IET Information Security
Volume 12, Issue 2, March 2018
Volumes & issues:
Volume 12, Issue 2
March 2018
-
- Author(s): Abdurrahman Pektaş and Tankut Acarman
- Source: IET Information Security, Volume 12, Issue 2, p. 107 –117
- DOI: 10.1049/iet-ifs.2017.0430
- Type: Article
- + Show details - Hide details
-
p.
107
–117
(11)
This study presents the runtime behaviour-based classification procedure for Windows malware. Runtime behaviours are extracted with a particular focus on the determination of a malicious sequence of application programming interface (API) calls in addition to the file, network and registry activities. Mining and searching n-gram over API call sequences is introduced to discover episodes representing behaviour-based features of a malware. Voting Experts algorithm is used to extract malicious API patterns over API calls. The classification model is built by applying online machine learning algorithms and compared with the baseline classifiers. The model is trained and tested with a fairly large set of 17,400 malware samples belonging to 60 distinct families and 532 benign samples. The malware classification accuracy is reached at 98%.
- Author(s): William J. Buchanan ; Scott Helme ; Alan Woodward
- Source: IET Information Security, Volume 12, Issue 2, p. 118 –126
- DOI: 10.1049/iet-ifs.2016.0621
- Type: Article
- + Show details - Hide details
-
p.
118
–126
(9)
With the increase in the number of threats within web-based systems, a more integrated approach is required to ensure the enforcement of security policies from the server to the client. These policies aim to stop man-in-the-middle attacks, code injection, and so on. This study analyses some of the newest security options used within HTTP responses, and scans the Alexa Top 1 Million sites for their implementation within HTTP responses. These options scanned for include: content security policy, public key pinning extension for HTTP, HTTP strict transport security, and HTTP header field X-frame-options, in order to understand the impact that these options have on the most popular websites. The results show that, while the implementation of the parameters is increasing, it is still not implemented on many of the top sites. Along with this, the study shows the profile of adoption of Let's Encrypt digital certificates across the one million sites, along with a way of assessing the quality of the security headers.
- Author(s): Shuaijianni Xu and Liang Feng Zhang
- Source: IET Information Security, Volume 12, Issue 2, p. 127 –132
- DOI: 10.1049/iet-ifs.2017.0259
- Type: Article
- + Show details - Hide details
-
p.
127
–132
(6)
Verifiable computation (VC) allows a client to outsource (delegate) the computation of a function f on an input x to a server and then verify the server's results with substantially less time than computing f(x) from scratch. The security of VC requires no efficient adversary can persuade the client to accept any wrong results. Morillo and Obrador (PST 2013) proposed three VC schemes for outsourcing the computation of polynomial functions and claimed that all schemes are secure under the decisional subgroup membership assumption. The authors show a simple attack against the security of their first scheme and then extend the attack to the other two schemes. Morillo and Obrador (PST 2013) also claimed that their third scheme keeps the client's input private under the square root assumption. The authors show that this is not true under the standard definition of input privacy. In particular, a curious server can extract the client's input x, if the x is not too large. The authors’ results show that Morillo–Obrador schemes cannot be used in the polynomial delegation.
- Author(s): Jianxiong Shao ; Yu Qin ; Dengguo Feng
- Source: IET Information Security, Volume 12, Issue 2, p. 133 –140
- DOI: 10.1049/iet-ifs.2016.0005
- Type: Article
- + Show details - Hide details
-
p.
133
–140
(8)
The Trusted Platform Module (TPM) is a system component that provides a hardware-based approach to establish trust in a platform. The latest TPM2.0 specification was accepted as the ISO standard in 2015. It offers functionality for key management by storing keys into the TPM's protected storage. The access to the TPM-resident key object is protected by the session-based authorisation mechanism. This mechanism is keyed to the object's authorisation value known as authValue and the session-bound secret value known as sessionKey. The new authValue introduced into the TPM is protected by the session-based encryption mechanism, which is also keyed on the sessionKey. In the authors’ study, they conduct a formal analysis of the TPM2.0 HMAC (hash message authentication code) authorisation mechanism used in the key management. They first use the stateful applied calculus to formalise the session-based HMAC authorisation and encryption mechanisms in a model of TPM2.0 API commands. They propose a threat model to formalise the secrecy and authentication properties. Then they discuss several attacking scenarios in practice where the sessionKey could be disclosed. They also instantiate their threat model according to specific attacking scenarios. By using the SAPIC tool and the tamarin prover, they automatically give out the analysis results of their models.
- Author(s): Shangping Wang ; Xia Zhang ; Yaling Zhang
- Source: IET Information Security, Volume 12, Issue 2, p. 141 –149
- DOI: 10.1049/iet-ifs.2017.0225
- Type: Article
- + Show details - Hide details
-
p.
141
–149
(9)
Attribute-based encryption (ABE) has been regarded as an attractive alternative to identity-based encryption. The feature of the ABE is that it has the ability of fine-grained access control. Access control is an effective way to ensure data security. Revocable and grantable ABE (RABE) is an extension of ABE. In this study, an efficient RABE scheme is proposed. Binary tree technique is used to deal with the issues of attribute revocation and granting. The security of the scheme is proved to be selectively secure in the standard model under the learning with errors assumption.
- Author(s): Girraj Kumar Verma and B.B. Singh
- Source: IET Information Security, Volume 12, Issue 2, p. 150 –156
- DOI: 10.1049/iet-ifs.2017.0342
- Type: Article
- + Show details - Hide details
-
p.
150
–156
(7)
Blind signature (BS) schemes are a vital tool to design electronic cash (e-cash), online transaction, electronic voting (e-voting), digital right management (DRM) systems etc. The communication systems designed for such applications need small size and more confidential signature schemes. This article presents the first provably secure and efficient identity-based message recovery BS scheme from pairing. Since, in this scheme, the message is not transmitted with signature and recovered during verification phase, the total message–signature length is the lowest. Due to the blindness, the scheme provides authentication along with anonymity. The performance comparison shows that the authors' scheme consumes the lowest computation cost. Thus, it inspires the energy efficient (green) technology as well as is the most appealing BS scheme towards applications such as e-cash, e-voting, DRM systems etc. using low bandwidth and high security.
Malware classification based on API calls and behaviour analysis
Analysis of the adoption of security headers in HTTP
Cryptanalysis of Morillo–Obrador polynomial delegation schemes
Formal analysis of HMAC authorisation in the TPM2.0 specification
Efficient revocable and grantable attribute-based encryption from lattices with fine-grained access control
Efficient identity-based blind message recovery signature scheme from pairings
-
- Author(s): Xiaonan Wang ; Zhengxiong Dou ; Yi Mu
- Source: IET Information Security, Volume 12, Issue 2, p. 157 –164
- DOI: 10.1049/iet-ifs.2017.0390
- Type: Article
- + Show details - Hide details
-
p.
157
–164
(8)
Content-centric networking (CCN) used the name of an Interest to seek the target content, where the name was a plaintext and unprotected. Apart from the name, the content in one Data is also unprotected. If an unauthorised node intercepted an Interest, it could infer what kind of content is requested. If the node intercepted a response Data, it could illegally acquire the content. This study focused on the privacy issues of CCN and proposed a CCN framework with privacy support. In this framework, the concept of a privacy name was proposed and accordingly the forwarding information base (FIB) and pending Interest table (PIT) establishment algorithms based on privacy names were proposed. On the basis of the proposed FIB and PIT, the content communication algorithm based on privacy names was presented. In this algorithm, one authorised consumer could use a privacy name to seek, retrieve and share the ciphertext of the content, so the privacy was achieved. Finally, the privacy of this framework was analysed and the performance was evaluated to justify its advantages.
CCN framework with privacy support
Most viewed content
Most cited content for this Journal
-
High accuracy android malware detection using ensemble learning
- Author(s): Suleiman Y. Yerima ; Sakir Sezer ; Igor Muttik
- Type: Article
-
Crypto-based algorithms for secured medical image transmission
- Author(s): Ali Al-Haj ; Gheith Abandah ; Noor Hussein
- Type: Article
-
Pseudorandom bit generator based on non-stationary logistic maps
- Author(s): Lingfeng Liu ; Suoxia Miao ; Hanping Hu ; Yashuang Deng
- Type: Article
-
Constructing important features from massive network traffic for lightweight intrusion detection
- Author(s): Wei Wang ; Yongzhong He ; Jiqiang Liu ; Sylvain Gombault
- Type: Article
-
Empirical analysis of Tor Hidden Services
- Author(s): Gareth Owen and Nick Savage
- Type: Article