Pub Date : 2021-05-25DOI: 10.1504/IJICS.2021.115347
Waqas Haider, M. W. Nisar, T. Saba, Muhammad Sharif, Raja Umair Haider, Nadeem Muhammad Bilal, Muhammad Attique Khan
At present, governments and private business operations are highly dependent on relational data applications such as bank accounts, citizen registration, etc. These relational data dependent operations require reliable integrity protection while utilising the cloud computing storage infrastructure. Identification and recovery of stolen bits are a major assistance to the reliable integrity protection services for the sensitive relational data applications. To deal with the problems of detecting and recovering tampering in large relational data at minimum computational complexity, in this paper, N8WA (briefed in Section 2.1) coding-based scheme is presented. Overall the scheme is comprised of two cross functional modules. The first module is labelled as compact code generation using N8WA coding and code registration at registration module (RM). In the second module which is called accurate locating/restoring tampering, utilising the mismatching of different compact codes based on N8WA from RM, the major/minor tampered data is accurately located and restored. Investigational outcome indicates that the scheme ensures the computational complexity of O(n2) while minimum to maximum alterations is accurately localised and restored successfully.
{"title":"A complexity reduced and reliable integrity protection for large relational data over clouds","authors":"Waqas Haider, M. W. Nisar, T. Saba, Muhammad Sharif, Raja Umair Haider, Nadeem Muhammad Bilal, Muhammad Attique Khan","doi":"10.1504/IJICS.2021.115347","DOIUrl":"https://doi.org/10.1504/IJICS.2021.115347","url":null,"abstract":"At present, governments and private business operations are highly dependent on relational data applications such as bank accounts, citizen registration, etc. These relational data dependent operations require reliable integrity protection while utilising the cloud computing storage infrastructure. Identification and recovery of stolen bits are a major assistance to the reliable integrity protection services for the sensitive relational data applications. To deal with the problems of detecting and recovering tampering in large relational data at minimum computational complexity, in this paper, N8WA (briefed in Section 2.1) coding-based scheme is presented. Overall the scheme is comprised of two cross functional modules. The first module is labelled as compact code generation using N8WA coding and code registration at registration module (RM). In the second module which is called accurate locating/restoring tampering, utilising the mismatching of different compact codes based on N8WA from RM, the major/minor tampered data is accurately located and restored. Investigational outcome indicates that the scheme ensures the computational complexity of O(n2) while minimum to maximum alterations is accurately localised and restored successfully.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123313974","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-05-25DOI: 10.1504/IJICS.2021.10037934
Aafaf Ouaddah, Badr Bellaj
In this paper, we explore access control area as one of the most crucial aspect of security and privacy in IoT. Actually, conventional security and privacy solutions tend to be less tailored for IoT. Then, designing a distributed access control with user-driven approach and privacy-preserving awareness in an IoT environment is of paramount importance. In this direction, we have investigated in our previous work a new way to build a distributed access control framework based on the blockchain technology through our proposed framework, FairAccess. The first version of FairAccess was based on the Bitcoin's UTXO model. However, this version presented limitations in expressing more granular access control policies. To tackle this issue, this paper upgrades the proposed framework to FairAccess2.0 that uses SmartContract concept instead of the locking/unlocking scripts. Thus, we show a possible working implementation based on ABAC policies, deployed on the ethereum blockchain. The obtained results show the efficiency of FairAccess2.0 and its compatibility with a wide range of existing access control models mainly the ABAC model. Finally, a performance and cost evaluation, discussion and future work are elaborated.
{"title":"FairAccess2.0: a smart contract-based authorisation framework for enabling granular access control in IoT","authors":"Aafaf Ouaddah, Badr Bellaj","doi":"10.1504/IJICS.2021.10037934","DOIUrl":"https://doi.org/10.1504/IJICS.2021.10037934","url":null,"abstract":"In this paper, we explore access control area as one of the most crucial aspect of security and privacy in IoT. Actually, conventional security and privacy solutions tend to be less tailored for IoT. Then, designing a distributed access control with user-driven approach and privacy-preserving awareness in an IoT environment is of paramount importance. In this direction, we have investigated in our previous work a new way to build a distributed access control framework based on the blockchain technology through our proposed framework, FairAccess. The first version of FairAccess was based on the Bitcoin's UTXO model. However, this version presented limitations in expressing more granular access control policies. To tackle this issue, this paper upgrades the proposed framework to FairAccess2.0 that uses SmartContract concept instead of the locking/unlocking scripts. Thus, we show a possible working implementation based on ABAC policies, deployed on the ethereum blockchain. The obtained results show the efficiency of FairAccess2.0 and its compatibility with a wide range of existing access control models mainly the ABAC model. Finally, a performance and cost evaluation, discussion and future work are elaborated.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125721327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-04-21DOI: 10.1504/IJICS.2021.10037247
Nanyuan Cao, Z. Cao, Xiaolei Dong, Haijiang Wang
Kakvi and Kiltz (EUROCRYPT'12) proposed the first tight security reduction for RSA full domain hash signature scheme (RSA-FDH) with public exponent e < N1/4 in the random oracle (RO) model, and they left an open problem which called for a tightly secure RSA-FDH for N1/4 < e < N. In this paper, we consider the improved RSA (iRSA) trapdoor functions, introduced by Cao (Science in China'01), are functions that the security can be strictly proved to be equivalent to the factoring. We show that iRSA-FDH has a tight security reduction for e < N. Technically we construct iRSA lossy trapdoor functions, and then we apply the lossiness of the iRSA trapdoor functions to obtain tight security reductions for iRSA-FDH in the RO model. Finally, we propose a tightly secure blind signature scheme based on our iRSA lossy trapdoor functions in the RO model.
{"title":"Improved RSA lossy trapdoor function and applications","authors":"Nanyuan Cao, Z. Cao, Xiaolei Dong, Haijiang Wang","doi":"10.1504/IJICS.2021.10037247","DOIUrl":"https://doi.org/10.1504/IJICS.2021.10037247","url":null,"abstract":"Kakvi and Kiltz (EUROCRYPT'12) proposed the first tight security reduction for RSA full domain hash signature scheme (RSA-FDH) with public exponent e < N1/4 in the random oracle (RO) model, and they left an open problem which called for a tightly secure RSA-FDH for N1/4 < e < N. In this paper, we consider the improved RSA (iRSA) trapdoor functions, introduced by Cao (Science in China'01), are functions that the security can be strictly proved to be equivalent to the factoring. We show that iRSA-FDH has a tight security reduction for e < N. Technically we construct iRSA lossy trapdoor functions, and then we apply the lossiness of the iRSA trapdoor functions to obtain tight security reductions for iRSA-FDH in the RO model. Finally, we propose a tightly secure blind signature scheme based on our iRSA lossy trapdoor functions in the RO model.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114280203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-02-15DOI: 10.1504/IJICS.2021.10035242
Ayoub Amrani, N. Rafalia, J. Abouchabaka
Multi-agent system (MAS) appears as a solution to satisfy the requirement of intelligence in distributed system, this paradigm also accepts distribution and networking as a basic concept. MAS is a system which there is an agent that can act autonomously with intelligent behaviour and can solve complex problem. Mobility is a property of agent which allows him to move from one node to another to achieve their goal. Researchers in different fields have been attracted by systems based on mobile agent, because of the pro-active aspects and the autonomous tasks of the agent. Unfortunately the security of mobile agents is very difficult, especially when it comes to secure an entity that migrates from one platform to another across the network, and which must be executed correctly and safely on the hosting platform. In this paper we will focus on the security aspect of a mobile agent from one platform to another, by introducing a new approach based on cryptographic mechanisms. This approach involves the Amrani et al.'s protocol to get a session key, to guarantee a mutual authentication and the confidentiality of data exchanged, as well as a binary serialisation to ensure the mobility of the agent across the network.
{"title":"Mobile agent security using Amrani et al.'s protocol and binary serialisation","authors":"Ayoub Amrani, N. Rafalia, J. Abouchabaka","doi":"10.1504/IJICS.2021.10035242","DOIUrl":"https://doi.org/10.1504/IJICS.2021.10035242","url":null,"abstract":"Multi-agent system (MAS) appears as a solution to satisfy the requirement of intelligence in distributed system, this paradigm also accepts distribution and networking as a basic concept. MAS is a system which there is an agent that can act autonomously with intelligent behaviour and can solve complex problem. Mobility is a property of agent which allows him to move from one node to another to achieve their goal. Researchers in different fields have been attracted by systems based on mobile agent, because of the pro-active aspects and the autonomous tasks of the agent. Unfortunately the security of mobile agents is very difficult, especially when it comes to secure an entity that migrates from one platform to another across the network, and which must be executed correctly and safely on the hosting platform. In this paper we will focus on the security aspect of a mobile agent from one platform to another, by introducing a new approach based on cryptographic mechanisms. This approach involves the Amrani et al.'s protocol to get a session key, to guarantee a mutual authentication and the confidentiality of data exchanged, as well as a binary serialisation to ensure the mobility of the agent across the network.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133722138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-02-15DOI: 10.1504/IJICS.2021.113174
Vlera Alimehaj, Arbnor Halili, R. Dervishi, Vehbi Neziri, Blerim Rexha
Digitalisation of public services has already changed the way how we interact with government. The electronic signature, based on public key cryptography, has strengthened the trust towards this transformation. With the recent appearance of the electronic seal, this digital transformation is complete. The new European Union regulation for electronic identification, authentication and trust services (eIDAS) has repealed the old directive and provides a regulatory environment. In the meantime, a novel technology based on cryptography rose as an alternative to fulfil these objectives - the blockchain. This paper, analyses the properties of the electronic seal, based on eIDAS regulation, with and without blockchain technology. The developed application uses local X.509 digital certificates and the multichain platform for the creation and deployment of private blockchains. At the end of the paper, an overview of this comparison is provided, using different documents, pointing out the pros and cons of each technology.
{"title":"Analysing and comparing the digital seal according to eIDAS regulation with and without blockchain technology","authors":"Vlera Alimehaj, Arbnor Halili, R. Dervishi, Vehbi Neziri, Blerim Rexha","doi":"10.1504/IJICS.2021.113174","DOIUrl":"https://doi.org/10.1504/IJICS.2021.113174","url":null,"abstract":"Digitalisation of public services has already changed the way how we interact with government. The electronic signature, based on public key cryptography, has strengthened the trust towards this transformation. With the recent appearance of the electronic seal, this digital transformation is complete. The new European Union regulation for electronic identification, authentication and trust services (eIDAS) has repealed the old directive and provides a regulatory environment. In the meantime, a novel technology based on cryptography rose as an alternative to fulfil these objectives - the blockchain. This paper, analyses the properties of the electronic seal, based on eIDAS regulation, with and without blockchain technology. The developed application uses local X.509 digital certificates and the multichain platform for the creation and deployment of private blockchains. At the end of the paper, an overview of this comparison is provided, using different documents, pointing out the pros and cons of each technology.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"201 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132724312","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The intimidating challenge is practice of data mining (DM) over the streams of data because of its continuous data streaming. On the data streams, the practices of mining should be performed on cluster of streamed records in specified interval of time. The representation of window is the buffered records set which might be dynamic or static in the size. When compared with other practices of mining, the 'frequent pattern mining' on the streams of data are crucial. This occurs because, for predicting the pattern frequency, many of the existing methods repeatedly scan entire buffered transactions. This denotes the intricacy of procedure and overhead of memory. This paper proposes novel DM algorithms in particular for identifying the frequent patterns from indefinite data streams which scans every window once, therefore windows buffered records is pruned that evades computational and memory overhead. 'Unifold mining model for pattern discovery from streaming data' is the contribution of this paper. The outperformance of UMM when compared with other contemporary models is represented by crucial assessment of algorithm and optimisation schemes.
{"title":"Secure and unifold mining model for pattern discovery from streaming data","authors":"Sreenivasa Rao Annaluri, Venkata Ramana Attili, Kalli Srinivasa Nageswara Prasad","doi":"10.1504/IJICS.2021.113170","DOIUrl":"https://doi.org/10.1504/IJICS.2021.113170","url":null,"abstract":"The intimidating challenge is practice of data mining (DM) over the streams of data because of its continuous data streaming. On the data streams, the practices of mining should be performed on cluster of streamed records in specified interval of time. The representation of window is the buffered records set which might be dynamic or static in the size. When compared with other practices of mining, the 'frequent pattern mining' on the streams of data are crucial. This occurs because, for predicting the pattern frequency, many of the existing methods repeatedly scan entire buffered transactions. This denotes the intricacy of procedure and overhead of memory. This paper proposes novel DM algorithms in particular for identifying the frequent patterns from indefinite data streams which scans every window once, therefore windows buffered records is pruned that evades computational and memory overhead. 'Unifold mining model for pattern discovery from streaming data' is the contribution of this paper. The outperformance of UMM when compared with other contemporary models is represented by crucial assessment of algorithm and optimisation schemes.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123353280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-02-15DOI: 10.1504/IJICS.2021.113172
V. P. Saradi, P. Kailasapathi
Scarcity in radio frequency spectrum has increased the demands for alternate sources of communication medium out which visible light communication (VLC) is quite notable. VLC works by exploiting the abundance in availability of light as an effective means of communication medium. This principle known as Li-Fi or light fidelity conveys information in the form of light pulses modulated with information signals collected by a suitable detector. The objective of this research article is to ensure a secured wireless communication channel using light as the medium. Communication through a wireless medium necessitates appropriate security mechanisms for data being transmitted. In the proposed work, a binary encryption algorithm (BEA) has been tested in a multi-node environment using a mobile robotic vehicle. Data transmitted through the medium contain instructions to navigate the motion of the vehicle. The algorithm simple yet powerful with precise encryption observed from the results.
{"title":"A novel binary encryption algorithm for navigation control of robotic vehicles through visible light communication","authors":"V. P. Saradi, P. Kailasapathi","doi":"10.1504/IJICS.2021.113172","DOIUrl":"https://doi.org/10.1504/IJICS.2021.113172","url":null,"abstract":"Scarcity in radio frequency spectrum has increased the demands for alternate sources of communication medium out which visible light communication (VLC) is quite notable. VLC works by exploiting the abundance in availability of light as an effective means of communication medium. This principle known as Li-Fi or light fidelity conveys information in the form of light pulses modulated with information signals collected by a suitable detector. The objective of this research article is to ensure a secured wireless communication channel using light as the medium. Communication through a wireless medium necessitates appropriate security mechanisms for data being transmitted. In the proposed work, a binary encryption algorithm (BEA) has been tested in a multi-node environment using a mobile robotic vehicle. Data transmitted through the medium contain instructions to navigate the motion of the vehicle. The algorithm simple yet powerful with precise encryption observed from the results.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132475872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-02-15DOI: 10.1504/IJICS.2021.113169
K. V. Raghavender, P. Premchand
DDoS attack detection is the process of finding the attacks happening on a network that causes continues packet drops or losses. Accurate detection of DDoS is the most complex task due to varying network traffic traces and patterns. This is resolved in our previous work by introducing the method namely bandwidth flooding attack detection method. However, this method failed to perform better with varying traffic patterns and traces. This is resolved in this research work by introducing the method namely hybrid ARIMA-SWGARCH model whose main goal is to detection DDoS attacks by analysing the varying measured network traffic. Here initially normalisation of measure network patterns is done by using the Box-Cox transformation. And then the white test is performed to finding the heteroscedasticity characteristics of time series of traffic patterns. And then the hybrid ARIMA-SWAGARCH model is applied to efficiently detect the DDoS attacks happening on the network. The overall evaluation of this method is conducted in the MATLAB simulation environment from which it is proved that the proposed research method can ensure the optimal and reliable detection of DDoS attacks happening on the network.
{"title":"Accurate and reliable detection of DDoS attacks based on ARIMA-SWGARCH model","authors":"K. V. Raghavender, P. Premchand","doi":"10.1504/IJICS.2021.113169","DOIUrl":"https://doi.org/10.1504/IJICS.2021.113169","url":null,"abstract":"DDoS attack detection is the process of finding the attacks happening on a network that causes continues packet drops or losses. Accurate detection of DDoS is the most complex task due to varying network traffic traces and patterns. This is resolved in our previous work by introducing the method namely bandwidth flooding attack detection method. However, this method failed to perform better with varying traffic patterns and traces. This is resolved in this research work by introducing the method namely hybrid ARIMA-SWGARCH model whose main goal is to detection DDoS attacks by analysing the varying measured network traffic. Here initially normalisation of measure network patterns is done by using the Box-Cox transformation. And then the white test is performed to finding the heteroscedasticity characteristics of time series of traffic patterns. And then the hybrid ARIMA-SWAGARCH model is applied to efficiently detect the DDoS attacks happening on the network. The overall evaluation of this method is conducted in the MATLAB simulation environment from which it is proved that the proposed research method can ensure the optimal and reliable detection of DDoS attacks happening on the network.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129576368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-02-15DOI: 10.1504/IJICS.2021.113171
K. Sathish, Kamakshaiah Kolli
The smart technology development being an entailment to have an improved quality of living under clean environment, with enhanced social, economic development, public safety and efficient governing would be made possible by the cloud computing, that pillars the smart planning with enhanced decision making and service provisioning. The smart developments must be well planned with the sustainable wireless cloud and should be supported by evaluating, analysing and synthesising to manage with the enormous data flow from diverse fields. This dataflow management that is subjected to threats causing data loss and data mishandling is efficiently prevented by the preventive measures undertaken in the proposed system of security assurance to regulate continuous data transmission to permitted users with authentication, encryption and decryption. The proposed system is validated in CloudSim with regard to throughput and delay to ensure the systems reliability and timely perfect delivery.
{"title":"Sustainable wireless clouds with security assurance","authors":"K. Sathish, Kamakshaiah Kolli","doi":"10.1504/IJICS.2021.113171","DOIUrl":"https://doi.org/10.1504/IJICS.2021.113171","url":null,"abstract":"The smart technology development being an entailment to have an improved quality of living under clean environment, with enhanced social, economic development, public safety and efficient governing would be made possible by the cloud computing, that pillars the smart planning with enhanced decision making and service provisioning. The smart developments must be well planned with the sustainable wireless cloud and should be supported by evaluating, analysing and synthesising to manage with the enormous data flow from diverse fields. This dataflow management that is subjected to threats causing data loss and data mishandling is efficiently prevented by the preventive measures undertaken in the proposed system of security assurance to regulate continuous data transmission to permitted users with authentication, encryption and decryption. The proposed system is validated in CloudSim with regard to throughput and delay to ensure the systems reliability and timely perfect delivery.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129619174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-04-30DOI: 10.1504/ijics.2020.108849
A. Al-Ahmad, S. A. Aljunid, N. K. Ismail
Mobile cloud computing (MCC) is a promising technology due to its features that mitigate mobile computing limitations and enhances cloud services. However, penetration testing is more challenging when conducted on MCC applications. These applications use offloading, and thus another layer of complexity in generating, selecting and executing test cases, which implies and requires an MCC applications penetration testing offloading-awareness model. To overcome these challenges, a penetration testing model for mobile cloud computing applications is designed. This model defines the process of penetration testing over MCC applications including penetration test preparation, test case generation, selection and execution processes. Key components of this offloading-awareness model are state management and mobile agent while other components are adapted from previous penetration testing models for the web, cloud or mobile applications. This model will enable penetration testers to tackle the mobile cloud computing complexity and uniqueness. Currently, we are preparing the evaluation of the model against these MCC applications.
{"title":"Mobile cloud computing applications penetration testing model design","authors":"A. Al-Ahmad, S. A. Aljunid, N. K. Ismail","doi":"10.1504/ijics.2020.108849","DOIUrl":"https://doi.org/10.1504/ijics.2020.108849","url":null,"abstract":"Mobile cloud computing (MCC) is a promising technology due to its features that mitigate mobile computing limitations and enhances cloud services. However, penetration testing is more challenging when conducted on MCC applications. These applications use offloading, and thus another layer of complexity in generating, selecting and executing test cases, which implies and requires an MCC applications penetration testing offloading-awareness model. To overcome these challenges, a penetration testing model for mobile cloud computing applications is designed. This model defines the process of penetration testing over MCC applications including penetration test preparation, test case generation, selection and execution processes. Key components of this offloading-awareness model are state management and mobile agent while other components are adapted from previous penetration testing models for the web, cloud or mobile applications. This model will enable penetration testers to tackle the mobile cloud computing complexity and uniqueness. Currently, we are preparing the evaluation of the model against these MCC applications.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"147 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129575009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: