Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1110
A Secure Method for Network Coding-based Reprogramming Protocols in Wireless Sensor Networks
Статья научная
Reprogramming protocols provide a convenient way to update program images via wireless communication. In hostile environments where there may be malicious attacks against wireless sensor networks, the process of reprogramming faces threats from potentially compromised nodes. While existing solutions can provide authentication services, they are insufficient for a new generation of network coding-based reprogramming protocols in wireless sensor networks. We present a security approach that is able to defend pollution attack against reprogramming protocols based on network coding. It employs a homomorphic hashing function and an identity-based aggregate signature to allow sensor nodes to check packets on-the-fly before they accept incoming encoded packets, and introduces an efficient mechanism to reduce the computation overhead at each node and to eliminate bad packets quickly. Castalia simulations show that when the 5% of the nodes in a network of 100 nodes are rogue, using our approach, the efficiency of the secure reprogramming protocol based on network coding improves almost ten-fold for a checking probability of 2%.
Бесплатно
A Secure VM Placement Strategy to Defend against Co-residence Attack in Cloud Datacentres
Статья научная
With the increasing number of co-residence attacks, the security of the multi-tenant public IaaS cloud environment has become a growing concern. The co-residence attacker creates a side channel to retrieve the secured data. These attacks help the adversary to leak out the sensitive information of the user with whom it is co-located. This paper discusses a secured VM placement technique, Previous Server and Co-resident users First (PSCF), which focuses on facilitating security against the co-residence attack by minimizing the probability of co-locating the malicious user with the authentic user. Co-location resistance and core utilization metrics are utilized to evaluate the algorithm’s performance. The proposed method is simulated, and the result is analysed and compared with existing approaches like Best Fit, Worst Fit, PSSF, and SC-PSSF. It is observed that the proposed approach furnished maximum co-location resistance of 74.32% and a core utilization of 82.63%. Further, the algorithm has shown significant performance in balancing the load and energy consumption. The result has reduced the probability that malicious users co-located with the authentic one, thus reducing the security breach of confidential information.
Бесплатно
Статья научная
The huge availability and prosperity of net technology results in raised on-line media sharing over the cloud platform which has become one of the important resources and tools for development in our societies. So, in the epoch of enormous data great amount of sensitive information and transmission of different media transmitted over the net for communication. And recently, fog computing has captured the world's attention due to their inherent features relevant compared to the cloud domain, But this push to head for many issues related to data security and privacy in fog computing which it's still under studied in their initial juncture. Therefore, in this paper, we will review a security system that relies on encryption as a kind of effective solution to secure image data. We use an approach of using chaotic map plus space curve techniques moreover the confusion and diffusion strategies are carried out utilizing Hilbert curvature and chaotic map such as two-dimensional Henon map (2D-HM) to assert image confusion with pixel level permutation .Also we relied in our system the way of shuffling the image with blocks and use a key for each block, which is chooses randomly to have a high degree of security. The efficiency of the proposed technique has been tested utilizing different investigations like analysis of entropy [7.9993], NPCR [99.6908%] and finally UACI [33.6247%]. Analysis of results revealed that the proposed system of image encryption technique has favorable effects, and can achieve a good results moreover it fights different attacks and by comparing with another techniques denote that our proposed fulfills high security level with high quality.
Бесплатно
Статья научная
In this paper, a chaotic image encryption scheme with an efficient permutation–diffusion mechanism is constructed, where six generalized Bernoulli shift maps and one six-dimensional Arnold map are utilized to generate one hybrid chaotic orbit applied to disorder the pixel positions in the permutation process while four generalized Bernoulli shift maps and one Arnold map are employed to yield two random gray value sequences to change the gray values by a two-way diffusion process. Several merits of the proposed image encryption scheme are achieved, including a huge key space, good statistical properties resisting statistical attack and differential attack, desirable robustness against malicious attacks on cipher-images, such as cropping, noising, JPEG compression, etc. Experimental results have been carried out with detailed analysis to show that the proposed scheme can be a potential candidate for practical image encryption.
Бесплатно
A Semantic Context-Based Model for MobileWeb Services Access Control
Статья научная
As mobile web services becomes more pervasive, applications based on mobile web services will need flexible access control mechanisms. Unlike traditional approaches based on the identity or role for access control, access decisions for these applications will depend on the combination of the required attributes of users and the contextual information. This paper proposes a semantic context-based access control model (called SCBAC) to be applied in mobile web services environment by combining semantic web technologies with context-based access control mechanism. The proposed model is a context-centric access control solutions, context is the first-class principle that explicitly guides both policy specification and enforcement process. In order to handle context information in the model, this paper proposes a context ontology to represent contextual information and employ it in the inference engine. As well as, this paper specifies access control policies as rules over ontologies representing the concepts introduced in the SCBAC model, and uses semantic web rule language (SWRL) to form policy rule and infer those rules by JESS inference engine. The proposed model can also be applied to context-aware applications.
Бесплатно
A Smart and Generic Secured Storage Model for Web based Systems
Статья научная
Nowadays, Recent developments shows that, Cloud computing is a milestone in delivering IT services based on the Internet. Storage as a Service is a type of business model which rents storage space for smaller companies or even for individuals. The vendors are targeting secondary storage by promoting this service which allows a convenient way of managing backups instead of maintaining a large tape library. The key advantage of using Storage service is cost savings of hardware and physical storage spaces. In securing Storage as a Service model, there is a need for a middleware to monitor the data transmission among cloud storage and various clients. The objective of the system aims at developing a smart and integrated dynamic secured storage model which acts as a middleware in supporting all the primary security goals such as confidentiality, data integrity, and accountability. This proposed model will provide secured data dynamics, access controls and auditability. The secured data dynamics is done by Boneh Franklin-Identity Based Cryptography. This model enhances the accounting model in adding indexing policies and provides security in the audit logs through password based cryptography along with AES. This is a generic middleware assisting the basic security features for any cloud environment, so that it can be equipped for any type of system. The main advantage of the proposed system is to reduce the time complexity in encryption and decryption process and also to provide higher degree of security. We also leveraged the implementation of this middleware in a mail server environment with drive option which poses file storage and enables file sharing among the drive users.
Бесплатно
Статья научная
To enhance the performance of the KASUMI Metamorphic Cipher, we apply a lightweight Metamorphic Structure. The proposed structure uses four lightweight bit-balanced operations in the function Meta-FO of the KASUMI Metamorphic Cipher. These operations are: XOR, INV, XNOR, and NOP for bitwise XOR, invert, XNOR, and no operation respectively building blocks of the Specialized Crypto Logic Unit (SCLU). In this work, we present a lightweight KASUMI Specialized-Metamorphic Cipher. In addition, we provide a Field Programmable Gate Array (FPGA) implementation of the proposed algorithm modification.
Бесплатно
A Stable Backbone-Based on Demand Multipath Routing Protocol for Wireless Mobile Ad Hoc Networks
Статья научная
In mobile ad hoc networks (MANETs), high node mobility leads to frequent link breaks and creates complexities in route discovery, this effect on the quality of service (QoS) and degrades the systems performance. So, providing a high quality communication using stable links among mobile nodes is a challenging issue in MANETs. Existing stability based routing algorithms initiate estimation of route stability metrics during the routing process, results in increased delay and overhead. In order to overcome these issues, in this paper, we construct a stable backbone-based multipath routing protocol (SBMRP). Initially, the nodes with high residual bandwidth, residual power, link quality and low mobility are designated as candidate nodes. Then multiple paths are established between source and destination through these candidate nodes, thus forming a routing backbone. If any candidate node in the path tend to fail due to lack of bandwidth, energy or link quality, alternate path through other candidate node is established before path breaks. Proposed routing scheme has been compared with other three existing protocols: AODV, AOMDV and RSQR. The protocol performance has been evaluated in terms of packet delivery ratio, normalized routing load, delay and packet drop ratio.
Бесплатно
A Study of Half-Duplex Asymmetric Two-Way Decode-and-Forward Relaying Using Relay Selection
Статья научная
This paper examines the information theoretic metric of outage probability for a decode-and-forward (DF) based asymmetric two-way relay transmission (i.e. the two source terminals have different target rates). We first characterize the achievable rate region of a conventional three-node network. After that the conventional three-node scenario is analyzed in terms of outage probability and the corresponding closed-from expressions are developed over Rayleigh fading channels. Moreover, in order to make a good use of the available diversity degrees of the channel, opportunistic relay selection are considered for multi-relay networks. Two significant relay selection strategies, i.e., the max-min and max-sum policies are studied and analyzed in terms of outage probability and diversity gain from the viewpoint of asymmetric traffics. Furthermore, a single-criterion based relay selection policy is proposed, which only uses the harmonic mean of the two-hop squared link strengths, thus in contrast to the hybrid scheme no additional overhead is required during the relay selection process. Numerical experiments are done and outage performance comparisons are conducted. Our results show that the proposed policy is an efficient and appropriate method to implement relay selection and can achieve significant performance gains in terms of outage probability regardless of the symmetry and asymmetry of the traffics and channels. Moreover, the simulation results also validate the accuracy of our derived expressions.
Бесплатно
A Study of Hyperelliptic Curves in Cryptography
Статья научная
Elliptic curves are some specific type of curves known as hyper elliptic curves. Compared to the integer factorization problem(IFP) based systems, using elliptic curve based cryptography will significantly decrease key size of the encryption. Therefore, application of this type of cryptography in systems that need high security and smaller key size has found great attention. Hyperelliptic curves help to make key length shorter. Many investigations are done with regard to improving computations, hardware and software implementation of these curves, their security and resistance against attacks. This paper studies and analyzes researches done about security and efficiency of hyperelliptic curves.
Бесплатно
A Study on Contributory Group Key Agreements for Mobile Ad Hoc Networks
Статья научная
Wireless networks, in particular Mobile Ad hoc Networks (MANETs) have revolutionized the field of networking with increasing number of their commercial and military applications. Security on the other hand, is now an essential requirement for these applications. However, the limitations of the dynamic, infrastructure-less nature of MANETs impose major difficulties in establishing a secure framework suitable for such services. Security for MANETs is a dynamic area of research. Most of the traditional routing protocols proposed for MANETs are focused on routing only not on the security aspects. As in traditional wired networks, wireless networks also require security. Unlike the wired networks, where dedicated routers, servers control the network, in MANETs nodes act both as terminals and also as routers for other nodes. A popular mechanism to satisfy the security requirements is the Group Key Management in which the group key is to be shared by each group communication participant. But to establish and manage the group key efficiently imposes new challenges – especially in infrastructure less MANETs. The basic needs of such networks require that the group key schemes must demonstrate not only high performance but also fault-tolerance.
Бесплатно
Статья научная
In a Mobile Ad hoc Network (MANET), mobile nodes play multiple roles as hosts and routers and are dynamically changing multi-hop structures. MANET consists only of wireless nodes with limit processing power, and routing and data transfer are performed through cooperation with each other. It is exposed to many attack threats due to the dynamic topology by the movement of the nodes and the characteristic of multi-hop communication. Therefore, in MANET, a technique that can detect effectively must be applied while detecting malicious nodes and reducing the impact of various attacks. In this paper, we propose an trust based authentication technique for nodes and a distributed monitoring technique to improve the detection performance of malicious nodes. The hierarchical cluster structure was used to improve authentication of nodes and detection performance and management efficiency of malicious nodes. A lightweight authentication technique of member nodes in the cluster was applied and the efficiency of node authentication was improved. It was used to determine whether it was an attack node by transmitting traffic monitoring information for neighbor nodes to CA and using. In addition, the efficient authentication technique using only key exchange without anyone's help was applied in order to provide integrity when exchanging information between cluster heads. Through this, it was possible to be free from trust information about nodes and forgery and falsification of information about attack nodes. The superiority of the technique proposed in this paper was confirmed through comparative experiments with the existing intrusion detection technique.
Бесплатно
A Survey of Adaptive Gateway Discovery Mechanisms in Heterogeneous Networks
Статья научная
The communication range of devices within a mobile ad hoc network is inherently restricted. One way of enhancing the communication range of a mobile ad hoc network, is to interconnect it to a wired network like the internet, thus forming a heterogeneous wired cum wireless network. This interconnection also enables mobile nodes to access internet services, and is achieved through gateways. Mobile nodes in the ad hoc network need to discover and register with a gateway in order to obtain Internet connectivity. Gateway discovery mechanisms called proactive, reactive and hybrid exist to enable mobile nodes to register with internet gateways. In the recent times, few optimizations have been proposed to the existing gateway discovery mechanisms in order to make gateway discovery by mobile nodes efficient. In this paper, we present a detailed survey of the state of the art in gateway discovery and selection mechanisms.
Бесплатно
A Survey of Applications and Security Issues in Software Defined Networking
Статья научная
With increasing number of mobile phones and smart devices, it has become hard to manage the networks proactively as well as reactively. Software Defined Networking (SDN) is an emerging technology that promises to solve majority of the challenges faced by the networks in current times. SDN is based on decoupling of data plane and control plane. SDN has a generalized control plane for all networking devices of the network which makes it simple and easy to configure devices on the fly. This paper surveys how Software Defined Networks evolved to be one of the most preferred technology of contemporary times. The architecture and working of all the planes of SDN have been discussed. SDN finds application in variety of areas, some of which have been highlighted in this paper. SDN faces many security threats in each of its planes. The major security challenges are also presented in detail at the end of the paper.
Бесплатно
A Survey on Graph Queries Processing: Techniques and Methods
Статья научная
Graphs are widely used to model complicated structures and link them with each other. Some of such structures are XML documents, social networks, and computer networks. Information and model extraction from graph databases is a graph mining process. Efficient query search in graph databases, known as query processing, is one of the heated debates in the field of graph mining. One of the query processing techniques is sequential search over the whole dataset and isomorphism test on all sub-graphs in the database, which is not an optimal technique as to response time and storage. This problem brought in the issues of indexing graph databases to improve query processing performance. As the method implies, part of the database where the answer is expected to be found there is pruned and the number of needed isomorphism tests decreases. It might not be easy to compare the methods and techniques of graph query techniques as different techniques have different objectives. For instance, similarity search techniques reduce query time, while they cannot compete with exact matching techniques as to accuracy and vice versa. Input data volume might be also effective on query time as with immense datasets, similarity search techniques are more preferred than exact matching techniques. The present study is a survey of graph query processing techniques with emphasis on similarity search and exact matching.
Бесплатно
Статья научная
RC4 is one of the most widely used stream cipher due to its simplicity, speed and efficiency. In this paper we have presented a chronological survey of RC4 stream cipher demonstrating its weaknesses followed by the various RC4 enhancements from the literature. From the recently observed cryptanalytic attempts on RC4 it is established that innovative research efforts are required to develop secure RC4 algorithm, which can remove the weaknesses of RC4, such as biased bytes, key collisions, and key recovery attacks specifically on WEP and WPA. These flaws in RC4 are offering open challenge for developers. Hence our chronological survey corroborates the fact that even though researchers are working on RC4 stream cipher since last two decades, it still offers a plethora of research issues related to statistical weaknesses in either state or keystream.
Бесплатно
A Survey: Recent Advances and Future Trends in Honeypot Research
Статья научная
This paper presents a survey on recent advances in honeypot research from a review of 80+ papers on honeypots and related topics mostly published after year 2005. This paper summarizes 60 papers that had significant contribution to the field. In reviewing the literature, it became apparent that the research can be broken down into five major areas: new types of honeypots to cope with emergent new security threats, utilizing honeypot output data to improve the accuracy in threat detections, configuring honeypots to reduce the cost of maintaining honeypots as well as to improve the accuracy in threat detections, counteracting honeypot detections by attackers, and legal and ethical issues in using honeypots. Our literature reviews indicate that the advances in the first four areas reflect the recent changes in our networking environments, such as those in user demography and the ways those diverse users use new applications. Our literature reviews on legal and ethical issues in using honeypots reveals that there has not been widely accepted agreement on the legal and ethical issues about honeypots, which must be an important agenda in future honeypot research.
Бесплатно
A Throughput and Spectrum Aware Fuzzy Logic Based Routing Protocol for CRN
Статья научная
Cognitive Radio has been considered a key technology in the future wireless communication. These radio networks with their spectrum sensing capability have become one of the most reliable wireless communication networks. Basically, these networks employ two types of users PU's (Primary Users) having licensed frequency band for their usage and SU's (Secondary Users) that can intelligently detect which communication channels are available and move into vacant ones while avoiding occupied ones. To have communication among these users, a routing protocol is used whose basic purpose is to provide a reliable route from source to destination. An important parameter while designing a routing strategy is the consideration of overall throughput of path. In this paper we consider the same to find the most optimal throughput path using fuzzy logic theory. MATLAB-7.01 is used for implementation and results show that our proposed scheme outperforms shortest spectrum aware routing scheme in every aspect.
Бесплатно
A Two-Phase Constructive Heuristic for Minimum Energy Broadcasting in Wireless Ad Hoc Networks
Статья научная
Wireless ad hoc networks are usually composed of autonomous nodes, which are powered by batteries only. The energy-efficiency is perhaps one of the most important factors for each operation in terms of networks. Broadcast, for example, is one of the fundamental operations in modern telecom networks. In this paper a broadcast tree, which is rooted at a source and spans all the destination nodes, has been constructed in a way that the total transmission energy consumption is minimized. This paper describes two polynomial-time heuristics for the energy-efficient broadcasting in static ad hoc wireless networks. Both of the developed approaches are on the basis of a fuzzy greedy evaluation function, which prioritize the network nodes. According to the prioritized order of the nodes, each new node is selected for incorporation in the construction of a solution. Computational experiments indicate that our algorithms improve the well-known Broadcast Link-based Minimum Spanning Tree (BLiMST) and Broadcast Least-Unicast-cost (BLU) heuristics. It will be seen that the BLiMST and the BLU methods are a special case of our more general heuristics.
Бесплатно
A WMPLS Based Multicast Mechanism in Mobile Ad hoc Network
Статья научная
Merging MPLS into multicast routing protocol in Mobile Ad hoc network is an elegant method to enhance the network performance and an efficient solution for multicast scalability and control overhead problems. Based on the Wireless MPLS technology, the mechanism and evaluation of a new multicast protocol, the Label Switching Multicast Routing Protocol (LSMRP) is presented in this paper.
Бесплатно
