Biblio

SM9 is an identity-based cryptography algorithm published by the State Cryptography Administration of China. With SM9, a user's private key for signing is generated by a central system called key generation center (KGC). When the owner of the private key wants to shirk responsibility by denying that the signature was generated by himself, he can claim that the operator of KGC forged the signature using the generated private key. To address this issue, in this paper, two schemes of SM9 digital signature with non-repudiation are proposed. With the proposed schemes, the user's private key for signing is collaboratively generated by two separate components, one of which is deployed in the private key service provider's site while the other is deployed in the user's site. The private key can only be calculated in the user's site with the help of homomorphic encryption. Therefore, only the user can obtain the private key and he cannot deny that the signature was generated by himself. The proposed schemes can achieve the non-repudiation of SM9 digital signature.

The Security is a vital aspect of cloud service as it comprises of data that belong to multiple users. Cloud service providers are responsible for maintaining data integrity, confidentiality and availability. They must ensure that their infrastructure and data are protected from intruders. In this research work Intrusion Detection System is designed to detect malicious server by using Cuckoo Search (CS) along with Artificial Intelligence. CS is used for feature optimization with the help of fitness function, the server's nature is categorized into two types: normal and attackers. On the basis of extracted features, ANN classify the attackers which affect the networks in cloud environment. The main aim is to distinguish attacker servers that are affected by DoS/DDoS, Black and Gray hole attacks from the genuine servers. Thus, instead of passing data to attacker server, the server passes the data to the genuine servers and hence, the system is protected. To validate the performance of the system, QoS parameters such as PDR (Packet delivery rate), energy consumption rate and total delay before and after prevention algorithm are measured. When compared with existing work, the PDR and the delay have been enhanced by 3.0 %and 21.5 %.

Denial of Service (DoS) attacks are very common type of computer attack in the world of internet today. Automatically detecting such type of DDoS attack packets & dropping them before passing through is the best prevention method. Conventional solution only monitors and provide the feedforward solution instead of the feedback machine-based learning. A Design of Deep neural network has been suggested in this paper. In this approach, high level features are extracted for representation and inference of the dataset. Experiment has been conducted based on the ISCX dataset for year 2017, 2018 and CICDDoS2019 and program has been developed in Matlab R17b using Wireshark.

For optimal use of cloud resources and to reduce the latency of cloud users, the cloud computing model extends the services such as networking facilities, computational capabilities and storage facilities based on demand. Due to the dynamic behavior, distributed paradigm and heterogeneity present among the processing elements, devices and service oriented pay per use policies; the cloud computing environment is having its availability, security and privacy issues. Among these various issues one of the important issues in cloud computing paradigm is DDoS attack. This paper put in plain words the DDoS attack, its detection as well as prevention mechanisms in cloud computing environment. The inclusive study also explains about the effects of DDoS attack on cloud platform and the related defense mechanisms required to be considered.

Distributed Denial of Service (DDoS) attacks aim at bringing down or decreasing the availability of services for their legitimate users, by exhausting network or server resources. It is difficult to differentiate attack traffic from legitimate traffic as the attack can come from distributed nodes that additionally might spoof their IP addresses. Traditional DoS mitigation solutions fail to defend all kinds of DoS attacks and huge DoS attacks might exceed the processing capacity of routers and firewalls easily. The advent of Software-defined Networking (SDN) and Network Function Virtualization (NFV) has brought a new perspective for network defense. Key features of such technologies like global network view and flexibly positionable security functionality can be used for mitigating DDoS attacks. In this paper, we propose a collaborative DDoS attack mitigation scheme that uses SDN and NFV. We adopt a machine learning algorithm from related work to derive accurate patterns describing DDoS attacks. Our experimental results indicate that our framework is able to differentiate attack and legitimate traffic with high accuracy and in near-realtime. Furthermore, the derived patterns can be used to create OpenFlow (OF) or Firewall rules that can be pushed back into the direction of the attack origin for more efficient and distributed filtering.

The mechanism for distributing information on the source of the attack by combining blockchain technology with the Intrusion Prevention System (IPS) can be done so that DDoS attack mitigation becomes more flexible, saves resources and costs. Also, by informing the blacklisted Internet Protocol(IP), each IPS can share attack source information so that attack traffic blocking can be carried out on IPS that are closer to the source of the attack. Therefore, the attack traffic passing through the network can be drastically reduced because the attack traffic has been blocked on the IPS that is closer to the attack source. The blocking of existing DDoS attack traffic is generally carried out on each IPS without a mechanism to share information on the source of the attack so that each IPS cannot cooperate. Also, even though the DDoS attack traffic did not reach the server because it had been blocked by IPS, the attack traffic still flooded the network so that network performance was reduced. Through smart contracts on the Ethereum blockchain, it is possible to inform the source of the attack or blacklisted IP addresses without requiring additional infrastructure. The blacklisted IP address is used by IPS to detect and handle DDoS attacks. Through the blacklisted IP distribution scheme, testing and analysis are carried out to see information on the source of the attack on each IPS and the attack traffic that passes on the network. The result is that each IPS can have the same blacklisted IP so that each IPS can have the same attack source information. The results also showed that the attack traffic through the network infrastructure can be drastically reduced. Initially, the total number of attack packets had an average of 115,578 reduced to 27,165.

DDoS attacks are the most commonly performed cyber-attacks with a motive to suspend the target services and making them unavailable to users. A recent attack on Github, explains that the traffic was traced back to ``over a thousand different autonomous systems across millions of unique endpoints''. Generally, there are various types of DDoS attacks and each attack uses a different protocol and attacker uses a botnet to execute such attacks. Hence, it will be very difficult for organizations to deal with these attacks and going for third parties to secure themselves from DDoS attacks. In order to eliminate the third parties. Our proposed system uses machine learning algorithms to identify the incoming packet is malicious or not and use Blockchain technology to store the Blacklist. The key benefit of Blockchain is that blacklisted IP addresses are effectively stored, and usage of such infrastructure provides an advantage of extra security mechanism over existing DDoS mitigation systems. This paper has evaluated three different algorithms, such as the KNN Classifier, the Decision Tree Classifier, Random Forest algorithm to find out the better classifying algorithm. Tree Based Classifier technique used for Feature Selection to boost the computational time. Out of the three algorithms, Random Forest provides an accuracy about 95 % in real-time traffic analysis.

A Distributed Denial of Service ( DDoS ) attack is usually instigated on a primary server that provides important services in a network. However such DDoS attacks can be identified and mitigated by the controller in a Software Defined Network (SDN). If the intruder further performs an attack on the controller along with the server, the attack becomes successful.In this paper, we show how such a combined DDoS attack can be instigated on a controller as well as a primary server. The DDoS attack on the primary server is instigated by compromising few hosts to send packets with spoofed IP addresses and the attack on the controller is instigated by compromising few switches to send flow table requests repeatedly to the controller. With the help of an emulator called mininet, we show the severity of this attack on the performance of the network. We further propose a common technique that can be used to mitigate this kind of attack by observing the variation of destination IP addresses and setting different priorities to switches and handling the flow table requests accordingly by the controller.

One of a high relentless attack is the crucial distributed DoS attacks. The types and tools for this attacks increases day-to-day as per the technology increases. So the methodology for detection of DDoS should be advanced. For this purpose we created an automated DDoS detector using ML which can run on any commodity hardware. The results are 98.5 % accurate. We use three classification algorithms KNN, RF and NB to classify DDoS packets from normal packets using two features, delta time and packet size. This detector mostly can detect all types of DDoS such as ICMP flood, TCP flood, UDP flood etc. In the older systems they detect only some types of DDoS attacks and some systems may require a large number of features to detect DDoS. Some systems may work only with certain protocols only. But our proposed model overcome these drawbacks by detecting the DDoS of any type without a need of specific protocol that uses less amount of features.

The ever-increasing growth of urban populations coupled with recent mobile data usage trends has led to an unprecedented increase in wireless devices, services and applications, with varying quality of service needs in terms of latency, data rate, and connectivity. To cope with these rising demands and challenges, next-generation wireless networks have resorted to cloud radio access network (Cloud-RAN) technology as a way of reducing latency and network traffic. A concrete example of this is New York City's LinkNYC network infrastructure, which replaces the city's payphones with kiosk-like structures, called Links, to provide fast and free public Wi-Fi access to city users. When enabled with data storage capability, these Links can, for example, play the role of edge cloud devices to allow in-network content caching so that access latency and network traffic are reduced. In this paper, we propose HybridCache, a hybrid proactive and reactive in-network caching scheme that reduces content access latency and network traffic congestion substantially. It does so by first grouping edge cloud devices in clusters to minimize intra-cluster content access latency and then enabling cooperative-proactively and reactively-caching using LSTM-based prediction to minimize in-network content redundancy. Using the LinkNYC network as the backbone infrastructure for evaluation, we show that HybridCache reduces the number of hops that content needs to traverse and increases cache hit rates, thereby reducing both network traffic and content access latency.

The recent advancement in the automotive sector has led to a technological explosion. As a result, the modern car provides a wide range of features supported by state of the art hardware and software. Unfortunately, while this is the case of most major components, in the same vehicle we find dozens of sensors and sub-systems built over legacy hardware and software with limited computational capabilities. This paper presents LOKI, a lightweight cryptographic key distribution scheme applicable in the case of the classical invehicle communication systems. The LOKI protocol stands out compared to already proposed protocols in the literature due to its ability to use only a single broadcast message to initiate the generation of a new cryptographic key across a group of nodes. It's lightweight key derivation algorithm takes advantage of a reverse hash chain traversal algorithm to generate fresh session keys. Experimental results consisting of a laboratory-scale system based on Vector Informatik's CANoe simulation environment demonstrate the effectiveness of the developed methodology and its seamless impact manifested on the network.

Government division may be a crucial portion of the nation's economy. Security of government inquire about substance from all sorts of dangers is basic not as it were for trade coherence but too for supporting the economy of the country as a entirety. With the digitization of conventional records, government substances experience troublesome issues, such as government capacity and access. Research office spend significant time questioning the specified information when getting to Government investigate substance subtle elements, but the gotten information are not fundamentally rectify, and get to is some of the time limited. On this premise, this think about proposes a investigate substance which utilize ciphertext-based encryption to guarantee information privacy and get to control of record subtle elements. The investigate head may scramble the put away data for accomplishing get to control and keeping information secure. In this manner AES Rijndael calculation is utilized for encryption. This guarantees security for the data and empowers Protection.

In order to solve the problems of inconvenient carrying and management of the access card used in the existing market access control system, a set of intelligent access control system based on DES encrypted two-dimensional code is designed. The system consists of Android smart phone, embedded access controller and server. By sending and receiving QR code via smart phone, access to the door is obtained, which realizes centralized management of office buildings, companies, senior office buildings, luxury residences and other middle and high-rise places, effectively preventing unauthorized people from entering the high security area. In order to ensure information security, the two-dimensional code is encrypted by DES algorithm. This system has the characteristics of low cost, high security and flexible operation. It is still blank in the application field and has certain promotion value.

This paper investigates the use of Software-Defined Networking (SDN) in the detection and mitigation of malware threat, focusing on the example of ExPetr ransomware. Extensive static and dynamic analysis of ExPetr is performed in a purpose-built SDN testbed. The results acquired from this analysis are then used to design and implement an SDN-based solution to detect the malware and prevent it from spreading to other machines inside a local network. Our solution consists of three security mechanisms that have been implemented as components/modules of the Python-based POX controller. These mechanisms include: port blocking, SMB payload inspection, and HTTP payload inspection. When malicious activity is detected, the controller communicates with the SDN switches via the OpenFlow protocol and installs appropriate entries in their flow tables. In particular, the controller blocks machines which are considered infected, by monitoring and reacting in real time to the network traffic they produce. Our experimental results demonstrate that the proposed designs are effective against self-propagating malware in local networks. The implemented system can respond to malicious activities quickly and in real time. Furthermore, by tuning certain thresholds of the detection mechanisms it is possible to trade-off the detection time with the false positive rate.

This Transparent Data Encryption (TDE) can provide enormous benefits to the Relational Databases in the aspects of Data Security, Cryptographic Encryption, and Compliances. For every transaction, the stored data must be decrypted before applying the updates as well as should be encrypted before permanently storing back at the storage level. By adding this extra functionality to the database, the general thinking denotes that the Database (DB) going to hit some performance overhead at the CPU and storage level. However, The Oracle Corporation has adversely claimed that their latest Oracle DB version 19c TDE feature can provide significant improvement in the optimization of CPU and no overhead at the storage level for data processing. Impressively, it is true. the results of this paper prove too. Most interestingly the results also revealed about highly impacted components in the servers which are not yet disclosed in any of the previous research work. This paper completely concentrates on CPU, IO, and RAM performance analysis and identifying the bottlenecks along with possible solutions.

The most important advantage of database is that it can form an intensive management system and serve a large number of information users, which shows the importance of information security in network development. However, there are many problems in the current computer software engineering industry, which seriously hinder the development of computer software engineering, among which the most remarkable and prominent one is that the database programming technology is difficult to be effectively utilized. In this paper, virtualization technology is used to manage the underlying resources of data center with the application background of big data technology, and realize the virtualization of network resources, storage resources and computing resources. It can play a constructive role in the construction of data center, integrate traditional and old resources, realize the computing data center system through virtualization, distributed storage and resource scheduling, and realize the clustering and load balancing of non-relational databases.

The solution of using existing WiFi devices for measurement and maintenance, and establishing a WiFi fingerprint database for precise localization has become a popular method for indoor localization. The traditional WiFi fingerprint privacy protection scheme increases the calculation amount of the client, but cannot completely protect the security of the client and the fingerprint database. In this paper, we make use of WiFi devices to present a Practical Privacy Protection Scheme In WiFi Fingerprint-based Localization PPWFL. In PPWFL, the localization server establishes a pre-partition in the fingerprint database through the E-M clustering algorithm, we divide the entire fingerprint database into several partitions. The server uses WiFi fingerprint entries with partitions as training data and trains a machine learning model. This model can accurately predict the client's partition based on fingerprint entries. The client uses the trained machine learning model to obtain its partition location accurately, picks up WiFi fingerprint entries in its partition, and calculates its geographic location with the localization server through secure multi-party computing. Compared with the traditional solution, our solution only uses the WiFi fingerprint entries in the client's partition rather than the entire fingerprint database. PPWFL can reduce not only unnecessary calculations but also avoid accidental errors (Unexpected errors in fingerprint similarity between non-adjacent locations due to multipath effects of electromagnetic waves during the propagation of complex indoor environments) in fingerprint distance calculation. In particular, due to the use of Secure Multi-Party Computation, most of the calculations are performed in the local offline phase, the client only exchanges data with the localization server during the distance calculation phase. No additional equipment is needed; our solution uses only existing WiFi devices in the building to achieve fast localization based on privacy protection. We prove that PPWFL is secure under the honest but curious attacker. Experiments show that PPWFL achieves efficiency and accuracy than the traditional WiFi fingerprint localization scheme.

The usage of K-anonymity to preserve location privacy for wireless sensor network (WSN) monitoring systems, where sensor nodes operate together to notify a server with anonymous shared positions. That k-anonymous position is a coated region with at least k people. However, we identify an attack model to show that overlapping aggregate locations remain privacy-risk because the enemy can infer certain overlapping areas with persons under k who violate the privacy requirement for anonymity. Within this paper we suggest a mutual WSN privacy protocol (REAL). Actual needs sensor nodes to arrange their sensing areas separately into a variety of non-overlapping, extremely precise anonymous aggregate positions. We also developed a state transfer framework, a locking mechanism and a time delay mechanism to address the three main REAL challenges, namely self-organisation, shared assets and high precision. We equate REAL's output with current protocols through virtual experiments. The findings demonstrate that REAL preserves the privacy of sites, offers more precise question answers and decreases connectivity and device expense.

Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card.In this paper, we reverse engineer the behavior of DCA, widely referred to as Data-Direct I/O (DDIO), on recent Intel processors and present its first security analysis. Based on our analysis, we present NetCAT, the first Network-based PRIME+PROBE Cache Attack on the processor's LLC of a remote machine. We show that NetCAT not only enables attacks in cooperative settings where an attacker can build a covert channel between a network client and a sandboxed server process (without network), but more worryingly, in general adversarial settings. In such settings, NetCAT can enable disclosure of network timing-based sensitive information. As an example, we show a keystroke timing attack on a victim SSH connection belonging to another client on the target server. Our results should caution processor vendors against unsupervised sharing of (additional) microarchitectural components with peripherals exposed to malicious input.

In the digital payment system, the transactions and their data about clients are very sensitive, so the security and privacy of personal information of the client is a big concern. The confirmation towards security necessities prevents the data from a stolen and unauthorized person over the digital transactions, So the stronger authentication methods required, which must be based on cryptography. Initially, in the payment ecosystem, they were using the Kerberos protocol, but now different approaches such as Challenge-Handshake Authentication Protocol (CHAP), Tokenization, Two-Factor Authentication(PIN, MPIN, OTP), etc. such protocols are being used in the payment system. This paper presents the use cases of different authentication protocols. Further, the use of these protocols in online payment systems to verify each individual are explained.

As the key platform to deal with big data, Hadoop cannot fully protect data security of users by relying on a single Kerberos authentication mechanism. In addition, the single Namenode has disadvantages such as single point failure, performance bottleneck and poor scalability. To solve these problems, a big data security protection scheme is proposed. In this scheme, blockchain technology is adopted to deploy distributed Namenode server cluster to take joint efforts to safeguard the metadata and to allocate access tasks of users. We also improved the heartbeat model to collect user behavior so as to make a faster response to Datanode failure. The smart contract conducts reasonable allocation of user role through the judgment of user tag and risk value. It also establishes a tracking chain of risk value to monitor user behavior in real time. Experiments show that this scheme can better protect data security in Hadoop. It has the advantage of metadata decentralization and the data is hard to be tampered.

In the last couple of years ARM-based servers have been gradually adopted by cloud service providers and utilized in the data centers. Such tendency may provide great business opportunities for various companies in the industry. Hence, the ability to timely track the development trend of the ARM-based server ecosystem (ASE) from technical perspective is of great importance. In this paper the level of development of the ASE is quantitatively assessed based on open-source data analysis. In particular, statistical data is extracted from 42 Linux kernels to analyze the development process of the ASE. Furthermore, an estimate of the development trend of the ASE in the next 10 years is made based on the statistical data. The estimated results provide insight on when the ASE may become as mature as today's x86-based server ecosystem.

In this paper, we discuss the development of the IoT security exercise content and the implementation of it to the CyExec. While the Internet of Things (IoT) devices are becoming more popular, vulnerability countermeasures are insufficient, and many incidents have occurred. It is because there is insufficient protection against vulnerabilities specific to IoT equipment. Also, the developers and users have low awareness of IoT devices against vulnerabilities from the past. Therefore, the importance of security education on IoT devices is increasing. However, the enormous burden of introduction and operation costs limited the use of commercial cybersecurity exercise systems. CyExec (Cyber Security Exercise System), consisting of a virtual environment using VirtualBox and Docker, is a low-cost and flexible cybersecurity exercise system, which we have proposed for the dissemination of security education. And the content of the exercises for CyExec is composed of the Basic exercises and Applied exercises.

As the unmanned aerial vehicle (UAV) can play a vital role to collect information remotely in a military battlefield, researchers have shown great interest to reveal the domain of internet of battlefield Things (IoBT). In a rescue mission on a battlefield, UAV can collect data from different regions to identify the casualty of a soldier. One of the major challenges in IoBT is to identify the soldier in a complex environment. Image processing algorithm can be helpful if proper methodology can be applied to identify the victims. However, due to the limited hardware resources of a UAV, processing task can be handover to the nearby edge computing server for offloading the task as every second is very crucial in a battlefield. Furthermore, to avoid any third-party interaction in the network and to store the data securely, blockchain can help to create a trusted network as it forms a distributed ledger among the participants. This paper proposes a UAV assisted casualty detection scheme based on image processing algorithm where data is protected using blockchain technology. Result analysis has been conducted to identify the victims on the battlefield successfully using image processing algorithm and network issues like throughput and delay has been analyzed in details using public-key cryptography.

Internet of Things (IoT) has been growing exponentially in the commercial market in recent years. It is also a fact that people hold one or more computing devices at home. Many of them have been developed to operate through internet connectivity with cloud computing technologies that result in the demand for fast, robust, and secure services. In most cases, the lack of these services makes difficult the transfer of data to fulfill the devices' purposes. Under these conditions, an intermediate layer or middleware is needed to process, filter, and send data through a more efficient alternative. This paper presents the adaptive solution of a middleware architecture as an intermediate layer between smart devices and cloud computing to enhance the management of the heterogeneity of data provining from IoT devices. The proposed middleware provides easy configuration, adaptability, and bearability for different environments. Finally, this solution has been implemented in the healthcare domain, in which IoT solutions are deployed into Ambient Assisted Living (AAL) environments.