Pub Date : 2021-03-01DOI: 10.6633/IJNS.202103_23(2).17
Juan Ren, Leyou Zhang, Baocang Wang
Attribute-based searchable encryption (ABSE) scheme is an efficient mechanism to implement access control and secure keywords search based on attributes over encrypted data. However, most existing ABSE schemes rely on single trusted authority to manage the attribute private keys. In real life, it is impractical that one authority completes all verifications and certifications to all attributes. In addition, the existence of the vulnerable item makes them be vulnerable to secret-key-recovery attack in some existing multi-authority attribute-based encryption (ABE) schemes based on access tree. To solve above problems, we design a decentralized multi-authority ABSE scheme based on access tree, which can resist the keyword guessing (KG) attack and the secret-keys-recovery attack. We also give performance analysis of the proposed scheme and prove it to be selectively secure under the decisional bilinear Diffie-Hellman (DBDH) assumption, the hash Diffie-Hellman (HDH) assumption and the bilinear Diffie-Hellman (BDH) assumption.
{"title":"Decentralized Multi-Authority Attribute-based Searchable Encryption Scheme","authors":"Juan Ren, Leyou Zhang, Baocang Wang","doi":"10.6633/IJNS.202103_23(2).17","DOIUrl":"https://doi.org/10.6633/IJNS.202103_23(2).17","url":null,"abstract":"Attribute-based searchable encryption (ABSE) scheme is an efficient mechanism to implement access control and secure keywords search based on attributes over encrypted data. However, most existing ABSE schemes rely on single trusted authority to manage the attribute private keys. In real life, it is impractical that one authority completes all verifications and certifications to all attributes. In addition, the existence of the vulnerable item makes them be vulnerable to secret-key-recovery attack in some existing multi-authority attribute-based encryption (ABE) schemes based on access tree. To solve above problems, we design a decentralized multi-authority ABSE scheme based on access tree, which can resist the keyword guessing (KG) attack and the secret-keys-recovery attack. We also give performance analysis of the proposed scheme and prove it to be selectively secure under the decisional bilinear Diffie-Hellman (DBDH) assumption, the hash Diffie-Hellman (HDH) assumption and the bilinear Diffie-Hellman (BDH) assumption.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"30 1","pages":"332-342"},"PeriodicalIF":0.0,"publicationDate":"2021-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85444855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-31DOI: 10.5121/IJNSA.2021.13101
W. Simpson, K. Foltz
Network defense implies a comprehensive set of software tools to preclude malicious entities from conducting activities such as exfiltration of data, theft of credentials, blocking of services and other nefarious activities. For most enterprises at this time, that defense builds upon a clear concept of the fortress approach. Many of the requirements are based on inspection and reporting prior to delivery of the communication to the intended target. These inspections require decryption of packets and this implies that the defensive suite either impersonates the requestor, or has access to the private cryptographic keysof the servers that are the target of communication. This is in contrast to an end-to-end paradigm where known good entities can communicate directly and no other entity has access to the content unless that content is provided to them. There are many new processes that require end-to-end encrypted communication, including distributed computing, endpoint architectures, and zero trust architectures and enterprise level security. In an end-to-end paradigm, the keys used for authentication, confidentiality, and integrity reside only with the endpoints. This paper examines a formulation that allows unbroken communication, while meeting the inspection and reporting requirements of a network defense. This work is part of a broader security architecture termed Enterprise Level Security (ELS)framework.
{"title":"Resolving Network Defense Conflicts with Zero Trust Architectures and Other End-to-End Paradigms","authors":"W. Simpson, K. Foltz","doi":"10.5121/IJNSA.2021.13101","DOIUrl":"https://doi.org/10.5121/IJNSA.2021.13101","url":null,"abstract":"Network defense implies a comprehensive set of software tools to preclude malicious entities from conducting activities such as exfiltration of data, theft of credentials, blocking of services and other nefarious activities. For most enterprises at this time, that defense builds upon a clear concept of the fortress approach. Many of the requirements are based on inspection and reporting prior to delivery of the communication to the intended target. These inspections require decryption of packets and this implies that the defensive suite either impersonates the requestor, or has access to the private cryptographic keysof the servers that are the target of communication. This is in contrast to an end-to-end paradigm where known good entities can communicate directly and no other entity has access to the content unless that content is provided to them. There are many new processes that require end-to-end encrypted communication, including distributed computing, endpoint architectures, and zero trust architectures and enterprise level security. In an end-to-end paradigm, the keys used for authentication, confidentiality, and integrity reside only with the endpoints. This paper examines a formulation that allows unbroken communication, while meeting the inspection and reporting requirements of a network defense. This work is part of a broader security architecture termed Enterprise Level Security (ELS)framework.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"50 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74581857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-31DOI: 10.5121/IJNSA.2021.13104
Cheman Shaik
Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks on cryptocurrency exchange accounts. In this scheme, a separate public and private key pair is assigned to every account and the public key is shifted either forward or backward on the elliptic curve by a difference of the account user’s password. When a user logs into his account, the server sends the shifted public key of his account. The user computes the actual public key of his account by reverse shifting the shifted public key exactly by a difference of his password. Alternatively, shifting can be applied to the user’s generator instead of the public key. Described in detail is as to how aman-in-the-middle attack takes place and how the proposed scheme defeats the attack. Provided detailed security analysis in both the cases of publickey shifting and generator shifting. Further, compared the effectiveness of another three authentication schemes in defending passwords against MITM attacks.
{"title":"Defeating MITM Attacks on Cryptocurrency Exchange Accounts with Individual User Keys","authors":"Cheman Shaik","doi":"10.5121/IJNSA.2021.13104","DOIUrl":"https://doi.org/10.5121/IJNSA.2021.13104","url":null,"abstract":"Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks on cryptocurrency exchange accounts. In this scheme, a separate public and private key pair is assigned to every account and the public key is shifted either forward or backward on the elliptic curve by a difference of the account user’s password. When a user logs into his account, the server sends the shifted public key of his account. The user computes the actual public key of his account by reverse shifting the shifted public key exactly by a difference of his password. Alternatively, shifting can be applied to the user’s generator instead of the public key. Described in detail is as to how aman-in-the-middle attack takes place and how the proposed scheme defeats the attack. Provided detailed security analysis in both the cases of publickey shifting and generator shifting. Further, compared the effectiveness of another three authentication schemes in defending passwords against MITM attacks.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"106 1","pages":"51-64"},"PeriodicalIF":0.0,"publicationDate":"2021-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79562525","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-27DOI: 10.5121/IJNSA.2021.13102
Geeta Kocher, G. Kumar
In recent times, various machine learning classifiers are used to improve network intrusion detection. The researchers have proposed many solutions for intrusion detection in the literature. The machine learning classifiers are trained on older datasets for intrusion detection, which limits their detection accuracy. So, there is a need to train the machine learning classifiers on the latest dataset. In this paper, UNSW-NB15, the latest dataset is used to train machine learning classifiers. The selected classifiers such as K-Nearest Neighbors (KNN), Stochastic Gradient Descent (SGD), Random Forest (RF), Logistic Regression (LR), and Naïve Bayes (NB) classifiers are used for training from the taxonomy of classifiers based on lazy and eager learners. In this paper, Chi-Square, a filter-based feature selection technique, is applied to the UNSW-NB15 dataset to reduce the irrelevant and redundant features. The performance of classifiers is measured in terms of Accuracy, Mean Squared Error (MSE), Precision, Recall, F1-Score, True Positive Rate (TPR) and False Positive Rate (FPR) with or without feature selection technique and comparative analysis of these machine learning classifiers is carried out.
{"title":"Analysis of Machine Learning Algorithms with Feature Selection for Intrusion Detection using UNSW-NB15 Dataset","authors":"Geeta Kocher, G. Kumar","doi":"10.5121/IJNSA.2021.13102","DOIUrl":"https://doi.org/10.5121/IJNSA.2021.13102","url":null,"abstract":"In recent times, various machine learning classifiers are used to improve network intrusion detection. The researchers have proposed many solutions for intrusion detection in the literature. The machine learning classifiers are trained on older datasets for intrusion detection, which limits their detection accuracy. So, there is a need to train the machine learning classifiers on the latest dataset. In this paper, UNSW-NB15, the latest dataset is used to train machine learning classifiers. The selected classifiers such as K-Nearest Neighbors (KNN), Stochastic Gradient Descent (SGD), Random Forest (RF), Logistic Regression (LR), and Naïve Bayes (NB) classifiers are used for training from the taxonomy of classifiers based on lazy and eager learners. In this paper, Chi-Square, a filter-based feature selection technique, is applied to the UNSW-NB15 dataset to reduce the irrelevant and redundant features. The performance of classifiers is measured in terms of Accuracy, Mean Squared Error (MSE), Precision, Recall, F1-Score, True Positive Rate (TPR) and False Positive Rate (FPR) with or without feature selection technique and comparative analysis of these machine learning classifiers is carried out.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"40 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2021-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82777123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.6633/IJNS.202101_23(1).09
Dieaa I. Nassr, Sohier M. Khamis
Video Steganography is an art and science of embedding secret information into a carrying video file in such a way that others cannot observe the embedded information. Cuckoo Search (CS) is a meta-heuristic algorithm which has been developed by Xin-She Yang and Suash Deb in 2009. CS is very effective in solving many optimization problems that have been found in previous literature. In this paper, a new efficient approach for embedding a secret image in a digital video is proposed. Generally, any colored image consists of three color components (Red, Green, and Blue). So, an image's pixel has three bytes; each of which belongs to one different color component. For security purposes, each secret image's color component is embedded separately into a selected cover video's frame. The proposed approach is based on the permutations on 3 sections of a secret byte, 3-3-2 bits. These three sections are permuted to obtain five different patterns of a specified secret byte. Then, the population of five different pairs is built; each pair consists of one different pattern repeated twice. Good pixels are so chosen via using CS algorithm to achieve the minimum distortion in carrier pixels due to embedding. The sum of absolute values of sectional differences is used as an objective function to compare all the distances between the 3-3-2 Least Significant Bit (LSB) values of a cover frame's pixel and the generated different patterns of a specified secret byte. Experimental results show that the efficiency of the suggested approach is successful since the Peak Signal to Noise Ratio (PSNR) is above 52 decibels.
{"title":"Applying Permutations and Cuckoo Search for Obtaining a New Steganography Approach in Spatial Domain","authors":"Dieaa I. Nassr, Sohier M. Khamis","doi":"10.6633/IJNS.202101_23(1).09","DOIUrl":"https://doi.org/10.6633/IJNS.202101_23(1).09","url":null,"abstract":"Video Steganography is an art and science of embedding secret information into a carrying video file in such a way that others cannot observe the embedded information. Cuckoo Search (CS) is a meta-heuristic algorithm which has been developed by Xin-She Yang and Suash Deb in 2009. CS is very effective in solving many optimization problems that have been found in previous literature. In this paper, a new efficient approach for embedding a secret image in a digital video is proposed. Generally, any colored image consists of three color components (Red, Green, and Blue). So, an image's pixel has three bytes; each of which belongs to one different color component. For security purposes, each secret image's color component is embedded separately into a selected cover video's frame. The proposed approach is based on the permutations on 3 sections of a secret byte, 3-3-2 bits. These three sections are permuted to obtain five different patterns of a specified secret byte. Then, the population of five different pairs is built; each pair consists of one different pattern repeated twice. Good pixels are so chosen via using CS algorithm to achieve the minimum distortion in carrier pixels due to embedding. The sum of absolute values of sectional differences is used as an objective function to compare all the distances between the 3-3-2 Least Significant Bit (LSB) values of a cover frame's pixel and the generated different patterns of a specified secret byte. Experimental results show that the efficiency of the suggested approach is successful since the Peak Signal to Noise Ratio (PSNR) is above 52 decibels.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"1 1","pages":"67-76"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81429373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.6633/IJNS.202101_23(1).03
Mingwu Zhang, Xiao Chen, Yong Ding, Hua Shen
Quick Responding codes, namely QR codes, are widely used in various communication applications and electronic transactions such as electronic payments and information integrations, since they provide excellent characteristics such as large data capacity, widely coding domain, and stronger error correction ability etc. However, as the QR code is transmitted on public channel and can be scanned by any QR reader, one can obtain the data from the encoded QR code. Simultaneously, the encoding and decoding algorithms are public, the sensitive data such as paying account and password will be revealed to the QR reader, which might incubate the risk of privacy leakage. For solving this problem, this paper proposes a novel approach to protect the private data in QR code. In our method, the secret information is embedded in the random position of a QR code matrix by utilizing an error-correcting mechanism, and only authorized user in possession of required keys will be able to retrieve and recover this secret data embedded and hidden in the QR code. The user without the secret key can only decode public information from the QR code. Although our hiding scheme will decrease the rate of error-correctness of QR decoding, we indicate that the analysis shows that scheme is effect om practical applications. Compared with related schemes, the proposed scheme provides higher security that is less likely to attract the attention of potential attackers.
{"title":"A Sensitive-Information Hiding Treatment in Quick-Response Codes Based on Error-Correcting Framework","authors":"Mingwu Zhang, Xiao Chen, Yong Ding, Hua Shen","doi":"10.6633/IJNS.202101_23(1).03","DOIUrl":"https://doi.org/10.6633/IJNS.202101_23(1).03","url":null,"abstract":"Quick Responding codes, namely QR codes, are widely used in various communication applications and electronic transactions such as electronic payments and information integrations, since they provide excellent characteristics such as large data capacity, widely coding domain, and stronger error correction ability etc. However, as the QR code is transmitted on public channel and can be scanned by any QR reader, one can obtain the data from the encoded QR code. Simultaneously, the encoding and decoding algorithms are public, the sensitive data such as paying account and password will be revealed to the QR reader, which might incubate the risk of privacy leakage. For solving this problem, this paper proposes a novel approach to protect the private data in QR code. In our method, the secret information is embedded in the random position of a QR code matrix by utilizing an error-correcting mechanism, and only authorized user in possession of required keys will be able to retrieve and recover this secret data embedded and hidden in the QR code. The user without the secret key can only decode public information from the QR code. Although our hiding scheme will decrease the rate of error-correctness of QR decoding, we indicate that the analysis shows that scheme is effect om practical applications. Compared with related schemes, the proposed scheme provides higher security that is less likely to attract the attention of potential attackers.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"22 1","pages":"14-21"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76804028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.1016/S1353-4858(21)00029-5
Rashid Ali
{"title":"Looking to the future of the cyber security landscape","authors":"Rashid Ali","doi":"10.1016/S1353-4858(21)00029-5","DOIUrl":"https://doi.org/10.1016/S1353-4858(21)00029-5","url":null,"abstract":"","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"4 1","pages":"8-10"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85745343","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.1016/S1353-4858(21)00028-3
Chad Anderson, John 'Turbo' Conwell, Tarik Saleh
{"title":"Investigating cyber attacks using domain and DNS data","authors":"Chad Anderson, John 'Turbo' Conwell, Tarik Saleh","doi":"10.1016/S1353-4858(21)00028-3","DOIUrl":"https://doi.org/10.1016/S1353-4858(21)00028-3","url":null,"abstract":"","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"8 1","pages":"6-8"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73593005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.6633/IJNS.202101_23(1).18
Rui-Hong Dong, Bu-Bu Ren, Qiu-yu Zhang, Hui Yuan
In order to improve the balanced relationships among security, privacy and design overhead for existing wireless sensor networks (WSNs) user authentication scheme, a lightweight user authentication scheme based on fuzzy extraction technology for WSNs. The present scheme combined with biometric fuzzy extraction technology and hash function to generate biometric key, which eliminates the user password factor in the existing authentication schemes. In addition, the proposed scheme can complete mutual authentication and session key agreement between legitimate users and sensor nodes only by using xor, hash and other operations with the lower computation overhead. And the heuristic security analysis, BAN logic model and random oracle model are used for security verification and performance analysis of the current scheme. The results of analysis and verification show that our scheme achieves more security and functional features, and keeps computational efficiency. Compared with other related works, our scheme is more suitable for practical application.
{"title":"A Lightweight User Authentication Scheme Based on Fuzzy Extraction Technology for Wireless Sensor Networks","authors":"Rui-Hong Dong, Bu-Bu Ren, Qiu-yu Zhang, Hui Yuan","doi":"10.6633/IJNS.202101_23(1).18","DOIUrl":"https://doi.org/10.6633/IJNS.202101_23(1).18","url":null,"abstract":"In order to improve the balanced relationships among security, privacy and design overhead for existing wireless sensor networks (WSNs) user authentication scheme, a lightweight user authentication scheme based on fuzzy extraction technology for WSNs. The present scheme combined with biometric fuzzy extraction technology and hash function to generate biometric key, which eliminates the user password factor in the existing authentication schemes. In addition, the proposed scheme can complete mutual authentication and session key agreement between legitimate users and sensor nodes only by using xor, hash and other operations with the lower computation overhead. And the heuristic security analysis, BAN logic model and random oracle model are used for security verification and performance analysis of the current scheme. The results of analysis and verification show that our scheme achieves more security and functional features, and keeps computational efficiency. Compared with other related works, our scheme is more suitable for practical application.","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"14 1","pages":"157-171"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86887092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-01-01DOI: 10.1016/S1353-4858(21)00031-3
K. Renaud
{"title":"Learning from the past","authors":"K. Renaud","doi":"10.1016/S1353-4858(21)00031-3","DOIUrl":"https://doi.org/10.1016/S1353-4858(21)00031-3","url":null,"abstract":"","PeriodicalId":93303,"journal":{"name":"International journal of network security & its applications","volume":"19 1","pages":"20"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79084076","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: