Symbolic protocol verification generally abstracts probabilities away, considering computations that succeed only with negligible probability, such as guessing random numbers or breaking an encryption scheme, as impossible. This abstraction, sometimes referred to as the perfect cryptography assumption, has shown very useful as it simplifies automation of the analysis. However, probabilities may also appear in the control flow where they are generally not negligible. In this paper we consider a framework for symbolic protocol analysis with a probabilistic choice operator: the probabilistic applied π-calculus. We define and explore the relationships between several behavioral equivalences. In particular we show the need for randomized schedulers and exhibit a counter-example to a result in a previous work that relied on non-randomized ones. As in other frameworks that mix both non-deterministic and probabilistic choices, schedulers may sometimes be unrealistically powerful. We therefore consider two subclasses of processes that avoid this problem. In particular, when considering purely non-deterministic protocols, as is done in classical symbolic verification, we show that a probabilistic adversary has – maybe surprisingly – a strictly superior distinguishing power for may testing, which, when the number of sessions is bounded, we show to coincide with purely possibilistic similarity.
{"title":"Symbolic protocol verification with dice1","authors":"Vincent Cheval, Raphaëlle Crubillé, Steve Kremer","doi":"10.3233/jcs-230037","DOIUrl":"https://doi.org/10.3233/jcs-230037","url":null,"abstract":"Symbolic protocol verification generally abstracts probabilities away, considering computations that succeed only with negligible probability, such as guessing random numbers or breaking an encryption scheme, as impossible. This abstraction, sometimes referred to as the perfect cryptography assumption, has shown very useful as it simplifies automation of the analysis. However, probabilities may also appear in the control flow where they are generally not negligible. In this paper we consider a framework for symbolic protocol analysis with a probabilistic choice operator: the probabilistic applied π-calculus. We define and explore the relationships between several behavioral equivalences. In particular we show the need for randomized schedulers and exhibit a counter-example to a result in a previous work that relied on non-randomized ones. As in other frameworks that mix both non-deterministic and probabilistic choices, schedulers may sometimes be unrealistically powerful. We therefore consider two subclasses of processes that avoid this problem. In particular, when considering purely non-deterministic protocols, as is done in classical symbolic verification, we show that a probabilistic adversary has – maybe surprisingly – a strictly superior distinguishing power for may testing, which, when the number of sessions is bounded, we show to coincide with purely possibilistic similarity.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135805040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
I. Obiri, Abigail Akosua Addobea, Eric Affum, Jacob Ankamah, Albert Kofi Kwansah Ansah
Precision agriculture (PA) involves collecting, processing, and analyzing datasets in agriculture for an informed decision. Due to the high data storage and application maintenance costs, farmers usually outsource their agricultural data obtained from PA to cloud service providers to leverage cloud services. Nonetheless, serious security concerns arise from using cloud services for farmers. For instance, an attacker can intercept agricultural data and run comprehensive statistical analyses to adjudicate farmers’ financial status, extort money, commit identity theft, etc. As a result, compelling data security schemes have become crucial for secure precision farming, where only legitimate users are required to access the agricultural data outsourced to the cloud. This article presents a certificateless signcryption scheme with proxy re-encryption (CLS-PRE) for secure access control in PA. An in-depth security analysis proves that the CLS-PRE scheme is secure in the Random Oracle Model. Detailed performance evaluation also shows that the scheme can reduce the time required to signcrypt and unsigncrypt messages and lower communication overhead.
{"title":"A certificateless signcryption with proxy-encryption for securing agricultural data in the cloud","authors":"I. Obiri, Abigail Akosua Addobea, Eric Affum, Jacob Ankamah, Albert Kofi Kwansah Ansah","doi":"10.3233/jcs-220107","DOIUrl":"https://doi.org/10.3233/jcs-220107","url":null,"abstract":"Precision agriculture (PA) involves collecting, processing, and analyzing datasets in agriculture for an informed decision. Due to the high data storage and application maintenance costs, farmers usually outsource their agricultural data obtained from PA to cloud service providers to leverage cloud services. Nonetheless, serious security concerns arise from using cloud services for farmers. For instance, an attacker can intercept agricultural data and run comprehensive statistical analyses to adjudicate farmers’ financial status, extort money, commit identity theft, etc. As a result, compelling data security schemes have become crucial for secure precision farming, where only legitimate users are required to access the agricultural data outsourced to the cloud. This article presents a certificateless signcryption scheme with proxy re-encryption (CLS-PRE) for secure access control in PA. An in-depth security analysis proves that the CLS-PRE scheme is secure in the Random Oracle Model. Detailed performance evaluation also shows that the scheme can reduce the time required to signcrypt and unsigncrypt messages and lower communication overhead.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74504717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In text-based authentication, the passwords along with user names are maintained in the Authentication Data Table (ADT). It is necessary to preserve the privacy of passwords in ADT to avoid offline attacks like brute force attacks, lookup table attacks, etc. In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. In EIP, the input passwords are first converted to hashed passwords and then transformed into images. Next, these image passwords are encrypted using a novel image password encryption system using chaos functions and confusion-diffusion mechanisms. In D-ADT, the hashed passwords are encrypted using a random key. The major highlight of this scheme is that during every log, the hashed password is encrypted with a new random key while keeping the plain password same as it is. So, during each login of the user, the old encrypted password is replaced with a new encrypted password in the authentication data table. The EEIP scheme combines both approaches. Passwords are converted to images and image passwords are encrypted with the new random key at every login. Performance and security analysis are carried out for the proposed algorithm concerning correlation analysis, differential analysis, entropy analysis, computation time, keyspace, and offline attack analysis.
在基于文本的身份验证中,密码和用户名都保存在身份验证数据表(authentication Data Table, ADT)中。ADT中有必要保护密码的隐私性,以避免暴力破解攻击、查找表攻击等离线攻击。本文提出了加密图像密码(EIP)、动态认证数据表(D-ADT)和扩展加密图像密码(EEIP)三种密码保护方案,用于安全认证。在EIP中,首先将输入密码转换为散列密码,然后将其转换为图像。接下来,使用使用混沌函数和混淆扩散机制的新型图像密码加密系统对这些图像密码进行加密。在D-ADT中,散列密码使用随机密钥进行加密。该方案的主要亮点是,在每次日志期间,散列密码都使用新的随机密钥进行加密,同时保持普通密码不变。因此,在用户每次登录期间,身份验证数据表中的旧加密密码将被替换为新的加密密码。EEIP方案结合了这两种方法。密码被转换为图像,图像密码在每次登录时都用新的随机密钥加密。从相关分析、差分分析、熵分析、计算时间、键空间和离线攻击分析等方面对所提出的算法进行了性能和安全性分析。
{"title":"Secure authentication protocols to resist off-line attacks on authentication data table","authors":"Vinod Ramesh Falmari, B. M.","doi":"10.3233/jcs-210171","DOIUrl":"https://doi.org/10.3233/jcs-210171","url":null,"abstract":"In text-based authentication, the passwords along with user names are maintained in the Authentication Data Table (ADT). It is necessary to preserve the privacy of passwords in ADT to avoid offline attacks like brute force attacks, lookup table attacks, etc. In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. In EIP, the input passwords are first converted to hashed passwords and then transformed into images. Next, these image passwords are encrypted using a novel image password encryption system using chaos functions and confusion-diffusion mechanisms. In D-ADT, the hashed passwords are encrypted using a random key. The major highlight of this scheme is that during every log, the hashed password is encrypted with a new random key while keeping the plain password same as it is. So, during each login of the user, the old encrypted password is replaced with a new encrypted password in the authentication data table. The EEIP scheme combines both approaches. Passwords are converted to images and image passwords are encrypted with the new random key at every login. Performance and security analysis are carried out for the proposed algorithm concerning correlation analysis, differential analysis, entropy analysis, computation time, keyspace, and offline attack analysis.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79432754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Online reviews, which play a key role in the ecosystem of nowadays business, have been the primary source of consumer opinions. Due to their importance, professional review writing services are employed for paid reviews and even being exploited to conduct opinion spam. Posting deceptive reviews could mislead customers, yield significant benefits or losses to service vendors, and erode confidence in the entire online purchasing ecosystem. In this paper, we ferret out deceptive reviews originated from professional review writing services. We do so even when reviewers leverage a number of pseudonymous identities to avoid the detection. To unveil the pseudonymous identities associated with deceptive reviewers, we leverage the multiview clustering method. This enables us to characterize the writing style of reviewers (deceptive vs normal) and cluster the reviewers based on their writing style. Furthermore, we explore different neural network models to model the writing style of deceptive reviews. We select the best performing neural network to generate the representation of reviews. We validate the effectiveness of the multiview clustering framework using real-world Amazon review data under different experimental scenarios. Our results show that our approach outperforms previous research. We further demonstrate its superiority through a large-scale case study based on publicly available Amazon datasets.
{"title":"A multiview clustering framework for detecting deceptive reviews","authors":"Yubao Zhang, Haining Wang, A. Stavrou","doi":"10.3233/jcs-220001","DOIUrl":"https://doi.org/10.3233/jcs-220001","url":null,"abstract":"Online reviews, which play a key role in the ecosystem of nowadays business, have been the primary source of consumer opinions. Due to their importance, professional review writing services are employed for paid reviews and even being exploited to conduct opinion spam. Posting deceptive reviews could mislead customers, yield significant benefits or losses to service vendors, and erode confidence in the entire online purchasing ecosystem. In this paper, we ferret out deceptive reviews originated from professional review writing services. We do so even when reviewers leverage a number of pseudonymous identities to avoid the detection. To unveil the pseudonymous identities associated with deceptive reviewers, we leverage the multiview clustering method. This enables us to characterize the writing style of reviewers (deceptive vs normal) and cluster the reviewers based on their writing style. Furthermore, we explore different neural network models to model the writing style of deceptive reviews. We select the best performing neural network to generate the representation of reviews. We validate the effectiveness of the multiview clustering framework using real-world Amazon review data under different experimental scenarios. Our results show that our approach outperforms previous research. We further demonstrate its superiority through a large-scale case study based on publicly available Amazon datasets.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77597931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Increasing interest and advancement of internet and communication technologies have made network security rise as a vibrant research domain. Network intrusion detection systems (NIDSs) have developed as indispensable defense mechanisms in cybersecurity that are employed in discovery and prevention of malicious network activities. In the recent years, researchers have proposed deep learning approaches in the development of NIDSs owing to their ability to extract better representations from large corpus of data. In the literature, convolutional neural network architecture is extensively used for spatial feature learning, while the long short term memory networks are employed to learn temporal features. In this paper, a novel hybrid method that learn the discriminative spatial and temporal features from the network flow is proposed for detecting network intrusions. A two dimensional convolution neural network is proposed to intelligently extract the spatial characteristics whereas a bi-directional long short term memory is used to extract temporal features of network traffic data samples consequently, forming a deep hybrid neural network architecture for identification and classification of network intrusion samples. Extensive experimental evaluations were performed on two well-known benchmarks datasets: CIC-IDS 2017 and the NSL-KDD datasets. The proposed network model demonstrated state-of-the-art performance with experimental results showing that the accuracy and precision scores of the intrusion detection model are significantly better than those of other existing models. These results depicts the applicability of the proposed model in the spatial-temporal feature learning in network intrusion detection systems.
{"title":"Discriminative spatial-temporal feature learning for modeling network intrusion detection systems","authors":"S. Wanjau, G. Wambugu, A. Oirere, G. M. Muketha","doi":"10.3233/jcs-220031","DOIUrl":"https://doi.org/10.3233/jcs-220031","url":null,"abstract":"Increasing interest and advancement of internet and communication technologies have made network security rise as a vibrant research domain. Network intrusion detection systems (NIDSs) have developed as indispensable defense mechanisms in cybersecurity that are employed in discovery and prevention of malicious network activities. In the recent years, researchers have proposed deep learning approaches in the development of NIDSs owing to their ability to extract better representations from large corpus of data. In the literature, convolutional neural network architecture is extensively used for spatial feature learning, while the long short term memory networks are employed to learn temporal features. In this paper, a novel hybrid method that learn the discriminative spatial and temporal features from the network flow is proposed for detecting network intrusions. A two dimensional convolution neural network is proposed to intelligently extract the spatial characteristics whereas a bi-directional long short term memory is used to extract temporal features of network traffic data samples consequently, forming a deep hybrid neural network architecture for identification and classification of network intrusion samples. Extensive experimental evaluations were performed on two well-known benchmarks datasets: CIC-IDS 2017 and the NSL-KDD datasets. The proposed network model demonstrated state-of-the-art performance with experimental results showing that the accuracy and precision scores of the intrusion detection model are significantly better than those of other existing models. These results depicts the applicability of the proposed model in the spatial-temporal feature learning in network intrusion detection systems.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81408505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Smart buildings are socio-technical systems that bring together building systems, IoT technology and occupants. A multitude of embedded sensors continually collect and share building data on a large scale which is used to understand and streamline daily operations. Much of this data is highly influenced by the presence of building occupants and could be used to monitor and track their location and activities. The combination of open accessibility to smart building data and the rapid development and enforcement of data protection legislation such as the GDPR and CCPA make the privacy of smart building occupants a concern. Until now, little if any research exists on occupant privacy in work-based or commercial smart buildings. This paper addresses this gap by conducting two user studies ( N = 81 and N = 40) on privacy concerns and preferences about smart buildings. The first study explores the perception of the occupants of a state-of-the-art commercial smart building, and the latter reflects on the concerns and preferences of a more general user group who do not use this building. Our results show that the majority of the participants are not familiar with the types of data being collected, that it is subtly related to them (only 19.75% of smart building residents (occupants) and 7.5% non-residents), nor the privacy risks associated with it. After being informed more about smart buildings and the data they collect, over half of our participants said that they would be concerned with how occupancy data is used. These findings show that despite the more public environment, there are similar levels of privacy concerns for some sensors to those living in smart homes. The participants called for more transparency in the data collection process and beyond, which means that better policies and regulations should be in place for smart building data.
{"title":"User Privacy Concerns in Commercial Smart Buildings1","authors":"Scott Harper, M. Mehrnezhad, John C. Mace","doi":"10.3233/jcs-210035","DOIUrl":"https://doi.org/10.3233/jcs-210035","url":null,"abstract":"Smart buildings are socio-technical systems that bring together building systems, IoT technology and occupants. A multitude of embedded sensors continually collect and share building data on a large scale which is used to understand and streamline daily operations. Much of this data is highly influenced by the presence of building occupants and could be used to monitor and track their location and activities. The combination of open accessibility to smart building data and the rapid development and enforcement of data protection legislation such as the GDPR and CCPA make the privacy of smart building occupants a concern. Until now, little if any research exists on occupant privacy in work-based or commercial smart buildings. This paper addresses this gap by conducting two user studies ( N = 81 and N = 40) on privacy concerns and preferences about smart buildings. The first study explores the perception of the occupants of a state-of-the-art commercial smart building, and the latter reflects on the concerns and preferences of a more general user group who do not use this building. Our results show that the majority of the participants are not familiar with the types of data being collected, that it is subtly related to them (only 19.75% of smart building residents (occupants) and 7.5% non-residents), nor the privacy risks associated with it. After being informed more about smart buildings and the data they collect, over half of our participants said that they would be concerned with how occupancy data is used. These findings show that despite the more public environment, there are similar levels of privacy concerns for some sensors to those living in smart homes. The participants called for more transparency in the data collection process and beyond, which means that better policies and regulations should be in place for smart building data.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2022-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72766267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jin-Myong Lee, Suyeon Kim, Ji H Baek, Jae-Sik Yang, J. Lim, Hyejin Jang
{"title":"A Study on the Types of Using Digital Services by Elderly Consumers: Focused on Internet Users","authors":"Jin-Myong Lee, Suyeon Kim, Ji H Baek, Jae-Sik Yang, J. Lim, Hyejin Jang","doi":"10.35736/JCS.32.2.2","DOIUrl":"https://doi.org/10.35736/JCS.32.2.2","url":null,"abstract":"","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2021-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85258301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The Role of Trust in C2C Platforms","authors":"B. Lee","doi":"10.35736/JCS.32.2.4","DOIUrl":"https://doi.org/10.35736/JCS.32.2.4","url":null,"abstract":"","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2021-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73783165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Study on the Types of Consumer Information Activity: Focused on Food Delivery Service App Reviews","authors":"S. Kim, Hye-Gyoung Koo","doi":"10.35736/JCS.32.2.5","DOIUrl":"https://doi.org/10.35736/JCS.32.2.5","url":null,"abstract":"","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2021-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85570699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A Consumer Typology Based on Network Externalities: Artificial Intelligence Speakers","authors":"H. Kim, Jin-Myong Lee","doi":"10.35736/JCS.32.2.1","DOIUrl":"https://doi.org/10.35736/JCS.32.2.1","url":null,"abstract":"","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2021-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84864283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: