Biblio

Filters: Author is Singh, M.  [Clear All Filters]
2021-02-10
Singh, M., Singh, P., Kumar, P..  2020.  An Analytical Study on Cross-Site Scripting. 2020 International Conference on Computer Science, Engineering and Applications (ICCSEA). :1—6.
Cross-Site Scripting, also called as XSS, is a type of injection where malicious scripts are injected into trusted websites. When malicious code, usually in the form of browser side script, is injected using a web application to a different end user, an XSS attack is said to have taken place. Flaws which allows success to this attack is remarkably widespread and occurs anywhere a web application handles the user input without validating or encoding it. A study carried out by Symantic states that more than 50% of the websites are vulnerable to the XSS attack. Security engineers of Microsoft coined the term "Cross-Site Scripting" in January of the year 2000. But even if was coined in the year 2000, XSS vulnerabilities have been reported and exploited since the beginning of 1990's, whose prey have been all the (then) tech-giants such as Twitter, Myspace, Orkut, Facebook and YouTube. Hence the name "Cross-Site" Scripting. This attack could be combined with other attacks such as phishing attack to make it more lethal but it usually isn't necessary, since it is already extremely difficult to deal with from a user perspective because in many cases it looks very legitimate as it's leveraging attacks against our banks, our shopping websites and not some fake malicious website.
2020-11-17
Singh, M., Butakov, S., Jaafar, F..  2018.  Analyzing Overhead from Security and Administrative Functions in Virtual Environment. 2018 International Conference on Platform Technology and Service (PlatCon). :1—6.
The paper provides an analysis of the performance of an administrative component that helps the hypervisor to manage the resources of guest operating systems under fluctuation workload. The additional administrative component provides an extra layer of security to the guest operating systems and system as a whole. In this study, an administrative component was implemented by using Xen-hypervisor based para-virtualization technique and assigned some additional roles and responsibilities that reduce hypervisor workload. The study measured the resource utilizations of an administrative component when excessive input/output load passes passing through the system. Performance was measured in terms of bandwidth and CPU utilisation Based on the analysis of administrative component performance recommendations have been provided with the goal to improve system availability. Recommendations included detection of the performance saturation point that indicates the necessity to start load balancing procedures for the administrative component in the virtualized environment.
2020-11-23
Singh, M., Kim, S..  2018.  Crypto trust point (cTp) for secure data sharing among intelligent vehicles. 2018 International Conference on Electronics, Information, and Communication (ICEIC). :1–4.
Tremendous amount of research is going on in the field of Intelligent vehicles (IVs)in industries and academics. Although, IV supports a better convenience for the society, but it also suffers from some concerns. Security is the major concern in Intelligent vehicle technology, due to its high exposure to data and information communication. The environment of the IV communication has many security vulnerabilities, which cannot be solved by Traditional Security approaches due to their fixed capabilities. Among security, trust, data accuracy and reliability of communication data in the communication channel are the other issues in IV communication. Blockchain is a peer-to-peer, distributed and decentralized technology which is used by the digital currency Bit-coin, to build trust and reliability and it has capability and is feasible to use Blockchain in IV Communication. In this paper, we propose, Blockchain based crypto Trust point (cTp) mechanism for IV communication. Using cTp in the IVs communication environment can provide IV data security and reliability. cTp mechanism accounts for the legitimate and illegitimate vehicles behavior, and rewarding thereby building trust among the vehicles. We also propose a reward based system using cTp (exchange of some cTp among IVs, during successful communication). We use blockchain technology in the Intelligent Transportation System (ITS) for the data management of the cTp. Using ITS, cTp details of every vehicle can be accessed ubiquitously by IVs. We evaluation, our proposal using the intersection use case scenario for intelligent vehicles communication.
2018-04-02
Kumar, V., Kumar, A., Singh, M..  2017.  Boosting Anonymity in Wireless Sensor Networks. 2017 4th International Conference on Signal Processing, Computing and Control (ISPCC). :344–348.

The base station (BS) is the main device in a wireless sensor network (WSN) and used to collect data from all the sensor nodes. The information of the whole network is stored in the BS and hence it is always targeted by the adversaries who want to interrupt the operation of the network. The nodes transmit their data to the BS using multi-hop technique and hence form an eminent traffic pattern that can be easily observed by a remote adversary. The presented research aims to increase the anonymity of the BS. The proposed scheme uses a mobile BS and ring nodes to complete the above mentioned objective. The simulation results show that the proposed scheme has superior outcomes as compared to the existing techniques.

2015-05-06
Kaur, R., Singh, M..  2014.  A Survey on Zero-Day Polymorphic Worm Detection Techniques. Communications Surveys Tutorials, IEEE. 16:1520-1549.

Zero-day polymorphic worms pose a serious threat to the Internet security. With their ability to rapidly propagate, these worms increasingly threaten the Internet hosts and services. Not only can they exploit unknown vulnerabilities but can also change their own representations on each new infection or can encrypt their payloads using a different key per infection. They have many variations in the signatures of the same worm thus, making their fingerprinting very difficult. Therefore, signature-based defenses and traditional security layers miss these stealthy and persistent threats. This paper provides a detailed survey to outline the research efforts in relation to detection of modern zero-day malware in form of zero-day polymorphic worms.