Earticle

With the development of cloud computing, the sensitive information of outsourced data is at risk of unauthorized accesses. To protect data privacy, the sensitive data should be encrypted by the data owner before outsourcing, which makes the traditional and efficient plaintext keyword search technique useless. Hence, it is an especially important thing to explore secure encrypted cloud data search service. Considering the huge number of outsourced data, there are three problems we are focused on to enable efficient search service: multi-keyword search, result relevance ranking and dynamic update. In this paper, we propose a practically efficient and flexible searchable encrypted scheme which supports both multi-keyword ranked search and dynamic update. To support multi-keyword search and result relevance ranking, we adopt Vector Space Model (VSM) to build the searchable index to achieve accurate search result. To improve search efficiency, we design a tree-based index structure which supports insertion and deletion update well without privacy leakage. We propose a secure search scheme to meet the privacy requirements in the threat model. Finally, experiments on real-world dataset are implemented to demonstrate the overall performance of the proposed scheme, which show our scheme is efficient.

The current power grid is changing into a network of interoperating intelligent devices to form a smart grid. One of the technologies enabled by the bi-directional communication of the grid is demand response (DR), which allows regulation of energy loads by efficiently shifting consumer power demand of non-critical appliances from on-peak to off-peak with price incentives for compliance. However, security and privacy of communications between entities are the major constraining factors to the adoption of smart grid applications. Therefore, this paper proposes a privacy preserving authenticated key agreement protocol (P_PAKA) in smart grid that addresses the privacy issues for DR communications. We demonstrate the provision of desirable security features and requirements of confidentiality, integrity and availability in DR with unlinkability.

Databases play an important role today in every modern organization, verifying their integrity is needed. Watermarking can be used to protect the integrity of database. In this paper, we present a secure fragile embedding watermark technique to verify the authenticity of an outsourced numeric relational database. Our technique treats the watermark embedding as an optimization problem by securely inserting a single watermark bit in individual database partition and the optimal threshold is computed for watermark detection. The approach partitions the database in different groups of square matrix and modifies the database while preserving the field values usability constraints. The database group determinant value is used to compute the position of field to be marked. Furthermore, we evaluated our scheme on a real case study and results show its effectiveness. The proposed scheme can detect and localize the malicious modifications made to the database. The proposed technique is highly resilient to common attacks and it overcomes some limitations of previous approaches on fragile watermarking.

This paper will first sum up the typical attacks and countermeasures in the network layer of Wireless Sensor Network (WSN), then it will classify the existing secure routing protocols according to the core secure schemes used by them, and emphatically introduce and analyze the typical ones among them. Finally this paper will propose some problems on secure routing, which requires further studying.

With the advancement of technologyprivacy threats arise while establishing communication in social networking sites. For the developers of authentication systems user’s privacy and authentication have evolved as a major problem and area of concern. This research is based on an attempt to discuss the implementation of different biometric verification techniques in order to perform the authentication of users in social networking sites. It decreases the chances of illegal impersonation thus enhancing the privacy of an individual’s personal data. The prime objective of this paper is to provide a new revolution in social networking sites by suggesting remedial measures for the security threats faced in the sites such as Facebook, MySpace, Twitter, Hi5, LinkedIn, Orkut, Tumbler, Flikeretc so that the goal of communication can be achieved without any security threat in mind. Application of securedbiometricsenables confirmation of personal detailsfor establishing the identity of an individual.

The Logistic-Sine map (LSM) chaotic system is introduced by combing the Logistic map (LM) and Sin map (SM). The bifurcation diagrams show that the chaotic range of LSM is much larger than these of the Logistic or Tent maps. Complexity characteristics of Logistic map, Sine map and Logistic-Sine map are analyzed based on C0 algorithm. The results show that C0 complexity value of the LSM is the largest one among the three. Then, a novel image encryption scheme based on the LSM chaotic system was proposed. First, the positions of image pixels are shuffled through swapping positions randomly by using chaotic values. The permutation sequences are ralated to plain-images by introducing the plaintext feedback technique. Second, the diffusion procedure with LSM is introduced to diffuse the image, which is composed of two rounds. The experimental results and analysis by using several security measures show that the proposed image encryption scheme has high security and efficiency.

In this research, we proposed robust authentication mechanism using user’s biometrics signals for complementing traditional authentication’s weak points. Nowadays, authentication system are developed using biometric. Biometrics are a unique, measurable a trait of a human being for verifying his/her identity. The types of biometric used in authentication system are iris, fingerprint, vein pattern, hand geometry etc. A biometric system provides an automated method of identifying a human being based on his/her biometric characteristics. But there are some security problems. Some biometrics can be copied by a malicious user with scanners. All biometrics characteristics extracted from a user are not possible to maintain a steady normal condition. So, we tried to apply user’s biometrics signals to authentication system as 3rd authentication factor. A biometrics signal is a pattern recognition that uniquely identifies human being based on his/her physiological traits. A biometrics signals should be impossible to masquerade or manipulate. This attribute is used as 3rd authentication phase. Proposed authentication mechanism is composed of 3 layered authentications; ID&P/W, PIN number or biometrics, and biometrics signals.

The current information security risk evaluation methods are only concerned with the risk of system components, rarely based on business risk perspective. Thus, it is difficult to meet different levels of information security risk comprehension such as the operational staff and the organization's manager. This paper proposes a hierarchical risk evaluation method based on asset dependence chain to quantify the hierarchical risk, the information systems security risks are divided into three levels: the component level, system level and organizational level. By analyzing the assets dependence in three levels, a "business systems-information systems-system components" assets dependence chain is formed. In the end, a hierarchical risk calculation method is presented. The risk analysis result can reflect the level of security risk evaluation needs more comprehensively and objectively.

This paper proposes a novel watermarking scheme against geometric attacks, combined with the holographic technology and the log-polar transform. In this paper, we first use discrete cosine transform into the original image, then do edge detection for the low frequency part, then do log-polar transform to edge image and make it binarization. We use a key to choose a certain size of the binary image to do holographic processing, then make it binarization and do logical operation with the watermarked image which do Anrold transformation, get the zero-watermarking. Finally, we register it in IPR database to obtain copyright protection. The experimental results show that compared with other zero-watermarking algorithms, this scheme has better robustness. It not only can effectively resist the noise, cropping, JPEG compression and other conventional attacks, but also can effectively resist geometric attacks such as rotation, scaling.

With the growing sophistication of computer worms, information security has become a prime concern for individuals, community and organizations. Traditional signature based IDS, though effective for known attacks but failed to handle the unknown attack promptly. This paper describes a novel honeypot system which isolates the suspicious traffic from normal traffic, and capture most useful information regarding the worm’s activities, without attacker’s knowledge. Our system will be used for critical study of structure and behavior of most sophisticated worms and then forwards the necessary input to Signature Generation Module for automatically generating signature of unknown polymorphic worms. Our attempt is to analyze the invariant content of polymorphic worms and using a probabilistic approach we compute the signature of worm with low false positive. Evaluation based on synthetically generated polymorphic worms demonstrate that our system is able to enhance the capability of IDS signature library and increases the probability of detecting polymorphic worms with efficiency, accuracy.

Besides unsupervised feature, universality serves as another important factor determining the practical value of attack detection technology. Considering the difficulty of possessing both features for the existing attack detection techniques, this paper reveals the latent factors invoking missing ratings under the non-random-missing mechanism and further combines these latent factors with Dirichlet process in the framework of probabilistic generative model, thus proposes the Latent Factor Analysis for Missing Ratings(LFAMR)model. Based on performing user clustering with this model, this paper achieves the goal of attack detection by presenting the method for identifying attack cluster in ideal situation. Experimental results show that comparing with the existing detection techniques, LFAMR is more universal and unsupervised, and it can effectively detect shilling attacks of typical types and their derivatives even in lack of the apriori inputs such as user cluster numbers.

In recent 2012, Wen and Li.'s has presented a dynamic ID-based remote user authentication with key agreement scheme. They claimed that their scheme can resisted insider attack and provide anonymity for the users. However, Juan Qu and Li-min Zou., described that Wen and Li.'s scheme could not withstand insider attack, does not provide anonymity for the users, and inefficiency for error password login. A different approach to symmetric cryptology is taken in this study to resolve the fore was made Compared to Juan Qu and Li-min Zou scheme, a different approach was made with symmetric cryptology in this study to supplement the forementioned weak points. We propose an enhanced authentication scheme, which covers all the identified weakness of Wen and Li.'s scheme and an efficient user authentication scheme that preserve perfect anonymity to both the outsider and remote server.

Infringement threats to the financial sector have become more sophisticated and intelligent. In order to more effectively respond to such threats, the financial sector faces the need to perform the assessment of information security maturity level on a voluntary basis in order to better understand organizational information security situation and improve own vulnerabilities to reinforce information security. The study, in reflection of financial industrial environmental characteristics, builds a comprehensive and systematic information security assessment indices specialized in the financial sector while presenting an information security maturity level assessment model based on the indices as well as an information security improvement anticipation model through vulnerability remedy. The quantification of vulnerability levels of the control item suggested herein and the improvement anticipation model based on vulnerability correction, in particular, supports an organization under the assessment to address its vulnerabilities to effectively enhance organizational information security. In the absence of such an information security assessment model, the financial sector has poorly performed in assessing own information security activities. With the models suggested herein being in place, the sector is expected to make an active use of it to facilitate information security assessment and improve the general information security maturity level of individual financial institutions and the financial industry as a whole

In the paper, a global network attack model based on Hierarchical Expanded Stochastic Petri Net (HESPN) is presented. The model is suitable for the cooperative attack simulation and can describe both macroscopic network attack and microcosmic host attack synthetically. The dissertation represents model generation algorithm and digs for potential attack relationships among hosts according to the definition of rough path. Then utilize ant colony algorithm to find k-critical vulnerable paths after expanding sub Petri net. By analyzing rough paths and accurate paths synthetically, a network risk evaluation method is proposed.

In this paper, a difference expansion based reversible data hiding approach which achieves the low distortion requirement under the same embedding capacity is proposed. An edge-oriented prediction method and a modified overflow/underflow prevention method are proposed to achieve the requirement. For each pixel, the prediction method uses edge information to get a better predicted value in an attempt to reduce the image distortion. Experimental results have demonstrated that the proposed reversible data hiding method yields lower distortion than several well-known expansion-based reversible data hiding methods.

This paper aimed at the actual situation of the difficult of getting a lot of the training sample of the security computer network system in the distributed intrusion detection. In this paper, we studied how to increase the intrusion detection accuracy in the case of small samples, so that processing, maintenance and deal with the invasion of the network timely. In this paper, we proposed a new intrusion detection method based on improved SVM Co - training. The specific implementation process of the algorithm is presented. Through the simulation experiments based on the actual data showed that the method is effective. Apply this method to a classified computer network system, effectively realized the detection to outside intruders and internal intruder.

Cloud storage introduces many challenges due to the security and integrity threats toward user’s outsourced data. Many auditing protocols have been proposed, but the majority of them could only serve in single cloud environment. This paper proposes an efficient auditing protocol, which supports batch auditing for multiple data files in multi-cloud environment. By utilizing the bilinear map, the proposed protocol achieves full stateless and transparent verification. By constructing a Merkle Hash Tree, the proposed protocol can resist the replace attack and support dynamic operation of data. In addition, our protocol protects the position information of the data blocks by generating fake data blocks to confuse the organizer. The performance analysis demonstrates the efficiency of the protocol.

In this work, a steganography technique using histogram shifting for JPEG2000 compressed images is proposed. Histogram of the wavelet coefficients of each wavelet subband is calculated and shifted to embed secret image data. This embedding is performed on the peak wavelet coefficients during wavelet decomposition process of JPEG2000 encoder using Lifting scheme. Optimal Pixel Adjustment Process (OPAP) is performed on stego images to enrich their visual quality. The results given in this work show that proposed technique provide large embedding capacity and better visual quality of stego images than existing steganography techniques for JPEG2000 compressed images. Extracted secret image using proposed technique is similar to its original secret image.

RFID is an important technology that can be used to create the ubiquitous society. But an RFID system uses open radio frequency signal to transfer information and this leads to pose many serious threats to its privacy and security. In general, the computing and storage resources in an RFID tag are very limited and this makes it difficult to solve its secure and private problems, especially for low-cost RFID tags. In order to ensure the security and privacy of low-cost RFID systems we propose a lightweight authentication protocol based on Hash function. This protocol can ensure forward security and prevent information leakage, location tracing, eavesdropping, replay attack and spoofing. This protocol completes the strong authentication of the reader to the tag by twice authenticating and it only transfers part information of the encrypted tag’s identifier for each session so it is difficult for an adversary to intercept the whole identifier of a tag. This protocol is simple and it takes less computing and storage resources, it is very suitable to some low-cost RFID systems.

This paper presents a watermarking method using signatures for still images. An image authentication approach is requested to guarantee reliability of conveyed image data. To protect copyright, watermarking with digital signature is required. The watermarking method is a tool for ownership identification or content honesty information. The conventional watermarking methods are not directly applicable. To alleviate this issue, we propose a new watermarking method which uses signature and Sobel mask. We apply Sobel mask to classify image into two regions: edge and smooth regions. Pre-generated diagonal and anti-diagonal shape patterns are applied to generate specific signature for watermarking. Performance assessment is conducted in simulation results section. Watermarking signatures are embedded in the test images, and three metrics were applied to assess the performance.

Today’s advanced machineries have immensely contributed to an open, worldwide market for fake products which include not only electronic goods and other everyday commodities, but adulteration has pawed into highly sensitive industries which manufacture medicines, baby-food, beverages; and adulteration in medicines and beverages often turns out to be fatal. The prime force behind the growth of these fraud markets is some highly equipped packaging and printing machinery, which make it too difficult to distinguish between a genuine and an adulterated product by looking at its package. While incidents of currency forgery is very common nowadays, especially in the developing countries, the frequency of tracing adulteration in a bottle of beverage or an ampule of a life-saving drug has got a rapid, concerning momentum. The thesis aims towards detection of a fake product by one’s smart phone under a collaborative framework of mobile computing, cryptology and product specific QR codes to be used as the label on the products’ package.

Quantum computation is a new computational model based on quantum mechanical principle. Shor invented the polynomial time algorithms for the prime factorization and discrete logarithm problem, which indicated that the cryptosystems based on them are totally unsafe in the quantum world. Grover constructed an algorithm that finds a solution in only O(2n)steps whereas the exhaustive search algorithm needs O(2n) steps on average. In this paper we investigate the cryptanalysis of a new cryptography problem----multivariate permutation problem (MPP), which could be used to design public-key cryptosystem, with the help of the two quantum algorithms. Specially, we discuss the strength of a private key of the REESSE1+ public-key cryptosystem, whose security is based on the hardness of MPP. Besides, some suggestions are also given about the implementation of the REESSE1+.

Clustering or Cluster formation of nodes in wireless networks facilitates resource reuse and increases the performance capacity of the system. This paper presents a cluster-based solution to improve life of watchdog nodes that are designed to monitor intrusions in ad hoc network. The proposed approach ensures load sharing, increased robustness, added security and high reliability such that the entire network becomes fault tolerant. Unlike the existing systems, the algorithm intends to create multiple cluster heads for each cluster, thereby balancing the monitoring nodes’ work load and reducing reelection overhead. Simulation results show the competence of the proposed work over the existing approaches in terms of performance metrics such as percentage of alive nodes, cluster head election time, re-election time, election rate and communication overhead.

Many factors could influence the clustering performance of K-means algorithm, selection of initial cluster centers was an important one, traditional method had a certain degree of randomness in dealing with this problem, for this purpose, information entropy was introduced into the process of cluster centers selection, and a fusion algorithm combining with information entropy and K-means algorithm was proposed, in which, information entropy value was used to measure the similarity degree among records, the least similar record would be regarded as a cluster center. In addition, a network intrusion detection model was built, it could make cluster centers change dynamically along with the network changes, and the model could real-time update the cluster centers according to actual needs. Experiment results show that the improved algorithm proposed is better than the traditional K-means algorithm in detection ratio and false alarm ratio, and the network intrusion detection model is proved to be feasible.

In order to solve the key setting difficulty and the key security problem in the file encryption, key distributed storage technology may be a proper choice to help improve the safety of the key. In the paper, a novel secret sharing scheme is proposed by AES encryption algorithm for file confidentiality, dynamic key generation mechanism to generate keys, multi-secret-sharing ideas on key pre-treatment, using Shamir threshold scheme for secret dispersed storage. Finally, a few tests are carried out and the test results suggest that the efficiency of the whole scheme is good.

To solve the security problem in the supervisor control and data acquisition (SCADA), a new factor network model of SCADA network attack and defense based on factor state space is presented. Combining with factor space theory, formal descriptions of factor neurons based on factor state space are developed. On the basis of analysis and expression of network attack and defense factors, factor neuron model based on variable weight is proposed and a FNN-based security defense architecture model for SCADA network is put forward. For illustration, by introducing factor space canes, an attack simulation experiment is utilized to show the feasibility of the proposed method in solving network attack and defense knowledge reasoning. Experimental results indicate that the proposed method can effectively improve recognition rate of different attacks. Factor neuron network based on factor state space can effectively solve complexity of knowledge reasoning and expression in network attack and defense system and provides a new method for solving similar application.

Nature-inspired algorithms (NIAs) have gained a significant popularity in recent years to tackle hard real world problems and solve complex optimization functions whose actual solution does not exist. Many new algorithms have been developed which show their capabilities almost in every aspect, where rapid solutions are needed. A survey of the NIAs that are used to find the optimal digital image watermarking has been presented in this paper. Different paradigms have been considered, Genetic algorithm (GA), particle swarm optimization (PSO), differential evolution (DE), ant colony optimization (ACO), bee algorithm (BA), cat swarm optimization (CSO), firefly algorithm (FA) and cuckoo search algorithm (CS) that help to find the optimal digital image watermarking.

Electric power SCADA (Supervisory Control and Data Acquisition) system gradually transforming from a separate private network to an open public network, seriously increases the vulnerability risk in electric power SCADA. In order to assess the vulnerability risk in electric power SCADA system, the paper firstly uses Delphi method and AHP (Analytic Hierarchy Process) to build an index system of vulnerability risk assessment, to fully represent the vulnerability of electric power SCADA system. As index data of vulnerability risk assessment in power SCADA is characterized by strong relation and high dimensionality, the method of Autoencoder is proposed to reduce dimensionality of index data by representing high-dimensional data in a low dimensional space. Auto encoder method can obtain the optimal initial weight in pre-training and then back-propagate error derivatives adjusting weights with the initial weights to minimize the reconstruction error finally getting the best reconstructed results. The paper conducts simulation experiments about reconstruction error in pre-training and fine-tuning process in MATLAB experimental platform, and the experimental results show that dimensional code received by reducing dimensionality of data can basically fully represent high-dimensional data. The low-dimensional code as input can significantly reduce the complexity in the construction of model of vulnerability risk assessment in Electric power SCADA system in later work.

For the shortcomings of traditional network security alarm correlation method, combined with the original alarm information privacy protection needs. On the basis of analyzing the characteristics of multi-step attack, proposed the use of sequential pattern mining techniques associated with rapid multi-step attack methods QSPM. And on this basis, proposed privacy protection security alarm multistep attack sequence pattern mining method PPSPM, Achieve the associated sequence of events following the invasion premise security. Experiments show that the algorithm makes quantitative analysis. And compared with typical sequential pattern mining algorithm. Results show the new methods have a positive accuracy and efficiency.