Biblio

Most common user authentication methods use some form of password or a combination of passwords. However, encryption schemes are generally not directly compatible with user passwords and thus, Password-Based Key Derivation Functions (PBKDFs) are used to convert user passwords into cryptographic keys. In this paper, we analyze the theoretical security of PBKDF2 and present two vulnerabilities, γ-collision and δ-collision. Using AES-128 as our exemplar, we show that due to γ-collision, text encrypted with one user password can be decrypted with γ 1 different passwords. We also provide a proof that finding− a collision in the derived key for AES-128 requires δ lesser calls to PBKDF2 than the known Birthday attack. Due to this, it is possible to break password-based AES-128 in O(264) calls, which is equivalent to brute-forcing DES.

This paper reviews the video watermarking schemes resistance against tampering attacks. There are several transform methods which are used for Video Watermarking including Discrete Fourier Transform (DFT), Discrete Cosine Transform (DCT), Discrete wavelet transform (DWT) and are discussed and compared in this paper. The results are presented in a table with a summary of their advantages.

In recent days cloud domain gains a lot of user attention in order to store and access the data from remote locations connected through the internet. As it is generally known that all the sensitive data come from remote locations will be stored in the centralized storage medium and then try to access the data from that centralized storage space controlled by the cloud server. It is facing a problem like there is no security for the data in terms of user authorization and data authentication from the centralized storage location. Hence, it is required to migrate for a new storage procedure like Decentralized storage of cloud data in which the systems that do not rely on a central authority, so that the collusion resistance can be avoided by maintaining a global identifier. Here, the term de-centralized access means granting multi authorities to control the access for providing more security for the sensitive data. The proposed research study attempts to develop a new scheme by adding a global identifier like Attribute Authority (AA) for providing access keys for the data users who wish to access the sensitive information from the cloud server. The proposed research work attempts to incorporate the composite order bilinear groups scheme for providing access facility for the data users and provide more security for the sensitive data. By conducting various experiments on the proposed model, the obtained result clearly tells that the proposed system is very efficient to access the data in a de-centralized manner by using a global identifier.

Underwater acoustic sensor networks (UASNs) have been receiving more and more attention due to their wide applications and the marine data collection is one of the important applications of UASNs. However, the openness and unreliability of underwater acoustic communication links and the easy capture of underwater wireless devices make UASNs vulnerable to various attacks. On the other hand, due to the limited resources of underwater acoustic network nodes, the high bit error rates, large and variable propagation delays, and low bandwidth of acoustic channels, many mature security mechanisms in terrestrial wireless sensor networks cannot be applied in the underwater environment [1]. In this paper, a secure communication protocol for marine data collection was proposed to ensure the confidentiality and data integrity of communication between under sensor nodes and the sink node in UASNs.

Information Security is a unified piece of information technology that has emerged as vibrant technology in the last two decades. To manage security, authentication assumes a significant part. Biometric is the physical unique identification as well as authentication for the third party. We have proposed the security model for preventing many attacks so we are used the innermost layer as a 3DES (Triple Encryption standard) cryptography algorithm that is providing 3- key protection as 64-bit and the outermost layer used the MD5 (Message Digest) algorithm. i. e. providing 128-bit protection as well as we is using fingerprint identification as physical security that is used in third-party remote integrity auditing. Remote data integrity auditing is proposed to ensure the uprightness of the information put away in the cloud. Data Storage of cloud services has expanded paces of acknowledgment because of their adaptability and the worry of the security and privacy levels. The large number of integrity and security issues that arise depends on the difference between the customer and the service provider in the sense of an external auditor. The remote data integrity auditing is at this point prepared to be viably executed. In the meantime, the proposed scheme is depending on identity-based cryptography, which works on the convoluted testament of the executives. The safety investigation and the exhibition assessment show that the planned property is safe and productive.

In a Leading field of Information Technology moreover make information Security a unified piece of it. To manage security, Authentication assumes a significant part. Biometric is the physical unique identification as well as Authentication for third party. We are proposed the Security model for preventing many attacks so we are used Inner most layer as a 3DES (Triple Encryption standard) Cryptography algorithm that is providing 3-key protection as 64-bit And the outer most layer used the MD5 (Message Digest) Algorithm. i. e. Providing 128 – bit protection. As well as we are using Fingerprint Identification as a physical Security that used in third party remote integrity auditing, and remote data integrity auditing is proposed to ensure the uprightness of the information put away in the cloud. Data Storage of cloud services has expanded paces of acknowledgment because of their adaptability and the worry of the security and privacy levels. The large number of integrity and security issues that arise depends on the difference between the customer and the service provider in the sense of an external auditor. The remote data integrity auditing is at this point prepared to be viably executed. In the meantime, the proposed scheme is depends on identity-based cryptography, which works on the convoluted testament the executives. The safety investigation and the exhibition assessment show that the planned property is safe and productive.

Cryptography is the science of encryption and decryption of data using the techniques of mathematics to achieve secure communication. This enables the user to send the data in an insecure channel. These channels are usually vulnerable to security attacks due to the data that they possess. A lot of work is being done these days to protect data and data communication. Hence securing them is the utmost concern. In recent times a lot of researchers have come up with different cryptographic techniques to protect the data over the network. One such technique used is DNA cryptography. The proposed approach employs a DNA sequencing-based encoding and decoding mechanism. The data is secured over the network using a secure authentication and key agreement procedure. A significant amount of work is done to show how DNA cryptography is secure when compared to other forms of cryptography techniques over the network.

With the explosive growth of IoT applications, billions of things are now connected via edge devices and a colossal volume of data is sent over the internet. Providing security to the user data becomes crucial. The rise in zero-day attacks are a challenge in IoT scenarios. With the large scale of IoT application detection and mitigation of such attacks by the network administrators is cumbersome. The edge device Raspberry pi is remotely logged using Secure Shell (SSH) protocol in 90% of the IoT applications. The case study of SSH brute force attack on the edge device Raspberry pi is demonstrated with experimentation in the IoT networking scenario using Intrusion Detection System (IDS). The IP crawlers available on the internet are used by the attacker to obtain the IP address of the edge device. The proposed system continuously monitors traffic, analysis the log of attack patterns, detects and mitigates SSH brute attack. An attack hijacks and wastes the system resources depriving the authorized users of the resources. With the proposed IDS, we observe 25% CPU conservation, 40% power conservation and 10% memory conservation in resource utilization, as the IDS, mitigates the attack and releases the resources blocked by the attacker.

To share the recorded ECG data with the cardiologist in Golden Hours in an efficient and secured manner via tele-cardiology may save the lives of the population residing in rural areas of a country. This paper proposes an encryption-authentication scheme for secure the ECG data. The main contribution of this work is to generate a one-time padding key and deploying an encryption algorithm in authentication mode to achieve encryption and authentication. This is achieved by a water cycle optimization algorithm that generates a completely random one-time padding key and Triple Data Encryption Standard (3DES) algorithm for encrypting the ECG data. To validate the accuracy of the proposed encryption authentication scheme, experimental results were performed on standard ECG data and various performance parameters were calculated for it. The results show that the proposed algorithm improves security and passes the statistical key generation test.

Although many digital signature algorithms are available nowadays, the speed of signing and/or verifying a digital signature is crucial for different applications. Some algorithms are fast for signing but slow for verification, but others are the inverse. Research efforts for an algorithm being fast in both signing and verification is essential. The traditional GOST algorithm has the shortest signing time but longest verification time compared with other DSA algorithms. Hence an improvement in its signature verification time is sought in this work. A modified GOST digital signature algorithm variant is developed improve the signature verification speed by reducing the computation complexity as well as benefiting from its efficient signing speed. The obtained signature verification execution speed for this variant was 1.5 time faster than that for the original algorithm. Obviously, all parameters' values used, such as public and private key, random numbers, etc. for both signing and verification processes were the same. Hence, this algorithm variant will prove suitable for applications that require short time for both, signing and verification processes. Keywords— Discrete Algorithms, Authentication, Digital Signature Algorithms DSA, GOST, Data Integrity

Keystroke dynamics is a behavioural biometric form of authentication based on the inherent typing behaviour of an individual. While this technique is gaining traction, protecting the privacy of the users is of utmost importance. Fully Homomorphic Encryption is a technique that allows performing computation on encrypted data, which enables processing of sensitive data in an untrusted environment. FHE is also known to be “future-proof” since it is a lattice-based cryptosystem that is regarded as quantum-safe. It has seen significant performance improvements over the years with substantially increased developer-friendly tools. We propose a neural network for keystroke analysis trained using differential privacy to speed up training while preserving privacy and predicting on encrypted data using FHE to keep the users' privacy intact while offering sufficient usability.

Cyber-Physical Systems (CPS) underpin global critical infrastructure, including power, water, gas systems and smart grids. CPS, as a technology platform, is unique as a target for Advanced Persistent Threats (APTs), given the potentially high impact of a successful breach. Additionally, CPSs are targets as they produce significant amounts of heterogeneous data from the multitude of devices and networks included in their architecture. It is, therefore, essential to develop efficient privacy-preserving techniques for safeguarding system data from cyber attacks. This paper introduces a comprehensive review of the current privacy-preserving techniques for protecting CPS systems and their data from cyber attacks. Concepts of Privacy preservation and CPSs are discussed, demonstrating CPSs' components and the way these systems could be exploited by either cyber and physical hacking scenarios. Then, classification of privacy preservation according to the way they would be protected, including perturbation, authentication, machine learning (ML), cryptography and blockchain, are explained to illustrate how they would be employed for data privacy preservation. Finally, we show existing challenges, solutions and future research directions of privacy preservation in CPSs.

The privacy leakage resulting from location-based service (LBS) has become a critical issue. To preserve user privacy, many previous studies have investigated to prevent LBS servers from user privacy theft. However, they only consider whether the peers are innocent or malicious but ignore the relationship between the peers, whereas such a relationship between each pairwise of users affects the privacy leakage tremendously. For instance, a user has less concern of privacy leakage from a social friend than a stranger. In this paper, we study cyber-physical-social (CPS) aware method to address the privacy preserving in the case that not only LBS servers but also every other participant in the network has the probability to be malicious. Furthermore, by exploring the physical coupling and social ties among users, we construct CPS-aware privacy utility maximization (CPUM) game. We then study the potential Nash equilibrium of the game and show the existence of Nash equilibrium of CPUM game. Finally, we design a CPS-aware algorithm to find the Nash equilibrium for the maximization of privacy utility. Extensive evaluation results show that the proposed approach reduces privacy leakage by 50% in the case that malicious servers and users exist in the network.

In recent years, the security of automotive Cyber-Physical Systems (CPSs) is facing urgent threats due to the widespread use of legacy in-vehicle communication systems. As a representative legacy bus system, the Controller Area Network (CAN) hosts Electronic Control Units (ECUs) that are crucial for the vehicles functioning. In this scenario, malicious actors can exploit the CAN vulnerabilities, such as the lack of built-in authentication and encryption schemes, to launch CAN bus attacks. In this paper, we present TACAN (Transmitter Authentication in CAN), which provides secure authentication of ECUs on the legacy CAN bus by exploiting the covert channels. TACAN turns upside-down the originally malicious concept of covert channels and exploits it to build an effective defensive technique that facilitates transmitter authentication. TACAN consists of three different covert channels: 1) Inter-Arrival Time (IAT)-based, 2) Least Significant Bit (LSB)-based, and 3) hybrid covert channels. In order to validate TACAN, we implement the covert channels on the University of Washington (UW) EcoCAR (Chevrolet Camaro 2016) testbed. We further evaluate the bit error, throughput, and detection performance of TACAN through extensive experiments using the EcoCAR testbed and a publicly available dataset collected from Toyota Camry 2010.

In this study, a novel decentralized authentication model is proposed for establishing a secure communications structure in VoIP applications. The proposed scheme considers a distributed architecture called the blockchain. With this scheme, we highlight the multimedia data is more resistant to some of the potential attacks according to the centralized architecture. Our scheme presents the overall system authentication architecture, and it is suitable for mutual authentication in terms of privacy and anonymity. We construct an ECC-based model in the encryption infrastructure because our structure is time-constrained during communications. This study differs from prior work in that blockchain platforms with ECC-Based Biometric Signature. We generate a biometric key for creating a unique ID value with ECC to verify the caller and device authentication together in blockchain. We validated the proposed model by comparing with the existing method in VoIP application used centralized architecture.

In our proposed work the web security has been enhanced using additional security code and an enhanced frame work. Administrator of site is required to specify the security code for particular date and time. On user end user would be capable to login and view authentic code allotted to them during particular time slot. This work would be better in comparison of tradition researches in order to prevent sql injection attack and cross script because proposed work is not just considering the security, it is also focusing on the performance of security system. This system is considering the lot of security dimensions. But in previous system there was focus either on sql injection or cross script. Proposed research is providing versatile security and is available with low time consumption with less probability of unauthentic access.

Aiming at ensure the security and self-control of heterogeneous alliance network, this paper proposes a novel structure of identity authentication based on domestic commercial cryptography with blockchain in the heterogeneous alliance network. The domestic commercial cryptography, such as SM2, SM3, SM4, SM9 and ZUC, is adopted to solve the encryption, decryption, signature and verification of blockchain, whose key steps of data layer are solved by using domestic commercial cryptographic algorithms. In addition, it is the distributed way to produce the public key and private key for the security of the keys. Therefore, the cross domain identity authentication in the heterogeneous alliance network can be executed safely and effectively.

A sensor network is wireless with tiny nodes and widely used in various applications. To track the event and collect the data from a remote area or a hostile area sensor network is used. A WSN collects wirelessly connected tiny sensors with minimal resources like the battery, computation power, and memory. When a sensor collects data, it must be transferred to the control center through the gateway (Sink), and it must be transferred safely. For secure transfer of data in the network, the routing protocol must be safe and can use the cryptography method for authentication and confidentiality. An essential issue in WSN structure is the key management. WSN relies on the strength of the communicating devices, battery power, and sensor nodes to communicate in the wireless environment over a limited region. Due to energy and memory limitations, the construction of a fully functional network needs to be well arranged. Several techniques are available in the current literature for such key management techniques. Among the distribution of key over the network, sharing private and public keys is the most important. Network security is not an easy problem because of its limited resources, and these networks are deployed in unattended areas where they work without any human intervention. These networks are used to monitor buildings and airports, so security is always a major issue for these networks. In this paper, we proposed a dynamic key management scheme for the clustered sensor network that also supports the addition of a new node in the network later. Keys are dynamically generated and securely distributed to communication parties with the help of a cluster head. We verify the immunity of the scheme against various attacks like replay attack and node captured attacker. A simulation study was also done on energy consumption for key setup and refreshed the keys. Security analysis of scheme shows batter resiliency against node capture attack.

Radar sensors have shown great potential for surveillance and security authentication applications. However, a thorough analysis of their vulnerability to spoofing or replay attacks has not been performed yet. In this paper, the feasibility of performing spoofing attacks to radar sensor is studied and experimentally verified. First, a simple binary phase-shift keying system was used to generate artificial spectral components in the radar's demodulated signal. Additionally, an analog phase shifter was driven by an arbitrary signal generator to mimic the human cardio-respiratory motion. Characteristic time and frequency domain cardio-respiratory human signatures were successfully generated, which opens possibilities to perform spoofing attacks to surveillance and security continuous authentication systems based on microwave radar sensors.

New services and products are increasingly becoming integral parts of our daily lives rising our technological dependence, as well as our exposure to risks from cyber. Critical sectors such as transport are progressively depending on digital technologies to run their core operations and develop novel solutions to exploit the economic strengths of the European Union. However, despite the fact that the continuously increasing number of visitors, entering the European Union through land-border crossing points or seaports, brings tremendous economic benefits, novel border control solutions, such as mobile devices for passenger identification for land and sea border control, are essential to accurately identify passengers ``on the fly'' while ensuring their comfort. However, the highly confidential personal data managed by these devices makes them an attractive target for cyberattacks. Therefore, novel secure and usable user authentication mechanisms are required to increase the level of security of this kind of devices without interrupting border control activities. Towards this direction, we, firstly, discuss risk-based and adaptive authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Besides that, a novel risk-based adaptive user authentication mechanism is proposed for mobile passenger identification devices used by border control officers at land and sea borders.

With the widespread deployment of Internet of Things (IoT) devices, hackers can use IoT devices to launch large-scale distributed denial of service (DDoS) attacks, which bring great harm to the Internet. However, how to defend against these attacks remains to be an open challenge. In this paper, we propose a novel prevention method for IoT DDoS attacks based on blockchain and obfuscation of IP addresses. Our observation is that IoT devices are usually resource-constrained and cannot support complicated cryptographic algorithms such as RSA. Based on the observation, we employ a novel authentication then communication mechanism for IoT DDoS attack prevention. In this mechanism, the attack targets' IP addresses are encrypted by a random security parameter. Clients need to be authenticated to obtain the random security parameter and decrypt the IP addresses. In particular, we propose to authenticate clients with public-key cryptography and a blockchain system. The complex authentication and IP address decryption operations disable IoT devices and thus block IoT DDoS attacks. The effectiveness of the proposed method is analyzed and validated by theoretical analysis and simulation experiments.

Scalability is one of the effective features of the Software Defined Network (SDN) that allows several devices to communicate with each other. In SDN scalable networks, the number of hosts keeps increasing as per networks need. This increment makes network administrators take a straightforward action to ensure these hosts' authenticity in the network. To address this issue, we proposed a technique to authenticate SDN hosts before permitting them to establish communication with the SDN controller. In this technique, we used the Kerberos authentication protocol to ensure the authenticity of the hosts. Kerberos verifies the hosts' credentials using a centralized server contains all hosts IDs and passwords. This technique eases the secure communication between the hosts and controller and allows the hosts to safely get network rules and policies. The proposed technique ensures the immunity of the network against network attacks.

In this paper, a blockchain based scheme is proposed to provide registration, mutual authentication and data sharing in wireless sensor network. The proposed model consists of three types of nodes: coordinators, cluster heads and sensor nodes. A consortium blockchain is deployed on coordinator nodes. The smart contracts execute on coordinators to record the identities of legitimate nodes. Moreover, they authenticate nodes and facilitate in data sharing. When a sensor node communicate and accesses data of any other sensor node, both nodes mutually authenticate each other. The smart contract of data sharing is used to provide a secure communication and data exchange between sensor nodes. Moreover, the data of all the nodes is stored on the decentralized storage called interplanetary file system. The simulation results show the response time of IPFS and message size during authentication and registration.

People are dependent on Trusted Third Party (TTP) administration based Centralized systems for content sharing having a deficit of security, faith, immutability, and clearness. This work has proposed a file-sharing environment based on Blockchain by clouting the Interplanetary File System (IPFS) and Public Key Infrastructure (PKI) systems, advantages for overcoming these troubles. The smart contract is implemented to control the access privilege and the modified version of IPFS software is utilized to enforce the predefined access-control list. An application framework on a secure decentralized file sharing system is presented in combination with IPFS and PKI to secure file sharing. PKI having public and private keys is used to enable encryption and decryption of every file transaction and authentication of identities through Metamask to cryptographically recognize account ownership in the Blockchain system. A gas consumption-based result analysis is done in the private Ethereum network and it attains transparency, security managed access, and quality of data indicating better efficacy of this work.

In view of the common edge computing-based cloud-side collaborative environment summary existing search key and authentication key sharing caused by data information leakage, this paper proposes a cryptographic search based on public key searchable encryption in an edge computing environment method, this article uses the public key to search for the characteristics of the encryption algorithm, and allows users to manage the corresponding private key. In the process of retrieval and execution, the security of the system can be effectively ensured through the secret trapdoor. Through the comparison of theoretical algorithms, the searchable encryption scheme in the edge computing environment proposed in this paper can effectively reduce the computing overhead on the user side, and complete the over-complex computing process on the edge server or the central server, which can improve the overall efficiency of encrypted search.