IET Information Security
Volume 7, Issue 4, December 2013
Volumes & issues:
Volume 7, Issue 4
December 2013
Colour image encryption based on advanced encryption standard algorithm with two-dimensional chaotic map
- Author(s): Jianhua Li and Hui Liu
- Source: IET Information Security, Volume 7, Issue 4, p. 265 –270
- DOI: 10.1049/iet-ifs.2012.0304
- Type: Article
- + Show details - Hide details
-
p.
265
–270
(6)
In this study, a novel scheme of advanced encryption standard (AES) is proposed. Its independent round key is generated by the two-dimensional (2D) Hénon map and the 2D Chebyshev map. The goal is to improve the low security and conquer the defect of the traditional AES algorithm. Then, the improved algorithm is used to encrypt colour image, and the result shows that the encryption algorithm has better security by cryptanalysis.
New certificateless public key encryption scheme without pairing
- Author(s): Xiaopeng Yan ; Peng Gong ; Zhiquan Bai ; Jiantao Wang ; Ping Li
- Source: IET Information Security, Volume 7, Issue 4, p. 271 –276
- DOI: 10.1049/iet-ifs.2012.0257
- Type: Article
- + Show details - Hide details
-
p.
271
–276
(6)
To satisfy the requirement of practical applications, many certificateless encryption schemes (CLE) without pairing have been proposed. Recently, Lai et al. proposed a CLE scheme without pairing and demonstrated that their scheme is provably secure in the random oracle model. The analysis shows that their scheme has better performance than the related schemes. However, Lai et al.’s scheme is not a standard CLE scheme since the user's public key is used when generating his partial private key. In this study, the authors propose a new CLE scheme. Compared with Lai et al.’s scheme, the authors' scheme is a standard CLE scheme at the cost of increasing the computational cost slightly. Besides, their scheme has better performance than the related schemes except Lai et al.’s scheme. They also show their scheme is provably secure in the random oracle model.
Link quality-based cache replacement technique in mobile ad hoc network
- Author(s): Jagadeesan Dhanapal and Srinivasa Krishna Srivatsa
- Source: IET Information Security, Volume 7, Issue 4, p. 277 –282
- DOI: 10.1049/iet-ifs.2012.0244
- Type: Article
- + Show details - Hide details
-
p.
277
–282
(6)
In mobile ad hoc network (MANET) routing protocols such as dynamic source routing, each node consist of route cache, in which routes to multiple destinations are indexed orderly. Since, route cache is capable of storing many routes it should be maintained periodically to its consistency and reliability. In this study, the authors put forward a link quality-based cache replacement technique in MANET. In this technique, the source obtains multiple paths to the destination through multipath routing. The acquired paths are stored in route cache. The cache replacement technique estimates the link quality using Received Signal Strength (RSS) value. Links that possess low RSS value are removed from the route cache. Concurrently, the route cache table is maintained periodically by each node using its timestamp value. The authors validate the efficiency of cache replacement technique through simulation results. The technique maintains the route cache proficiently and improves the throughput of the system.
JITSafe: a framework against Just-in-time spraying attacks
- Author(s): Ping Chen ; Rui Wu ; Bing Mao
- Source: IET Information Security, Volume 7, Issue 4, p. 283 –292
- DOI: 10.1049/iet-ifs.2012.0142
- Type: Article
- + Show details - Hide details
-
p.
283
–292
(10)
A new code-reuse attack, named Just-in-time (JIT) spraying attack, leverages the predictable generated JIT compiled code to launch an attack. It can circumvent the defenses such as data execution prevention and address space layout randomisation built-in in the modern operation system, which were thought the insurmountable barrier so that the attackers cannot construct the traditional code injection attacks. In this study, the authors describe JITSafe, a framework that can be applied to existing JIT-based virtual machines (VMs), in the purpose of preventing the attacker from reusing the JIT compiled code to construct the attack. The authors framework narrows the time window of the JIT compiled code in the executable pages, eliminates the immediate value and obfuscates the JIT compiled code. They demonstrate the effectiveness of JITSafe that it can successfully prevent existing JIT spraying attacks with low performance overhead.
Chosen-plaintext linear attacks on Serpent
- Author(s): Jialin Huang and Xuejia Lai
- Source: IET Information Security, Volume 7, Issue 4, p. 293 –299
- DOI: 10.1049/iet-ifs.2012.0287
- Type: Article
- + Show details - Hide details
-
p.
293
–299
(7)
In this study, the authors consider chosen-plaintext variants of the linear attack on reduced round Serpent. By reasonably fixing parts of the plaintexts of 10-round Serpent the number of texts required in a linear attack with single approximation can be significantly reduced by a factor of 222. The authors also give the best data complexity on 10-round Serpent so far, which is 280. Moreover, the authors extend the chosen-plaintext technique to the linear attack using multiple approximations and improve the results of cryptanalysis in data complexity or/and time complexity in different scenarios. As an application to show the usefulness of this technique, an experiment in the multidimensional linear model on 5-round Serpent is given.
Scalable fragile watermarking for image authentication
- Author(s): Angela Piper and Reihaneh Safavi-Naini
- Source: IET Information Security, Volume 7, Issue 4, p. 300 –311
- DOI: 10.1049/iet-ifs.2010.0059
- Type: Article
- + Show details - Hide details
-
p.
300
–311
(12)
Semi-fragile watermarks are used to detect unauthorised changes to an image, whereas tolerating allowed changes such as compression. Most semi-fragile algorithms that tolerate compression assume that because compression only removes the less visually significant data from an image, tampering with any data that would normally be removed by compression cannot affect a meaningful change to the image. Scalable compression allows a single compressed image to produce a variety of reduced resolution or reduced quality images, termed subimages, to suit the different display or bandwidth requirements of each user. However, highly scaled subimages remove a substantial fraction of the data in the original image, so the assumption used by most semi-fragile algorithms breaks down, as tampering with this data allows meaningful changes to the image content. The authors propose a scalable fragile watermarking algorithm for authentication of scalable JPEG2000 compressed images. It tolerates the loss of large amounts of image data because of resolution or quality scaling, producing no false alarms. Yet, it also protects that data from tampering, detecting even minor manipulations other than scaling, and is secure against mark transfer and collage attacks. Experimental results demonstrate this for scaling down to 1/1024th the area of the original or to 1/100th the file size.
Polynomial differential-based strong (n, t, n)-verifiable secret sharing
- Author(s): Qassim Al Mahmoud
- Source: IET Information Security, Volume 7, Issue 4, p. 312 –317
- DOI: 10.1049/iet-ifs.2012.0366
- Type: Article
- + Show details - Hide details
-
p.
312
–317
(6)
Basic secret sharing schemes assume that the dealer who divides the secret and distributes shares to participants is a mutually trusted party. The basic idea of free dealer secret sharing (SS) is that each participants acts as a dealer to choose the secret (sub secrets) and generate shares for other participants and then the master secret will be combine of these subs secrets. The t-consistency of shares is a set of n shares that if any subset containing t shares defines the same secret. The author's scheme based on polynomial differential to fix the problems that had been observed Harn and Lin scheme about the security requirements for t-consistency of shares in Pedersen's (n, t, n) – SS, and consider the timeliness in Harn and Lin by using the same Pedersen's (n, t, n) – SS scheme. The author will use polynomial of degree (2t − 1) to share the sub secrets, and the polynomial differential is used for verification purpose.
An adaptive distributed certificate management scheme for space information network
- Author(s): Ren Fang and Fan Jiulun
- Source: IET Information Security, Volume 7, Issue 4, p. 318 –326
- DOI: 10.1049/iet-ifs.2012.0253
- Type: Article
- + Show details - Hide details
-
p.
318
–326
(9)
The security vulnerability of space information network is stimulating interest in developing security mechanisms study of heterogeneous network. However, it is noted that neither the single certificate authority (CA) nor the distributed CA can meet the security requirements for this type of network. In this study, the authors propose an adaptive distributed certificate management scheme in which the nodes that provide certificate services are selected dynamically in the network. The security risks caused by the static nodes are avoided in the proposed scheme. The status of the nodes in the network is completely equal and the credit values that vary with the operation of the network are the only criterion to measure their responsibilities. The scheme can effectively prevent attackers from getting permission of the certificate services and could be applicable to the complex and dynamic networks.
Hardware acceleration of regular expression repetitions in deep packet inspection
- Author(s): Brendan Cronin and Xiaojun Wang
- Source: IET Information Security, Volume 7, Issue 4, p. 327 –335
- DOI: 10.1049/iet-ifs.2012.0340
- Type: Article
- + Show details - Hide details
-
p.
327
–335
(9)
Network Intrusion Detection Systems (NIDS) make extensive use of regular expressions (regexes) as attack signatures. Such expressions can be handled in hardware using a bit-parallel (BP) architecture based on the Glushkov non-deterministic finite automata (NFA). However, many expressions contain constrained {min, max} repetitions which first need to be unrolled so that they can be handled by the standard BP system. Such unrolling often leads to an excessive memory requirement which makes handling of such regexes unfeasible. This study presents a solution, based on the standard BP architecture, which incorporates a counting mechanism that renders unrolling unnecessary. As a result, many regexes, which were previously unsuitable for the standard BP system, can now be efficiently handled. Unlike many other approaches, this architecture is dynamically reconfigurable thanks to its memory, rather than logic, based engine. This is important as NIDS rule sets are regularly updated. It can also handle repetition of both single and multi-symbol sub-expressions.
Survey of data aggregation techniques using soft computing in wireless sensor networks
- Author(s): Hevin Rajesh Dhasian and Paramasivan Balasubramanian
- Source: IET Information Security, Volume 7, Issue 4, p. 336 –342
- DOI: 10.1049/iet-ifs.2012.0292
- Type: Article
- + Show details - Hide details
-
p.
336
–342
(7)
In wireless sensor networks (WSN), data aggregation using soft computing methods is a challenging issue because of the security factors. When a node is compromised, it is easy for an adversary to inject false data and mislead the aggregator to accept false readings. Therefore there is a need for secure data aggregation. Although sufficient works on the survey of data aggregation in WSNs are done, it seems less satisfactory in terms of maintaining a secured data aggregation, and measuring accurate values. This study presents an up to date survey of major contributions to the security solutions in data aggregation which mainly use soft computing techniques. Here, classification of protocols is done according to the soft computing technique as: fuzzy logic, swarm intelligence, genetic algorithm and neural networks. Accuracy, energy consumption, cost reduction and security measures are the metrics used for the classification. Finally, the authors provide a comparative study of all aggregation techniques.
Traceable, group-oriented, signature scheme with multiple signing policies in group-based trust management
- Author(s): Dong Jiao ; Mingchu Li ; Jinping Ou ; Cheng Guo ; Yizhi Ren ; Yongrui Cui
- Source: IET Information Security, Volume 7, Issue 4, p. 343 –348
- DOI: 10.1049/iet-ifs.2012.0350
- Type: Article
- + Show details - Hide details
-
p.
343
–348
(6)
In a group-based trust management scheme, peers are partitioned into groups based on chosen characteristics, such as location and interest. The super peer (SP), who is responsible for the storage and distribution of reputation value, has an important role in group-based trust management. Thus, if the SP is a disguised or malicious peer, serious security problems could occur. To solve these security problems, the authors propose a traceable, group-oriented, signature scheme with multiple signing policies for trust management. The SP's signature is generated by a designated group called the signature group. In the authors scheme, peers in the signature group will decide whether to generate the signature for the SP based on the SP's reputation, meaning that attackers cannot forge a valid signature. In addition, an outsider also can trace the signers who were involved in generating the signature for reputation valuation.
Systemic threats to hypervisor non-control data
- Author(s): Baozeng Ding ; Yeping He ; Yanjun Wu ; Jiageng Yu
- Source: IET Information Security, Volume 7, Issue 4, p. 349 –354
- DOI: 10.1049/iet-ifs.2012.0252
- Type: Article
- + Show details - Hide details
-
p.
349
–354
(6)
Hypervisors are becoming a widespread virtualisation layer in current computer systems. Recent successful attacks against hypervisors indicate that they face the similar integrity threats as traditional operating systems. Current approaches that secure hypervisors mainly focus on code or control-data integrity, without paying attention to non-control data integrity. In this study the authors construct attacks that target hypervisor non-control data to demonstrate which types of data within the Xen hypervisor are critical to system security. It shows privilege, resource utilisation and security policy related data are vulnerable to return-oriented programming or DMA attacks. By modifying their values from one to another, the whole system's performance will be affected. By discussing current approaches that secure hypervisors, which are not suitable for non-control data, the work is to motivate new innovation in this area to protect them.
Most viewed content
Most cited content for this Journal
-
High accuracy android malware detection using ensemble learning
- Author(s): Suleiman Y. Yerima ; Sakir Sezer ; Igor Muttik
- Type: Article
-
Crypto-based algorithms for secured medical image transmission
- Author(s): Ali Al-Haj ; Gheith Abandah ; Noor Hussein
- Type: Article
-
Pseudorandom bit generator based on non-stationary logistic maps
- Author(s): Lingfeng Liu ; Suoxia Miao ; Hanping Hu ; Yashuang Deng
- Type: Article
-
Constructing important features from massive network traffic for lightweight intrusion detection
- Author(s): Wei Wang ; Yongzhong He ; Jiqiang Liu ; Sylvain Gombault
- Type: Article
-
Empirical analysis of Tor Hidden Services
- Author(s): Gareth Owen and Nick Savage
- Type: Article