Biblio

One of the most important strength features of crypto-system's is the key space. As a result, whenever the system has more key space, it will be more resistant to attack. The weakest type of attack on the key space is Brute Force attack, which tests all the keys on the ciphertext in order to get the plaintext. But there are several strategies that can be considered by the attacker and cryptographer related to the selection of the right key with the lowest cost (time). Game theory is a mathematical theory that draws the best strategies for most problems. This research propose a new evaluation method which is employing game theory to draw best strategies for both players (cryptographer & attacker).

An information system is only as secure as its weakest point. In many information systems that remains to be the human factor, despite continuous attempts to educate the users about the importance of password security and enforcing password creation policies on them. Furthermore, not only do the average users' password creation and management habits remain more or less the same, but the password cracking tools, and more importantly, the computer hardware, keep improving as well. In this study, we performed a broad targeted attack combining several well-established cracking techniques, such as brute-force, dictionary, and hybrid attacks, on the passwords used by the students of a Slovenian university to access the online grading system. Our goal was to demonstrate how easy it is to crack most of the user-created passwords using simple and predictable patterns. To identify differences between them, we performed an analysis of the cracked and uncracked passwords and measured their strength. The results have shown that even a single low to mid-range modern GPU can crack over 95% of passwords in just few days, while a more dedicated system can crack all but the strongest 0.5% of them.

In order to cater the growing spectrum demands of large scale future 5G Internet of Things (IoT) applications, Dynamic Spectrum Access (DSA) based networks are being proposed as a high-throughput and cost-effective solution. However the lack of understanding of DSA paradigm's inherent security vulnerabilities on IoT networks might become a roadblock towards realizing such spectrum aware 5G vision. In this paper, we make an attempt to understand how such inherent DSA vulnerabilities in particular Spectrum Sensing Data Falsification (SSDF) attacks can be exploited by collaborative group of selfish adversaries and how that can impact the performance of spectrum aware IoT applications. We design a utility based selfish adversarial model mimicking collaborative SSDF attack in a cooperative spectrum sensing scenario where IoT networks use dedicated environmental sensing capability (ESC) for spectrum availability estimation. We model the interactions between the IoT system and collaborative selfish adversaries using a leader-follower game and investigate the existence of equilibrium. Using simulation results, we show the nature of adversarial and system utility components against system variables. We also explore Pareto-optimal adversarial strategy design that maximizes the attacker utility for varied system strategy spaces.

Aiming at the increasing popularity of mobile terminals, a CP-ABE scheme adapted to lightweight decryption at the mobile end is proposed. The scheme has the function of supporting timely attributes revocation and policy hiding. Firstly, we will introduce the related knowledge of attribute base encryption. After that, we will give a specific CP-ABE solution. Finally, in the part of the algorithm analysis, we will give analysis performance and related security, and compare this algorithm with other algorithms.

Inner-product encryption (IPE) is a well-known functional encryption primitive that allows decryption when the inner-product of the attribute vectors, upon which the encrypted data and the decryption key depend, is equal to zero. Using IPE, it is possible to define fine-grained access policies over encrypted data whose enforcement can be outsourced to the cloud where the data are stored. However, current IPE schemes do not support efficient access policy changes. In this paper, we propose an efficient inner-product proxy re-encryption (E-IPPRE) scheme that provides the proxy server with a transformation key, with which a ciphertext associated with an attribute vector can be transformed to a new ciphertext associated with a different attribute vector, providing a policy update mechanism with a performance suitable for many practical applications. We experimentally assess the efficiency of our protocol and show that it is selective attribute-secure against chosen-plaintext attacks in the standard model under the Asymmetric Decisional Bilinear Diffie-Hellman assumption.

In this paper, we propose an access control model featured with the efficient key update function in data outsourcing environment. Our access control is based on the combination of Ciphertext Policy - Attribute-based Encryption (CP-ABE) and Role-based Access Control (RBAC). The proposed scheme aims to improve the attribute and key update management of the original CP-ABE. In our scheme, a user's key is incorporated into the attribute certificate (AC) which will be used to decrypt the ciphertext encrypted with CP-ABE policy. If there is any change (update or revoke) of the attributes appearing in the key, the key in the AC will be updated upon the access request. This significantly reduces the overheads in updating and distributing keys of all users simultaneously compared to the existing CP-ABE based schemes. Finally, we conduct the experiment to evaluate the performance of our proposed scheme to show the efficiency of our proposed scheme.

In the era of digitization, data security is a vital role in message transmission and all systems that deal with users require stronger encryption techniques that against brute force attack. Honey encryption (HE) algorithm is a user data protection algorithm that can deceive the attackers from unauthorized access to user, database and websites. The main part of conventional HE is distribution transforming encoder (DTE). However, the current DTE process using cumulative distribution function (CDF) has the weakness in message space limitation because CDF cannot solve the probability theory in more than four messages. So, we propose a new method in DTE process using discrete distribution function in order to solve message space limitation problem. In our proposed honeywords generation method, the current weakness of existing honeywords generation method such as storage overhead problem can be solved. In this paper, we also describe the case studies calculation of DTE in order to prove that new DTE process has no message space limitation and mathematical model using discrete distribution function for DTE process facilitates the distribution probability theory.

The Moving Picture Experts Group's Compact Descriptors for Visual Search (MPEG's CDVS) intends to standardize technologies in order to enable an interoperable, efficient, and cross-platform solution for internet-scale visual search applications and services. Among the key technologies within CDVS, we recall the format of visual descriptors, the descriptor extraction process, and the algorithms for indexing and matching. Unfortunately, these steps require precision and computation accuracy. Moreover, they are very time-consuming, as they need running times in the order of seconds when implemented on the central processing unit (CPU) of modern mobile devices. In this paper, to reduce computation times and maintain precision and accuracy, we re-design, for many-cores embedded graphical processor units (GPUs), all main local descriptor extraction pipeline phases of the MPEG's CDVS standard. To reach this goal, we introduce new techniques to adapt the standard algorithm to parallel processing. Furthermore, to reduce memory accesses and efficiently distribute the kernel workload, we use new approaches to store and retrieve CDVS information on proper GPU data structures. We present a complete experimental analysis on a large and standard test set. Our experiments show that our GPU-based approach is remarkably faster than the CPU-based reference implementation of the standard, and it maintains a comparable precision in terms of true and false positive rates.

Attribute-Based Access Control (ABAC), a promising alternative to traditional models of access control, has gained significant attention in recent academic literature. This attention has lead to the creation of a number of ABAC models including our previous contribution, Hierarchical Group and Attribute-Based Access Control (HGABAC). However, to date few complete solutions exist that provide both an ABAC model and architecture that could be implemented in real life scenarios. This work aims to advance progress towards a complete ABAC solution by introducing Hierarchical Group Attribute Architecture (HGAA), an architecture to support HGABAC and close the gap between a model and real world implementation. In addition to HGAA we also present an attribute certificate specification that enables users to provide proof of attribute ownership in a pseudonymous and off-line manner, as well as an update to the Hierarchical Group Policy Language (HGPL) to support our namespace for uniquely identifying attributes across disparate security domains. Details of our HGAA implementation are given and a preliminary analysis of its performance is discussed as well as directions for future work.

Most centralized systems allow data access to its cloud user if a cloud user has a certain set of satisfying attributes. Presently, one method to compete such policies is to use an authorized cloud server to maintain the user data and have access control over it. At times, when one of the servers keeping data is compromised, the security of the user data is compromised. For getting access control, maintaining data security and obtaining precise computing results, the data owners have to keep attribute-based security to encrypt the stored data. During the delegation of data on cloud, the cloud servers may be tampered by the counterfeit cipher-text. Furthermore, the authorized users may be cheated by retorting them that they are unauthorized. Largely the encryption control access attribute policies are complex. In this paper, we present Cipher-text Policy Attribute-Based Encryption for maintaining complex access control over encrypted data with verifiable customizable authorization. The proposed technique provides data confidentiality to the encrypted data even if the storage server is comprised. Moreover, our method is highly secured against collusion attacks. In advance, performance evaluation of the proposed system is elaborated with implementation of the same.

Decentralized attribute-based encryption (ABE) is an efficient and flexible multi-authority attribute-based encryption system, since it does not requires the central authority and does not need to cooperate among the authorities for creating public parameters. Unfortunately, recent works show that the reality of the privacy preserving and security in almost well-known decentralized key policy ABE (KP-ABE) schemes are doubtful. How to construct a decentralized KP-ABE with the privacy-preserving and user collusion avoidance is still a challenging problem. Most recently, Y. Rahulamathavam et al. proposed a decentralized KP ABE scheme to try avoiding user collusion and preserving the user's privacy. However, we exploit the vulnerability of their scheme in this paper at first and present a collusion attack on their decentralized KP-ABE scheme. The attack shows the user collusion cannot be avoided. Subsequently, a new privacy-preserving decentralized KP-ABE is proposed. The proposed scheme avoids the linear attacks at present and achieves the user collusion avoidance. We also show that the security of the proposed scheme is reduced to decisional bilinear Diffie-Hellman assumption. Finally, numerical experiments demonstrate the efficiency and validity of the proposed scheme.

Collaborative trajectory privacy preservation (CTPP) scheme is an effective method for continuous queries. However, collaborating with other users need pay some cost. Therefore, some rational and selfish users will not choose collaboration, which will result in users' privacy disclosing. To solve the problem, this paper proposes a collaboration incentive mechanism by rewarding collaborative users and punishing non-collaborative users. The paper models the interactions of users participating in CTPP as a repeated game and analysis the utility of participated users. The analytical results show that CTPP with the proposed incentive mechanism can maximize user's payoffs. Experiments show that the proposed mechanism can effectively encourage users' collaboration behavior and effectively preserve the trajectory privacy for continuous query users.

This paper analyzes information network security risk assessment methods and models. Firstly an improved AHP method is proposed to assign the value of assets for solving the problem of risk judgment matrix consistency effectively. And then the neural network technology is proposed to construct the neural network model corresponding to the risk judgment matrix for evaluating the individual risk of assets objectively, the methods for calculating the asset risk value and system risk value are given. Finally some application results are given. Practice proves that the methods are correct and effective, which has been used in information network security risk assessment application and offers a good foundation for the implementation of the automatic assessment.

Network situation value is an important index to measure network security. Establishing an effective network situation prediction model can prevent the occurrence of network security incidents, and plays an important role in network security protection. Through the understanding and analysis of the network security situation, we can see that there are many factors affecting the network security situation, and the relationship between these factors is complex., it is difficult to establish more accurate mathematical expressions to describe the network situation. Therefore, this paper uses the grey neural network as the prediction model, but because the convergence speed of the grey neural network is very fast, the network is easy to fall into local optimum, and the parameters can not be further modified, so the Multi-Swarm Chaotic Particle Optimization (MSCPO)is used to optimize the key parameters of the grey neural network. By establishing the nonlinear mapping relationship between the influencing factors and the network security situation, the network situation can be predicted and protected.

Cloud offers flexible and cost effective storage for big data but the major challenge is access control of big data processing. CP-ABE is a desirable solution for data access control in cloud. However, in CP-ABE the access policy may leak user's private information. To address this issue, Hidden Policy CP-ABE schemes proposed but those schemes still causing data leakage problem because the access policies are partially hidden and create more computational cost. In this paper, we propose a New Hidden Policy Ciphertext Policy Attribute Based Encryption (HP-CP-ABE) to ensure Big Data Access Control with Privacy-preserving Policy in Cloud. In proposed method, we used Multi Secret Sharing Scheme(MSSS) to reduce the computational overhead, while encryption and decryption process. We also applied mask technique on each attribute in access policy and embed the access policy in ciphertext, to protect user's private information from access policy. The security analysis shows that HP-CP-ABE is more secure and preserve the access policy privacy. Performance evaluation shows that our schemes takes less computational cost than existing scheme.

Logical locking is the most popular countermeasure against the hardware attacks like intellectual property (IP) piracy, Trojan insertion and illegal integrated circuit (IC) overproduction. The functionality of the design is locked by the added logics into the design. Thus, the design is accessible only to the authorized users by applying the valid keys. However, extracting the secret key of the logically locked design have become an extensive effort and it is commonly known as key guessing attacks. Thus, the main objective of the proposed technique is to build a secured hardware against attacks like Brute force attack, Hill climbing attack and path sensitization attacks. Furthermore, the gates with low observability are chosen for encryption, this is to obtain an optimal output corruption of 50% Hamming distance with minimal design overhead and implementation complexity. The experimental results are validated on ISCAS'85 benchmark circuits, with a highly secured locking mechanism.

Attributes-based encryption (ABE) is a promising cryptographic mechanism that provides a fine-grained access control for cloud environment. Since most of the parties exchange sensitive data among them by using cloud computing, data protection is very important for data confidentiality. Ciphertext policy attributes-based encryption (CP-ABE) is one of the ABE schemes, which performs an access control of security mechanisms for data protection in cloud storage. In CP-ABE, each user has a set of attributes and data encryption is associated with an access policy. The secret key of a user and the ciphertext are dependent upon attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access structure in the ciphertext. The practical applications of CP-ABE have still requirements for attributes policy management and user revocation. This paper proposed an important issue of policy revocation in CP-ABE scheme. In this paper, sensitive parts of personal health records (PHRs) are encrypted with the help of CP-ABE. In addition, policy revocation is considered to add in CP-ABE and generates a new secret key for authorized users. In proposed attributes based encryption scheme, PHRs owner changes attributes policy to update authorized user lists. When policy revocation occurs in proposed PHRs sharing system, a trusted authority (TA) calculates a partial secret token key according to a policy updating level and then issues new or updated secret keys for new policy. Proposed scheme emphasizes on key management, policy management and user revocation. It provides a full control on data owner according to a policy updating level what he chooses. It helps both PHRs owner and users for flexible policy revocation in CP-ABE without time consuming.

In Cloud Manufacturing trust is an important, under investigated issue. This paper proceeds the noncommittal phase of the grounded theory method approach by investigating the trust topic in several research streams, defining the problem domain. This novel approach fills a research gap and can be treated as a snapshot and blueprint of research. Findings were accomplished by a structured literature review and are able to help future researchers in pursuing the integrative phase in Grounded Theory by building on the preliminary result of this paper.

Detection of network attacks is the first step to network security. Many different methods for attack detection were proposed in the past. However, descriptions of these methods are often not complete and it is difficult to verify that the actual implementation matches the description. In this demo paper, we propose to use Complex Event Processing (CEP) for developing detection methods based on network flows. By writing the detection methods in an Event Processing Language (EPL), we can address the above-mentioned problems. The SQL-like syntax of most EPLs is easily readable so the detection method is self-documented. Moreover, it is directly executable in the CEP system, which eliminates inconsistencies between documentation and implementation. The demo will show a running example of a multi-stage HTTP brute force attack detection using Esper and its EPL.

Searchable encryption is one of the most important techniques for the sensitive data outsourced to cloud server, and has been widely used in cloud storage which brings huge convenience and saves bandwidth and computing resources. A novel searchable cryptographic scheme is proposed by which data owner can control the search and use of the outsourced encrypted data according to its access control policy. The scheme is called searchable ciphertext-policy attribute-based encryption with multikeywords (CPABMKS). In the scheme, CP-ABE and keywords are combined together through the way that the keywords are regarded as the file attributes. To overcome the previous problems in cloud storage, access structures are hidden so that receivers cannot extract sensitive information from the ciphertext. At the same time, this scheme supports the multi-keywords search, and the data owner can outsource the encryption operations to the private cloud that can reduce the data owner' calculation. The security of this scheme is proved based on the DBDH assumption. Finally, scheme evaluation shows that the CPABMKS scheme is practical

Smart grid systems data has been exposed to several threats and attacks from different perspectives and have resulted in several system failures. Obtaining security of data and key exposure and enhancing system ability in data collection and transmission process are challenging, on the grounds smart grid data is sensitive and enormous sum. In this paper we introduce smart grid data security method along with advanced Cipher text policy attribute based encryption (CP-ABE). Cloud supported IoT is widely used in smart grid systems. Smart IoT devices collect data and perform status management. Data obtained from the IOT devices will be divided into blocks and encrypted data will be stored in different cloud server with different encrypted keys even when one cloud server is assaulted and encrypted key is exposed data cannot be decrypted, thereby the transmission and encryption process are done in correspondingly. We protect access-tree structure information even after the data is shared to user by solving revocation problem in which cloud will inform data owner to revoke and update encryption key after user has downloaded the data, which preserves the data privacy from unauthorized users. The analysis of the system concludes that our proposed system can meet the security requirements in smart grid systems along with cloud-Internet of things.

One of the fundamental methods for eavesdroppers to achieve a plaintext from a cryptogram is the brute force attack where possible candidates of decryption keys are exhaustively applied to the decryption algorithm. Here the only reason why the eavesdroppers believe to find the common-key and to achieve the plaintext is that the output of the decryption algorithm is contextually acceptable. According to this fact, this paper proposes a novel common-key cryptosystem where fake plaintexts which are also contextually acceptable are mixed into a cryptogram with the legal plaintext. If an eavesdropper applies a fake common-key to the decryption algorithm, it outputs the fake plaintexts which the eavesdroppers might believe legal. This paper also proposes concrete encryption/decryption algorithm which can be combined with any conventional common-key cryptosystem. Results of simulation experiments show the proposed method reduces probability for eavesdroppers to get legal plaintexts.

Research on network security situation awareness is currently a research hotspot in the field of network security. It is one of the easiest and most effective methods to use the BP neural network for security situation prediction. However, there are still some problems in BP neural network, such as slow convergence rate, easy to fall into local extremum, etc. On the other hand, some common used evolutionary algorithms, such as genetic algorithm (GA) and particle swarm optimization (PSO), easily fall into local optimum. Hybrid rice optimization algorithm is a newly proposed algorithm with strong search ability, so the method of this paper is proposed. This article describes in detail the use of BP network security posture prediction method. In the proposed method, HRO is used to train the connection weights of the BP network. Through the advantages of HRO global search and fast convergence, the future security situation of the network is predicted, and the accuracy of the situation prediction is effectively improved.

3D modeling usually refers to be the use of 3D software to build production through the virtual 3D space model with 3D data. At present, most 3D modeling software such as 3dmax, FLAC3D and Midas all need adjust models to get a satisfactory model or by coding a precise modeling. There are many matters such as complicated steps, strong profession, the high modeling cost. Aiming at this problem, the paper presents a new 3D modeling methods which is based on Deep Belief Networks (DBN) and Interactive Evolutionary Algorithm (IEA). Following this method, firstly, extract characteristic vectors from vertex, normal, surfaces of the imported model samples. Secondly, use the evolution strategy, to extract feature vector for stochastic evolution by artificial grading control the direction of evolution, and in the process to extract the characteristics of user preferences. Then, use evolution function matrix to establish the fitness approximation evaluation model, and simulate subjective evaluation. Lastly, the user can control the whole machine simulation evaluation process at any time, and get a satisfactory model. The experimental results show that the method in this paper is feasible.

Image hiding is the important tools to protect the ownership rights of digital multimedia contents. To reduce the interference effect of the host signal in the popular Spread Spectrum (SS) image hiding algorithm, this paper proposes an Improved Additive Spread Spectrum (IASS) image hiding algorithm. The proposed IASS image hiding algorithm maintains the simple decoder of the Additive Spread Spectrum (ASS) image hiding algorithm. This paper makes the comparative experiments with the ASS image hiding algorithm and Correlation-and-bit-Aware Spread Spectrum (CASS) image hiding algorithm. For the noise-free scenario, the proposed IASS image hiding algorithm could yield error-free decoding performance in theory. For the noise scenario, the experimental results show that the proposed IASS image hiding algorithm could significantly reduce the host effect in data hiding and improve the watermark decoding performance remarkably.