Pub Date : 2019-01-10DOI: 10.4108/eai.10-1-2019.156246
Nawaf Alhebaishi, Lingyu Wang, A. Singhal
Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its fexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only beneft the cloud provider but also embed more confdence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.
{"title":"Threat Modeling for Cloud Infrastructures","authors":"Nawaf Alhebaishi, Lingyu Wang, A. Singhal","doi":"10.4108/eai.10-1-2019.156246","DOIUrl":"https://doi.org/10.4108/eai.10-1-2019.156246","url":null,"abstract":"Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its fexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. In this paper, we conduct comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack trees and attack graphs, respectively. Those threat modeling efforts may provide cloud providers useful lessons toward better understanding and improving the security of their cloud infrastructures. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only beneft the cloud provider but also embed more confdence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133931671","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-12-11DOI: 10.4108/eai.11-12-2018.156032
W. Qu, Wei Huo, Lingyu Wang
Web-based applications delivered using clouds are becoming increasingly popular due to less demand of client-side resources and easier maintenance than desktop counterparts. At the same time, larger attack surfaces and developers’ lack of security proficiency or awareness leave Web applications particularly vulnerable to security attacks. On the other hand, diversity has long been considered as a viable approach to detecting security attacks since functionally similar but internally di ff erent variants of an application will likely respond to the same attack in di ff erent ways. However, most diversity-by-design approaches have met di ffi culties in practice due to the prohibitive cost in terms of both development and maintenance. In this work, we propose to employ opportunistic diversity inherent to Web applications and their database backends to detect injection attacks. We first conduct a case study of common vulnerabilities to confirm the potential of opportunistic diversity for detecting potential attacks. We then devise a multi-stage approach to examine features extracted from the database queries, their e ff ect on the database, the query results, as well as the user-end results. Next, we combine the partial results obtained from di ff erent stages using a learning-based approach to further improve the detection accuracy. Finally, we evaluate our approach using a real world Web application.
{"title":"Opportunistic Diversity-Based Detection of Injection Attacks in Web Applications","authors":"W. Qu, Wei Huo, Lingyu Wang","doi":"10.4108/eai.11-12-2018.156032","DOIUrl":"https://doi.org/10.4108/eai.11-12-2018.156032","url":null,"abstract":"Web-based applications delivered using clouds are becoming increasingly popular due to less demand of client-side resources and easier maintenance than desktop counterparts. At the same time, larger attack surfaces and developers’ lack of security proficiency or awareness leave Web applications particularly vulnerable to security attacks. On the other hand, diversity has long been considered as a viable approach to detecting security attacks since functionally similar but internally di ff erent variants of an application will likely respond to the same attack in di ff erent ways. However, most diversity-by-design approaches have met di ffi culties in practice due to the prohibitive cost in terms of both development and maintenance. In this work, we propose to employ opportunistic diversity inherent to Web applications and their database backends to detect injection attacks. We first conduct a case study of common vulnerabilities to confirm the potential of opportunistic diversity for detecting potential attacks. We then devise a multi-stage approach to examine features extracted from the database queries, their e ff ect on the database, the query results, as well as the user-end results. Next, we combine the partial results obtained from di ff erent stages using a learning-based approach to further improve the detection accuracy. Finally, we evaluate our approach using a real world Web application.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134279526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-12-11DOI: 10.4108/eai.13-7-2018.156002
Aziz Mohaisen, Omar Alrawi, Jeman Park, Joongheon Kim, Daehun Nyang, Manar Mohaisen
Using runtime execution artifacts to identify malware and its associated family is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form, only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.
{"title":"Network-based Analysis and Classification of Malware using Behavioral Artifacts Ordering","authors":"Aziz Mohaisen, Omar Alrawi, Jeman Park, Joongheon Kim, Daehun Nyang, Manar Mohaisen","doi":"10.4108/eai.13-7-2018.156002","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.156002","url":null,"abstract":"Using runtime execution artifacts to identify malware and its associated family is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form, only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121209236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-12-11DOI: 10.4108/eai.13-7-2018.156004
Tiago Antônio Rizzetti, B. Silva, A. Rodrigues, R. Milbradt, L. Canha
In the Smart Grids context, all communications must be handled in a secure way, including multicast traffic. The Application Layer Multicast (ALM) algorithms provide better flexibility and can employ security mechanisms, however, causes overhead to all nodes to build the multicast tree. In this work is proposed another approach to provide a secure multicast focusing on filtering packets on nodes without need an overlay protocol. It uses the multihop property of Wireless Mesh Networks (WMN) usually employed to bring connectivity to smart meters. Also, there is the support to message authentication code (MAC) using symmetric cryptography and presents an algorithm to provide a secure key distribution system. The results show that this approach is lightweight, secure, and assures multicast message delivery, even on failures caused by attacks on the key distribution system. The key management protocol used to provide authentication and integrity are evaluated using an automated test tool. Received on 08 September 2018, accepted on 27 November 2018, published on 03 December 2018
{"title":"A secure and lightweight multicast communication system for Smart Grids","authors":"Tiago Antônio Rizzetti, B. Silva, A. Rodrigues, R. Milbradt, L. Canha","doi":"10.4108/eai.13-7-2018.156004","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.156004","url":null,"abstract":"In the Smart Grids context, all communications must be handled in a secure way, including multicast traffic. The Application Layer Multicast (ALM) algorithms provide better flexibility and can employ security mechanisms, however, causes overhead to all nodes to build the multicast tree. In this work is proposed another approach to provide a secure multicast focusing on filtering packets on nodes without need an overlay protocol. It uses the multihop property of Wireless Mesh Networks (WMN) usually employed to bring connectivity to smart meters. Also, there is the support to message authentication code (MAC) using symmetric cryptography and presents an algorithm to provide a secure key distribution system. The results show that this approach is lightweight, secure, and assures multicast message delivery, even on failures caused by attacks on the key distribution system. The key management protocol used to provide authentication and integrity are evaluated using an automated test tool. Received on 08 September 2018, accepted on 27 November 2018, published on 03 December 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115316453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-12-03DOI: 10.4108/eai.13-7-2018.156003
Maryem Ait El Hadj, A. Khoumsi, Yahya Benkaouz, M. Erradi
In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Using Attribute-Based Access Control (ABAC) model to ensure access control might become complex and hard to manage. Moreover, ABAC policies may be aggregated from multiple parties. Therefore, they may contain several anomalies such as conflicts and redundancies, resulting in safety and availability problems. Several policy analysis and design methods have been proposed. However, most of these methods do not preserve the original policy semantics. In this paper, we present an ABAC anomaly detection and resolution method based on the access domain concept, while preserving the policy semantics. To make the suggested method scalable for large policies, we decompose the policy into clusters of rules, then the method is applied to each cluster. We prove correctness of the method and evaluate its computational complexity. Experimental results are given and discussed. Received on 11 October 2018; accepted on 16 November 2018; published on 03 December 2018
{"title":"Formal Approach to Detect and Resolve Anomalies while Clustering ABAC Policies","authors":"Maryem Ait El Hadj, A. Khoumsi, Yahya Benkaouz, M. Erradi","doi":"10.4108/eai.13-7-2018.156003","DOIUrl":"https://doi.org/10.4108/eai.13-7-2018.156003","url":null,"abstract":"In big data environments with big number of users and high volume of data, we need to manage the corresponding huge number of security policies. Using Attribute-Based Access Control (ABAC) model to ensure access control might become complex and hard to manage. Moreover, ABAC policies may be aggregated from multiple parties. Therefore, they may contain several anomalies such as conflicts and redundancies, resulting in safety and availability problems. Several policy analysis and design methods have been proposed. However, most of these methods do not preserve the original policy semantics. In this paper, we present an ABAC anomaly detection and resolution method based on the access domain concept, while preserving the policy semantics. To make the suggested method scalable for large policies, we decompose the policy into clusters of rules, then the method is applied to each cluster. We prove correctness of the method and evaluate its computational complexity. Experimental results are given and discussed. Received on 11 October 2018; accepted on 16 November 2018; published on 03 December 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122879734","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-10-17DOI: 10.4108/eai.15-10-2018.155856
L. Maglaras, M. Ferrag, A. Derhab, M. Mukherjee, H. Janicke, Stylianos Rallis
As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping
{"title":"Threats, Countermeasures and Attribution of Cyber Attacks on Critical Infrastructures","authors":"L. Maglaras, M. Ferrag, A. Derhab, M. Mukherjee, H. Janicke, Stylianos Rallis","doi":"10.4108/eai.15-10-2018.155856","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155856","url":null,"abstract":"As Critical National Infrastructures are becoming more vulnerable to cyber attacks, their protection becomes a significant issue for any organization as well as a nation. Moreover, the ability to attribute is a vital element of avoiding impunity in cyberspace. In this article, we present main threats to critical infrastructures along with protective measures that one nation can take, and which are classified according to legal, technical, organizational, capacity building, and cooperation aspects. Finally we provide an overview of current methods and practices regarding cyber attribution and cyber peace keeping","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122464872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-10-15DOI: 10.4108/eai.15-10-2018.155738
N. Rjaibi, Latifa Ben Arfa Rabai
A new predictive functional level security risk management model is proposed in order to quantify the security level perception and the level of risk involved. It helps in defining the assets, measuring economically the risk, managing the risk toward decisions making. It is out of implementation and based on a functional level architecture. The paper defines a simple predictive model, it relies on a few number of inputs which form the system’s security specifications and provides one output which is the average loss per unit of time ($/H) incurred by a stakeholder as a result of security threats. The obtained values represent how stakeholders perceived economically security risks and predict how it will change over time to implement in advance the needed security strategies. Our model is useful in any security context. We report it in practice originally to the level of e-Learning systems for current architectures because they lack a common measurable value and evidence of cyber security. Our model assists security experts from the early phases of system’s development to implement future safe and secure platforms.
{"title":"How Stakeholders Perceived Security Risks? A New Predictive Functional Level Model and its Application to E-Learning","authors":"N. Rjaibi, Latifa Ben Arfa Rabai","doi":"10.4108/eai.15-10-2018.155738","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155738","url":null,"abstract":"A new predictive functional level security risk management model is proposed in order to quantify the security level perception and the level of risk involved. It helps in defining the assets, measuring economically the risk, managing the risk toward decisions making. It is out of implementation and based on a functional level architecture. The paper defines a simple predictive model, it relies on a few number of inputs which form the system’s security specifications and provides one output which is the average loss per unit of time ($/H) incurred by a stakeholder as a result of security threats. The obtained values represent how stakeholders perceived economically security risks and predict how it will change over time to implement in advance the needed security strategies. Our model is useful in any security context. We report it in practice originally to the level of e-Learning systems for current architectures because they lack a common measurable value and evidence of cyber security. Our model assists security experts from the early phases of system’s development to implement future safe and secure platforms.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"283 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116091990","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-10-15DOI: 10.4108/eai.15-10-2018.155739
V. Kamalakannan, S. Tamilselvan
Today’s developing era data and information security plays an important role in unsecured communication between Internet of Things (IoT) elements. In IoT, data are transmitted in plaintext for many reasons. One of the most common reason is the availability of hardware. Many IoT products are inexpensive components with limited memory and computational resources. Such devices might be unable to support the computationally intense cryptographic functions of asymmetrical cryptography. If designers considered the privacy implications of unencrypted data, they have limited options for encryption because of the hardware platform. Therefore the designers have to create their own security protocols or implement stripped-down versions of existing security protocols. The second option has a better chances. Evidence recommends such a modified protocol would run efficiently on small devices. Elliptic Curve Cryptography (ECC) is used to ensure complete protection against the security risks such as confidentiality, integrity, privacy and authentication by implementing an Elliptic Curve Cryptoprocessor. The work focuses on high-performance Elliptic Curve Cryptoprocessor design, optimized for Field Programmable Gate Array (FPGA) implementation, using the concept of asymmetric and hash algorithms. A novel cryptographic algorithm consisting of matrix mapping methodology and hidden generator point theory is to be applied for encryption/decryption between the sender and receiver whereas Elliptic Curve Digital Signature Algorithm (ECDSA) designed using Keccak Secured Hash Algorithm (SHA) algorithm is applied for the validation of the encrypted data. The proposed Cryptoprocessor operates at a minimum period of 6.980 ns and maximum frequency of 143.276 MHz. This work focuses on the practicability of public key cryptography implementation for devices connected in the perceptual layer of IoT.
{"title":"FPGA Implementation of Elliptic Curve Cryptoprocessor for Perceptual Layer of the Internet of Things","authors":"V. Kamalakannan, S. Tamilselvan","doi":"10.4108/eai.15-10-2018.155739","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155739","url":null,"abstract":"Today’s developing era data and information security plays an important role in unsecured communication between Internet of Things (IoT) elements. In IoT, data are transmitted in plaintext for many reasons. One of the most common reason is the availability of hardware. Many IoT products are inexpensive components with limited memory and computational resources. Such devices might be unable to support the computationally intense cryptographic functions of asymmetrical cryptography. If designers considered the privacy implications of unencrypted data, they have limited options for encryption because of the hardware platform. Therefore the designers have to create their own security protocols or implement stripped-down versions of existing security protocols. The second option has a better chances. Evidence recommends such a modified protocol would run efficiently on small devices. Elliptic Curve Cryptography (ECC) is used to ensure complete protection against the security risks such as confidentiality, integrity, privacy and authentication by implementing an Elliptic Curve Cryptoprocessor. The work focuses on high-performance Elliptic Curve Cryptoprocessor design, optimized for Field Programmable Gate Array (FPGA) implementation, using the concept of asymmetric and hash algorithms. A novel cryptographic algorithm consisting of matrix mapping methodology and hidden generator point theory is to be applied for encryption/decryption between the sender and receiver whereas Elliptic Curve Digital Signature Algorithm (ECDSA) designed using Keccak Secured Hash Algorithm (SHA) algorithm is applied for the validation of the encrypted data. The proposed Cryptoprocessor operates at a minimum period of 6.980 ns and maximum frequency of 143.276 MHz. This work focuses on the practicability of public key cryptography implementation for devices connected in the perceptual layer of IoT.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127851794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Encryption is the most important method to enhance security of network transmitting. SDN (Software Defined Networking) Security Transmission Service can provide multi-connection transmitting service, which scatters data to multiple network connections for transmission so that data on different connections is isolated from each other. Based on the service, encrypting the isolated data prevents overall data from intercepted and deciphered. In the above scenario, we propose an encryption algorithm that uses the data themselves as encryption keys, and use the data isolation effect of multi-connection transmission to distribute the encrypted ciphertext to different network transmission paths, which is equivalent to using a rather random sequence as an encryption key for each data fragment without sharp increase in transmitting data, so that data transmitted on every connection are ensured to be safe. After compared with other encryption algorithms such as DES, AES and RSA, it is proved that in the multi-connection transmitting scenario this algorithm has better encryption effect and operating efficiency, which provides an effective guarantee for network security.
加密是提高网络传输安全性的重要手段。SDN (Software Defined Networking)安全传输服务可以提供多连接传输服务,将数据分散到多个网络连接进行传输,使不同连接上的数据相互隔离。根据服务的不同,对隔离的数据进行加密可以防止整体数据被拦截和解密。在上述场景中,我们提出了一种以数据本身作为加密密钥的加密算法,利用多连接传输的数据隔离效应,将加密后的密文分发到不同的网络传输路径上,相当于在传输数据量没有急剧增加的情况下,对每个数据片段使用一个相当随机的序列作为加密密钥,从而保证在每个连接上传输的数据是安全的。通过与DES、AES、RSA等其他加密算法的比较,证明了该算法在多连接传输场景下具有更好的加密效果和运行效率,为网络安全提供了有效的保障。
{"title":"A Multi-connection Encryption Algorithm Applied in Secure Channel Service System","authors":"Fanhao Meng, Rongheng Lin, Zhuoran Wang, Hua Zou, Shiqi Zhou","doi":"10.4108/eai.15-5-2018.155167","DOIUrl":"https://doi.org/10.4108/eai.15-5-2018.155167","url":null,"abstract":"Encryption is the most important method to enhance security of network transmitting. SDN (Software Defined Networking) Security Transmission Service can provide multi-connection transmitting service, which scatters data to multiple network connections for transmission so that data on different connections is isolated from each other. Based on the service, encrypting the isolated data prevents overall data from intercepted and deciphered. In the above scenario, we propose an encryption algorithm that uses the data themselves as encryption keys, and use the data isolation effect of multi-connection transmission to distribute the encrypted ciphertext to different network transmission paths, which is equivalent to using a rather random sequence as an encryption key for each data fragment without sharp increase in transmitting data, so that data transmitted on every connection are ensured to be safe. After compared with other encryption algorithms such as DES, AES and RSA, it is proved that in the multi-connection transmitting scenario this algorithm has better encryption effect and operating efficiency, which provides an effective guarantee for network security.","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132735283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-10-15DOI: 10.4108/eai.15-10-2018.155740
Tim Niklas Witte
Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results. Received on 02 July 2018; accepted on 09 October 2018; published on 15 October 2018
{"title":"Mouse Underlaying: Global Key and Mouse Listener Based on an Almost Invisible Window with Local Listeners and Sophisticated Focus","authors":"Tim Niklas Witte","doi":"10.4108/eai.15-10-2018.155740","DOIUrl":"https://doi.org/10.4108/eai.15-10-2018.155740","url":null,"abstract":"Keyloggers are serious threats for computer users both private and commercial. If an attacker is capable of installing this malware on the victim’s machine then he or she is able to monitor keystrokes of a user. This keylog contains login information. As a consequence, protection and detection techniques against keyloggers become increasingly better. This article presents the method of Mouse Underlaying for creating a new kind of software based keyloggers. This method is implemented in Java for testing countermeasures concerning keylogger protection, virtual keyboard, signatures and behavior detection by anti-virus programs. Products of various manufacturers are used for demonstration purposes. All of them failed without an exception. In addition, the reasons why these products failed are analyzed, and moreover, measures against Mouse Underlaying are developed based on the demonstration results. Received on 02 July 2018; accepted on 09 October 2018; published on 15 October 2018","PeriodicalId":335727,"journal":{"name":"EAI Endorsed Trans. Security Safety","volume":"5 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123729831","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: