Biblio

True Random number Generator (TRNG) is critical for secure communications. In this work, we explain in details regarding our recent solution on TRNG using random telegraph noise (RTN) including the benefits and the disadvantages. Security check is performed using the NIST randomness tests for both the RTN-based TRNG and various conventional pseudo random umber generator. The newly-proposed design shows excellent randomness, power consumption, low design complexity, small area and high speed, making it a suitable candidate for future cryptographically secured applications within the internet of things.

E-learning enables the transfer of skills, knowledge, and education to a large number of recipients. The E-Learning platform has the tendency to provide face-to-face learning through a learning management system (LMS) and facilitated an improvement in traditional educational methods. The LMS saves organization time, money and easy administration. LMS also saves user time to move across the learning place by providing a web-based environment. However, a few students could be willing to exploit such a system's weakness in a bid to cheat if the conventional authentication methods are employed. In this scenario user authentication and surveillance of end user is more challenging. A system with the simultaneous authentication is put forth through multifactor adaptive authentication methods. The proposed system provides an efficient, low cost and human intervention adaptive for e-learning environment authentication and monitoring system.

Data are generated and stored in databases at a very high speed and hence it need to be handled and analyzed properly. Nowadays industries are extensively using Hadoop and Spark to analyze the datasets. Both the frameworks are used for increasing processing speeds in computing huge complex datasets. Many researchers are comparing both of them. Now, the big questions arising are, Is Spark a substitute for Hadoop? Is hadoop going to be replaced by spark in mere future?. Spark is “built on top of” Hadoop and it extends the model to deploy more types of computations which incorporates Stream Processing and Interactive Queries. No doubt, Spark's execution speed is much faster than Hadoop, but talking in terms of fault tolerance, hadoop is slightly more fault tolerant than spark. In this article comparison of various bigdata analytics tools are done and Hadoop and Spark are discussed in detail. This article further gives an overview of bigdata, spark and hadoop issues. In this survey paper, the approaches to resolve the issues of spark and hadoop are discussed elaborately.

The intensity of DNA figuring will reinforce the current security on frameworks by opening up another probability of a half and half cryptographic framework. Here, we are exhibiting the DNA S-box for actualizing cryptographic algorithm. The DNA based S-Box is designed using vivado software and implemented using Artix-7 device. The main aim is to design the DNA based S-box to increase the security. Also pipelining and parallelism techniques are to be implement in future to increase the speed.

Ransomware attack is posting a serious threat against Android devices and stored data that could be locked or/and encrypted by such attack. Existing solutions attempt to detect and prevent such attack by studying different features and applying various analysis mechanisms including static, dynamic or both. In this paper, recent ransomware detection solutions were investigated and compared. Moreover, a deep analysis of android permissions was conducted to identify significant android permissions that can discriminate ransomware with high accuracy before harming users' devices. Consequently, based on the outcome of this analysis, a permissions-based ransomware detection system is proposed. Different classifiers were tested to build the prediction model of this detection system. After the evaluation of the ransomware detection service, the results revealed high detection rate that reached 96.9%. Additionally, the newly permission-based android dataset constructed in this research will be made available to researchers and developers for future work.

The ad-hoc network formed by Bluetooth works on radio frequency links. The security aspect of Bluetooth has to be handled more carefully. The radio frequency waves have a characteristic that the waves can pierce the obstructions in the communication path, get rid of the requirement of line of sight between the communicating devices. We propose a software model of man-in-the-middle attack along with unauthorized and authorized transmitter and receiver. Advanced White Gaussian Noise channel is simulated in the designed architecture. The transmitter uses Gaussian Frequency Shift Keying (GFSK) modulation like in Bluetooth. The receiver uses GFSK demodulation. In order to validate the performance of the designed system, bit error rate (BER) measurements are taken with respect to different time intervals. We found that BER drops roughly 18% if hopping duration of 150 seconds is chosen. We propose that a Bluetooth system with hopping rate of 0.006 Hz is used instead of 10Hz.

In this paper, an attempt has been made to describe Kerberos authentication with multi factor authentication in context aware systems. Multi factor authentication will make the framework increasingly secure and dependable. The Kerberos convention is one of the most generally utilized security conventions on the planet. The security conventions of Kerberos have been around for a considerable length of time for programmers and other malware to Figure out how to sidestep it. This has required a quick support of the Kerberos convention to make it progressively dependable and productive. Right now, endeavor to help explain this by strengthening Kerberos with the assistance of multifaceted verification.

The development in the web technologies given growth to the new application that will make the voting process very easy and proficient. The E-voting helps in providing convenient, capture and count the votes in an election. This project provides the description about e-voting using an Android platform. The proposed e-voting system helps the user to cast the vote without visiting the polling booth. The application provides authentication measures in order to avoid fraud voters using the OTP. Once the voting process is finished the results will be available within a fraction of seconds. All the casted vote count is encrypted using AES256 algorithm and stored in the database in order to avoid any outbreaks and revelation of results by third person other than the administrator.

Register Transfer Level (RTL) locking seeks to prevent intellectual property (IP) theft of a design by locking the RTL description that functions correctly on the application of a key. This paper evaluates the security of a state-of-the-art RTL locking scheme using a satisfiability modulo theories (SMT) based algorithm to retrieve the secret key. The attack first obtains the high-level behavior of the locked RTL, and then use an SMT based formulation to find so-called distinguishing input patterns (DIP)1 The attack methodology has two main advantages over the gate-level attacks. First, since the attack handles the design at the RTL, the method scales to large designs. Second, the attack does not apply separate unlocking strategies for the combinational and sequential parts of a design; it handles both styles via a unifying abstraction. We demonstrate the attack on locked RTL generated by TAO [1], a state-of-the-art RTL locking solution. Empirical results show that we can partially or completely break designs locked by TAO.

Cloud computing has transformed the way of utilizing the computing, storage and network resources as per the user demand. Consequently, the field of robotics performs high complexity tasks that exploit the clouds with the capability to build low-cost light weight and intelligent robots. Recently various researchers have been emerged in the cloud robotics field which are related to offloading computations to the cloud infrastructure, storing and sharing knowledge, coordination and collective learning among robots. However, there are issues related to security and privacy that needs to be addressed while deploying the robotics application in the cloud. Significant research attention is required to build a secure cloud robotic infrastructure. The foremost factor of our research entails the development of standard web services that will allow heterogeneous robots to execute the computationally intense algorithms like map building as a service over the cloud. We have proposed the model that presents the mutual authentication and encryption mechanism for getting access to the hosted robotic services. For mutual authentication, we have used Kerberos module and ECIES (Elliptic Curve Integrated Encryption Scheme) for data encryption. Moreover, we have also performed the cryptanalysis of the proposed protocol by using a Proverif tool. After the cryptanalysis, it is found that our system can also withstand against various type of attacks.

One of a high relentless attack is the crucial distributed DoS attacks. The types and tools for this attacks increases day-to-day as per the technology increases. So the methodology for detection of DDoS should be advanced. For this purpose we created an automated DDoS detector using ML which can run on any commodity hardware. The results are 98.5 % accurate. We use three classification algorithms KNN, RF and NB to classify DDoS packets from normal packets using two features, delta time and packet size. This detector mostly can detect all types of DDoS such as ICMP flood, TCP flood, UDP flood etc. In the older systems they detect only some types of DDoS attacks and some systems may require a large number of features to detect DDoS. Some systems may work only with certain protocols only. But our proposed model overcome these drawbacks by detecting the DDoS of any type without a need of specific protocol that uses less amount of features.

Adversarial models are well-established for cryptographic protocols, but distributed real-time protocols have requirements that these abstractions are not intended to cover. The IEEE/IEC 61850 standard for communication networks and systems for power utility automation in particular not only requires distributed processing, but in case of the generic object oriented substation events and sampled value (GOOSE/SV) protocols also hard real-time characteristics. This motivates the desire to include both quality of service (QoS) and explicit network topology in an adversary model based on a π-calculus process algebraic formalism based on earlier work. This allows reasoning over process states, placement of adversarial entities and communication behaviour. We demonstrate the use of our model for the simple case of a replay attack against the publish/subscribe GOOSE/SV subprotocol, showing bounds for non-detectability of such an attack.

Cloud computing provides so many groundbreaking advantages over native computing servers like to improve capacity and decrease costs, but meanwhile, it carries many security issues also. In this paper, we find the feasible security attacks made about cloud computing, including Wrapping, Browser Malware-Injection and Flooding attacks, and also problems caused by accountability checking. We have also analyzed the honey pot attack and its procedural intrusion way into the system. This paper on overall deals with the most common security breaches in cloud computing and finally honey pot, in particular, to analyze its intrusion way. Our major scope is to do overall security, analyze in the cloud and then to take up with a particular attack to deal with granular level. Honey pot is the one such attack that is taken into account and its intrusion policies are analyzed. The specific honey pot algorithm is in the queue as the extension of this project in the future.

The paper discusses the use of virtual (VR) and augmented (AR) reality for visual analytics in information security. Paper answers two questions: “In which areas of information security visualization VR/AR can be useful?” and “What is the difference of the VR/AR from similar methods of visualization at the level of perception of information?”. The first answer is based on the investigation of information security areas and visualization models that can be used in VR/AR security visualization. The second answer is based on experiments that evaluate perception of visual components in VR.

Using the blockchain technology to store the privatedocuments of individuals will help make data more reliable and secure, preventing the loss of data and unauthorized access. The Consensus algorithm along with the hash algorithms maintains the integrity of data simultaneously providing authentication and authorization. The paper incorporates the block chain and the Identity Based Encryption management concept. The Identity based Management system allows the encryption of the user's data as well as their identity and thus preventing them from Identity theft and fraud. These two technologies combined will result in a more secure way of storing the data and protecting the privacy of the user.

Information and security are interdependent elements. Information security has evolved to be a matter of global interest and to achieve this; it requires tools, policies and assurance of technologies against any relevant security risks. Internet influx while providing a flexible means of sharing the online information economically has rapidly attracted countless writers. Text being an important constituent of online information sharing, creates a huge demand of intellectual copyright protection of text and web itself. Various visible watermarking techniques have been studied for text documents but few for web-based text. In this paper, web page watermarking and cryptography for online content copyrights protection is proposed utilizing the semantic and syntactic rules using HTML (Hypertext Markup Language) and is tested for English and Arabic languages.

The resistance to attacks aimed to break CAPTCHA challenges and the effectiveness, efficiency and satisfaction of human users in solving them called usability are the two major concerns while designing CAPTCHA schemes. User-friendliness, universality, and accessibility are related dimensions of usability, which must also be addressed adequately. With recent advances in segmentation and optical character recognition techniques, complex distortions, degradations and transformations are added to text-based CAPTCHA challenges resulting in their reduced usability. The extent of these deformations can be decreased if some additional security mechanism is incorporated in such challenges. This paper proposes an additional security mechanism that can add an extra layer of protection to any text-based CAPTCHA challenge, making it more challenging for bots and scripts that might be used to attack websites and web applications. It proposes the use of hidden text-boxes for user entry of CAPTCHA string which serves as honeypots for bots and automated scripts. The honeypot technique is used to trick bots and automated scripts into filling up input fields which legitimate human users cannot fill in. The paper reports implementation of honeypot technique and results of tests carried out over three months during which form submissions were logged for analysis. The results demonstrated great effectiveness of honeypots technique to improve security control and usability of text-based CAPTCHA challenges.

The pervasiveness of personalized collaborative recommender systems has shown the powerful capability in a wide range of E-commerce services such as Amazon, TripAdvisor, Yelp, etc. However, fundamental vulnerabilities of collaborative recommender systems leave space for malicious users to affect the recommendation results as the attackers desire. A vast majority of existing detection methods assume certain properties of malicious attacks are given in advance. In reality, improving the detection performance is usually constrained due to the challenging issues: (a) various types of malicious attacks coexist, (b) limited representations of malicious attack behaviors, and (c) practical evidences for exploring and spotting anomalies on real-world data are scarce. In this paper, we investigate a unified detection framework in an eye for an eye manner without being bothered by the details of the attacks. Firstly, co-visitation and co-rating graphs are constructed using association rules. Then, attribute representations of nodes are empirically developed from the perspectives of linkage pattern, structure-based property and inherent association of nodes. Finally, both attribute information and connective coherence of graph are combined in order to infer suspicious nodes. Extensive experiments on both synthetic and real-world data demonstrate the effectiveness of the proposed detection approach compared with competing benchmarks. Additionally, abnormality forensics metrics including distribution of rating intention, time aggregation of suspicious ratings, degree distributions before as well as after removing suspicious nodes and time series analysis of historical ratings, are provided so as to discover interesting findings such as suspicious nodes (items or ratings) on real-world data.

In light of the problem for garbage cleaning in small water area, an intelligent miniature water surface garbage cleaning robot with unmanned driving and convenient operation is designed. Based on STC12C5A60S2 as the main controller in the design, power module, transmission module and cleaning module are controlled together to realize the function of cleaning and transporting garbage, intelligent remote control of miniature water surface garbage cleaning robot is realized by the WiFi module. Then the prototype is developed and tested, which will verify the rationality of the design. Compared with the traditional manual driving water surface cleaning devices, the designed robot realizes the intelligent control of unmanned driving, and achieves the purpose of saving human resources and reducing labor intensity, and the system operates security and stability, which has certain practical value.

Present day's data security plays a vital role in digital human life. Data is a valuable asset to any organization and hence its security from external attacks is very important. Information security is not only an important aspect but essential, to secure data from unapproved access. Data encryption, decryption and key management are the key factors in data protection. It is very important to have the right data security solution to meet the challenging threats. Cryptosystem implementation and random number generators are crucial for Cryptosystem applications such as security applications, space applications, military applications and smart cards et al. In this paper, we present the implementation of hybrid cryptosystem based on the True Random number Generator, pseudo Random number Generator and whitening the data by using the ASIC design flow.

The concept of the adversary model has been widely applied in the context of cryptography. When designing a cryptographic scheme or protocol, the adversary model plays a crucial role in the formalization of the capabilities and limitations of potential attackers. These models further enable the designer to verify the security of the scheme or protocol under investigation. Although being well established for conventional cryptanalysis attacks, adversary models associated with attackers enjoying the advantages of machine learning techniques have not yet been developed thoroughly. In particular, when it comes to composed hardware, often being security-critical, the lack of such models has become increasingly noticeable in the face of advanced, machine learning-enabled attacks. This paper aims at exploring the adversary models from the machine learning perspective. In this regard, we provide examples of machine learning-based attacks against hardware primitives, e.g., obfuscation schemes and hardware root-of-trust, claimed to be infeasible. We demonstrate that this assumption becomes however invalid as inaccurate adversary models have been considered in the literature.

An acoustic fingerprint is a condensed and powerful digital signature of an audio signal which is used for audio sample identification. A fingerprint is the pattern of a voice or audio sample. A large number of algorithms have been developed for generating such acoustic fingerprints. These algorithms facilitate systems that perform song searching, song identification, and song duplication detection. In this study, a comprehensive and powerful survey of already developed algorithms is conducted. Four major music fingerprinting algorithms are evaluated for identifying and analyzing the potential hurdles that can affect their results. Since the background and environmental noise reduces the efficiency of music fingerprinting algorithms, behavioral analysis of fingerprinting algorithms is performed using audio samples of different languages and under different environmental conditions. The results of music fingerprint classification are more successful when deep learning techniques for classification are used. The testing of the acoustic feature modeling and music fingerprinting algorithms is performed using the standard dataset of iKala, MusicBrainz and MIR-1K.

Increased availability of mobile cameras has led to more opportunities for people to record videos of significantly more of their lives. Many times people want to share these videos, but only to certain people who were co-present. Since the videos may be of a large event where the attendees are not necessarily known, we need a method for proving co-presence without revealing information before co-presence is proven. In this demonstration, we present a privacy-preserving method for comparing the similarity of two videos without revealing the contents of either video. This technique leverages the Similarity of Simultaneous Observation technique for detecting hidden webcams and modifies the existing algorithms so that they are computationally feasible to run under fully homomorphic encryption scheme on modern mobile devices. The demonstration will consist of a variety of devices preloaded with our software. We will demonstrate the video sharing software performing comparisons in real time. We will also make the software available to Android devices via a QR code so that participants can record and exchange their own videos.

Humans are majorly identified as the weakest link in cybersecurity. Tertiary institution students undergo lot of cybersecurity issues due to their constant Internet exposure, however there is a lack in literature with regards to tertiary institution students' cybersecurity behaviors. This research aimed at linking the factors responsible for tertiary institutions students' cybersecurity behavior, via validated cybersecurity factors, Perceived Vulnerability (PV); Perceived Barriers (PBr); Perceived Severity (PS); Security Self-Efficacy (SSE); Response Efficacy (RE); Cues to Action (CA); Peer Behavior (PBhv); Computer Skills (CS); Internet Skills (IS); Prior Experience with Computer Security Practices (PE); Perceived Benefits (PBnf); Familiarity with Cyber-Threats (FCT), thus exploring the relationship between the factors and the students' Cybersecurity Behaviors (CSB). A cross-sectional online survey was used to gather data from 450 undergraduate and postgraduate students from tertiary institutions within Klang Valley, Malaysia. Correlation Analysis was used to find the relationships existing among the cybersecurity behavioral factors via SPSS version 25. Results indicate that all factors were significantly related to the cybersecurity behaviors of the students apart from Perceived Severity. Practically, the study instigates the need for more cybersecurity training and practices in the tertiary institutions.

Two-factor authentication (2FA) systems implement by verifying at least two factors. A factor is something a user knows (password, or phrase), something a user possesses (smart card, or smartphone), something a user is (fingerprint, or iris), something a user does (keystroke), or somewhere a user is (location). In the existing 2FA system, a user is required to act in order to implement the second layer of authentication which is not very user-friendly. Smart devices (phones, laptops, tablets, etc.) can receive signals from different radio frequency technologies within range. As these devices move among networks (Wi-Fi access points, cellphone towers, etc.), they receive broadcast messages, some of which can be used to collect information. This information can be utilized in a variety of ways, such as establishing a connection, sharing information, locating devices, and, most appropriately, identifying users in range. The principal benefit of broadcast messages is that the devices can read and process the embedded information without being connected to the broadcaster. Moreover, the broadcast messages can be received only within range of the wireless access point sending the broadcast, thus inherently limiting access to those devices in close physical proximity and facilitating many applications dependent on that proximity. In the proposed research, a new factor is used - something that is in the user's environment with minimal user involvement. Data from these broadcast messages is utilized to implement a 2FA scheme by determining whether two devices are proximate or not to ensure that they belong to the same user.