Biblio

As the technology is growing rapidly, the development of systems and software are becoming more complex. For this reason, the security of software and web applications become more vulnerable. In the last two decades, the use of internet application and security hacking activities are on top of the glance. The organizations are having the biggest challenge that how to secure their web applications from the rapidly increasing cyber threats because the organization can't compromise the security of their sensitive information. Vulnerability Assessment and Penetration Testing techniques may help organizations to find security loopholes. The weakness can be the asset for the attacker if the organizations are not aware of this. Vulnerability Assessment and Penetration Testing helps an organization to cover the security loopholes and determine their security arrangements are working as per defined policies or not. To cover the tracks and mitigate the threats it is necessary to install security patches. This paper includes the survey on the current vulnerabilities, determination of those vulnerabilities, the methodology used for determination, tools used to determine the vulnerabilities to secure the organizations from cyber threat.

Many web applications are vulnerable to Cross Site Scripting (XSS) attacks enabling attackers to steal sensitive information and commit frauds. Much research in this area have focused on detecting vulnerable web pages using static and dynamic program analysis. The best practice to prevent XSS vulnerabilities is to encode untrusted dynamic content. However, a common programming error is the use of a wrong type of encoder to sanitize untrusted data, leaving the application vulnerable. We propose a new approach that can automatically fix this common type of XSS vulnerability in many situations. This approach is integrated into the software maintenance life cycle through unit testing. Vulnerable codes are refactored to reflect the suggested encoder and then verified using an attack evaluating mechanism to find a proper repair. Evaluation of this approach has been conducted on an open source medical record application with over 200 web pages written in JSP.

The distribution of video contents generated by Content Providers (CPs) significantly contributes to increase the congestion within the networks of Internet Service Providers (ISPs). To alleviate this problem, CPs can serve a portion of their catalogues to the end users directly from servers (i.e., the caches) located inside the ISP network. Users served from caches perceive an increased QoS (e.g., average retrieval latency is reduced) and, for this reason, caching can be considered a form of traffic prioritization. Hence, since the storage of caches is limited, its subdivision among several CPs may lead to discrimination. A static subdivision that assignes to each CP the same portion of storage is a neutral but ineffective appraoch, because it does not consider the different popularities of the CPs' contents. A more effective strategy consists in dividing the cache among the CPs proportionally to the popularity of their contents. However, CPs consider this information sensitive and are reluctant to disclose it. In this work, we propose a protocol based on Shamir Secret Sharing (SSS) scheme that allows the ISP to calculate the portion of cache storage that a CP is entitled to receive while guaranteeing network neutrality and resource efficiency, but without violating its privacy. The protocol is executed by the ISP, the CPs and a Regulator Authority (RA) that guarantees the actual enforcement of a fair subdivision of the cache storage and the preservation of privacy. We perform extensive simulations and prove that our approach leads to higher hit-rates (i.e., percentage of requests served by the cache) with respect to the static one. The advantages are particularly significant when the cache storage is limited.

Advancement in communication technologies and the Internet of Things (IoT) is driving adoption in smart cities that aims to increase operational efficiency and improve the quality of services and citizen welfare, among other potential benefits. The privacy, reliability, and integrity of communications must be ensured so that actions can be appropriate, safe, accurate, and implemented promptly after receiving actionable information. In this work, we present a multi-tier methodology consisting of an authentication and trust-building/distribution framework designed to ensure the safety and validity of the information exchanged in the system. Blockchain protocols and Radio Frequency-Distinct Native Attributes (RF-DNA) combine to provide a hardware-software codesigned system for enhanced device identity and overall system trustworthiness. Our threat model accounts for counterfeiting, breakout fraud, and bad mouthing of one entity by others. Entity trust (e.g., IoT devices) depends on quality and level of participation, quality of messages, lifetime of a given entity in the system, and the number of known "bad" (non-consensus) messages sent by that entity. Based on this approach to trust, we are able to adjust trust upward and downward as a function of real-time and past behavior, providing other participants with a trust value upon which to judge information from and interactions with the given entity. This approach thereby reduces the potential for manipulation of an IoT system by a bad or byzantine actor.

Energy is the material basis for human society to survive and has a very important strategic position in the national economy. With the advancement of Internet technology and the extensive use of clean energy, the energy industry has demonstrated a new development trend. Based on blockchain technology, this paper analyzes energy data security and multi-source synergy mechanism, processes and classifies a large amount of energy data in energy system, and builds a blockchain-based energy data supervision and transaction model. A summary tree of energy data is proposed; a consensus mechanism based on multi-source collaboration is proposed to ensure efficient negotiation; and finally, blockchain is verified in the energy scenario. This provides reference for the application of blockchain technology in the energy industry.

With the popularity of Internet applications and rapid development, data using and sharing process may lead to the sensitive information divulgence. To deal with the privacy protection issue more effectively, in this paper, we propose the associated data sets protection model based on game theory from the point of view of realizing benefits from the access of privacy is about happen, quantify the extent to which visitors gain sensitive information, then compares the tolerance of the sensitive information owner and finally decides whether to allow the visitor to make an access request.

Internet is a common method of trading business today. The usage of cryptocurrencies has increased these days and it has become a trend to utilize them. Cryptocurrency exchange servicers provide different smartphone apps that unfortunately may become the target of malicious attacks. This paper focuses on how it achieves highest security and proposes the multiple layered security analyses method for cryptocurrency exchange servicers.

In last decades' web application security has become one of the most important case study of information security studies. Business processes are transferred to web platforms. So web application usage is increased very fast. Web-based attacks have also increased due to the increased use of web applications. In order to ensure the security of web applications, intrusion detection and prevention systems and web application firewalls are used against web based attacks. Blockchain technology, which has become popular in recent years, enables reliable and transparent sharing of data with all stakeholders. In this study, in order to detect web-based attacks, a blockchain based web attack detection model that uses the signature based detection method is proposed. The signature based detection refers to the detection of attacks by looking for specific patterns against known web based attack types, such as Structured Query Language (SQL) Injection, Cross Site Scripting (XSS), Command Injection. Three web servers were used for the experimental study. A blockchain node has been installed with the MultiChain application for each server. Attacks on web applications are detected using the signature list found in the web application as well as detected using the signature list updated on the blockchain. According to the experimental results, the attacks signature detected and defined by a web application are updated in the blockchain lists and used by all web applications.

The number of phishing attacks has increased in Latin America, exceeding the operational skills of cybersecurity analysts. The cognitive security application proposes the use of bigdata, machine learning, and data analytics to improve response times in attack detection. This paper presents an investigation about the analysis of anomalous behavior related with phishing web attacks and how machine learning techniques can be an option to face the problem. This analysis is made with the use of an contaminated data sets, and python tools for developing machine learning for detect phishing attacks through of the analysis of URLs to determinate if are good or bad URLs in base of specific characteristics of the URLs, with the goal of provide realtime information for take proactive decisions that minimize the impact of an attack.

Tactical Data Links (TDL) and Computer Science meet usually when it comes to interoperability andimplementation. However looking at it from an IT security perspective, some interesting issues occur. These become more relevant the more military hard-and software is built using commercial of the shelf (COTS) systems, that are usually implemented using standard Internet technology and software development patterns. This paper looks at Link 16, Link 11 and VMF security considerations and how compatible they are to current IT security standards. Typical security issues are discussed and concepts to mitigate them presented, which however need to be analysed for their suitability to TDL.

The Energy Internet is an advanced smart grid solution to increase energy efficiency by jointly operating multiple energy resources via the Internet. However, such an increasing integration of energy resources requires secure and efficient communication in the Energy Internet. To address such a requirement, we propose a new secure key bootstrapping protocol to support the integration and operation of energy resources. By using a universal composability model that provides a strong security notion for designing and analyzing cryptographic protocols, we define an ideal functionality that supports several cryptographic primitives used in this paper. Furthermore, we provide an ideal functionality for key bootstrapping and secure communication, which allows exchanged session keys to be used for secure communication in an ideal manner. We propose the first secure key bootstrapping protocol that enables a user to verify the identities of other users before key bootstrapping. We also present a secure communication protocol for unicast and multicast communications. The ideal functionalities help in the design and analysis of the proposed protocols. We perform some experiments to validate the performance of our protocols, and the results show that our protocols are superior to the existing related protocols and are suitable for the Energy Internet. As a proof of concept, we apply our functionalities to a practical key bootstrapping protocol, namely generic bootstrapping architecture.

Botnets are responsible for many large scale attacks happening on the Internet. Their weak point, which is usually targeted to take down a botnet, is the command and control infrastructure: the foundation for the diffusion of the botmaster's instructions. Hence, botmasters employ stealthy communication methods to remain hidden and retain control of the botnet. Recent research has shown that blockchains can be leveraged for under the radar communication with bots, however these methods incur fees for transaction broadcasting. This paper discusses the use of a novel technology, Whisper, for command and control instruction dissemination. Whisper allows a botmaster to control bots at virtually zero cost, while providing a peer-to-peer communication infrastructure, as well as privacy and encryption as part of its dark communication strategy. It is therefore well suited for bidirectional botnet command and control operations, and creating a botnet that is very difficult to take down.

Vehicular ad hoc networks (VANETs) are designed to provide traffic safety by enabling vehicles to broadcast information-such as speed, location and heading-through inter-vehicular communications to proactively avoid collisions. However, the attacks targeting these networks might overshadow their advantages if not protected against. One powerful threat against VANETs is vehicular botnets. In our earlier work, we demonstrated several vehicular botnet attacks that can have damaging impacts on the security and privacy of VANETs. In this paper, we present SHIELDNET, the first detection mechanism against vehicular botnets. Similar to the detection approaches against Internet botnets, we target the vehicular botnet communication and use several machine learning techniques to identify vehicular bots. We show via simulation that SHIELDNET can identify 77 percent of the vehicular bots. We propose several improvements on the VANET standards and show that their existing vulnerabilities make an effective defense against vehicular botnets infeasible.

The threats posed by botnets in the cyber-space continues to grow each day and it has become very hard to detect or infiltrate bots given that the botnet developers each day keep changing the propagation and attack techniques. Currently, most of these attacks have been centered on stealing computing energy, theft of personal information and Distributed Denial of Service (DDoS attacks). In this paper, the authors propose a novel technique that uses the Non-Deterministic Polynomial-Time Hardness (NP-Hard Problem) based on the Traveling Salesperson Person (TSP) that depicts that a given bot, bj, is able to visit each host on a network environment, NE, and then it returns to the botmaster in form of instruction(command) through optimal minimization of the hosts that are or may be attacked. Given that bj represents a piece of malicious code and based on TSP-NP Hard Problem which forms part of combinatorial optimization, the authors present an effective approach for the detection of the botnet. It is worth noting that the concentration of this study is basically on the centralized botnet architecture. This holistic approach shows that botnet detection accuracy can be increased with a degree of certainty and potentially decrease the chances of false positives. Nevertheless, a discussion on the possible applicability and implementation has also been given in this paper.

This paper provides hardware-independent authentication named as Intelligent Authentication Scheme, which rectifies the design weaknesses that may be exploited by various security attacks. The Intelligent Authentication Scheme protects against various types of security attacks such as password-guessing attack, replay attack, streaming bots attack (denial of service), keylogger, screenlogger and phishing attack. Besides reducing the overall cost, it also balances both security and usability. It is a unique authentication scheme.

A website appears in search results based on web indexing conducted by a search engine bot (e.g., a web crawler). Some webpages do not want to be found easily because they include sensitive information. There are several methods to prevent web crawlers from indexing in search engine database. However, such webpages can still be indexed by malicious web crawlers. Through this study, we explore a paradox perspective on a new use of captchas for search prevention. Captchas are used to prevent web crawlers from indexing by converting sensitive words to captchas. We have implemented the web-based captcha conversion tool based on our search prevention algorithm. We also describe our proof of concept with the web-based chat application modified to utilize our algorithm. We have conducted the experiment to evaluate our idea on Google search engine with two versions of webpages, one containing plain text and another containing sensitive words converted to captchas. The experiment results show that the sensitive words on the captcha version of the webpages are unable to be found by Google's search engine, while the plain text versions are.

CAPTCHA is a web-based authentication method used by websites to distinguish between humans (valid users) and bots (attackers). Audio captcha is an accessible captcha meant for the visually disabled section of users such as color-blind, blind, near-sighted users. Firstly, this paper analyzes how secure current audio captchas are from attacks using machine learning (ML) and deep learning (DL) models. Each audio captcha is made up of five, seven or ten random digits[0-9] spoken one after the other along with varying background noise throughout the length of the audio. If the ML or DL model is able to correctly identify all spoken digits and in the correct order of occurance in a single audio captcha, we consider that captcha to be broken and the attack to be successful. Throughout the paper, accuracy refers to the attack model's success at breaking audio captchas. The higher the attack accuracy, the more unsecure the audio captchas are. In our baseline experiments, we found that attack models could break audio captchas that had no background noise or medium background noise with any number of spoken digits with nearly 99% to 100% accuracy. Whereas, audio captchas with high background noise were relatively more secure with attack accuracy of 85%. Secondly, we propose that the concepts of adversarial examples algorithms can be used to create a new kind of audio captcha that is more resilient towards attacks. We found that even after retraining the models on the new adversarial audio data, the attack accuracy remained as low as 25% to 36% only. Lastly, we explore the benefits of creating adversarial audio captcha through different algorithms such as Basic Iterative Method (BIM) and deepFool. We found that as long as the attacker has less than 45% sample from each kinds of adversarial audio datasets, the defense will be successful at preventing attacks.

With the development of the Internet, the captcha technology has also been widely used. Captcha technology is used to distinguish between humans and machines, namely Completely Automated Public Turing test to tell Computers and Humans Apart. In this paper, an end-to-end deep CNN-RNN network model is constructed by studying the captcha recognition technology, which realizes the recognition of 4-character text captcha. The CNN-RNN model first constructs a deep residual convolutional neural network based on the residual network structure to accurately extract the input captcha picture features. Then, through the constructed variant RNN network, that is, the two-layer GRU network, the deep internal features of the captcha are extracted, and finally, the output sequence is the 4-character captcha. The experiments results show that the end-to-end deep CNN-RNN network model has a good performance on different captcha datasets, achieving 99% accuracy. And experiment on the few samples dataset which only has 4000 training samples also shows an accuracy of 72.9 % and a certain generalization ability.

The explosive growth of mobile traffic in the Internet makes content delivery a challenging issue to cope with. To promote efficiency of content distribution and reduce network cost, Internet Service Providers (ISPs) and content providers (CPs) are motivated to cooperatively work. As a clean-slate solution, nowadays Information-Centric Networking architectures have been proposed and widely researched, where the thought of in-network caching, especially edge caching, can be applied to mobile wireless networks to fundamentally address this problem. Considered the profit split issue between ISPs and CPs and the influence of content popularity is largely ignored, in this paper, we propose a Stackelberg-based optimal network profit split scheme for content delivery in information-centric wireless networks. Simulation results show that the performance of our proposed model is comparable to its centralized solution and obviously superior to current ISP-CP cooperative schemes without considering cache deployment in the network.

Research on Future Internet has gained traction in recent years, with a variety of clean-slate network architectures being proposed. The realization of such proposals may lead to a period of coexistence with the current Internet, creating a heterogeneous Future Internet. In such a vision, mobile nodes (MNs) can move across access networks supporting different network architectures, while being able to maintain the access to content during this movement. In order to support such scenarios, this paper proposes an inter-network architecture mobility framework that allows MNs to move across different network architectures without losing access to the contents being accessed. The usage of the proposed framework is exemplified and evaluated in a mobility scenario targeting IP and NDN network architectures in a content retrieval use case. The obtained results validate the proposed framework while highlighting the impact on the overall communication between the MN and content source.

Tactical edge networks represent a uniquely challenging environment from the communications perspective, due to their limited bandwidth and high node mobility. Several middleware communication solutions have been proposed to address those issues, adopting an evolutionary design approach that requires facing quite a few complications to provide applications with a suited network programming model while building on top of the TCP/IP stack. Information Centric Networking (ICN), instead, represents a revolutionary, clean slate approach that aims at replacing the entire TCP/IP stack with a new communication paradigm, better suited to cope with fluctuating channel conditions and network disruptions. This paper, stemmed from research conducted within NATO IST-161 RTG, investigates the effectiveness of Named Data Networking (NDN), the de facto standard implementation of ICN, in the context of tactical edge networks and its potential for adoption. We evaluated an NDN-based Blue Force Tracking (BFT) dissemination application within the Anglova scenario emulation environment, and found that NDN obtained better-than-expected results in terms of delivery ratio and latency, at the expense of a relatively high bandwidth consumption.

With the advent of fifth generation (5G) network and increasingly powerful mobile devices, people can conveniently obtain network resources wherever they are and whenever they want. However, the problem of mobility support in current network has not been adequately solved yet, especially in inter-domain mobile scenario, which leads to poor experience for mobile consumers. MobilityFirst is a clean slate future Internet architecture which adopts a clean separation between identity and network location. It provides new mechanisms to address the challenge of wireless access and mobility at scale. However, MobilityFirst lacks effective ways to deal with multicast service over mobile networks. In this paper, we design an efficient multicast mechanism based on MobilityFirst architecture and present the deployment in current network at scale. Furthermore, we propose a hierarchical multicast packet header with additional destinations to achieve low-cost dynamic multicast routing and provide solutions for both the multicast source and the multicast group members moving in intra- or inter-domain. Finally, we deploy a multicast prototype system to evaluate the performance of the proposed multicast mechanism.

In network communication domain, one of the most widely used protocol for encrypting data and securing communications is the IPSec protocol. The design of this protocol is based on two main phases which are: exchanging keys phase and transferring data phase. In this paper we focus on enhancing the exchanging keys phase which is included in the security association (SA), using a chaotic cryptosystem. Initially IPSec is based on the Internet Key Exchange (IKE) protocol for establishing the SA. Actually IKE protocol is in charge for negotiating the connection and for authenticating both nodes. However; using IKE gives rise to a major problem related to security attack such as the Man in the Middle Attack. In this paper, we propose a chaotic cryptosystem solution to generate SA file for the connected nodes of the network. By solving a 4-Dimension chaotic system, a SA file that includes 128-bit keys will be established. The proposed solution is implemented and tested using FPGA boards.

Bitcoin is the leading example of a blockchain application that facilitates peer-to-peer transactions without the need for a trusted intermediary. This paper considers possible attacks related to the decentralized network architecture of Bitcoin. We perform a data driven study of Bitcoin and present possible attacks based on spatial and temporal characteristics of its network. Towards that, we revisit the prior work, dedicated to the study of centralization of Bitcoin nodes over the Internet, through a fine-grained analysis of network distribution, and highlight the increasing centralization of the Bitcoin network over time. As a result, we show that Bitcoin is vulnerable to spatial, temporal, spatio-temporal, and logical partitioning attacks with an increased attack feasibility due to network dynamics. We verify our observations by simulating attack scenarios and the implications of each attack on the Bitcoin . We conclude with suggested countermeasures.

There are some registry agreements that may be appropriate for the Internet of Things (IoT), including Bitcoin, Hyperledger Fabric and IOTA. This article presents quickly and examines them in terms of the progress of Internet applications. Block-dependent IoT applications can consolidate the chain's rationale (smart contracts) and front-end, portable or front-end web applications. We present three possible designs for BC IoT front-end applications. They vary depending on the Bitcoin block chain customer (neighborhood gadget, remote server) and the key location needed to manage active exchanges. The vital requirements of these projects, which use Bitcoin to organize constructive exchanges, are the volumes of information, the area and time of the complete block and block block, and the entry of the Bitcoin store. The implications of these surveys show that it is unlikely that a full Bitcoin distributor will continue to operate reliably with a mandatory IoT gadget. Then, designing with remote Bitcoin customers is, in all respects, a suitable methodology in which there are two minor alternatives and vary in key storage / management. Similarly, we recommend using the design with a unique match between the IoT gadget and the remote blockchain client to reduce system activity and improve security. We hope you also have the ability to operate with versatile verses with low control and low productivity. Our review eliminates the contradictions between synthesis methodologies, but the final choice for a particular registration agreement and the original technique completely depends on the proposed use case.