Kayssi
Mobile ads are plagued with fraudulent clicks which is a major challenge for the advertising community. Although popular ad networks use many techniques to detect click fraud, they do not protect the client from possible collusion between publishers and ad networks. In addition, ad networks are not able to monitor the user’s activity for click fraud detection once they are redirected to the advertising
-
Fine-grain watermarking for intellectual property protection EURASIP J. Info. Secur. Pub Date : 2019-07-12 Stefano Giovanni Rizzo; Flavio Bertini; Danilo Montesi
The current online digital world, consisting of thousands of newspapers, blogs, social media, and cloud file sharing services, is providing easy and unlimited access to a large treasure of text contents. Making copies of these text contents is simple and virtually costless. As a result, producers and owners of text content are interested in the protection of their intellectual property (IP) rights
-
Towards the application of recommender systems to secure coding EURASIP J. Info. Secur. Pub Date : 2019-06-13 Fitzroy D. Nembhard; Marco M. Carvalho; Thomas C. Eskridge
Secure coding is crucial for the design of secure and efficient software and computing systems. However, many programmers avoid secure coding practices for a variety of reasons. Some of these reasons are lack of knowledge of secure coding standards, negligence, and poor performance of and usability issues with existing code analysis tools. Therefore, it is essential to create tools that address these
-
A new method of generating hard random lattices with short bases EURASIP J. Info. Secur. Pub Date : 2019-06-10 Chengli Zhang; Wenping Ma; Hefeng Chen; Feifei Zhao
This paper first gives a regularity theorem and its corollary. Then, a new construction of generating hard random lattices with short bases is obtained by using this corollary. This construction is from a new perspective and uses a random matrix whose entries obeyed Gaussian sampling which ensures that the corresponding schemes have a wider application future in cryptography area. Moreover, this construction
-
Metadata filtering for user-friendly centralized biometric authentication EURASIP J. Info. Secur. Pub Date : 2019-06-06 Christian Gehrmann; Marcus Rodan; Niklas Jönsson
While biometric authentication for commercial use so far mainly has been used for local device unlock use cases, there are great opportunities for using it also for central authentication such as for remote login. However, many current biometric sensors like for instance mobile fingerprint sensors have too large false acceptance rate (FAR) not allowing them, for security reasons, to be used in larger
-
Accuracy enhancement of biometric recognition using iterative weights optimization algorithm EURASIP J. Info. Secur. Pub Date : 2019-05-28 Pallavi D. Deshpande; Prachi Mukherji; Anil S. Tavildar
A new approach is proposed to quantitatively evaluate the binary detection performance of the biometric personal recognition systems. The importance of correlation between the overall detection performance and the area under the genuine acceptance rate (GAR) versus false acceptance rate (FAR) graph, commonly known as receiver operating characteristics (ROC) is recognized. Using the ROC curve, relation
-
A deep learning framework for predicting cyber attacks rates EURASIP J. Info. Secur. Pub Date : 2019-05-22 Xing Fang; Maochao Xu; Shouhuai Xu; Peng Zhao
Like how useful weather forecasting is, the capability of forecasting or predicting cyber threats can never be overestimated. Previous investigations show that cyber attack data exhibits interesting phenomena, such as long-range dependence and high nonlinearity, which impose a particular challenge on modeling and predicting cyber attack rates. Deviating from the statistical approach that is utilized
-
Machine learning-based dynamic analysis of Android apps with improved code coverage EURASIP J. Info. Secur. Pub Date : 2019-04-29 Suleiman Y. Yerima; Mohammed K. Alzaylaee; Sakir Sezer
This paper investigates the impact of code coverage on machine learning-based dynamic analysis of Android malware. In order to maximize the code coverage, dynamic analysis on Android typically requires the generation of events to trigger the user interface and maximize the discovery of the run-time behavioral features. The commonly used event generation approach in most existing Android dynamic analysis
-
Spark-based real-time proactive image tracking protection model EURASIP J. Info. Secur. Pub Date : 2019-04-03 Yahong Hu; Xia Sheng; Jiafa Mao; Kaihui Wang; Danhong Zhong
With rapid development of the Internet, images are spreading more and more quickly and widely. The phenomenon of image illegal usage emerges frequently, and this has marked impacts on people’s normal life. Therefore, it is of great importance to protect image security and image owner’s rights. At present, most image protection is passive. Most of the time, only when the images had been used illegally
-
Implementing a blockchain from scratch: why, how, and what we learned EURASIP J. Info. Secur. Pub Date : 2019-03-11 Fabian Knirsch; Andreas Unterweger; Dominik Engel
Blockchains are proposed for many application domains apart from financial transactions. While there are generic blockchains that can be molded for specific use cases, they often lack a lightweight and easy-to-customize implementation. In this paper, we introduce the core concepts of blockchain technology and investigate a real-world use case from the energy domain, where customers trade portions of
-
Transfer learning for detecting unknown network attacks EURASIP J. Info. Secur. Pub Date : 2019-02-21 Juan Zhao; Sachin Shetty; Jan Wei Pan; Charles Kamhoua; Kevin Kwiat
Network attacks are serious concerns in today’s increasingly interconnected society. Recent studies have applied conventional machine learning to network attack detection by learning the patterns of the network behaviors and training a classification model. These models usually require large labeled datasets; however, the rapid pace and unpredictability of cyber attacks make this labeling impossible
-
Detecting data manipulation attacks on physiological sensor measurements in wearable medical systems EURASIP J. Info. Secur. Pub Date : 2018-09-29 Hang Cai; Krishna K. Venkatasubramanian
Recent years have seen the emergence of wearable medical systems (WMS) that have demonstrated great promise for improved health monitoring and overall well-being. Ensuring that these WMS accurately monitor a user’s current health state is crucial. This is especially true in the presence of adversaries who want to mount data manipulation attacks on the WMS. The goal of data manipulation attacks is to
-
A generic integrity verification algorithm of version files for cloud deduplication data storage EURASIP J. Info. Secur. Pub Date : 2018-09-20 Guangwei Xu; Miaolin Lai; Jing Li; Li Sun; Xiujin Shi
Data owners’ outsourced data on cloud data storage servers by the deduplication technique can reduce not only their own storage cost but also cloud’s. This paradigm also introduces new security issues such as the potential threat of data lost or corrupted. Data integrity verification is utilized to safeguard these data integrity. However, the cloud deduplication storage only focuses on file/chunk level
-
HADEC: Hadoop-based live DDoS detection framework EURASIP J. Info. Secur. Pub Date : 2018-07-31 Sufian Hameed; Usman Ali
Distributed denial of service (DDoS) flooding attacks are one of the main methods to destroy the availability of critical online services today. These DDoS attacks cannot be prevented ahead of time, and once in place, they overwhelm the victim with huge volume of traffic and render it incapable of performing normal communication or crashes it completely. Any delays in detecting the flooding attacks
-
Cybersecurity: trends, issues, and challenges EURASIP J. Info. Secur. Pub Date : 2018-07-20 Krzysztof Cabaj; Zbigniew Kotulski; Bogdan Księżopolski; Wojciech Mazurczyk
In today’s Internet-connected world where technologies underpin almost every facet of our society, cybersecurity and forensic specialists are increasingly dealing with wide ranging cyber threats in almost real-time conditions. The capability to detect, analyze, and defend against such threats in near real-time conditions is not possible without employment of threat intelligence, big data, and machine
-
Detection of spoofed and non-spoofed DDoS attacks and discriminating them from flash crowds EURASIP J. Info. Secur. Pub Date : 2018-07-16 Jaideep Gera; Bhanu Prakash Battula
Distributed computing technology is widely used by Internet-based business applications. Supply chain management (SCM), customer relationship management (CRM), e-Commerce, and banking are some of the applications employing distributed computing. These applications are the main target to massive attacks known as distributed denial-of-service (DDoS) that cause a denial of service or degradation of services
-
Towards 5G cellular network forensics EURASIP J. Info. Secur. Pub Date : 2018-07-11 Filipo Sharevski
The fifth generation (5G) of cellular networks will bring 10 Gb/s user speeds, 1000-fold increase in system capacity, and 100 times higher connection density. In response to these requirements, the 5G networks will incorporate technologies like CUPS, NFV, network slicing, and CIoT. Each of these 5G features requires system adaptations to enable acquisition and forensic processing of cellular network
-
Secrecy outage of threshold-based cooperative relay network with and without direct links EURASIP J. Info. Secur. Pub Date : 2018-05-29 Khyati Chopra; Ranjan Bose; Anupam Joshi
In this paper, we investigate the secrecy outage performance of a dual-hop decode-and-forward (DF) threshold-based cooperative relay network, both with and without the direct links between source-eavesdropper and source-destination. Without assuming that all the relays can always perfectly decode, here we consider that only those relays who satisfy predetermined threshold can correctly decode the message
-
OMMA: open architecture for Operator-guided Monitoring of Multi-step Attacks EURASIP J. Info. Secur. Pub Date : 2018-05-02 Julio Navarro; Véronique Legrand; Aline Deruyver; Pierre Parrend
Current attacks are complex and stealthy. The recent WannaCry malware campaign demonstrates that this is true not only for targeted operations, but also for massive attacks. Complex attacks can only be described as a set of individual actions composing a global strategy. Most of the time, different devices are involved in the same attack scenario. Information about the events recorded in these devices
-
POS-originated transaction traces as a source of contextual information for risk management systems in EFT transactions EURASIP J. Info. Secur. Pub Date : 2018-04-27 Albert Sitek; Zbigniew Kotulski
Transaction traces analysis is a key utility for marketing, trend monitoring, and fraud detection purposes. However, they can also be used for designing and verification of contextual risk management systems for card-present transactions. In this paper, we presented a novel approach to collect detailed transaction traces directly from payment terminal. Thanks to that, it is possible to analyze each
-
Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection EURASIP J. Info. Secur. Pub Date : 2018-04-24 Pierre Parrend; Julio Navarro; Fabio Guigou; Aline Deruyver; Pierre Collet
Behind firewalls, more and more cybersecurity attacks are specifically targeted to the very network where they are taking place. This review proposes a comprehensive framework for addressing the challenge of characterising novel complex threats and relevant counter-measures. Two kinds of attacks are particularly representative of this issue: zero-day attacks that are not publicly disclosed and multi-step
-
Security evaluation of Tree Parity Re-keying Machine implementations utilizing side-channel emissions EURASIP J. Info. Secur. Pub Date : 2018-04-13 Jonathan Martínez Padilla; Uwe Meyer-Baese; Simon Foo
In this work, side-channel attacks (SCAs) are considered as a security metric for the implementation of hybrid cryptosystems utilizing the neural network-based Tree Parity Re-Keying Machines (TPM). A virtual study is presented within the MATLAB environment that explores various scenarios in which the TPM may be compromised. Performance metrics are evaluated to model possible embedded system implementations
-
Towards constructive approach to end-to-end slice isolation in 5G networks EURASIP J. Info. Secur. Pub Date : 2018-03-20 Zbigniew Kotulski; Tomasz Wojciech Nowak; Mariusz Sepczuk; Marcin Tunia; Rafal Artych; Krzysztof Bocianiak; Tomasz Osko; Jean-Philippe Wary
Although 5G (fifth generation) networks are still in the realm of ideas, their architecture can be considered as reaching a forming phase. There are several reports and white papers which attempt to precise 5G architectural requirements presenting them from different points of view, including techno-socio-economic impacts and technological constraints. Most of them deal with network slicing aspects
-
A trusted measurement model based on dynamic policy and privacy protection in IaaS security domain EURASIP J. Info. Secur. Pub Date : 2018-02-23 Liangming Wang; Fagui Liu
In Infrastructure as a Service (IaaS) environments, the user virtual machine is the user’s private property. However, in the case of privacy protection, how to ensure the security of files in the user virtual machine and the user virtual machine’s behavior does not affect other virtual machines; it is a major challenge. This paper presents a trusted measurement model based on dynamic policy and privacy
-
Research on fault diagnosis system of hall for workshop of meta-synthetic engineering based on information fusion EURASIP J. Info. Secur. Pub Date : 2017-12-29 Guang Yang; Shuofeng Yu; Shouwen Wen
By analyzing multi-sensor information fusion system and hall for workshop of meta-synthetic engineering (HWME) essentially, a universal information fusion system of HWME based on multi-sensor is put forward. Analyzing the fault diagnosis framework of complex system based on information fusion technique, together with the research on the general process of information fusion synthesis fault diagnosis
-
Research on transmission of technology of downward information security for wellbore trajectory control EURASIP J. Info. Secur. Pub Date : 2017-12-21 Lin DeShu; Feng Ding
Information transmission is an important part of the wellbore trajectory automatic control system. Combined with the characteristics of the guided drilling system, drilling fluid pulse is selected as a tool for trajectory control. Negative pulse transmission of drilling fluid is one of the key technologies to realize wellbore trajectory automatic control. In this paper, the working principle of negative
-
Secure first-price sealed-bid auction scheme EURASIP J. Info. Secur. Pub Date : 2017-11-22 Zhen Guo; Yu Fu; Chunjie Cao
In modern times, people have paid more attention to their private information. The data confidentiality is very important in many economic aspects. In this paper, we proposed a secure auction system, in which the bids will not be revealed, and no one can fake the winning identity and the winner cannot change the winning bid. The communication cost of our scheme is low; only two rounds communication
-
VISION: a video and image dataset for source identification EURASIP J. Info. Secur. Pub Date : 2017-10-03 Dasara Shullani; Marco Fontani; Massimo Iuliani; Omar Al Shaya; Alessandro Piva
Forensic research community keeps proposing new techniques to analyze digital images and videos. However, the performance of proposed tools are usually tested on data that are far from reality in terms of resolution, source device, and processing history. Remarkably, in the latest years, portable devices became the preferred means to capture images and videos, and contents are commonly shared through
-
Byzantine set-union consensus using efficient set reconciliation EURASIP J. Info. Secur. Pub Date : 2017-07-27 Florian Dold; Christian Grothoff
Applications of secure multiparty computation such as certain electronic voting or auction protocols require Byzantine agreement on large sets of elements. Implementations proposed in the literature so far have relied on state machine replication and reach agreement on each individual set element in sequence. We introduce set-union consensus, a specialization of Byzantine consensus that reaches agreement
-
A new approach for managing Android permissions: learning users’ preferences EURASIP J. Info. Secur. Pub Date : 2017-07-12 Arnaud Oglaza; Romain Laborde; Pascale Zaraté; Abdelmalek Benzekri; François Barrère
Today, permissions management solutions on mobile devices employ Identity Based Access Control (IBAC) models. If this approach was suitable when people had only a few games (like Snake or Tetris) installed on their mobile phones, the current situation is different. A survey from Google in 2013 showed that, on average, french users have installed 32 applications on their Android smartphones. As a result
-
Selection of Pareto-efficient response plans based on financial and operational assessments EURASIP J. Info. Secur. Pub Date : 2017-07-10 Alexander Motzek; Gustavo Gonzalez-Granadillo; Hervé Debar; Joaquin Garcia-Alfaro; Ralf Möller
Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact of an attack irregardless of side effects caused by responses. In order to achieve a comprehensive yet accurate response to possible and ongoing attacks on a managed ICT system, we propose an
-
Hybrid focused crawling on the Surface and the Dark Web EURASIP J. Info. Secur. Pub Date : 2017-07-04 Christos Iliou; George Kalpakis; Theodora Tsikrika; Stefanos Vrochidis; Ioannis Kompatsiaris
Focused crawlers enable the automatic discovery of Web resources about a given topic by automatically navigating through the Web link structure and selecting the hyperlinks to follow by estimating their relevance to the topic of interest. This work proposes a generic focused crawling framework for discovering resources on any given topic that reside on the Surface or the Dark Web. The proposed crawler
-
Sensor Guardian: prevent privacy inference on Android sensors EURASIP J. Info. Secur. Pub Date : 2017-06-08 Xiaolong Bai; Jie Yin; Yu-Ping Wang
Privacy inference attacks based on sensor data is an emerging and severe threat on smart devices, in which malicious applications leverage data from innocuous sensors to infer sensitive information of user, e.g., utilizing accelerometers to infer user’s keystroke. In this paper, we present Sensor Guardian, a privacy protection system that mitigates this threat on Android by hooking and controlling
-
On the use of watermark-based schemes to detect cyber-physical attacks EURASIP J. Info. Secur. Pub Date : 2017-06-02 Jose Rubio-Hernan; Luca De Cicco; Joaquin Garcia-Alfaro
We address security issues in cyber-physical systems (CPSs). We focus on the detection of attacks against cyber-physical systems. Attacks against these systems shall be handled both in terms of safety and security. Networked-control technologies imposed by industrial standards already cover the safety dimension. However, from a security standpoint, using only cyber information to analyze the security
-
Pattern matching of signature-based IDS using Myers algorithm under MapReduce framework EURASIP J. Info. Secur. Pub Date : 2017-06-02 Monther Aldwairi; Ansam M. Abu-Dalo; Moath Jarrah
The rapid increase in wired Internet speed and the constant growth in the number of attacks make network protection a challenge. Intrusion detection systems (IDSs) play a crucial role in discovering suspicious activities and also in preventing their harmful impact. Existing signature-based IDSs have significant overheads in terms of execution time and memory usage mainly due to the pattern matching
-
An artificial immunity approach to malware detection in a mobile platform EURASIP J. Info. Secur. Pub Date : 2017-03-27 James Brown; Mohd Anwar; Gerry Dozier
Inspired by the human immune system, we explore the development of a new Multiple-Detector Set Artificial Immune System (mAIS) for the detection of mobile malware based on the information flows in Android apps. mAISs differ from conventional AISs in that multiple-detector sets are evolved concurrently via negative selection. Typically, the first detector set is composed of detectors that match information
-
Multi-resolution privacy-enhancing technologies for smart metering EURASIP J. Info. Secur. Pub Date : 2017-03-20 Fabian Knirsch; Günther Eibl; Dominik Engel
The availability of individual load profiles per household in the smart grid end-user domain combined with non-intrusive load monitoring to infer personal data from these load curves has led to privacy concerns. Privacy-enhancing technologies have been proposed to address these concerns. In this paper, the extension of privacy-enhancing technologies by wavelet-based multi-resolution analysis (MRA)
-
Anomaly detection through information sharing under different topologies EURASIP J. Info. Secur. Pub Date : 2017-02-28 Lazaros K. Gallos; Maciej Korczyński; Nina H. Fefferman
Early detection of traffic anomalies in networks increases the probability of effective intervention/mitigation actions, thereby improving the stability of system function. Centralized methods of anomaly detection are subject to inherent constraints: (1) they create a communication burden on the system, (2) they impose a delay in detection while information is being gathered, and (3) they require some
-
Honeypots and honeynets: issues of privacy EURASIP J. Info. Secur. Pub Date : 2017-02-28 Pavol Sokol; Jakub Míšek; Martin Husák
Honeypots and honeynets are popular tools in the area of network security and network forensics. The deployment and usage of these tools are influenced by a number of technical and legal issues, which need to be carefully considered. In this paper, we outline the privacy issues of honeypots and honeynets with respect to their technical aspects. The paper discusses the legal framework of privacy and
Contents have been reproduced by permission of the publishers.