Biblio

HTTPS provides authentication, data confidentiality, and integrity for secure web applications in the Internet. In order to establish secure connections with the target website but not a man-in-the-middle or impersonation attacker, a browser shows security warnings to users, when different HTTPS errors happen (e.g., it fails to build a valid certificate chain, or the certificate subject does not match the domain visited). Each browser implements its own design of warnings on HTTPS errors, to balance security and usability. This paper presents a list of common HTTPS errors, and we investigate the browser behaviors on each error. Our study discloses browser defects on handling HTTPS errors in terms of cryptographic algorithm, certificate verification, name validation, HPKP, and HSTS.

In this work, we applied deep semantic analysis, and machine learning and deep learning techniques, to capture inherent characteristics of email text, and classify emails as phishing or non -phishing.

Cyber security is a vital performance metric for networks. Wiretap attacks belong to passive attacks. It commonly exists in wired or wireless networks, where an eavesdropper steals useful information by wiretapping messages being shipped on network links. It seriously damages the confidentiality of communications. This paper proposed a secure network coding system architecture against wiretap attacks. It combines and collaborates network coding with cryptography technology. Some illustrating examples are given to show how to build such a system and prove its defense is much stronger than a system with a single defender, either network coding or cryptography. Moreover, the system is characterized by flexibility, simplicity, and easy to set up. Finally, it could be used for both deterministic and random network coding system.

With the rapid development of the contemporary society, wide use of smart phone and vehicle sensing devices brings a huge influence on the extensive data collection. Network coding can only provide weak security privacy protection. Aiming at weak secure feature of network coding, this paper proposes an information transfer mechanism, Weak Security Network Coding with Homomorphic Encryption (HE-WSNC), and it is integrated into routing policy. In this mechanism, a movement model is designed, which allows information transmission process under Wi-Fi and Bluetooth environment rather than consuming 4G data flow. Not only does this application reduce the cost, but also improve reliability of data transmission. Moreover, it attracts more users to participate.

The network coding optimization based on niche genetic algorithm can observably reduce the network overhead of encoding technology, however, security issues haven't been considered in the coding operation. In order to solve this problem, we propose a network coding optimization scheme for niche algorithm based on security performance (SNGA). It is on the basis of multi-target niche genetic algorithm(NGA)to construct a fitness function which with k-secure network coding mechanism, and to ensure the realization of information security and achieve the maximum transmission of the network. The simulation results show that SNGA can effectively improve the security of network coding, and ensure the running time and convergence speed of the optimal solution.

Named Data Networking (or NDN) represents a potential new approach to the current host based Internet architecture which prioritize content over the communication between end nodes. NDN relies on caching functionalities and local data storage, such as a content request could be satisfied by any node holding a copy of the content in its storage. Due to the fact that users in the same network domain can share their cached content with each other and in order to reduce the transmission cost for obtaining the desired content, a cooperative network coding mechanism is proposed in this paper. We first formulate our optimal coding and homomorphic signature scheme as a MIP problem and we show how to leverage Software Defined Networking to provide seamless implementation of the proposed solution. Evaluation results demonstrate the efficiency of the proposed coding scheme which achieves better performance than conventional NDN with random coding especially in terms of transmission cost and security.

Network security and data confidentiality of transmitted information are among the non-functional requirements of industrial wireless sensor networks (IWSNs) in addition to latency, reliability and energy efficiency requirements. Physical layer security techniques are promising solutions to assist cryptographic methods in the presence of an eavesdropper in IWSN setups. In this paper, we propose a physical layer security scheme, which is based on both insertion of an random error vector to forward error correction (FEC) codewords and transmission over decentralized relay nodes. Reed-Solomon and Golay codes are selected as FEC coding schemes and the security performance of the proposed model is evaluated with the aid of decoding error probability of an eavesdropper. The results show that security level is highly based on the location of the eavesdropper and secure communication can be achieved when some of channels between eavesdropper and relay nodes are significantly noisier.

Along with the continuous progress of the information technology, Internet of Things is the inevitable way for realizing the fusion of communication and traditional network technology. Network coding, an important breakthrough in the field of communication, has many applied advantages in information network. This article analyses the eavesdropping problem of Internet of Things and presents an information secure network coding scheme against the eavesdropping adversaries. We show that, if the number of links the adversaries can eavesdrop on is less than the max-flow of a network, the proposed coding scheme not only `achieves the prefect information secure condition but also the max-flow of the network.

The traditional security system requires a lot of manpower, and the wireless security system has been developed to reduce costs. However, for wireless systems, stability and reliability are important system indicators. In order to effectively improve these two indicators, we have imported butterfly network coding algorithm into the wireless sensing network. Because this algorithm enables each node to play multiple roles, such as routing, encoding, decoding, sending and receiving, it can also improve the throughput of network transmission, and effectively improve the stability and reliability of the wireless security system. This paper used the Wi-Fi module to implement the butterfly network coding algorithm, and is actually installed in the building. The basis for transmission and reception of all nodes in the network is received signal strength indication (RSSI). On the other hand, this is an IoT system for security monitoring.

The applications in the critical infrastructure systems pose simultaneous resilience and performance requirements to the underlying computer network. To meet such requirements, the networks that use the store-and-forward paradigm poses stringent conditions on the redundancy in the network topology and results in problems that becoming computationally challenging to solve at scale. However, with the advent of programmable data-planes, it is now possible to use linear network coding (NC) at the intermediate network nodes to meet resilience requirements of the applications. To that end, we propose an architecture that realizes linear NC in programmable networks by decomposing the linear NC functions into the atomic coding primitives. We designed and implemented the primitives using the features offered by the P4 ecosystem. Using an empirical evaluation, we show that the theoretical gains promised by linear network coding can be realized with a per-packet processing cost.

Multishot network coding is considered in a worst-case adversarial setting in which an omniscient adversary with unbounded computational resources may inject erroneous packets in up to t links, erase up to ρ packets, and wire-tap up to μ links, all throughout ℓ shots of a (random) linearly-coded network. Assuming no knowledge of the underlying linear network code (in particular, the network topology and underlying linear code may change with time), a coding scheme achieving zero-error communication and perfect secrecy is obtained based on linearized Reed-Solomon codes. The scheme achieves the maximum possible secret message size of ℓn'-2t-ρ-μ packets, where n' is the number of outgoing links at the source, for any packet length m ≥ n' (largest possible range), with only the restriction that ℓ\textbackslashtextless;q (size of the base field). By lifting this construction, coding schemes for non-coherent communication are obtained with information rates close to optimal for practical instances. A Welch-Berlekamp sum-rank decoding algorithm for linearized Reed-Solomon codes is provided, having quadratic complexity in the total length n = ℓn', and which can be adapted to handle not only errors, but also erasures, wire-tap observations and non-coherent communication.

Cryptographically cloud computing may be an innovative safe cloud computing design. Cloud computing may be a huge size dispersed computing model that ambitious by the economy of the level. It integrates a group of inattentive virtualized animatedly scalable and managed possessions like computing control storage space platform and services. External end users will approach to resources over the net victimization fatal particularly mobile terminals, Cloud's architecture structures are advances in on-demand new trends. That are the belongings are animatedly assigned to a user per his request and hand over when the task is finished. So, this paper projected biometric coding to boost the confidentiality in Cloud computing for biometric knowledge. Also, this paper mentioned virtualization for Cloud computing also as statistics coding. Indeed, this paper overviewed the safety weaknesses of Cloud computing and the way biometric coding will improve the confidentiality in Cloud computing atmosphere. Excluding this confidentiality is increased in Cloud computing by victimization biometric coding for biometric knowledge. The novel approach of biometric coding is to reinforce the biometric knowledge confidentiality in Cloud computing. Implementation of identification mechanism can take the security of information and access management in the cloud to a higher level. This section discusses, however, a projected statistics system with relation to alternative recognition systems to date is a lot of advantageous and result oriented as a result of it does not work on presumptions: it's distinctive and provides quick and contact less authentication. Thus, this paper reviews the new discipline techniques accustomed to defend methodology encrypted info in passing remote cloud storage.

Digital video has various types of entities, which are utilized as embedding domains to hide messages in steganography. However, nearly all video steganography uses only one type of embedding domain, resulting in limited embedding capacity and potential security risks. In this paper, we firstly propose to embed in multi-domains for video steganography by combining partition modes (PMs) and motion vectors (MVs). The multi-domain embedding (MDE) aims to spread the modifications to different embedding domains for achieving higher undetectability. The key issue of MDE is the interactions of entities across domains. To this end, we design two MDE strategies, which hide data in PM domain and MV domain by sequential embedding and simultaneous embedding respectively. These two strategies can be applied to existing steganography within a distortion-minimization framework. Experiments show that the MDE strategies achieve a significant improvement in security performance against targeted steganalysis and fusion based steganalysis.

It is investigated how to achieve semantic security for the wiretap channel. A new type of functions called biregular irreducible (BRI) functions, similar to universal hash functions, is introduced. BRI functions provide a universal method of establishing secrecy. It is proved that the known secrecy rates of any discrete and Gaussian wiretap channel are achievable with semantic security by modular wiretap codes constructed from a BRI function and an error-correcting code. A characterization of BRI functions in terms of edge-disjoint biregular graphs on a common vertex set is derived. This is used to study examples of BRI functions and to construct new ones.

Software security is a major concern of the developers who intend to deliver a reliable software. Although there is research that focuses on vulnerability prediction and discovery, there is still a need for building security-specific metrics to measure software security and vulnerability-proneness quantitatively. The existing methods are either based on software metrics (defined on the physical characteristics of code; e.g. complexity or lines of code) which are not security-specific or some generic patterns known as nano-patterns (Java method-level traceable patterns that characterize a Java method or function). Other methods predict vulnerabilities using text mining approaches or graph algorithms which perform poorly in cross-project validation and fail to be a generalized prediction model for any system. In this paper, we envision to construct an automated framework that will assist developers to assess the security level of their code and guide them towards developing secure code. To accomplish this goal, we aim to refine and redefine the existing nano-patterns and software metrics to make them more security-centric so that they can be used for measuring the software security level of a source code (either file or function) with higher accuracy. In this paper, we present our visionary approach through a series of three consecutive studies where we (1) will study the challenges of the current software metrics and nano-patterns in vulnerability prediction, (2) will redefine and characterize the nano-patterns and software metrics so that they can capture security-specific properties of code and measure the security level quantitatively, and finally (3) will implement an automated framework for the developers to automatically extract the values of all the patterns and metrics for the given code segment and then flag the estimated security level as a feedback based on our research results. We accomplished some preliminary experiments and presented the results which indicate that our vision can be practically implemented and will have valuable implications in the community of software security.

The economic progress of the Internet of Things (IoT) is phenomenal. Applications range from checking the alignment of some components during a manufacturing process, monitoring of transportation and pedestrian levels to enhance driving and walking path, remotely observing terminally ill patients by means of medical devices such as implanted devices and infusion pumps, and so on. To provide security, encrypting the data becomes an indispensable requirement, and symmetric encryptions algorithms are becoming a crucial implementation in the resource constrained environments. Typical symmetric encryption algorithms like Advanced Encryption Standard (AES) showcases an assumption that end points of communications are secured and that the encryption key being securely stored. However, devices might be physically unprotected, and attackers may have access to the memory while the data is still encrypted. It is essential to reserve the key in such a way that an attacker finds it hard to extract it. At present, techniques like White-Box cryptography has been utilized in these circumstances. But it has been reported that applying White-Box cryptography in IoT devices have resulted in other security issues like the adversary having access to the intermediate values, and the practical implementations leading to Code lifting attacks and differential attacks. In this paper, a solution is presented to overcome these problems by demonstrating the need of White-Box Cryptography to enhance the security by utilizing the cipher block chaining (CBC) mode.

Routing protocols in wireless sensor network are vulnerable to various malicious security attacks that can degrade network performance and lifetime. This becomes more important in cluster routing protocols that is composed of multiple node and cluster head, such as low energy adaptive clustering hierarchy (LEACH) protocol. Namely, if an attack succeeds in failing the cluster head, then the entire set of nodes fail. Therefore, it is necessary to develop robust recovery schemes to overcome security attacks and recover packets at short times. Hence this paper proposes a detection and recovery scheme for selective forwarding attacks in wireless sensor networks using LEACH protocol. The proposed solution features near-instantaneous recovery times, without the requirement for feedback or retransmissions once an attack occurs.

Wireless networks offer great flexibility and ease of deployment for the rapid implementation of smart grids. However, these data network technologies are prone to security issues. Especially, the risk of eavesdropping attacks increases due to the inherent characteristics of the wireless medium. In this context, physical layer security can augment secrecy through appropriate coding and signal processing. In this paper we consider the use of faster-than-Nyquist signaling to introduce artificial noise in the wireless network segment of the smart grid; with the aim of reinforce the information security at the physical layer. The results show that the proposed scheme can significantly improves the secrecy rate of the channel. Guaranteeing, in coexistence with other security mechanisms and despite the presence of potential eavesdroppers, a reliable and secure flow of information for smart grids.

Part of our team proposed a new steganalytic method based on NIST tests at MMM-ACNS 2017 [1], and it was encouraged to investigate some cipher modifications to prevent such types of steganalysis. In the current paper, we propose one cipher modification based on decompression by arithmetic source compression coding. The experiment shows that the current proposed method allows to protect stegosystems against steganalysis based on NIST tests, while security of the encrypted embedded messages is kept. Protection of contemporary image steganography based on edge detection and modified LSB against NIST tests steganalysis is also presented.

Github Gist is a service provided by Github which is used by developers to share code snippets. While sharing, developers may inadvertently introduce security smells in code snippets as well, such as hard-coded passwords. Security smells are recurrent coding patterns that are indicative of security weaknesses, which could potentially lead to security breaches. The goal of this paper is to help software practitioners avoid insecure coding practices through an empirical study of security smells in publicly-available GitHub Gists. Through static analysis, we found 13 types of security smells with 4,403 occurrences in 5,822 publicly-available Python Gists. 1,817 of those Gists, which is around 31%, have at least one security smell including 689 instances of hard-coded secrets. We also found no significance relation between the presence of these security smells and the reputation of the Gist author. Based on our findings, we advocate for increased awareness and rigorous code review efforts related to software security for Github Gists so that propagation of insecure coding practices are mitigated.

Practitioners use infrastructure as code (IaC) scripts to provision servers and development environments. While developing IaC scripts, practitioners may inadvertently introduce security smells. Security smells are recurring coding patterns that are indicative of security weakness and can potentially lead to security breaches. The goal of this paper is to help practitioners avoid insecure coding practices while developing infrastructure as code (IaC) scripts through an empirical study of security smells in IaC scripts. We apply qualitative analysis on 1,726 IaC scripts to identify seven security smells. Next, we implement and validate a static analysis tool called Security Linter for Infrastructure as Code scripts (SLIC) to identify the occurrence of each smell in 15,232 IaC scripts collected from 293 open source repositories. We identify 21,201 occurrences of security smells that include 1,326 occurrences of hard-coded passwords. We submitted bug reports for 1,000 randomly-selected security smell occurrences. We obtain 212 responses to these bug reports, of which 148 occurrences were accepted by the development teams to be fixed. We observe security smells can have a long lifetime, e.g., a hard-coded secret can persist for as long as 98 months, with a median lifetime of 20 months.

In this paper we propose a solution to support iOS developers in creating better applications, to use static analysis to investigate source code and detect secure coding issues while simultaneously pointing out good practices and/or secure APIs they should use.

Being the revolutionary future networking architecture, information-centric networking (ICN) conducts network distribution based on content, which is ideally suitable for Internet of things (IoT). With the rapid growth of network traffic, compared to the conventional IoT, information-centric Internet of things (IC-IoT) is expected to provide users with the better satisfaction of the network quality of service (QoS). However, due to IC-IoT requirements of low latency, large data volume, marginalization, and intelligent processing, it urgently needs an efficient content distribution system. In this paper, we propose an edge learning based green content distribution scheme for IC-IoT. We implement intelligent path selection based on decision tree and edge calculation. Moreover, we apply distributed coding based content transmission to enhance the speed and recovery capability of content. Meanwhile, we have verified the effectiveness and performance of this scheme based on a large number of simulation experiments. The work of this paper is of great significance to improve the efficiency and flexibility of content distribution in IC-IoT.

The Internet of Things (IoT) has revolutionized the way of how pervasive computing devices communicate and disseminate information over the global network. A plethora of user data is collected and logged daily into cloud-based servers. Such data can be analyzed by the IoT infrastructure to capture users' behaviors (e.g. users' location, tagging of smart home occupancy). This brings a new set of security challenges, specifically user anonymity. Existing access control and authentication technologies failed to support user anonymity. They relied on the surrendering of the device/user authentication parameters to the trusted server, which hence could be utilized by the IoT infrastructure to track users' behavioral patterns. This paper, presents two novel configurable privacy-preserving authentication schemes. User anonymity capabilities were incorporated into our proposed authentication schemes through the implementation of two crypto-based approaches (i) Zero Knowledge Proof (ZKP) and (ii) Verifiable Common Secret Encoding (VCSE). We consider a user-oriented approach when determining user anonymity. The proposed authentication schemes are dynamically capable of supporting various levels of user privacy based on the user preferences. To validate the two schemes, they were fully implemented and deployed on an IoT testbed. We have tested the performance of each proposed schemes in terms of power consumption and computation time. Based on our performance evaluation results, the proposed ZKP-based approach provides better performance compared to the VCSE-based approach.

Mechanism to-Rube Goldberg invention accord is normal habituated to for apartment phones and Internet of Things. Agree and central knowledge are open to meet an unfailing turning between twosome gadgets. In ignoble fracas, factual methodologies many a time eon wait on a prefabricated solitarily pronunciation database and bear the ill effects of serene age rate. We verifiable GeneWave, a brusque gadget inspection and root assention convention for item cell phones. GeneWave mischievous accomplishes bidirectional ingenious inspection office on the physical reaction meantime between two gadgets. To evade the resolution of interim in compliance, we overshadow overseas time fragility on ware gadgets skim through steep flag location and excess time crossing out. At zigzag goal, we success out the elementary acoustic channel reaction for gadget verification. We combination an extraordinary coding pointing for virtual key assention while guaranteeing security. Consequently, two gadgets heart signal couple choice and safely concur on a symmetric key.