Palak Chandrakar, Rashi Bagga, Y. Kumar, S. Dwivedi, Ruhul Amin
The internet of things (IoT) is now advancing at a tremendous pace. Devices in the IoT can connect and communicate in a fully autonomous mode. Because of its autonomy and numerous infractions of security policies, the IoT network is subject to various security risks. However, because of this autonomy, dependable security and storage mechanisms for authentication to share data across IoT devices are essential. Furthermore, since it has initially been popularized in Bitcoin, blockchain development has accelerated. Blockchain can be used to solve security challenges in the IoT. Making secure communication between IoT devices is one approach to accomplish this. To address this issue, we present an effective technique for intranetwork and internetwork device‐to‐device secure communication that enables IoT device identification and authentication while also providing secure communication in an open environment. The method also provides data integrity in addition to authentication and secure communication. We have presented informal security analysis, which confirms that there is no important security threats in our protocol. The performance of the protocol is also better in comparison with previously published papers.
{"title":"Blockchain based security protocol for device to device secure communication in internet of things networks","authors":"Palak Chandrakar, Rashi Bagga, Y. Kumar, S. Dwivedi, Ruhul Amin","doi":"10.1002/spy2.267","DOIUrl":"https://doi.org/10.1002/spy2.267","url":null,"abstract":"The internet of things (IoT) is now advancing at a tremendous pace. Devices in the IoT can connect and communicate in a fully autonomous mode. Because of its autonomy and numerous infractions of security policies, the IoT network is subject to various security risks. However, because of this autonomy, dependable security and storage mechanisms for authentication to share data across IoT devices are essential. Furthermore, since it has initially been popularized in Bitcoin, blockchain development has accelerated. Blockchain can be used to solve security challenges in the IoT. Making secure communication between IoT devices is one approach to accomplish this. To address this issue, we present an effective technique for intranetwork and internetwork device‐to‐device secure communication that enables IoT device identification and authentication while also providing secure communication in an open environment. The method also provides data integrity in addition to authentication and secure communication. We have presented informal security analysis, which confirms that there is no important security threats in our protocol. The performance of the protocol is also better in comparison with previously published papers.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42321310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, the concept of image encryption and data concealing has become a major area of research that significantly improves the secure communication of images with hidden data in them. The usage of the cloud has been outstanding in several aspects so as its security to ensure privacy over the data stored in it. The concept of reversible image steganography is one such stream where the cloud users are highly relying upon the privacy of the data, they store in the cloud servers. The reversible image steganography has the potential to recover the original image from the stego‐image once the embedded data is extracted. In this research work, an effective distributive Tian's method is proposed to embed the data onto an encrypted image without degrading the performance of the encrypted image. The cross‐verification of lossless image steganography can be identified when the original image is getting extracted from the encrypted image. The result of the proposed method ensures that the distributive Tian's method outperforms the recent state‐of‐art methods. The proposed method is deployed onto six different images in different aspects to ensure its significance.
{"title":"An enhanced reversible image steganography using distributive Tian's method","authors":"N. Malarvizhi, R. Priya, R. Bhavani","doi":"10.1002/spy2.266","DOIUrl":"https://doi.org/10.1002/spy2.266","url":null,"abstract":"In recent years, the concept of image encryption and data concealing has become a major area of research that significantly improves the secure communication of images with hidden data in them. The usage of the cloud has been outstanding in several aspects so as its security to ensure privacy over the data stored in it. The concept of reversible image steganography is one such stream where the cloud users are highly relying upon the privacy of the data, they store in the cloud servers. The reversible image steganography has the potential to recover the original image from the stego‐image once the embedded data is extracted. In this research work, an effective distributive Tian's method is proposed to embed the data onto an encrypted image without degrading the performance of the encrypted image. The cross‐verification of lossless image steganography can be identified when the original image is getting extracted from the encrypted image. The result of the proposed method ensures that the distributive Tian's method outperforms the recent state‐of‐art methods. The proposed method is deployed onto six different images in different aspects to ensure its significance.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45002150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fake news potentially causes serious problems in society. Therefore, it is necessary to detect such news, which is, of course, associated with some challenges such as events, verification and datasets. Reference datasets related to this area face various problems, like the lack of sufficient information about news samples, no subject diversity, etc. The present paper proposes a model using feature extraction and machine learning algorithms for dealing with some of these problems. In the feature extraction phase, two new features (named coherence and cohesion), along with other key features, were extracted from news samples. In the detection phase, initially, the news samples of each dataset were sorted based on a specific order (easier samples in the beginning and harder ones towards the end) using a hybrid method consisting of statistical descriptors and a k‐nearest neighbor algorithm. Then, inspired by the human learning principles, the sorted news samples, were sent to the Long‐Short‐Term Memory and classical machine learning algorithms for the detection of fake news. The obtained results indicated the higher performance of the proposed model in fake news detection compared to benchmark models.
{"title":"Fake news detection using deep learning integrating feature extraction, natural language processing, and statistical descriptors","authors":"Mirmorsal Madani, H. Motameni, Hosein Mohamadi","doi":"10.1002/spy2.264","DOIUrl":"https://doi.org/10.1002/spy2.264","url":null,"abstract":"Fake news potentially causes serious problems in society. Therefore, it is necessary to detect such news, which is, of course, associated with some challenges such as events, verification and datasets. Reference datasets related to this area face various problems, like the lack of sufficient information about news samples, no subject diversity, etc. The present paper proposes a model using feature extraction and machine learning algorithms for dealing with some of these problems. In the feature extraction phase, two new features (named coherence and cohesion), along with other key features, were extracted from news samples. In the detection phase, initially, the news samples of each dataset were sorted based on a specific order (easier samples in the beginning and harder ones towards the end) using a hybrid method consisting of statistical descriptors and a k‐nearest neighbor algorithm. Then, inspired by the human learning principles, the sorted news samples, were sent to the Long‐Short‐Term Memory and classical machine learning algorithms for the detection of fake news. The obtained results indicated the higher performance of the proposed model in fake news detection compared to benchmark models.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"5 1","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41469212","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Private record linkage is an actively pursued research area to facilitate the linkage of database records under the constraints of regulations that do not allow linkage agents to learn sensitive identities of record owners. Recent works have shown that linkage using commutative ciphers, which were discarded earlier for efficiency concerns, can be made feasible by leveraging precomputations, data parallelism, and probabilistic key reuse approaches. In this work, we propose further optimizations that can be performed to improve the runtime efficiency of such an approach. We transition from modular exponentiation ciphers to elliptic curve operations to improve precomputation time, eliminate memory intensive comparisons of encrypted values, and introduce data structures to detect negative comparisons. We benchmark the proposed approach using real world demographics data, and provide an extensive study of the parametric aspects of the approach. We also supplement our execution time results with an assessment of the residual privacy risk left by the approach. The approach can perform a linkage of two datasets with 105 records each in 20 minutes in a commodity laptop. This is achieved by eliminating the need to compare more than 70% of the record pairs. By design, the linkage accuracy is also retained at the same level as a nonprivate record linkage procedure.
{"title":"Private record linkage with linkage maps","authors":"Shreya Patel, Rinku Dewri","doi":"10.1002/spy2.265","DOIUrl":"https://doi.org/10.1002/spy2.265","url":null,"abstract":"Private record linkage is an actively pursued research area to facilitate the linkage of database records under the constraints of regulations that do not allow linkage agents to learn sensitive identities of record owners. Recent works have shown that linkage using commutative ciphers, which were discarded earlier for efficiency concerns, can be made feasible by leveraging precomputations, data parallelism, and probabilistic key reuse approaches. In this work, we propose further optimizations that can be performed to improve the runtime efficiency of such an approach. We transition from modular exponentiation ciphers to elliptic curve operations to improve precomputation time, eliminate memory intensive comparisons of encrypted values, and introduce data structures to detect negative comparisons. We benchmark the proposed approach using real world demographics data, and provide an extensive study of the parametric aspects of the approach. We also supplement our execution time results with an assessment of the residual privacy risk left by the approach. The approach can perform a linkage of two datasets with 105 records each in 20 minutes in a commodity laptop. This is achieved by eliminating the need to compare more than 70% of the record pairs. By design, the linkage accuracy is also retained at the same level as a nonprivate record linkage procedure.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48597389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Chaudhry et al. proposed perfect secret sharing schemes from combinatorial squares called Room squares based on certain balanced incomplete block designs. Their protocol is efficient and secure but it is based on a Room square of order r which exists if and only if r is odd and r ≠ 3, 5. Here, we have proposed the schemes from Room squares based on group divisible designs which are a broader class of designs.
{"title":"Perfect secret sharing schemes from combinatorial squares","authors":"Shyam Saurabh, K. Sinha","doi":"10.1002/spy2.262","DOIUrl":"https://doi.org/10.1002/spy2.262","url":null,"abstract":"Chaudhry et al. proposed perfect secret sharing schemes from combinatorial squares called Room squares based on certain balanced incomplete block designs. Their protocol is efficient and secure but it is based on a Room square of order r which exists if and only if r is odd and r ≠ 3, 5. Here, we have proposed the schemes from Room squares based on group divisible designs which are a broader class of designs.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42588495","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
May Almousa, Tianyang Zhang, A. Sarrafzadeh, Mohd Anwar
Phishing websites are fraudulent websites that appear legitimate and trick unsuspecting users into interacting with them, stealing their valuable information. Because phishing attacks are a leading cause of data breach, different anti‐phishing solutions have been explored for cybersecurity management including machine learning‐based technical approaches. However, there is a gap in understanding how robust deep learning‐based models together with hyperparameter optimization are for phishing website detection. In this vein, this study pursues the tasks of developing parsimonious deep learning models and hyperparameter optimization to achieve high accuracy and reproducible results for phishing website detection. This paper demonstrates a systematic process of building detection models based on three deep learning algorithm architectures (Long Short‐Term Memory‐based detection models, Fully Connected Deep Neural Network‐based detection models, and convolutional neural network‐based detection models) that are built and evaluated using four publicly available phishing website datasets, achieving the best accuracy of 97.37%. We also compared two different optimization algorithms for hyperparameter optimization: Grid Search and Genetic Algorithm, which contributed to 0.1%–1% increase in accuracy.
{"title":"Phishing website detection: How effective are deep learning‐based models and hyperparameter optimization?","authors":"May Almousa, Tianyang Zhang, A. Sarrafzadeh, Mohd Anwar","doi":"10.1002/spy2.256","DOIUrl":"https://doi.org/10.1002/spy2.256","url":null,"abstract":"Phishing websites are fraudulent websites that appear legitimate and trick unsuspecting users into interacting with them, stealing their valuable information. Because phishing attacks are a leading cause of data breach, different anti‐phishing solutions have been explored for cybersecurity management including machine learning‐based technical approaches. However, there is a gap in understanding how robust deep learning‐based models together with hyperparameter optimization are for phishing website detection. In this vein, this study pursues the tasks of developing parsimonious deep learning models and hyperparameter optimization to achieve high accuracy and reproducible results for phishing website detection. This paper demonstrates a systematic process of building detection models based on three deep learning algorithm architectures (Long Short‐Term Memory‐based detection models, Fully Connected Deep Neural Network‐based detection models, and convolutional neural network‐based detection models) that are built and evaluated using four publicly available phishing website datasets, achieving the best accuracy of 97.37%. We also compared two different optimization algorithms for hyperparameter optimization: Grid Search and Genetic Algorithm, which contributed to 0.1%–1% increase in accuracy.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-08-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47772956","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A decentralized trade finance system is urgently needed, as smart contracts and blockchain can make the entire process fast, secure, and efficient while also allowing ordinary people to participate in the global economy. Decentralization will increase trust and transparency, as well as allow smaller businesses to participate in the industry, resulting in more jobs and a boost to the economy. We have also taken a decentralized approach to solving this massive problem with our project. We propose a decentralized trade finance model that is owned by the general public, such as you and me. On the one hand, a community of people like you and me give liquidity to the platform's liquidity pool via a lighting network, while on the other hand, importers and exporters can create profiles and engage in trade finance via the decentralized network. The exporter will use the platform validator to validate their invoice and then apply for trade finance. If everything goes well, the exporter will get monies from the liquidity pool, and the platform will be compensated by the importer after the trade is completed. Everyone involved in the process will receive trade tokens when each successful deal is completed, incentivizing the participants' good behavior.
{"title":"Decentralized trade finance using blockchain and lightning network","authors":"Shivansh Kumar, Ruhul Amin","doi":"10.1002/spy2.260","DOIUrl":"https://doi.org/10.1002/spy2.260","url":null,"abstract":"A decentralized trade finance system is urgently needed, as smart contracts and blockchain can make the entire process fast, secure, and efficient while also allowing ordinary people to participate in the global economy. Decentralization will increase trust and transparency, as well as allow smaller businesses to participate in the industry, resulting in more jobs and a boost to the economy. We have also taken a decentralized approach to solving this massive problem with our project. We propose a decentralized trade finance model that is owned by the general public, such as you and me. On the one hand, a community of people like you and me give liquidity to the platform's liquidity pool via a lighting network, while on the other hand, importers and exporters can create profiles and engage in trade finance via the decentralized network. The exporter will use the platform validator to validate their invoice and then apply for trade finance. If everything goes well, the exporter will get monies from the liquidity pool, and the platform will be compensated by the importer after the trade is completed. Everyone involved in the process will receive trade tokens when each successful deal is completed, incentivizing the participants' good behavior.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45022899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this article, we have discussed various authentication and key agreement protocols for satellite communication system and their flaws off‐line passwords guess, stolen smart card attack, insider attack and replay attack and so forth. We have analyzed the security of a recently published Uddeshaya et al's protocol for satellite communication, and discussed how it suffers from design flaws and insider attack. This protocol cannot stop the Bergamo attack, but the proposed protocol is applicable in specific environment against Bergamo attack. We have compared and illustrated the performance and security analysis of several existing protocols for satellite communication. The proposed authenticated key agreement protocol possesses both low computation and low communication cost. This protocol establishes a verified session key with only two messages of exchange. We have discussed the security of proposed framework in the random oracle model.
{"title":"A construction of Chebyshev chaotic map based authenticated key agreement protocol for satellite communication system","authors":"Dharminder Dharminder, Ankur Nehra, Aditya Arya","doi":"10.1002/spy2.257","DOIUrl":"https://doi.org/10.1002/spy2.257","url":null,"abstract":"In this article, we have discussed various authentication and key agreement protocols for satellite communication system and their flaws off‐line passwords guess, stolen smart card attack, insider attack and replay attack and so forth. We have analyzed the security of a recently published Uddeshaya et al's protocol for satellite communication, and discussed how it suffers from design flaws and insider attack. This protocol cannot stop the Bergamo attack, but the proposed protocol is applicable in specific environment against Bergamo attack. We have compared and illustrated the performance and security analysis of several existing protocols for satellite communication. The proposed authenticated key agreement protocol possesses both low computation and low communication cost. This protocol establishes a verified session key with only two messages of exchange. We have discussed the security of proposed framework in the random oracle model.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45503364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Real Time Mission Critical Communication (RTMCC) in emergency situations can include real‐time video and audio calls between peers and first responders all occurring simultaneously. RTMCC also requires secure end‐to‐end (E2E) group communication (GC) sessions against potential security threats during such incidents. In this paper, we explore all aspects of the possible methods that are suitable for a software implementation of for session key change during GC in E2E encryption of RTMCC. Later, we introduce our Entropy Service concept, which can be very effective in secure E2E RTMCC sessions. The proposed method ensures E2E security in real‐time communication systems while allowing very fast session key change for clients involved in an RTMCC session with a computational complexity of 𝒪(1). Our experimental results show that the proposed Entropy Service can reduce total time by 99.6% and 99.2%, the idle time by 99.4% and 98.99%, and the number of messages by 51.4% and 35.33% compared to the key refreshing and hash methods, respectively, when the number of users in the system increases to 45. These results show that both communication and computation complexity are significantly reduced with the proposed RTMCC session key change.
{"title":"Entropy service for secure real‐time mission critical communications","authors":"E. Zeydan, Yekta Turk, Yaman Yagiz Tasbag","doi":"10.1002/spy2.258","DOIUrl":"https://doi.org/10.1002/spy2.258","url":null,"abstract":"Real Time Mission Critical Communication (RTMCC) in emergency situations can include real‐time video and audio calls between peers and first responders all occurring simultaneously. RTMCC also requires secure end‐to‐end (E2E) group communication (GC) sessions against potential security threats during such incidents. In this paper, we explore all aspects of the possible methods that are suitable for a software implementation of for session key change during GC in E2E encryption of RTMCC. Later, we introduce our Entropy Service concept, which can be very effective in secure E2E RTMCC sessions. The proposed method ensures E2E security in real‐time communication systems while allowing very fast session key change for clients involved in an RTMCC session with a computational complexity of 𝒪(1). Our experimental results show that the proposed Entropy Service can reduce total time by 99.6% and 99.2%, the idle time by 99.4% and 98.99%, and the number of messages by 51.4% and 35.33% compared to the key refreshing and hash methods, respectively, when the number of users in the system increases to 45. These results show that both communication and computation complexity are significantly reduced with the proposed RTMCC session key change.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.9,"publicationDate":"2022-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47205749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: