International Journal of Computer Network and Information Security @ijcnis
Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1148
Toward Constructing Cancellable Templates using K-Nearest Neighbour Method
Статья научная
The privacy of biometric data needs to be protected. Cancellable biometrics is proposed as an effective mechanism of protecting biometric data. In this paper a novel scheme of constructing cancellable fingerprint minutiae template is proposed. Specifically, each real minutia point from an original template is mapped to a neighbouring fake minutia in a user-specific randomly generated synthetic template using the k-nearest neighbour method. The recognition template is constructed by collecting the neighbouring fake minutiae of the real minutiae. This scheme has two advantages: (1) An attacker needs to capture both the original template and the synthetic template in order to construct the recognition template; (2) A compromised recognition template can be cancelled easily by replacing the synthetic template. Single-neighboured experiments of self-matching, nonself-matching, and imposter matching are carried out on three databases: DB1B from FVC00, DB1B from FVC02, and DB1 from FVC04. Double-neighboured tests are also conducted for DB1B from FVC02. The results show that the constructed recognition templates can perform more accurately than the original templates and it is feasible to construct cancellable fingerprint templates with the proposed approach.
Бесплатно
Toward Security Test Automation for Event Driven GUI Web Contents
Статья научная
The web is taking recently a large percentage of software products. The evolving nature of web applications put a serious challenge on testing, if we consider the dynamic nature of the current web. More precisely, testing both blocked contents and AJAX interfaces, might create new challenges in terms of test coverage and completeness. In this paper, we proposed enhancements and extensions of the current test automation activities. In the proposed framework, user interaction with AJAX interfaces is used to collect DOM violation states. A blocked content is accessed through multiple forms' submission with dynamic contents, and in each iteration the vulnerability events databases are modified. Next, the test cases database of possible vulnerable inputs for both AJAX and blocked contents is built. Finally, Coverage assessment is evaluated after executing those test cases based on several possible coverage aspects.
Бесплатно
Статья научная
Now, it is unarguable that cyber threats arising from malicious codes such as worms possesses the ability to cause losses, damages and disruptions to industries that utilize ICT infrastructure for meaningful daily work. More so for wireless sensor networks (WSN) which thrive on open air communications. As a result epidemic models are used to study propagation patterns of these malicious codes, although they favor horizontal transmissions. Specifically, the literature dealing with the analysis of worms that are both vertically and horizontally (transmitted) is not extensive. Therefore, we propose the Vulnerable–Latent–Breaking Out–Temporarily Immune–Inoculation (VLBTV-I) epidemic model to investigate both horizontal and vertical worm transmission in wireless sensor networks. We derived the solutions of the equilibriums as well as the epidemic threshold for two topological expressions (gleaned from literature). Furthermore, we employed the Runge-Kutta-Fehlberg order 4 and 5 method to solve, simulate and validate our proposed models. Critically, we analyzed the impact of both vertical and horizontal transmissions on the latent and breaking out compartments using several simulations experiments.
Бесплатно
Towards Performance Evaluation of Cognitive Radio Network in Realistic Environment
Статья научная
The scarcity of free spectrum compels us to look for alternatives for ever increasing wireless applications. Cognitive Radios (CR) is one such alternative that can solve this problem. The network nodes having CR capability is termed as Cognitive Radio Network (CRN). To have communication in CRN a routing protocol is required. The primary goal of which is to provide a route from source to destination. Various routing protocols have been proposed and tested in idealistic environment using simulation software such as NS-2 and QualNet. This paper is an effort in the same direction but the efficacy is evaluated in realistic conditions by designing a simulator in MATLAB-7. To make the network scenario realistic obstacles of different shapes, type, sizes and numbers have been introduced. In addition to that the shape of the periphery is also varied to find the impact of it on routing protocols. From the results it is observed that the outcomes in the realistic and idealistic vary significantly. The reason for the same has also been discussed in this paper.
Бесплатно
Traffic Adaptive Small Cell Planning in Heterogeneous Networks
Статья научная
Small cell is a key enabler for massive connectivity and higher data rate in the future generation of a cellular communication system. Few challenges in heterogeneous networks (HetNets) are effective resource utilization and de- ployment of optimal small base stations (SBSs) under dynamic mobile traffic patterns. In this paper, we design a traffic adaptive small cell planning (TASCP) schema to minimize the deployment of SBSs, enhancing the network energy efficiency without compromising the user equipment’s QoS (UEs). The proposed TASCP consists of two phases: small cell formation (SCF) and small Cell optimization (SCO). SCF creates the initial association between the UEs and SBS. The SCF operates the modes (active/sleep) of SBSs according to the dynamic traffic load. Changing the mode of SBS from an active mode to a sleep mode is based on the traffic load shared by other neighboring SBSs, cooperatively. The proposed TASCP method is compared with state-of-the-art algorithms, i.e., the Self-organized SBS Deployment Strategy (SSDS) and UE Association and SBS On/Off (USOF) algorithm. The network performance is calculated in terms of network energy efficiency, throughput, convergence time, and active small base stations. The performance of the proposed TASCP significantly increases as compared to state-of-the-art algorithms.
Бесплатно
Traffic Engineering with Specified Quality of Service Parameters in Software-defined Networks
Статья научная
A method of traffic engineering (TE) based on the method of multi-path routing is proposed in the study. Today, one of the main challenges in networking is to organize an efficient TE system that will provide such parameters of quality of service (QoS) as the allowable value of packet loss and time for traffic re-routing. Traditional one-way routing facilities do not provide the required quality of service (QoS) parameters for TE. Modern computer networks use static and dynamic routing algorithms, which are characterized by big time complexity and a large amount of service information. This negatively affects the overall state of the network, namely: leads to network congestion, device failure, loss of information during routing and increases the time for traffic re-routing. Research has shown that the most promising way to solve the TE problem in computer networks is a comprehensive approach, which consists of multi-path routing, SDN technology and monitoring of the overall situation of the network. This paper proposes a method of traffic engineering in a software-defined network with specified quality of service parameters, which has reduced the time of traffic re-routing and the percentage of packet loss due to the combination of the centralized TE method and multi-path routing. From a practical point of view, the obtained method, will improve the quality of service in computer networks in comparison with the known method of traffic construction.
Бесплатно
Статья научная
Cloud storage environment permits the data holders to store their private data on remote cloud computers. Ciphertext Policy Attribute Based Encryption (CP-ABE) is an advanced method that assigns fine-grained access control and provides data confidentiality for accessing the cloud data. CP-ABE methods with small attribute universe limit the practical application of CP-ABE as the public parameter length linearly increases with the number of attributes. Further, it is necessary to provide a way to perform complex calculations during decryption on outsourced devices. In addition, the state-of-art techniques found it difficult to trace the traitor as well as revoke their attribute due to the complexity of ciphertext updation. In this paper, a concrete construction of CP-ABE technique has been provided to address the above limitations. The proposed technique supports large attribute universe, proxy decryption, traitor traceability, attribute revocation and ciphertext updation. The proposed scheme is proven to be secure under random oracle model. Moreover, the experimental outcomes reveal that our scheme is more time efficient than the existing schemes in terms of computation cost.
Бесплатно
Transaction-based QoS management in a Hybrid Wireless Superstore Environment
Статья научная
Hybrid wireless networks are extensively used in the superstores, market places, malls, etc. and provide high QoS (Quality of Service) to the end-users has become a challenging task. In this paper, we propose a policy-based transaction-aware QoS management architecture in a hybrid wireless superstore environment. The proposed scheme operates at the transaction level, for the downlink QoS management. We derive a policy for the estimation of QoS parameters, like, delay, jitter, bandwidth, availability, packet loss for every transaction before scheduling on the downlink. We also propose a QoS monitor which monitors the specified QoS and automatically adjusts the QoS according to the requirement. The proposed scheme has been simulated in hybrid wireless superstore environment and tested for various superstore transactions. The results shows that the policy-based transaction QoS management is enhance the performance and utilize network resources efficiently at the peak time of the superstore business.
Бесплатно
Tree-Based Matched RFID Yoking Making It More Practical and Efficient
Статья научная
A Radio Frequency Identification (RFID) yoking proof allows an off-line verifier to make sure whether two tags are simultaneously present. Due to off-line property, a reader cannot differentiate valid from invalid proof records when it probes tags, and would generate lots of useless data. This paper proposes a tree-based matched RFID yoking scheme which enhances the cost of identification from O(log N) to O(1), where N is the number of tags, and allows the reader to collect only those matched tags such that it significantly reduces useless data for the verifier to validate off-line.
Бесплатно
Triple Layered Encryption Algorithm for IEEE 802.11 WLANs in E-Government Services
Статья научная
Wireless local area network (WLAN) can provide e-government services at all levels, from local to national as the WLAN enabled devices have the flexibility to move from one place to another within offices while maintaining connectivity with the network. However, government organizations are subject to strict security policies and other compliance requirements. Therefore, WLAN must ensure the safeguard the privacy of individual data with the strictest levels of security. The 802.11 MAC specifications describe an encryption protocol called Wired Equivalent Privacy (WEP) which is used to protect wireless communications from eavesdropping. It is also capable of preventing unauthorized access. However, the WEP protocol often fails to accomplish its security goal due to the weakness in RC4 and the way it is applied in WEP protocol. This paper focuses the improvement of existing WEP protocol using the varying secret key for each transmission. This will remove the insecurities that currently make the RC4 unattractive for secured networking and this will add further cryptographic strength if applied to Rijndael algorithm. Our result shows that the proposed algorithm is more suitable for small and medium packets and AES for large packets.
Бесплатно
Trust Establishment in SDN: Controller and Applications
Статья научная
Software Defined Networks (SDNs) is a network technology developed to deal with several limitations faced by the current traditional networks. However, SDN itself is confronted with security challenges which emanates specifically from its platform, given the explosive growth in network attacks and threats. Though many solutions have been developed and proposed, the continual lack of trust between the SDN controller and the applications running atop the control plane poses a great security challenge. SDN controller can easily be attacked by malicious/compromised applications which can result in network failure as the controller represents a single point of failure. Though trust mechanisms to certify network devices exist, mechanisms to certify management applications are still not well developed. Therefore, this paper proposes a novel direct trust establishment framework between an OpenFlow-based SDN controller and applications. The objective is to ensure that SDN controller is protected and diverse applications that consumes network resources are always trusted throughout their lifetime. Additionally, the paper introduce the concept of trust access matrix and application identity to ensure efficient control of network resources. We believe that, if the proposed trust model is adopted in the OpenFlow architecture, it could go a long way to improve the security of the SDN.
Бесплатно
Trust Metric based Soft Security in Mobile Pervasive Environment
Статья научная
In the decentralized and highly dynamic environment like Mobile Pervasive Environments (MPE) trust and security measurement are two major challenging issues for community researchers. So far primarily many of architectural frameworks and models developed and being used. In the vision of pervasive computing where mobile applications are growing immensely with the potential of low cost, high performance, and user centric solutions. This paradigm is highly dynamic and heterogeneous and brings along trust and security challenges regarding vulnerabilities and threats due to inherent open connectivity. Despite advances in the technology, there is still a lack of methods to measure the security and level of trust and framework for the assessment and calculation of the degree of the trustworthiness. In this paper, we explore security and trust metrics concerns requirement and challenges to decide the trust computations metric parameters for a self-adaptive self-monitoring trust based security assurance in mobile pervasive environment. The objective is to identify the trust parameters while routing and determine the node behavior for soft security trust metric. In winding up, we put our efforts to set up security assurance model to deal with attacks and vulnerabilities requirements of system under exploration.
Бесплатно
Two-Layer Security of Images Using Elliptic Curve Cryptography with Discrete Wavelet Transform
Статья научная
Information security is an important part of the current interactive world. It is very much essential for the end-user to preserve the confidentiality and integrity of their sensitive data. As such, information encoding is significant to defend against access from the non-authorized user. This paper is presented with an aim to build a system with a fusion of Cryptography and Steganography methods for scrambling the input image and embed into a carrier media by enhancing the security level. Elliptic Curve Cryptography (ECC) is helpful in achieving high security with a smaller key size. In this paper, ECC with modification is used to encrypt and decrypt the input image. Carrier media is transformed into frequency bands by utilizing Discrete Wavelet Transform (DWT). The encrypted hash of the input is hidden in high-frequency bands of carrier media by the process of Least-Significant-Bit (LSB). This approach is successful to achieve data confidentiality along with data integrity. Data integrity is verified by using SHA-256. Simulation outcomes of this method have been analyzed by measuring performance metrics. This method enhances the security of images obtained with 82.7528db of PSNR, 0.0012 of MSE, and SSIM as 1 compared to other existing scrambling methods.
Бесплатно
Two-factor Mutual Authentication with Fingerprint and MAC Address Validation
Статья научная
Mobile Ad hoc NETworks (MANET), unlike typical wireless networks, may be used spontaneously without the need for centralized management or network environment. Mobile nodes act as mediators to help multi-hop communications in such networks, and most instances, they are responsible for all connectivity tasks. MANET is a challenging endeavor because these systems can be attacked, which can harm the network. As a result, security concerns become a primary factor for these types of networks. This article aims to present an efficient two-factor smart card-based passcode authentication technique for securing legitimate users on an unprotected network. This scheme enables the password resetting feature. A secured mechanism for sharing keys is offered by using the hash function. We present a new two-factor mutual authentication technique based on an entirely new mechanism called the virtual smart card. Compared to authentication, the proposed method has fewer computation processes but is more time efficient since it is based on a hash function. Additionally, this approach is resistant to most attacker behaviors, such as Mutual authentication, Gateway node bypassing attacks, DoS attacks, replay attacks, Man in the middle attacks, and stolen smart device attacks. Experimental results validate the efficiency of this scheme, and its security is also analyzed.
Бесплатно
UML Based Integrated Multilevel Checkpointing Algorithms for Cloud Computing Environment
Статья научная
Main objective of this research work is to improve the checkpoint efficiency for integrated multilevel checkpointing algorithms and prevent checkpointing from becoming the bottleneck of cloud data centers. In order to find an efficient checkpoint interval, checkpointing overheads has also considered in this paper. Traditional checkpointing methods stores persistently snapshots of the present job state and use them for resuming the execution at a later time. The attention of this research is strategies for deciding when and whether a checkpoint should be taken and evaluating them in regard to minimizing the induced monetary costs. By varying rerun time of checkpoints performance comparisons are which will be used to evaluate optimal checkpoint interval. The purposed fail-over strategy will work on application layer and provide highly availability for Platform as a Service (PaaS) feature of cloud computing.
Бесплатно
Understanding the evolution of ransomware: paradigm shifts in attack structures
Статья научная
The devasting effects of ransomware have continued to grow over the past two decades which have seen ransomware shift from just being opportunistic attacks to carefully orchestrated attacks. Individuals and business organizations alike have continued to fall prey to ransomware where victims have been forced to pay cybercriminals even up to $1 million in a single attack whilst others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyber threat to enterprise systems that can no longer be ignored. In this paper, we address the evolution of the ransomware and the associated paradigm shifts in attack structures narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems. We model the security state of the ransomware attack process as transitions of a finite state machine where state transitions depict breaches of confidentiality, integrity, and availability. We propose a ransomware categorization framework that classifies the virulence of a given ransomware based on a proposed classification algorithm that is based on data deletion and file encryption attack structures. The categories that increase in severity from CAT1 to CAT5 classify the technical prowess and the overall effectiveness of potential ways of retaining the data without paying the ransom demand. We evaluate our modeling approach with a WannaCry attack use case and suggest mitigation strategies and recommend best practices based on these models.
Бесплатно
Статья научная
The deployment of sensor nodes in underwater environment is constrained by some resources of sensor node like: energy, processing speed, cost and memory and also affected by dynamic nature of water. The main purpose of node deployment is to get the sensed data from the underwater environment. One of the major tasks is to cover the whole area in underwater and also there must be a full connectivity in the network so that each sensor nodes are able to send their data to the other sensor node. Some researchers use the concept of node mobility for better coverage and connectivity. This work proposes an efficient node deployment technique for enhancing the coverage and connectivity in underwater sensor network. Simulation results show good performance in terms of area coverage and connectivity.
Бесплатно
Статья научная
This work focuses on developing a universal onboard neural network system for restoring information when helicopter turboshaft engine sensors fail. A mathematical task was formulated to determine the occurrence and location of these sensor failures using a multi-class Bayesian classification model that incorporates prior knowledge and updates probabilities with new data. The Bayesian approach was employed for identifying and localizing sensor failures, utilizing a Bayesian neural network with a 4–6–3 structure as the core of the developed system. A training algorithm for the Bayesian neural network was created, which estimates the prior distribution of network parameters through variational approximation, maximizes the evidence lower bound of direct likelihood instead, and updates parameters by calculating gradients of the log-likelihood and evidence lower bound, while adding regularization terms for warnings, distributions, and uncertainty estimates to interpret results. This approach ensures balanced data handling, effective training (achieving nearly 100% accuracy on both training and validation sets), and improved model understanding (with training losses not exceeding 2.5%). An example is provided that demonstrates solving the information restoration task in the event of a gas-generator rotor r.p.m. sensor failure in the TV3-117 helicopter turboshaft engine. The developed onboard neural network system implementing feasibility on a helicopter using the neuro-processor Intel Neural Compute Stick 2 has been analytically proven.
Бесплатно
User's Profile Replication Tree and On Demand Replica Update in Wireless Communication
Статья научная
Replication strategy is mostly useful for replicating the called mobile user's profile at selected locations where some caller mobile users have higher calling rate. It plays important role in personal communication services (PCS) in order to reduce call setup cost and call setup time. In prior replication schemes, replicated sites (visitor location registers) have no inter relationship. We have proposed a novel and innovative replication tree which is buildup from replicated VLRs (visitor location registers). VLRs are replicated based on effective replication probability of caller mobile user. Home location register (HLR) keeps update replica at root VLR in the replication tree and root VLR forwards update replica to a VLR in the replication tree on demand. The main objective of the proposed scheme is to reduce call setup time and call setup cost by enabling replication of called mobile user's location profile at certain visitor location registers (VLRs) where caller mobile user roams. We have presented analytical modeling which shows that setting inter-relationship among the replicated sites helps in further reducing the call setup cost.
Бесплатно
Using Adaptive Neuro-Fuzzy Inference System in Alert Management of Intrusion Detection Systems
Статья научная
By ever increase in using computer network and internet, using Intrusion Detection Systems (IDS) has been more important. Main problems of IDS are the number of generated alerts, alert failure as well as identifying the attack type of alerts. In this paper a system is proposed that uses Adaptive Neuro-Fuzzy Inference System to classify IDS alerts reducing false positive alerts and also identifying attack types of true positive ones. By the experimental results on DARPA KDD cup 98, the system can classify alerts, leading a reduction of false positive alerts considerably and identifying attack types of alerts in low slice of time.
Бесплатно
