Earticle

This paper presents a technique for secret communication using cryptography and steganography. The cryptographic algorithm is a block cipher with a block length of 128 bits and key length of 256 bits. The secret message is encrypted by this block cipher. Two cipher text bits are to be embedded in each pixel of the image. Each pixel is 8 bits. The embedding locations in a pixel are: 6th and 7th bit locations or 7th and 6th bit locations or 7th and 8th bit locations or 8th and 7th bit locations depending upon the cipher text bits. The 8th bit means the least significant bit (LSB). As the embedding locations are decided at the run time of the algorithm, so it is called as dynamic steganography. The technique is experimented and results are discussed.

Information is a fundamental asset within any organization and the protection of this asset, through a process of information security is of equal importance. COBIT and ISO27001 are as reference frameworks for information security management to help organizations assess their security risks and implement appropriate security controls. One of the most important sections of IT within the COBIT framework is information security management that cover confidentiality, integrity and availability of resources. Since the issues raised in the information security management of COBIT, are the area covered by the ISO/IEC27001 standard, the best option to meet the information security management in COBIT infrastructure, is using of ISO/IEC27001 standard. For coexistence of and complementary use of COBIT and ISO27001, mapping of COBIT processes to ISO/IEC 27001 controls is beneficial. This paper explores the role of information security within COBIT and describes mapping approach of COBIT processes to ISO/IEC27001 controls for information security management.

Substitution boxes are among the most critical components of a secure block cipher de- sign. A substitution box or, for short, SBox, is a set of Boolean functions implementing a nonlinear mapping of inputs to outputs and it is employed for mixing the input of the cipher with the encryption key so that the output of the cipher reveals no information about the encryption key. Over the years, a number of good practices have evolved that, if employed, can lead to the construction of SBoxes with good security properties that lead to the cipher’s resistance against known and envisaged cryptanalysis techniques. One such practice is the employment of particular classes of Boolean functions that possess a number of desirable properties. A drawback of such an approach is that it is frequently a computationally demanding task to check that the employed Boolean functions and the resulting SBox have the target properties. In this paper we describe a distributed algorithm that can accelerate significantly the construction of SBoxes with desirable cryptographic properties. The algorithm has been implemented on a computer cluster and it is fully parametric, with respect to the type of Boolean functions it can use as constituents of the SBox. A designer can use a class of Boolean functions with algorithmically definable properties in order to produce SBoxes of arbitrary sizes. We also present evidence for the algorithm’s efficiency by comparing it with the best sequential approach available in a series of different experimental setups.

In this paper, a semi-blind biometric watermarking scheme is proposed for fingerprinting application. Watermark is derived from face image using Principal Component Analysis. These face features are then embedded in host image using block-based watermarking scheme, which uses Singular Value Decomposition transform. This watermarking scheme works by initially dividing the original image into non-overlapping blocks, applying the SVD transform to each of them and subsequently embedding a watermark into the singular vectors. Each watermark value is embedded by modifying angles formed by the right singular vectors of each block with respect to some arbitrary plane. During embedding process the orthogonal property of the right singular vectors matrix is preserved. After extracting the features from watermarked host image it is correlated with face database features to get the approximately correct image. The robustness of this watermarking technique is tested by applying various attacks.

Recommendation systems are information-filtering systems that help users deal with in- formation overload. Unfortunately, current recommendation systems prompt serious privacy concerns. In this work, we propose an architecture that enables users to enhance their privacy in those systems that prole users on the basis of the items rated. Our approach capitalizes on a conceptually-simple perturbative technique, namely the suppression of ratings. In our scenario, users rate those items they have an opinion on. However, in order to avoid being accurately profiled, they may want to refrain from rating certain items. Consequently, this technique protects user privacy to a certain extent, but at the cost of a degradation in the accuracy of the recommendation. We measure privacy risk as the Kullback-Leibler divergence between the user's and the population's rating distribution, a privacy criterion that we proposed in previous work. The justification of such a criterion is our second contribution. Concretely, we thoroughly interpret it by elaborating on the intimate connection between the celebrated method of entropy maximization and the use of entropies and divergences as measures of privacy. The ultimate purpose of this justification is to attempt to bridge the gap between the privacy and the information-theoretic communities by substantially adapting some technicalities of our original work to reach a wider audience, not intimately familiar with information theory and the method of types. Lastly, we present a formulation of the optimal trade-off between privacy and suppression rate, what allows us to formally specify one of the functional blocks of the proposed architecture.

Security focused OS (Secure OS) is attracting attention as a method for minimizing damage caused by various intrusions. Secure OSs can restrict the damage due to an attack by using Mandatory Access Control (MAC). In some projects, secure OSs for Linux have been developed. In these OSs, different implementation methods have been adopted. However, there is no method for easily evaluating the performance of the secure OS in detail, and the relationship between the implementation method and the performance is not clear. The secure OS in Linux after version 2.6 has often been implemented by Linux Security Modules (LSM). Therefore, we determine the effect of introducing the secure OS on the performance of the OS by using the overhead measurement tool, the LSM Performance Monitor (LSMPMON). This paper reports the evaluation results of three secure OSs on Linux 2.6.36 by LSMPMON. The results show the effect of introducing the secure OS.

Radio frequency identification (RFID) is one of the key technologies which constitute internet of things. Security and privacy issues of RFID systems is the focus of the present study. By analyzing several typical RFID security protocols, for the special security requirements of RFID systems in internet of things, in the paper, we propose a communication protocol SPAP(security-provable authentication protocol), then analyze and demonstrate the security of the protocol in details by the random oracle model. Analysis show that the protocol not only can solve the tag tracking, replay attack, cloning attack and the tag information indistinguishable, but also can solve the internal attack and the ownership transfer of tags and other issues of RFID Systems in internet of things. Finally, according to the comparisons, SPAP has the best performance.

For the fully homomorphic encryption schemes in [3, 6], this paper presents attacks to solve an equivalent secret key and directly recover plaintext from ciphertext for lattice dimensions n=2048 with lattice reduction algorithm. Given the average-case behavior of LLL in [8] is true, then their schemes are also not secure for n=8192.

In this paper, we architected a document control system for monitoring leakage of important documents related to military information. Our proposed system inspects all documents when they are downloaded and sent. It consists of 3 modules; authentication module, access control module and watermarking module. The authentication module checks insider information for allow to log on system. The access control module control access authorization to do operations by insiders according to their role and security level. The watermarking module is used to track transmission path of documents. The document control system controls illegal information flow by insiders and does not allow access to documents which are not related to the insider’s duties.

Combining the advantages of WLANs and ad hoc networks, wireless mesh networks (WMNs) are wireless access networks based on IP technologies and have become effective broadband access networks with high capacity, high speed and wide coverage. Security is a crucial and urgent problem in WMNs as in other types of networks and a simple and effective distributed key management is essential for the establishment of secure WMNs. In this paper, we present an effective distributed key management scheme based on several technologies, such as ad hoc network model, ECC, (t, n) threshold cryptographic method, verifiable secret sharing and so on, and demonstrate its effectiveness through analysis and experiment.

In this paper, a combination methodology of Discrete Cosine Transform (DCT) and an improved D-LDA and Neural Networks was proposed. DCT can compress the information of original signal efficiently, so we reduce the dimension firstly and then extract features by improved D-LDA on the low dimension space to overcome the shortages of LDA maximally. After calculating the eigenvectors and a new Fisher’s criterion using improved D-LDA algorithm we proposed, the projection vectors are calculated for the training set and then used to train the neural networks for human identity. The experimental results on ORL face database show that this combined method has well performance.

Although the smart card brings conveniences, it also increases the risk in the case of lost cards. When the smart card is possessed by an attacker, the attacker will possibly attempt to analyze the secret information within the smart card to deduce the authentication mechanism of the server and then forge user credentials or break the entire authentication system In this paper, we analyze the lost smart card attack from Juang et al.’s scheme [5] that proposes password authenticated key agreement. In order to bolster the security of the entire system, we mitigated some of its weaknesses.

The security of information in wireless communication is a hot issue for researchers throughout the technical globe and uses different techniques to secure the information. One of the techniques is Direct Sequence Spread Spectrum. In DSSS a barker code is use for converting the narrowband information signal into a much wider bandwidth. As the anti-security group is also in search of breaking chain of security for leaking out the information, so in DSSS the great threat is the breakage of the code used for spreading of the signal, if the attacker comes to know the code through somehow than all the information could be loss. In this paper we proposed a technique/idea in which the security of the information will not be loss even the hijacker break the code. We will encrypt the code first, and will use both the original and encrypted barker code. The proposed name for this technique is dual coded direct sequence spread spectrum-DC-DSSS.

In this paper, we propose test items and methods for security functions of Mobile Device Management agent. Recently, many enterprises are adopting Mobile Device Management system to manage smart phones and tablet PCs used in business. However, there is no criteria to test whether such Mobile Device Management system correctly provide required security functions and whether such functions are secure. Especially, no criteria have been established as yet to test an agent which is installed on the mobile devices and directly controls the mobile devices. Therefore, we propose the first test methodology to test the Mobile Device Management agent by identifying security requirements and drawing test items and methods. The proposed items and methods are practical since we illustrate the test items, their processes, and real world test methods for Android devices.

Security threats are considered the main barrier that precluded potential users from reaping the compelling benefits of the cloud computing model. Unfortunately, traditional password authentication jeopardizes user privacy. Anonymous password authentication (APA) represents a promising method to maintain users’ privacy. However, the major handicap that faces the deployment of APA is the high computation cost and inherent shortcomings of conventional password schemes. In our proposed scheme, we present a new setting where users do not need to register their passwords to service provider. They are supplied with the necessary credential information from the data owner. Furthermore, for enabling the service provider to know the authorized users, data owner provides the service provider with some secret identity information that is derived from the pair (username/password) of each user. Our approach shows good results in terms of high scalability which makes our scheme more suitable to the cloud environment, strong authentication that withstands different known attacks.

In a tactical field, wireless communication is prevailed among military agents and vehicles, but it is fragile by jamming attack from an adversary because of the wireless shared medium. Jamming attack is easily achieved by emitting continuous radio signal and it can interfere with other radio communications within the network. Channel switching over multiple channels or route detouring have been proposed to restore communication from jamming attacks, but they require a special radio system or knowledge of network topology. In this paper, in order to overcome limitations of the previous research, we propose a new robust rate adaptation scheme that is resilient to jamming attack in a wireless multi-hop tactical network. The proposed rate adaptation scheme detects jamming attack and selects the data transmission mode which has the expected maximum throughput based on the successful transmission probability. Through the performance evaluations, we prove rate adaptation scheme that improves packet delivery ratio and the wireless link utilization.

Biometric technology based on the biometric hardware security module is more frequently used: in various areas which requires a high level of reliability such as, banking, procurement services. Korea Biometric Test Center[1] are providing the services to check whether the biometric products are implemented in conformance with the international standard BioAPI v2.0 on which recent products are based since 2006. The BioAPI standard conformance test provides the benefits that standard conformance testing encourages the biometric technology product developer to comply with relevant standards. This paper is designed to provide the test methodology for operating biometric hardware security module which can evaluate BioAPI standard conformance of the BSP implementation object and to introduce the biometric hardware security module which is standardizing in ITU-T SG17 for adaptation of the national infrastructure.

Progressive image transmission (PIT) provides multiple image resolutions that favors a time-critical or a low-band channel environment. In this paper, a PIT based watermarking for multi-resolution image authentication is proposed. The image content with progressive characteristic is taken as the authentication code. The authentication code is then embedded according to multi-resolution image encoding. The experimental results show the validity of the proposed scheme. Malicious operations are detected progressively from multi-resolution images. The significant tampering can be detected firstly and slight tampering is detected in the later authentication stages. Furthermore, the tampered locations can be located correctly.

To increase the security of an embedded system, it is important to assure the security of the embedded Linux core in the system. Biological immune system is the core to assure the health of human body and this natural system inspire us to design the security mechanism for the Linux core. To defend the embedded Linux core against viruses and software faults, an immune computation is proposed. First, the embedded Linux is customized from the standard Linux by keeping the Linux core and deleting the unnecessary components. Immunization of the Linux core is designed into the process control, memory management, communication, driving programs, and file system. The artificial immune system of the embedded Linux core is built on the tri-tier immune model, and both viruses and software faults are detected as nonselfs. The selfs are the normal components and the nonselfs are foreign viruses, infected selfs, lost selfs and damaged selfs. This immunization technique will be tested on a prototype of embedded Linux core, by protecting the file system and repairing the damaged files.

This paper presents a text hiding scheme using Big-5 code. Some text-hiding schemes embed secret information at between-word and between-character by adding tabs or spaces. Liu et al. proposed a Chinese text data hiding scheme to divide the Chinese character into left and right parts for data embedding. However, the adjusted spaces or divided characters of between-word may look like strange and it may expose the risk of security. Therefore, we intend to design a text hiding scheme using Big-5 code. The secret is hidden into spaces between-word and between-character of a cover text by placing a Big-5 code either 20 or 7F. The visual quality of the stego-document is the same as the original document and therefore reducing the suspicious of attention by hackers. Experimental results show that the visual quality of the proposed scheme achieves good results and feasibility.

We propose an Encrypted Verification Method (EVM) that effectively detects a black hole attack. A detection node that receives an RREP from a suspicious node sends an encrypted verification message directly to destination along the path included in the RREP for verification. The approach not only pins down the black hole nodes, but also reduces control overhead significantly. We prove by resorting to simulation that EVM is highly dependable against the black hole attack.

With the rise of privacy protection awareness and legal norms, we should preserve individual health data confidentiality through de-identification operations while providing “as needed” health information for the doctor's diagnosis and treatment, the heath research study and other health management applications. Traditional privacy risk management systems mainly focus on reducing the re-identification risk but fail to consider the information loss. In addition, when faced with a high-risk situation, they cannot efficiently locate the source of the problem. This paper proposes the Hiatus Tailor (HT) system, which maintains low re-identification risk while providing more authenticated information to database users and identifying high-risk data in the database for better system management. The experimental results prove that compared to traditional risk management methods, the HT system achieves much lower information loss with the same risk of re-identification.

Modern web application systems are generally consisted of database systems in order to process and store business information. These systems are highly interesting to hackers as they contain sensitive information and the diversity and amount of attacks severely undermine the effectiveness of classical signature-based detection. In this work we propose a novel approach for learning SQL statements and apply machine learning techniques, such as one class classification, in order to detect malicious behavior between the database and application. The approach incorporates the tree structure of SQL queries as well as input parameter and query value similarity as characteristic to distinguish malicious from benign queries. We develop the learning system integrated in PHP and demonstrate the usefulness of our approach on real-world application.

This paper proposes a reversible blind image watermarking scheme for digital images based on discrete fractional random transform (DFRT). Based on a patchwork watermarking scheme, the proposed algorithm utilizes histogram rotation to embed a binary watermark in DFRT domain with strong information security. To evaluate the performance of the proposed scheme, several experiments are configured for block size, capacity (bits/pixel) as a function of embedding level. The results show the performances of proposed scheme are the same and/or the higher than the conventional histogram rotation scheme in [2]. But high security by DFRT is a unique in the proposed scheme while that is absent in the histogram rotation- based conventional scheme.

Recently, Lee et al. proposed a secure dynamic ID based remote user authentication scheme for multi-server environment. They claimed their scheme can remedy the weaknesses of prior schemes and is thus more effective. However, we find Lee et al.'s scheme still fails to achieve the anonymity and has the security weakness of a smart card clone. In this article, we shall propose a new scheme to improve Lee et al.’s scheme. Our scheme not only overcomes the weaknesses of Lee et al.'s scheme, but also maintains a high efficiency standard.

We propose a new mechanism to resolve the object tracking problem on the video security surveillance system. Our method of location calculation is based on the Chirp Spread Spectrum (CSS) method which is considered the three-dimensional space to improve degree of accuracy of location information. The suggested new mechanism can make intelligent tracking and recording for interesting objects so that make the amount of valid video high and improve video’s quality.

A robust and geometric invariant digital image watermarking scheme based on feature extraction and local Zernike transform is proposed in this paper. The Adaptive Harris Detector is proposed to extract feature patches for watermarking use. A local Zernike moments-based watermarking scheme is raised, where the watermarked patches can be obtained directly by inverse Zernike Transform. Each extracted circular patch is decomposed into a collection of binary patches and Zernike transform is applied to the appointed binary patches. Magnitudes of the local Zernike moments are calculated and modified to embed the watermarks. Inverse Zernike transform is applied to reconstruct the watermarked binary patch. Experimental results show that the proposed scheme is very robust against geometric distortion such as rotation, scaling, cropping, and affine transformation, and common signal processing.

This paper presents two parallel algorithms of basic arithmetic operations concerning multiple-precision integers over finite field GF(2n). The parallel algorithms of reduction operation and inversion-multiplication operation are designed by analyzing their data dependencies. Time complexities of the parallel algorithms and the sequential algorithms are calculated to make the quantitative comparison. The performance evaluation shows high efficiencies of the proposed parallel algorithms.

Configuration of security policies is one of the most important prerequisites for secure and credible running of secure operating systems. Although it is a hard, tedious and complicated task within which errors and bugs are incidental at all time. Accordingly, methods for automatic analysis of SELinux security policies are discussed in this paper. Firstly, security mechanism, security models and policy description language for SELinux are briefly introduced. Then a security analysis model is constructed in order to verify validity and integrity of security policies and all rules for Type Enhancement (TE), Role-Based Access Control (RBAC) are rewritten as formal expressions while all subjects, objects and elements are described as sets and mappings formally. Algorithms for analysis are designed based on such model. Comparing with that in SELinux Access Control (SELAC) model, scope of possible values for role can be reduced and thus a great many invalid security contexts are eliminated in our model. Finally, a prototype is implemented in C language and a security policy configuration case as to an application system called Student-Teacher system is designed to be used to test the prototype. Test results show that the prototype and corresponding methods can verify validity and integrity of policy configuration and are potential to be used to assist people to complete correct and reliable configuration.

Previous marking policy for the AF service of TCP traffic in the Diffserv network has no sufficient consideration on the effect of RTT and target rate of TCP connections. In this paper, in order to improve fairness index of TCP flows, we propose the TSW3CDM_FS(Time Sliding Window Three Color Dynamic Marker with Flow Status) based on average transfer rate estimation. The proposed algorithm is based on dynamic marking policy that allocates band-width in proportion to transmission rate of flows. We implement the proposed marking policy and evaluate the performance of the proposed marking policy by a computer simulation using NS2. From simulation results, the TSW3CDM_FS algorithm improves fairness index by comparison with TSW3CM.