Security and Communication Networks

Cover image for Vol. 9 Issue 10

Early View (Online Version of Record published before inclusion in an issue)

Edited By: Hsiao-Hwa Chen and Hamid R. Sharif

Impact Factor: 0.72

ISI Journal Citation Reports © Ranking: 2014: 54/77 (Telecommunications); 100/139 (Computer Science Information Systems)

Online ISSN: 1939-0122

  1. Research Articles

    1. JS-SAN: defense mechanism for HTML5-based web applications against javascript code injection vulnerabilities

      Shashank Gupta and B. B. Gupta

      Version of Record online: 19 FEB 2016 | DOI: 10.1002/sec.1433

      Thumbnail image of graphical abstract

      This article presents a Google Chrome extension-based framework i.e. JS-SAN (JavaScript SANitizer) that detects and alleviates the effect of JavaScript code injection vulnerabilities from the platforms of real world HTML5 Web applications. The framework performs the clustering on the malicious/untrusted JavaScript code and accordingly performs the sanitization on such code. Experimental results indicate that JS-SAN is capable of detecting this malicious code with low false positive and false negative rate and enhances the runtime sanitization process on such code.

    2. On the estimation of the second largest eigenvalue of Markov ciphers

      Weijia Xue, Tingting Lin, Xin Shun, Fenglei Xue and Xuejia Lai

      Version of Record online: 17 FEB 2016 | DOI: 10.1002/sec.1465

      Thumbnail image of graphical abstract

      We apply two second largest eigenvalue estimating methods to the transition matrix of IDEA(8) and investigate the accuracy of them. We present a simple relation between the second largest eigenvalue and the number of iterations that the Markov cipher requires against differential cryptanalysis. We show the necessary condition of the matrix decomposition method

    3. An energy efficient encryption method for secure dynamic WSN

      Mohamed Elhoseny, Xiaohui Yuan, Hamdy K. El-Minir and Alaa Mohamed Riad

      Version of Record online: 17 FEB 2016 | DOI: 10.1002/sec.1459

      Thumbnail image of graphical abstract

      This paper proposes a novel encryption method to secure data transmission in wireless sensor network with dynamic sensor clusters. Our method leverages elliptic curve cryptography algorithm to generate binary strings for each sensor and combines with node ID, distance to the cluster head, and the index of transmission round to form unique 176-bit encryption keys. Using exclusive OR, substitution, and permutation operations, encryption and decryption are achieved efficiently. Compared with the state-of-the-art methods, our results demonstrated that the proposed method exhibits much improved network lifetime and reduces the energy consumption most evenly among all sensor nodes. The numerical example illustrates the security strength of our encryption method. More importantly, our method overcomes a number of attacks including brute-force attack, HELLO flood attack, selective forwarding attack, and compromised cluster head attack.

    4. Public-key encryption with keyword search secure against continual memory attacks

      Chengyu Hu, Rupeng Yang, Pengtao Liu, Zuoxia Yu, Yongbin Zhou and Qiuliang Xu

      Version of Record online: 12 FEB 2016 | DOI: 10.1002/sec.1451

      Thumbnail image of graphical abstract

      In this paper, we propose a method of constructing public-key encryption with keyword search scheme (PEKS) secure against continual memory attacks which allow the adversary to continually obtain secret key leakage in the trapdoor generation algorithm. Our method applies identity-based encryption(IBE)-to-PEKS transformation to a master-key leakage-resilient anonymous IBE scheme. Also, we give a concrete master-key leakage-resilient anonymous IBE scheme which can be used to construct a concrete PEKS scheme secure against continual memory attacks.

    5. A privacy-preserving group authentication protocol for machine-type communication in LTE/LTE-A networks

      Anmin Fu, Jianye Song, Shuai Li, Gongxuan Zhang and Yuqing Zhang

      Version of Record online: 12 FEB 2016 | DOI: 10.1002/sec.1455

      Thumbnail image of graphical abstract

      Supporting a large number of low-power devices transmissions is an important issue in long-term evolution/long-term evolution advanced networks. In this paper, we proposed a novel group authentication scheme, which can simultaneously authenticate a group of machine-type communication devices by adopting aggregate message authentication code and providing robust privacy-preserving including user anonymity, unlinkability, and traceability. Theoretical analysis and simulation results show that our scheme can fulfill more security requirements and have a good performance.

    6. Design of an efficient and provably secure anonymity preserving three-factor user authentication and key agreement scheme for TMIS

      Mohammad Wazid, Ashok Kumar Das, Saru Kumari, Xiong Li and Fan Wu

      Version of Record online: 11 FEB 2016 | DOI: 10.1002/sec.1452

      Thumbnail image of graphical abstract

      We have proposed a new provably secure and efficient three-factor remote user authentication scheme for the telecare medicine information system. Using the formal and informal security analysis, we have shown our scheme defends various possible attacks. Further, the computational and communication costs of our proposed scheme are comparable with those for Amin-Biswas's scheme and other related existing schemes.

  2. Special Issue Papers

    1. Generic transformations for existentially unforgeable signature schemes in the bounded leakage model

      Yuyu Wang and Keisuke Tanaka

      Version of Record online: 11 FEB 2016 | DOI: 10.1002/sec.1436

      Thumbnail image of graphical abstract

      This paper presents generic transformations that allow us to be able to convert any signature scheme satisfying the weak existential unforgeability property into one satisfying the strong existential unforgeability property in the bounded leakage model, in which part of the secret information could be learned by the adversary. To achieve such transformations, we define a new cryptographic primitive called leakage resilient chameleon hash function and give an instantiation of it based on leakage resilient hard relation.

    2. A lattice-based partially blind signature

      Haibo Tian, Fangguo Zhang and Baodian Wei

      Version of Record online: 11 FEB 2016 | DOI: 10.1002/sec.1439

      Thumbnail image of graphical abstract

      This paper proposed a round-efficient partially blind signature (PBS) based on lattice problems. It normally needs three rounds to produce a PBS. An independent exception procedure is employed to replace unqualified signatures with qualified ones.

  3. Research Articles

    1. TSSDroid: realization of an efficient and usable TSS API for the Android software stack

      Sohail Khan, Mohammad Nauman, Abu Talib Othman, Shahrulniza Musa and Toqeer Ali Syed

      Version of Record online: 11 FEB 2016 | DOI: 10.1002/sec.1448

      Thumbnail image of graphical abstract

      We present the design of a high-level application programing interface (API) that allows Android-based smartphone application developers to adopt Trusted Computing and use it in their applications without having to learn the intricate details of how Trusted Computing works. The API abstracts away the complexity in using Trusted Computing constructs by offering easy-to-use interfaces for complex tasks.

    2. A deep learning approach for detecting malicious JavaScript code

      Yao Wang, Wan-dong Cai and Peng-cheng Wei

      Version of Record online: 11 FEB 2016 | DOI: 10.1002/sec.1441

      Thumbnail image of graphical abstract

      Most of the machine learning-based approaches for detecting malicious JavaScript code depend on manually designed features. This paper proposed a deep learning-based approach to analyze JavaScript code features automatically with little manual intervention. By using the learned features from our deep learning framework, a logistic regression classifier can efficiently detect malicious JavaScript code and has sufficient capacity to discover unknown attacks.

    3. Testifying the digital artifacts for line application program under Mac OS X from the aspects of witness experts

      Hai-Cheng Chu and Han-Chieh Chao

      Version of Record online: 10 FEB 2016 | DOI: 10.1002/sec.1426

      Thumbnail image of graphical abstract

      The figure illustrates the design of the experiment of this research work targeting on the digital artifacts disclosure for LINE application program.

  4. Special Issue Papers

    1. Proxy re-encryption via indistinguishability obfuscation

      Satsuya Ohata and Kanta Matsuura

      Version of Record online: 10 FEB 2016 | DOI: 10.1002/sec.1445

      Thumbnail image of graphical abstract

      In this paper, we proposed a uni-directional multi-hop proxy re-encryption scheme via an indistinguishability obfuscation.

  5. Research Articles

    1. DroidScreening: a practical framework for real-world Android malware analysis

      Junfeng Yu, Qingfeng Huang and CheeHoo Yian

      Version of Record online: 10 FEB 2016 | DOI: 10.1002/sec.1430

      Thumbnail image of graphical abstract

      DroidScreening framework consists of three main component parts: a static multiple types feature extractor, LAC-based screening module, and trigger-induced dynamic analysis system. Experimentation on malware datasets and using LAC with traditional learning approaches show that the LAC algorithms outperformed other classification algorithms.

  6. Special Issue Papers

    1. Strongly average-case secure obfuscation: achieving input privacy and circuit obscurity

      Mingwu Zhang, Yi Mu, Jian Shen and Xinyi Huang

      Version of Record online: 10 FEB 2016 | DOI: 10.1002/sec.1435

      Thumbnail image of graphical abstract

      Construction of a strongly average-case secure obfuscation for the re-encryption circuit. Wiley Online

    2. Verifiable attribute-based proxy re-encryption for secure public cloud data sharing

      Suqing Lin, Rui Zhang and Mingsheng Wang

      Version of Record online: 10 FEB 2016 | DOI: 10.1002/sec.1446

      Thumbnail image of graphical abstract

      Attribute-based proxy re-encryption (AB-PRE) is applicable for updating the access control of the attribute-based encrypted data from delegation. Most existing AB-PRE schemes require that the proxy execute the re-encryption honestly; however, that is not the case for the public cloud. We introduce verifiability for AB-PRE and propose a generic construction of AB-PRE with verifiable re-encryption (AB-VPRE) for secure data sharing in the public cloud.

  7. Research Articles

    1. Insecurity of a certificateless aggregate signature scheme

      Hui Zhang

      Version of Record online: 10 FEB 2016 | DOI: 10.1002/sec.1447

      Thumbnail image of graphical abstract

      This paper proposes two concrete attacks against the certificateless aggregate signature scheme of Chen et al. to show that their scheme is not secure for practical applications, that is, the adversary can forge a signature of any message.

    2. A secure image encryption algorithm based on chaotic maps and SHA-3

      Guodong Ye and Xiaoling Huang

      Version of Record online: 5 FEB 2016 | DOI: 10.1002/sec.1458

      Thumbnail image of graphical abstract

      To resist efficiently the chosen-plaintext and known-plaintext attacks, a chaotic maps and SHA-3-based image encryption algorithm is proposed in this paper under permutation-diffusion architecture. With an auto-updating system, the control parameter and initial condition of Logistic map are produced according to different plain images in the stage of permutation. Then, in diffusion stage, three initial conditions of 3D chaotic cat map are auto-updated with the help of SHA-3 function to the last sub-block of permuted image performing like one-time pad.

  8. Special Issue Papers

    1. Two new message authentication codes based on APN functions and stream ciphers

      Teng Wu and Guang Gong

      Version of Record online: 5 FEB 2016 | DOI: 10.1002/sec.1456

      Thumbnail image of graphical abstract

      This paper presents two new message authentication codes based on almost perfect nonlinear functions. Both message authentication codes have provable security and high efficiency. They are designed for resource-constrained devices, for example, cellphone.

  9. Research Articles

    1. A secure authentication scheme with provable correctness for pay-TV systems

      Hsiao-Ling Wu, Chin-Chen Chang and Chin-Yu Sun

      Version of Record online: 4 FEB 2016 | DOI: 10.1002/sec.1449

      Thumbnail image of graphical abstract

      A pay-television (TV) system allows the subscribers to pay for the specific channels they want to watch. If we consider that m users subscribe to n channels in traditional schemes for pay-TV, the time complexity will be O(mn). It is lower efficiency for user on the pay-TV system. But, in this paper, we proposed a novel authentication scheme for pay-TV systems based on Chebyshev chaotic maps, and the time complexity only needs O(m). The purpose of our scheme is focus on efficiency and security. The security and performance analyses showed that our proposed scheme satisfies the essential functionality requirements, with stands potential attacks, and is suitable for real-world practical implementation. Furthermore, the Burrows–Abadi–Needham logic model was used to prove the correctness of our proposed scheme for the mutual authentication between users and the server.

    2. Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain

      Dongwoo Kang, Jaewook Jung, Jongho Mun, Donghoon Lee, Younsung Choi and Dongho Won

      Version of Record online: 4 FEB 2016 | DOI: 10.1002/sec.1432

      Thumbnail image of graphical abstract

      Authentication scheme with key agreement is used to overcome security threat in the existing scheme such as Djellali's scheme and its derivatives. We analyze our scheme compared with existing scheme and prove more resistant to various attacks and lower computational cost.

SEARCH

SEARCH BY CITATION