Pub Date : 2023-03-30DOI: 10.5121/ijcis.2023.13101
Forrest McKee, David Noever
This study explores cybersecurity questions using a question-and-answer format with the advanced ChatGPT model from OpenAI. Unlike previous chatbots, ChatGPT demonstrates an enhanced understanding of complex coding questions. We present thirteen coding tasks aligned with various stages of the MITRE ATT&CK framework, covering areas such as credential access and defense evasion. The experimental prompts generate keyloggers, logic bombs, obfuscated worms, and ransomware with payment fulfillment, showcasing an impressive range of functionality, including self-replication, self-modification, and evasion. Despite being a language-only model, a notable feature of ChatGPT showcases its coding approaches to produce images with obfuscated or embedded executable programming steps or links.
{"title":"The Evolving Landscape of Cybersecurity: Red Teams, Large Language Models, and the Emergence of New AI Attack Surfaces","authors":"Forrest McKee, David Noever","doi":"10.5121/ijcis.2023.13101","DOIUrl":"https://doi.org/10.5121/ijcis.2023.13101","url":null,"abstract":"This study explores cybersecurity questions using a question-and-answer format with the advanced ChatGPT model from OpenAI. Unlike previous chatbots, ChatGPT demonstrates an enhanced understanding of complex coding questions. We present thirteen coding tasks aligned with various stages of the MITRE ATT&CK framework, covering areas such as credential access and defense evasion. The experimental prompts generate keyloggers, logic bombs, obfuscated worms, and ransomware with payment fulfillment, showcasing an impressive range of functionality, including self-replication, self-modification, and evasion. Despite being a language-only model, a notable feature of ChatGPT showcases its coding approaches to produce images with obfuscated or embedded executable programming steps or links.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130454162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-30DOI: 10.5121/ijcis.2022.12401
Henri Bruno Razafindradina, P. A. Randriamitantsoa
Digital watermarking consists of inserting a mark (text, image, sound or video) in a medium. The goal is to be able to identify the author or owner of a digital document by the inserted mark. Watermarking algorithms must find a compromise between capacity and imperceptibility. Capacity represents the amount of data inserted and the imperceptibility makes the mark invisible. Our research is related to images watermarking based on singular value decomposition. There are two main approaches to improving capacity and imperceptibility : dual technique and multiple technique. Most algorithms based on these two approaches have low capacity : the watermarks are generally smaller than the host image. Agarwal & al worked on inserting an image into another image of the same size, imperceptibly. Their method adds the mark in the V matrix of the image after its singular value decomposition. A λ parameter was chosen to specify the power of insertion. Our contribution is to add two images by simultaneously improving capacity and imperceptibility. This new method consists on adding the mark in the 2 matrices U and V after singular value decomposition. The insertion of the first mark is an addition as in Agarwal’s method while that of the second mark is a subtraction to make the watermark less imperceptible. The result shows that our method is robust against different attacks such as compression, noise addition, median filtering and rotation. It is also imperceptible because not only we obtain a PSNR of 27 dB, but the histogram obtained is closer to that of the original image than that of Agarwal. A test on a database of 180 images shows that the marks are still detected. However, despite these advantages, the first mark is less visible and of poor quality compared to the second after their extraction. One solution to this is to increase the value of the parameter λ for the insertion of the first mark.
{"title":"Multiple Image Watermarking based on SVD : Improving Capacity and Imperceptibility","authors":"Henri Bruno Razafindradina, P. A. Randriamitantsoa","doi":"10.5121/ijcis.2022.12401","DOIUrl":"https://doi.org/10.5121/ijcis.2022.12401","url":null,"abstract":"Digital watermarking consists of inserting a mark (text, image, sound or video) in a medium. The goal is to be able to identify the author or owner of a digital document by the inserted mark. Watermarking algorithms must find a compromise between capacity and imperceptibility. Capacity represents the amount of data inserted and the imperceptibility makes the mark invisible. Our research is related to images watermarking based on singular value decomposition. There are two main approaches to improving capacity and imperceptibility : dual technique and multiple technique. Most algorithms based on these two approaches have low capacity : the watermarks are generally smaller than the host image. Agarwal & al worked on inserting an image into another image of the same size, imperceptibly. Their method adds the mark in the V matrix of the image after its singular value decomposition. A λ parameter was chosen to specify the power of insertion. Our contribution is to add two images by simultaneously improving capacity and imperceptibility. This new method consists on adding the mark in the 2 matrices U and V after singular value decomposition. The insertion of the first mark is an addition as in Agarwal’s method while that of the second mark is a subtraction to make the watermark less imperceptible. The result shows that our method is robust against different attacks such as compression, noise addition, median filtering and rotation. It is also imperceptible because not only we obtain a PSNR of 27 dB, but the histogram obtained is closer to that of the original image than that of Agarwal. A test on a database of 180 images shows that the marks are still detected. However, despite these advantages, the first mark is less visible and of poor quality compared to the second after their extraction. One solution to this is to increase the value of the parameter λ for the insertion of the first mark.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133705354","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-30DOI: 10.5121/ijcis.2022.12301
Alexander Lawall, Thomas W. Schaller
The article presents an applied research using the Design Science Research Methodology for securely managing resources of smart factories via a graph-based approach combined with a declarative query language. This query language can be used to find appropriate production facilities that are able to fulfill specific manufacturing tasks. This approach is aimed to solve the problem with the management effort for production facilities using enumeration for naming these facilities for the manufacturing tasks. Thus, the security is ensured by identifying the “current” valid identities (resources). Additionally, the usage of deputy relationships leads to alternative production facilities if resources have a breakdown or have to be serviced which has an effect on the availability.
{"title":"A Graph-based and Declarative Approach to a Secure Resource Management in Smart Factories","authors":"Alexander Lawall, Thomas W. Schaller","doi":"10.5121/ijcis.2022.12301","DOIUrl":"https://doi.org/10.5121/ijcis.2022.12301","url":null,"abstract":"The article presents an applied research using the Design Science Research Methodology for securely managing resources of smart factories via a graph-based approach combined with a declarative query language. This query language can be used to find appropriate production facilities that are able to fulfill specific manufacturing tasks. This approach is aimed to solve the problem with the management effort for production facilities using enumeration for naming these facilities for the manufacturing tasks. Thus, the security is ensured by identifying the “current” valid identities (resources). Additionally, the usage of deputy relationships leads to alternative production facilities if resources have a breakdown or have to be serviced which has an effect on the availability.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115399438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-30DOI: 10.5121/ijcis.2022.12302
Janaki Raman Palaniappan
Internet hacking has become common now a days and is increasing day by day. It is a high time to safeguard our data. There are several cryptographic methods and algorithms that are evolved and already exist. How about additional protection makes us stress free? In this paper, I present a unique design of cryptographic algorithm which is specifically designed for Auditory cryptography and visual cryptography to make the encryption and decryption technique stronger. The purpose is to make it very difficult to decode the file when an unauthorized user accesses the data. This algorithm is a combination of multiple techniques such as Ant Algorithm, Logical Gates Technique, Dual authorization PINs, Indexed Arrays. Combination of these techniques makes the algorithm unique and strong to secure the data. This research was implemented on audio files, images and video files. The study of the result shows effective way of masking the data as it is hard to decode without PINs. Also, performance of the algorithm is efficient during encryption and decryption process.
{"title":"Highly Secure Cryptography Algorithm Method to Safeguard Audios and Visuals","authors":"Janaki Raman Palaniappan","doi":"10.5121/ijcis.2022.12302","DOIUrl":"https://doi.org/10.5121/ijcis.2022.12302","url":null,"abstract":"Internet hacking has become common now a days and is increasing day by day. It is a high time to safeguard our data. There are several cryptographic methods and algorithms that are evolved and already exist. How about additional protection makes us stress free? In this paper, I present a unique design of cryptographic algorithm which is specifically designed for Auditory cryptography and visual cryptography to make the encryption and decryption technique stronger. The purpose is to make it very difficult to decode the file when an unauthorized user accesses the data. This algorithm is a combination of multiple techniques such as Ant Algorithm, Logical Gates Technique, Dual authorization PINs, Indexed Arrays. Combination of these techniques makes the algorithm unique and strong to secure the data. This research was implemented on audio files, images and video files. The study of the result shows effective way of masking the data as it is hard to decode without PINs. Also, performance of the algorithm is efficient during encryption and decryption process.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"198 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122346636","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-03-31DOI: 10.5121/ijcis.2022.12101
Daniel Asiedu, Abdul- MuminSalifu
In this paper, we present an improved Paillier Cryptosystem for a secured data transmission based on the Residue Number System (RNS). The current state of Paillier Cryptosystem allows the computation of the plaintext from the cipher text without solving its security assumption of Decisional Composite Residuosity or the knowledge of its private keys under mathematical attacks. The proposed RNS based cryptosystem involving two stages of encryption and two stages of decryption has never been adequately studied before. This paper attempts to solve by introducing two stages of encryption and two stages of decryption. The first stage of the encryption process maintains the traditional Paillier encryption process and the second stage process is the encryption using the recommended moduli set – by the RNS Forward converter. At the first stage of the decryption process, our proposed RNS based reverse converter is adopted and finally, the traditional Paillier decryption process will be used at the second stage of the decryption process. Because the entire encryption technique is randomized, it can withstand chosen bruteforce attacks. The suggested algorithm's security study reveals that it has a wide key space ( , a high level resistance to key sensitivity attacks, and an acceptable level of resilience. In terms of security, it has been discovered that the proposed system outperforms the present algorithm.
{"title":"Secured Paillier Homomorphic Encryption Scheme Based on the Residue Number System","authors":"Daniel Asiedu, Abdul- MuminSalifu","doi":"10.5121/ijcis.2022.12101","DOIUrl":"https://doi.org/10.5121/ijcis.2022.12101","url":null,"abstract":"In this paper, we present an improved Paillier Cryptosystem for a secured data transmission based on the Residue Number System (RNS). The current state of Paillier Cryptosystem allows the computation of the plaintext from the cipher text without solving its security assumption of Decisional Composite Residuosity or the knowledge of its private keys under mathematical attacks. The proposed RNS based cryptosystem involving two stages of encryption and two stages of decryption has never been adequately studied before. This paper attempts to solve by introducing two stages of encryption and two stages of decryption. The first stage of the encryption process maintains the traditional Paillier encryption process and the second stage process is the encryption using the recommended moduli set – by the RNS Forward converter. At the first stage of the decryption process, our proposed RNS based reverse converter is adopted and finally, the traditional Paillier decryption process will be used at the second stage of the decryption process. Because the entire encryption technique is randomized, it can withstand chosen bruteforce attacks. The suggested algorithm's security study reveals that it has a wide key space ( , a high level resistance to key sensitivity attacks, and an acceptable level of resilience. In terms of security, it has been discovered that the proposed system outperforms the present algorithm.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"284 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131995404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-12-30DOI: 10.5121/IJCIS.2020.10401
Cheman Shaik
A cryptographic method of digitally securing cryptocurrency wallet seed phrase through Blind Key Encryption is discussed wherein two blind keys random in nature are generated and used to produce two ciphertexts. The mathematical algorithm used in blind key encryption is described in detail and also an explanation is provided as to how the encryption defeats hackers even after they could successfully compromise a ciphertext of the seed phrase along with its decryption key. Different scenarios of storing the ciphertexts are documented.
{"title":"Securing Cryptocurrency Wallet Seed Phrase Digitally with Blind Key Encryption","authors":"Cheman Shaik","doi":"10.5121/IJCIS.2020.10401","DOIUrl":"https://doi.org/10.5121/IJCIS.2020.10401","url":null,"abstract":"A cryptographic method of digitally securing cryptocurrency wallet seed phrase through Blind Key Encryption is discussed wherein two blind keys random in nature are generated and used to produce two ciphertexts. The mathematical algorithm used in blind key encryption is described in detail and also an explanation is provided as to how the encryption defeats hackers even after they could successfully compromise a ciphertext of the seed phrase along with its decryption key. Different scenarios of storing the ciphertexts are documented.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121463992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Smart grid utility provider collects consumers’ power consumption data for three main reasons: billing, analysis, and operation. Billing needs coarse-grained data where there are no, or minimal, privacy concerns. While analysis and operation needs fine-grained data which can highly explore consumers’ privacy. Hence, consumers might be reluctant to allow for operational metering to protect their privacy.This paper presents detail description of a reliable DNA-based privacy-preserving (DNAPP) scheme in smart grid. DNAPP assures robust authentication, confidentiality, message integrity, and nonrepudiation across the smart grid as well as assuring high consumers’ privacy. The scheme demonstrates many good security features, such as: high complexity of O(n!), light-weight, scalable, minimum overhead, no cryptography key exchange between the communicating parties as each of them can determine the key locally and independently. This scheme does not require any level of modifications to the existing smart grid infrastructure or smart meter. It only requires some software modifications.
{"title":"A DNA-based Privacy-preserving Scheme in Smart-grid","authors":"W. M. Abed","doi":"10.5121/ijcis.2019.9301","DOIUrl":"https://doi.org/10.5121/ijcis.2019.9301","url":null,"abstract":"Smart grid utility provider collects consumers’ power consumption data for three main reasons: billing, analysis, and operation. Billing needs coarse-grained data where there are no, or minimal, privacy concerns. While analysis and operation needs fine-grained data which can highly explore consumers’ privacy. Hence, consumers might be reluctant to allow for operational metering to protect their privacy.This paper presents detail description of a reliable DNA-based privacy-preserving (DNAPP) scheme in smart grid. DNAPP assures robust authentication, confidentiality, message integrity, and nonrepudiation across the smart grid as well as assuring high consumers’ privacy. The scheme demonstrates many good security features, such as: high complexity of O(n!), light-weight, scalable, minimum overhead, no cryptography key exchange between the communicating parties as each of them can determine the key locally and independently. This scheme does not require any level of modifications to the existing smart grid infrastructure or smart meter. It only requires some software modifications.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"11 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129215216","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Beaton Kapito, Patrick Ali, L. Eneya, Hyunsung Kim
One of the most commonly used user authentication mechanisms is two factor authentication based on smart card and password. The core feature of the scheme is to enforce that the user must have the smart card and know the password in order to gain access to server. Recently, Liu et al. proposed a smart card based password authentication scheme and argued that it is secure against insider attack, replay attack and man in the middle attack and provides perfect forward secrecy. In this paper, we show security weaknesses in Liu et al.’s scheme focused on off-line password guessing attack and masquerading attack and it does not provide perfect forward secrecy and anonymity. Accordingly, we propose a privacy preserving user authentication scheme based on smart card, denoted as PUAS, to remedy these security weaknesses and to provide anonymity and perfect forward secrecy. PUAS is more secure with a bit of computational overhead to support several positive properties in security and privacy.
{"title":"Privacy Preserving User Authentication Scheme Based on Smart Card","authors":"Beaton Kapito, Patrick Ali, L. Eneya, Hyunsung Kim","doi":"10.5121/ijcis.2018.8302","DOIUrl":"https://doi.org/10.5121/ijcis.2018.8302","url":null,"abstract":"One of the most commonly used user authentication mechanisms is two factor authentication based on smart card and password. The core feature of the scheme is to enforce that the user must have the smart card and know the password in order to gain access to server. Recently, Liu et al. proposed a smart card based password authentication scheme and argued that it is secure against insider attack, replay attack and man in the middle attack and provides perfect forward secrecy. In this paper, we show security weaknesses in Liu et al.’s scheme focused on off-line password guessing attack and masquerading attack and it does not provide perfect forward secrecy and anonymity. Accordingly, we propose a privacy preserving user authentication scheme based on smart card, denoted as PUAS, to remedy these security weaknesses and to provide anonymity and perfect forward secrecy. PUAS is more secure with a bit of computational overhead to support several positive properties in security and privacy.","PeriodicalId":225810,"journal":{"name":"International Journal on Cryptography and Information Security","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125073234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: