Earticle

As smartphones are generalized, various technologies and services have been introduced and are in wide use. From simply using calling or texting services, Internet banking and transaction system that require sensitive personal information emerged. Google’s Android, one of the representative OS of smartphones, was developed based on an open source, having various weaknesses and exposed to security threats. In this paper, we study the types and characteristics of these weaknesses as well as the risk elements, introducing a safer usage of smartphones.

Despite their great adoption in e-commerce sites, recommender systems are still vulnerable to unscrupulous producers who try to promote their products by shilling the systems. In the past decade, network based recommendation approaches have been demonstrated to be both more efficient and of lower computational complexity than collaborative filtering methods, however as far as we know, there is rare research on the robustness of network based recommendation approaches. In this paper, we conducted a serious of experiments to examine the robustness of five typical network based recommendation algorithms. The empirical results obtained from the movielens dataset show that all the two limited knowledge shilling attacks are successful against the network based algorithms, and the bandwagon attack affects very strongly against most network based recommendation algorithms, especially the algorithms considering the preferential diffusion at the last step. One way to relieve the attack impact is to assign the algorithm a heterogeneous initial resource configuration.

Today, cyber physical systems (CPS) are becoming popular in power networks, healthcare devices, transportation networks, industrial process and infrastructures. As cyber physical systems are used more and more extensively and thoroughly, security of cyber physical systems has become the utmost important concern in system design, implementation and research. Many kinds of attacks arise (e.g. the Stuxnet worm), causing heavy losses and serious potential security risks. For the past few years, researchers are focusing their researches on different aspects of security of cyber physical systems. In this paper, we propose a security framework assuring the security of cyber physical systems and analyze main universities and institutes studying CPS security and their relations in three levels: CPS security objectives, CPS security approaches and security in specific CPS applications. Finally, a conclusion of this article is given.

Data mining is the process of extracting information from data warehousing applications. Data outsourcing is the major task in present days, for accessing services and other features of the database processing. But sometimes this process may achieve to split among various parties with recommended data items in analyzing of the data. Data security is one of the key processes in outsourcing data to various outside users. Traditionally Fast Distribution Mining algorithm was proposed for securing distributed data. This paper addresses a problem by secure association rules over partitioned data in both horizontal and vertical representation. A secure frequency developed algorithm is used for doing above process efficiently in partitioned data, which includes services of the data in outsourcing process. Frequent item sets are used to access services in outsourcing data in recent application development data mining. Our proposed work maintains efficient security over vertical and horizontal view of representation in secure mining applications. The result shows that algorithm timing is desirable for big size data for security considerations using association rule mining operations in real time application development.

This paper studies the principle of the host information security risk assessment and the method to determine the right of each index’s weight. Because Liao Hui and others proposed network terminal security assessment index system exists index weights unreasonable distribution problem, using Delphi method and AHP calculate each index weight and the weights of total ranking of lowest level indexes relative to the highest lever indexes, identified the indicators which have greatest impact to the assessment objectives and apply it to a host of information security evaluation system. Uses the fuzzy comprehensive evaluation method and combined with examples to prove the index system after improving its weight distribution can be more scientifically reflect the importance of the indexes in the evaluation system and the result of the host information security evaluation is reasonable and comprehensive.

Recommender systems are a critical component of e-commerce websites. Considering the users’ complete spectrum of interests, the limitation of current research on recommender systems lies in that they have only paid attention to improving the accuracy of recommendation algorithms while neglected the diversification of recommendations. In this paper, we integrated a user preference matching algorithm based on communities of interests and a diverse information recommendation algorithm based on trustable neighbors to develop a hybrid information recommendation model that allows for both accuracy and diversity. Results of experiment and evaluation indicated this model can increase the diversity of recommendations with only a minimal accuracy loss.

In line with the e-Government strategy, Korea has implemented a global standard electronic signature and certification system since the Electronic Signature Act was enacted by Act No. 5792 in 1999. Over a decade Korea has been using the electronic signature and certification system in daily life. In the cyberspace where the contracting parties cannot meet face to face, electronic signatures and authentication are inevitable. On the other hand, with the explosive use of smart devices, some critics argue that the current certified electronic signature is regarded as uncomfortable system in electronic commerce. They also point out that such certified electronic signature system is not commonly used in foreign countries. Yet, so far, the accredited certificate is still the most reliable method even though the usage of accredited certificates presumably decreases in the areas that do not require security significantly. Thus, it must be unwise to discard the accredited electronic signature on account of an “unnecessary obstacle”. Therefore, legal and technical issues regarding the accredited certificate need to be discussed. Additionally, methods to promote certified electronic signature and to improve certification system should be explored.

With the extensively use of information system, the security issue of the system increasingly becomes a problem. With the defense structure, biological immune system can efficiently defense and obliterate the foreign pathogens. Based on the current research of biological immune system and information system security architecture, this paper comes up with a feasible method to apply the defense structure of biological immune system to information system security architecture. Summarizing common characteristics between the two systems, which proves the possibility of realizing the defense structure in the information system security architecture and come up with an achievable method to construct the three defensive lines. The realization of risk identification in the information system security architecture is analyzed with DEA which is used to identify the risk in the information system security architecture through the establishment of the ‘production frontiers’. A mathematical model of DEA is also developed using MATLAB to accomplish the risk analysis based on a set of real data from a company. Afterwards, this paper solves the problem that the previous studies are largely relying on the traditional safety analysis methods or the common risk assessment tools, which is lacking of effective protection technology to cope with the risk in the external environment and lay a foundation for achieving the bionic function of the information system security architecture.

In general, personal identification using the iris is means for identifying each individual by using the unique pattern of iris. Even twins have different iris pattern image, and each right eye and left eye has a different pattern for the same individual. Thus, the iris has the best characteristics that reflect the personal differences of the human body. In this paper, we proposed an efficient iris recognition method for large scale database. The Zernike moment is used for filtering out the candidate iris data from large scale database and the multiple SVM is applied for iris recognition. The proposed method proved to be an efficient searching method because the process did not match one-to-one feature data during the searching iris database.

Cloud computing is a convenient and cost efficient way that refers to the running of software over a network, as on a local computer. But， what is cheap and easy, isn’t always safe. Stor-ing important data on cloud means that you give up a certain control of privacy. Privacy pro-tection is a very important issue in cloud computing. In this paper,we focus on the need of cloud users managed services and propose an approach for data protection based trust mech-anism, which using adaptive mapping resources based on trust to ensure the user data protec-tion initiative, and data security. The analysis shows that the cloud user can independently con-trols the content and manner of services by using the approach, which can achieve the free de-ployment of resources and the balance of user data protection and service provided.

Cloud computing has been extending extensively, involving multiple users on the service it provides. Cloud based email is one of services provided by cloud computing with number of users expanding on yearly basis. Cloud computing faces concerning problem of security and privacy mainly based on its working environment. Identity authentication is one reliable method in cloud environment to identify users requesting for cloud services, currently user authentication in cloud computing is based on the credentials possessed by the user mostly username & password. However, this method has vulnerability of being compromised by illegitimate users when users’ passwords have been revealed or cracked. The paper proposes a more secure structure, i.e the two-factor authentication which authenticates by requiring the username/password pair also needs a second factor to completely grant access. The second factor is App stored in users’ smart devices. Username & password/Apps method will continue to allow users to set up passwords for their accounts, it will make a random compulsory code to be entered through App on smart phone devices hence keep privacy of cloud emails. Testing has been done with help of Python program environment. Comparing to recent related proposed schemes, our proposed scheme has advantage of high unbreakable security feature with low implement cost.

An automatic and robust iris segmentation algorithm will be employed when iris recognition is used to identify human efficiently. Many studies have shown that iris localization is one of the most important parts of the iris recognition system. Most current studies are based on the assumption that iris edge is round, and the gray information of eye image is used for iris segmentation, which requires very high quality of image. Based on the active contour model, an algorithm for iris location was proposed. First, a plurality of pupil edge points was located as the initial contour point set. Then, the real contour evolution of pupil was approximated by the approximation of energy function. Finally, the accurate iris edge was located by daugman’s circular gradient operator. Based on CASIA (V2.0) iris database, experiment results show that the location effect of the proposed algorithm is more superior than that of the classical calculus method and hough transform method.

In present-day time, securing the web application against hacking is a big challenge. One of the common types of hacking technique to attack the web application is Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser’s resources such as cookies, credentials etc. by injecting the malicious JavaScript code on the victim’s web applications. Since Web browsers support the execution of commands embedded in Web pages to enable dynamic Web pages attackers can make use of this feature to enforce the execution of malicious code in a user’s Web browser. The analysis of detection and prevention of Cross-Site Scripting (XSS) help to avoid this type of attack. We describe a technique to detect and prevent this kind of manipulation and hence eliminate Cross-Site Scripting attack.

To improve the speed of iris localization, an iris localization algorithm based on the morphological processing is proposed with fast speed. Firstly, pupil area is segmented from eye image by thresholding, to remove eyelash noise and other noises from binaryzation pupil area by morphological open operation. Then, a series of structure element of radius increasing is used to make morphological erode operation on pupil area to localize roughly the inner boundary of the iris. Finally, calculus operator is employed to accurately localize the inner and outer iris boundary. 108 iris images from CASIA (Version 1.0) iris database are used to do iris localization experiments. The localization accurate rate of the proposed algorithm, calculus operator and hough transform is 97.2%, 90.3% and 92.1% respectively. Experiment results have showed that the proposed algorithm has a high performance on speed and precision with strong robustness to the different quality iris images.

Numerous multimedia applications and communications are rapidly growing through the Internet. Because most of these multimedia communications are confidential and cannot be known by unauthorized users, secret image sharing has become a key technology for digital images in secured storage and confidential transmission. The ultimate objectives of secret sharing include transparency, authority (resistance to various image tampering and forgery methods), and high capacity of the hidden data. A variety of secret image sharing algorithms and techniques have been proposed in order to satisfy these objectives. These goals were used in this paper to compare current methods of image secret sharing and present their properties and limitations. This paper provided a state-of-the-art review and analysis of different existing secret image sharing methods along with some common standards and guidelines drawn from the literature.

Zero-knowledge proof protocol is a basic cryptographic technique. And zero-knowledge proof of double discrete logarithm has some particular properties, so it has been widely applied in many security systems. But the efficient problem of zero-knowledge proof of double discrete logarithm has not been solved to this day, since there are some special difficulties in computing this kind of knowledge proof. Hence, the time complexity and the space complexity of existing schemes are all O(k), where k is a security parameter. After redesigning the basic construction of knowledge proof, we provide a new zero-knowledge proof of double discrete logarithm, which is the first scheme with O(1) time complexity and O(1) space complexity. If introducing an off-line TTP (trusted third party), we can provide two additional zero-knowledge proof schemes of double discrete logarithm, one is even more efficient than the first one, the other one solves another open problem, which is how to efficiently prove the equality of double discrete logarithms in zero-knowledge way, and the existing techniques cannot solve this problem. We also provide the detailed security proofs of our designs and efficiency analysis, comparing with the existing schemes. The significant improvement in efficiency of this basic cryptographic technique is also helpful for many security systems.

Due to potentially peer works going on to address the loopholes in the existing system research works in Internet Security is never likely to saturate. The degree of one's need of security on Internet varies with one's economical, organizational and political position and the sensitivity of the information itself. This thesis envisages a Virtual Internetworking Stack (VIS), achieved by augmentation of the TCP/IP stack to befool possible cyber vigilance on one’s activities over the Internet. The model prescribes a secure session set-up randomly by exchanging colored QR codes, where the wavelength of the color determines the phase of a sinusoid used to encrypt/decrypt a message, which is understood only by a compatible and intended VIS-stack. Since, the augmentation of TCP/IP layer is done in the Kernel of the user’s Operating System, any message that this VIS-stack sends to another VIS-stack across the Internet, will be meaningless to the routers and gateways in between which participate in cyber vigilance; and an attempt to steal one’s information will be fooled by the proposed security model. We also present a vulnerability study and performance evaluation of the augmented TCP/IP stack, obtained by results of physically performed experiments.

In this paper, a secure method of transmitting perceptual hash is proposed based on error correcting codes (ECC) and digital watermarking, aiming at the fact that perceptual hash string used in audio authentication is easy to alter after been attacked in transmission and the need of extra channel. In this method we embed the binary perceptual hash values into the compressed audio as a digital watermark so that authentication data is dispersed. An ECC is used to pre-process perceptual hash sequence to ensure that speech signal with watermarking can be extracted watermarking information (the perceptual hash values) after been attacked. The experimental result illustrate that this method embeds information without influencing on the content. It is robust to noise and can prevent from common attack. At the same time, this method ensures the hearing transparency of audio perceptual content, the high efficiency of watermark extraction and the efficiency and security of algorithm.

Two-way quantum secure communication protocol and one-way quantum secure communication protocol based on single photon sequence and the XOR operation have been proposed, one-way communication can confuse the eavesdroppers and two-way communication only a single authentication and there is not visible to eavesdropping and delayed photon attack Trojan horse attack. The new agreement the use of single photon sequence and no regularity not only to achieve unconditional security, and semantics confuse eavesdroppers and has a high transmission efficiency, easy implementation, especially suitable for use in noisy channels.

This paper proposes a digital video watermarking scheme based on 2D-DWT and pseudo 3D-DCT transformation, otherwise Singular Value Decomposition (SVD) are applied. To enhance the robustness of watermark, Particle Swarm Optimization (PSO) algorithm and Holography are used for embedding watermarks. The Hash scrambling transformation is used for ensuring the security of the method. During the embedding process, the quantization coefficients are dynamically determined by PSO algorithm. The method selects some key-frames in raw video to extract the luminance components and take them into some groups. The subband of generated hologram watermark is embedded into the subband of the singular value of each DCT block in every group. The experimental are conducted to verify the robustness through some common signal processing and frame-based attacks.

The use of security certificates under the Cloud environment is the foundation to establish mutual trust between the Cloud and the user. In this paper, we propose an authentication method based on zero-knowledge proof and the mind of key escrow. With the method, authentication will not only satisfy the requirement anonymity and security but also can recover the real identity information in special circumstances with the cooperation of multiple parties. We will show that this proposed method is more suitable for promotion through analysis and comparison with an existing scheme.

In this work, we compare the research methodology and performance of malware detection using data mining. Feature selection is an important problem in data mining. For the malware application, it is interesting to see which features that can be used to characterize the malware. Particularly, we are interested to compare two approaches that use features based on statistical values and the instructions. We adapt the experiment methodology using statistical features in [1] using 1,2,3 grams and varying block sizes as well as the methodology using the abstract assembly in [2] using 1,2,3 grams of consecutive instructions. We apply to our selected test set which is the data set from [3]. The decision tree J48 is used to model to detect three classes: Allapple, Podnuha, Virut. From the comparison experiments, it is found that the approach that considers the instruction set feature performs better. The test with the application set can give up to 100% correctness using the instruction features.

With the development of e-commerce industry, the security of business information has attracted a lot of attention. The paper [1] puts forward the monoecism watermarking algorithm. The algorithm divides image into two parts: ROI (Region of interest) and RONI (Region Of Non Interest), and respectively deal with the two parts. Female watermark and male watermark are embedded into the RONI at the same time, and generate embedding watermark of the image. As is known to all, the integrity of ROI is also very important in e-commerce. This paper tries to apply the monoecism watermarking algorithm to e-commerce information security. The author gives six applications of the algorithm in electronic commerce that is graphical physical paper, electronic paper anti-counterfeiting, electronic seal, copyright protection, digital fingerprint generation, secure communication protection. This author introduced the embedding watermark and extracting watermark process and detection process of monoecism watermark algorithm. Through the analysis of simulation experiment of six application fields of monoecism watermark algorithm in the e-commerce information security, the simulation experiment has verified the validity of the algorithm. In a word, this paper has discussed the general rules of selecting ROI and the specific rules of selecting ROI in e-commerce applications. The simulation results are given, and the satisfactory results have been achieved.

Currently the intelligent terminal based on the Android has occupied most of the market, and the number of malware aiming at Android platform is also increasing. The problems of security threats and privacy disclosure caused by malicious behaviors are becoming more serious. How to make the security assessments and metrics effectively for the security of application has become a research hotspot in recent years. In this paper, we use static behavioral analysis approach, the thesis analyzes Android malware, summarizes its malicious behaviors and its ways of stealing private data, and puts forward the methods of detection and prevention.

Sharp Mail was developed as a substitute for existing email systems and possesses several novel features. One such feature is the ability to generate a circulation confirmation document, which is to provide legal evidence of sent and received email. The crucial aspect of this document is perusal confirmation. Perusal confirmation certifies that the intended receiver of the message has read it. In this study, perusal confirmation is analyzed to determine whether it always contains correct information. This paper shows that perusal confirmation is not guaranteed always to contain correct information.

Subliminal channel is a covert communication channel that can securely exchange secret information. By analyzing the communication protocols and encryption algorithms of two popular instant messaging systems QQ and Skype, this paper devotes the efforts to find whether they satisfy the condition of establishing subliminal channel or not. The broad-band subliminal channel can be established in Skype and QQ messages. Therefore, two subliminal channel schemes are proposed to embed and extract subliminal information. Finally, performances of the proposed subliminal channels are compared with those of the ones based on ElGamal digital signature and Newton channel. Experimental results and theoretical analysis show that they are easy to be implemented with large bandwidth and execute fast.

With the wide use of cloud computing services, users require higher and higher security. So the safety of cloud computing is the first consideration of users to choose. In the development of cloud computing, the application proportion of virtualization gradually increase, the scope and depth of the safety gradually expand. The related concepts of cloud computing and development situation are introduced in this paper. Not only the key technologies of cloud computing security are analyzed, but also a cloud security framework is put forward combined with the current security problems needed to resolve in cloud computing. We analyze and compare the present research results of security model and mechanism in the cloud. At last, we propose a security mechanism based on cloud computing.

Most situation evaluation methods suffer from the false positives and false negatives of detection systems seriously, without considering authorization and dependence relationships, unable to reflect indirect threats, and whose assessment results guide dynamic defense poorly. Upon these problems, an evaluation method whose core consists of multi-source fusion decision, threat spread analysis and attack intention guess is presented. First, the decision-level fusion of multi-source detection logs and attack alerts is introduced to improve detection rate or reduce false alarm rate. Afterwards, the direct threats imposed by attacks, the indirect threats caused by spreading along dependence relationships, and the nonlinear overlapping effects under multiple concurrent attacks are evaluated. Finally, covering and clustering method is utilized to guess attack intentions. Experiments show that the method proposed can not only weaken the impact imposed on assessment result by false positive or false negative effectively, reveal security situation more deeply and accurately, but also guide dynamic defense preferably.