Security and Communication Networks

Cover image for Vol. 8 Issue 10

Early View (Online Version of Record published before inclusion in an issue)

Edited By: Hsiao-Hwa Chen and Hamid R. Sharif

Impact Factor: 0.433

ISI Journal Citation Reports © Ranking: 2013: 66/78 (Telecommunications); 116/135 (Computer Science Information Systems)

Online ISSN: 1939-0122

  1. Research Articles

    1. LAWRA: a layered wrapper feature selection approach for network attack detection

      Sangeeta Bhattacharya and Subramanian Selvakumar

      Article first published online: 26 MAY 2015 | DOI: 10.1002/sec.1270

      Thumbnail image of graphical abstract

      LAWRA, a clustering-based layered wrapper feature selection approach, has been proposed for selecting appropriate features for attack detection. LAWRA uses two external cluster validity indices, F-measure and Fowlkes-Mallows index, for feature selection. F-measure and Fowlkes–Mallows index are the harmonic and geometric mean of precision and recall, respectively. LAWRA has been compared with the existing approaches using different classifiers on NSL-KDD dataset. The results show that LAWRA gives better overall accuracy and F-measure value than the other approaches.

    2. MOSKG: countering kernel rootkits with a secure paging mechanism

      Guanglu Yan, Senlin Luo, Fan Feng, Limin Pan and Qamas Gul Khan Safi

      Article first published online: 26 MAY 2015 | DOI: 10.1002/sec.1282

      Thumbnail image of graphical abstract

      We presented a secure paging mechanism (which is in the memory protector) to protect the critical kernel data in the guest virtual machine (VM) from dynamic kernel object manipulation and page mapping attack.

      Based on the secure paging mechanism, we proposed an external and transparent architecture for protecting multiple VMs with diverse operating systems such as Windows and Linux, both of 32-bit and 64-bit, which gives a fine-granularity protection to certain critical kernel data from kernel-level attacks.

    3. An adaptable and scalable membership management for the iTrust information search and retrieval system

      Yung-Ting Chuang

      Article first published online: 25 MAY 2015 | DOI: 10.1002/sec.1273

      Thumbnail image of graphical abstract

      The iTrust search and retrieval network is designed to impede attempts to censor information accessed over the Internet. In iTrust, a fully distributed membership algorithm and a detection/defensive adaptation algorithm act in concert to protect against malicious nodes in membership. By applying statistical inference for both algorithms, I was able to estimate these metrics quickly and accurately, despite a high rate of membership churn, a large number of malicious nodes, and a mere partial view of network membership.

    4. Detecting spam through their Sender Policy Framework records

      Devrim Sipahi, Gökhan Dalk��l��ç and Mehmet Hilal Özcanhan

      Article first published online: 25 MAY 2015 | DOI: 10.1002/sec.1280

      Thumbnail image of graphical abstract

      The spammers are purchasing domain names with Sender Policy Framework (SPF) records to use them for sending spam. In the present study, the Domain Name System/SPF records of spam-sending domain names are compared with that of non-spam-sending domain names, for improving SPF-based spam filtering. Research results show distinctive features between these two types of domain names.

    5. Use of Tsallis entropy in detection of SYN flood DoS attacks

      Ilija Basicevic, Stanislav Ocovaj and Miroslav Popovic

      Article first published online: 25 MAY 2015 | DOI: 10.1002/sec.1286

      Thumbnail image of graphical abstract

      The paper presents an application of Tsallis entropy in detection of SYN flood distributed denial of service attacks. Its performance is compared to a detector based on widely used Shannon entropy, in terms of detection rate and delay. The results show that Tsallis entropy-based detector can outperform the Shannon-based one but that requires careful tuning of Tsallis Q parameter.

    6. Identity-based proxy signatures: a generic construction and a concrete scheme from RSA

      Maryam Rajabzadeh Asaar, Mahmoud Salmasizadeh and Colin Boyd

      Article first published online: 25 MAY 2015 | DOI: 10.1002/sec.1284

      In this paper,a secure generic construction for identity-based proxy signatures from secure identity-based standard signatures is proposed. Then, the first identity-based proxy signature from RSA, secure under the one-wayness of RSA in the random oracle model has been proposed. It should be highlighted that the proxy key exposure attack cannot be applied to these constructions.

    7. Sealed-bid auction: a cryptographic solution to bid-rigging attack in the collusive environment

      Jaydeep Howlader and Ashis Kumar Mal

      Article first published online: 25 MAY 2015 | DOI: 10.1002/sec.1268

      Thumbnail image of graphical abstract

      Auction is an efficient and rational way to establish the price in the open market. Sealed bidding is a form of auction that offers the bidders to submit their bids confidentially. However, sealed-bid auction is subject to bid-rigging attack. This paper presents a receipt-free mechanism to counter the bid-rigging attack in a collusive environment.

  2. Research Article

    1. FFT-based multidimensional linear attack on PRESENT using the 2-bit-fixed characteristic

      Lei Zheng and Shao-wu Zhang

      Article first published online: 22 MAY 2015 | DOI: 10.1002/sec.1278

      Thumbnail image of graphical abstract

      This paper proposes a new characteristic of the cryptographic function, called 2-bit-fixed characteristic, as a generation of the linear characteristic and gives a multidimensional linear attack on 27-round PRESENT, which is the first attack of 27-round PRESENT. We apply the fast Fourier transform (FFT) in the multidimensional linear attack using the 2-bit-fixed characteristic.

  3. Special Issue Papers

    1. A changeable personal identification number-based keystroke dynamics authentication system on smart phones

      Ting-Yi Chang, Cheng-Jung Tsai, Wang-Jui Tsai, Chun-Cheng Peng and Han-Sing Wu

      Article first published online: 22 MAY 2015 | DOI: 10.1002/sec.1265

      Thumbnail image of graphical abstract

      In this paper, a novel keystroke dynamics-based authentication (KDA) system by which the users could change their passwords anytime without retraining is proposed. According to the experimental results, the proposed predictable mechanism does scaffold the KDA system to accurately distinguish legitimate users from impostors when the users changed their passwords.

  4. Research Articles

    1. Survey and benchmark of lightweight block ciphers for MSP430 16-bit microcontroller

      Mickaël Cazorla, Sylvain Gourgeon, Kévin Marquet and Marine Minier

      Article first published online: 20 MAY 2015 | DOI: 10.1002/sec.1281

      Thumbnail image of graphical abstract

      This paper evaluates several lightweight block ciphers on sensors equipped with the MSP430 micro-controller.

    2. Intraclass and interclass correlation coefficient-based feature selection in NIDS dataset

      Alampallam Ramaswamy Vasudevan and Subramanian Selvakumar

      Article first published online: 20 MAY 2015 | DOI: 10.1002/sec.1269

      Thumbnail image of graphical abstract

      A framework for the construction of labeled network intrusion detection system dataset with the application of intra-class correlation coefficient and inter-class correlation coefficient has been proposed in this paper to achieve efficient target class-specific feature subset in countering an attack type. Proposed methods achieve an increase in detection rate of attacks, decrease in execution time of learning algorithms and false alarms of normal and attack classes in the network intrusion detection system datasets, and determination of threshold value for selection of feature weights.

    3. Towards modelling perfect forward secrecy in two-message authenticated key exchange under ephemeral-key revelation

      Zheng Yang, Wu Yang, Lingyun Zhu and Daigu Zhang

      Article first published online: 19 MAY 2015 | DOI: 10.1002/sec.1263

      Thumbnail image of graphical abstract

      We examine the recently introduced CF and CF-perfect forward secrecy (PFS) models for a two-message authenticated key exchange (TMAKE) by Cremers et al. We notice that the implication relations among CF, CF-PFS, eCK and eCK-PFS models have not been completely studied. We provide new result on the generic security-strengthening transformation (compiler) for building CF-PFS secure TMAKE protocols. We show that it is possible to apply the transformation to all CF secure AKE protocols including all eCK-secure TMAKE protocols in the random oracle model.

    4. Optimized Karatsuba squaring on 8-bit AVR processors

      Hwajeong Seo, Zhe Liu, Jongseok Choi and Howon Kim

      Article first published online: 18 MAY 2015 | DOI: 10.1002/sec.1279

      Thumbnail image of graphical abstract

      In this paper, we present an optimized Karatsuba squaring method for 8-bit AVR processors.We compute the multiplication part with the fastest Karatsuba multiplication, and then the remaining two squaring parts are conducted with the fastest sliding block doubling squaring.

  5. Research Article

    1. Deciphering privacy leakage in microblogging social networks: a measurement study

      Gaoxiang Li, Di Wu, Junfeng Shen and Tingting Li

      Article first published online: 18 MAY 2015 | DOI: 10.1002/sec.1244

      Thumbnail image of graphical abstract

      We find that verified users prefer to disclose more information on their profile pages than unverified users, and the youth and singles normally have a higher open degree. We also show the feasibility to identify the closest friends of a user. We observe that unverified users leak slightly more privacy than verified users, and men are only a bit more open than women.

  6. Research Articles

    1. First step towards preserving the privacy of cloud-based IDS security policies

      Tytus Kurek, Artur Lason and Marcin Niemiec

      Article first published online: 11 MAY 2015 | DOI: 10.1002/sec.1272

      Thumbnail image of graphical abstract

      The following paper proposes and presents three novel solutions as a first step towards preserving the privacy of cloudbased intrusion detection system security policies. All the solutions utilize hybrid cloud architecture, as this is a leading trend in the cloud-based intrusion detection systems market, and share the concept of performing the most computationally expensive operations, which are pattern-matching operations, in the public cloud.

    2. An anonymous and secure biometric-based enterprise digital rights management system for mobile environment

      Ashok Kumar Das, Dheerendra Mishra and Sourav Mukhopadhyay

      Article first published online: 11 MAY 2015 | DOI: 10.1002/sec.1266

      Thumbnail image of graphical abstract

      We have presented a secure and efficient biometric-based content distribution scheme for the enterprise digital rights management system suitable for mobile environment. Our scheme protects user's anonymity and satisfies the other desirable security attributes. Our scheme supports mutual authentication and key agreement where a user can correctly identify the source and establish a secure session key. Our scheme is computationally efficient when compared with other existing schemes, and the rigorous formal and informal security analyses show that our scheme is secure.

    3. Efficient revocable identity-based encryption from multilinear maps

      Xianping Mao, Junzuo Lai, Kefei Chen, Jian Weng and Qixiang Mei

      Article first published online: 11 MAY 2015 | DOI: 10.1002/sec.1274

      Thumbnail image of graphical abstract

      We develop a new approach to constructing an efficient revocable Identity-Based Encryption (IBE) scheme. Our approach utilizes recent advances in multilinear maps and combines a two-level hierarchical IBE scheme with a revocation encryption system. In our revocable IBE scheme, both the public parameters and the private key are constant-size, and the size of the update key at some time is only proportional to the number of revoked users at the time.

  7. Special Issue Papers

    1. You have full text access to this OnlineOpen article
      Policy-based communications for 5G mobile with customer edge switching

      Raimo Kantola, Jesus Llorente Santos and Nicklas Beijar

      Article first published online: 11 MAY 2015 | DOI: 10.1002/sec.1253

      Thumbnail image of graphical abstract

      This paper suggests controlling all traffic admissions in 5G using policies. The paper describes how by extending network address translators to cooperative firewalls, hosts in a private address space can communicate smoothly with hosts in another private address space, while flow admission is controlled by policy. Policies executed by edge nodes eliminate source address spoofing and DDoS and can blend the boundary of open and closed networks helping to provide ultra-reliable networking and supporting the idea of “Anything-as-a-Service”.

    2. SecIoT: a security framework for the Internet of Things

      Xin Huang, Paul Craig, Hangyu Lin and Zheng Yan

      Article first published online: 11 MAY 2015 | DOI: 10.1002/sec.1259

      Thumbnail image of graphical abstract

      This paper includes an investigation into the security requirements of three different characteristic Internet of Things (IoT) scenarios (concretely, body IoT, home IoT, and hotel IoT), a design of new authentication mechanisms, and an access control subsystem with fine-grained roles and risk indicators. Our prototype security framework gives us an insight into some of the major difficulties of IoT security and provides some feasible solutions.

    3. ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services

      Béla Genge and Călin Enăchescu

      Article first published online: 11 MAY 2015 | DOI: 10.1002/sec.1262

      Thumbnail image of graphical abstract

      This paper expands the features exposed by Shodan with vulnerability assessment capabilities embedded into a novel tool called ShoVAT. ShoVAT takes the output of traditional Shodan queries and performs an in-depth analysis of service-specific data. Extensive comparison is performed between ShoVAT's features and the capabilities exposed by tools such as nmap, ZenMap, p0f, PRADS, Nessus, NetGlean, SinFP, and Hershel. The experiments conducted on 1501 services in 12 different institutions revealed a total of 3922 known vulnerabilities.

SEARCH

SEARCH BY CITATION