IET Information Security
Volume 12, Issue 1, January 2018
Volumes & issues:
Volume 12, Issue 1
January 2018
-
- Author(s): Kamaldeep ; Manisha Malik ; Maitreyee Dutta
- Source: IET Information Security, Volume 12, Issue 1, p. 1 –6
- DOI: 10.1049/iet-ifs.2015.0483
- Type: Article
- + Show details - Hide details
-
p.
1
–6
(6)
The Internet and other computing technologies have seen rapid growth in the recent years; the malicious users continue to look for vulnerabilities in the Internet infrastructure to perform various types of attacks. Distributed denial-of-service attack is an attack in which licit users are repudiated the access to available resources either temporarily or indefinitely. To establish liability for these attacks, there is a need to scout for real attack sources. Schemes that identify the source of packets on the Internet are called IP traceback schemes. Hybrid IP traceback schemes outdo discrete marking and logging approaches and trace the source of attack using a few packets. The findings of this research redound to current single-packet hybrid IP traceback schemes by employing the double hashing technique to resolve collisions in the hash table and thus reducing the logging time at routers by 15%. Besides, the proposed scheme ensures zero false positives by encoding the options field in IPv4 header. The research also introduces the first single-packet hybrid IP traceback implementation for IPv6 networks using hop-by-hop extension header. The simulation results correctly demonstrate the viability of the proposed scheme and unveil that IPv6 implementation requires 82.5% less storage in contrast to existing work.
- Author(s): Junjie Lv and Juling Rong
- Source: IET Information Security, Volume 12, Issue 1, p. 7 –14
- DOI: 10.1049/iet-ifs.2017.0038
- Type: Article
- + Show details - Hide details
-
p.
7
–14
(8)
Resource virtualisation is a prominent characteristic of cloud services, and it determines the resource utilisation efficiency and service quality. However, the virtualisation security issues also have a significant impact on the safety of cloud services. The security of virtualisation in cloud services is so complicated that current security risk assessment methods generally have some limitations when applying in cloud services. In this work, a security risk assessment model has been proposed for cloud services as a solution of this problem using stochastic game nets. Based on graphical tools, the virtualisation security risk scenario of cloud services can be described clearly, and virtualisation security risk factors can be evaluated accurately. The analysis results proved this method had powerful ability to simulate complicated and dynamic security issues in cloud services. Furthermore, our achievements can be used to help the cloud provider or tenant of the cloud service system taking corresponding measures to mitigate the risk.
- Author(s): Golnar Assadat Afzali and Shahriar Mohammadi
- Source: IET Information Security, Volume 12, Issue 1, p. 15 –24
- DOI: 10.1049/iet-ifs.2015.0545
- Type: Article
- + Show details - Hide details
-
p.
15
–24
(10)
Recently, privacy preserving data mining has been studied widely. Association rule mining can cause potential threat toward privacy of data. So, association rule hiding techniques are employed to avoid the risk of sensitive knowledge leakage. Many researches have been done on association rule hiding, but most of them focus on proposing algorithms with least side effect for static databases (with no new data entrance), while now the authors confront with streaming data which are continuous data. Furthermore, in the age of big data, it is necessary to optimise existing methods to be executable for large volume of data. In this study, data anonymisation is used to fit the proposed model for big data mining. Besides, special features of big data such as velocity make it necessary to consider each rule as a sensitive association rule with an appropriate membership degree. Furthermore, parallelisation techniques which are embedded in the proposed model, can help to speed up data mining process.
- Author(s): Hridoy Jyoti Mahanta and Ajoy Kumar Khan
- Source: IET Information Security, Volume 12, Issue 1, p. 25 –33
- DOI: 10.1049/iet-ifs.2016.0508
- Type: Article
- + Show details - Hide details
-
p.
25
–33
(9)
This study presents an approach to compute randomised modular exponentiation through non-uniform exponent partitioning. The exponent has been first partitioned into multiple parts and then shuffled by Fisher Yates method. Thereafter, every partition randomly computes modular exponentiation followed by a final modulo operation to generate the desired result. The shuffling has been introduced to randomise the execution order of individual modular exponentiation. This work is implemented in Rivest-Shamir-Adleman (RSA) and Chinese remainder theorem RSA as they are modular exponentiation based public key cryptosystems. The results have been analysed during decryption with different key sizes. The results indicate that the proposed work can generate non-uniform partitions of the exponent which could not be easily anticipated even in multiple iterations. Also, the shuffling method could completely randomise the execution order of modular exponentiation operations. With non-uniform exponent partitions and randomised modular exponentiation, the proposed work could challenge all the variances of power analysis attacks.
- Author(s): Maryam Rajabzadeh Asaar ; Mohammad Hassan Ameri ; Mahmoud Salmasizadeh ; Mohammad Reza Aref
- Source: IET Information Security, Volume 12, Issue 1, p. 34 –41
- DOI: 10.1049/iet-ifs.2017.0023
- Type: Article
- + Show details - Hide details
-
p.
34
–41
(8)
Concurrent signatures allow two entities to generate two signatures in such a way that both signatures are ambiguous till some information is revealed by one of the parties. This kind of signature is useful in auction protocols and in a wide range of scenarios in which involving participants are mutually distrustful. In this study, to have quantum-attack-resistant concurrent signatures as recommended by National Institute of Standards and Technology (NISTIR 8105), the first concurrent signature scheme based on coding theory is proposed. Then, its security is proved under Goppa Parameterized Bounded Decoding and the Goppa Code Distinguishing assumptions in the random oracle model. In addition, performance evaluation shows that the proposal is approximately as efficient as Dallot scheme. The authors should highlight that their proposal can be a post-quantum candidate for fair exchange of signatures without a trusted third party in an efficient way (without a high degree of interactions).
- Author(s): Shijun Xiang and Jiayong He
- Source: IET Information Security, Volume 12, Issue 1, p. 42 –51
- DOI: 10.1049/iet-ifs.2017.0092
- Type: Article
- + Show details - Hide details
-
p.
42
–51
(10)
Digital watermarking in encrypted domain is a potential technology for privacy protection (with encryption) and integrity authentication (with watermark) in cloud computing environments. Based on order-preserving encryption scheme (OPES), discrete cosine transformation (DCT), cryptography hash and watermarking technologies, this study proposes a new database authentication watermarking scheme in encrypted domain. Firstly, data in a database are encrypted with OPES for privacy protection. Then, the encrypted data are divided into groups for DCT operations. The watermark bits generated by hashing AC coefficients are embedded into DC coefficients for integrity authentication of the encrypted data. In receiver, whether the data have been tampered can be claimed by matching the hash value of AC coefficients and the extracted watermark information from DC coefficients. The watermark embedding process in encrypted domain is lossless to plaintext data by exploring order-preserving property of OPES. In the receiver, an illegal user can recover the original database by directly decrypting the watermarked ciphertext data. Experimental results have shown that the algorithm can efficiently detect different tampering operations while protecting data content security with OPES.
- Author(s): Sébastien Canard ; Duong-Hieu Phan ; Viet Cuong Trinh
- Source: IET Information Security, Volume 12, Issue 1, p. 52 –59
- DOI: 10.1049/iet-ifs.2017.0157
- Type: Article
- + Show details - Hide details
-
p.
52
–59
(8)
Lightweight devices, such as a smartcard associated with a top-box decoder in pay-TV or a SIM card coupled with a powerful (but not totally trusted) smartphone, play an important role in modern applications. The essential requirements for a cryptographic scheme to be truly implemented in lightweight devices are that it should have compact secret key size and support fast decryption. Attribute-based broadcast encryption (ABBE) combines the functionalities of both broadcast encryption and attribute-based encryption in an efficient way, ABBE is therefore a promising cryptographic scheme to be used in practical applications such as mobile pay-TV, satellite transmission, or Internet of Things. Designing an ABBE scheme which can be truly implemented in lightweight devices is still an open question. In this study, the authors solve it by proposing an efficient constant-size private key ciphertext-policy ABBE scheme for disjunctive normal form supporting fast decryption and achieving standard security levels of an ABBE scheme. They concretely show that the authors’ scheme can be truly implemented in a prototype for a smartphone-based cloud storage use case. In particular, they show how to alleviate some parts of their scheme so as to obtain a very practical system, and they give some concrete benchmarks.
- Author(s): Hassan Seifi and Saeed Parsa
- Source: IET Information Security, Volume 12, Issue 1, p. 60 –70
- DOI: 10.1049/iet-ifs.2017.0079
- Type: Article
- + Show details - Hide details
-
p.
60
–70
(11)
Most malware producers bypass signature-based detections through obfuscation techniques. Therefore, in order to provide proactive and real-time protection, the researchers have begun to develop strategies for behaviour-based detection. Despite of being a popular and promising non-deterministic solution to detect various forms of malware families, behavioural modelling techniques suffer from relatively high false positive rate in malware detection. To overcome this problem, the authors shall seek for identifying patterns, representing malicious intent in all instances of a malware family. In this study, they propose a new technique based on discriminative graph mining techniques to identify discriminative subgraphs. The subgraphs represent behavioural patterns in each malware family. Their evaluation results demonstrate an average of 91% accuracy in detection of malicious programme behaviours, with no false positive.
- Author(s): Zheng Yang ; Junyu Lai ; Guoyuan Li
- Source: IET Information Security, Volume 12, Issue 1, p. 71 –78
- DOI: 10.1049/iet-ifs.2017.0055
- Type: Article
- + Show details - Hide details
-
p.
71
–78
(8)
In Public-Key Cryptography (PKC) 2015, Bergsma et al. introduced an interesting one-round key exchange protocol (which will be referred to as BJS scheme) with strong security in particular for perfect forward secrecy (PFS). In this study, the authors unveil a PFS attack against the BJS scheme. This would simply invalidate its security proof. An improvement is proposed to fix the problem of the BJS scheme with minimum changes.
- Author(s): Maria Isabel González Vasco ; Angel Luis Pérez del Pozo ; Adriana Suárez Corona
- Source: IET Information Security, Volume 12, Issue 1, p. 79 –86
- DOI: 10.1049/iet-ifs.2017.0131
- Type: Article
- + Show details - Hide details
-
p.
79
–86
(8)
When a group key exchange protocol is executed, the session key is typically extracted from two types of secrets: long-term keys (for authentication) and freshly generated (often random) values. The leakage of this latter so-called ephemeral keys has been extensively analysed in the 2-party case, yet very few works are concerned with it in the group setting. The authors provide a generic group key exchange construction that is strongly secure, meaning that the attacker is allowed to learn both long-term and ephemeral keys (but not both from the same participant, as this would trivially disclose the session key). Their design can be seen as a compiler, in the sense that it builds on a 2-party key exchange protocol which is strongly secure and transforms it into a strongly secure group key exchange protocol by adding only one extra round of communication. When applied to an existing 2-party protocol from Bergsma et al., the result is a 2-round group key exchange protocol which is strongly secure in the standard model, thus yielding the first construction with this property.
- Author(s): Kai Zhang ; Jie Guan ; Bin Hu ; Dongdai Lin
- Source: IET Information Security, Volume 12, Issue 1, p. 87 –93
- DOI: 10.1049/iet-ifs.2016.0503
- Type: Article
- + Show details - Hide details
-
p.
87
–93
(7)
Since proposed by the National Security Agency in June 2013, two lightweight block ciphers-SIMON and SPECK have attracted the attention of cryptographers from all over the world. At CHES 2015, Simeck, a new block cipher inspired from both SIMON and SPECK is proposed, which is more compact and efficient. However, the security evaluation on Simeck against zero-correlation linear cryptanalysis seems missing from the specification. The main focus of this study is to fill this gap and evaluate the security level of Simeck against zero-correlation linear cryptanalysis. According to the authors' study, 11-, 13- and 15-round zero-correlation linear distinguishers on Simeck32/48/64 are proposed, respectively, then zero-correlation linear cryptanalysis on 21-, 24-, 28-round Simeck32/48/64 are first proposed. As far as they know, for Simeck32, their result is the best result up to date.
- Author(s): En Zhang ; Jie Peng ; Ming Li
- Source: IET Information Security, Volume 12, Issue 1, p. 94 –99
- DOI: 10.1049/iet-ifs.2017.0026
- Type: Article
- + Show details - Hide details
-
p.
94
–99
(6)
Secret sharing is an important component of cryptography protocols and has a wide range of practical applications. However, the existing secret sharing schemes cannot apply to computationally weak devices and cannot efficiently guarantee fairness. In this study, a novel outsourcing secret sharing scheme is proposed. In the setting of outsourcing secret sharing, clients only need a small amount of decryption and verification operations, while the expensive reconstruction computation and verifiable computation can be outsourced to cloud service providers (CSP). The scheme does not require complex interactive argument or zero-knowledge proof. The malicious behaviour of clients and CSP can be detected in time. Moreover, the CSP cannot get any useful information about the secret, and it is fair for every client to obtain the secret. At the end of this study, the authors prove the security of the proposed scheme and compare it with other secret sharing schemes.
- Author(s): Shaoquan Jiang ; Jue Li ; Yongjian Liao
- Source: IET Information Security, Volume 12, Issue 1, p. 100 –106
- DOI: 10.1049/iet-ifs.2016.0256
- Type: Article
- + Show details - Hide details
-
p.
100
–106
(7)
An approximate message authentication scheme is a primitive that allows a sender Alice to send a source state to a receiver Bob such that the latter is assured of its authenticity, where the source state is considered as authentic if it only undergoes a minor change. Here, the authors propose an efficient scheme for this problem and prove its security under a rigorous model. Our scheme only needs a lightweight computation cost and hence is very efficient. As the authentication message is transmitted over a noisy channel, we also value the channel efficiency (i.e. the coding rate). For a fixed coding method, this is determined by the admissible decoding bit error probability . A larger admits a shorter codeword length and hence a larger coding rate. It turns out that the can be set to be a significantly large constant (determined by the legal distortion level for the source state). Compared with existing schemes, the advantage in is evident.
Implementation of single-packet hybrid IP traceback for IPv4 and IPv6 networks
Virtualisation security risk assessment for enterprise cloud services based on stochastic game nets model
Privacy preserving big data mining: association rule hiding using fuzzy logic approach
Securing RSA against power analysis attacks through non-uniform exponent partitioning with randomisation
A provably secure code-based concurrent signature scheme
Database authentication watermarking scheme in encrypted domain
Attribute-based broadcast encryption scheme for lightweight devices
Mining malicious behavioural patterns
Cryptanalysis of a generic one-round key exchange protocol with strong security
Group key exchange protocols withstanding ephemeral-key reveals
Security evaluation on Simeck against zero-correlation linear cryptanalysis
Outsourcing secret sharing scheme based on homomorphism encryption
Efficient approximate message authentication scheme
Most viewed content
Most cited content for this Journal
-
High accuracy android malware detection using ensemble learning
- Author(s): Suleiman Y. Yerima ; Sakir Sezer ; Igor Muttik
- Type: Article
-
Crypto-based algorithms for secured medical image transmission
- Author(s): Ali Al-Haj ; Gheith Abandah ; Noor Hussein
- Type: Article
-
Pseudorandom bit generator based on non-stationary logistic maps
- Author(s): Lingfeng Liu ; Suoxia Miao ; Hanping Hu ; Yashuang Deng
- Type: Article
-
Constructing important features from massive network traffic for lightweight intrusion detection
- Author(s): Wei Wang ; Yongzhong He ; Jiqiang Liu ; Sylvain Gombault
- Type: Article
-
Empirical analysis of Tor Hidden Services
- Author(s): Gareth Owen and Nick Savage
- Type: Article