Security and Communication Networks

Cover image for Vol. 7 Issue 9

Early View (Online Version of Record published before inclusion in an issue)

Edited By: Hsiao-Hwa Chen and Hamid R. Sharif

Impact Factor: 0.433

ISI Journal Citation Reports © Ranking: 2013: 66/78 (Telecommunications); 116/135 (Computer Science Information Systems)

Online ISSN: 1939-0122

  1. Research Articles

    1. Damage-resistance matrix embedding framework: the contradiction between robustness and embedding efficiency

      Weiwei Liu, Guangjie Liu and Yuewei Dai

      Article first published online: 15 SEP 2014 | DOI: 10.1002/sec.1111

      Thumbnail image of graphical abstract

      In this paper, a general damage-resistance matrix embedding framework in information hiding is reported, and we reveal the detailed relationship between damage-resistance capability and embedding performance. A practical near-optimal damage-resistance matrix embedding scheme is proposed based on parity-check concatenated convolutional codes.

  2. Research Article

    1. A distributed secret share update scheme with public verifiability for ad hoc network

      Chen Zhenhua, Li Shundong, Wu Qianhong and Huang Qiong

      Article first published online: 15 SEP 2014 | DOI: 10.1002/sec.1097

      Thumbnail image of graphical abstract

      (1) We design a distributed secret share update scheme with public verifiability for MANET. Our goals are as follows: First, it must not have a single point of failure because mobile nodes deployed in hostile environments are subject to attacks. Second, it should be compromise-tolerant, meaning that the compromise of a certain number of nodes does not harm the communication security between uncompromised nodes. Third, it should be able to efficiently and securely update and publicly verify the shares of system key. Last, there should be efficient schemes to recover a correct system key. (2) In this paper, we explore the technique of verifiable encryption with additive homomorphism and that of threshold cryptography. A distributed secret share update scheme with public verifiability for ad hoc network is proposed.

  3. Research Articles

    1. Right translated AES gray S-boxes

      Mubashar Khan and Naveed Ahmed Azam

      Article first published online: 11 SEP 2014 | DOI: 10.1002/sec.1110

      Thumbnail image of graphical abstract

      This paper deals with an algorithm for the generation of impregnable substitution boxes based on the application of right translation and Gray codes over the original Advanced Encryption Standard (AES) S-box. Regular representation of Galois field is used to produce the translational effect in the AES S-box. The translated AES S-box is then subjected to Gray codes for the enhancement in their algebraic complexity.

  4. Special Issue Papers

    1. Small target detection using morphology and modified Gaussian distance function

      Jong-Ho Kim, Jun-Jae Park, Sang-Ho Ahn, Deok Gyu Lee, Daesung Moon and Sang-Kyoon Kim

      Article first published online: 11 SEP 2014 | DOI: 10.1002/sec.1069

      Thumbnail image of graphical abstract

      This paper proposes a new small target detection system that detects small target candidates based on morphology operations and detects actual targets using a modified Gaussian distance function. The proposed method is less sensitive to clutters than existing methods and has a detection rate of 98%.

  5. Research Articles

    1. DualAcE: fine-grained dual access control enforcement with multi-privacy guarantee in DaaS

      Xiuxia Tian, Ling Huang, Yong Wang, Chaofeng Sha and Xiaoling Wang

      Article first published online: 9 SEP 2014 | DOI: 10.1002/sec.1098

      Thumbnail image of graphical abstract

      Privacy guarantee is one of the key factors in practical deployment of cloud computing-based database as a service (DaaS) paradigm. However, most of the proposed access control enforcement approaches only support one or two of the following privacy guarantees: data privacy, policy privacy and key privacy. In this paper, a flexible fine-grained dual access control enforcement mechanism (DualAcE) in DaaS is designed to implement dual access control enforcement with multi-privacy guarantee: data privacy in delegated database, policy privacy in delegated authorization table and key privacy in key distribution process.

    2. On the security of Kim et al. two ID-based broadcast signcryption schemes

      Jianhong Zhang and Wenjing Tang

      Article first published online: 9 SEP 2014 | DOI: 10.1002/sec.1099

      Thumbnail image of graphical abstract

      In this paper, we show that Kim's two schemes are insecure. They cannot achieve authentication and confidentiality of message. An attacker can forge a ciphertext and convince a specified receiver that the ciphertext is from a valid broadcaster.

    3. A practical strongly secure one-round authenticated key exchange protocol without random oracles

      Zheng Yang and Wu Yang

      Article first published online: 9 SEP 2014 | DOI: 10.1002/sec.1067

      Thumbnail image of graphical abstract

      In this paper, we study the open problem on constructing eCKw secure authenticated key exchange (AKE) protocol in the standard model. A new one-round AKE protocol is introduced relying on standard cryptographic primitives and a variant of bilinear decisional Diffie-Hellman assumption. The main advantage of our proposal is its high efficiency in key exchange in contrast to the previous eCK secure protocols without random oracles and under post-specified peer setting.

    4. A two-factor authentication scheme with anonymity for multi-server environments

      Chi-Tung Chen and Cheng-Chi Lee

      Article first published online: 5 SEP 2014 | DOI: 10.1002/sec.1109

      Thumbnail image of graphical abstract

      The proposed scheme not only satisfies the crucial design criteria of a secure remote user authentication scheme but also overcomes the drawbacks of Lee et al., Hsiang-Shih, Liao-Wang, Juang, and Lin et al. schemes. The proposed scheme can provide more security functionality than the mentioned schemes do and demonstrates superior performance, including low computational costs, low communication costs, and little energy consumption. The proposed scheme can enhance effectiveness in protecting multi-server environments and the efficiency of the authentication scheme.

    5. A provably secure smart card-based authenticated group key exchange protocol

      Chin-Chen Chang and Hai-Duong Le

      Article first published online: 5 SEP 2014 | DOI: 10.1002/sec.1107

      Thumbnail image of graphical abstract

      A password-based authenticated group key exchange protocol assists group participants who possess low-entropy, human-memorable passwords in establishing a secure communication channel. In this type of scheme, the server needs to store the users' verifiers in a database. Therefore, it is susceptible to stolen-verifier attacks. In this paper, we propose a new authenticated group key protocol that eliminates the need of verifier database at the server side. Our protocol is based on a two-factor authentication that employs both smart card and password.

    6. Practical key-dependent message chosen-ciphertext security based on decisional composite residuosity and quadratic residuosity assumptions

      Jinyong Chang and Rui Xue

      Article first published online: 2 SEP 2014 | DOI: 10.1002/sec.1101

      Thumbnail image of graphical abstract

      We prove that the schemes of Cramer and Shoup, based on the decisional composite residuosity and quadratic residuosity, respectively, achieve key-dependent message chosen ciphertext attack security w.r.t. some special function ensemble, which is also used by Qin et al. in 2013. Compared with the result of Qin et al., our result shows that it is not necessary to tailor the original schemes so that the message spaces are" consistent" with the secret-key spaces (respectively).

  6. Research Article

    1. Proxy signcryption scheme in the standard model

      Yang Ming and Yumin Wang

      Article first published online: 2 SEP 2014 | DOI: 10.1002/sec.1092

      Thumbnail image of graphical abstract

      In this paper, we propose a new construction of proxy signcryption scheme based on bilinear pairing without using random oracles. Then, we show that our scheme is adaptive chosen ciphertext attacks secure under the decisional Bilinear Diffie-Hellman assumption and existentially unforgeable under the computational Diffie-Hellman assumptions. Compared with the existing schemes with formal security proof, we show that no pairing computation is required in our proxy signcrypt phase with pre-computations.

  7. Research Articles

    1. Generating highly nonlinear resilient Boolean functions resistance against algebraic and fast algebraic attacks

      Jun-Po Yang and Wei-Guo Zhang

      Article first published online: 1 SEP 2014 | DOI: 10.1002/sec.1078

      Thumbnail image of graphical abstract

      The cryptographic criteria (nonlinearity, resiliency, degree, algebraic immunity, and fast algebraic resistance) of our n-variable Boolean functions below are generally superior to the currently best-known results.

    2. Parallel modular steganography using error images

      Masoud Afrakhteh and Jeong-A Lee

      Article first published online: 1 SEP 2014 | DOI: 10.1002/sec.1100

      Thumbnail image of graphical abstract

      If a cover image is JPEG-compressed, the resulted error image implies where and to what extent secret bits can be embedded. In this paper, a modular steganography using error images is presented that the detectability level of its resulting stego images is lower than that of state-of-the-art schemes while its block-wise parallel conversion can be executed approximately 55 times faster than its serial execution.

    3. Feature engineering for detection of Denial of Service attacks in session initiation protocol

      Hassan Asgharian, Ahmad Akbari and Bijan Raahemi

      Article first published online: 1 SEP 2014 | DOI: 10.1002/sec.1106

      Thumbnail image of graphical abstract

      In this paper, after a peer review of security concerns of the SIP-based systems, we engineer a Session Initiation Protocol (SIP) feature set based on the normal behavior of SIP state machine and its related attacks. The proposed features are built at three levels: packet, transaction, and dialog. The performance of engineered features is assessed by different kinds of attack scenarios in a real test-bed. The results are shown in different test cases to demonstrate the effectiveness of our proposed features.

    4. An efficient strongly secure authenticated key exchange protocol without random oracles

      Zheng Yang

      Article first published online: 28 AUG 2014 | DOI: 10.1002/sec.1095

      Thumbnail image of graphical abstract

      We present an eCK secure protocol in the standard model, without NAXOS trick and without the knowledge of secret key assumption for public key registration. The security proof of our scheme is based on standard pairing assumption, collision resistant hash functions, bilinear decision Diffie-Hellman and decision linear Diffie-Hellman assumptions, and pseudo-random functions with pairwise-independent random source. Although our proposed protocol is based on bilinear groups, it does not require any pairing operation during key exchange procedure.

  8. Review Articles

    1. Reversible data hiding exploiting high-correlation regulation for high-quality images

      Xing-Tian Wang, Ming-Chu Li, Szu-Ting Wang and Chin-Chen Chang

      Article first published online: 27 AUG 2014 | DOI: 10.1002/sec.1083

      Thumbnail image of graphical abstract

      The secret data are embedded into non-reference pixels based on the high correlation. The interpolation prediction is used to embed secret data for reference pixels. The proposed scheme provides better embedding performance than some compared schemes.

  9. Research Articles

    1. Secure publish/subscribe-based certificate status validations in mobile ad hoc networks

      Mohammad Masdari, Sam Jabbehdari and Jamshid Bagherzadeh

      Article first published online: 24 AUG 2014 | DOI: 10.1002/sec.1062

      Thumbnail image of graphical abstract

      In this paper, a new publish-based/subscribe-based certificate validation scheme is presented, which minimizes the inconsistency of certificate status information in the MANETs and increases the security and scalability of public key-based security systems.

    2. Efficient self-healing group key management with dynamic revocation and collusion resistance for SCADA in smart grid

      Rong Jiang, Rongxing Lu, Jun Luo, Chengzhe Lai and Xuemin (Sherman) Shen

      Article first published online: 22 AUG 2014 | DOI: 10.1002/sec.1057

      Thumbnail image of graphical abstract

      We have proposed an enhanced robust and efficient group key management to secure Supervisory Control And Data Acquisition system in smart grid. The proposed scheme is characterized by adopting self-healing key to tolerant failures of the sub-master terminal units and revoking compromised users dynamically. Detailed security analysis shows that the proposed scheme meets the requirements of group communication and performance evaluation demonstrates its efficiency in terms of low storage requirement and communication overheads.

  10. Research Article

    1. Using HTML5 to prevent detection of drive-by-download web malware

      Alfredo De Santis, Giancarlo De Maio and Umberto Ferraro Petrillo

      Article first published online: 21 AUG 2014 | DOI: 10.1002/sec.1077

      Thumbnail image of graphical abstract

      We present new obfuscation techniques, on the basis of some of the features of the upcoming HTML5 standard, which can be used to deceive malware detection systems. The proposed techniques have been experimented on a reference set of obfuscated malware. Our results show that the malware rewritten using our obfuscation techniques go undetected while being analyzed by a large number of detection systems.

  11. Review Articles

    1. On the IEEE 802.11i security: a denial-of-service perspective

      Rajeev Singh and Teek Parval Sharma

      Article first published online: 21 AUG 2014 | DOI: 10.1002/sec.1079

      Thumbnail image of graphical abstract

      IEEE 802.11i standard provides authentication and security at the Medium Access Control (MAC) layer in wireless local area networks. The standard suffers under denial of service (DoS) attacks. The paper presents a review of DoS attacks and existing solutions pertaining to IEEE 802.11i security standard.

  12. Research Articles

    1. ReDD: recommendation-based data dissemination in privacy-preserving mobile social networks

      Le Chen, Rongxing Lu, Khalid AlHarbi, Xiaodong Lin and Zhenfu Cao

      Article first published online: 21 AUG 2014 | DOI: 10.1002/sec.1082

      Thumbnail image of graphical abstract

      In this paper, we propose an efficient recommendation-based data dissemination protocol for mobile social networks, which can efficiently disseminate high-quality messages in a privacy-preserving way. Detailed security analysis demonstrates that our protocol can effectively resist various attacks launched by the adversary. In addition, the simulation results show that high-quality messages can be disseminated widely and efficiently, while low-quality ones will be eliminated shortly to avoid occupying network resources.

  13. Editorials

    1. You have free access to this content
      Human-centric security service and its application in smart space

      Hangbae Chang, Hosin David Lee and Richard Overill

      Article first published online: 21 AUG 2014 | DOI: 10.1002/sec.1088

  14. Research Articles

    1. A new secure and efficient scheme for network mobility management

      Salima Smaoui, Mohammad S. Obaidat, Faouzi Zarai and K. F. Hsiao

      Article first published online: 21 AUG 2014 | DOI: 10.1002/sec.1090

      Thumbnail image of graphical abstract

      In this paper, a number of potential threats in the typical HIP with Rendez Vous Server are identified. A new secure and efficient scheme for Network Mobility management is also proposed to overcome the outlined ones. The proposed solution ensures strong authentication between network entities, reduces Denial of Service attacks, and secures against Domain Name Server spoofing, reply, and eavesdropping attacks. Also, it ensures end-to-end confidentiality and integrity protection.

  15. Special Issue Papers

    1. Protect biometric data with compound chaotic encryption

      Charles Z. Liew, Raymond Shaw and Lanlan Li

      Article first published online: 15 AUG 2014 | DOI: 10.1002/sec.1070

      Thumbnail image of graphical abstract

      In this paper, the information security issue on biometric data is studied, focusing on distribution in space domain and uniform diffusion in frequency domain. Related tests and analysis on key space, sensitivity, correlation and uniform distribution are performed with comparison to diverse schemes including triple data encryption standard algorithm and chaotic mapping cipher. Experiment results show that the proposed approach possesses good secure performances on both random scrambling in space domain and uniform distribution in frequency domain.

  16. Research Articles

    1. A novel comprehensive steganalysis of transmission control protocol/Internet protocol covert channels based on protocol behaviors and support vector machine

      Yao Shen, Liusheng Huang, Xiaorong Lu and Wei Yang

      Article first published online: 11 AUG 2014 | DOI: 10.1002/sec.1081

      Thumbnail image of graphical abstract

      In this paper, we introduce a novel comprehensive detection method based on the protocol behaviors. The protocol behavior characters are utilized to evaluate the regularities or correlations between adjacent packets that are changed by the information hiding in header fields of transmission control protocol/Internet protocol. A support vector machine is lastly applied to the behavior feature sets for discovering the existence of covert channels. The experimental results and performance comparison show that our scheme is of high effectiveness.

    2. Sequence-based masquerade detection for different user groups

      S. Sen

      Article first published online: 11 AUG 2014 | DOI: 10.1002/sec.1080

      Thumbnail image of graphical abstract

      This study presents a rigorous evaluation of sequence-based approaches on masquerade detection. The newly proposed technique MUCS (matching of unordered command sequences) is compared with the techniques MOCS (matching of ordered command sequences) and MC (matching of commands). The performance of these methods on different types of users and masqueraders is also analyzed.

    3. Transactions based secure routing in wireless networks: a cognitive science approach

      R. Kumar and G. Kousalya

      Article first published online: 11 AUG 2014 | DOI: 10.1002/sec.1060

      Thumbnail image of graphical abstract

      In this paper, we present a transactions based secure routing protocol for data transmission. Here, cognitive agents with behaviors-beliefs model are placed on routers to generate beliefs over the routers functionalities w.r.t. genuinity, and various transactions are classified on the basis of the transaction subtlety levels. These two factors are used in determining secure paths for data transmission of varied security levels and thereby enhancing the network performance. The results are presented to demonstrate the routing delay, latency, quality of service, and throughput.

    4. An improved conference-key agreement protocol for dynamic groups with efficient fault correction

      Orhan Ermiş, Şerif Bahtityar, Emin Anarim and M. Ufuk Çağlayan

      Article first published online: 11 AUG 2014 | DOI: 10.1002/sec.1089

      Thumbnail image of graphical abstract

      The pervasive usage of the Internet has made secure group communications a significant issue. Conference-key agreement protocols provide secure group communications with lower computational cost. Providing key agreements and updates of dynamic groups in an efficient manner is a significant challenge for such protocols. In this paper, we propose an improved conference-key agreement protocol that has operations to handle dynamic groups and has better fault correction that provides the same security level with the existing ones.

    5. Design of secure access control scheme for personal health record-based cloud healthcare service

      Chia-Hui Liu, Fong-Qi Lin, Chin-Sheng Chen and Tzer-Shyong Chen

      Article first published online: 8 AUG 2014 | DOI: 10.1002/sec.1087

      Thumbnail image of graphical abstract

      This paper provides efficient and safe access managing mechanism to solve personal health record (PHR) implement on cloud environment's security problem, avoiding possibility that the information security being threatened in the Cloud may lead to the collapse of medical care, patients' stolen data, loss of personal privacy, and financial or other serious consequences. We present bilinear pairing that was constructed in the cloud computing environment of the new PHR access control mechanism, which suited for deploying a large scale and multiple identities of users, and users are safe and efficient in accessing the PHR information.

    6. A broker-based cooperative security-SLA evaluation methodology for personal cloud computing

      Sang-Ho Na and Eui-Nam Huh

      Article first published online: 8 AUG 2014 | DOI: 10.1002/sec.1086

      Thumbnail image of graphical abstract

      Security aspects in service level agreements (SLAs) have received much attention to guarantee security in a user perspective in personal cloud computing environments. A consensus and quantitative measurement of security metrics are key issues for security-SLA. This paper provides a novel holistic approach to determine suitable service and the right level of security for user according to the service type and network environment based on the cooperative security-SLA evaluation model.

  17. Special Issue Papers

    1. On importance of steganographic cost for network steganography

      Wojciech Mazurczyk, Steffen Wendzel, Ignacio Azagra Villares and Krzysztof Szczypiorski

      Article first published online: 8 AUG 2014 | DOI: 10.1002/sec.1085

      Thumbnail image of graphical abstract

      The paper emphasizes the importance of the steganographic cost, which is an indicator for the degradation or distortion of the carrier caused by the application of the steganographic method.

  18. Research Articles

    1. Multi-source broadcast authentication with Combined Key Chains for wireless ad hoc networks

      Seonho Choi, Kun Sun, Hyeonsang Eom and Edward Jung

      Article first published online: 8 AUG 2014 | DOI: 10.1002/sec.1072

      Thumbnail image of graphical abstract

      In this paper, we propose a new broadcast authentication scheme utilizing Combined Key Chains with multiple trust sources. If there are m trust sources, our scheme generates m + 1 key chains, where m of them are distributed among the m source nodes and the last one is used as a verification key chain in all the receiver nodes. The communication overhead is small and constant, and the memory requirement at a verifier node is also minimal.

    2. Combating phishing attacks via brand identity and authorization features

      Guang-Gang Geng, Xiao-Dong Lee and Yan-Ming Zhang

      Article first published online: 8 AUG 2014 | DOI: 10.1002/sec.1045

      Thumbnail image of graphical abstract

      The essence of phishing attacks is brand spoofing, where favicon, logo and copyright notice as the most important brand identities are widely used by phishing criminals to trick victims. In this paper, favicon, logo and copyright features are extracted first; then, redirection, incoming links and Domain Name System resolution information-based brand authorization feature is further extracted to discriminate the sites with branding rights from phishing sites. Based on extracted brand identity and authorization features, statistical anti-phishing classification models are trained.

    3. Balanced double subset difference broadcast encryption scheme

      Shyh-Yih Wang, Wu-Chuan Yang and Ying-Jen Lin

      Article first published online: 5 AUG 2014 | DOI: 10.1002/sec.1093

      Thumbnail image of graphical abstract

      Broadcast encryption is a key-distribution technique for sending encrypted messages to arbitrary groups of users in public channels. In this paper, a symmetric-key-setting scheme, called balanced double subset difference, and its variant, BDSDλ, are proposed. By enlarging the subset collection of the subset difference scheme with special subsets, called balanced subsets, the proposed schemes retain the excellent computational performance of subset difference and offer the capability of reducing transmission costs with a reasonable storage requirement.

    4. Ultra simple way to encrypt non-volatile main memory

      Fangyong Hou and Hongjun He

      Article first published online: 4 AUG 2014 | DOI: 10.1002/sec.1071

      Thumbnail image of graphical abstract

      This paper proposes the address-based counter mode encryption for non-volatile main memory. It is secure and very efficient. It can be implemented with low cost and be deployed conveniently. Additionally, it brings no side-effects to wear-leveling techniques.

  19. Special Issue Papers

    1. WEBridge: west–east bridge for distributed heterogeneous SDN NOSes peering

      Pingping Lin, Jun Bi and Yangyang Wang

      Article first published online: 4 AUG 2014 | DOI: 10.1002/sec.1030

      Thumbnail image of graphical abstract

      This is the first time to propose heterogeneous network operating systems (NOSes) working together. This paper proposes a west–east bridge mechanism for distributed heterogeneous NOSes to cooperate in enterprise/data center/intra-autonomous system networks. To achieve a resilient peer-to-peer control plane of distributed heterogeneous NOSes, we propose a “maximum connection degree”-based connection algorithm. The implementation and deployment in three SDN networks (CERNET, Internet2, and CSTNET) proves the feasibility.

  20. Research Articles

    1. Stateful traffic replay for web application proxies

      Chun-Ying Huang, Ying-Dar Lin, Peng-Yu Liao and Yuan-Cheng Lai

      Article first published online: 1 AUG 2014 | DOI: 10.1002/sec.1053

      Thumbnail image of graphical abstract

      We design and implement ProxyReplay to replay captured application-layer traffic for network proxies. It is an accurate and efficient tool for evaluating proxy functionalities. A proof-of-concept implementation of ProxyReplay is also provided to show that it works well with real-world network traces and proxies.

  21. Call for Papers

    1. You have free access to this content
  22. Research Articles

    1. Enhancing malware detection for Android systems using a system call filtering and abstraction process

      Abdelfattah Amamra, Jean-Marc Robert and Chamseddine Talhi

      Article first published online: 21 JUL 2014 | DOI: 10.1002/sec.1073

      Thumbnail image of graphical abstract

      Improving anomaly-based malware detection techniques using a filtering and abstraction process. This process has positive impacts on the processing performance and the accuracy of the selected malware detection approach.

    2. Duth: a user-friendly dual-factor authentication for Android smartphone devices

      Hui Zhu, Xiaodong Lin, Yun Zhang and Rongxing Lu

      Article first published online: 21 JUL 2014 | DOI: 10.1002/sec.1075

      Thumbnail image of graphical abstract

      In this paper, without adding extra hardware devices, we present a user-friendly, dual-factor authentication scheme, called Duth, for smartphones. Duth scheme is characterized by utilizing the spatial and time features of the user's writing process as two factors of authentication, and a user can be authenticated only if these two features are fulfilled. We implement Duth on a popular mobile platform, Android, and extensive experiments show that Duth can achieve efficient and effective dual-factor authentication.

    3. A provably secure identity-based proxy ring signature based on RSA

      Maryam Rajabzadeh Asaar, Mahmoud Salmasizadeh and Willy Susilo

      Article first published online: 21 JUL 2014 | DOI: 10.1002/sec.1076

      Thumbnail image of graphical abstract

      In this paper, we formalize a security model for identity-based proxy ring signatures for the first time. Then, we present the first provably secure scheme for this primitive using a new paradigm called sequential aggregation under the RSA assumption, in the random oracle model. The proxy key exposure attack cannot be applied to our scheme, and also it outperforms the existing schemes in terms of efficiency and practicality.

    4. Coloring networks for attacker identification and response

      Ashok Singh Sairam, Sangita Roy and Rishikesh Sahay

      Article first published online: 19 JUL 2014 | DOI: 10.1002/sec.1022

      Thumbnail image of graphical abstract

      In this paper, we use distance-2 coloring to traceback and mitigate distributed denial of service attacks. Routers probabilistically mark packets with their color but deterministically compute the path identifier (PID). Victim uses the PID to discriminate incoming packets and collect them in separate groups. Finally, the packets are sorted based on their count to construct the attack path. Performance analysis shows that the scheme is robust to Time To Live spoofing, color spoofing, and multi party traceback.

    5. E-correlator: an entropy-based alert correlation system

      Mohammad GhasemiGol and Abbas Ghaemi-Bafghi

      Article first published online: 18 JUL 2014 | DOI: 10.1002/sec.1039

      Thumbnail image of graphical abstract

      This paper proposes a new alert correlation system based on entropy called E-correlator. The main idea of this paper is that the huge number of raw alerts contains some information that can be displayed by fewer hyper-alerts. For more visualization, we define the hyper-alerts graph, which provides a global view of intrusion alerts. We achieved the promising reduction ratio of 99.98% in LLS_DDOS_1.0 attack scenario in DARPA2000 dataset while the constructed hyper-alerts have enough information to discover the attack scenario.

  23. Research Article

    1. Mobile cloud computing based privacy protection in location-based information survey applications

      Hao Zhang, Nenghai Yu and Yonggang Wen

      Article first published online: 18 JUL 2014 | DOI: 10.1002/sec.1055

      Thumbnail image of graphical abstract

      Our protocol leverages the mobile cloud computing to protect the users' privacy in location-based information survey applications.

  24. Special Issue Papers

    1. Towards efficient deployment of wireless sensor networks

      Hacène Fouchal, Philippe Hunel and Cédric Ramassamy

      Article first published online: 12 JUL 2014 | DOI: 10.1002/sec.1059

      Thumbnail image of graphical abstract

      The study gives a methodology and a tool to design properly an application over wireless sensor networks with a high QoS degree. We have undertaken a set of experimentations in order to extract a road map in order to choose the right parameters. A classification technique has been used for many types of parameters (application, type, routing protocol, network size, and radio range coverage). The tool is able to propose an NS-2 script for the selected parameters.

  25. Research Articles

    1. Multivariate correlation analysis and geometric linear similarity for real-time intrusion detection systems

      Abdelouahid Derhab and Abdelghani Bouras

      Article first published online: 8 JUL 2014 | DOI: 10.1002/sec.1074

      Thumbnail image of graphical abstract

      The relations between features are modeled as a weighted graph, where each weight is the correlation between two features. We perform a composition operation between normal graph and attack graph to generate a strongly-correlated graph. We apply the model on the NSL-KDD dataset. We evaluate the performance of the proposed model under NSL-KDD. The performance evaluation of the proposed model under KDD99 dataset shows better results in terms of receiver operating characteristic distance compared with other multivariate intrusion detection systems targeting denial-of-service attacks.

    2. A nonmonotonic modal authorization logic for pervasive computing

      Ali Noorollahi and Mehran S. Fallah

      Article first published online: 8 JUL 2014 | DOI: 10.1002/sec.1063

      Thumbnail image of graphical abstract

      Modal logics have been employed for authorization in distributed systems. New computing environments, however, pose new challenges in devising appropriate logics. This paper concentrates on the aspects of an effective authorization logic for pervasive computing and develops a nonmonotonic modal logic to this end. In particular, the logic proposed can handle uncertain and imperfect information about the principals and the contexts in which they make their requests.

    3. PoliCon: a policy conciliation framework for heterogeneous mobile ad hoc networks

      Soumya Maity, Soumya K. Ghosh and Ehab Al-Shaer

      Article first published online: 4 JUL 2014 | DOI: 10.1002/sec.990

      Thumbnail image of graphical abstract

      This work presents a policy conciliation framework for co-operating mobile ad-hoc networks (MANETs). The framework helps in finding the optimal conciliation of the policy rules ensuring minimal compromise of policies of the participating MANETs.

    4. BotCatch: leveraging signature and behavior for bot detection

      Yuede Ji, Qiang Li, Yukun He and Dong Guo

      Article first published online: 3 JUL 2014 | DOI: 10.1002/sec.1052

      Thumbnail image of graphical abstract

      We propose a multi-feedback approach, BotCatch, to detect bots effectively and efficiently on host by leverage of a combination of signature and behavior. BotCatch feeds back signature, behavior, and correlation results to dynamically adjust detecting modules. Our experiments indicate that BotCatch achieves an accuracy of 97.1% and F-measure value of 0.982 simultaneously. BotCatch has the ability to gradually get more robust and accurate as samples increase. The final stage even reaches an accuracy of 98.5% and F-measure value of 0.991.

    5. Evaluating and selecting the biometrics in network security

      Che-Hung Liu, Jen-Sheng Wang, Chih-Chiang Peng and Joseph Z. Shyu

      Article first published online: 3 JUL 2014 | DOI: 10.1002/sec.1020

      Thumbnail image of graphical abstract

      Biometrics has widely been considered to strengthen security and privacy in the network security field. This study aims to evaluate biometrics and to provide suggestions for selection. The outcomes first indicate that technology assessment should be the key object in selecting biometric technologies. The outcomes also indicate that features of the target technologies should be considered when evaluating them. In addition, fingerprint recognition, iris recognition, and face recognition are the preferred biometrics in evaluation and selection.

    6. JSOD: JavaScript obfuscation detector

      Ismail Adel AL-Taharwa, Hahn-Ming Lee, Albert B. Jeng, Kuo-Ping Wu, Cheng-Seen Ho and Shyi-Ming Chen

      Article first published online: 1 JUL 2014 | DOI: 10.1002/sec.1064

      Thumbnail image of graphical abstract

      This article presents a novel static-based solution for identifying obfuscated JavaScript code. The proposed solution emphasizes on detecting readably obfuscated scripts in addition to the encoded ones. In contrast, existing methods overlook obfuscation problem either (i) by tackling the problem from readability perspective or (ii) by detecting patterns of obfuscation that are limited to a specific kind of JavaScript malware.

  26. SPECIAL ISSUE PAPER

    1. Introducing touchstroke: keystroke-based authentication system for smartphones

      Georgios Kambourakis, Dimitrios Damopoulos, Dimitrios Papamartzivanos and Emmanouil Pavlidakis

      Article first published online: 1 JUL 2014 | DOI: 10.1002/sec.1061

      Thumbnail image of graphical abstract

      This work introduces touchstroke dynamics aiming to explore the potential of this advanced biometric trait in serving as a second verification factor when authenticating the user of a touchscreen smartphone. Towards this goal, we explore typical scenarios used by the majority of legacy keystroke systems but also consider novel classification features and methodologies along with that employed in typical keystroke analysis. The entire experimental procedure has been carried out on a real smartphone in the Android platform.

  27. Research Articles

    1. A novel mechanism for anonymizing Global System for Mobile Communications calls using a resource-based Session Initiation Protocol community network

      Ioannis Psaroudakis, Vasilios Katos and Pavlos S. Efraimidis

      Article first published online: 26 JUN 2014 | DOI: 10.1002/sec.995

      Thumbnail image of graphical abstract

      In this paper, we propose the use of the Internet not only to lower the costs of Global System for Mobile Communications (cell phone network) calls but also for providing privacy. This is achieved by leveraging privacy enhancing technologies residing on the Internet side and allowing the propagation of a call to reach a user on the mobile phone network.

  28. Special Issue Papers

    1. Comb: a resilient and efficient two-hop lookup service for distributed communication system

      Kai Shuang, Peng Zhang and Sen Su

      Article first published online: 26 JUN 2014 | DOI: 10.1002/sec.1031

      Thumbnail image of graphical abstract

      This paper proposes Comb, which is a hierarchical distributed hash table lookup service. Comb's overlay is organized as a two-layered architecture; workload is distributed evenly among nodes; and most queries can be routed in no more than two hops. Comb is capable to scale to large systems and resilient to fluctuate; it provides a self-managing and self-healing mechanism for supporting system recovery from inconsistence. Comb performs effectively with low bandwidth consumption and satisfactory fault tolerance even in a continuously changing environment.

  29. SPECIAL ISSUE PAPER

    1. Detecting stepping stones by abnormal causality probability

      Sheng Wen, Di Wu, Ping Li, Yang Xiang, Wanlei Zhou and Guiyi Wei

      Article first published online: 23 JUN 2014 | DOI: 10.1002/sec.1037

      Thumbnail image of graphical abstract

      The methods of detecting stepping stones were easily affected by the Internet or the attackers. In this paper, we proposed a new attribute, causality probability, which can avoid these effects.

  30. Special Issue Papers

    1. Modeling, conflict detection, and verification of a new virtualization role-based access control framework

      Yang Luo, Chunhe Xia, Liangshuang Lv, Zhao Wei and Yazhuo Li

      Article first published online: 23 JUN 2014 | DOI: 10.1002/sec.1025

      Thumbnail image of graphical abstract

      This paper enhanced the classic role-based access control model through two concepts: domain and virtual machines. We defined a new model named VRBAC in which authorized users can migrate or copy virtual machines from one domain to another without causing a conflict. Domain users or groups are allowed to share permissions of not only resources such as shared files but also virtual machines with others either from the same or a different domain.

  31. Research Articles

    1. A ciphertext-policy hidden vector encryption scheme supporting multiuser keyword search

      Liao Zhenhua, Wang Jinmiao and Lang Bo

      Article first published online: 22 JUN 2014 | DOI: 10.1002/sec.1044

      Thumbnail image of graphical abstract

      We propose a ciphertext-policy hidden vector encryption scheme that supports multiuser searching on the encrypted data by the method of attributed-based access control. The most important advantage of our scheme is that it is based on bilinear group of prime order. Because the group with prime order is more efficient than the group with composite order, our scheme is more efficient than other constructions.

    2. DMAM: distributed mobility and authentication mechanism in next generation networks

      Muhammad Zubair, Xiangwei Kong and Saeed Mahfooz

      Article first published online: 22 JUN 2014 | DOI: 10.1002/sec.1041

      Thumbnail image of graphical abstract

      A novel network-based Distributed Mobility and Authentication Mechanism is proposed, which offers solutions to the limitations in centralized mobility management. The limitations are single-point failure, non-optimal routing, low scalability, authentication latency, and signaling messages overhead of the mobility protocols. Further, the authentication is based on symmetric cryptographic and collision-free one-way hash function, which is simple to be implemented in mobile devices.

    3. An enhanced Kerberos protocol with non-interactive zero-knowledge proof

      Yuesheng Zhu, Limin Ma and Jinjiang Zhang

      Article first published online: 19 JUN 2014 | DOI: 10.1002/sec.1066

      Thumbnail image of graphical abstract

      In this paper, a new enhanced Kerberos protocol with non-interactive zero-knowledge proof is proposed, in which the clients and the authentication server can mutually authenticate each other without revealing any information during the authentication process. Our security analysis and experimental results have shown that the proposed scheme can resist password-guessing attacks and is more convenient and efficient than previous schemes.

  32. Special Issue Papers

    1. Time synchronization: pivotal element in cloud forensics

      Nikolaos Marangos, Panagiotis Rizomiliotis and Lilian Mitrou

      Article first published online: 19 JUN 2014 | DOI: 10.1002/sec.1056

      Thumbnail image of graphical abstract

      This paper highlights the importance of time synchronization in Cloud log files from the perspective of a forensics investigator. We evaluate the existing time synchronization techniques for cloud computing (CC) and provide a list of guidelines toward the design of cloud forensics aware timekeeping techniques for CC.

    2. An architecture for secure mobile devices

      René Mayrhofer

      Article first published online: 17 JUN 2014 | DOI: 10.1002/sec.1028

      Thumbnail image of graphical abstract

      This article proposes an architecture for mobile devices to address the most important security challenge: an end-to-end secure channel from users to services. Securing input and output is difficult because the complexity of current mobile platforms implies that they cannot be fully trusted. A combination of virtualization, secure hardware, and minor hardware additions can address the problem.

  33. Review Articles

    1. Elliptic-curve scalar multiplication algorithm using ZOT structure

      Hani Almimi, Azman Samsudin and Shahram Jahani

      Article first published online: 15 JUN 2014 | DOI: 10.1002/sec.1047

      Thumbnail image of graphical abstract

      The computation of kP over elliptic curves is done using new ZOTEC method that is based on ZOT recoding method was proposed to accelerate the EC computations. ZOTEC is a bidirectional method. ZOTEC multiplication and recoding is more efficient than other methods in terms of field complexity and time complexity.

  34. Research Articles

    1. Reversible data embedding for vector quantization compressed images using search-order coding and index parity matching

      Chuan Qin, Chin-Chen Chang, Gwoboa Horng, Ying-Hsuan Huang and Yen-Chang Chen

      Article first published online: 15 JUN 2014 | DOI: 10.1002/sec.1046

      Thumbnail image of graphical abstract

      The proposed reversible data embedding can embed one secret bit into both the search-order coding index and the vector quantization index. The compression ratio of our method can approximate that of the standard search-order coding method with no secret message embedded. Base on the embedding mechanism of index parity matching, the performances of hiding capacity and compression for our method are satisfactory, which are also not influenced by the distribution of secret bits.

    2. A short and highly efficient identity-based designated verifier proxy signature scheme

      Xiaoming Hu, Jian Wang, Huajie Xu and Wenan Tan

      Article first published online: 15 JUN 2014 | DOI: 10.1002/sec.1048

      Thumbnail image of graphical abstract

      In this paper, we present a formal definition of security model for identity-based designated verifier proxy signature (ID-DVPS) scheme. We also propose a novel ID-DVPS scheme and show a formal security proof of our new scheme based on the bilinear Diffie–Hellman assumption. Compared with other ID-DVPS schemes, it has the following advantages: lower computational cost and shorter signature size (only one element is needed for a signature).

    3. Data privacy breach prevention framework for the cloud service

      Chandramohan Dhasarathan, Vengattaraman Thirumal and Dhavachelvan Ponnurangam

      Article first published online: 15 JUN 2014 | DOI: 10.1002/sec.1054

      Thumbnail image of graphical abstract

      Service provider's trusted segmented approaches encourage the global smart users for preserving valuable information in cloud environment to enjoy the benefits of the cloud. Storage service is a serious issue for both the providers and the cloud users. It is noticed that preserving user's privacy as a whole during data as a service is a contemporary research in the cloud era. Framework-based approach for preserving ones personal data in storage service is a milestone for the cloud environment.

    4. Defense mechanisms against Sybil attack in vehicular ad hoc network

      Mahdiyeh Ali Mohammadi and Ali A. Pouyan

      Article first published online: 12 JUN 2014 | DOI: 10.1002/sec.1049

      Thumbnail image of graphical abstract

      This paper presents a research study on defense mechanisms for Sybil attack detection in vehicular ad hoc network. First, it organizes all mechanisms into three general categories; and then discusses about advantages and problems for selected recent works to be applicable. In some cases, it provides the solutions for problems that indicate a number of open research issues.

    5. A dynamic key management scheme for dynamic wireless sensor networks

      Seyed Hossein Erfani, Hamid H.S. Javadi and Amir Masoud Rahmani

      Article first published online: 10 JUN 2014 | DOI: 10.1002/sec.1058

      Thumbnail image of graphical abstract

      In this paper, we propose a new key management scheme, which uses key pre-distribution and post-deployment key establishment mechanisms for dynamic wireless sensor networks. The proposed approach ensures that the two communicating nodes share at least one common key. It also provides efficient ways for key generation and revocation as well as addition or deletion of mobile sensor nodes.

    6. Defeat scanning worms in cyber warfare

      Fu-Hau Hsu, Li-Han Chen and Chia-Jun Lin

      Article first published online: 10 JUN 2014 | DOI: 10.1002/sec.1019

      Thumbnail image of graphical abstract

      Our analyses show that with only a small number of SSSs and through chain counterattacks, Serum System can automatically and rapidly defeat related infected hosts. Compared with white worms whose spread cannot be controlled, Serum System only spreads on infected hosts. The amount of accumulative traffic saved by Serum System at time tick 450 reached 90%.

    7. A virtual bridge certificate authority-based cross-domain authentication mechanism for distributed collaborative manufacturing systems

      Wenfang Zhang, Xiaomin Wang and Muhammad Khurram Khan

      Article first published online: 10 JUN 2014 | DOI: 10.1002/sec.1051

      Thumbnail image of graphical abstract

      In order to realize efficient cross-domain authentications in virtual enterprises (VEs), a novel virtual bridge certificate authority trust model is put forward, based on which an effective cross-domain certification scheme is further presented using the threshold elliptic curve cryptosystem signature algorithm. Analysis shows that the new scheme has the advantages of simple construction of inter-enterprise certification paths, low cost, high bit security, high efficiency, conspiracy attack resistance, and adaptability to diverse collaboration modes of VE, which make it suitable for cross-authentications in VEs especially for resource-limited applications.

    8. Design and implementation of a malware detection system based on network behavior

      L. Xue and G. Sun

      Article first published online: 9 JUN 2014 | DOI: 10.1002/sec.993

      Thumbnail image of graphical abstract

      In this paper, an innovative malicious software detection method based on the network flow features instead of the communication data is presented. This method does not need feature library to do detection, so it has much better detectability than the techniques which detect based on feature library. Moreover, this method is evaluated with a prototype system named DTrojan and achieves very good performance.

  35. SPECIAL ISSUE PAPER

    1. A connectivity resilient dynamic multi-channel assignment method for VANET

      Tong Zhao, Shanbo Lu, Wei Yan and Xiaoming Li

      Article first published online: 9 JUN 2014 | DOI: 10.1002/sec.1032

      Thumbnail image of graphical abstract

      Using Multi-channel will impact network connectivity. The mobility scenario will make the channel assignment even harder. This paper presents a channel usage-based dynamic assignment method for VANET, which can switch channels to utilize the multi-channel resource efficiently, while still keeping the network connectivity as good as single channel network.

  36. Research Articles

    1. Bloom-filter based IP-CHOCK detection scheme for denial of service attacks in VANET

      Karan Verma and Halabi Hasbullah

      Article first published online: 2 JUN 2014 | DOI: 10.1002/sec.1043

      Thumbnail image of graphical abstract

      Summary:

      1. To propose, design, and evaluate a new filtering detection protocol with the development of algorithms for filtering denial of service attacks in vehicular ad hoc network.

      2. To verify through extensive simulation the performance of the proposed protocols with the established and state-of-the-art contemporary protocols.

    2. A novel automated framework for modeling and evaluating covert channel algorithms

      Fahimeh Rezaei, Michael Hempel and Hamid Sharif

      Article first published online: 29 MAY 2014 | DOI: 10.1002/sec.1013

      Thumbnail image of graphical abstract

      Automated Covert Channel Modeling is an accurate and reliable approach that converts the general description of covert channel algorithms to a fully functional executable code. This code can be used in a simulation environment or a real network platform to establish a covert communication channel. The main objective of defining this framework is to observe and analyze the behavior of diverse covert channel algorithms and their characteristic, in order to be able to study effective solutions for detecting and disrupting covert communication.

  37. Special Issue Papers

    1. Cooperative monitoring BGP among autonomous systems

      Ning Hu, BaoSheng Wang and Xin Liu

      Article first published online: 29 MAY 2014 | DOI: 10.1002/sec.1024

      Thumbnail image of graphical abstract

      This paper presents a Border Gateway Protocol (BGP) monitoring method, which is called cooperative information sharing model (CoISM). CoISM can provide autonomous systems with a more comprehensive information view. CoISM optimizes the information transmission by leveraging the data locality caused by BGP policy and implements ISP coordination with low communication and deployment cost. More specifically, CoISM provides a self-organizing and incentive mechanism, which drives autonomous systems to coordinate independently and shares information on-demand.

    2. AutoMal: automatic clustering and signature generation for malwares based on the network flow

      Sun Hao, Wen Wang, Huabiao Lu and Peige Ren

      Article first published online: 29 MAY 2014 | DOI: 10.1002/sec.1029

      Thumbnail image of graphical abstract

      This paper presents AutoMal, a system for automatically extracting signatures from large-scale malware, and our main contribution is putting forward the concept hashing signature and developing the corresponding mechanism constituted by three methods in the paper. We utilize feature hashing for high-dimensional feature spaces reducing and propose cross association with median filtering for malware clustering then provide Bayesian selection for signature generating and evaluating. The results show that AutoMal can generate strongly noise-resisted signatures that exactly show the characteristics of malware.

  38. Research Articles

    1. Evaluation of entropy-based detection of outbound denial-of-service attacks in edge networks

      Ilija Basicevic, Stanislav Ocovaj and Miroslav Popovic

      Article first published online: 26 MAY 2014 | DOI: 10.1002/sec.1040

      Thumbnail image of graphical abstract

      The entropy-based method has been compared with a known method for detection of Synchronize sequence numbers (SYN) flood attacks, which relies on application of Cumulative sum control chart (CUSUM) algorithm over the number of SYN packets. The experimental evaluation confirms that entropy-based detection does not reach the performance of a method tailored for a specific type of attack but it has generality that allows the use in viable detection of a range of attacks.

    2. On cross-correlation properties of S-boxes and their design using semi-bent functions

      Enes Pasalic, Samed Bajrić and Milan Djordjević

      Article first published online: 26 MAY 2014 | DOI: 10.1002/sec.1035

      Thumbnail image of graphical abstract

      In addition,

      1. A sufficient condition that the absolute indicator of two bent functions achieves its lowest value is derived

      2. A construction of substitution boxes with good autocorrelation properties from vectorial bent functions is given.

      3. Two classes of nonlinear vectorial semi-bent functions with good autocorrelation properties are proposed.

    3. A new certificateless signature scheme under enhanced security models

      Kee Sung Kim and Ik Rae Jeong

      Article first published online: 26 MAY 2014 | DOI: 10.1002/sec.1036

      Thumbnail image of graphical abstract

      We construct the first certificateless signature scheme that can be proven secure against malicious-but-passive key generation center attack of super adversaries. Moreover, our scheme is still secure when the adversary is allowed to obtain valid signatures on the target identity and message. Our construction is based on the hard lattice problems in the random oracle model.

  39. Special Issue Papers

    1. Authentication and key relay in medical cyber-physical systems

      Mohammed Raza Kanjee and Hong Liu

      Article first published online: 8 MAY 2014 | DOI: 10.1002/sec.1009

      Thumbnail image of graphical abstract

      This non-cryptographic authentication scheme, with relay of one-time key, offers an efficient security solution to medical cyber-physical systems. The holistic analysis of medical processes and healthcare adversaries leads to utilizing the unique features present in wireless body area network. The novel design builds on a secure architecture across physical world and cyber space with strategic resource allocation for economic security.

    2. Identifying an OpenID anti-phishing scheme for cyberspace

      Haider Abbas, Moeen Qaemi Mahmoodzadeh, Farrukh Aslam Khan and Maruf Pasha

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1027

      Thumbnail image of graphical abstract

      This paper aims at identifying and discussing solution to OpenID Phishing by proposing a user authentication scheme that allows OpenID providers to identify a user using publicly known entities. The authentication scheme is also validated through detailed descriptions of use cases and prototype implementation.

  40. Research Article

    1. A new efficient signcryption scheme in the standard model

      Zheng Yang

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1034

      Thumbnail image of graphical abstract

      We introduce an efficient signcryption scheme for hybrid authenticated encryption that is provably secure in the standard model under a strong multiuser insider setting. Our new signcryption scheme is built on the basis of a variant of Boneh-CBoyen short signature, which works under bilinear groups. The new construction idea is to reuse the signature value to derive the encryption key. This could dramatically save not only the computational cost but also the communication bandwidth.

  41. Research Articles

    1. Reliability enhancement for CIR-based physical layer authentication

      Jiazi Liu, Ahmed Refaey, Xianbin Wang and Helen Tang

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1014

      Thumbnail image of graphical abstract

      In this article, we propose three channel impulse response (CIR) based physical layer authentication schemes, which exploit the inherent properties of CIR to enhance the authentication reliability under a binary hypothesis testing in mobile communications. Specifically, the reliability of authentication is enhanced by mitigating the noise components of CIR estimates, deriving CIR difference based on a channel predictor, and observing multiple CIR differences in the final decision, respectively.

  42. Special Issue Papers

    1. Trust dynamic task allocation algorithm with Nash equilibrium for heterogeneous wireless sensor network

      Wen Zhong Guo, Jia Ye Chen, Guo Long Chen and Hai Feng Zheng

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1026

      Thumbnail image of graphical abstract

      A trust dynamic task allocation algorithm is proposed to address the task allocation problem for a heterogeneous wireless sensor network (WSN). A discrete particle swarm optimization is designed to generate a structure of the parallel coalitions. Task strategies and payoff functions by invoking the game theory in WSNs are designed.

  43. Research Articles

    1. Attribute-based signature for threshold predicates from lattices

      Qingbin Wang and Shaozhen Chen

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1038

      Thumbnail image of graphical abstract

      This paper presents an attribute-based signature scheme for the case of threshold predicates from lattices. This scheme is existentially unforgeable against selective predicate and static chosen message attacks in the standard model, with respect to the hardness of the small integer solution problem. To the best of our knowledge, this work constitutes the first attribute-based signature scheme based on lattices.

    2. Efficient techniques of key management and quantum cryptography in RFID networks

      Vijey Thayananthan, Ahmed Alzahrani and Muhammad Shuaib Qureshi

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1005

      Thumbnail image of graphical abstract

      In order to maximize the data security and secure transmission around radio frequency identification (RFID) network, theoretical model of the quantum key management system based on RFID is introduced. Novelties in this research are security keys of which quantum cryptography is being utilized in RFID network with continuous key updates. To maximize the security and minimize the complexity in key management, quantum cryptography with Grover's algorithm is introduced as a method in RFID network environments and is proved.

    3. Analysis and improvement of a multi-factor biometric authentication scheme

      Liling Cao and Wancheng Ge

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1010

      Thumbnail image of graphical abstract

      Multi-Factor Biometric Authentication (MFBA) comes to be a promising technology to enhance the security in wireless communication. Several attacks to some existing MFBA schemes have been demonstrated. A modified MFBA scheme has been proposed with security formal analysis using BAN-logic, which demonstrates that the modified scheme with slight high computation costs can protect against several possible attacks.

    4. Making air traffic surveillance more reliable: a new authentication framework for automatic dependent surveillance-broadcast (ADS-B) based on online/offline identity-based signature

      Joonsang Baek, Young-ji Byon, Eman Hableel and Mahmoud Al-Qutayri

      Article first published online: 7 MAY 2014 | DOI: 10.1002/sec.1021

      Thumbnail image of graphical abstract

      In this paper, we propose an authentication framework for automatic dependent surveillance-broadcast system for the future e-enabled aircrafts. The proposed framework is based on our new online/offline identity-based signature scheme. This scheme resolves the public-key infrastructure management issue by using the identities of aircrafts as public keys and makes it possible to frequently sign automatic dependent surveillance-broadcast messages exchanged between aircrafts and ground controllers through online/offline signature generation.

    5. An authorization model for cross-enterprise collaborations

      Fotios I. Gogoulos, Anna Antonakopoulou, Georgios V. Lioudakis, Aziz S. Mousas, Dimitra I. Kaklamani and Iakovos S. Venieris

      Article first published online: 5 MAY 2014 | DOI: 10.1002/sec.1000

      Thumbnail image of graphical abstract

      In this paper, an authorization framework toward the protection of sensitive resources in the context of cross-enterprise scenarios is presented. The proposed framework is founded on the utilization of a semantic information model, which integrates individual privacy preferences, organizational access control rules, and information handling policies into the authorization determination procedure. Partners within the framework are organized in a bridged federated architecture in order to ensure the semantic and trust interoperability of the emerging transactions.

    6. Meet-in-the-middle fault analysis on word-oriented substitution-permutation network block ciphers

      Zhiqiang Liu, Ya Liu, Qingju Wang, Dawu Gu and Wei Li

      Article first published online: 5 MAY 2014 | DOI: 10.1002/sec.1015

      Thumbnail image of graphical abstract

      Observe that some special properties of the diffusion layers of word-oriented substitution-permutation network block ciphers can be exploited to facilitate the meet-in-the-middle fault attacks on the ciphers. Mount efficient meet-in-the-middle fault attacks on ARIA and AES are based on our observations.

    7. Modified data encryption standard encryption algorithm with improved error performance and enhanced security in wireless fading channels

      Walid Y. Zibideh and Mustafa M. Matalgah

      Article first published online: 5 MAY 2014 | DOI: 10.1002/sec.1003

      Thumbnail image of graphical abstract

      This paper presents a new encryption algorithm that addresses the strict avalanche criterion in wireless communication channels. The performance of the proposed algorithm is evaluated in different channel conditions and is shown to outperform well-known standardized encryption algorithms in terms of the probability of correct reception, security, and complexity.

    8. A fault recovery-based scheduling algorithm for cloud service reliability

      Ping Qi and Longshu Li

      Article first published online: 5 MAY 2014 | DOI: 10.1002/sec.1017

      Thumbnail image of graphical abstract

      Considered the unreliable and dynamic characteristics of cloud computing, cloud service failures are inevitable, which have an adverse effect on task execution and scheduling. To improve cloud service reliability, we first analyze the fault recovery mechanism, and then, cloud failures considered in this paper are classified into two categories: unrecoverable failures and recoverable failures. By integrating the existing dynamic level scheduling (DLS) algorithm, a novel scheduling algorithm based on fault recovery mechanism named fault recovery-based DLS algorithm is proposed to reduce the failure probability of task assignments. The experimental results confirm that fault recovery mechanism can meet the reliability requirements of cloud computing infrastructures and the proposed algorithm can effectively ensure trustworthy execution of tasks.

    9. Remote three-factor authentication scheme based on Fuzzy extractors

      Min Zhang, Jiashu Zhang and Ying Zhang

      Article first published online: 5 MAY 2014 | DOI: 10.1002/sec.1016

      Thumbnail image of graphical abstract

      From the table in the succeeding text, we can see that the proposed scheme is more secure and more reasonable than Lee and Hsu's scheme. We also provide a new method to achieve three-factor authentication scheme.

    10. Mahalanobis distance similarity measure based distinguisher for template attack

      Hailong Zhang, Yongbin Zhou and Dengguo Feng

      Article first published online: 5 MAY 2014 | DOI: 10.1002/sec.1033

      Thumbnail image of graphical abstract

      In this paper, we propose the Mahalanobis distance similarity measure based template attack (MDSM-based TA). We show the relationship between MDSM-based TA and maximum likelihood principle based TA. Experimental results verify that, in the same attack scenario, the key-recovery efficiency of MDSM-based TA can be higher than that of maximum likelihood principle based TA.

  44. Special Issue Papers

    1. Location-preserved contention-based routing in vehicular ad hoc networks

      Qing Yang, Alvin Lim, Xiaojun Ruan, Xiao Qin and Dongjin Kim

      Article first published online: 11 APR 2014 | DOI: 10.1002/sec.1008

      Thumbnail image of graphical abstract

      Using pseudonyms and dummy distance to destination information, the proposed location preserved contention based routing protocol can achieve 11.7% improvement on network performance and a higher level of location privacy protection compared with the second best protocol-contention-based forwarding active selection.

  45. Research Articles

    1. Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy

      Mohsen Toorani

      Article first published online: 11 APR 2014 | DOI: 10.1002/sec.1018

      Thumbnail image of graphical abstract

      This paper considers security analysis of a cross-realm client-to-client password-authenticated for secure email. In this paper, it is shown that the protocol does not provide the claimed property of perfect forward secrecy; is vulnerable to some attacks including dictionary, replay, and password-compromise impersonation attacks; and has some other defects that are explained in the paper.

  46. Special Issue Papers

    1. Single authentication through in convergence space using collaborative smart cameras

      Geon Woo Kim, Jong Wook Han, Deok Gyu Lee and Sang Wook Kim

      Article first published online: 4 APR 2014 | DOI: 10.1002/sec.1007

      Thumbnail image of graphical abstract

      In this paper, we suggest a single authentication through, a scheme to access any ubiquitous service with single authentication at initial stage for efficiently identifying an object moving multiple convergences spaces. This is performed by enabling distributed smart cameras to deliver identifiers temporarily generated during the object's handover.

  47. Research Articles

    1. n-Evasive all-but-many lossy trapdoor function and its constructions

      Zhengan Huang, Shengli Liu and Kefei Chen

      Article first published online: 4 APR 2014 | DOI: 10.1002/sec.1002

      Thumbnail image of graphical abstract

      In this paper, we propose the notion of n-evasive all-but-many lossy trapdoor functions and show two constructions of it. The first construction is based on the decisional composite residuosity assumption, and the second one is from chameleon hash functions and all-but-n lossy trapdoor functions. Both of the constructions are based on reasonable assumptions with tight security reductions.

    2. Efficient and fault-diagnosable authentication architecture for AMI in smart grid

      Depeng Li, Zeyar Aung, John R. Williams and Abel Sanchez

      Article first published online: 4 APR 2014 | DOI: 10.1002/sec.1006

      Thumbnail image of graphical abstract

      Authentication is crucial for large-scale advanced metering infrastructure (AMI), which is one of the most prominent features of smart grids. However, AMI's natural requirements—efficiency, scalability, fault diagnoses, and reliability—cannot be fully satisfied by existing authentication schemes. Our efficient authentication architecture is proposed for AMI. We not only integrate a set of efficient authentication schemes but also design corresponding fault diagnosis algorithms. Our system is implemented on emulated smart meters and commodity servers. Experimental results demonstrate its high efficiency.

    3. SAV4AV: securing authentication and verification for ad hoc vehicles

      Jian Wang, Yiwen Xu, Jindong Zhang, Yanheng Liu and Weiwen Deng

      Article first published online: 3 APR 2014 | DOI: 10.1002/sec.1011

      Thumbnail image of graphical abstract

      Securing authentication and verification for ad hoc vehicles permits a new vehicle to join in a platoon through collaborating with t existing vehicles and thereby to accomplish identity authentication and integrity verification.

    4. Residual energy-based replica detection scheme for mobile wireless sensor networks

      Alekha Kumar Mishra and Ashok Kumar Turuk

      Article first published online: 3 APR 2014 | DOI: 10.1002/sec.1012

      Thumbnail image of graphical abstract

      We proposed a distributed node replica detection mechanism in mobile wireless sensor networks. The mechanism uses residual energy information of a node to detect replica in the network. The proposed mechanism has higher detection probability, and lower detection time and communication overhead.

SEARCH

SEARCH BY CITATION