Earticle

By using deployment Knowledge and cellular model, a novel key distribution scheme based on deployment and dual-key pools is proposed for WSN. Each sub-key pool in the network contains two types of key pools: one doubled by the offline server is shared by three adjacent cells before the deployment and the other one distributed to each cell is non-overlapping. The server distributes four random numbers for each cell and ensures each adjacent cell sharing one random number. In order to improve the network security, nodes among the neighboring cells adopt a binary hash function and a corresponding random number to generate pair-wise keys. Compared with Du scheme and q-composite scheme, the simulation results show that our proposed scheme not only has efficiently improved the probability of pair-wise key establishment and invulnerability, but also has certain advantage on the nodes’ storage space.

With all these years’ rapid development in wireless communication, high demands for broadband mobile wireless communications and the emergence of new wireless multimedia applications have constituted the motivation to the development of broadband wireless access technologies. The Long Term Evolution (LTE) system has been specified by the Third Generation Partnership Project (3GPP) on the way towards fourth-generation (4G) mobile to ensure 3GPP keeping the dominance of the cellular communication technologies. In this paper, several security issues of the LTE and LTE -A networks have been discussed. First, we illustrate an overview of the LTE Network Architecture. Second, LTE security architecture is shown as well. Third, some drawbacks in LTE security framework are discussed in Section 4. Finally, some open issues will be talked, and hopefully this will be a guideline for the new learners.

Rival companies compete against each other in business and therefore they try to obtain data that is usually held in the hands of seaports. If a company succeeds to damage one of its rival companies, the company will increase in value. Therefore there is risk for any data in the hands of a port; in spite of this, there is no cybersecurity standard for the maritime industry or for enforcement agencies; despite the fact that the need of secure communication is indispensable. Still, using encrypted messages have a noteworthy disadvantage. Each person who sees the message recognizes that there is a cryptic message. This paper introduces a technique of Steganography, that is to say - transmitting encrypted messages in images compressed by the well known JPEG format. In point of fact, the system modifies the pictures a bit, but this modification is totally unnoticeable. The image seems to be an immaculate picture, while truly the picture does include some extra information.

Nowadays, the accounting information distortion of listed company is generally common in the market. It has caused adverse effects to the enterprise itself and even the development of the securities market. In order to solve this problem, domestic and foreign scholars have done a series of researches from different perspectives and create a lot of detection model to identify financial reporting fraud more correctly. As far as we are concerned, these models’ index selection, calculation, prediction and application are not so satisfying and few efficient recognition models can be applied generally. In this paper, we combine the method of principal component analysis with logistic regression method. Then we select variables from the financial data that reflect the profitability, turnover, the establishment of the enterprise and some other perspectives. This accounting information distortion detection model is created by improving the method and index selection which has a higher correct recognition rate. We have chosen the 2012 financial statements from 56 firms for sample and the forecasting accuracy of the model reached 92.86%. We can get that it has obvious advantages compared to the predicted results from simple logistic regression model.

Personal cloud computing is user-oriented service to satisfy user service demand in existing cloud circumstance and personalized service is available whenever, wherever. However due to personal cloud market is growing rapidly, accidents such as unauthorized user access, leak of secret information, service invasion are occur and existing wire or wireless network communication had been threaten on security. Also the studies about user certification and data management are required. So this paper suggested key generating protocol for user certification and user authority. In addition, it designed safe contents transfer protocol for user by using generated key value. It analyzed the security with referring security service requirement of existing personal cloud service.

Wireless sensor network is widespread used in hospital environment with mobile device such as NFC, RFID tag and small sensor nodes. The use of a mobile agent in healthcare system under wireless network environment gives an opportunity to offer better services for patients and staffs such as doctors and nurses because of its mobility. But, optimized security protocols and schemes between sensor and patient device are essential for high performance and security problem in U-healthcare system. But a lot of threats, attacks and vulnerability are induced because of limited resources such as small memory and low computation capability in wireless sensor network. The characteristics of U-healthcare systems are analyzed to solve security issues in this paper.

This paper analyses several common algorithms for spam filtering and shows the advantages and disadvantages of these algorithms for spam filtering. Each algorithm is only suitable for filtering specific spam. Some algorithms are suitable for Chinese, and some algorithms perform well in English. In a lot of spam, it is not reliable and inefficiency to using a single algorithm to separate out spam. Thereby, in order to improve the accuracy and efficiency of spam filtering, composite intelligent algorithm, which integrates and improves the existing algorithms by utilizing the advantages of previous algorithms and avoiding their shortages, is proposed. Moreover, an intelligent method that it has the ability of self-learning by using the contents of the e-mails is introduced. Finally, the outcome of experiment shows that the intelligent method achieves a better efficiency and performance.

To improve image encryption mechanism and enhance the security of pixel value transformation, a new image encryption scheme is proposed based on quantum chaos. In the phase of key generation, running key related to plaintext is generated by cipher-text successively disturbing chaotic component. In the process of encryption, polynomial multiplication in Galois field is first introduced to perform pixel encryption and then the cipher-text is encrypted again with cipher-text feedback mechanism. The experiment results show that the introduction of disturbing mechanism implements one time running-key stream, minimization of dynamical degradation of digital chaos, and resistance to reconstruction attack. In addition, polynomial multiplication which is first applied in the encryption system degrades the possibility of breaking our scheme in theory. Finally, some analyses such as correlation, sensitivity, min-entropy, and time complexity further demonstrate the security and efficiency of our scheme.

How to protect the secret digital images is an important issue in commercial or military application. In this paper, we propose a new scheme for secure still visual data with a block cipher structure, which is composed of three parts: encryption, decryption and key generator. The encryption process based on cryptographic primitive operations and Boolean functions is proposed. A key generator based on one-way coupled map lattice (OCML) is derived. Experimental results have demonstrated that the proposed cipher has satisfactory security with a low cost, which makes it a potential candidate for encryption of multimedia data such as images, audios and even videos.

Security services are provided through: The applications, operating systems, databases, and the network. There are many proposals to use policies to define, implement and evaluate security services. We discussed a full test automation framework to test XACML based policies. Using policies as input the developed tool can generate test cases based on the policy and the general XACML model. We evaluated a large dataset of policy implementations. The collection includes more than 200 test cases that represent instances of policies. Policies are executed and verified, using requests and responses generated for each instance of policies. WSO2 platform is used to perform different testing activities on evaluated policies.

Real random values have wide range of application in different field of computer science such as cryptography, network security and communication, computer simulation, statistical sampling, etc. In purpose of generating real random values, need for a natural noisy source refers to the main challenge where a source of noise may be reliable for using in random number generator if and only if be derived from physical environment. In this work, we address this requirement by using DNA computing concepts where the molecular motion behavior of DNA molecular provides a pure source of physical noise that may be used for generating high quality real random values. Since one of the main factor for evaluating quality of real random values refer to expectation for generating approximately same amount of 0s and 1s, in this article we model a DNA-based random number generator in sticker mode with ability of generating equal numbers of 0 and 1. After using molecular motion behavior of DNA molecular as the natural source of noise into the proposed DNA-based random number generator, the generated value were subjected to frequency, run, and serial tests which are proposed by National Institute of Standards and Technology (NIST) for randomness evaluation. Obtained result from this evaluation shows that beside the achieving high scores in run and serial tests, the values generated by our DNA-based random number generator pass frequency test with 100% success.

Recent Federal Communications Commission rules promise a whole new set of possible applications, which allow unlicensed use on a secondary basis of the Television White Spaces (TVWS), called as cognitive radio technology. ECMA-International launched the first step towards realizing these applications by creating and adopting industry standards. This paper reviews the first industrial standards for personal/portable devices in the TVWS from ECMA-International focused on the security aspects. After that, we point out the lack of security facilities in the standard, which does support the link-to-link security but not for the end-to-end security, and then propose two location-based authentication protocols to cope up with the deficiencies over cognitive radio networks. We use location information as thesecurecredentialfor the authentications. The protocols can be support privacy issues of consumer premise equipments and integrated into the extensible authentication protocol.

This article describes a novel type of an advanced mobile security system, a myokinetic password, using surface electromyographic (EMG) signals. We proposed an advanced security system that can increase password strength without modifying password length or increasing alphabet character variation. We present an implementation of an intuitive password system that combines muscle activation to enhance password complexity. The muscle activation levels from EMG signals are used to split each individual code composition into multiple states, thereby increasing possible password combinations. We proposed a centroid-based clustering algorithm to cluster a feature into groups according to the muscle activation. We also verified the possibility of expanding the technique to support up to three muscle activation levels in the experiment. By utilizing the proposed method, the number of possible input key combination is increased from 256 to 810,000 with three muscle levels.

Protocols for password-based authenticated key exchange (PAKE) in the three-party setting must be designed to be secure against dictionary attacks even in the presence of a malicious insider. In this work, we revisit the three-party PAKE protocol proposed by Kim and Choi in 2009, and demonstrate that the protocol is vulnerable to an insider offline dictionary attack (which allows an adversary to impersonate a legitimate party and initiate transactions). We also show that due to the vulnerability, Kim and Choi’s protocol is rendered insecure in the in distinguish ability-based security model of Bellare, Pointcheval and Rogaway (2000). We propose an improved three-party PAKE protocol which is resistant to all classes of dictionary attacks, including insider offline dictionary attacks and undetectable online dictionary attacks.

Proxy re-encryption (PRE) can be classified as single-hop PRE and multi-use PRE according to the times which the ciphertext is transformed. Finding a unidirectional, multi-use, and chosen ciphertext attack (CCA) secure PRE is presented as an open problem by Canetti et al. Wang claimed to resolve this problem by proposing the first multi-use CCA-secure unidirectional PRE scheme. But Zhang et al. have shown their proposal is not CCA-secure by giving concrete attacks. In this paper, we propose an improvement for Wang-Multi-Use-PRE to resist Zhang’s attack. But we also found that different with single-hop PRE, multi-use PRE without randomize encrypt key in its re-encryption algorithm could be vulnerable to attack. According to this principle we find a new type attack to multi-use CCA-secure PRE named proxy bypass attack. Then we give concrete attacks on Wang-Multi-Use-PRE scheme. This attack is also effective for other multi-use scheme.

The Miller's algorithm is the best known algorithm for computing pairing. For this reason, numerous optimizations are applied to this algorithm. One of them is for making the basic loop of Miller's algorithm quicker with efficient arithmetic. In this paper, we try to do this by using Non Adjacent Form (NAF) and the window NAF (NAFw) instead of the binary form of the key in the original Miller's algorithm. We show how this improvement can reduce the number of addition steps by 1/6 in the NAF representation or 1/2(w+1) in the NAFw where w is the size of the window in the NAF. Thereby both methods speed up Miller for efficient pairing implementation over extension field but with the NAFw some extra memory are needed with some restriction for w value.

Steganography is a branch of information hiding. Payload volume and security of confidential data are major challenges of steganography methods. This article presents high volume payload and secure steganography technique based on integer wavelet transform. The cover image is partitioned into 8×8 non overlapping blocks, then each transformed block partitioned into two subsets and secret message is embedded in proper subset. To achieve higher security, Haar wavelet transform is applied to the secret message before embedding it. Experimental results indicate low degrading of the original image by hidden secret message of rather high volume.

In the recent years we have witnessed a number of important terroristic incidents, in major cities all around the world (e.g., 911 in New York, 11-M in Madrid, 7/7 in London). These incidents have revealed the vulnerabilities of urban environments, against terroristic plans and have created significant pressure towards devising novel tools and techniques for timely predicting the intentions and plans of terrorists. In this paper, we introduce a blueprint Internet-of-Things architecture for predicting terroristic attacks. The architecture allows Law enforcement agencies to exploit multiple data sources, (including SIGINT, OSINT and HUMINT) towards acquiring information associated with terroristic action, while at the same time providing powerful reasoning capabilities towards transforming raw events into meaningful alerts. We also illustrate the implementation of a terroristic prediction system based on this architecture, along with its use in the scope of a validating scenario.

To improve the level of security of Bluetooth communication, a hybrid pairing protocol based on Diffie-Hellman Key Exchange protocol, MD5 and Hummingbird-2 is proposed. The developed hybrid pairing protocol adopted the DH Key agreement protocol to securely compute both parties’ shared secret key. MD5 hash function is used to solve the problem(s) caused by having a short PIN. This mechanism is integrated with the Hummingbird-2, a lightweight encryption algorithm, to further strengthen the pairing mechanism and at the same time, making it suitable for devices that has limited processing power and memory. This hybrid pairing protocol is expected to increase the security of the Bluetooth devices against known attacks, such as man-in-the-middle attack and eavesdropping, by combining these strong yet lightweight algorithms.

As the mobile phone device is becoming the most indispensable devices user own, such device connecting to the corporate network is also rapidly changing. However there are many people using such Internet services from personal mobile devices with ignoring the basic concepts of information security. Especially in BYOD workplace, users as work tools can access sensitive corporate information from public areas. BYOD security challenges for corporate information are becoming more and more of a concern. In this paper, we are to focus on the private and confidential corporate information accessed from the attacker. We propose the network model applying multiplicative security to test using the simulator, and then prove the safety by attack scenarios in BYOD environments.

The integrity video watermarking authentication algorithm is proposed based on DCT coefficients. Because of the characteristic of vulnerable to interference for high-frequency DCT coefficients, we use the relationship between the average energy of the high frequency coefficients and the energy of every the high frequency coefficients and Substitution cipher to beneficiate the Image Watermarking. The result is embedded in the intermediate frequency coefficients. Experimental results show that image of minor attacks will cause severe deformation so that it is difficult to extract the identifiable watermark. It can achieve the integrity authentication purposes.

Recent information and communication technology (ICT, Information Communication Technology) environment for the rapid changes in the information security threats and vulnerabilities in assets than ever recognized as very important. For proper information security management process improvement activities as part of the Information Security Management System certification and operate subject to gradual institutionalization and growing. Information Security Management System (ISMS) is a systematic organization to protect the information assets of an organization from the threat of cyber breaches respond to organically mean a comprehensive management system. This paper presents a variety of serious security incidents occur and appropriate educational environment to develop information security management system model. Applying the learning environment to enhance the level of data protection and information security management and direction of efforts to find ways to improve the model for improvement to propose

In view of the high vulnerability of traditional user-based recommendation algorithm to shilling attacks, In this paper, on the basis of the work of the group effect on the attack profiles, this paper analyzes the statistical features of the nearest neighbors of target users before and after attack, Design a kind of Attack Profiles online filter to attack the target user profile from the nearest neighbor filter. And this filter improves the user-based recommendation algorithm nearest neighbor selection strategy, thus proposes the Collaborative Recommendation algorithm based on Online Filter for Attack Profiles (CROFAP). Experiments show that attack profile online filter can accurately identify and filter out most attacks profile to ensure the robustness of the CROFAP algorithm.

To improve the accuracy of iris recognition system, we propose an efficient algorithm for iris feature extraction based on 2D Haar wavelet. Firstly, the iris image is decomposed by the 2D Haar wavelet three times, and then a 375-bit iris code is obtained by quantizing all the high-frequency coefficients at third lever. Finally we use similarity degree function as matching scheme. Experimental results on CASIA iris database show that our algorithm has the encouraging correct recognition rate (CRR) which is only 99.18%, accompanying with very low equal error rate (EER) 0.54%.

Aiming at the low limitation of shilling attack detection technology unsupervised degree, this paper takes the group effect attack profile as the breakthrough point to construct the attack profile groups and the corresponding genetic optimization objective function of quantitative measure of the effects, and prove that the maximum value of the objective function in the ideal state marks the optimum detection effects in ideal situation. On this basis, the combination of genetic optimization process will be adaptive parameter posterior inference and objective function, and proposes the Iterative Bayesian Inference Genetic Detection Algorithm (IBIGDA).Experimental results show that IBIGDA can effectively detect shilling attacks of typical types even in lack of the system or attack-related prior parameters. IBIGDA algorithm can detect common shilling attack, unsupervised degree is high, with the actual application requirements.

Content abusing is increasingly common with the rapid development of the Internet, which damages the benefits of copyright owners, how to effectively prevent the abuse of digital contents is a big challenge. In this paper, we propose a secure DRM scheme supporting dynamic authorization, which first encrypts content with content encryption key (CEK), and then protects CEK based on distributed attribute-based encryption. At last encrypted CEK will be packaged and distributed with encrypted content, which eliminates independent key management and reduces the burden on the DRM server. In our scheme, user is labeled with a set of attributes and CEK is associated with access policy, only the user whose attributes satisfy access policy of content can recover CEK, which also achieves fine-grained access control. Moreover, to improve Muller et al.’s DRM scheme, our scheme achieves dynamic authorization by adding action control in the license, while the action control is related to user’s payment. Hence, when the user accesses the content, attributes comparison and license checking must be enforced, which lowers the trust required in DRM client. The analysis and comparison show our scheme is efficient and secure.

With the fast improvement of multimedia technologies and the rising attractiveness of the internet, information or data hiding methods have become more and more extensively applied to achieve authentication. Data hiding methods are ways of embedding additional messages into host signals by modifying their original contents without introducing perceptual changes. The main aim of the paper is to present a survey on traditional data hiding techniques which are mainly based on reducing the embedding distortions.

How to make people keep both security and privacy in communication networks has been a hot topic in recent years. Researchers proposed three party authenticated key agreement (3PAKA) protocols to answer this question, which allows two parties to agree a new secure session key with the help of a trusted server. Recently, Yang et al. proposed a provably secure 3PAKA protocol. However, this paper finds out Yang et al.’s protocol has a security weakness against password guessing attack and two lack properties in authentication for password updating phase and privacy preserving. Furthermore, we propose anew privacy preserving 3PAKA (P_3PAKA) protocol using smart cards to solve the security problems in Yang et al.’s protocol. It provides user anonymity and un-traceability by adopting dynamic identifier depending on each session’s nonce. Comparing with other typical 3PAKA protocols, P_3PAKA protocol is more secure while maintaining efficiency.

This paper focuses on the research of optimizing the safety and utility, proposing safety policy optimized model in cloud computing environment based on stochastic programming theory, building mathematical models which are on the basis of ensured data security to enhance the users’ utility, model analysis and optimization, and ultimately get the best optimized configuration of security policy in the cloud computing environment to guide the formulation and dynamic adjustment of access control policy in cloud computing environment, and to meet the users’ requirements, such as response time, resources availability and other utility requirements.

Peer-to-Peer networks have become a popular way for users to share files over the Internet.However, there has been a spurt of works showing that the existence of sybil attacks is a serious threat to Peer-to-Peer networks, where one or more attackers can forge a large number of fictitious identities. Implementing correct protocols to address sybil attacks is the key to improving the performance.In this paper, we present a novel systemto defend against Sybil attacks.Our direct and indirect transaction protocols limit the number of service units that a node can obtain.Furthermore, we design a dynamic reputation ranking algorithm for the indirect transaction protocol.Combining these two, a node with a high priority has more probability of obtaining service.Our system does not try to prevent users from creating multiple identities, but they cannot gain extra profit from doing so.It achieves a provable performance and overcomes the limitation of current social network-based defenses.Simulation results show that our system achieves a provable bound in terms of the number of service units obtained by sybil nodes while not sacrificing the performance of the file sharing application.