Security and Communication Networks

Cover image for Vol. 8 Issue 8

Early View (Online Version of Record published before inclusion in an issue)

Edited By: Hsiao-Hwa Chen and Hamid R. Sharif

Impact Factor: 0.433

ISI Journal Citation Reports © Ranking: 2013: 66/78 (Telecommunications); 116/135 (Computer Science Information Systems)

Online ISSN: 1939-0122

  1. Research Article

    1. Anomaly detection based on efficient Euclidean projection

      Longqi Yang, Guyu Hu, Dong Li, Yibing Wang, Bo Jia and Zhisong Pan

      Article first published online: 13 APR 2015 | DOI: 10.1002/sec.1247

      Thumbnail image of graphical abstract

      This paper presents an on-line network traffic anomaly-detection scheme, which is based on the sparse feature selection method, lasso. The empirical study shows that lasso can be solved quickly by applying the efficient Euclidean projection method; it resolves the feature selection step faster than using three classical L1-min solvers. In terms of overall accuracy, true positive rate, false positive rate, precision, and F-measure, the proposed scheme improves the quality of detection.

  2. Research Articles

    1. A static heuristic approach to detecting malware targets

      Mohaddeseh Zakeri, Fatemeh Faraji Daneshgar and Maghsoud Abbaspour

      Article first published online: 8 APR 2015 | DOI: 10.1002/sec.1228

      Thumbnail image of graphical abstract

      In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomalies exception in benign files that improved our detection.

    2. A secure and privacy-preserving event reporting scheme for vehicular Ad Hoc networks

      Khaled Rabieh, Mohamed M. E. A. Mahmoud, Marianne Azer and Mahmoud Allam

      Article first published online: 8 APR 2015 | DOI: 10.1002/sec.1251

      Thumbnail image of graphical abstract

      In vehicular ad hoc networks, vehicles should report events to warn other drivers of unexpected hazards on the roads. While these reports can contribute to safer driving, vehicular ad hoc networks suffer from various security threats; a major one is Sybil attacks. We propose a secure event-reporting scheme that is resilient to Sybil attacks with its two forms singular and colluding Sybil attacks. We also propose an efficient pseudonym generation technique based on symmetric key cryptography that boosts the privacy of the drivers.

    3. A static Android malicious code detection method based on multi-source fusion

      Yao Du, Xiaoqing Wang and Junfeng Wang

      Article first published online: 30 MAR 2015 | DOI: 10.1002/sec.1248

      Thumbnail image of graphical abstract

      We establish a feature collection mechanism, which contains different level static characteristics. Android malware detection method based on machine learning and Dempster–Shafer theory is designed. To evaluate our method and verify its efficiency, various kinds of Android app samples and multiple validation strategies are used in our experiments.

    4. Enabling secure and efficient kNN query processing over encrypted spatial data in the cloud

      Xiang Cheng, Sen Su, Yiping Teng and Ke Xiao

      Article first published online: 30 MAR 2015 | DOI: 10.1002/sec.1245

      Thumbnail image of graphical abstract

      In this paper, to take one step closer towards practical deployment of location-based services in the cloud, we present a secure and efficient k-nearest neighbor (kNN) query scheme for effectively processing kNN queries over encrypted spatial data. Thorough analysis shows the validity and security of the proposed scheme. Extensive experimental results on real datasets further demonstrate the proposed scheme can achieve high efficiency and good scalability.

    5. User authentication scheme preserving anonymity for ubiquitous devices

      Benchaa Djellali, Kheira Belarbi, Abdallah Chouarfia and Pascal Lorenz

      Article first published online: 26 MAR 2015 | DOI: 10.1002/sec.1238

      Thumbnail image of graphical abstract

      Pervasive computing environment includes a variety of network protocols and is expected to support many service models. To allow only legitimate users, securisation of interaction between mobile users and service providers must be performed. But, over an insecure communication channel, it is difficult to definitely decide which infrastructure and which mechanism of authentication are suitable for pervasive network. Based on a stochastic process with Markov property, the proposed scheme aims to provide both user anonymity and mutual authentication, and to achieve user privacy with security and functionality requirements satisfaction.

  3. Research Article

    1. A biometrics and smart cards-based authentication scheme for multi-server environments

      Yanrong Lu, Lixiang Li, Haipeng Peng and Yixian Yang

      Article first published online: 26 MAR 2015 | DOI: 10.1002/sec.1246

      Thumbnail image of graphical abstract

      We presented an enhanced scheme regarding performance and security properties. The highlight of our scheme is that it not only conquers the flaws but also is efficient compared with other related authenticated key agreement schemes.

  4. Research Articles

    1. Vulnerabilities of an ECC-based RFID authentication scheme

      Nan Li, Yi Mu, Willy Susilo, Fuchun Guo and Vijay Varadharajan

      Article first published online: 26 MAR 2015 | DOI: 10.1002/sec.1250

      Thumbnail image of graphical abstract

      This paper reviews a recent radio frequency identification authentication protocol that has some flaws. We provide different solutions to address issues and propose a repaired protocol. We give formal models of security, and the proposed protocol is proven secure.

  5. Research Article

    1. A comprehensive fault-tolerant framework for wireless sensor networks

      Mehdi Afsar

      Article first published online: 26 MAR 2015 | DOI: 10.1002/sec.1249

      Thumbnail image of graphical abstract

      In this paper, we proposed fault-tolerant scheme, a secure service for clustered sensor networks. The main contributions of the fault-tolerant scheme are as follows: (i) proposing a novel spare cluster head election based on the proximity to the cluster head; (ii) showing the importance of having rich-energy cluster heads; and (iii) proposing a method for fault detection based on message exchange by which the probability of false detection for cluster heads gets zero, approximately.

  6. Special Issue Papers

    1. A security and trust framework for virtualized networks and software-defined networking

      Zheng Yan, Peng Zhang and Athanasios V. Vasilakos

      Article first published online: 26 MAR 2015 | DOI: 10.1002/sec.1243

      Thumbnail image of graphical abstract

      This paper indicates open research issues and future research directions of 5G security and trust in the context of virtualized networking and SDN. We propose a framework of security and trust focusing on solving 5G network security issues. The proposed framework applies adaptive trust evaluation and management technologies and sustainable trusted computing technologies to ensure computing platform trust and achieve software-defined network security. It adopts cloud computing to securely deploy various trustworthy security services over the virtualized networks.

  7. Research Articles

    1. BAFi: a practical cryptographic secure audit logging scheme for digital forensics

      Panos Kampanakis and Attila A. Yavuz

      Article first published online: 26 MAR 2015 | DOI: 10.1002/sec.1242

      Thumbnail image of graphical abstract

      Audit logs provide information about historical states of computer systems. They also contain highly valuable data that can be used by law enforcement in forensic investigations. Thus, ensuring the authenticity and integrity of audit logs is of vital importance. An ideal security mechanism for audit logging must also satisfy security properties such as forward security (compromise resiliency), compactness, and computational efficiency.

  8. Research Article

    1. Signcryption KEM/tag-KEM, revisited

      Xiangxue Li, Haifeng Qian, Yu Yu, Jian Weng and Yuan Zhou

      Article first published online: 25 MAR 2015 | DOI: 10.1002/sec.1232

      Thumbnail image of graphical abstract

      We define for KEM/tag-KEM new confidentiality and unforgeability models with respect to adversarially chosen keys. The adversaries are given more advantageous attack environment than existing models in the literature. Under the models, new constructions are presented based on CDH and DBDH assumptions.

  9. Research Articles

    1. Designs, analyses, and optimizations for attribute-shuffling obfuscation to protect information from malicious cloud administrators

      Hiroshi Fujinoki

      Article first published online: 25 MAR 2015 | DOI: 10.1002/sec.1231

      Thumbnail image of graphical abstract

      The proposed data/command obfuscation at the security gateway allows Database Management System at a cloud server process users' queries on obfuscated records while their meaning is hidden from any malicious Insiders, including malicious system admins. The most significant weakness is the increase in table size and network bandwidth to carry dummy queries. The crate constructor effectively reduces this overhead in such a way that, under heavy workload, there will not be any increase in data and network traffic load, making this solution a practical solution.

  10. Special Issue Papers

    1. A privacy-preserving distance-based incentive scheme in opportunistic VANETs

      Jun Song, ChunJiao He, Fan Yang and HuanGuo Zhang

      Article first published online: 25 MAR 2015 | DOI: 10.1002/sec.1211

      Thumbnail image of graphical abstract

      This paper proposes an efficient privacy-preserving distance-based incentive scheme especially for opportunistic vehicular ad-hoc networks. This proposed scheme describes a novel opportunistic routing framework to provide three properties: the confidentiality of nodes location information, the integrity of the message carried distance, and the availability of location privacy preserving. A comprehensive performance, including security analysis, and performance evaluation, is presented to show that the proposed framework is secure, efficient, and practical.

  11. Research Articles

    1. A strongly secure identity-based authenticated key agreement protocol without pairings under the GDH assumption

      Haiyan Sun, Qiaoyan Wen, Hua Zhang and Zhengping Jin

      Article first published online: 23 MAR 2015 | DOI: 10.1002/sec.1241

      Thumbnail image of graphical abstract

      We propose an identity-based authenticated key agreement (ID-AKA) protocol without bilinear pairings, which can satisfy ephemeral secrets leakage resistance. We prove its security in the extended Canetti–Krawczyk (eCK) model, which not only can capture resistance to leakage of ephemeral secret keys but also can capture another basic security properties such as master key forward security and key compromise impersonation resistance. Compared with the existing ID-AKA protocols, our protocol has advantages over them in security or efficiency.

    2. A high capacity data hiding algorithm for H.264/AVC video

      Mehdi Fallahpour, Shervin Shirmohammadi and Mohammad Ghanbari

      Article first published online: 17 MAR 2015 | DOI: 10.1002/sec.1221

      Thumbnail image of graphical abstract

      Data hiding methods embed a secret signal directly into the original media in an imperceptible manner. In video data hiding, the watermark can be embedded either into an uncompressed video sequence or compressed video stream, although the great majority of streamed video through the Internet are compressed, so data hiding in compressed video is popular. This article presents an information hiding algorithm for H.264/AVC video stream. It utilizes position of the last non zero level of quantized discrete cosine transform (QDCT) block to embed information bits.

    3. Karatsuba–Block-Comb technique for elliptic curve cryptography over binary fields

      Hwajeong Seo, Zhe Liu, Jongseok Choi and Howon Kim

      Article first published online: 16 MAR 2015 | DOI: 10.1002/sec.1237

      Thumbnail image of graphical abstract

      In this paper, we focus on enhancing the performance of scalar multiplication over GF(2m) by suggesting a new technique for speeding up the performance of multiplication, called KaratsubaŰBlock-Comb multiplication. Karatsuba–Block-Comb method combines the advantages of both Karatsuba algorithm and Block-Comb method. This technique replaces the part of expensive Block-Comb binary field multiplications with several cheap additions by following Karatsuba rule. In case of squaring, we describe an optimized squaring algorithm with 8-bit look-up table that is significantly faster than previous works with 4-bit look-up table.

    4. Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching

      Qin Liao, Hong Li, Songlin Kang and Chuchu Liu

      Article first published online: 13 MAR 2015 | DOI: 10.1002/sec.1236

      Thumbnail image of graphical abstract

      Two feature sequences from Web logs are extracted to represent characteristics of user behavior, and application layer DDoS attack detection system architecture based on feature sequences is presented. A classification algorithm called sparse vector decomposition and rhythm matching (SVD-RM), which is based on sparse vector decomposition and rhythm matching, is proposed. A cluster algorithm with label, called L-Kmeans, is also proposed as an embedded classifier in SVD-RM.

    5. A novel weighted threshold secret image sharing scheme

      Mingchu Li, Shu Ma and Cheng Guo

      Article first published online: 13 MAR 2015 | DOI: 10.1002/sec.1233

      Thumbnail image of graphical abstract

      In this paper, we considered the problem of secret image sharing with the weighted threshold access structure, which means different participants can have different status and significance. With this approach, each shadow image has one weight, and the secret image can be reconstructed losslessly if, and only if, the sum of all of the shadow images' weights is no less than the given weight threshold.

  12. Special Issue Papers

    1. An ID-based node key management scheme based on PTPM in MANETs

      Guang Yang, Jiqiang Liu and Lei Han

      Article first published online: 12 MAR 2015 | DOI: 10.1002/sec.1206

      Thumbnail image of graphical abstract

      The combined public key based on elliptic-curve cryptography was adopted in our identity-based key management scheme. The keys were protected and managed by the next generation protected storage of portable trusted platform module. We show that our scheme is semantically secure under the elliptic-curve DDH assumption. Also, the performance evaluation of proposed scheme in a real-world ad hoc network indicates the feasibility in practice.

  13. Research Articles

    1. Model driven security framework for software design and verification

      Engin Deveci and Mehmet U. Caglayan

      Article first published online: 12 MAR 2015 | DOI: 10.1002/sec.1200

      Thumbnail image of graphical abstract

      In this paper, we propose a new framework, Model Driven Security Framework (MDSF), for the analysis, design, and evaluation of security properties of information systems. Our aim is to support information system developers and evaluation authorities who implement the higher-level Common Criteria (Levels 6 and 7) security assurance process using formal methods based on Unified Modelling Language (UML), Object Constraint Language (OCL), Promela, and Spin.

    2. Group authenticated key exchange schemes via learning with errors

      Xiaopeng Yang, Wenping Ma and Chengli Zhang

      Article first published online: 5 MAR 2015 | DOI: 10.1002/sec.1239

      Thumbnail image of graphical abstract

      We construct a novel passively secure group key exchange (GKE) scheme via learning with errors (LWE). Then, we generalize it to a GKE scheme from ring-LWE. Based on our GKE from LWE, we build a group-authenticated key exchange scheme via LWE. One of our innovative points is a simple and practical robust extractor.

    3. An efficient and tunable matrix-disguising method toward privacy-preserving computation

      Yulong Wang and Yi Li

      Article first published online: 5 MAR 2015 | DOI: 10.1002/sec.1235

      Thumbnail image of graphical abstract

      The matrix-disguising performance is affected by bar size β. The knee point appears when β = 3, which means that fast matrix disguising is slower than random matrix disguising only when the bar size is smaller than 3.

    4. Securing cooperative spectrum sensing against ISSDF attack using dynamic trust evaluation in cognitive radio networks

      Jingyu Feng, Yuqing Zhang, Guangyue Lu and Wenxiu Zheng

      Article first published online: 3 MAR 2015 | DOI: 10.1002/sec.1240

      Thumbnail image of graphical abstract

      Cooperative spectrum sensing (CSS) is being threatened by the spectrum-sensing data falsification attack (SSDF attack). In this paper, we argue that powering CSS with traditional trust schemes is not enough. The intermittent SSDF attack (ISSDF attack) is found in this paper. To defend against ISSDF attack for CSS, a novel-trust scheme using dynamic evaluation is proposed. Simulation results show that this scheme can successfully reduce the power of ISSDF and thus can ensure the performance of CSS.

    5. SQLPIL: SQL injection prevention by input labeling

      Wes Masri and Sam Sleiman

      Article first published online: 3 MAR 2015 | DOI: 10.1002/sec.1199

      Thumbnail image of graphical abstract

      This paper presents SQLPIL; an effective, light, and fully automated tool that leverages prepared statements to prevent SQL injection attacks at runtime. Given a Java program in which SQL queries are built as strings, SQLPIL dynamically transforms the strings into secure prepared statements right before their execution; thus, guaranteeing that malicious input will always be treated as data and never as SQL commands. Out empirical results exhibited no false alarms when applied on typical applications, and the runtime cost was acceptable.

  14. Special Issue Papers

    1. A secure energy-efficient access control scheme for wireless sensor networks based on elliptic curve cryptography

      Yuanyuan Zhang, Neeraj Kumar, Jianhua Chen and Joel J.  P.  C. Rodrigues

      Article first published online: 19 FEB 2015 | DOI: 10.1002/sec.1230

      Thumbnail image of graphical abstract

      Recently, Chi et al. proposed an improved energy-efficient access-control scheme for wireless sensor networks based on elliptic curve cryptography. In this article, we point out that their scheme cannot withstand the replay attack. And there is a flaw in their scheme. To surmount the weakness of the Chi et al. scheme, we propose a secure energy-efficient access-control scheme for wireless sensor networks based on elliptic curve cryptography. In addition, we prove that our scheme is secure and efficient.

  15. Research Articles

    1. 3S: three-signature path authentication for BGP security

      Yaping Liu, Wenping Deng, Zhihong Liu and Feng Huang

      Article first published online: 18 FEB 2015 | DOI: 10.1002/sec.1227

      Thumbnail image of graphical abstract

      We propose a three-signature path authentication (3S) scheme to improve the performance of path authentication. We first introduce the concept of " virtual AS," to reflect a cluster of prefixes that are announced along with a common path/sub-path. Then we aggregate those prefixes into an atom and only need to sign the first route announcement of a virtual AS instead of single prefixes; thus, it can reduce the number of cryptographic operations significantly. We evaluate the performance of 3S scheme in both theoretical and experimental ways; the results have shown that our proposed scheme is more efficient yet without losing security capabilities as existing methods such as S-BGP and BGPsec.

    2. Identity-based universal re-encryption for mixnets

      Habib Allah Yajam, Javad Mohajeri and Mahmoud Salmasizadeh

      Article first published online: 18 FEB 2015 | DOI: 10.1002/sec.1226

      Thumbnail image of graphical abstract

      In a conventional re-encryption cryptosystem, re-encryption is permitted only for a party who has access to the public key corresponding to a given ciphertext. However, in universal cryptosystems, no knowledge about the public key is necessary for performing re-encryption. In this paper, we generalize the definition of universal cryptosystems to ID-based cryptography and propose two provable secure ID-based universal cryptosystem schemes. The paper includes experimental results that demonstrate high performance of the schemes for practical purposes.

  16. Research Article

    1. Privacy preserving smartcard-based authentication system with provable security

      Jin Wook Byun

      Article first published online: 17 FEB 2015 | DOI: 10.1002/sec.1229

      Thumbnail image of graphical abstract

      In this paper, we suggest a new privacy preserving smartcard-based password authenticated key exchange with provable security. Only the user who has two secrets (smartcard and password) can go through authentication with key exchange while concealing its identifier from outsider adversaries.

  17. Research Articles

    1. Construction of resilient Boolean functions with high nonlinearity and good algebraic degree

      Lu-Yang Li and Wei-Guo Zhang

      Article first published online: 17 FEB 2015 | DOI: 10.1002/sec.1218

      Thumbnail image of graphical abstract

      In this paper, two construction methods are proposed to obtain resilient Boolean functions with high nonlinearity and good algebraic properties. It is shown that a class of resilient functions with high algebraic degree and currently best known nonlinearity can be constructed by using our technique. The algebraic immunity of the constructed functions is also analyzed.

  18. Special Issue Papers

    1. Toward a flexible and fine-grained access control framework for infrastructure as a service clouds

      Bo Li, Jianxin Li, Lu Liu and Chao Zhou

      Article first published online: 17 FEB 2015 | DOI: 10.1002/sec.1216

      Thumbnail image of graphical abstract

      A flexible and fine-grained access control framework, named IaaS-oriented Hybrid Access Control (iHAC), is proposed in this paper. iHAC designs a permission transition model to dynamically assign permissions to virtual machines and regulates the behaviors of virtual machines in a fine-grained manner.

    2. A new authentication protocol for healthcare applications using wireless medical sensor networks with user anonymity

      Xiong Li, Jianwei Niu, Saru Kumari, Junguo Liao, Wei Liang and Muhammad Khurram Khan

      Article first published online: 16 FEB 2015 | DOI: 10.1002/sec.1214

      Thumbnail image of graphical abstract

      This paper points out some security flaws the authentication protocol of He et al.s for healthcare applications using wireless medical sensor networks. Besides, a new three-factor user-anonymous authentication protocol based on wireless medical sensor networks is proposed. Some security analysis and comparisons are done to illustrate the efficiency and security of the protocol.

  19. Research Article

    1. Modeling and verification of trust and reputation systems

      Alessandro Aldini

      Article first published online: 16 FEB 2015 | DOI: 10.1002/sec.1220

      Thumbnail image of graphical abstract

      The proposed approach combines a process algebraic architectural description language with a mathematical paradigm for trust modeling in a framework subsuming a unifying formal semantics on which model checking techniques can be applied to verify trust properties described in a trust temporal logic.

  20. Research Articles

    1. A new unpredictability-based radio frequency identification forward privacy model and a provably secure construction

      Anjia Yang, Kaitai Liang, Yunhui Zhuang, Duncan S. Wong and Xiaohua Jia

      Article first published online: 13 FEB 2015 | DOI: 10.1002/sec.1208

      Thumbnail image of graphical abstract

      This paper proposes a provably secure unpredictability-based forward privacy model for radio frequency identification authentication system. It also presents an radio frequency identification protocol that is proved to be secure under the proposed model.

  21. Special Issue Paper

    1. Constructing authentication web in cloud computing

      Gansen Zhao, Zhongjie Ba, Xinming Wang, Feng Zhang, Changqin Huang and Yong Tang

      Article first published online: 13 FEB 2015 | DOI: 10.1002/sec.1202

      Thumbnail image of graphical abstract

      This work proposes a cross-domain single sign-on mechanism. It allows service providers to verify user identities in a decentralized way and allows users to unify their identities from various domains in a safe way. The verification process used in this mechanism is able to support hybrid authentication protocols as well as to accelerate the verification of credentials by eliminating single point of failure and single-point bottleneck.

  22. Special Issue Papers

    1. An intrusion detection method for wireless sensor network based on mathematical morphology

      Yanwen Wang, Xiaoling Wu and Hainan Chen

      Article first published online: 11 FEB 2015 | DOI: 10.1002/sec.1181

      Thumbnail image of graphical abstract

      In this paper, " An intrusion detection method for wireless sensor network based on mathematical morphology" written by Yanwen Wang, Xiaoling Wu* and Hainan Chen, an innovative method called Granulometric Size Distribution (GSD) method is proposed based on mathematical morphology for detecting malicious attack in IoTs. GSD clusters are successfully generated to monitor the number of active nodes in a wireless sensor network because the GSD curves are similar when the number of active nodes in a wireless sensor network isfixed.

  23. Research Articles

    1. Intrusion detection techniques for mobile cloud computing in heterogeneous 5G

      Keke Gai, Meikang Qiu, Lixin Tao and Yongxin Zhu

      Article first published online: 11 FEB 2015 | DOI: 10.1002/sec.1224

      Thumbnail image of graphical abstract

      This paper proposes a high level framework of using mobile cloud-computing-based Intrusion Detection Systems (IDSs) on mobile applications. The types of IDS are reviewed and synthesized by this paper. Connecting mobile cloud computing platform with IDS techniques is an efficient approach for securing mobile apps in 4G/5G.

    2. On the security of a lightweight authentication and encryption scheme for mobile ad hoc network

      Wun-She Yap, Joseph K. Liu, Syh-Yuan Tan and Bok-Min Goi

      Article first published online: 10 FEB 2015 | DOI: 10.1002/sec.1234

      Thumbnail image of graphical abstract

      In 2011, Eissa, Razak and Ngadi proposed a lightweight authentication and encryption scheme to enhance the performance for mobile ad hoc network (MANET). This paper shows the security weaknesses of their proposed scheme and explains the reasons why such scheme does not solve the challenging issues faced by MANET.

    3. Cryptanalysis and provable improvement of a chaotic maps-based mobile dynamic ID authenticated key agreement scheme

      Hongfeng Zhu

      Article first published online: 10 FEB 2015 | DOI: 10.1002/sec.1225

      Thumbnail image of graphical abstract

      The paper firstly shows that Lin's scheme cannot resist many attacks. Then we firstly proposed an attack method called XOR with pad operation leaking attack, which can lead to the worst case scenario: an adversary can get the session key without being detected. Finally, we proposed an improved protocol with provable security under the random oracle model. Compared with previous related works, the improved protocol not only can withstand existential active attacks but also has better computational efficiency.

    4. Truncated differential cryptanalysis of PRINCE

      Guangyao Zhao, Bing Sun, Chao Li and Jinshu Su

      Article first published online: 10 FEB 2015 | DOI: 10.1002/sec.1213

      Thumbnail image of graphical abstract

      We exploit some new vulnerabilities of PRINCE and apply truncated differential cryptanalysis to it. There exist 5-round and 6-round (out of 12 rounds) truncated differential distinguishers, and we can introduce a key recovery attack on 7-round PRINCEinline image using two 5-round distinguishers.

    5. Why we hate IT: two surveys on pre-generated and expiring passwords in an academic setting

      Michael Farcasin and Eric Chan-tin

      Article first published online: 10 FEB 2015 | DOI: 10.1002/sec.1184

      Thumbnail image of graphical abstract

      We performed two surveys to understand how members of a university managed their passwords when the university offered four pre-generated random passwords or the option for users to create their own subject to stringent requirements. We found that most respondents chose to create their own password and utilized coping strategies that undermined the security of the requirements. We also attempt to connect these behaviors to respondents' other password habits and demographics and analyzed participant comments.

  24. Special Issue Papers

    1. You have free access to this content
      Universal steganography model for low bit-rate speech codec

      Shanyu Tang, Qing Chen, Wei Zhang and Yongfeng Huang

      Article first published online: 10 FEB 2015 | DOI: 10.1002/sec.1183

      Thumbnail image of graphical abstract

      The authors proposed a universal VoIP steganography model for covert communications using low bit-rate speech codec that uses the PESQ deterioration rate and the decoding error to automatically choose a data embedding algorithm for each VoIP bitstream. With the proposed model, it achieved the average PESQ deterioration rate of 4.04% (indicating strong imperceptibility) and a high data hiding capacity up to 12 bits/frame (400 bits/second, three times larger than other methods), and could effectively resist the latest steganalysis.

  25. Research Articles

    1. One-time identity–password authenticated key agreement scheme based on biometrics

      Hongfeng Zhu

      Article first published online: 10 FEB 2015 | DOI: 10.1002/sec.1182

      Thumbnail image of graphical abstract

      The paper firstly proposed a new concept of one-time identity–password, which means identity and password can be used only once. Then, we present a provably secure and flexible one-time identity–password authenticated key agreement scheme based on biometrics. The core ideas of our scheme are features of security and efficiency in the mobile device and server's side and feature of user friendly for the user's side. Through comparing with recently related work, our scheme has satisfactory security, efficiency, and functionality.

    2. Reducing energy consumption of mobile phones during data transmission and encryption for wireless body area network applications

      Chris DelBello, Kazi Raihan and Tao Zhang

      Article first published online: 9 FEB 2015 | DOI: 10.1002/sec.1223

      Thumbnail image of graphical abstract

      We aim to measure the energy consumption of a cellphone as it transmits and encrypts data in a WBAN scenario. We evaluated the impact of various design parameters in an effort to discover the ideal WBAN operational protocols. In conclusion, we recommend an optimal file size strategy, data communication network, and encryption algorithm that minimize energy consumption and enhance WBAN operation.

    3. A security framework for developing service-oriented software architectures

      Vahid Rafe and Ramin Hosseinpouri

      Article first published online: 9 FEB 2015 | DOI: 10.1002/sec.1222

      Thumbnail image of graphical abstract

      This research provides a secure framework through which to develop software based on the service-oriented architecture. The proposed framework has been modeled using the SoaML profile, which has been introduced for modeling service-oriented environments. The framework's security aspects have been tested by the modeling and specification language Alloy, which is based on the first-order logic. Its accuracy has also been well-investigated.

    4. Privacy enhancement in anonymous network channels using multimodality injection

      Mehran Alidoost Nia, Reza Ebrahimi Atani and Antonio Ruiz-Martínez

      Article first published online: 9 FEB 2015 | DOI: 10.1002/sec.1219

      Thumbnail image of graphical abstract

      In order to prevent network analysis attacks, we propose a scheme that implements a multimodal behavior using the random walk theory and crypto-types. The random walk is responsible for generating network patterns, and the crypto-type performs the micro-encryption tasks through the anonymous channel. The experiments we have developed indicate that the average rate of true detections of application behaviors made by intruders does not exceed 24%. Thus, this multimodal pattern gives a high level of immunity against network analysis attacks.

    5. A privacy preserving authentication scheme for roaming services in global mobility networks

      Gefei Zhang, Dan Fan, Yuqing Zhang, Xiaowei Li and Xuefeng Liu

      Article first published online: 9 FEB 2015 | DOI: 10.1002/sec.1209

      Thumbnail image of graphical abstract

      In this manuscript, we mentioned a new privacy-preserving authentication scheme for roaming services in Global Mobility Networks. The scheme takes advantage of well-known schemes, achieving all security requirements of anonymous authentication such as user anonymity, untraceability, and perfect forward secrecy. The scheme also avoids the weaknesses of current schemes. The security of our scheme is provable under the Elliptic Curve Diffie-Hellman assumption. Compared with existing anonymous authentication schemes, ours performs better in terms of computation cost and security.

    6. Guess who is listening in to the board meeting: on the use of mobile device applications as roving spy bugs

      Zahid Anwar and Waqas Ahmad Khan

      Article first published online: 9 FEB 2015 | DOI: 10.1002/sec.1205

      This work provides a demonstration of a dangerous espionage attack targeting smartphones whereby an attacker can, with the aid of an Android mobile platform application, make a call to the victim's phone and listen-in to the victim's surroundings transforming the mobile phone into a sophisticated covert listening device. It also proposes and evaluates a defense technique to detect and mitigate the attack where existing security mechanisms fall short.

    7. A novel low-complexity scheme for improving security of NLFG-based symmetric key cryptosystem using secure concatenated RS–QCLDPC code

      Celine Mary Stuart and Deepthi P. Pattathil

      Article first published online: 7 FEB 2015 | DOI: 10.1002/sec.1215

      Thumbnail image of graphical abstract

      A simple nonlinear filter generator-based cryptosystem is proposed to provide low delay with high security. Enhanced security is attained by embedding security in the channel encoder. The proposed efficient design of key-based dense scrambling matrix and permutation matrix greatly simplifies the hardware structure. The integrated system is designed in such a way that both nonlinear filter generator-based stream cipher and secure channel coder complement each other to overcome the cryptographic weakness with a low hardware cost.

    8. A realistic graph-based alert correlation system

      Ouissem Ben Fredj

      Article first published online: 7 FEB 2015 | DOI: 10.1002/sec.1190

      Thumbnail image of graphical abstract

      This paper introduces a graph-based attack description that comes with different analysis methods for alert correlation. The system encompasses an attack scenario detection method, an alert correlation method that recognizes multistep attacks, and a graph-based classification method to extract different properties of the attacks. The performance analysis shows that the system is real time and scalable.

    9. Detect repackaged Android application based on HTTP traffic similarity

      Xueping Wu, Dafang Zhang, Xin Su and WenWei Li

      Article first published online: 7 FEB 2015 | DOI: 10.1002/sec.1170

      Thumbnail image of graphical abstract

      We call the app that has been embedded additional code as embedded repackaged app, which causes security issues to Android users. To address the existing approaches' limitations, we first capture and parse the traffic generated by apps, and classify them into primary and non-primary module traffic set. Then we calculate the similarity of primary module and use the balanced vantage point tree comparison algorithm to detect them. Finally, we detected 266 embedded repackaged apps from 7619 Android apps.

    10. HIBaSS: hierarchical identity-based signature scheme for AMI downlink transmission

      Feng Ye, Yi Qian and Rose Qingyang Hu

      Article first published online: 5 FEB 2015 | DOI: 10.1002/sec.1217

      Thumbnail image of graphical abstract

      Sender authentication and message integrity are imperative to downlink transmission of advanced metering infrastructure in smart grid. A hierarchical identity-based signature scheme is proposed to protect the customers from forgery, manipulation and repudiation of the control messages. Taking advantage of the powerful computational ability in the control center, hierarchical identity-based signature is efficient enough to be applied in the advanced metering infrastructure downlink transmission.

  26. Special Issue Papers

    1. Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks

      Muhammad Altaf Khan, Shafiullah Khan, Bilal Shams and Jaime Lloret

      Article first published online: 4 FEB 2015 | DOI: 10.1002/sec.1204

      Thumbnail image of graphical abstract

      In this paper, we propose an artificial neural network (ANN)-based flood detection mechanism for wireless mesh network. In our simulation, sample dataset used to train and test the ANN is generated using NS-2. Simulation results and real system implementation proved that the proposed mechanism can be used in real network environment to detect intermediate and severe distributed flood attacks with low false positive and false negative rates.

    2. A robust and privacy-preserving aggregation scheme for secure smart grid communications in digital communities

      Shuai Fu, Jianfeng Ma, Hongtao Li and Qi Jiang

      Article first published online: 30 JAN 2015 | DOI: 10.1002/sec.1188

      Thumbnail image of graphical abstract

      We propose a privacy-preserving and secure multi-dimensional aggregation scheme for smart grid communications. Data authentication and integrity protection are performed and proved without disclosing any fine-grained user consumption data by integrating privacy homomorphism encryption with aggregation signature scheme. Security analysis and performance evaluation demonstrate that the proposed scheme can resist various security threats and preserve identity privacy while possessing significantly less communication overhead and computation cost than other existing approaches.

  27. Research Articles

    1. PaddyFrog: systematically detecting confused deputy vulnerability in Android applications

      Jianliang Wu, Tingting Cui, Tao Ban, Shanqing Guo and Lizhen Cui

      Article first published online: 30 JAN 2015 | DOI: 10.1002/sec.1179

      Thumbnail image of graphical abstract

      A novel system was proposed with code-level static analysis that was based on CFG construction of Android apps to analyze the applications and automatically detect possible confused deputy vulnerabilities. A new technique was adopted in building CFG inter-component and intra-component of Android apps. A detection algorithm was invented to reduce false positive ratio.

  28. Research Article

    1. A remote attestation protocol with Trusted Platform Modules (TPMs) in wireless sensor networks

      Hailun Tan, Wen Hu and Sanjay Jha

      Article first published online: 28 JAN 2015 | DOI: 10.1002/sec.1162

      Thumbnail image of graphical abstract

      This paper implements the remote attestation protocol with the hardware Trusted Platform Module. It can defend several memory-based attacks. In addition, we have provided the extensive evaluations for this protocol.

  29. Special Issue

    1. CDMCR: multi-level fault-tolerant system for distributed applications in cloud

      Weizhong Qiang, Changqing Jiang, Longbo Ran, Deqing Zou and Hai Jin

      Article first published online: 28 JAN 2015 | DOI: 10.1002/sec.1187

      Thumbnail image of graphical abstract

      A multi-level fault-tolerant system for distributed applications in cloud named CDMCR is presented. The CDMCR system backups the complete state of applications periodically with a snapshot-based distributed checkpointing protocol, including file system state. Thus, not only the processes can be recovered, but also the related data can be roll-backed. A multi-level recovery strategy is proposed, which includes process-level recovery, virtual machine recreation, and host rescheduling, enabling comprehensive and efficient fault tolerance for different components in cloud.

  30. Review Article

    1. Mathematical modeling of the propagation of malware: a review

      Angel Martín del Rey

      Article first published online: 28 JAN 2015 | DOI: 10.1002/sec.1186

      Thumbnail image of graphical abstract

      The majority of mathematical models proposed to simulate malware spreading are based on ordinary differential equations. These models do not take into account the individual characteristics of the devices and it is not possible to simulate the individual dynamic of the system. The use of models bases on cellular automata or agent-based models is proposed to overcome these drawbacks.

  31. Review Articles

    1. A survey on reversible watermarking techniques for relational databases

      Saman Iftikhar, M. Kamran and Zahid Anwar

      Article first published online: 28 JAN 2015 | DOI: 10.1002/sec.1196

      Thumbnail image of graphical abstract

      Distortion-based reversible watermarking techniques introduce less distortion in the underlying data and are highly robust against malicious attacks. Distortion-free fragile watermarking techniques introduce zero distortion in the underlying data and are not robust against malicious attacks. Distortion-free robust watermarking techniques introduce zero distortion in the underlying data and are less robust against malicious attacks.

  32. Research Article

    1. A general two-party bi-input private function evaluation protocol

      Yi Sun and Qiaoyan Wen

      Article first published online: 28 JAN 2015 | DOI: 10.1002/sec.1197

      Thumbnail image of graphical abstract

      In this paper, we further consider a general case, two-party bi-input private function evaluation, where P1 holds a private input x while P2 holds a private input y as well as the circuit Cf, and their goal is to securely compute Cf(x,y) without revealing x, y, and Cf.

  33. Special Issue Paper

    1. SAKE: scalable authenticated key exchange for mobile e-health networks

      Weiran Liu, Jianwei Liu, Qianhong Wu, Willy Susilo, Hua Deng and Bo Qin

      Article first published online: 28 JAN 2015 | DOI: 10.1002/sec.1198

      Thumbnail image of graphical abstract

      We model Mobile e-Health Networks (MHN) and formalize a hierarchical network architecture mirroring MHNs in the real world. We present a virtual MHN architecture and propose an efficient authenticated key exchange framework based on the virtual MHN architecture to secure MHNs. Theoretical analyses and experimental results show that scalable authenticated key exchange is secure and scalable, and hence is practical for MHNs.

  34. Research Articles

    1. A framework for protecting personal information and privacy

      Hongying Zheng, Quan Yuan and Jianyong Chen

      Article first published online: 26 JAN 2015 | DOI: 10.1002/sec.1212

      Thumbnail image of graphical abstract

      A privacy protection model is proposed to evaluate property risk of users. Sensitivity of the property and requester's level of assurance are taken into account. Sensitivity of the property can be effectively evaluated by expectation-maximization algorithm.

    2. A second preimage attack on zipper hash

      Shiwei Chen and Chenhui Jin

      Article first published online: 26 JAN 2015 | DOI: 10.1002/sec.1210

      Thumbnail image of graphical abstract

      In this paper, we develop a new technique called inverse-diamond structure, which starts from one fixed point and ends with many points to guarantee that the corresponding message blocks in the two passes be identical. Then, combining the multicollision, with the expandable message and the inverse-diamond structure together, we present a second preimage attack on zipper hash, which is the first valid result of the second preimage attack on it.

    3. Differential fault attack on Zorro block cipher

      Danping Shi, Lei Hu, Ling Song and Siwei Sun

      Article first published online: 26 JAN 2015 | DOI: 10.1002/sec.1207

      Thumbnail image of graphical abstract

      We propose a differential fault attack on block cipher Zorro, which is presented at the CHES 2013 conference. With two fault injections in the 20th round, a candidate set for the key with at most224 elements can be efficiently obtained in a low time complexity with a probability of at least 96.29%. In this attack, the position of the fault can be easily determined by the difference of the correct and the faulty ciphertexts.

    4. Improved Biba model based on trusted computing

      Gang Liu, Jing Zhang, Jinhui Liu and Yuan Zhang

      Article first published online: 26 JAN 2015 | DOI: 10.1002/sec.1201

      Thumbnail image of graphical abstract

      Biba model is hard to implement because the rules are too strict to meet the flexibility of system. To enhance the flexibility, the low-water-mark policy based on Biba model is proposed by supporting the dynamic change of subject tags. However, the biggest drawback of low-water-mark policy is that the integrity level of the subjects in a system decreases monotonously, which results that some subjects cannot access most of the objects and the system life cycle is cut down. An improved model is proposed based on the Biba model, which not only describes the infection degree of subjects by separating the subject into uninfected and infected subjects and introducing the confidence interval but also reduces the decline rate of integrity level of the subject and prolongs the life time cycle by adopting trusted computing to adjust subject tags. Theory analysis and experiment show that the improved model enhances the availability of system.

    5. New efficient batch verification for an identity-based signature scheme

      Jung Yeon Hwang, Doo Ho Choi, Hyunsook Cho and Boyeon Song

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1194

      Thumbnail image of graphical abstract

      We propose a new efficient batch verifier for an identity-based signature (IBS) scheme. We also prove formally that the proposed batch verifier is secure. Then, we analyze the computation cost of the proposed batch verifier using concrete parameters and compare it with well-known batch verifiers. The comparison shows that our batch verifier can significantly outperform the existing batch verifiers of IBS schemes in terms of computation.

  35. Special Issue Papers

    1. A formal analysis of Trusted Platform Module 2.0 hash-based message authentication code authorization under digital rights management scenario

      Fajiang Yu, Huanguo Zhang, Bo Zhao, Juan Wang, Liqiang Zhang, Fei Yan and Zhenlin Chen

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1193

      Thumbnail image of graphical abstract

      The authors use the typed pi calculus to describe the Trusted Platform Module (TPM) 2.0 hash-based message authentication code authorization and its security properties under the digital rights management scenario, and use ProVerify to reason that the key handle manipulation attack for TPM 1.2 does not exist anymore in TPM 2.0. But the vulnerability of key blob substitution still exists in TPM 2.0.

  36. Research Articles

    1. Analysis of the information theoretically secret key agreement by public discussion

      Qiuhua Wang, Xiaojun Wang, Qiuyun Lv, Xueyi Ye, Yi Luo and Lin You

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1192

      Thumbnail image of graphical abstract

      This contribution analyzes the restrictive relationship among three phases of the information theoretically secret key agreement by public discussion. In this paper, the Winnow protocol is analyzed in detail for the first time, and the mutual restrictive relationship between the parameters of the advantage distillation phase and the information reconciliation phase is also presented. The selection of parameters in advantage distillation and information reconciliation phases to maximize the total secret key agreement efficiency is further addressed.

    2. PDA: a privacy-preserving dual-functional aggregation scheme for smart grid communications

      Chen Li, Rongxing Lu, Hui Li, Le Chen and Jie Chen

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1191

      Thumbnail image of graphical abstract

      A privacy-preserving dual functional aggregation (PDA) scheme for smart grid communication is proposed in this paper. The proposed PDA scheme can not only protect users' private data from detecting by a CPA, but also achieve dual functional aggregation. To the best of our knowledge, PDA is the first dual functional aggregation scheme from lattice, and compared with previous single function aggregation schemes, PDA is low in both computation cost and communication overhead.

  37. Special Issue Papers

    1. An approach of security testing for third-party component based on state mutation

      Jinfu Chen, Jiamei Chen, Rubing Huang, Yuchi Guo and Yongzhao Zhan

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1189

      Thumbnail image of graphical abstract

      In this paper, two test cases generation algorithms are proposed on the basis of state mutation and extended finite state machine, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third-party components, and then, testing report of component security is obtained.

  38. Research Articles

    1. RAND - STEG: an integer wavelet transform domain digital image random steganography using knight's tour

      V. Thanikaiselvan and P. Arulmozhivarman

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1185

      Thumbnail image of graphical abstract

      In this paper, a new steganography method with constant bit embedding and adaptive bit embedding in Haar Integer Wavelet Transform domain is proposed. The adaptive bit embedding provides more security than the constant bit embedding. Multiple security is ensured by formulating Knight's Tour algorithm for random traversing and selecting the order of sub-bands to provide high capacity, security, and robustness.

    2. A resilient identity-based authenticated key exchange protocol

      Ibrahim Elashry, Yi Mu and Willy Susilo

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1172

      Thumbnail image of graphical abstract

      We present a new security notion for key exchange (KE) protocols called resiliency. That is, if a shared secret between two parties P1 and P2 is compromised or leaked, they can generate another completely new shared secret without the need to set up a new KE session. We present an identity-based authenticated KE protocol that satisfies the resiliency security property.

    3. An enhanced authentication protocol for WRANs in TV white space

      Cong Wang, Maode Ma and Zenghua Zhao

      Article first published online: 23 JAN 2015 | DOI: 10.1002/sec.1171

      Thumbnail image of graphical abstract

      The drawbacks of the authentication protocol in IEEE 802.22 standard has been explored followed by the presentation of the proposed enhanced authentication protocol (ECA). The ECA protocol has been evaluated in terms of security functionality and the performance.

    4. New packing method in somewhat homomorphic encryption and its applications

      Masaya Yasuda, Takeshi Shimoyama, Jun Kogure, Kazuhiro Yokoyama and Takeshi Koshiba

      Article first published online: 12 JAN 2015 | DOI: 10.1002/sec.1164

      Thumbnail image of graphical abstract

      New packing method in somewhat homomorphic encryption and its applicationsMasaya Yasuda, Takeshi Shimoyama, Jun Kogure, Kazuhiro Yokoyama and Takeshi Koshiba The figure shows an overview of our secure protocol for privacy-preserving biometric authentication by homomorphic encryption.

    5. A test of intrusion alert filtering based on network information

      Teodor Sommestad and Ulrik Franke

      Article first published online: 9 JAN 2015 | DOI: 10.1002/sec.1173

      Thumbnail image of graphical abstract

      This paper presents a test of 18 filters that use static properties of a computer network (e.g., its software vulnerabilities) to reduce the number of false alarms produced by a signature-based intrusion detection system. None of the filters are able to increase precision without significantly reduced recall.

    6. Three-phase behavior-based detection and classification of known and unknown malware

      Ying-Dar Lin, Yuan-Cheng Lai, Chun-Nan Lu, Peng-Kai Hsu and Chia-Yin Lee

      Article first published online: 8 JAN 2015 | DOI: 10.1002/sec.1148

      Thumbnail image of graphical abstract

      We propose a three-phase behavior-based malware detection and classification approach, with a faster detector in the first phase to filter most samples, a slower detector in the second phase to observe remaining ambiguous samples, and then a classifier in the third phase to recognize their malware type. The hybrid two-phase detection scheme outperforms the one-phase schemes and achieves 3.6% in false negative and 6.8% in false positive. The third-phase classifier also distinguishes the known-type malware with an accuracy of 85.8%.

    7. Embedded Systems Security: A Survey of EU Research Efforts

      Charalampos Manifavas, Konstantinos Fysarakis, Alexandros Papanikolaou and Ioannis Papaefstathiou

      Article first published online: 23 DEC 2014 | DOI: 10.1002/sec.1151

      Thumbnail image of graphical abstract

      Embedded systems security is a recurring theme in current research efforts, brought in the limelight by the wide adoption of ubiquitous devices. This paper provides an overview of recent EU research efforts pertaining to embedded systems security, where several prominent security issues and the respective proposed approaches are presented. From this survey, certain patterns emerge regarding the issues investigated and the technologies researchers focus on, in order to address the said issues.

    8. Visualizing web server attacks: patterns in PHPIDS logs

      Mansour Alsaleh, Abdulrahman Alarifi, Abdullah Alqahtani and AbdulMalik Al-Salman

      Article first published online: 22 DEC 2014 | DOI: 10.1002/sec.1147

      Thumbnail image of graphical abstract

      This paper presents a visualization extension for PHPIDS that analyzes PHPIDS logs, correlates the logs with the corresponding web server logs, and plots the security-related events. Our usage of security data visualization is motivated by the fact that most security defense systems are mainly based on text-based logs for recording security-related events, which are difficult to analyze and correlate.

    9. Certificateless online/offline signcryption scheme

      Jiguo Li, Jingjing Zhao and Yichen Zhang

      Article first published online: 21 DEC 2014 | DOI: 10.1002/sec.1146

      Thumbnail image of graphical abstract

      In this paper, we propose a new certificateless online/offline signcryption scheme, which overcomes the key escrow problem in ID-based settings. Our scheme is very efficient, which transfers the pairing operation from an online phase to an offline phase and leaves the slight operations to be carried out during the online phase. Moreover, we prove the scheme's security under q-mBDHI, CDH and q-CAA assumptions in a random oracle model. The proposed scheme has potential application in various lower-power devices with limited computational power, such as smart cards.

    10. Robust mitigation of selfish misbehavior in wireless networks

      Sina Khoshabi Nobar and Javad Musevi Niya

      Article first published online: 21 DEC 2014 | DOI: 10.1002/sec.1141

      Thumbnail image of graphical abstract

      This paper introduces a modification to IEEE 802.11 MAC layer, which reduces the cheating possibility of the selfish node. In proposed method, next transmitter is selected by current receiver and announced to neighbor nodes. The specified transmitter starts its transmission immediately after current transmission regardless of its backoff value. Main advantages of the proposed method over existing ones are its capability to mitigate various selfish misbehaviors, robustness against adaptive selfish strategies, and high resiliency against aggressive selfish node.

    11. An efficient single unit T-box/T−1-box implementation for 128-bit AES on FPGA

      Dur-e-Shahwar Kundi, Arshad Aziz and Majida Kazmi

      Article first published online: 19 DEC 2014 | DOI: 10.1002/sec.1138

      Thumbnail image of graphical abstract

      In this paper, we present an area efficient Block RAM (BRAM)-based single unit design of T-box/T−1-box on a Field Programmable Gate Array (FPGA) for combined Advanced Encryption Standard (AES) encryption and decryption. Our proposed design uses single symmetric T-box/T−1-box table with the same set of single resource-shared hardware for both the encryptor and decryptor and at the same time performs eight look-up operations from single BRAM in one clock cycle using efficient BRAM switching technique instead of using multirated clocking. Our complete 128-bit symmetric T-box/T−1-box design fits into just 2 BRAMs and 136 Slices. It occupies lowest area reported to date with 50% power saving and highest Throughput Per Slice (TPS) of 10.77.

    12. Secure chaotic maps-based authenticated key agreement protocol without smartcard for multi-server environments

      Jia-Lun Tsai and Nai-Wei Lo

      Article first published online: 19 DEC 2014 | DOI: 10.1002/sec.1145

      Thumbnail image of graphical abstract

      In this study, a new chaotic maps-based authenticated key agreement protocol is first proposed for multi-server environments. A trusted third party, called the registration center (RC), is introduced in our protocol. Once a legal user has registered with the RC, this user can log into any server with only one memorable password in a multi-server environment as long as the user has been granted access rights in advance.

    13. Conference key establishment protocol using a multivariate polynomial and its applications

      Lein Harn and Guang Gong

      Article first published online: 19 DEC 2014 | DOI: 10.1002/sec.1143

      Thumbnail image of graphical abstract

      Users can use their shares obtained from a key generation center (KGC) to non-interactively establish conference keys consisting of different users.

    14. Role mining based on permission cardinality constraint and user cardinality constraint

      Xiaopu Ma, Ruixuan Li, Hongwei Wang and Huaqing Li

      Article first published online: 16 DEC 2014 | DOI: 10.1002/sec.1177

      Thumbnail image of graphical abstract

      This paper proposes a role mining algorithm to generate roles based on permission cardinality constraint and user cardinality constraint through computing the similarity between roles in the process of merging roles. It can decrease the cost of role assignment greatly because the role state is optimized by the algorithm in accordance to the global structure complexity value based on the original role state.

    15. Secret key generation exploiting Ultra-wideband indoor wireless channel characteristics

      Jingjing Huang and Ting Jiang

      Article first published online: 16 DEC 2014 | DOI: 10.1002/sec.1178

      Thumbnail image of graphical abstract

      A block diagram of the proposed mechanism using multipath relative delay of UWB channels is exploited to generate secret keys. A statistical characterization of UWB channels for a Chinese residential scenario is studied to simulate the proposed scheme. Simulation results demonstrate that our mechanism can achieve better performance in terms of common secret bit generation compared with the conventional method using RSS, and the number of multipath proportionally affects key generation rate and key-mismatch probability.

    16. Joint anti-attack scheme for channel assignment in multi-radio multi-channel wireless mesh networks

      Jun Tao, Limin Zhu, Le Chang, Jin Liu, Xiaoxiao Wang and Yaodan Hu

      Article first published online: 10 DEC 2014 | DOI: 10.1002/sec.1176

      Thumbnail image of graphical abstract

      In HYA-JAS, we use the CHNL_USAGE verification module before processing to prevent a channel usage message attack and the CHNL_CHANGE verification module to defend a channel change message attack. Moreover, the channel scan verification is also designed to detect a channel switch operation attack. Then, the filtering module is exploited in the system to record the bad reputation value of the malicious nodes in order to protect channel assignment against the continuous attacks.

    17. Detection of seam carving-based video retargeting using forensics hash

      Wei Fei, Yang Gaobo, Li Leida, Xia Ming and Zhang Dengyong

      Article first published online: 24 NOV 2014 | DOI: 10.1002/sec.1158

      Thumbnail image of graphical abstract

      An active forensics approach is proposed for seam carving-based video retargeting. The forensics hash is built by extracting the invariant Speeded-up Robust Feature points from every spatio-temporal image and establishing matching surface. From the relative position change of neighboring matching surfaces, the exact amount and rough locations of deleted seam carving surfaces can be obtained. Moreover, the forensics hash is of good robustness, scalability, and compactness.

    18. An effective behavior-based Android malware detection system

      Shihong Zou, Jing Zhang and Xiaodong Lin

      Article first published online: 21 NOV 2014 | DOI: 10.1002/sec.1155

      Thumbnail image of graphical abstract

      In this paper, we propose a behavior-based malware detection system. Firstly, it uses Android APIs and libc (Bionic libc) function calls along with their arguments to describe sensitive application behaviors. Secondly, it conducts behavior analysis and malware detection using machine learning techniques, including Support Vector Machine, Naive Bayes, and Decision Tree. The experimental results show that our system can effectively detect Android malware.

    19. Multi-document threshold signcryption scheme

      Chien-Hua Tsai and Pin-Chang Su

      Article first published online: 14 NOV 2014 | DOI: 10.1002/sec.1169

      Thumbnail image of graphical abstract

      This paper proposes a secure and efficient threshold signcryption scheme, which incorporates both the digital signature and encryption techniques with the properties of secret splitting for multi-document transmission based on the elliptic curve discrete logarithm problem, the dynamic knapsack public key cryptosystem, and the Chinese remainder theorem difficulties. The scheme can be seen as a combination of diverse domains and is hence a strong safety countermeasure for data transmission.

  39. Special Issue Papers

    1. Matrix embedding in multicast steganography: analysis in privacy, security and immediacy

      Weiwei Liu, Guangjie Liu and Yuewei Dai

      Article first published online: 14 NOV 2014 | DOI: 10.1002/sec.1168

      Thumbnail image of graphical abstract

      In this paper, the general model of multicast steganography is presented, and the newly spawned problems are discussed including the intergroup privacy, extended embedding efficiency and information retrieval immediacy. Synchronous and asynchronous multicast matrix embedding frameworks are also given respectively.

  40. Research Articles

    1. Anonymous and provably secure certificateless multireceiver encryption without bilinear pairing

      SK Hafizul Islam, Muhammad Khurram Khan and Ali M. Al-Khouri

      Article first published online: 14 NOV 2014 | DOI: 10.1002/sec.1165

      Thumbnail image of graphical abstract

      We presented a certificateless multireceiver encryption scheme without pairing and map-to-point hash function. The proposed scheme resists the chosen ciphertext attack and provides forward secrecy, backward secrecy, and low computation costs than others. The proposed scheme achieves message confidentiality, receiver anonymity, and provable security in the random oracle model based on the hardness of computational Diffie–Hellman problem.

    2. A collusion attack on asymmetric group key exchange

      Jikai Teng and Chuankun Wu

      Article first published online: 14 NOV 2014 | DOI: 10.1002/sec.1163

      Thumbnail image of graphical abstract

      This paper presents a collusion attack on the generic construction of asymmetric group key agreement proposed in Eurocrypt 2009. It is formally proved that none of the colluders is able to be traced. Therefore, the proposed attack can be applied to all asymmetric group key agreement protocols under the generic construction proposed in Eurocrypt 2009.

    3. New method of key-dependent message security for asymmetric encryption

      Qiqi Lai, Yupu Hu, Yuan Chen, Baocang Wang and Fenghe Wang

      Article first published online: 14 NOV 2014 | DOI: 10.1002/sec.1160

      Thumbnail image of graphical abstract

      We present a new method of constructing a key-dependent message (KDM) secure asymmetric encryption scheme with the notation of hybrid encryption in the standard model. Our result can also be seen as a partial instantiation for a previously well-known KDM secure asymmetric encryption scheme based on random oracle. And our result indicates a new cryptographic application for the primitive of lossy trapdoor function.

    4. Weaknesses of fingerprint-based mutual authentication protocol

      Pablo Picazo-Sanchez, Lara Ortiz-Martin, Pedro Peris-Lopez and Nasour Bagheri

      Article first published online: 13 NOV 2014 | DOI: 10.1002/sec.1161

      Thumbnail image of graphical abstract

      The design of Radio Frequency IDentification authentication protocols is still an open problem. We present a new protocol, called Fingerprint+ protocol. Our proposal is based on ISO/IEC 9798-2 and ISO/IEC 18000-6C standards.

    5. Certificateless aggregate signature with efficient verification

      Yu-Chi Chen, Raylin Tso, Masahiro Mambo, Kaibin Huang and Gwoboa Horng

      Article first published online: 13 NOV 2014 | DOI: 10.1002/sec.1166

      Thumbnail image of graphical abstract

      Aggregate signature provides an efficient way to verify many signatures. In this paper, we simplify the relation of security definitions of certificateless signature and certificateless aggregate signature (CLAS). Then, a new CLAS scheme is proposed, which leads to the advantages of both certificateless cryptography and aggregate signature.

  41. Special Issue Papers

    1. Mobile middleware platform for secure vessel traffic system in IoT service environment

      Namje Park and Hyo-Chan Bang

      Article first published online: 10 NOV 2014 | DOI: 10.1002/sec.1108

      Thumbnail image of graphical abstract

      This paper suggests, based on the basic service model and protocol provided in the recommendation V-145, the implementation of the Jeju-VTS middleware will facilitate exchange of information on sea traffic. This paper developed a system enabling IVEF service simulation under an Internet of Things environment made possible by improving IVEF software development kit, which is an open source.

  42. Research Articles

    1. Improved conditional differential cryptanalysis

      Kai Zhang, Jie Guan and Xuliang Fei

      Article first published online: 3 NOV 2014 | DOI: 10.1002/sec.1144

      Thumbnail image of graphical abstract

      Key findings:

      1. Propose an improved conditional differential cryptanalysis method.
      2. Propose a new definition “Free Diffusion Degree” to select the differential path.
      3. Apply the improved conditional differential cryptanalysis on QUARK family ciphers, including later proposed C-QUARK.
    2. Rashnu: a Wi-Fi intrusion response scheme

      S. Mobarakeh Moosavirad, Peyman Kabiri and Hamidreza Mahini

      Article first published online: 30 OCT 2014 | DOI: 10.1002/sec.1153

      Thumbnail image of graphical abstract

      One of the most important vulnerabilities of IEEE 802.11x wireless networks is sending the management packets on unencrypted channels, and this paper aims at improving this important point. The reported work proposes a third-party wireless intrusion response scheme called Rashnu to deal with man-in-the-middle and evil twin attacks.

  43. Review Articles

    1. CAPTCHA and its Alternatives: A Review

      Mohammad Moradi and MohammadReza Keyvanpour

      Article first published online: 30 OCT 2014 | DOI: 10.1002/sec.1157

      Thumbnail image of graphical abstract

      In this paper, in addition to propose new classifications for categorizing different types of Completely Automatic Public Turing test to tell Computers and Humans Apart (CAPTCHAs) and their alternative solutions, the recent advancements and issues in the field were reviewed. Moreover, by presenting several measures, CAPTCHAs and these alternatives have been evaluated.

  44. Research Articles

    1. Differentially private client-side data deduplication protocol for cloud storage services

      Youngjoo Shin and Kwangjo Kim

      Article first published online: 30 OCT 2014 | DOI: 10.1002/sec.1159

      Thumbnail image of graphical abstract

      We propose a differentially private client-side deduplication protocol for cloud storage systems. The proposed protocol allows efficient data deduplication while reducing the risk of information leakage. Its security can be strongly guaranteed according to the definition of differential privacy.

SEARCH

SEARCH BY CITATION