Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1066
Статья научная
Evaluating the security of software systems is a complex problem for the research communities due to the multifaceted and complex operational environment of the system involved. Many efforts towards the secure system development methodologies like secSDLC by Microsoft have been made but the measurement scale on which the security can be measured got least success. As with a shift in the nature of software development from standalone applications to distributed environment where there are a number of potential adversaries and threats present, security has been outlined and incorporated at the architectural level of the system and so is the need to evaluate and measure the level of security achieved . In this paper we present a framework for security evaluation at the design and architectural phase of the system development. We have outlined the security objectives based on the security requirements of the system and analyzed the behavior of various software architectures styles. As the component-based development (CBD) is an important and widely used model to develop new large scale software due to various benefits like increased reuse, reduce time to market and cost. Our emphasis is on CBD and we have proposed a framework for the security evaluation of Component based software design and derived the security metrics for the main three pillars of security, confidentiality, integrity and availability based on the component composition, dependency and inter component data/information flow. The proposed framework and derived metrics are flexible enough, in way that the system developer can modify the metrics according to the situation and are applicable both at the development phases and as well as after development.
Бесплатно
Analysis of Base Station Assisted Novel Network Design Space for Edge-based WSNs
Статья научная
Limited and constrained energy resources of wireless sensor network should be used wisely to prolong sensor nodes lifetime. To achieve high energy efficiency and to increase wireless sensor network lifetime, sensor nodes are grouped together to form clusters. Organizing wireless sensor networks into clusters enables the efficient utilization of limited energy resources of the deployed sensor nodes. However, the problems of unbalanced energy consumption exist in intra and inter cluster communication, and it is tightly bound to the role and the location of a sensor nodes and cluster heads in the network. Also, clustering mechanism results in an unequal load distribution in the network. This paper presents an analytical and conceptual model of Energy-efficient edge-based network partitioning scheme proposed for wireless sensor networks. Also, it analyzes different network design space proposed for wireless sensor networks and evaluates their performance. From the experimental results it is observed that, with proper network organization mechanism, sensor network resources are utilized effectively to elevate network lifetime.
Бесплатно
Analysis of CRT-based watermarking technique for authentication of multimedia content
Статья научная
Watermarking techniques are widely used for image authentication and copyright protection. Weaknesses of the “A novel CRT-based watermarking technique for authentication of multimedia contents,” [12] are analyzed in this study. 4 attacks are proposed to analysis of this method. These attacks are most significant bits, modulo number, tamper detection probability calculation and algorithm analysis attacks. The proposed attacks clearly show that the crt-based method is a data hiding method but this method is not used as image authentication method. The title of presented method in Ref. [12] include “authentication” but the authors of Ref. [12] evaluated their method in view of copyright protection. The fragile watermarking methods for image authentication should consist of watermark generation, watermark embedding, watermark extraction and tamper detection but Ref. [12] has no watermark generation, tamper detection and tampered area localization algorithms. The proposed attacks are demonstrated that Ref. [12] cannot be utilized as an image authentication method and Ref. [12] is not effectively coded.
Бесплатно
Analysis of Cryptographic Protocols AKI, ARPKI and OPT using ProVerif and AVISPA
Статья научная
In recent years, the area of formal verification of cryptographic protocols became important because of the active intruders. These intruders can find out the flaws in the protocols and can use them to create attacks. To avoid such possible attacks, the protocols must be verified to check if the protocols contain any flaws. The formal verification tools have helped in verifying and correcting the protocols. Various tools are available these days for verifying the protocols. In this paper, the two verification tools namely ProVerif and AVISPA are used for analysis of protocols - AKI (Accountable Key Infrastructure), ARPKI (Attack Resilient Public Key Infrastructure) and OPT (Origin and Path Trace). A comparative evaluation of the selected tools is presented and revealed security properties of the protocols selected.
Бесплатно
Analysis of Host-Based and Network-Based Intrusion Detection System
Статья научная
Intrusion-detection systems (IDS) aim at de-tecting attacks against computer systems and networks or, in general, against information systems. Its basic aim is to protect the system against malwares and unauthorized access of a network or a system. Intrusion Detection is of two types Network-IDS and Host Based- IDS. This paper covers the scope of both the types and their result analysis along with their comparison as stated. OSSEC (HIDS) is a free, open source host-base intrusion detection system. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. While Snort (NIDS) is a lightweight intrusion detection system that can log packets coming across your network and can alert the user regarding any attack. Both are efficient in their own distinct fields.
Бесплатно
Analysis of Node Density and Pause Time Effects in MANET Routing Protocols using NS-3
Статья научная
Networks which function without having any centralized fixed infrastructure or central administration are called MANETs (Mobile Ad hoc Networks). These networks are formed by small or large set of mobile nodes and communicate through the wireless links. Such Networks requires best routing protocols to establish error-free and efficient communication links. MANETs has the property of dynamically changing topology due to their mobile nodes, which move from one place to another. Overall performance of MANET routing protocols depends upon various network and protocol parameters. Mobile ad hoc networks have the characteristics of self-forming and self-healing. The routing algorithms of the routing protocols ensure selection of routes and connectivity between the mobile nodes. This paper presents analysis of three well known routing protocols of MANETs, namely; AODV (Ad hoc On Demand Distance Vector), DSDV (Destination Sequenced Distance Vector) and OLSR (Optimized Link State Routing). Analyses of these routing protocols have been carried out using NS-3 (Network Simulator-3) by varying node density and node pause time. Different performance metrics such as throughput, packet delivery ratio, end to end delay, packet loss and normalized routing load have been considered for this analysis. This analysis concludes better performance of the OLSR routing protocol.a
Бесплатно
Analysis of QoS in Software Defined Wireless Network with Spanning Tree Protocol
Статья научная
Software Defined Network (SDN) is more dynamic, manageable, adaptive and programmable network architecture. This architecture separates the control plane from the forwarding plane that enables the network to become directly programmable. The programmable features of SDN technology has dramatically improved network efficiency and simplify the network configuration and resource management. SDN supports Open-Flow technology as forwarding function and centralized control successfully. Wireless environment has recently added to the SDN infrastructure that has rapidly emerged with Open-Flow protocol. To achieve more deterministic network behaviors, QoS provisioning is a necessary consideration. In this paper, the Spanning Tree Protocol (STP) has applied on a SDWN and then analyzed the Quality of Service (QoS) using Mininet-Wifi. STP protocol is used to suppress the occurrence of broadcast streams and observe the performance of the QoS parameters. Various parameters that determine QoS, such as, bandwidth utilization, packet transmission rate, round trip time, maximum obtained throughput, packet loss ratio, delay time is analyzed for different base stations defined in the SDWN architecture.
Бесплатно
Analysis of Reconfigurable Processors Using Petri Net
Статья научная
In this paper, we propose Petri net models for processing elements. The processing elements include: a general-purpose processor (GPP), a reconfigurable element (RE), and a hybrid element (combining a GPP with an RE). The models consist of many transitions and places. The model and associated analysis methods provide a promising tool for modeling and performance evaluation of reconfigurable processors. The model is demonstrated by considering a simple example. This paper describes the development of a reconfigurable processor; the developed system is based on the Petri net concept. Petri nets are becoming suitable as a formal model for hardware system design. Designers can use Petri net as a modeling language to perform high level analysis of complex processors designs processing chips. The simulation does with PIPEv4.1 simulator. The simulation results show that Petri net state spaces are bounded and safe and have not deadlock and the average of number tokens in first token is 0.9901 seconds. In these models, there are only 5% errors; also the analysis time in these models is 0.016 seconds.
Бесплатно
Analysis of User Identity Privacy in LTE and Proposed Solution
Статья научная
The mechanisms adopted by cellular technologies for user identification allow an adversary to collect information about individuals and track their movements within the network; and thus exposing privacy of the users to unknown risks. Efforts have been made toward enhancing privacy preserving capabilities in cellular technologies, culminating in Long Term Evolution LTE technology. LTE security architecture is substantially enhanced comparing with its predecessors 2G and 3G; however, LTE does not eliminate the possibility of user privacy attacks. LTE is still vulnerable to user identity privacy attacks. This paper includes an evaluation of LTE security architecture and proposes a security solution for the enhancement of user identity privacy in LTE. The solution is based on introducing of pseudonyms that replace the user permanent identifier (IMSI) used for identification. The scheme provides secure and effective identity management in respect to the protection of user privacy in LTE. The scheme is formally verified using proVerif and proved to provide an adequate assurance of user identity privacy protection.
Бесплатно
Analysis of VoIP over Wired & Wireless Network with Implementation of QoS CBWFQ & 802.11e
Статья научная
In this paper, we analyzed VoIP data rates to minimize the bandwidth efficiently as per user demand and reduced the budget cost before implementing VoIP service at any wired and wireless network. To accomplish these results different clock rates were used to assign bandwidth administratively, CODEC schemes (G.711 and G.729) to minimized data rates and QoS (Quality of Service) such as CBWFQ and 802.11e to sustain the voice quality in congestion over the wired and wireless networks. PRTG Grapher and LAN Traffic Generator software were used to monitor a bandwidth and create congestion artificially between the link of communicating two setup LANs wired and wireless.
Бесплатно
Analysis of the SYN Flood DoS Attack
Статья научная
The paper analyzes systems vulnerability targeted by TCP (Transmission Control Protocol) segments when SYN flag is ON, which gives space for a DoS (Denial of Service) attack called SYN flooding attack or more often referred as a SYN flood attack. The effects of this type of attack are analyzed and presented in OPNET simulation environment. Furthermore, the paper presents two anomaly detection algorithms as an effective mechanism against this type of attack. Finally, practical approaches against SYN flood attack for Linux and Windows environment which are followed by are shown.
Бесплатно
Analyzing Multiple Routing Configuration
Статья научная
Internet plays a vital role in communication. Determination of internet capability is done by Routing protocol. After a network fails, routing protocols have very slow convergence rate, which is a grave problem and needs to be tackled. Multiple Routing Configuration (MRC) is a technique which helps IP networks to recover very quickly from link and node failures. In MRC, packet forwarding persists on an optional link as soon as a failure is detected and additional information is always contained in the routers. This paper discusses the effect of packet size on throughput, packet delivery ratio, packet loss and delay for various routing protocols like OSPF, OSPF with 1 and 2 link breakage and MRC.
Бесплатно
Analyzing progressive-BKZ lattice reduction algorithm
Статья научная
BKZ and its variants are considered as the most efficient lattice reduction algorithms compensating both the quality and runtime. Progressive approach (gradually increasing block size) of this algorithm has been attempted in several works for better performance but actual analysis of this approach has never been reported. In this paper, we plot experimental evidence of its complexity over the direct approach. We see that a considerable time saving can be achieved if we use the output basis of the immediately reduced block as the input basis of the current block (with increased block size) successively. Then, we attempt to find pseudo-collision in SWIFFT hash function and show that a different set of parameters produces a special shape of Gram-Schmidt norms other than the predicted Geometric Series Assumptions (GSA) which the experiment suggests being more efficient.
Бесплатно
Analyzing the IPv6 Deployment Process in Palestine
Статья научная
This paper is to examine the IPv6 in Palestine and to examine where are Palestinian companies in the deployment process. Also, to examine if the infrastructure can withstand the transition to IPv6 or not. This study used quantitative research methods and collect the data through a survey from the Internet companies in Palestine as reported anonymously. Due to the lack of research related to the internet in Palestine, we saw that it is necessary to discover the internet companies and how much they achieved of the deployment process. The collected data have been analyzed and described using SPSS. The data analysis showed that one internet company representing 11% of the companies in Palestine did apply the transition process to IPv6, and the percentages have set a positive indicator for the transition process. It turns out that the other companies on their way to start deploying the IPv6.
Бесплатно
Anomaly Detection System in Secure Cloud Computing Environment
Статья научная
Continuous growth of using the information technologies in the modern world causes gradual accretion amounts of data that are circulating in information and telecommunication system. That creates an urgent need for the establishment of large-scale data storage and accumulation areas and generates many new threats that are not easy to detect. Task of accumulation and storing is solved by datacenters – tools, which are able to provide and automate any business process. For now, almost all service providers use quite promising technology of building datacenters – Cloud Computing, which has some advantages over its traditional opponents. Nevertheless, problem of the provider's data protection is so huge that risk to lose all your data in the "cloud" is almost constant. It causes the necessity of processing great amounts of data in real-time and quick notification of possible threats. Therefore, it is reasonable to implement in data centers' network an intellectual system, which will be able to process large datasets and detect possible breaches. Usual threat detection methods are based on signature methods, the main idea of which is comparing the incoming traffic with databases of known threats. However, such methods are becoming ineffective, when the threat is new and it has not been added to database yet. In that case, it is more preferable to use intellectual methods that are capable of tracking any unusual activity in specific system – anomaly detection methods. However, signature module will detect known threats faster, so it is logical to include it in the system too. Big Data methods and tools (e.g. distributed file system, parallel computing on many servers) will provide the speed of such system and allow to process data dynamically. This paper is aimed to demonstrate developed anomaly detection system in secure cloud computing environment, show its theoretical description and conduct appropriate simulation. The result demonstrate that the developed system provides the high percentage (>90%) of anomaly detection in secure cloud computing environment.
Бесплатно
Anomaly Detection in Network Traffic Using Selected Methods of Time Series Analysis
Статья научная
In this paper a few methods for anomaly detection in computer networks with the use of time series methods are proposed. The special interest was put on Brown's exponential smoothing, seasonal decomposition, naive forecasting and Exponential Moving Average method. The validation of the anomaly detection methods has been performed using experimental data sets and statistical analysis which has shown that proposed methods can efficiently detect unusual situations in network traffic. This means that time series methods can be successfully used to model and predict a traffic in computer networks as well as to detect some unusual or unrequired events in network traffic.
Бесплатно
Application of Artificial Neural Network for Clutter Rejection
Статья научная
This paper deals with application of Artificial Neural Network (ANN) for Radar Clutter rejection, function approximation method of supervised ANN is applied here using back propagation algorithm. The database used for training and testing the ANN has been collected from simulating a moving vehicle in MATALAB(version 7.9) to obtain the RCS values at range and cross-range profiles. This work is validated by comparing received signal after clutter rejection with the received signal in no clutter condition.
Бесплатно
Application of Attribute Based Access Control Model for Industrial Control Systems
Статья научная
The number of reported security vulnerabilities and incidents related to the industrial control systems (ICS) has increased recent years. As argued by several researchers, authorization issues and poor access control are key incident vectors. The majority of ICS are not designed security in mind and they usually lack strong and granular access control mechanisms. The attribute based access control (ABAC) model offers high authorization granularity, central administration of access policies with centrally consolidated and monitored logging properties. This research proposes to harness the ABAC model to address the present and future ICS access control challenges. The proposed solution is also implemented and rigorously tested to demonstrate the feasibility and viability of ABAC model for ICS.
Бесплатно
Application of Biometrics in Mobile Voting
Статья научная
Voting process in today's era is behind its time in respect of the usage of modern ICT. The voting process is being seen mostly as a manual and paper based one. This process can be overwhelming, time-consuming and prone to security breaches and electoral fraud. Over the years technology related systems were being developed to resolve some of the issues like electoral fraud, impersonation, double voting etc. One such system is Electronic based voting that has been actively used for voting in countries like India. However, these systems seem to be prone to electoral frauds and voters have to make tremendous effort to cast their ballots. There are still a few very important areas which have to be identified and addressed viz., the Security which involves a person be able to vote in a secure manner, the time spent for voting by voters, the efficiency in counting of votes and the cost involved in employing people towards monitoring the voting process. So taking these areas/issues into consideration we have now come with the biometrics authenticated mobile voting system, to start with for a country like Jamaica. The technology being proposed now is novel and the first of its kind proposed at present. It is proposed that using fingerprint supported biometric control information and encryption along with Secure Socket Layer i.e. SSL using VeriSign, would make the software involved in the voting process well secured. In addition tying the credentials to a mobile device will make the system even more robust. We have considered the mobile equipment for the present system development, a smart phone using Android 3.0 (Honeycomb). The details of the proposed development are presented in this paper.
Бесплатно
Application of CL multi-wavelet transform and DCT in Information Hiding Algorithm
Статья научная
Taking advantage of a feature that allows theenergy of an image would gather and spread on four components (LL2, LH2, HL2 and HH2) in the sub image after first-order CL multi-wavelet transform, and Using the advantage of Discrete Cosine Transform in application of information hiding, propose an Information Hiding scheme based on CL multi-wavelet transform and Discrete Cosine Transform (abbreviated as CL-DCT). LL2 is embedded module of robust parameters (optimized code of Chebyshev scrambling and Hash value of embedding information). Embed hiding Information in LH2 and HL2 with RAID1 and fragile sign in HH2. Select a different range of DCT coefficients in LH2, HL2 and HH2. The embedding sequence of each bit plane is traversal according to Knight-tour rout. Experimental results indicate that the proposed scheme can increase invisibility and robustness separately by 5.24% and 28.33% averagely. In particular, the scheme has better ability against cutting attacks. The scheme has certain ability against steganalysis such as Higher Order Statistics based on wavelet coefficients. Moreover, the scheme has excellent sensitivity of image processing.
Бесплатно
