Security and Communication Networks

Cover image for Vol. 6 Issue 12

December 2013

Volume 6, Issue 12

Pages i–iv, 1417–1605

  1. Issue Information

    1. Top of page
    2. Issue Information
    3. Guest Editorial
    4. Special Issue Papers
    5. Editorials
    6. Special Issue Papers
    1. Issue Information (pages i–iv)

      Article first published online: 28 NOV 2013 | DOI: 10.1002/sec.664

  2. Guest Editorial

    1. Top of page
    2. Issue Information
    3. Guest Editorial
    4. Special Issue Papers
    5. Editorials
    6. Special Issue Papers
    1. You have free access to this content
  3. Special Issue Papers

    1. Top of page
    2. Issue Information
    3. Guest Editorial
    4. Special Issue Papers
    5. Editorials
    6. Special Issue Papers
    1. XFPM-RBAC: XML-based specification language for security policies in multidomain mobile networks (pages 1420–1444)

      Devrim Unal and M. Ufuk Caglayan

      Article first published online: 27 JAN 2012 | DOI: 10.1002/sec.411

      Thumbnail image of graphical abstract

      XFPM-RBAC (XML-based formal policy language for mobility with role-based access control) is an XML-based specification language for specification of domain and interdomain security policies with location and mobility constraints. XFPM-RBAC supports specification of locations, mobility, interdomain access rights, role mapping, and separation of duty. XFPM-RBAC consists of XML schemas, which define domain and interdomain security policies with location and mobility constraints. XFPM-RBAC supports extraction of formal specifications from security policies for the purpose of automated verification.

    2. TrustVis: visualizing trust toward attack identification in distributed computing environments (pages 1445–1459)

      Dichao Peng, Wei Chen and Qunsheng Peng

      Article first published online: 7 MAR 2012 | DOI: 10.1002/sec.521

      Thumbnail image of graphical abstract

      In this article, we introduce TrustVis, a visual analysis system that helps users visually analyze trust relations to identify attacks in distributed computing environments. TrustVis reorganizes and presents trust relations with a matrix to map the cooperative attack schemes to visual patterns. By incorporating the intelligence of domain experts, we can achieve interactive monitoring of the networked system towards identifying both the attackers' identities and the adopted attack schemes.

    3. DEFF: a new architecture for private online social networks (pages 1460–1470)

      Fatemeh Raji, Ali Miri, Mohammad Davarpanah Jazi and Behzad Malek

      Article first published online: 21 MAR 2012 | DOI: 10.1002/sec.533

      Thumbnail image of graphical abstract

      In this paper, we propose a mediated architecture for OSNs that protects users' information from both the OSN provider and unauthorized OSN users. Our proposed approach delegates most of the computation tasks to a semi-trusted proxy server. We exploit a simplified broadcast encryption method in order to design a dynamic, efficient, flexible, and fine-grained (DEFF) control system. In the proposed DEFF system, users are allowed to cryptographically categorize their friends into different relations and to share data with arbitrary groups of them.

    4. Improved group key transfer protocols from the protocol of Harn et al. (pages 1471–1477)

      Zhiwei Wang

      Article first published online: 6 FEB 2012 | DOI: 10.1002/sec.415

      Thumbnail image of graphical abstract

      In this paper, we propose two improved group key transfer protocol from the protocol of Harn et al. The first one is suitable for the large-size group, while the second one is based on the untrustworthy KGC.

    5. A secure, efficient, and cost-effective distributed architecture for spam mitigation on LTE 4G mobile networks (pages 1478–1489)

      Elias Bou-Harb, Makan Pourzandi, Mourad Debbabi and Chadi Assi

      Article first published online: 6 FEB 2012 | DOI: 10.1002/sec.413

      Thumbnail image of graphical abstract

      Part of LTE's new architecture is an evolved packet core. Although this will provide various critical advantages, it may on the other hand expose telecom networks to IP-based attacks. In this paper, we propose a distributed architecture on the LTE network that is secure by mitigating the spam-flooding attack, efficient by solving the over dimensioning problem caused by the centralized architecture, and cost-effective by utilizing ‘off-the-shelf’ low-cost hardware in the distributed nodes.

    6. Non-linearity cannot help RFID resist full-disclosure attacks and terrorist fraud attacks (pages 1490–1495)

      Hung-Yu Chien, Chu-Sing Yang and Hung-Pin Hou

      Article first published online: 27 JAN 2012 | DOI: 10.1002/sec.410

      Thumbnail image of graphical abstract

      Recently, Peris-Lopz et al. proposed that non-linear composition of secrets can enhance the security of radio-frequency identification distance bounding protocol against possible attacks. However, we find that the argument is not correct. The reason for this is that, under non-linear composition of secrets, a dishonest tag can disclose more secret bits of the responses to the adversary for terrorist attacks, without damaging the privacy of its long-term secret key.

    7. Chaotic masking for securing RFID systems against relay attacks (pages 1496–1508)

      Behzad Malek and Ali Miri

      Article first published online: 27 JUN 2012 | DOI: 10.1002/sec.586

      Thumbnail image of graphical abstract

      In this work, we propose a simple but secure masking scheme that counters the relay attack in radio-frequency (RFID) systems. Our scheme is the first solution based on the chaos suppression theory. We have exploited the chaotic characteristics of a dynamic Lorenz controller to distinguish a legitimate RFID reader from a proxy reader in the relay attack. We also show that the proposed approach is practical using simulation results.

    8. Efficient identity-based hierarchical access authentication protocol for mobile network (pages 1509–1521)

      He Liu and Mangui Liang

      Article first published online: 27 JAN 2012 | DOI: 10.1002/sec.412

      Thumbnail image of graphical abstract

      In this paper, a new mobile scheme is constructed to improve the registration performance by the port-based switching first. Second, an access authentication protocol is proposed by combining the designed mobile proposal with hierarchical identity-based signature. Besides, a new access router selection algorithm is given for mobile user to choose the optimal access point. The theoretical analysis and simulation show that the proposed authentication protocol outperforms the previous ones in terms of the handover delay integrating the authentication with security enhanced.

  4. Editorials

    1. Top of page
    2. Issue Information
    3. Guest Editorial
    4. Special Issue Papers
    5. Editorials
    6. Special Issue Papers
    1. You have free access to this content
  5. Special Issue Papers

    1. Top of page
    2. Issue Information
    3. Guest Editorial
    4. Special Issue Papers
    5. Editorials
    6. Special Issue Papers
    1. DISA: Detection and isolation of sneaky attackers in locally monitored multi-hop wireless networks (pages 1524–1538)

      Issa Khalil, Saurabh Bagchi, Najah AbuAli and M. Hayajneh

      Article first published online: 13 OCT 2009 | DOI: 10.1002/sec.152

      Thumbnail image of graphical abstract

      DISA provides efficient detection and isolation of sneaky attackers launched through misrouting, power control, colluding collision, and identity delegation. DISA novelty lies in empowering local monitoring by increasing the number of nodes capable of monitoring and tuning the monitoring activities to expose sneaky malicious actions. Analysis and simulation results show that DISA outperforms BLM in malicious node isolation and end-to-end packet delivery ratios with much lower framing and false isolation ratios.

    2. Architecture and performance evaluation of a hybrid intrusion detection system for IP telephony (pages 1539–1555)

      Bazara I. A. Barry and H. A. Chan

      Article first published online: 5 MAY 2010 | DOI: 10.1002/sec.174

      Thumbnail image of graphical abstract

      The paper presents the architecture and performance evaluation of a hybrid intrusion detection system that is suitable for IP telephony. The intrusion detection system combines specification-based and signature-based detection techniques and addresses a wide range of attacks.

    3. Attacking the kad network—real world evaluation and high fidelity simulation using DVN (pages 1556–1575)

      Peng Wang, James Tyra, Eric Chan-Tin, Tyson Malchow, Denis Foo Kune, Nicholas Hopper and Yongdae Kim

      Article first published online: 24 DEC 2009 | DOI: 10.1002/sec.172

      Thumbnail image of graphical abstract

      Kad, an implementation of the Kademlia DHT protocol, is a popular file-sharing network with over 1 million concurrent users. We describe several attacks, exploiting critical design weaknesses in Kad, to allow an attacker with modest resources to cause a significant fraction of all searches to fail. We measure the cost and effectiveness of these attacks against a set of 16,000 nodes connected to the operational Kad network and in our large-scale simulator DVN with 200,000 nodes.

    4. Agent-based modeling of malware dynamics in heterogeneous environments (pages 1576–1589)

      Abhijit Bose and Kang G. Shin

      Article first published online: 25 FEB 2011 | DOI: 10.1002/sec.298

      Thumbnail image of graphical abstract

      This paper presents a novel agent-based framework for realistic modeling of malware propagation in heterogeneous networks, applications and platforms. The majority of the parameters used in the framework can be derived from real-life network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios for the given network. Two well-known malware spreading mechanisms in traditional as well as mobile environments were studied using extensive simulations within the framework and the most important spreading parameters were identified.

    5. SMM rootkit: a new breed of OS independent malware (pages 1590–1605)

      Shawn Embleton, Sherri Sparks and Cliff C. Zou

      Article first published online: 9 DEC 2009 | DOI: 10.1002/sec.166

      Thumbnail image of graphical abstract

      This paper presents a proof-of-concept SMM rootkit, which explores the potential vulnerability of the low-level Intel processors' System Management Mode so that it cannot be detected by security software running based on the Operating System. To illustrate the capability of a stealthy SMM rootkit, we implement a chipset-level keylogger and a network backdoor capable of directly interacting with the network card to send logged keystrokes to a remote machine via UDP and receive remote command packets stealthily.

SEARCH

SEARCH BY CITATION