Biblio

Multi-authority attribute-based encryption (MA-ABE) is a promising technique to achieve fine-grained access control over encrypted data in cross domain applications. However, the dynamic change of users' access privilege brings security problems, and the heavy encryption computational cost is issue for resource-constrained users in IoT. Moreover, the invalid or illegal ciphertext will waste system resources. We propose a large universe MA-CP-ABE scheme with revocation and online/offline encryption. In our scheme, an efficient revocation mechanism is designed to change users' access privilege timely. Most of the encryption operations have been executed in the user's initialization phase by adding reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Moreover, the scheme supports ciphertext verification and only valid ciphertext can be stored and transmitted. The proposed scheme is proven statically secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable for resource constrained users in edge computing for IoT.

Because of the high-value data of an enterprise, sophisticated cyber-attacks targeted at enterprise networks have become prominent. Attack graphs are useful tools that facilitate a scalable security analysis of enterprise networks. However, the administrators face difficulties in effectively modelling security problems and making right decisions when constructing attack graphs as their risk assessment experience is often limited. In this paper, we propose an innovative method of security assessment through an ontology- and graph-based approach. An ontology is designed to represent security knowledge such as assets, vulnerabilities, attacks, countermeasures, and relationships between them in a common vocabulary. An efficient algorithm is proposed to generate an attack graph based on the inference ability of the security ontology. The proposed algorithm is evaluated with different sizes and topologies of test networks; the results show that our proposed algorithm facilitates a scalable security analysis of enterprise networks.

Attack graphs are a relatively new - at least, from the point of view of a practical usage - method for modeling multistage cyber-attacks. They allow to understand how seemingly unrelated vulnerabilities may be combined together by an attacker to form a chain of hostile actions that enable to compromise a key resource. An attack graph is also the starting point for providing recommendations for corrective actions that would fix or mask security problems and prevent the attacks. In the paper, we propose TAG, a topological attack graph analysis tool designed to support a user in a security evaluation and countermeasure selection. TAG employs an improved version of MulVAL inference engine, estimates a security level on the basis of attack graph and attack paths scoring, and recommends remedial actions that improve the security of the analyzed system.

Despite the popularity of wireless sensor networks (WSNs) in a wide range of applications, security problems associated with them have not been completely resolved. Middleware is generally introduced as an intermediate layer between WSNs and the end user to resolve some limitations, but most of the existing middleware is unable to protect data from malicious and unknown attacks during transmission. This paper introduces an intelligent middleware based on an unsupervised learning technique called Generative Adversarial Networks (GANs) algorithm. GANs contain two networks: a generator (G) network and a detector (D) network. The G creates fake data similar to the real samples and combines it with real data from the sensors to confuse the attacker. The D contains multi-layers that have the ability to differentiate between real and fake data. The output intended for this algorithm shows an actual interpretation of the data that is securely communicated through the WSN. The framework is implemented in Python with experiments performed using Keras. Results illustrate that the suggested algorithm not only improves the accuracy of the data but also enhances its security by protecting data from adversaries. Data transmission from the WSN to the end user then becomes much more secure and accurate compared to conventional techniques.

Lack of effective accountability mechanisms brings a series of security problems for Internet today. In Next Generation Internet based on IPv6, the system of identity authentication and IP verification is the key to accounting ability. Source Address Validation Improvement (SAVI) can protect IP source addresses from being faked. But without identity authentication mechanism and certain relationship between IP and accountable identity, the accountability is still unreliable. To solve this problem, most research focus on embedding accountable identity into IP address which need either changing DHCP client or twice DHCP request process due to the separate process of user authentication and address assignment. Different from previous research, this paper first analyzes the problems and requirements of combining Web Portal or 802.1X, two main identity authentication mechanism (AAA), with the accountable address assignment in SAVI frame-work. Then a novel Cooperative mechanism for Accountable IP address assignment (CAIP) is proposed based on 802.1X and SAVI, which takes into account the validation of IP address, the authenticity and accountability of identity at the same time. Finally, we build up prototype system for both Fat AP and Thin AP wireless scenarios and simulate the performance of CAIP through large-scale campus networks' data logs. The experiment result shows that the IP addresses and identities in CAIP are protective and accountable. Compared with other previous research, CAIP is not only transparent to the terminals and networks, but also low impact on network equipment, which makes CAIP easy deployment with high compatibility and low cost.

With the increasing of health awareness, the users become more and more interested in their daily health information and healthcare activities results from healthcare organizations. They always try to collect them together for better usage. Traditionally, the healthcare data is always delivered by paper format from the healthcare organizations, and it is not easy and convenient for data usage and management. They would have to translate these data on paper to digital version which would probably introduce mistakes into the data. It would be necessary if there is a secure and convenient method for electronic health data transferring between the users and the healthcare organizations. However, for the security and privacy problems, almost no healthcare organization provides a stable and full service for health data delivery. In this paper, we propose a secure and convenient method, QRStream, which splits original health data and loads them onto QR code frame streaming for the data transferring. The results shows that QRStream can transfer text health data smoothly with an acceptable performance, for example, transferring 10K data in 10 seconds.

Two-factor authentication has been widely used due to the vulnerabilities associated with the traditional password-based authentication. One-Time Password (OTP) plays an important role in authentication protocol. However, a variety of security problems have been challenging the security of OTP, and improvements are introduced to solve it. This paper reviews several schemes to implement and modify the OTP, a comparison among the popular OTP algorithms is presented. A smart grid architecture with edge computing is shown. The authentication techniques in the smart grid are analyzed.

With the development of internet of things (IoT) and communication technology, the sensors and embedded devices collect a large amount of data and handle it. However, IoT environment cannot efficiently treat the big data and is vulnerable to various attacks because IoT is comprised of resource limited devices and provides a service through a open channel. In 2018, Sharma and Kalra proposed a lightweight multi-factor authentication protocol for cloud-IoT environment to overcome this problems. We demonstrate that Sharma and Kalra's scheme is vulnerable to identity and password guessing, replay and session key disclosure attacks. We also propose a secure multifactor authentication protocol to resolve the security problems of Sharma and Kalra's scheme, and then we analyze the security using informal analysis and compare the performance with Sharma and Kalra's scheme. The proposed scheme can be applied to real cloud-IoT environment securely.

It is a research hotspot that using blockchain technology to solve the security problems of the Internet of Things (IoT). Although many related ideas have been proposed, there are very few literatures with theoretical and data support. This paper focuses on the research of model construction and performance evaluation. First, an IoT security model is established based on blockchain and InterPlanetary File System (IPFS). In this model, many security risks of traditional IoT architectures can be avoided, and system performance is significantly improved in distributed large capacity storage, concurrency and query. Secondly, the performance of the proposed model is evaluated through the average latency and throughput, which are meaningful for further research and optimization of this direction. Analysis and test results demonstrate the effectiveness of the blockchain-based security model.

In the computer based solutions of the problems in today's world; if the problem has a high complexity value, different requirements can be addressed such as necessity of simultaneous operation of many computers, the long processing times for the operation of algorithms, and computers with hardware features that can provide high performance. For this reason, it is inevitable to use a computer based on quantum physics in the near future in order to make today's cryptosystems unsafe, search the servers and other information storage centers on internet very quickly, solve optimization problems in the NP-hard category with a very wide solution space and analyze information on large-scale data processing and to process high-resolution image for artificial intelligence applications. In this study, an examination of quantum approaches and quantum computers, which will be widely used in the near future, was carried out and the areas in which such innovation can be used was evaluated. Malicious or non-malicious use of quantum computers with this capacity, the advantages and disadvantages of the high performance which it provides were examined under the head of security, the effect of this recent technology on the existing security systems was investigated.

Information centric network (ICN) based Mobile Edge Computing (MEC) network has drawn growing attentions in recent years. The distributed network architecture brings new security problems, especially the identity security problem. Because of the cloud platform deployed on the edge of the MEC network, multiple channel attributes can be easily obtained and processed. Thus this paper proposes a multiple channel attributes based spoofing detection mechanism. To further reduce the complexity, we also propose an improved clustering algorithm. The simulation results indicate that the proposed spoofing detection method can provide near-optimal performance with extremely low complexity.

This computer era leads human to interact with computers and networks but there is no such solution to get rid of security problems. Securities threats misleads internet, we are sometimes losing our hope and reliability with many server based access. Even though many more crypto algorithms are coming for integrity and authentic data in computer access still there is a non reliable threat penetrates inconsistent vulnerabilities in networks. These vulnerable sites are taking control over the user's computer and doing harmful actions without user's privileges. Though Firewalls and protocols may support our browsers via setting certain rules, still our system couldn't support for data reliability and confidentiality. Since these problems are based on network access, lets we consider TCP/IP parameters as a dataset for analysis. By doing preprocess of TCP/IP packets we can build sovereign model on data set and clump cluster. Further the data set gets classified into regular traffic pattern and anonymous pattern using KNN classification algorithm. Based on obtained pattern for normal and threats data sets, security devices and system will set rules and guidelines to learn by it to take needed stroke. This paper analysis the computer to learn security actions from the given data sets which already exist in the previous happens.

The Internet of Things (IoT) is an emerging technology, an extension of the traditional Internet which make everything is connected each other based on Radio Frequency Identification (RFID), Sensor, GPS or Machine to Machine technologies, etc. The security issues surrounding IoT have been of detrimental impact to its development and has consequently attracted research interest. However, there are very few approaches which assess the security of IoT from the perspective of an attacker. Penetration testing is widely used to evaluate traditional internet or systems security to date and it normally spends numerous cost and time. In this paper, we analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT.

The fifth generation of cellular networks (5G) will enable different use cases where security will be more critical than ever before (e.g. autonomous vehicles and critical IoT devices). Unfortunately, the new networks are being built on the certainty that security problems cannot be solved in the short term. Far from reinventing the wheel, one of our goals is to allow security software developers to implement and test their reactive solutions for the capillary network of 5G devices. Therefore, in this paper a solution for analysing proximity-based attacks in 5G environments is modelled and tested using OMNET++. The solution, named CRAT, is able to decouple the security analysis from the hardware of the device with the aim to extend the analysis of proximity-based attacks to different use-cases in 5G. We follow a high-level approach, in which the devices can take the role of victim, offender and guardian following the principles of the routine activity theory.

Cloud storage can provide outsourcing data services for both organizations and individuals. However, cloud storage still faces many challenges, e.g., public integrity auditing, the support of dynamic data, and low computational audit cost. To solve the problems, a number of techniques have been proposed. Recently, Tian et al. proposed a novel public auditing scheme for secure cloud storage based on a new data structure DHT. The authors claimed that their scheme was proven to be secure. Unfortunately, through our security analysis, we find that the scheme suffers from one attack and one security shortage. The attack is that an adversary can forge the data to destroy the correctness of files without being detected. The shortage of the scheme is that the updating operations for data blocks is vulnerable and easy to be modified. Finally, we give our countermeasures to remedy the security problems.

RPL is a lightweight IPv6 network routing protocol specifically designed by IETF, which can make full use of the energy of intelligent devices and compute the resource to build the flexible topological structure. This paper analyzes the security problems of RPL, sets up a test network to test RPL network security, proposes a RPL based security routing protocol M-RPL. The routing protocol establishes a hierarchical clustering network topology, the intelligent device of the network establishes the backup path in different clusters during the route discovery phase, enable backup paths to ensure data routing when a network is compromised. Setting up a test prototype network, simulating some attacks against the routing protocols in the network. The test results show that the M-RPL network can effectively resist the routing attacks. M-RPL provides a solution to ensure the Internet of Things (IoT) security.

Software Defined Networks (SDNs) is a new networking paradigm that has gained a lot of attention in recent years especially in implementing data center networks and in providing efficient security solutions. The popularity of SDN and its attractive security features suggest that it can be used in the context of smart grid systems to address many of the vulnerabilities and security problems facing such critical infrastructure systems. This paper studies the impact of different cyber attacks that can target smart grid communication network which is implemented as a software defined network on the operation of the smart grid system in general. In particular, we perform different attack scenarios including DDoS attacks, location highjacking and link overloading against SDN networks of different controller types that include POX, Floodlight and RYU. Our experiments were carried out using the mininet simulator. The experiments show that SDN-enabled smartgrid systems are vulnerable to different types of attacks.

Security mechanism of the mobile agent running platform is very important for mobile agent system operation and stability running. In this paper we mainly focus on the security issues related with the mobile agent running platform and we proposed a cross validation mechanism mixed with encryption algorithm to solve the security problems during the migration and communication of mobile agents. Firstly, we employ the cross-validation mechanism to authenticate the nodes mobile agents will be visiting. Secondly, we employ the hybrid encryption mechanism, which combines the advantages of the symmetric encryption and asymmetric encryption, to encrypt the mobile agents and ensure the transferring process of data. Finally, we employ the EMSSL socket communication method to encrypt the content of transmission, in turn to enhance the security and robustness of the mobile agent system. We implement several experiments in the simulation environment and the experimental results verify the efficiency and accuracy of the proposed methods.

Denial of Service (DoS) attacks is one of the major threats and among the hardest security problems in the Internet world. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, an attacker can easily exhaust the computing resources of its victim within a short period of time. In this paper, we study the impact of a UDP flood attack on TCP throughput, round-trip time, and CPU utilization for a Web Server with the new generation of Linux platform, Linux Ubuntu 13. This paper also evaluates the impact of various defense mechanisms, including Access Control Lists (ACLs), Threshold Limit, Reverse Path Forwarding (IP Verify), and Network Load Balancing. Threshold Limit is found to be the most effective defense.

Distributed Denial of Service (DoS) attacks is one of the major threats and among the hardest security problems in the Internet world. In this paper, we study the impact of a UDP flood attack on TCP throughputs, round-trip time, and CPU utilization on the latest version of Windows and Linux platforms, namely, Windows Server 2012 and Linux Ubuntu 13. This paper also evaluates several defense mechanisms including Access Control Lists (ACLs), Threshold Limit, Reverse Path Forwarding (IP Verify), and Network Load Balancing. Threshold Limit defense gave better results than the other solutions.

Cloud computing is one of the emerging computing technology where costs are directly proportional to usage and demand. The advantages of this technology are the reasons of security and privacy problems. The data belongs to the users are stored in some cloud servers which is not under their own control. So the cloud services are required to authenticate the user. In general, most of the cloud authentication algorithms do not provide anonymity of the users. The cloud provider can track the users easily. The privacy and authenticity are two critical issues of cloud security. In this paper, we propose a secure anonymous authentication method for cloud services using identity based group signature which allows the cloud users to prove that they have privilege to access the data without revealing their identities.

Machine learning (ML) plays a central role in the solution of many security problems, for example enabling malicious and innocent activities to be rapidly and accurately distinguished and appropriate actions to be taken. Unfortunately, a standard assumption in ML - that the training and test data are identically distributed - is typically violated in security applications, leading to degraded algorithm performance and reduced security. Previous research has attempted to address this challenge by developing ML algorithms which are either robust to differences between training and test data or are able to predict and account for these differences. This paper adopts a different approach, developing a class of moving target (MT) defenses that are difficult for adversaries to reverse-engineer, which in turn decreases the adversaries' ability to generate training/test data differences that benefit them. We leverage the coevolutionary relationship between attackers and defenders to derive a simple, flexible MT defense strategy which is optimal or nearly optimal for a broad range of security problems. Case studies involving two distinct cyber defense applications demonstrate that the proposed MT algorithm outperforms standard static methods, offering effective defense against intelligent, adaptive adversaries.