IET Information Security
Volume 8, Issue 2, March 2014
Volumes & issues:
Volume 8, Issue 2
March 2014
Identity management and trusted interaction in Internet and mobile computing
- Author(s): Audun Jøsang
- Source: IET Information Security, Volume 8, Issue 2, p. 67 –79
- DOI: 10.1049/iet-ifs.2012.0133
- Type: Article
- + Show details - Hide details
-
p.
67
–79
(13)
The convergence of the Internet and mobile computing enables personalised access to online services anywhere and anytime. This potent access capability creates opportunities for new business models which stimulates vigorous investment and rapid innovation. Unfortunately, this innovation also produces new vulnerabilities and threats, and the new business models also create incentives for attacks, because criminals will always follow the money. Unless the new threats are balanced with appropriate countermeasures, growth in the Internet and mobile services will encounter painful setbacks. Security and trust are two fundamental factors for sustainable development of identity management in online markets and communities. The aim of this study is to present an overview of the central aspects of identity management in the Internet and mobile computing with respect to security and trust.
Impact of blackhole and Sybil attacks on dynamic windows secured implicit geographic forwarding routing protocol
- Author(s): Zurina Mohd Hanapi and Mahamod Ismail
- Source: IET Information Security, Volume 8, Issue 2, p. 80 –87
- DOI: 10.1049/iet-ifs.2012.0202
- Type: Article
- + Show details - Hide details
-
p.
80
–87
(8)
Dynamic windows implicit geographic forwarding (DWSIGF) routing protocol promises a minimal selection on attacker as a hop node. However, it was tested only on blackhole attack with a single optimal attacker. Thus, a thorough investigation was performed to examine whether the protocol is secure against other routing attacks. This study presents a comprehensive analysis of an impact of blackhole and Sybil attacks on the DWSIGF. The analyses on blackhole attack were carried out on a single and multiple attackers using priority selection, random selection, an optimal relay, non-optimal relay, with and without clear to send (CTS) rushing attack. While on the other hand, the Sybil attack's analyses were investigated on the impact of single attacker using optimal and non-optimal relay over increasing traffic loads and growing number of Sybil attackers. The study showed that the DWSIGF promised a superior protection against blackhole/selective forwarding and Sybil attacks with minimum attacker selection and high performance in packet delivery ratio even without inserting any security mechanism in the routing protocol.
Research of trust model based on fuzzy theory in mobile ad hoc networks
- Author(s): Hui Xia ; Zhiping Jia ; Edwin H.-M. Sha
- Source: IET Information Security, Volume 8, Issue 2, p. 88 –103
- DOI: 10.1049/iet-ifs.2012.0145
- Type: Article
- + Show details - Hide details
-
p.
88
–103
(16)
The performance of ad hoc networks depends on the cooperative and trust nature of the distributed nodes. To enhance security in ad hoc networks, it is important to evaluate the trustworthiness of other nodes without central authorities. An information-theoretic framework is presented, to quantitatively measure trust and build a novel trust model (FAPtrust) with multiple trust decision factors. These decision factors are incorporated to reflect trust relationship's complexity and uncertainty in various angles. The weight of these factors is set up using fuzzy analytic hierarchy process theory based on entropy weight method, which makes the model has a better rationality. Moreover, the fuzzy logic rules prediction mechanism is adopted to update a node's trust for future decision-making. As an application of this model, a novel reactive trust-based multicast routing protocol is proposed. This new trusted protocol provides a flexible and feasible approach in routing decision-making, taking into account both the trust constraint and the malicious node detection in multi-agent systems. Comprehensive experiments have been conducted to evaluate the efficiency of trust model and multicast trust enhancement in the improvement of network interaction quality, trust dynamic adaptability, malicious node identification, attack resistance and enhancements of system's security.
Efficient and secure dynamic ID-based remote user authentication scheme for distributed systems using smart cards
- Author(s): Jenq-Shiou Leu and Wen-Bin Hsieh
- Source: IET Information Security, Volume 8, Issue 2, p. 104 –113
- DOI: 10.1049/iet-ifs.2012.0206
- Type: Article
- + Show details - Hide details
-
p.
104
–113
(10)
In a distributed environment, a fundamental concern is authentication of local and remote users in insecure communication networks. Absolutely, legitimate users are more powerful attackers, since they possess internal system information not available to an intruder. Therefore many remote user authentication schemes for distributed systems have been proposed. These schemes claimed that they could resist various attacks. However, they were found to have some weaknesses later. Lee et al. proposed a secure dynamic ID-based remote user authentication scheme for the multi-server environment using smart cards and claimed that their scheme could protect against masquerade attacks, server spoofing attack, registration server spoofing attack and insider attack. In this study, the authors show that Lee et al.'s scheme is still vulnerable to password guessing attack, server spoofing attack and masquerade attack. To propose a viable authentication scheme for distributed systems, we remedy the flaws of Lee et al.'s scheme and propose an efficient improvement over Lee et al.'s scheme. Furthermore, we compare the proposed scheme with related ones to prove that the computation cost, security and efficiency of the proposed scheme are well suitable for practical applications in a distributed system.
Identity-based remote data possession checking in public clouds
- Author(s): Huaqun Wang ; Qianhong Wu ; Bo Qin ; Josep Domingo-Ferrer
- Source: IET Information Security, Volume 8, Issue 2, p. 114 –121
- DOI: 10.1049/iet-ifs.2012.0271
- Type: Article
- + Show details - Hide details
-
p.
114
–121
(8)
Checking remote data possession is of crucial importance in public cloud storage. It enables the users to check whether their outsourced data have been kept intact without downloading the original data. The existing remote data possession checking (RDPC) protocols have been designed in the PKI (public key infrastructure) setting. The cloud server has to validate the users’ certificates before storing the data uploaded by the users in order to prevent spam. This incurs considerable costs since numerous users may frequently upload data to the cloud server. This study addresses this problem with a new model of identity-based RDPC (ID-RDPC) protocols. The authors present the first ID-RDPC protocol proven to be secure assuming the hardness of the standard computational Diffie-Hellman problem. In addition to the structural advantage of elimination of certificate management and verification, the authors ID-RDPC protocol also outperforms the existing RDPC protocols in the PKI setting in terms of computation and communication.
Operating system security by integrity checking and recovery using write-protected storage
- Author(s): Jerzy Kaczmarek and Michal R. Wrobel
- Source: IET Information Security, Volume 8, Issue 2, p. 122 –131
- DOI: 10.1049/iet-ifs.2012.0346
- Type: Article
- + Show details - Hide details
-
p.
122
–131
(10)
An integrity checking and recovery (ICAR) system is presented here, which protects file system integrity and automatically restores modified files. The system enables files cryptographic hashes generation and verification, as well as configuration of security constraints. All of the crucial data, including ICAR system binaries, file backups and hashes database are stored in a physically write-protected storage to eliminate the threat of unauthorised modification. A buffering mechanism was designed and implemented in the system to increase operation performance. Additionally, the system supplies user tools for cryptographic hash generation and security database management. The system is implemented as a kernel extension, compliant with the Linux security model. Experimental evaluation of the system was performed and showed an approximate 10% performance degradation in secured file access compared to regular access.
Establishing user trust in automated teller machine integrity
- Author(s): Ronald Petrlic and Christoph Sorge
- Source: IET Information Security, Volume 8, Issue 2, p. 132 –139
- DOI: 10.1049/iet-ifs.2012.0220
- Type: Article
- + Show details - Hide details
-
p.
132
–139
(8)
The authors show that integrity protection as a technical means towards automated teller machine (ATM) security is not enough to establish trust towards ATM users. The attacks, aiming at getting into possession of users’ bank card details and personal identification numbers (PINs) are manifold. The authors come up with a solution that allows users to establish trust into the ATM integrity protection being in place. The users’ mobile phones play a central role in the trust establishment. The authors also shift the PIN entry away from the possibly insecure ATM's PIN pad towards the users’ mobile phones.
Approach for malware identification using dynamic behaviour and outcome triggering
- Author(s): Hao Bai ; Chang-zhen Hu ; Xiao-chuan Jing ; Ning Li ; Xiao-yin Wang
- Source: IET Information Security, Volume 8, Issue 2, p. 140 –151
- DOI: 10.1049/iet-ifs.2012.0343
- Type: Article
- + Show details - Hide details
-
p.
140
–151
(12)
Malware identification is the process of determining the maliciousness of a program, which is necessary for detecting malware variants. Although some techniques have been developed to confront the rapid expansion of malware, they are not efficient to recognise booming malware instances, and can be evaded by using obfuscation techniques. In this study, a novel dynamic malware identification approach is proposed. Concretely, this approach employs techniques that explore multiple execution paths and trigger malicious behaviours with resulting outcomes. To this end, a group of featured malicious behaviours and outcomes (MBOs) are primarily constructed, from which weights for malware family classification are derived. A virtual monitor is then developed to dynamically trigger MBOs by exploring multipath with suitable probing depths. Finally, triggered malicious behaviours are modelled with features recorded in MBOs to train a malware classifier which can identify unknown malware variants. The experimental results on test cases demonstrate the proposed approach is effective in identifying new variants of popular malware families. The comparison with latest malware identifiers shows that our approach achieves lower false positive rate and can recognise malware equipped with obfuscation techniques.
Most viewed content
Most cited content for this Journal
-
High accuracy android malware detection using ensemble learning
- Author(s): Suleiman Y. Yerima ; Sakir Sezer ; Igor Muttik
- Type: Article
-
Crypto-based algorithms for secured medical image transmission
- Author(s): Ali Al-Haj ; Gheith Abandah ; Noor Hussein
- Type: Article
-
Pseudorandom bit generator based on non-stationary logistic maps
- Author(s): Lingfeng Liu ; Suoxia Miao ; Hanping Hu ; Yashuang Deng
- Type: Article
-
Constructing important features from massive network traffic for lightweight intrusion detection
- Author(s): Wei Wang ; Yongzhong He ; Jiqiang Liu ; Sylvain Gombault
- Type: Article
-
Empirical analysis of Tor Hidden Services
- Author(s): Gareth Owen and Nick Savage
- Type: Article