International Journal of Computer Network and Information Security @ijcnis
Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1201
Transaction-based QoS management in a Hybrid Wireless Superstore Environment
Статья научная
Hybrid wireless networks are extensively used in the superstores, market places, malls, etc. and provide high QoS (Quality of Service) to the end-users has become a challenging task. In this paper, we propose a policy-based transaction-aware QoS management architecture in a hybrid wireless superstore environment. The proposed scheme operates at the transaction level, for the downlink QoS management. We derive a policy for the estimation of QoS parameters, like, delay, jitter, bandwidth, availability, packet loss for every transaction before scheduling on the downlink. We also propose a QoS monitor which monitors the specified QoS and automatically adjusts the QoS according to the requirement. The proposed scheme has been simulated in hybrid wireless superstore environment and tested for various superstore transactions. The results shows that the policy-based transaction QoS management is enhance the performance and utilize network resources efficiently at the peak time of the superstore business.
Бесплатно
Tree-Based Matched RFID Yoking Making It More Practical and Efficient
Статья научная
A Radio Frequency Identification (RFID) yoking proof allows an off-line verifier to make sure whether two tags are simultaneously present. Due to off-line property, a reader cannot differentiate valid from invalid proof records when it probes tags, and would generate lots of useless data. This paper proposes a tree-based matched RFID yoking scheme which enhances the cost of identification from O(log N) to O(1), where N is the number of tags, and allows the reader to collect only those matched tags such that it significantly reduces useless data for the verifier to validate off-line.
Бесплатно
Triple Layered Encryption Algorithm for IEEE 802.11 WLANs in E-Government Services
Статья научная
Wireless local area network (WLAN) can provide e-government services at all levels, from local to national as the WLAN enabled devices have the flexibility to move from one place to another within offices while maintaining connectivity with the network. However, government organizations are subject to strict security policies and other compliance requirements. Therefore, WLAN must ensure the safeguard the privacy of individual data with the strictest levels of security. The 802.11 MAC specifications describe an encryption protocol called Wired Equivalent Privacy (WEP) which is used to protect wireless communications from eavesdropping. It is also capable of preventing unauthorized access. However, the WEP protocol often fails to accomplish its security goal due to the weakness in RC4 and the way it is applied in WEP protocol. This paper focuses the improvement of existing WEP protocol using the varying secret key for each transmission. This will remove the insecurities that currently make the RC4 unattractive for secured networking and this will add further cryptographic strength if applied to Rijndael algorithm. Our result shows that the proposed algorithm is more suitable for small and medium packets and AES for large packets.
Бесплатно
Trust Establishment in SDN: Controller and Applications
Статья научная
Software Defined Networks (SDNs) is a network technology developed to deal with several limitations faced by the current traditional networks. However, SDN itself is confronted with security challenges which emanates specifically from its platform, given the explosive growth in network attacks and threats. Though many solutions have been developed and proposed, the continual lack of trust between the SDN controller and the applications running atop the control plane poses a great security challenge. SDN controller can easily be attacked by malicious/compromised applications which can result in network failure as the controller represents a single point of failure. Though trust mechanisms to certify network devices exist, mechanisms to certify management applications are still not well developed. Therefore, this paper proposes a novel direct trust establishment framework between an OpenFlow-based SDN controller and applications. The objective is to ensure that SDN controller is protected and diverse applications that consumes network resources are always trusted throughout their lifetime. Additionally, the paper introduce the concept of trust access matrix and application identity to ensure efficient control of network resources. We believe that, if the proposed trust model is adopted in the OpenFlow architecture, it could go a long way to improve the security of the SDN.
Бесплатно
Trust Metric based Soft Security in Mobile Pervasive Environment
Статья научная
In the decentralized and highly dynamic environment like Mobile Pervasive Environments (MPE) trust and security measurement are two major challenging issues for community researchers. So far primarily many of architectural frameworks and models developed and being used. In the vision of pervasive computing where mobile applications are growing immensely with the potential of low cost, high performance, and user centric solutions. This paradigm is highly dynamic and heterogeneous and brings along trust and security challenges regarding vulnerabilities and threats due to inherent open connectivity. Despite advances in the technology, there is still a lack of methods to measure the security and level of trust and framework for the assessment and calculation of the degree of the trustworthiness. In this paper, we explore security and trust metrics concerns requirement and challenges to decide the trust computations metric parameters for a self-adaptive self-monitoring trust based security assurance in mobile pervasive environment. The objective is to identify the trust parameters while routing and determine the node behavior for soft security trust metric. In winding up, we put our efforts to set up security assurance model to deal with attacks and vulnerabilities requirements of system under exploration.
Бесплатно
Two-Layer Security of Images Using Elliptic Curve Cryptography with Discrete Wavelet Transform
Статья научная
Information security is an important part of the current interactive world. It is very much essential for the end-user to preserve the confidentiality and integrity of their sensitive data. As such, information encoding is significant to defend against access from the non-authorized user. This paper is presented with an aim to build a system with a fusion of Cryptography and Steganography methods for scrambling the input image and embed into a carrier media by enhancing the security level. Elliptic Curve Cryptography (ECC) is helpful in achieving high security with a smaller key size. In this paper, ECC with modification is used to encrypt and decrypt the input image. Carrier media is transformed into frequency bands by utilizing Discrete Wavelet Transform (DWT). The encrypted hash of the input is hidden in high-frequency bands of carrier media by the process of Least-Significant-Bit (LSB). This approach is successful to achieve data confidentiality along with data integrity. Data integrity is verified by using SHA-256. Simulation outcomes of this method have been analyzed by measuring performance metrics. This method enhances the security of images obtained with 82.7528db of PSNR, 0.0012 of MSE, and SSIM as 1 compared to other existing scrambling methods.
Бесплатно
Two-factor Mutual Authentication with Fingerprint and MAC Address Validation
Статья научная
Mobile Ad hoc NETworks (MANET), unlike typical wireless networks, may be used spontaneously without the need for centralized management or network environment. Mobile nodes act as mediators to help multi-hop communications in such networks, and most instances, they are responsible for all connectivity tasks. MANET is a challenging endeavor because these systems can be attacked, which can harm the network. As a result, security concerns become a primary factor for these types of networks. This article aims to present an efficient two-factor smart card-based passcode authentication technique for securing legitimate users on an unprotected network. This scheme enables the password resetting feature. A secured mechanism for sharing keys is offered by using the hash function. We present a new two-factor mutual authentication technique based on an entirely new mechanism called the virtual smart card. Compared to authentication, the proposed method has fewer computation processes but is more time efficient since it is based on a hash function. Additionally, this approach is resistant to most attacker behaviors, such as Mutual authentication, Gateway node bypassing attacks, DoS attacks, replay attacks, Man in the middle attacks, and stolen smart device attacks. Experimental results validate the efficiency of this scheme, and its security is also analyzed.
Бесплатно
UML Based Integrated Multilevel Checkpointing Algorithms for Cloud Computing Environment
Статья научная
Main objective of this research work is to improve the checkpoint efficiency for integrated multilevel checkpointing algorithms and prevent checkpointing from becoming the bottleneck of cloud data centers. In order to find an efficient checkpoint interval, checkpointing overheads has also considered in this paper. Traditional checkpointing methods stores persistently snapshots of the present job state and use them for resuming the execution at a later time. The attention of this research is strategies for deciding when and whether a checkpoint should be taken and evaluating them in regard to minimizing the induced monetary costs. By varying rerun time of checkpoints performance comparisons are which will be used to evaluate optimal checkpoint interval. The purposed fail-over strategy will work on application layer and provide highly availability for Platform as a Service (PaaS) feature of cloud computing.
Бесплатно
Understanding the evolution of ransomware: paradigm shifts in attack structures
Статья научная
The devasting effects of ransomware have continued to grow over the past two decades which have seen ransomware shift from just being opportunistic attacks to carefully orchestrated attacks. Individuals and business organizations alike have continued to fall prey to ransomware where victims have been forced to pay cybercriminals even up to $1 million in a single attack whilst others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyber threat to enterprise systems that can no longer be ignored. In this paper, we address the evolution of the ransomware and the associated paradigm shifts in attack structures narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems. We model the security state of the ransomware attack process as transitions of a finite state machine where state transitions depict breaches of confidentiality, integrity, and availability. We propose a ransomware categorization framework that classifies the virulence of a given ransomware based on a proposed classification algorithm that is based on data deletion and file encryption attack structures. The categories that increase in severity from CAT1 to CAT5 classify the technical prowess and the overall effectiveness of potential ways of retaining the data without paying the ransom demand. We evaluate our modeling approach with a WannaCry attack use case and suggest mitigation strategies and recommend best practices based on these models.
Бесплатно
Статья научная
The deployment of sensor nodes in underwater environment is constrained by some resources of sensor node like: energy, processing speed, cost and memory and also affected by dynamic nature of water. The main purpose of node deployment is to get the sensed data from the underwater environment. One of the major tasks is to cover the whole area in underwater and also there must be a full connectivity in the network so that each sensor nodes are able to send their data to the other sensor node. Some researchers use the concept of node mobility for better coverage and connectivity. This work proposes an efficient node deployment technique for enhancing the coverage and connectivity in underwater sensor network. Simulation results show good performance in terms of area coverage and connectivity.
Бесплатно
Статья научная
This work focuses on developing a universal onboard neural network system for restoring information when helicopter turboshaft engine sensors fail. A mathematical task was formulated to determine the occurrence and location of these sensor failures using a multi-class Bayesian classification model that incorporates prior knowledge and updates probabilities with new data. The Bayesian approach was employed for identifying and localizing sensor failures, utilizing a Bayesian neural network with a 4–6–3 structure as the core of the developed system. A training algorithm for the Bayesian neural network was created, which estimates the prior distribution of network parameters through variational approximation, maximizes the evidence lower bound of direct likelihood instead, and updates parameters by calculating gradients of the log-likelihood and evidence lower bound, while adding regularization terms for warnings, distributions, and uncertainty estimates to interpret results. This approach ensures balanced data handling, effective training (achieving nearly 100% accuracy on both training and validation sets), and improved model understanding (with training losses not exceeding 2.5%). An example is provided that demonstrates solving the information restoration task in the event of a gas-generator rotor r.p.m. sensor failure in the TV3-117 helicopter turboshaft engine. The developed onboard neural network system implementing feasibility on a helicopter using the neuro-processor Intel Neural Compute Stick 2 has been analytically proven.
Бесплатно
User's Profile Replication Tree and On Demand Replica Update in Wireless Communication
Статья научная
Replication strategy is mostly useful for replicating the called mobile user's profile at selected locations where some caller mobile users have higher calling rate. It plays important role in personal communication services (PCS) in order to reduce call setup cost and call setup time. In prior replication schemes, replicated sites (visitor location registers) have no inter relationship. We have proposed a novel and innovative replication tree which is buildup from replicated VLRs (visitor location registers). VLRs are replicated based on effective replication probability of caller mobile user. Home location register (HLR) keeps update replica at root VLR in the replication tree and root VLR forwards update replica to a VLR in the replication tree on demand. The main objective of the proposed scheme is to reduce call setup time and call setup cost by enabling replication of called mobile user's location profile at certain visitor location registers (VLRs) where caller mobile user roams. We have presented analytical modeling which shows that setting inter-relationship among the replicated sites helps in further reducing the call setup cost.
Бесплатно
Using Adaptive Neuro-Fuzzy Inference System in Alert Management of Intrusion Detection Systems
Статья научная
By ever increase in using computer network and internet, using Intrusion Detection Systems (IDS) has been more important. Main problems of IDS are the number of generated alerts, alert failure as well as identifying the attack type of alerts. In this paper a system is proposed that uses Adaptive Neuro-Fuzzy Inference System to classify IDS alerts reducing false positive alerts and also identifying attack types of true positive ones. By the experimental results on DARPA KDD cup 98, the system can classify alerts, leading a reduction of false positive alerts considerably and identifying attack types of alerts in low slice of time.
Бесплатно
Using P systems to Solve the Discrete Logarithm Problem used in Diffie-Hellman Key Exchange Protocol
Статья научная
The discrete logarithm problem has been used as the basis of several cryptosystems, especially the Diffie- Hellman key exchange protocol. P systems are a cluster of distributed parallel computing devices in a biochemical type. This paper presents a P system with active membranes and strong priority to solve the discrete logarithm problem used in Diffie-Hellman key exchange protocol. To the best of our knowledge, it’s the first time to solve the problem using P systems.
Бесплатно
Using homomorphic cryptographic solutions on E-voting systems
Статья научная
Homomorphic Cryptography raised as a new solution used in electronic voting systems. In this research, Fully Homomorphic encryption used to design and implement an e-voting system. The purpose of the study is to examine the applicability of Fully Homomorphic encryption in real systems and to evaluate the performance of fully homomorphic encryption in e-voting systems. Most of homomorphic cryptography e-voting systems based on additive or multiplicative homomorphic encryption. In this research, fully homomorphic encryption used to provide both operations additive and multiplication, which ease the demonstration of none interactive zero-knowledge proof NIZKP. The proposed e-voting system achieved most of the important security issues of the internet-voting systems such as eligibility, privacy, accuracy, verifiability, fairness, and others. One of the most important properties of the implemented internet voting system its applicability to work on cloud infrastructure, while preserving its security characteristics. The implementation is done using homomorphic encryption library HELib. Addition and multiplication properties of fully homomorphic encryption were used to verify the correctness of vote structure as a NIZKP, and for calculating the results of the voting process in an encrypted way. The results show that the implemented internet voting system is secure and applicable for a large number of voters up to 10 million voters.
Бесплатно
Using progressive success probabilities for sound-pruned enumerations in BKZ algorithm
Статья научная
We introduce a new technique for BKZ reduction, which incorporated four improvements of BKZ 2.0 (including: sound pruning, preprocessing of local blocks, shorter enumeration radius and early-abortion). This algorithm is designed based on five claims which be verified strongly in experimental results. The main idea is that, similar to progressive BKZ which using decrement of enumeration cost after each sequence incremental reduction to augment the block size, we use the decrement of enumeration cost after each round of our algorithm to augment the success probability of bounding function. Also we discussed parallelization considerations in our technique.
Бесплатно
VLSI implementation of CMOS full adders with low leakage power
Статья научная
In this paper, we present two different methods to implement 1-bit full adder namely MTJ based full adder design also called MFA and Lector method based full adder design. These adders are designed and implemented using CADENCE Design Suite 6.1.6 Virtuoso ADE. The implemented design is verified using CADENCE ASSURA. The performance is measured for 45nm technology and a comparative analysis of transistor count; delay and power of the adders were performed. When compared with the previous MFA the proposed MFA overcomes the SEU error which is a result of body biasing. In Lector technique the transistor density is reduced by implementing the sum logic in terms of carry thus reducing the area. In order to attain the complete logic levels buffers are introduced at the sum and carry outputs of both Lector and MFA. The Lector method uses less number of transistors when compared with proposed MFA, but the proposed MFA is efficient because it achieves minimum power dissipation when compared to the Lector method.
Бесплатно
Validation of an adaptive risk-based access control model for the internet of things
Статья научная
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
Бесплатно
Variants of Energy Efficient Clustering Protocols for Wireless Sensor Networks
Статья научная
The energy resource-contrived is the most difficult aspect of WSN and that energy cannot be re-charged. When every sensor node is needed to move ahead the data packet to the sink node, the problem emerges there. Through unmoving, listening and retrans-mitting, the accessible energy in every node could be lost in this procedure because of collisions as well as over-hearing. Network topology management and energy min-imization is done due to Cluster-based WSN routing pro-tocols. In clustering in WSN, sensor nodes are sorted into little disjoint clusters, where every cluster has an organizer referred as CH. In this paper, energy efficient clustering techniques related to WSNs are discussed and com-parative analysis is also performed.
Бесплатно
Verification of cloud based information integration architecture using colored petri nets
Статья научная
Healthcare applications, such as patient record, patient – doctor mapping service, various disease symptoms etc. The major challenges is processing and integrating the real time data. Following-up with analyzing the data would involve moving the data in Data Lake to a Cloud to known about the status of the patient and for tracking purpose. In this research, we recommend a cloud based information integration framework using Data Lake in Cloud. This work extends the information integration architecture by designing with Data Lake in Cloud, using mathematical model (Petri Net) to verify architecture. This approach has the ability to scale up and down in real time data, and leading to efficient way of using data resources in the Cloud.
Бесплатно
