Earticle

This paper proposes a DTSA(Detection Technique against a Sybil Attack) protocol so that it can provide vehicles with the secure information for the road situation and the traffic flow among vehicles and by detecting a Sybil attack. This DTSA uses SKC(Session Key based Certificate) to verify the IDs among vehicles, which generates a vehicle’s anonymous ID, a session key, the expiration date and a local server’s certificate for the detection of a Sybil attack. In conclusion, this DTSA reduces not only the detection time against a Sybil attack but also the verification time for ID by using a hash function and an XOR operation. Besides, a drivers’ privacy can be protected by using an anonymous ID. This DTSA helps drivers drive safely with the reliable information of VANET and reduce traffic accidents.

To protect the image integrity of the compressed images for block truncation coding (BTC), an image authentication scheme is proposed in this paper. In this scheme, the authentication data of each compressed image block is generated from the random value induced by the predefined random seed. The size of the authentication data can be selected according to the user’s requirement. Then, the authenticaiton data is embedded into the difference value between the quantization levels of each BTC-compressed image block. The experimental results reveal that the proposed scheme performs well in terms of detection precision and the embedded image quality.

Human identification via multibiometrics is a very promising approach to improve the overall system’s accuracy and recognition performance. In recent years, several approaches toward studying the fusion strategies of different biometric evidence have been proposed. However, there are a number of major problems detected on some of those approaches such as weakness against spoofing attacks and higher acceptable error rate. In this paper, a novel multibiometrics fusion strategy based on dual iris, visible and thermal face traits is proposed. Initially, the features of related biometrics (dual iris, visible with thermal faces) are fused in feature level. Then, the matching scores of iris and face traits are fused via triangular norm. The proposed multibiometrics fusion achieves higher identification performance as well as immune to spoofing attacks. All the simulation are performed based on a virtual multibiometrics database, which merges the challenging CASIA-Iris-Thousand database with noisy samples and the NVIE face database with visible and thermal face images. The results show that the proposed fusion strategy outperforms the state-of-the-art approaches in the literature.

This paper proposes a cooperated mutual authentication scheme for mobile base stations (MBS) that construct a Wireless Mesh Network (WMN) in the Tactical Information Communication Networks (TICN). To enhance the fighting capabilities and survivability of soldiers in battlefields, it is crucial to secure the communication and commands between soldiers and commanders. To achieve this goal, a reliable mutual authentication method is required to approve between MBS and the soldiers in the network. We apply EAP-TLS (Extensible Authentication Protocol – Transport Layer Security) for mutual authentication between mobile base stations that each hold authentication servers [1]. Also, we propose a cooperative authentication scheme that can substitute the authentication process between MBS and ultimately reduce the authentication overhead. We evaluate the proposed scheme using the Qualnet 5.0 simulator to verify the performance of our proposed schemes in Tactical Networks.

It is devised a new cryptosystem based on modified Reed Muller codes RM(r,m). The new cryptosystem is a modified version of Sidel'nikov's one. This allows to increase the security of the public key, and to reconsider Reed Muller codes as good candidates for using in secure encryption scheme. An efficient decoding with the Reed Muller decoding algorithm RM(r,m) and an increased level of security against attacks of the Sidel'nikov's crypto- system due to Minder and Shokrolahi are the main advantages of the modified version. Adding new columns implies longer codes, but this would not be a problem for decoding or deciphering because in decode one has only to deal with the words of the secret code belonging to the Reed Muller code RM(r,m). So the decoding phase would not suffer from this modification.

Remarkable improvements in recognition can be achieved through multibiometric fusion. Among various fusion techniques, score level fusion is the most frequently used in multibiometric system. In this paper, we propose a novel fusion algorithm based on False Reject Rate (FRR) and False Accept Rate (FAR) using Support Vector Machine (SVM). It transfers scores into corresponding FRRs and FARs, thus avoiding calculating posteriori probability of a certain score, as well as be capable of illustrating distribution of matching scores. The proposed method takes full advantages of both capabilities of FRR and FAR to describe the order of score and classification of SVM. Experimental results show that the proposed method outperforms existing representative approaches and can effectively improve the performance of multibiometric system.

This paper proposes a single sign-on scheme in which a user offers his credential information to children’s game network running the OSGi (Open Service Gateway Initiative) service platform, to obtain user authentication and control a remote device through a mobile device using this authentication scheme, based on SAML (Security Assertion Markup Language). By defining the single sign-on profile to overcome the handicap of the low computing and memory capability of the mobile device, we provide a clue to applying automated user authentication to control a remote device using a mobile device for distributed mobile environments including children’s game network based on OSGi.

In consumer communications, entities, i.e., users, hand-held devices, etc., that connect to or interact with each other may know little about each other or without any prior knowledge. Therefore, in many applications, before a serious interaction begins, certain level of trust must be established between the interacting entities, which may require that some information that may contain privacy about the entities be exchanged between the entities. Thus, privacy protection and trust establishment are inter-related issues that should be properly balanced to ensure both smooth communication and proper privacy protection. In this paper, we focus on trust based privacy protection in consumer communications by elaborating on three key issues: (1) quantification of privacy, (2) characterization of the relationship between privacy and trust, and (3) influence of trust on privacy protection. With trust based privacy protection, prior to an interaction, entities can set their privacy preferences conveniently and, during the interaction, they can choose their policies freely such as specifying whether privacy protection takes a higher priority than trust establishment, or vice versa. Our analysis and simulation experiment show that through using proper privacy protection patterns, trust based privacy protection can satisfy diverse privacy protection requirements in consumer communications.

With increasing requirements of network users for intelligent security management, unified network security management has become a fashion, and a remarkable development trend is the adoption of an alert-centric event correlation manner. This paper then introduces Extenics into the study on alert-centric event correlation for unified network security management and proposes a formalized approach using basic-elements based on the extension theory. The proposed approach utilizes the basic-elements to formalize the representations of alerts, events, and also correlation policies for network security in a unified manner, and then makes full use of the extension theory to formalize basic operators for extension expressions and extension functions in order to realize alert-centric event correlation. Validation scenarios of timing constraints show that, the proposed approach provides a prospective way to alert-centric event correlation for unified network security management by introducing basic-elements and utilizing extension expressions and extension functions with the use of containing analysis, sequencing analysis and extension transformations based on the extension theory.

Fast beam tracking and beamforming technology are essential for the communication signal quality of high-capacity and high-quality. In this paper, we design a digital retrodirective array antenna (RDA) system possible for beamforming technology without any prior location information for signal quality improvement and security improvement. Simulation results show phase conjugation scheme has better BER performance about 1dB and 3dB at the source than that of without phase conjugation, when phase delay is 15° and 30°.

Model checking has proven to be a successful technology to verify real-time embedded and safety-critical systems. However an application of model checking in practice still requires manual construction of an environment model, which has a direct impact on verification cost. This paper suggests an automated scenario generation technique through a property-based static analysis of function-call relationship of the program source code. We present the scenario generation process and show application results on the Trampoline operating system using CBMC as a back-end model checker. The experimental result shows that our approach is able to reduce the verification cost significantly in terms of memory space and run time.

The enterprise internal information security faced with many hidden trouble, and information leakage has been the largest security problem. Firewall is the main technology to solve information leakage, but end-to-end cryptograph tunnel communication can through firewall information filtering detection. In order to prevent the information leakage, it is common to add the block rules in firewall. There is short of a simple and effective verification method for the correctness of firewall blocking rules. We raise a method to verify firewall rules based on dual-protocol. With 64 tunnel technology, virtual an external node, analog communication scene between inside and outside, to verify the effectiveness of firewall rules. The experiments shows that this method is simple to deploy, and can verify rules effectively.

A dynamic ID-based user authentication scheme is designed to protect leakage of a user’s partial information from intruders while enabling authenticated users to be granted access to the network service. In 2012, Wen and Li proposed a dynamic ID-based remote user authentication scheme with key agreement and claimed that their scheme resisted impersonation attacks and avoided leakage of partial information. However, Kim, et al., described that Wen and Li’s scheme could leak some key information to an adversary and is vulnerable to a man-in-the-middle attack launched by any adversary. In this paper, we show how to solve the vulnerabilities in Wen and Li’s scheme.

A cloud model was introduced to evaluate mobile network threat. As the qualitative knowledge representation and uncertainty handling method, the transform between qualitative concepts and their quantitative expressions become much easier and interchangeable. It bridges the gap between the rigidity of a mobile network system and the uncertainty of human thinking. Conclusion is given at last; it shows that the cloud model is effective and capable of directly analyzing the characteristics of mobile network threat evaluation.

In this paper a novel HTML le watermarking method is presented. An HTML file is to present the personality of a user or to advertise a company. In order to increase the robustness of the proposed watermarking, watermark data is concealed into the HTML file many times using a multi- channel system. The watermark data can be extracted from the watermarked HTML when arguing the copyright issue. Because the visual quality of watermarked HTML is one of the most important requirements in designing watermarking technique, the watermarked HTML will not have any perceptible distortion when watermark has been embedded into the HTML by the proposed method. Also, the voting strategy is adopted in the proposed method for achieving the robustness. Experimental results show that the proposed method is feasible for achieving copyright protection of HTML les.

In this paper, we develop wireless optical monitoring system using ZigBee network and Fiber Bragg Grating (FBG) sensor. FBG sensors are manufactured using the 248nm excimer laser and phase masks. The adopted wireless networking between PC and FBG interrogator is ZigBee, because ZigBee is a specification for a suite of high level communication protocols using small, low-power digital radios based on an IEEE 802 standard for personal area networks. Experimental results show that reflected wavelength values from FBG interrogator are well passed through ZigBee network.

With the development and application of RFID technology in Internet of Things (IOT), RFID system plays a more and more important role on privacy protection and information security of users. For the safety need of RFID system and the existing shortage of secure authentication protocols, we offer RFID mutual authentication protocol based on variable update. Mutual authentication is executed in RFID system through the characteristics of Hash function, which prevents the phenomenon of counterfeit in internal system. Meanwhile, we adopt the method of periodic updates System initial value to improve the level of security authentication, which overcomes the various safety attacks. The protocol has certain advantages on security capabilities and algorithm complexity with high safety and practicality.

In recent years, a large number of network security tools appear constantly. However, they all in the cohabitation of the state. This article designed a the network attack platform based on plug-in technology, the prototype system has good interactivity and scalability. The system can guide the platform operator to complete a variety of different types and complete steps network attack experiments, help the platform operator research and learn network attack methods. Moreover, the Attack Knowledge Base can integrate new network attack methods. Attack Knowledge Base can be constantly updated, so that the platform can be applied to future network attack experiments. So the design of such a system has a high practical significance for teaching and researching network attack methods.

Security management cost for securing information is increasing rapidly, as increasing the use of electronic information. In this paper, we focused on the two respects. The one is security level lifecycle of the sensitive information (SI). The other is SI that has characteristics to decrease security level over time. We proposed the method that total security management cost reducing than before applying by differential costing over security level lifecycle. Also, we considered of predictability on security level decrease together. Last, we expressed the cost reduction target area through a comparison of the cost model.

Recently, the illegal users with malicious intention utilize the file sharing site by making normal user's computer a zombie computer, which is a preliminary process for network intrusion attack. The propose scheme is divided into the method for real-time analysis for real-time tracking and the method of cooperative analysis method for non-real time analysis. By allowing the supervisors to choose the relevant analysis method selectively, we can conduct variable analysis depending on the network threat.

Wireless sensor networks (WSNs) are in an open wireless environment which is complex and volatile, and often subject to inadvertent or intentional interference, sensor networks can use frequency hopping technology to get away from the interference. Therefore how accurate and timely frequency hopping is particularly important issue. To solve that, this paper built a Bayesian frequency hopping game model based on Nash equilibrium game theory. The formal definition and quantified description of the impact factors in the game model are described, and Bayesian Nash equilibrium is proved. Through the simulation and analysis shows that this model with communication security awareness can improve the accuracy of the frequency hopping, make the time of frequency hopping become more rational, prolong the network lifetime and maintain the overall network connectivity.

It has become clear in software development that functionality and security must go hand in hand in cases where security concerns are to be incorporated early in stages of design. An essential aspect of such a process is threat modeling that integrates security with functional specification. Such an approach includes construction of two models: a functional model and a security (threat) model. The problem of integration involves assimilating security concerns while developing system specifications. One solution is to represent the dynamic behavior of security attacks as statechart diagrams and integrate the attacks into the functional behavior of the system; however, such an approach results in a complex set of fragmented descriptions lacking an underlying conceptual representation that can be tailored to include security concerns. This paper introduces a flow-based diagrammatic representation that includes such features. The advantages of the methodology are demonstrated through contrasting it with a statechart-based study case.

Two-factor user authentication is an important research issue for providing security and privacy in hierarchical wireless sensor networks (HWSNs). In 2012, Das, Sharma, Chatterjee and Sing proposed a dynamic password-based user authentication scheme for HWSNs. In this paper, we show weaknesses of Das et al.'s scheme such as failing to prevent user clone and disclosing of base station's secret key. Therefore, we suggest a simple countermeasure to prevent proposed attacks while the merits of Das, et al.'s authentication scheme are left unchanged.

Trust system plays a more and more important role in giving nodes incentives to cooperate in packet forwarding especially for wireless ad hoc networks. However, most existing works in this field either lack rigorous analysis of cost of their methods or have analysis in unrealistic models, which will clearly damage their effectiveness in real applications. In a previous work, Theodorakopoulos and Baras [1] develop a novel formulation of trust computation based on ordered semirings. In this paper, based on their work we proposed FROST (FRiendship and Ordered Semirings based Trust system) for wireless ad hoc networks. FROST introduce notion of friendship to reduce the trust table size and overhead while building and maintaining the trust system in large scale networks. Moreover, FROST use a more effective decaying model to enable the trust system to be more adaptive to the changing environment. Rigorous analysis and in-depth simulation show FROST has a good performance and can quantitatively measure reputation and defend trust system against malicious attacks.

In 2004, Das, et al.’s proposed the dynamic ID-based remote user authentication scheme to protect the user's anonymity. However, in 2005, Chein, et al.’s and Liao, et al.’s demonstrated that Das, et al.'s scheme failed to protecting user's anonymity. In addition, they showed that it was susceptible to guessing attack, so that it might expose the password to the remote system. In 2006, Liou, et al.’s proposed a new scheme which aimed to resolve the security vulnerabilities of Das, et al's scheme such as mutual authentication and malicious server attacks. However, in 2010, Sood, et al.’s demonstrated that Liou, et al's scheme is susceptible to impersonal attack, malicious user attack, man in the middle attack and offline password guessing attack. To resolve those vulnerabilities, Sood, et al.’s proposed new scheme. However, as a result of analysis of the new scheme proposed by Sood, et al., it is still vulnerable to malicious legal user attack and various attacks such as forgery, insider and database. In this paper, we propose an improvement to the Sood, et al.’s scheme in order to resolve such problems.

An efficient Turbo Frequency Domain Equalization (FDE) based on symbol-wise minimum mean-square error (MMSE) filtering is proposed for a novel space-time block code (STBC) MIMO system. The transmitter sends a separate data block via STBC using two antennas per group to get diversity gain. The receiver can effectively utilize inter-antenna interference (IAI) and inter-symbol interference (ISI) followed by frequency domain equalization to process soft interference cancellation (SIC). After frequency domain filtering, the symbol Log-likelihood ratio (LLRS) calculated from the outputs of equalizer is as the inputs of the soft-in soft-out (SISO) decoder. Simulation results show that our proposed scheme provides a further substantial gain while not increasing complexity at the receiver.

For over the past 10 years, the overwhelming majority of online login required only an ID and password, which classifies as one factor authentication. In response to rising cyber-security concerns, firms and banks have implemented several new forms of two factor authentication. This paper focuses on QRLogin, one of the leading two factor authentication programs, which successfully balances security with convenience. The system combines the traditional username and password with a time-sensitive, one time passcode. In contrast to this advanced security, users may conveniently login by scanning a code with their smartphone. Although the scanning feature of the QRLogin system is limited to smart phone owners, users may also login through the traditional ID and password method. The QRLogin system illustrates the modern development of two factor authentication, which substantially increases the security of online transactions. We encourage further research cyber-security to foster consumer confidence and growth in online markets.

In this paper, we summarize hash functions and cellular automata based architectures, and discuss some pros and cons. We introduce the background knowledge of hash functions. The properties and theory of cellular automata are also presented with typical works. We show that cellular automata based schemes are very useful to design hash functions with a low hardware complexity because of its logical operation attributes and parallel properties.

Trust management evaluates the user trust value of participating nodes in the network based on the past behaviors and satisfaction of sharing resources. However, there also exists security issue even though it has been considered to be safe because malicious user is able to affect the trust management with negative feedback. This paper aims to propose a robust trust management scheme to improve reliability and effectiveness of distributed P2P network by identifying these malicious threats and then limiting the attacker's participation. Especially, our scheme effectively manages for some attacks such as bad mouthing, on-off and sybil. The proposed scheme is expected to effectively protect attacks from malicious peers with improving credibility as well as exactness.

This paper presents modifications and improvements to the interface of a secure real media contents management model with the intention of increasing security and usability. This paper examines a security technology that needs to be considered in the EHR (Electronic Health Record) service model. This EHR(Electronic Health Record) service model is suitable for example a secure real media contents management & processing. It constructs a model based on a MVC (Model-View-Controller) pattern based on access rights and distributed management. In particular, it constructs a test bed utilizing the Open EHR Tool which is a major topic in this area. Through this, it suggests the EHR service security control model in the context of the patient and medical team. Our work aims for a new way of structuring, storing and managing patient data so that they can be shared and exchanged between different healthcare providers and other stakeholders in a safe and secure manner.