Security and Communication Networks

Cover image for Vol. 7 Issue 3

March 2014

Volume 7, Issue 3

Pages 473–683

  1. Research Articles

    1. Top of page
    2. Research Articles
    1. A fictitious play-based response strategy for multistage intrusion defense systems (pages 473–491)

      Yi Luo, Ferenc Szidarovszky, Youssif Al-Nashif and Salim Hariri

      Version of Record online: 28 FEB 2013 | DOI: 10.1002/sec.730

      Thumbnail image of graphical abstract

      In the cybersecurity field, the possible sequences of interactions between the attackers and the network defender are modeled as a two-player non-zero-sum non-cooperative dynamic multi-stage game with incomplete information. Based on the recent developments of advanced intrusion detection systems, a new defense algorithm, called Response by Dynamic game tree-based Fictitious Play (RDFP), is developed for the defender to consider previous and possible future interactions with the attackers, update his/her knowledge about the opponents, and find the best defending strategies quickly.

    2. Verifying cloud service-level agreement by a third-party auditor (pages 492–502)

      Hongli Zhang, Lin Ye, Jiantao Shi, Xiaojiang Du and Mohsen Guizani

      Version of Record online: 28 FEB 2013 | DOI: 10.1002/sec.740

      Thumbnail image of graphical abstract

      This paper presents a flexible and scalable framework that utilizes a third-party auditor for cloud service-level agreement verification. We design two novel testing algorithms that can detect a service-level agreement violation of a virtual machine's memory size. Real experimental results demonstrate that our algorithms can effectively detect cloud service-level agreement violations on virtual machine memory size while defending various attacks from a malicious cloud.

    3. Parallel Gaussian elimination for XL family over GF(2) (pages 503–510)

      Heliang Huang, Wansu Bao and Shukai Liu

      Version of Record online: 18 MAR 2013 | DOI: 10.1002/sec.744

      Thumbnail image of graphical abstract

      In this paper, our goal is to improve the two major weaknesses of XL family algorithms: the storage problem and the huge workload of Gaussian elimination step. We present the XL_SP, a combination of XL and an improved parallel Gaussian elimination (IPGE), to reduce the time and space cost of XL family over GF(2). The XL_SP will make the algebraic attacks be more practical.

    4. A hill cipher-based remote data possession checking in cloud storage (pages 511–518)

      Lanxiang Chen, Gongde Guo and Zhen Peng

      Version of Record online: 1 MAR 2013 | DOI: 10.1002/sec.746

      Thumbnail image of graphical abstract

      This paper proposes a Hill cipher-based RDPC scheme. It is efficient in terms of computation and communication. It performs data possession checking and at the same time provides confidentiality of data.

    5. Static detection of logic vulnerabilities in Java web applications (pages 519–531)

      Zhejun Fang, Yuqing Zhang, Ying Kong and Qixu Liu

      Version of Record online: 12 MAR 2013 | DOI: 10.1002/sec.747

      Thumbnail image of graphical abstract

      In this paper, we propose the first lightweight static analysis approach to automatically detect logic vulnerabilitiesin Java web applications. We implemented our approach using program-slicing technique and a back-tracingextracting algorithm for control flow, and evaluated it on seven real-world applications scaled from thousands to million lines of code. The evaluation results show that our approach achieves bigger coverage with acceptable cost and better scalability than previous approaches.

    6. CORIDS: a cluster-oriented reward-based intrusion detection system for wireless mesh networks (pages 532–543)

      Novarun Deb, Manali Chakraborty and Nabendu Chaki

      Version of Record online: 12 MAR 2013 | DOI: 10.1002/sec.750

      Thumbnail image of graphical abstract

      In this paper, a new cluster-oriented reward-based intrusion detection system (CORIDS) has been proposed for Wireless Mesh Networks. The simulation performances establish the effectiveness of CORIDS over another recent IDS named Misbehavior Detection Algorithm, both in terms of higher detection efficiency and lower false positives.

    7. C2Detector: a covert channel detection framework in cloud computing (pages 544–557)

      Jingzheng Wu, Liping Ding, Yanjun Wu, Nasro Min-Allah, Samee U. Khan and Yongji Wang

      Version of Record online: 8 MAY 2013 | DOI: 10.1002/sec.754

      Thumbnail image of graphical abstract

      The covert channels in cloud computing are classified into three categories for the first time, and the channel scenario is modeled into an error-corrected four-state automaton. A flexible framework named C2Detector is presented to detect covert channels in cloud computing, which includes a captor located in the hypervisor and a two-phase synthesis algorithm implemented as Markov and Bayesian detectors. A prototype of C2Detector is implemented on Xen hypervisor, and the experiment results show that it can detect the three types of the covert channels with an acceptable false positive rate by using a pessimistic threshold.

    8. Confidential initial identification and other improvements for UMTS security (pages 558–566)

      Daniel Caragata, Safwan El Assad, Charles Shoniregun and Galyna Akmayeva

      Version of Record online: 20 MAR 2013 | DOI: 10.1002/sec.757

      Thumbnail image of graphical abstract

      In this paper, we present a Confidential Initial Identification Protocol that protects user identity and also offers the support for further Universal Mobile Telecommunications System security improvement, especially in the authentication and key agreement protocol and the security algorithms negotiation protocol.

    9. Secure secret reconstruction and multi-secret sharing schemes with unconditional security (pages 567–573)

      Lein Harn

      Version of Record online: 11 APR 2013 | DOI: 10.1002/sec.758

      Thumbnail image of graphical abstract

      A secure secret reconstruction scheme ensures that the secret can only be recovered by participants who present valid shares; but not by any outside adversary who does not own any valid share.

    10. Access control for cloud-based eHealth social networking: design and evaluation (pages 574–587)

      Yan Bai, Lirong Dai, Sam Chung and Durga D. Devaraj

      Version of Record online: 22 MAR 2013 | DOI: 10.1002/sec.759

      Thumbnail image of graphical abstract

      This paper presents an access control framework for healthcare social cloud systems. It consists of an adaptive trust-aware tag-based privacy control for information access, a trust propagation protocol to verify the authenticity of information sources, and a hybrid trust management mechanism that meets system users' access control requirements while minimizing the disclosure of privileges and of access policies.

    11. A certificateless anonymous authenticated announcement scheme in vehicular ad hoc networks (pages 588–601)

      Amizah Malip, Siaw-Lynn Ng and Qin Li

      Version of Record online: 21 MAR 2013 | DOI: 10.1002/sec.760

      Thumbnail image of graphical abstract

      In this paper, we propose a new protocol by using certificateless signature and reputation system to achieve the sometimes contradictory requirements of a reliable, private and accountable vehicular ad hoc network message announcement scheme.

    12. An anonymous data aggregation scheme for smart grid systems (pages 602–610)

      Xuefeng Liu, Yuqing Zhang, Boyang Wang and Huaqun Wang

      Version of Record online: 21 MAR 2013 | DOI: 10.1002/sec.761

      Thumbnail image of graphical abstract

      This paper proposes an anonymous multi-dimensional data aggregation scheme for smart grid systems, which can be used for both additive aggregation functions and non-additive ones. In addition, the computation cost of user is independent of the number of collected data types.

    13. Efficient authentication and access control of scalable multimedia streams over packet-lossy networks (pages 611–625)

      Robert H. Deng, Xuhua Ding and Swee-Won Lo

      Version of Record online: 21 MAR 2013 | DOI: 10.1002/sec.762

      Thumbnail image of graphical abstract

      Two novel authentication schemes for scalable multimedia streams over packet-lossy networks are proposed. The first scheme uses a digital signature to protect the integrity of a group of frames; the second scheme uses message authentication code to protect individual frame, making it packet loss-resilient and computationally efficient. Based on the second scheme, we propose a third scheme that provides authentication and collusion-free access control.

    14. Secure and transparent network traffic replay, redirect, and relay in a dynamic malware analysis environment (pages 626–640)

      Ying-Dar Lin, Tzung-Bi Shih, Yu-Sung Wu and Yuan-Cheng Lai

      Version of Record online: 21 MAR 2013 | DOI: 10.1002/sec.764

      Thumbnail image of graphical abstract

      Many of today's malwares require Internet connectivity to operate and to be thoroughly analyzed in a closed network environment. We propose a secure and transparent network environment that allows the malware in a dynamic analysis environment to have seemingly unrestricted Internet access in a secure manner. The environment can allow malware to exhibit more network activities than a closed network environment and can even outperform the baseline open network environment in some cases. In the meantime, Internet security is maintained by the dispatching of attack and propagation traffic to decoys inside the analysis environment.

    15. A secure mobility support scheme for 6LoWPAN wireless sensor networks (pages 641–652)

      Xiaonan Wang and Yi Mu

      Version of Record online: 21 MAR 2013 | DOI: 10.1002/sec.765

      Thumbnail image of graphical abstract

      This paper proposes a secure mobility support scheme for 6LoWPAN wireless sensor networks. The scheme utilizes the encryption and authentication to achieve the security. Compared with the existing schemes without security, the proposed scheme has relatively good mobility handover performance.

    16. Threshold visual secret sharing based on Boolean operations (pages 653–664)

      Sachin Kumar and Rajendra K. Sharma

      Version of Record online: 17 MAY 2013 | DOI: 10.1002/sec.769

      Thumbnail image of graphical abstract

      This paper proposes a (k,n)-threshold visual secret sharing scheme based on Boolean operations. The proposed scheme maintains the merits as follows: (1) No pixel expansion; (2) No codebook requirement; (3) No need to align the shares in decoding process; (4) Can encode a wide range of image format. The formal proofs and experimental results confirm that the proposed scheme satisfies both the requirements: security (any k-1 or fewer shares cannot reconstruct the secret image) and recoverability (any k or more shares can easily reconstruct the secret image).

    17. A secure cluster-based architecture for certificates management in vehicular networks (pages 665–683)

      Tahani Gazdar, Abderrahim Benslimane, Abdelfettah Belghith and Abderrezak Rachedi

      Version of Record online: 25 APR 2013 | DOI: 10.1002/sec.772

      Thumbnail image of graphical abstract

      We propose a distributed and dynamic public key infrastructure for vehicular ad hoc networks to fulfill the requirements of security, particularly, the authentication, the confidentiality, and the reliability of data. The role of the central certification authority is distributed among a set of elected vehicles, which are equipped with wireless on-broad units. Eventually, vehicles can communicate with road side units. The architecture is dynamic because the election of vehicles takes into account the topology changes.

SEARCH

SEARCH BY CITATION