Pub Date : 2020-11-01DOI: 10.22042/isecure.2021.271055.613
Aymen M. Al-Kadhimi, Salim A. Mohammed Ali, S. Hasan
This paper involves the design of asymmetrical generalized Chebyshev low-pass filter realized with a suspended substrate stripline. The study presents the synthesis and design of an asymmetrical prototype with a degree of 11, the cut-off frequency of 2.5 GHz, better than 26 dB as passband return loss and a broad stopband rejection of 55 dB. The filter produces 11 transmission zeros (attenuation poles), one at infinity and 5 pairs located at finite frequencies offering better wide stopband attenuation performance as well as sharp selectivity. The filter is built based on suspended stripline structure (SSS) using aluminium as a cavity and with 2mm as a ground spacing. The filter measurements show a reasonable agreement has been achieved with the simulated response.An eleventh-order lowpass filter satisfying generalized Chebyshev response with asymmetrical topology, a wide stopband rejection and high selectivity has been presented. The filter has a total of 11 TZs, one is located at infinity and 5 pairs located at different finite frequencies contributing response improvements in both passband and stopband re- gions
{"title":"Suspended Stripline Low-pass Filter Design for Wide Stopband Attenuation Applications","authors":"Aymen M. Al-Kadhimi, Salim A. Mohammed Ali, S. Hasan","doi":"10.22042/isecure.2021.271055.613","DOIUrl":"https://doi.org/10.22042/isecure.2021.271055.613","url":null,"abstract":"This paper involves the design of asymmetrical generalized Chebyshev low-pass filter realized with a suspended substrate stripline. The study presents the synthesis and design of an asymmetrical prototype with a degree of 11, the cut-off frequency of 2.5 GHz, better than 26 dB as passband return loss and a broad stopband rejection of 55 dB. The filter produces 11 transmission zeros (attenuation poles), one at infinity and 5 pairs located at finite frequencies offering better wide stopband attenuation performance as well as sharp selectivity. The filter is built based on suspended stripline structure (SSS) using aluminium as a cavity and with 2mm as a ground spacing. The filter measurements show a reasonable agreement has been achieved with the simulated response.An eleventh-order lowpass filter satisfying generalized Chebyshev response with asymmetrical topology, a wide stopband rejection and high selectivity has been presented. The filter has a total of 11 TZs, one is located at infinity and 5 pairs located at different finite frequencies contributing response improvements in both passband and stopband re- gions","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128801607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-06DOI: 10.22042/ISECURE.2020.208473.495
Salome James, T. Gowri, P. V. Reddy
In recent years, due to their potential applications, proxy blind signatures became an active research topic and are an extension of the basic proxy signature. A proxy blind signature scheme enables a proxy signer to produce a blind signature on behalf of an original signer. Such schemes are useful in many practical applications such as e-commerce, e-voting, e-tendering systems. Many proxy blind signature schemes have been proposed in the literature. In order to improve the efficiency and to adopt resource constrained devices, in this paper, we propose a pairing free ID-based proxy blind signature scheme with message recovery. The proposed scheme is proven secure against the random oracle model under the hardness assumption of the elliptic curve discrete logarithm problem. We compare our scheme with the other proxy blind signature schemes. The efficiency analysis shows that our scheme is more efficient in terms of computational and communicational point of view. Also due to the message recovery property, our scheme can be deployed easily in low band width devices.
{"title":"An Efficient Pairing-Free Identity Based Proxy Blind Signature Scheme with Message Recovery","authors":"Salome James, T. Gowri, P. V. Reddy","doi":"10.22042/ISECURE.2020.208473.495","DOIUrl":"https://doi.org/10.22042/ISECURE.2020.208473.495","url":null,"abstract":"In recent years, due to their potential applications, proxy blind signatures became an active research topic and are an extension of the basic proxy signature. A proxy blind signature scheme enables a proxy signer to produce a blind signature on behalf of an original signer. Such schemes are useful in many practical applications such as e-commerce, e-voting, e-tendering systems. Many proxy blind signature schemes have been proposed in the literature. In order to improve the efficiency and to adopt resource constrained devices, in this paper, we propose a pairing free ID-based proxy blind signature scheme with message recovery. The proposed scheme is proven secure against the random oracle model under the hardness assumption of the elliptic curve discrete logarithm problem. We compare our scheme with the other proxy blind signature schemes. The efficiency analysis shows that our scheme is more efficient in terms of computational and communicational point of view. Also due to the message recovery property, our scheme can be deployed easily in low band width devices.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129030020","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-08-30DOI: 10.22042/ISECURE.2021.271051.612
Hachem H. Alaoui, El-Kaber Hachem, C. Ziti, Mohammed Karim
Because face can reveal so much hidden information, we need to interpret these data and benefit from them. Hence, our paper shows a new and productive facial image representation based on local sensitive hashing (LSH). This strategy makes it conceivable to recognize the students who pursue their preparation in our learning training; during every session, an image of the learner will be taken by the webcam to be compared to that already stored in the database. As soon as the learner is recognized, he/she must be arranged in the accordion to an appropriate profile that takes into consideration his/her weaknesses and strength, which is conducted with the help of the J48 as a predictive study. Furthermore, we utilize a light processing module on the client device with a compact code in order that we can have a lot of in formation transmission capable to send the component over the network and to have the option to record many photos in an enormous database in the cloud.
{"title":"The Use of Local Sensitive Hashing for E-learner Face Identification","authors":"Hachem H. Alaoui, El-Kaber Hachem, C. Ziti, Mohammed Karim","doi":"10.22042/ISECURE.2021.271051.612","DOIUrl":"https://doi.org/10.22042/ISECURE.2021.271051.612","url":null,"abstract":"Because face can reveal so much hidden information, we need to interpret these data and benefit from them. Hence, our paper shows a new and productive facial image representation based on local sensitive hashing (LSH). This strategy makes it conceivable to recognize the students who pursue their preparation in our learning training; during every session, an image of the learner will be taken by the webcam to be compared to that already stored in the database. As soon as the learner is recognized, he/she must be arranged in the accordion to an appropriate profile that takes into consideration his/her weaknesses and strength, which is conducted with the help of the J48 as a predictive study. Furthermore, we utilize a light processing module on the client device with a compact code in order that we can have a lot of in formation transmission capable to send the component over the network and to have the option to record many photos in an enormous database in the cloud.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129371925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.22042/ISECURE.2020.191916.471
M. Jahanbani, N. Bagheri, Zynolabedin Norouzi
Authenticated encryption schemes are important cryptographic primitives that received extensive attention recently. They can provide both confidentiality and authenticity services, simultaneously. Correlation power analysis (CPA) can be a thread for authenticated ciphers, similar to the any physical implementation of any other cryptographic scheme. In this paper, a three-step CPA attack against COLM, one of the winners of CAESAR, is presented to indicate its vulnerability. To validate this attack, COLM is implemented on the FPGA of the SAKURA-G board. A successful CPA attack with zero value power model is mounted by measuring and collecting 1,800 power traces. In addition, a protected hardware architecture for COLM is proposed to make this design secure against first-order CPA attacks, where a domain-oriented masking (DOM) scheme with two-input/output shares is used to protect it. To verify these countermeasures, we mount first and second-order CPA attacks and a non-specified t-test on the protected COLM. Keywords: Authenticated Cipher, COLM, CPA, DOM, Masking.
{"title":"CPA on COLM Authenticated Cipher and the Protection Using Domain-Oriented Masking","authors":"M. Jahanbani, N. Bagheri, Zynolabedin Norouzi","doi":"10.22042/ISECURE.2020.191916.471","DOIUrl":"https://doi.org/10.22042/ISECURE.2020.191916.471","url":null,"abstract":"Authenticated encryption schemes are important cryptographic primitives that received extensive attention recently. They can provide both confidentiality and authenticity services, simultaneously. Correlation power analysis (CPA) can be a thread for authenticated ciphers, similar to the any physical implementation of any other cryptographic scheme. In this paper, a three-step CPA attack against COLM, one of the winners of CAESAR, is presented to indicate its vulnerability. To validate this attack, COLM is implemented on the FPGA of the SAKURA-G board. A successful CPA attack with zero value power model is mounted by measuring and collecting 1,800 power traces. In addition, a protected hardware architecture for COLM is proposed to make this design secure against first-order CPA attacks, where a domain-oriented masking (DOM) scheme with two-input/output shares is used to protect it. To verify these countermeasures, we mount first and second-order CPA attacks and a non-specified t-test on the protected COLM. Keywords: Authenticated Cipher, COLM, CPA, DOM, Masking.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121049493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.22042/ISECURE.2020.212763.505
A. Zaghian, Bagher Bagherpour
A non-interactive (t,n)-publicly veri able secret sharing scheme (non-interactive (t,n)-PVSS scheme) is a (t,n)-secret sharing scheme in which anyone, not only the participants of the scheme, can verify the correctness of the produced shares without interacting with the dealer and participants. The (t,n)-PVSS schemes have found a lot of applications in cryptography because they are suitable for real-life scenarios in which an external verifier is required to check the correctness of the produced shares without interacting with the dealer and participants. In this paper, we propose a non-interactive (t,n)-PVSS scheme using the non-homogeneous linear recursions (NHLRs), and prove its security with a formal method. We compare the computational complexity of our scheme with that of Schoenmakers's scheme and show that our non-interactive (t,n)-PVSS scheme runs faster than Schoenmakers's scheme when n > 5 and n> t >(2n+9)/n. The communicational complexity of our scheme is almost equal to that of Schoenmakers's scheme.
非交互式(t,n)-可公开验证的秘密共享方案(非交互式(t,n)-PVSS方案)是一种(t,n)-秘密共享方案,其中任何人,不仅是方案的参与者,都可以在不与经销商和参与者交互的情况下验证生成的股份的正确性。(t,n)-PVSS方案在密码学中有很多应用,因为它们适用于需要外部验证者检查产生的股份的正确性而无需与经销商和参与者交互的现实场景。本文利用非齐次线性递推(NHLRs)提出了一种非交互(t,n)-PVSS方案,并用形式化方法证明了其安全性。我们比较了该方案与Schoenmakers方案的计算复杂度,表明当n> 5和n> t >(2n+9)/n时,我们的非交互(t,n)-PVSS方案比Schoenmakers方案运行速度更快。该方案的通信复杂度几乎等于舍恩梅克方案的通信复杂度。
{"title":"A Fast Publicly Verifiable Secret Sharing Scheme using Non-homogeneous Linear Recursions","authors":"A. Zaghian, Bagher Bagherpour","doi":"10.22042/ISECURE.2020.212763.505","DOIUrl":"https://doi.org/10.22042/ISECURE.2020.212763.505","url":null,"abstract":"A non-interactive (t,n)-publicly veri able secret sharing scheme (non-interactive (t,n)-PVSS scheme) is a (t,n)-secret sharing scheme in which anyone, not only the participants of the scheme, can verify the correctness of the produced shares without interacting with the dealer and participants. The (t,n)-PVSS schemes have found a lot of applications in cryptography because they are suitable for real-life scenarios in which an external verifier is required to check the correctness of the produced shares without interacting with the dealer and participants. In this paper, we propose a non-interactive (t,n)-PVSS scheme using the non-homogeneous linear recursions (NHLRs), and prove its security with a formal method. We compare the computational complexity of our scheme with that of Schoenmakers's scheme and show that our non-interactive (t,n)-PVSS scheme runs faster than Schoenmakers's scheme when n > 5 and n> t >(2n+9)/n. The communicational complexity of our scheme is almost equal to that of Schoenmakers's scheme.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132100686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.22042/ISECURE.2020.219248.519
Milad Seddigh, H. Soleimany
In cloud computing, multiple users can share the same physical machine that can potentially leak secret information, in particular when the memory de-duplication is enabled. Flush+Reload attack is a cache-based attack that makes use of resource sharing. T-table implementation of AES is commonly used in the crypto libraries like OpenSSL. Several Flush+Reload attacks on T-table implementation of AES have been proposed in the literature which requires a notable number of encryptions. In this paper, we present a technique to enhance the Flush+Reload attack on AES in the ciphertext-only scenario by significantly reducing the number of needed encryptions in both native and cross-VM setups. In this paper, we focus on finding the wrong key candidates and keep the right key by considering only the cache miss event. Our attack is faster than previous Flush+Reload attacks. In particular, our method can speed-up the Flush+Reload attack in cross-VM environment significantly. To verify the theoretical model, we implemented the proposed attack.
{"title":"Enhanced Flush+Reload Attack on AES","authors":"Milad Seddigh, H. Soleimany","doi":"10.22042/ISECURE.2020.219248.519","DOIUrl":"https://doi.org/10.22042/ISECURE.2020.219248.519","url":null,"abstract":"In cloud computing, multiple users can share the same physical machine that can potentially leak secret information, in particular when the memory de-duplication is enabled. Flush+Reload attack is a cache-based attack that makes use of resource sharing. T-table implementation of AES is commonly used in the crypto libraries like OpenSSL. Several Flush+Reload attacks on T-table implementation of AES have been proposed in the literature which requires a notable number of encryptions. In this paper, we present a technique to enhance the Flush+Reload attack on AES in the ciphertext-only scenario by significantly reducing the number of needed encryptions in both native and cross-VM setups. In this paper, we focus on finding the wrong key candidates and keep the right key by considering only the cache miss event. Our attack is faster than previous Flush+Reload attacks. In particular, our method can speed-up the Flush+Reload attack in cross-VM environment significantly. To verify the theoretical model, we implemented the proposed attack.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131622295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-07-01DOI: 10.22042/ISECURE.2020.167450.453
Mahsa Nooribakhsh, M. Mollamotalebi
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the proposed method attempts to detect it, is the most common type of DDoS attacks. The aim of this paper is to reduce the delay of real-time detection of DDoS attacks utilizing hybrid structures based on data stream algorithms. The proposed data structure (BHM ) improves the data storing mechanism presented in STONE method and consequently reduces the detection time. STONE characterizes regular network traffic of a service by aggregating it into common prefixes of IP addresses, and detecting attacks when the aggregated traffic deviates from the regular one. In BHM, history refers to the output traffic information obtained from each monitoring period to form a reference profile. The reference profile is created by employing historical information and only includes normal traffic information. The delay of DDoS attack detection increases in STONE due to long-time intervals between each monitoring period. The proposed method (F-STONE) has been compared to STONE based on attack detection time, Expected Profile Update Time (EPUT), and rate of attack detection. The evaluation results indicated significant improvements in terms of the EPUT, acceleration of attack detection and reduction of false positive rate.
分布式拒绝服务攻击(Distributed Denial of Service, DDoS)是近年来常见的一种攻击方式,它通过大量发送报文来耗尽受害节点的带宽。根据攻击的流量类型、流量大小以及被攻击对象利用的漏洞,DDoS攻击可以分为容量攻击、协议攻击和应用攻击三种类型。容量攻击是最常见的DDoS攻击类型,本文提出的方法试图检测容量攻击。本文的目的是利用基于数据流算法的混合结构来减少DDoS攻击实时检测的延迟。所提出的数据结构(BHM)改进了STONE方法的数据存储机制,从而缩短了检测时间。STONE通过将业务的正常网络流量聚合成共同的IP地址前缀,并在聚合后的流量偏离正常时检测攻击行为,从而将业务的正常网络流量特征化。在BHM中,历史是指从每个监控周期中获得的输出流量信息,以形成参考配置文件。引用配置文件是利用历史信息创建的,只包含正常的流量信息。在STONE中,由于每个监控周期间隔较长,DDoS攻击检测的延迟会增加。基于攻击检测时间、预期配置文件更新时间(EPUT)和攻击检测率,将本文提出的方法(F-STONE)与STONE进行比较。评价结果表明,该方法在EPUT、攻击检测加速和误报率降低等方面均有显著提高。
{"title":"F-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management","authors":"Mahsa Nooribakhsh, M. Mollamotalebi","doi":"10.22042/ISECURE.2020.167450.453","DOIUrl":"https://doi.org/10.22042/ISECURE.2020.167450.453","url":null,"abstract":"Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the proposed method attempts to detect it, is the most common type of DDoS attacks. The aim of this paper is to reduce the delay of real-time detection of DDoS attacks utilizing hybrid structures based on data stream algorithms. The proposed data structure (BHM ) improves the data storing mechanism presented in STONE method and consequently reduces the detection time. STONE characterizes regular network traffic of a service by aggregating it into common prefixes of IP addresses, and detecting attacks when the aggregated traffic deviates from the regular one. In BHM, history refers to the output traffic information obtained from each monitoring period to form a reference profile. The reference profile is created by employing historical information and only includes normal traffic information. The delay of DDoS attack detection increases in STONE due to long-time intervals between each monitoring period. The proposed method (F-STONE) has been compared to STONE based on attack detection time, Expected Profile Update Time (EPUT), and rate of attack detection. The evaluation results indicated significant improvements in terms of the EPUT, acceleration of attack detection and reduction of false positive rate.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132962181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-31DOI: 10.22042/ISECURE.2020.174338.458
Maryam Zarezadeh, M. Ashouri-Talouki, Mohammad Siavashi
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.
{"title":"Attribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems","authors":"Maryam Zarezadeh, M. Ashouri-Talouki, Mohammad Siavashi","doi":"10.22042/ISECURE.2020.174338.458","DOIUrl":"https://doi.org/10.22042/ISECURE.2020.174338.458","url":null,"abstract":"Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132201203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-01-01DOI: 10.22042/isecure.2020.199009.479
S. Mohammadi, A. Namadchian
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in detecting new attacks. To tackle this problem, various methods of machine learning have been presented in recent years. Since malicious web requests have more delicate distinction than normal requests, these methods have failed to exhibit a good accuracy in new attack detection. This paper presents a new method for web attack detection using seq2seq networks using attention. The results show that this method could predict the possible responses and use the difference from the real responses of the server to model the normal traffic. Thereby, it could use the similarity measure to discriminate between normal and anomalous traffic. The highest accuracy of this method versus similar methods shows that the use of attention mechanism can cope with the challenge of studying long web requests to a great extent.
{"title":"Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism","authors":"S. Mohammadi, A. Namadchian","doi":"10.22042/isecure.2020.199009.479","DOIUrl":"https://doi.org/10.22042/isecure.2020.199009.479","url":null,"abstract":"Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in detecting new attacks. To tackle this problem, various methods of machine learning have been presented in recent years. Since malicious web requests have more delicate distinction than normal requests, these methods have failed to exhibit a good accuracy in new attack detection. This paper presents a new method for web attack detection using seq2seq networks using attention. The results show that this method could predict the possible responses and use the difference from the real responses of the server to model the normal traffic. Thereby, it could use the similarity measure to discriminate between normal and anomalous traffic. The highest accuracy of this method versus similar methods shows that the use of attention mechanism can cope with the challenge of studying long web requests to a great extent.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128937860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-08-01DOI: 10.22042/ISECURE.2019.11.0.5
R. Flifel
Wireless networks, Internet of Things (IoT), Internet of Everything (IoE), and smart homes have become extremely important terms in our present-day life. Most of the buildings, companies, institutions, and even homes depend onthese technologies for interaction, communication, automation, and everything surrounding humans. To understand the advanced topics in wireless networks and IoT devices, it is necessary to use one of the practical learning tools, calledPacket Tracer. This wireless network simulator is freely available by Cisco Networking Academy. In this paper, we will use Packet Tracer to design a smart home based on wireless and IoT devices and illustrate how to create different networking scenarios to make our homes more comfortable and convenient.
{"title":"The Role of Packet Tracer in Learning Wireless Networks and Managing IoT Devices","authors":"R. Flifel","doi":"10.22042/ISECURE.2019.11.0.5","DOIUrl":"https://doi.org/10.22042/ISECURE.2019.11.0.5","url":null,"abstract":"Wireless networks, Internet of Things (IoT), Internet of Everything (IoE), and smart homes have become extremely important terms in our present-day life. Most of the buildings, companies, institutions, and even homes depend onthese technologies for interaction, communication, automation, and everything surrounding humans. To understand the advanced topics in wireless networks and IoT devices, it is necessary to use one of the practical learning tools, calledPacket Tracer. This wireless network simulator is freely available by Cisco Networking Academy. In this paper, we will use Packet Tracer to design a smart home based on wireless and IoT devices and illustrate how to create different networking scenarios to make our homes more comfortable and convenient.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134176447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: