首页 > 最新文献

Security and Privacy最新文献

英文 中文
Location privacy protection of nodes in the perception layer of the Internet of things based on Radio Frequency Identification location aware algorithm 基于射频识别位置感知算法的物联网感知层节点位置隐私保护
IF 1.9 Pub Date : 2024-01-22 DOI: 10.1002/spy2.368
Ruiqi Li, Fupeng Li, Peng Xu, Shuiting Du, Bingling Gu
To ensure the security of node location privacy in the perception layer of the Internet of Things, this study proposes a location privacy protection method based on RFID location awareness algorithm. This method first introduces an adaptive multi tree anti‐collision algorithm based on collision trees when perceiving and locating the location information of nodes in the perception layer of the Internet of Things, to prevent signal collisions between multiple readers and writers. Then, based on the obtained node location results, a IoT perception layer node location privacy protection scheme based on virtual ring strategy is used to randomly initiate directed co hop routing using the virtual nodes generated after random walking, avoiding the visible area of the source node location, and transmitting data to the aggregation node in the form of the shortest routing path to protect the privacy and security of the node location. Finally, experiments are carried out to prove the progressiveness of the proposed method. The experimental results show that this method can prolong the security period of the source and aggregation nodes in the perception layer of the Internet of Things, protect the privacy and security of node positions, and has great application value.
为确保物联网感知层节点位置隐私安全,本研究提出了一种基于RFID位置感知算法的位置隐私保护方法。该方法在感知定位物联网感知层节点位置信息时,首先引入基于碰撞树的自适应多树防碰撞算法,防止多个读写器之间的信号碰撞。然后,根据得到的节点定位结果,采用基于虚拟环策略的物联网感知层节点位置隐私保护方案,利用随机行走后生成的虚拟节点随机发起定向共跳路由,避开源节点位置的可见区域,以最短路由路径的形式将数据传输到汇聚节点,保护节点位置的隐私安全。最后,通过实验证明了所提方法的进步性。实验结果表明,该方法可以延长物联网感知层中源节点和汇聚节点的安全期,保护节点位置的隐私和安全,具有很大的应用价值。
{"title":"Location privacy protection of nodes in the perception layer of the Internet of things based on Radio Frequency Identification location aware algorithm","authors":"Ruiqi Li, Fupeng Li, Peng Xu, Shuiting Du, Bingling Gu","doi":"10.1002/spy2.368","DOIUrl":"https://doi.org/10.1002/spy2.368","url":null,"abstract":"To ensure the security of node location privacy in the perception layer of the Internet of Things, this study proposes a location privacy protection method based on RFID location awareness algorithm. This method first introduces an adaptive multi tree anti‐collision algorithm based on collision trees when perceiving and locating the location information of nodes in the perception layer of the Internet of Things, to prevent signal collisions between multiple readers and writers. Then, based on the obtained node location results, a IoT perception layer node location privacy protection scheme based on virtual ring strategy is used to randomly initiate directed co hop routing using the virtual nodes generated after random walking, avoiding the visible area of the source node location, and transmitting data to the aggregation node in the form of the shortest routing path to protect the privacy and security of the node location. Finally, experiments are carried out to prove the progressiveness of the proposed method. The experimental results show that this method can prolong the security period of the source and aggregation nodes in the perception layer of the Internet of Things, protect the privacy and security of node positions, and has great application value.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139608009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Analysis of SQL injection attacks in the cloud and in WEB applications 分析云计算和 WEB 应用程序中的 SQL 注入攻击
IF 1.9 Pub Date : 2024-01-18 DOI: 10.1002/spy2.370
Animesh Kumar, Sandip Dutta, Prashant Pranav
Cloud computing has revolutionized the way IT industries work. Most modern‐day companies rely on cloud services to accomplish their day‐to‐day tasks. From hosting websites to developing platforms and storing resources, cloud computing has tremendous use in the modern information technology industry. Although an emerging technique, it has many security challenges. In structured query language injection attacks, the attacker modifies some parts of the user query to still sensitive user information. This type of attack is challenging to detect and prevent. In this article, we have reviewed 65 research articles that address the issue of its prevention and detection in cloud and Traditional Networks, of which 11 research articles are related to general cloud attacks, and the rest of the 54 research articles are specifically on web security. Our result shows that Random Forest has an accuracy of 99.8% and a Precision rate of 99.9%, and the worst‐performing model is Multi‐Layer Perceptron (MLP) in the SQLIA Model. For recall value, Random Forest performs best while TensorFlow Linear Classifier performs worst. F1 score is best in Random Forest, while MLP is the most diminutive performer.
云计算彻底改变了 IT 行业的工作方式。大多数现代公司都依赖云服务来完成日常任务。从托管网站到开发平台和存储资源,云计算在现代信息技术产业中有着巨大的用途。虽然云计算是一项新兴技术,但它也面临着许多安全挑战。在结构化查询语言注入攻击中,攻击者会修改用户查询的某些部分,以保留敏感的用户信息。这类攻击在检测和防范方面具有挑战性。在本文中,我们综述了 65 篇针对云计算和传统网络中结构化查询语言注入攻击的预防和检测问题的研究文章,其中 11 篇研究文章与一般的云计算攻击有关,其余 54 篇研究文章则专门针对网络安全。结果显示,随机森林的准确率为 99.8%,精确率为 99.9%,而在 SQLIA 模型中表现最差的模型是多层感知器(MLP)。在召回值方面,随机森林表现最好,而 TensorFlow 线性分类器表现最差。随机森林的 F1 分数最高,而 MLP 的表现最差。
{"title":"Analysis of SQL injection attacks in the cloud and in WEB applications","authors":"Animesh Kumar, Sandip Dutta, Prashant Pranav","doi":"10.1002/spy2.370","DOIUrl":"https://doi.org/10.1002/spy2.370","url":null,"abstract":"Cloud computing has revolutionized the way IT industries work. Most modern‐day companies rely on cloud services to accomplish their day‐to‐day tasks. From hosting websites to developing platforms and storing resources, cloud computing has tremendous use in the modern information technology industry. Although an emerging technique, it has many security challenges. In structured query language injection attacks, the attacker modifies some parts of the user query to still sensitive user information. This type of attack is challenging to detect and prevent. In this article, we have reviewed 65 research articles that address the issue of its prevention and detection in cloud and Traditional Networks, of which 11 research articles are related to general cloud attacks, and the rest of the 54 research articles are specifically on web security. Our result shows that Random Forest has an accuracy of 99.8% and a Precision rate of 99.9%, and the worst‐performing model is Multi‐Layer Perceptron (MLP) in the SQLIA Model. For recall value, Random Forest performs best while TensorFlow Linear Classifier performs worst. F1 score is best in Random Forest, while MLP is the most diminutive performer.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139614241","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Autonomous vehicle security: Current survey and future research challenges 自动驾驶汽车的安全性:当前调查与未来研究挑战
IF 1.9 Pub Date : 2024-01-11 DOI: 10.1002/spy2.367
Isha Pali, Ruhul Amin, Mohammad Abdussami
The advancement in technology and the adoption of innovative developments have made our lives easier. Every industry, from agriculture to transport, has experienced this advancement. The entire transportation system is in the process of becoming intelligent. Smart mobility of autonomous vehicles is an important part of the upcoming smart cities. The autonomous vehicle provides functionalities for safety and convenience. It has been an emerging field with a lot of attention and still under advancement and requires a thorough study and solutions for potential challenges and opportunities. Despite impressive advantages, it has some security vulnerabilities which could lead to life‐threatening consequences. Though they could prevent road accidents by eliminating human errors from the driving process, they also create the possibility of cyber‐physical attacks on the vehicular controlling system. For this, many researchers have focused on the security attacks and defenses in autonomous vehicular systems. A 360‐degree research has been undertaken to understand the concept of autonomous vehicles entirely, such as history, social impacts, difficulties and challenges, current product developments, and security aspects. Also, a vehicular architecture is proposed by integrating various technologies such as 5G, SDN, cloud, and so forth, its possible security attacks are mentioned.
技术的进步和创新发展为我们的生活带来了便利。从农业到运输业,每个行业都经历了这种进步。整个交通系统正在走向智能化。自动驾驶汽车的智能交通是即将到来的智能城市的重要组成部分。自动驾驶汽车提供了安全和便利的功能。这是一个备受关注的新兴领域,目前仍处于发展阶段,需要对潜在的挑战和机遇进行深入研究并提出解决方案。尽管自动驾驶汽车具有令人印象深刻的优势,但它也存在一些安全漏洞,可能导致危及生命的后果。虽然它们可以通过消除驾驶过程中的人为错误来预防道路交通事故,但也会给车辆控制系统带来网络物理攻击的可能性。为此,许多研究人员都在关注自动驾驶汽车系统的安全攻击和防御问题。为了全面了解自动驾驶汽车的概念,如历史、社会影响、困难和挑战、当前产品开发和安全方面,进行了全方位的研究。同时,通过整合 5G、SDN、云等多种技术,提出了一种车辆架构,并提到了其可能的安全攻击。
{"title":"Autonomous vehicle security: Current survey and future research challenges","authors":"Isha Pali, Ruhul Amin, Mohammad Abdussami","doi":"10.1002/spy2.367","DOIUrl":"https://doi.org/10.1002/spy2.367","url":null,"abstract":"The advancement in technology and the adoption of innovative developments have made our lives easier. Every industry, from agriculture to transport, has experienced this advancement. The entire transportation system is in the process of becoming intelligent. Smart mobility of autonomous vehicles is an important part of the upcoming smart cities. The autonomous vehicle provides functionalities for safety and convenience. It has been an emerging field with a lot of attention and still under advancement and requires a thorough study and solutions for potential challenges and opportunities. Despite impressive advantages, it has some security vulnerabilities which could lead to life‐threatening consequences. Though they could prevent road accidents by eliminating human errors from the driving process, they also create the possibility of cyber‐physical attacks on the vehicular controlling system. For this, many researchers have focused on the security attacks and defenses in autonomous vehicular systems. A 360‐degree research has been undertaken to understand the concept of autonomous vehicles entirely, such as history, social impacts, difficulties and challenges, current product developments, and security aspects. Also, a vehicular architecture is proposed by integrating various technologies such as 5G, SDN, cloud, and so forth, its possible security attacks are mentioned.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139626140","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Physically secure and privacy‐preserving blockchain enabled authentication scheme for internet of drones 无人机互联网的物理安全和隐私保护区块链认证方案
IF 1.9 Pub Date : 2024-01-10 DOI: 10.1002/spy2.364
Jegadeesan Subramani, Azees Maria, ArunSekar Rajasekaran, Jaime Lloret
The wide applications of the Internet of Drones (IoD), ranging from package delivery to surveillance, attract the attention of industrialists and academicians. Drones are given the task of obtaining sensitive field information within the flying zone in real‐time. Hence, it is important to tackle the privacy and security issues associated with drones that are employed in these kinds of situations. Also, when the drones move to the new unmanned aerial vehicle (UAV) operator coverage area, the drones are required to execute the authentication process again, which affects the performance of IoD. To overcome the above‐said shortcomings, a physically secure and privacy‐preserving blockchain enabled authentication method is proposed in this paper. The blockchain network permits drones to perform quick re‐authentication by transferring drone authentication codes to the following UAV operators. In the proposed work, the drone does not need to store the secret keys to perform anonymous authentication, and it provides physical security for the drones. When compared to competing techniques, the proposed scheme delivers the needed security features while incurring lower storage, computational, and communication costs.
无人机互联网(IoD)的广泛应用,从包裹递送到监控,吸引了工业家和学术界的关注。无人机的任务是实时获取飞行区域内敏感的现场信息。因此,解决与此类情况下使用的无人机相关的隐私和安全问题非常重要。此外,当无人机移动到新的无人机操作员覆盖区域时,无人机需要重新执行验证过程,这也会影响 IoD 的性能。为了克服上述缺点,本文提出了一种物理安全且保护隐私的区块链认证方法。区块链网络允许无人机通过将无人机验证码传输给后续无人机操作员来执行快速重新验证。在所提出的工作中,无人机无需存储秘钥即可执行匿名身份验证,并为无人机提供了物理安全保障。与其他竞争技术相比,所提出的方案既能提供所需的安全功能,又能降低存储、计算和通信成本。
{"title":"Physically secure and privacy‐preserving blockchain enabled authentication scheme for internet of drones","authors":"Jegadeesan Subramani, Azees Maria, ArunSekar Rajasekaran, Jaime Lloret","doi":"10.1002/spy2.364","DOIUrl":"https://doi.org/10.1002/spy2.364","url":null,"abstract":"The wide applications of the Internet of Drones (IoD), ranging from package delivery to surveillance, attract the attention of industrialists and academicians. Drones are given the task of obtaining sensitive field information within the flying zone in real‐time. Hence, it is important to tackle the privacy and security issues associated with drones that are employed in these kinds of situations. Also, when the drones move to the new unmanned aerial vehicle (UAV) operator coverage area, the drones are required to execute the authentication process again, which affects the performance of IoD. To overcome the above‐said shortcomings, a physically secure and privacy‐preserving blockchain enabled authentication method is proposed in this paper. The blockchain network permits drones to perform quick re‐authentication by transferring drone authentication codes to the following UAV operators. In the proposed work, the drone does not need to store the secret keys to perform anonymous authentication, and it provides physical security for the drones. When compared to competing techniques, the proposed scheme delivers the needed security features while incurring lower storage, computational, and communication costs.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139439697","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A new authentication scheme for dynamic charging system of electric vehicles in fog environment 雾环境下电动汽车动态充电系统的新型认证方案
IF 1.9 Pub Date : 2024-01-01 DOI: 10.1002/spy2.365
Zhongming Huang, Feng Wang, Chin-Chen Chang, Xiuqiang Chen
The dynamic charging system of electric vehicles has great potential for development. Electric vehicles initiate charging requests, and charging stations charge authorized electric vehicles. Fog computing improves the efficiency of request processing. However, open channels can be vulnerable to various attacks by a malicious adversary. Mutual authentication schemes allow users and charging stations to confirm each other. Therefore, numerous authentication and key agreement schemes have been proposed. In 2021, Babu et al. proposed an authentication scheme based on fog servers. Unfortunately, we found that their scheme can not resist FS impersonation attack and replay attack. Hence, we propose an authentication scheme between electric vehicles and fog servers to resolve the security weakness. Our scheme uses lightweight hash functions and XOR operations, which is more suitable for resource‐constrained electric vehicles. We proved our scheme can achieve mutual authentication by using BAN logic, and analyzed that our scheme can resist impersonation, replay, and known session key attacks, ensuring anonymity and untraceability. We finally compare computation cost and communication cost of our scheme with the existing schemes. The result shows that our scheme performs better than others overall. Therefore, our scheme is secure and suitable for dynamic charging systems.
电动汽车的动态充电系统具有巨大的发展潜力。电动汽车发起充电请求,充电站为授权的电动汽车充电。雾计算提高了请求处理的效率。然而,开放通道容易受到恶意对手的各种攻击。相互认证方案允许用户和充电站相互确认。因此,人们提出了许多认证和密钥协议方案。2021 年,Babu 等人提出了一种基于雾服务器的认证方案。遗憾的是,我们发现他们的方案无法抵御 FS 冒充攻击和重放攻击。因此,我们提出了一种电动汽车与雾服务器之间的认证方案,以解决安全弱点。我们的方案使用轻量级哈希函数和 XOR 运算,更适合资源有限的电动汽车。我们利用 BAN 逻辑证明了我们的方案可以实现相互认证,并分析了我们的方案可以抵御冒充、重放和已知会话密钥攻击,确保了匿名性和不可追踪性。最后,我们比较了我们的方案与现有方案的计算成本和通信成本。结果表明,我们的方案在整体上优于其他方案。因此,我们的方案是安全的,适用于动态收费系统。
{"title":"A new authentication scheme for dynamic charging system of electric vehicles in fog environment","authors":"Zhongming Huang, Feng Wang, Chin-Chen Chang, Xiuqiang Chen","doi":"10.1002/spy2.365","DOIUrl":"https://doi.org/10.1002/spy2.365","url":null,"abstract":"The dynamic charging system of electric vehicles has great potential for development. Electric vehicles initiate charging requests, and charging stations charge authorized electric vehicles. Fog computing improves the efficiency of request processing. However, open channels can be vulnerable to various attacks by a malicious adversary. Mutual authentication schemes allow users and charging stations to confirm each other. Therefore, numerous authentication and key agreement schemes have been proposed. In 2021, Babu et al. proposed an authentication scheme based on fog servers. Unfortunately, we found that their scheme can not resist FS impersonation attack and replay attack. Hence, we propose an authentication scheme between electric vehicles and fog servers to resolve the security weakness. Our scheme uses lightweight hash functions and XOR operations, which is more suitable for resource‐constrained electric vehicles. We proved our scheme can achieve mutual authentication by using BAN logic, and analyzed that our scheme can resist impersonation, replay, and known session key attacks, ensuring anonymity and untraceability. We finally compare computation cost and communication cost of our scheme with the existing schemes. The result shows that our scheme performs better than others overall. Therefore, our scheme is secure and suitable for dynamic charging systems.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2024-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139457125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An efficient lightweight authentication scheme for dew‐assisted IoT networks 用于露水辅助物联网网络的高效轻量级认证方案
IF 1.9 Pub Date : 2023-12-11 DOI: 10.1002/spy2.360
Upendra Verma, M. Sohani
The dew computing is currently considered as one of the promising technology, due to its ability to give data access in the absence of internet. However, dew computing also brings new challenges, particularly security and privacy issues. In dew computing paradigm, authentication and key agreement pose substantial challenges that must be taken into account. In this context, the present work is to provide a secure authentication scheme for Internet of Things and dew server based on elliptic curve cryptography. Moreover, the performance evaluation of proposed scheme has been assessed in terms of communication and computation cost, which shows the proposed scheme outperforms than existing related schemes. The proposed scheme has also been compared with the related schemes in terms of various security features such as location privacy, anonymity, forward secrecy, mutual authentication, key agreement, forgery attack, replay attack, denial of service attack and replay attack. Furthermore, the formal security evaluation has been verified by automated validation internet security protocols and applications (AVISPA) under on‐the‐fly model‐checker (OFMC) and constraint logic based attack searcher (CL‐AtSE) backends. The OFMC backend analyzed 228 visited nodes with four plies using search time of 0.24 s. The CL‐AtSE analyzed three states with translation time of 0.12 s. The OFMC and CL‐AtSE backends have not identified any attack trace. Therefore, the simulation results demonstrate that the proposed scheme is safe against the security threats.
目前,露水计算被认为是一种前景广阔的技术,因为它能够在没有互联网的情况下提供数据访问。然而,露计算也带来了新的挑战,尤其是安全和隐私问题。在露计算模式中,身份验证和密钥协议是必须考虑的重大挑战。在此背景下,本研究旨在为物联网和露水服务器提供一种基于椭圆曲线密码学的安全认证方案。此外,还从通信和计算成本的角度对所提方案进行了性能评估,结果表明所提方案的性能优于现有的相关方案。还从位置隐私、匿名性、前向保密性、相互验证、密钥协议、伪造攻击、重放攻击、拒绝服务攻击和重放攻击等各种安全特性方面,对拟议方案与相关方案进行了比较。此外,正式的安全评估已通过自动验证互联网安全协议和应用程序(AVISPA)的即时模型检查器(OFMC)和基于约束逻辑的攻击搜索器(CL-AtSE)后端进行了验证。OFMC 后端分析了 228 个访问节点的四个层,搜索时间为 0.24 秒;CL-AtSE 分析了三个状态,翻译时间为 0.12 秒。因此,仿真结果表明,建议的方案可以安全地应对安全威胁。
{"title":"An efficient lightweight authentication scheme for dew‐assisted IoT networks","authors":"Upendra Verma, M. Sohani","doi":"10.1002/spy2.360","DOIUrl":"https://doi.org/10.1002/spy2.360","url":null,"abstract":"The dew computing is currently considered as one of the promising technology, due to its ability to give data access in the absence of internet. However, dew computing also brings new challenges, particularly security and privacy issues. In dew computing paradigm, authentication and key agreement pose substantial challenges that must be taken into account. In this context, the present work is to provide a secure authentication scheme for Internet of Things and dew server based on elliptic curve cryptography. Moreover, the performance evaluation of proposed scheme has been assessed in terms of communication and computation cost, which shows the proposed scheme outperforms than existing related schemes. The proposed scheme has also been compared with the related schemes in terms of various security features such as location privacy, anonymity, forward secrecy, mutual authentication, key agreement, forgery attack, replay attack, denial of service attack and replay attack. Furthermore, the formal security evaluation has been verified by automated validation internet security protocols and applications (AVISPA) under on‐the‐fly model‐checker (OFMC) and constraint logic based attack searcher (CL‐AtSE) backends. The OFMC backend analyzed 228 visited nodes with four plies using search time of 0.24 s. The CL‐AtSE analyzed three states with translation time of 0.12 s. The OFMC and CL‐AtSE backends have not identified any attack trace. Therefore, the simulation results demonstrate that the proposed scheme is safe against the security threats.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139010561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Enhancing android application security: A novel approach using DroidXGB for malware detection based on permission analysis 增强安卓应用程序的安全性:基于权限分析使用 DroidXGB 检测恶意软件的新方法
IF 1.9 Pub Date : 2023-12-11 DOI: 10.1002/spy2.361
Pawan Kumar, Sukhdip Singh
The prevalence of malicious Android applications targeting the platform has introduced significant challenges in the realm of security testing. Traditional solutions have proven insufficient in handling the growing number of malicious apps, resulting in persistent exposure of Android smartphones to evolving forms of malware. This study investigates the potential of extreme gradient boosting (XGB) in identifying complex and high‐dimensional malicious permissions. By leveraging attribute combination and selection techniques, XGBoost demonstrates promising capabilities in this area. However, enhancing the XGBoost model presents a formidable challenge. To overcome this, This research employs adaptive grey wolf optimization (AGWO) for hyper‐parameter tuning. AGWO utilizes continuous values to represent the position and movement of the grey wolf, enabling XGBoost to search for optimal hyper‐parameter values in a continuous space. The proposed approach, DroidXGB, utilizes XGBoost and AGWO to analyze permissions and identify malware Android applications. It aims to address security vulnerabilities and compares its performance with baseline algorithms and state‐of‐the‐art methods using four benchmark datasets. The results showcase DroidXGB's impressive accuracy of 98.39%, outperforming other existing methods and significantly enhancing Android malware detection and security testing capabilities.
针对安卓平台的恶意安卓应用程序的盛行给安全测试领域带来了巨大挑战。事实证明,传统的解决方案不足以应对日益增多的恶意应用程序,导致安卓智能手机持续暴露在不断演变的恶意软件面前。本研究探讨了极端梯度提升(XGB)在识别复杂和高维恶意权限方面的潜力。通过利用属性组合和选择技术,XGBoost 在这一领域展现出了良好的能力。然而,增强 XGBoost 模型是一项艰巨的挑战。为了克服这一难题,本研究采用了自适应灰狼优化(AGWO)技术来调整超参数。AGWO 利用连续值来表示灰狼的位置和移动,使 XGBoost 能够在连续空间中搜索最佳超参数值。所提出的方法 DroidXGB 利用 XGBoost 和 AGWO 分析权限并识别恶意 Android 应用程序。该方法旨在解决安全漏洞,并利用四个基准数据集将其性能与基准算法和最先进的方法进行了比较。结果表明,DroidXGB 的准确率高达 98.39%,优于其他现有方法,显著提高了安卓恶意软件检测和安全测试能力。
{"title":"Enhancing android application security: A novel approach using DroidXGB for malware detection based on permission analysis","authors":"Pawan Kumar, Sukhdip Singh","doi":"10.1002/spy2.361","DOIUrl":"https://doi.org/10.1002/spy2.361","url":null,"abstract":"The prevalence of malicious Android applications targeting the platform has introduced significant challenges in the realm of security testing. Traditional solutions have proven insufficient in handling the growing number of malicious apps, resulting in persistent exposure of Android smartphones to evolving forms of malware. This study investigates the potential of extreme gradient boosting (XGB) in identifying complex and high‐dimensional malicious permissions. By leveraging attribute combination and selection techniques, XGBoost demonstrates promising capabilities in this area. However, enhancing the XGBoost model presents a formidable challenge. To overcome this, This research employs adaptive grey wolf optimization (AGWO) for hyper‐parameter tuning. AGWO utilizes continuous values to represent the position and movement of the grey wolf, enabling XGBoost to search for optimal hyper‐parameter values in a continuous space. The proposed approach, DroidXGB, utilizes XGBoost and AGWO to analyze permissions and identify malware Android applications. It aims to address security vulnerabilities and compares its performance with baseline algorithms and state‐of‐the‐art methods using four benchmark datasets. The results showcase DroidXGB's impressive accuracy of 98.39%, outperforming other existing methods and significantly enhancing Android malware detection and security testing capabilities.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138980209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Designing access control security protocol for Industry 4.0 using Blockchain‐as‐a‐Service 利用区块链即服务为工业 4.0 设计访问控制安全协议
IF 1.9 Pub Date : 2023-12-11 DOI: 10.1002/spy2.362
Anusha Vangala, Ashok Kumar Das, Neeraj Kumar, P. Vijayakumar, Marimuthu Karuppiah, Youngho Park
Industry 4.0 is a revolution of the operations in the industrial manufacturing for increased productivity, trade and commerce. It is heavily reliant on the automation of the processes and equipment along with complex interconnectivity and insightful analysis using machine learning. The interconnectivity of the manufacturing devices from various industrial sites brings with it several security issues related to communication. This article focuses on solving the security issue of access control between such devices and enable seamless secure communication for the proper functioning of the industry. An access control scheme has been proposed that achieves the necessary security features of anonymity, traceability, and forward secrecy. It is also shown that the proposed scheme takes less communication and computational costs, and is strongly resilient against various attacks such as impersonation attack, replay attack, and denial‐of‐service attack as compared to other relevant schemes.
工业 4.0 是工业制造领域的一场革命,旨在提高生产率、促进贸易和商业发展。它在很大程度上依赖于流程和设备的自动化,以及复杂的互联性和利用机器学习进行的深入分析。来自不同工业现场的制造设备的互联性带来了一些与通信相关的安全问题。本文的重点是解决这些设备之间访问控制的安全问题,实现无缝安全通信,使工业正常运转。本文提出了一种访问控制方案,可实现匿名、可追踪和前向保密等必要的安全功能。研究还表明,与其他相关方案相比,所提出的方案所需的通信和计算成本更低,并能有效抵御各种攻击,如冒充攻击、重放攻击和拒绝服务攻击。
{"title":"Designing access control security protocol for Industry 4.0 using Blockchain‐as‐a‐Service","authors":"Anusha Vangala, Ashok Kumar Das, Neeraj Kumar, P. Vijayakumar, Marimuthu Karuppiah, Youngho Park","doi":"10.1002/spy2.362","DOIUrl":"https://doi.org/10.1002/spy2.362","url":null,"abstract":"Industry 4.0 is a revolution of the operations in the industrial manufacturing for increased productivity, trade and commerce. It is heavily reliant on the automation of the processes and equipment along with complex interconnectivity and insightful analysis using machine learning. The interconnectivity of the manufacturing devices from various industrial sites brings with it several security issues related to communication. This article focuses on solving the security issue of access control between such devices and enable seamless secure communication for the proper functioning of the industry. An access control scheme has been proposed that achieves the necessary security features of anonymity, traceability, and forward secrecy. It is also shown that the proposed scheme takes less communication and computational costs, and is strongly resilient against various attacks such as impersonation attack, replay attack, and denial‐of‐service attack as compared to other relevant schemes.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138981531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Chaos and DNA coding technique for image cryptography 用于图像加密的混沌和 DNA 编码技术
IF 1.9 Pub Date : 2023-12-08 DOI: 10.1002/spy2.359
Grishan Pradhan, Babu R. Dawadi, Abiral Chaulagain, Anish Lal Joshi, Prajal Govinda Vaidya
In today's cybersphere, cryptography plays a vital role in various fields. Image encryption is an integral part for securing information because of its vast application areas such as military (defense), multimedia, healthcare and so forth. In this article, an image encryption algorithm for both grayscale and color image is proposed based on Tangential Delay‐Ellipse Reflecting Curve System (TD‐ERCS) chaotic map system and deoxyribonucleic acid (DNA) coding. Chaotic map is used to scramble the pixel positions; to achieve confusion and for creation of mask image, and DNA coding is used for changing the pixel values; to achieve diffusion. Upon experimental analysis, proposed work achieved significantly high mean square error and low peak signal to noise ratio, almost zero correlation, high number of pixel change rate and unified averaged changed intensity values, and resistance to noise and data loss attacks. In addition, the decryption is possible without loss in quality of image.
在当今的网络世界中,密码学在各个领域发挥着至关重要的作用。由于图像加密在军事(国防)、多媒体、医疗保健等领域的广泛应用,它已成为信息安全的重要组成部分。本文提出了一种基于切向延迟-椭圆反射曲线系统(TD - ERCS)混沌映射系统和脱氧核糖核酸(DNA)编码的灰度和彩色图像加密算法。混沌映射用于打乱像素位置;实现混淆和创建掩模图像,使用DNA编码改变像素值;实现扩散。经实验分析,所提出的工作具有明显的高均方误差和低峰值信噪比,几乎为零的相关性,高的像素数变化率和统一的平均变化强度值,并且能够抵抗噪声和数据丢失攻击。此外,解密可以在不损失图像质量的情况下进行。
{"title":"Chaos and DNA coding technique for image cryptography","authors":"Grishan Pradhan, Babu R. Dawadi, Abiral Chaulagain, Anish Lal Joshi, Prajal Govinda Vaidya","doi":"10.1002/spy2.359","DOIUrl":"https://doi.org/10.1002/spy2.359","url":null,"abstract":"In today's cybersphere, cryptography plays a vital role in various fields. Image encryption is an integral part for securing information because of its vast application areas such as military (defense), multimedia, healthcare and so forth. In this article, an image encryption algorithm for both grayscale and color image is proposed based on Tangential Delay‐Ellipse Reflecting Curve System (TD‐ERCS) chaotic map system and deoxyribonucleic acid (DNA) coding. Chaotic map is used to scramble the pixel positions; to achieve confusion and for creation of mask image, and DNA coding is used for changing the pixel values; to achieve diffusion. Upon experimental analysis, proposed work achieved significantly high mean square error and low peak signal to noise ratio, almost zero correlation, high number of pixel change rate and unified averaged changed intensity values, and resistance to noise and data loss attacks. In addition, the decryption is possible without loss in quality of image.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":1.9,"publicationDate":"2023-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138589532","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
V2XCom: Lightweight and secure message dissemination scheme for Internet of vehicles V2XCom:面向车联网的轻量级安全消息分发方案
Pub Date : 2023-11-02 DOI: 10.1002/spy2.352
Umesh Bodkhe, Sudeep Tanwar
Abstract Smart cities provide a sustainable transport ecosystem to connect smart vehicles through sensors and networking units. Internet‐of‐vehicles (IoV) is vital in disseminating various messages, including road safety, exact location sharing, road accidents and blocks, collision warning, driver assistance, network congestion, or toll payment among vehicle‐to‐anything (V2X) units. Due to the mission‐critical nature of the IoV ecosystem, it requires reliable, lightweight, and real‐time communication for vehicle‐to‐vehicle (V2V) and V2X units. However, due to the availability of insecure wireless channels, an adversary can perform several security attacks such as replay, password guessing, masquerade, trace, message tampering, Man‐in‐the‐middle attack (MIMA), and plain‐text attacks in an IoV environment which may lead to potential disruptions. Motivated by the aforementioned facts, we propose a V2XCom , a lightweight and secure message dissemination scheme for the IoV network using low‐cost cryptographic SHA‐256, XoR operation, and concatenation. We performed security verification of V2XCom using the Scyther and AVISPA tools. Moreover, security proofs are provided for an informal security analysis of the proposed scheme. We have done a comparative analysis of a V2XCom with recent dissemination schemes in the IoV ecosystem concerning security features, communication latency, computational cost, and energy usage.
智慧城市提供可持续的交通生态系统,通过传感器和网络单元连接智能车辆。车联网(IoV)在传播各种信息方面至关重要,包括道路安全、精确位置共享、道路事故和阻塞、碰撞警告、驾驶员辅助、网络拥堵或车辆对任何设备(V2X)之间的通行费支付。由于车联网生态系统的关键任务性质,它需要可靠、轻量级和实时的车对车(V2V)和V2X单元通信。然而,由于不安全无线通道的可用性,攻击者可以在车联网环境中执行多种安全攻击,如重播、密码猜测、伪装、跟踪、消息篡改、中间人攻击(MIMA)和纯文本攻击,这可能导致潜在的中断。基于上述事实,我们提出了一种V2XCom,一种使用低成本加密SHA - 256, XoR操作和连接的轻量级安全的IoV网络消息传播方案。我们使用Scyther和AVISPA工具对V2XCom进行了安全验证。此外,对所提出的方案进行了非正式的安全分析,并提供了安全证明。我们对车联网生态系统中最新的V2XCom传播方案进行了比较分析,涉及安全特性、通信延迟、计算成本和能源使用。
{"title":"<i>V2XCom:</i> Lightweight and secure message dissemination scheme for Internet of vehicles","authors":"Umesh Bodkhe, Sudeep Tanwar","doi":"10.1002/spy2.352","DOIUrl":"https://doi.org/10.1002/spy2.352","url":null,"abstract":"Abstract Smart cities provide a sustainable transport ecosystem to connect smart vehicles through sensors and networking units. Internet‐of‐vehicles (IoV) is vital in disseminating various messages, including road safety, exact location sharing, road accidents and blocks, collision warning, driver assistance, network congestion, or toll payment among vehicle‐to‐anything (V2X) units. Due to the mission‐critical nature of the IoV ecosystem, it requires reliable, lightweight, and real‐time communication for vehicle‐to‐vehicle (V2V) and V2X units. However, due to the availability of insecure wireless channels, an adversary can perform several security attacks such as replay, password guessing, masquerade, trace, message tampering, Man‐in‐the‐middle attack (MIMA), and plain‐text attacks in an IoV environment which may lead to potential disruptions. Motivated by the aforementioned facts, we propose a V2XCom , a lightweight and secure message dissemination scheme for the IoV network using low‐cost cryptographic SHA‐256, XoR operation, and concatenation. We performed security verification of V2XCom using the Scyther and AVISPA tools. Moreover, security proofs are provided for an informal security analysis of the proposed scheme. We have done a comparative analysis of a V2XCom with recent dissemination schemes in the IoV ecosystem concerning security features, communication latency, computational cost, and energy usage.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135974295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Security and Privacy
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1