Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1066
Security Requirements Metrics for Pattern-Lock Applications on Mobile Devices
Статья научная
Pattern-Lock is one of graphical authentication schemes that shows high popularity today. Based on recent research, the security requirements metrics of Pattern-Lock applications have not proposed yet. The goal of this study is to define security requirements metrics for Pattern-Lock applications on mobile devices. Our study has identified 12 threat statements and 18 requirements statements by analyzing STRIDE (Spoofing the identity, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) and Extended Misuse Case diagram. To develop the metrics we have used Goal-Question-Metric (GQM) paradigm. Based on these, we develop 3 Goals and 7 Questions and resulted in 20 metrics for security requirements. The metrics have been evaluated using 30 App Locker Android applications, and the results show that some metrics have higher values than others. Number of Pattern Characteristics that Successfully Detected, Ability to Relock, and Grid Size metrics have the three highest values. These metrics requires higher priorities to look into when developers need to build the App Locker applications. Moreover, developers should ensure that App Locker applications have values higher than average of security goals and metrics achievements.
Бесплатно
Статья научная
This paper deals with the description of the threats to mobile devices and suggests the security software that provides comprehensive protection of personal data and mobile telephone from malware and illegal activity of cyber criminals. The developed security software Green Head protects personal smartphones of majority of brands from spam, viruses and unauthorized access. It is an innovative software product ensuring information security of mobile phones from all currently existing threats that today does not have any full analogs. Green Head security software warns the user about wiretapping, which keeps professional and personal confidential information intact. The developed security software is universal for people using mobile phones in professional and personal life because any stored information is protected from various attacks.
Бесплатно
Статья научная
Compared with the conventional control systems, networked control systems (NCSs) are more open to the external network. As a result, they are more vulnerable to attacks from disgruntled insiders or malicious cyber-terrorist organizations. Therefore, the security issues of NCSs have been receiving a lot of attention recently. In this brief, we review the existing literature on security issues of NCSs and propose some security solutions for the DC motor networked control system. The typical Data Encryption Standard (DES) algorithm is adopted to implement data encryption and decryption. Furthermore, we design a Detection and Reaction Mechanism (DARM) on the basis of DES algorithm and the improved grey prediction model. Finally, our proposed security solutions are tested with the established models of deception and DOS attacks. According to the results of numerical experiments, it's clear to see the great feasibility and effectiveness of the proposed solutions above.
Бесплатно
Security against Sample Pair Steganalysis in Eight Queens Data Hiding Technique
Статья научная
There are many steganalysis methods, which can estimate length of a message embedded in least significant bits. It may be embedded either in spatial domain or in frequency domain. The well known approaches are Chi – Square test, RS steganalysis and Sample Pair steganalysis. Many commercial steganographic programs are based on LSB method. It is important to ensure undetectablity of a hidden message in a carrier. We present an analysis of steganographic security on data hiding approach using eight queen solutions. In this approach, relationship between message bytes and 8-queen solutions is embedded in the cover. Further, we propose a new approach to adjust the statistical properties of the cover image in such a way that the steganalyst may not be able to detect the presence of hidden message. The proposed approach is tested using steganalysis tool STEGEXPOSE and the experimental results found are within acceptable range.
Бесплатно
Security evaluation of cellular networks handover techniques
Статья научная
This paper examined the handovers in cellular networks from both functional and informational security point of view. The aim was to find out if the security goals of confidentiality, integrity and availability (CIA) are preserved during handovers. Whereas functional security is concerned with the proper operation of the handover procedures, informational security deals with confidentiality and integrity of the handover process. The global system for mobile communication provides data and voice communication services by partitioning coverage areas into hexagonal cells. Since mobility is a prime feature of cellular networks, handovers become significant for the continuity of ongoing calls. However, if these handovers are not handled carefully, session hijacking, masquerading and denial of service can be launched by transmitting at the correct timeslot and frequency. The results of the security investigation of the current handover techniques, methods, procedures, schemes and criteria revealed that the CIA triad was not assured during the handover period. The root cause of these attacks is high latency between handover request and handover execution. To address these shortcomings, this paper proposes an authenticated multi-factor neuro fuzzy handover protocol with low latency for both homogenous and heterogeneous cellular environments.
Бесплатно
Security policy modelling in the mobile agent system
Статья научная
The mobile agent security problem limits the use of mobile agent technology and hinders its extensibility and application because the constantly progressed complexity and extension at the level of systems and applications level increase the difficulty to implement a common security system as well as an anticipated security policy. Ontology is considered one of the most important solutions to the problem of heterogeneity. In this context, our work consists of constructing mobile agent domain security ontology (MASO) in order to eliminate semantic differences between security policies in this domain. We use the OWL language under the protected software to construct this ontology. Then, we chose the WS-Policy standard to model security policies, these policies are structured in forms of security requirements and capabilities. To determine the level of semantic correspondence between security policies we are developing an algorithm called "Matching-algorithm" with Java language and two APIs (Jena API and Jdom API) to manipulate the MASO ontology and security policies.
Бесплатно
Security protocol of keys management system for transmission encrypted data
Статья научная
One of the essential obstacles for the deployment of multicast is the lack of protection. And in multicast security, key management for securing organization or group communication is an important area that desires to be addressed. This paper will give an overview of four key management methods and Kerberos protocol. Cryptographic methods are frequently used for secure Data transmission wireless networks. Most cryptographic approaches can be symmetric and asymmetric, depending on the manner of the utilized keys. There are many kinds of key management methods which have been suggested for secure data transmission. This research includes a study of different key management methods to find an efficient key management for Secure and Reliable data transmission in the network. The experimental results showed that the fourth method represents the optimal key management method because it was providing a more secure way for the transmitted data, and the total time for data retrieval was (314.065, 376.119, 590.348, and 474.881) for the four key management methods sequentially to retrieve 71923records. The first three key management methods depend on symmetric key cryptography and the fourth key management method is a hybrid method, it was dependent on symmetric and asymmetric key cryptography, symmetric in the case of using user shared key and asymmetric in case of using server private key and this was unknown for any one.
Бесплатно
Статья научная
Mobile wallet is a payment platform that stores money as a value in a digital account on mobile device which can then be used for payments with or without the need for the use credit/debit cards. The cases of cyber-attacks are on the rise, posing threats to the confidentiality, integrity and availability of information systems including the mobile wallet transactions. Due to the adverse impacts of cyber-attacks on the mobile payment service providers and the users, as well as the risks associated with the use of information systems, performing risk management becomes imperative for business organizations. This research work focuses on the assessment of the vulnerabilities associated with mobile wallet transactions and performs an empirical risk management in order to derive the security priority level needed to ensure the security and privacy of the users of mobile wallet platforms. Based on the extensive literature review, a structured questionnaire was designed and administered to the mobile wallet users who are Paga student customers via the internet. A total number of 52 respondents participated in the research and their responses were analyzed using descriptive statistics. The results of the analysis show that mobile wallet Login details are the most important part of customer information that need to be highly protected as their compromise is likely to affect others. Also, customers’ information such as Mobile Wallet Account Number, Registered Phone Number, Linked ATM Card details, and Linked ATM Card PIN among others are also plausible to attacks. Hence, different security priority levels were derived to safeguard each of the components and possible security tools and mechanisms are recommended. The study also revealed that there are vulnerabilities from the mobile wallet users end that also pose threat to the security of the payment system and customers’ transaction which need to be properly addressed. This research work will enable the mobile payment service providers focus on their services and prioritize the security solutions for each user’s information types or components base on the risks associated with their system and help in taking an inform security related decisions.
Бесплатно
Security, Privacy and Trust Challenges in Cloud Computing and Solutions
Статья научная
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing recently emerged as a promising solution to information technology (IT) management. IT managers look to cloud computing as a means to maintain a flexible and scalable IT infrastructure that enables business agility. As much as the technological benefits, cloud computing also has risks involved. In this paper Cloud Computing security challenges will be discussed and proposed many new recommendations to increase security and trust also maintaining privacy.
Бесплатно
Selection of Next Generation Anti-Virus against Virus Attacks in Networks Using AHP
Статья научная
Defending against virus attacks in network is a vital part of network security. With the rapid evolution of viruses, its defense mechanism has also been evolved over the years. But given the diversity and complexity of virus propagation and its attack behavior, no defense mechanism is equipped fully to protect the network from such attacks. Several antiviruses are available in the market. But none can give full proof solution to malicious attacks in communication networks. In this paper we present a mechanism to measure and compare the relative ability of antivirus against various kinds of viruses. We construct a hierarchical structure for different virus defense mechanism. Using Analytical Hierarchy Process (AHP) we construct a pair wise comparison matrix and find the value of corresponding Eigen vectors; we then apply the theory of AHP to calculate weight of each defense index. We validated our technique with an example. Our method can provide a strong reference to design an optimal network security solution.
Бесплатно
Selective Video Encryption Using the Cross Coupling of One-dimensional Logistic Maps
Статья научная
H.264 videos have been the most shared type of video format in recent times and hence its security is a major issue. The techniques presented in the recent times incur complex computations. The major research objective is to design an efficient Chaotic Selective Video Encryption (CSVE) technique which can result in a better visual degradation of the encrypted video with less computational complexity. In the proposed work, in order to secure the H.264 videos, two one-dimensional logistic maps are cross coupled in the chaotic encryption technique which uses a lookup table for data conversion. The technique is evaluated using different performance metrics like Peak Signal to Noise Ratio (PSNR), entropy, statistical analysis etc along with the traditional logistic map. The work is compared with some recent techniques in terms of PSNR and was found out that the proposed technique has better encryption effect.
Бесплатно
Self Organized Replica Overlay Scheme for P2P Networks
Статья научная
Peer-to-Peer (P2P) systems are widely used for data sharing applications in an autonomous and decentralized mode. P2P systems are suitable for large-scale distributed environments in which nodes can share resources other than data such as computing power, memory and network bandwidth. Some of important parameters that affect the performance of P2P systems are peer availability, data availability, network overhead, overlay structure, churn rate, and data access time. In this paper a self organized replica overlay scheme "Improved Hierarchical Quorum Consensus" (IHQC) for P2P systems is proposed. This scheme organizes replicas in a Self Organized Hierarchical Logical Structure (SOHLS) that has special properties. The scheme improves performance of the system by reducing search time to form read/write quorums, reducing probability of accessing stale data, improving degree of intersection among consecutive quorums and reducing network overhead. This scheme is highly fault tolerant (tolerate up to faults) due to replication of data and inherits the best property of Read-One-Write-All (ROWA) protocol in a dynamic environment of P2P network. The architecture for IHQC is also proposed for implementing the scheme that supports improved performance of P2P systems. This scheme also maximizes the degree of intersection set of read and write quorums; hence, having higher probability to get updated data as compared to all other schemes. The mathematical correctness of the scheme is also presented in the paper. The results of simulation study of the proposed scheme also support and verify its better performance than Random and Hierarchical Quorum Scheme.
Бесплатно
Статья научная
Vehicle ad hoc networks, or VANETs, are highly mobile wireless networks created to help with traffic monitoring and vehicular safety. Security risks are the main problems in VANET. To handle the security threats and to increase the performance of VANETs, this paper proposes an enhanced trust based aggregate model. In the proposed system, a novel adaptive nodal attack detection approach - entropy-based SVM with linear regression addresses the trust factor with kernel density estimation generating the trustiness value thereby classifying the malicious nodes against the trusted nodes in VANETs. Defending the VANETs is through a novel reliance node estimation approach - Bayesian self-healing AIS with Pearson correlation coefficient aggregate model isolating the malicious node thereby the RSU cluster communication getting secure. Furthermore, even a reliable node may be exploited to deliver harmful messages and requires the authority of both the data and the source node to be carried out by the onboard units of the vehicles getting the reports of incident. DoS attacks (Denial of Service) disrupting the usual functioning of the network leads to inaccessible network to its intended users thereby endangering human lives. The proposed system is explicitly defending the VANET against DoS attacks as it predicts the attack without compromising the performance of the VANET handling nodes with various features and functions based on evaluating the maliciousness of attacking nodes accurately and isolating the intrusion. Furthermore, the performance evaluations prove the effectiveness of the proposed work with increased detection rate by 97%, reduced energy consumption by 39% and reduced latency by 25% compared to the existing studies.
Бесплатно
Semi-Distributed Coordinative Switch Beamforming with Power Scheduling
Статья научная
Beam cooperative scheduling of a downlink transmission is an important technique to improve the spectrum efficiency in next generation mobile networks. This paper focuses on switched beams (the emission angles of the beams are fixed) and proposes a joint beam-power coordinative scheduling algorithm among neighbor sectors in the downlink of mobile systems. Each sector coordinates the applied order and transmitted power of the beams with adjacent interfering sector, so as to reduce inter-sector interference and maximize throughputs. The scheduling problem is modeled as a constrained optimization problem and solved by our proposed iterative approach. Computer simulation shows that the proposed approach significantly outperform the existing round robin beam servicing approach and the approach that applies only beam cooperative scheduling.
Бесплатно
Semi-Physical Simulation of RR/S Attitude Algorithm Based on Non-Holonomic IMU
Статья научная
Rolling Rocket/Shell (RR/S) can effectively overcome the impact point error caused by the asymmetry of aerodynamic appearance and mass eccentricity .etc. The spatial attitude of RR/S in the process of flight must be studied for that RR/S realizes the guidance control and improves the falling point precision. This paper introduces a semi physical simulation of RR/S attitude algorithm based on non-holonomic Inertial Measurement Unit (IMU) which is composed of 3 orthogonal import rate gyroscopes. It adopts the 902E-1 two-axis turntable to simulate the spatial attitude of RR/S, and uses the non-holonomic IMU, which is fixed on the turntable by ensuring the axes of them to be aimed, to measure the 3-axis angular rate motion of the turntable. By setting the motion condition of the turntable, we can get the 3-axis angular rate data of the IMU and the 3-axis angular position data of the turntable. The attitude algorithm simulation of IMU adopts the four-sample rotation vector algorithm based on MTLAB/Simulink. The simulation results show that the semi-physical simulation method can model the spatial attitude of RR/S truly and provide exact and real-time attitude information of RR/S which is rolling in the two-axis complex movement condition.
Бесплатно
Semifragile Watermarking Schemes for Image Authentication- A Survey
Статья научная
Digital images are very easy to manipulate, store, publish and secondary creation this juggle will lead to serious consequence in some applications such as military image, medical image. So, integrity of digital image must be authenticated. Tools that help us establish the authenticity and integrity of digital media are thus essential and can prove vital whenever questions are raised about the origin of an image and its content. To project authenticity of images semi fragile watermarking is very concerned by researchers because of its important function in content authentication. Semifragile watermarking aim to monitor contents of images not its representations. In present paper various semi fragile water marking algorithm are studied using some image quality matrices, insertion methods used, verification method . Finally some observations are given based on literature survey of algorithms and techniques of semifragile watermarking techniques
Бесплатно
Sensitive Data Identification and Security Assurance in Cloud and IoT based Networks
Статья научная
Sensitive data identification is a vital strategy in any distributed system. However, in the case of non-appropriate utilization of the system, sensitive data security can be at risk. Therefore, sensitive data identification and its security validation are mandatory. The paper primarily focuses on novel sensitive data recognition methodologies. Further, the sensitivity score of the attributes distinguishes non-sensitive attributes, and domain expert plays an important role in this process. The designing of the security assurance Algo and their corresponding decision tables make the system more robust and reliable. The result section is validated with the help of graphical representation, which clearly makes the authenticity of the research work. In summary, the authors may say that the sensitive data identification and security assurance of the proposed system is automated and work optimally in a cloud-based system.
Бесплатно
Sentiment Analysis CSAM Model to Discover Pertinent Conversations in Twitter Microblogs
Статья научная
In recent years, the most exploited sources of information such as Facebook, Instagram, LinkedIn and Twitter have been considered to be the main sources of misinformation. The presence of false information in these social networks has a very negative impact on the opinions and the way of thinking of Internet users. To solve this problem of misinformation, several techniques have been used and the most popular is the sentiment analysis. This technique, which consists in exploring opinions on corpora of texts, has become an essential topic in this field. In this article, we propose a new approach, called Conversational Sentiment Analysis Model (CSAM), allowing, from a text written on a subject through messages exchanged between different users, called a conversation, to find the passages describing feelings, emotions, opinions and attitudes. This approach is based on: (i) the conditional probability in order to analyse sentiments of different conversation items in Twitter microblog, which are characterized by small sizes, the presence of emoticons and emojis, (ii) the aggregation of conversation items using the uncertainty theory to evaluate the general sentiment of conversation. We conducted a series of experiments based on the standard Semeval2019 datasets, using three standard and different packages, namely a library for sentiment analysis TextBlob, a dictionary, a sentiment reasoner Flair and an integration-based framework for the Vader NLP task. We evaluated our model with two dataset SemEval 2019 and ScenarioSA, the analysis of the results, which we obtained at the end of this experimental study, confirms the feasibility of our model as well as its performance in terms of precision, recall and F-measurement.
Бесплатно
Server-Side Encrypting and Digital Signature Platform with Biometric Authorization
Статья научная
The most important shortcomings of solutions based on public key infrastructure and digital signatures are: costs, ambiguous laws, and nuisance of daily use. The purpose of this article is to discuss the motivation and benefits, as well as a presentation of concepts, high-level architecture, and demonstration of the operation of bioPKI; i.e., a server-side encryption and digital signature platform with biometric authorization. The usefulness of even the most advanced platform of any type is negligible if convenient and easy-to-implement mechanisms are not provided to integrate this solution with external systems and applications. Thus, the possibility of integrating the bioPKI platform with applications and systems supporting PKCS#11 or CryptoAPI CSP is discussed.
Бесплатно
Статья научная
Mobile Ad-Hoc networks (MANETs) can be classified as Decentralized, Independent and Self- Organizing dynamic networks of intellectual movable nodes. In such networks, devices are connected by provisional wireless links. Dynamic topology imposes challenges in developing an efficient routing protocol, for enabling successful communication between mobile devices. Based on the nature of working, proactive & reactive protocols are the two broadly classified categories of routing protocols. This paper presents, relative experimental analysis of proactive routing protocols viz., Optimized Link State Routing Protocol (OLSR) and its variant (Kenji Yamada et al., 2010) with Cooperative Multi-Point Relay (MPR) Selection. To compare OLSR and its variant protocol, the Network Simulator- 2.35 is used to carry out numerous simulations, on arbitrary scenarios, by varying the number of network nodes & mobility of nodes. As per the simulation outcomes, the OLSR with a cooperative MPR selection has outperformed the traditional OLSR protocol in static scenarios or when the network load has been varied. On the contrary, the traditional OLSR protocol has performed better in mobile scenarios. But, as demonstrated from various experimentations, it exhibits higher Routing Overheads as compared to its variant protocol. Further, on the basis of simulation results, efforts can be made in the direction of performance optimization of OLSR and its variant protocol, to improve its performance in highly mobile scenarios as well, keeping in view other performance metrics.
Бесплатно
