New Publications are available for Data security
http://dl-live.theiet.org
New Publications are available now online for this publication.
Please follow the links to view the publication.Enhanced security technique for wireless sensor network nodes
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0610
The lightweight computational nodes being used in WSN pose particular challenge for many security applications. This paper investigates a number of security techniques and novel implementations appropriate for WSN nodes, including various trade-offs such as implementation complexity, power dissipation, security flexibility and scalability. (5 pages)Surrey University Library for Forensic Analysis (SULFA) of video content
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0422
In this paper we propose SULFA (Surrey University Library for Forensic Analysis) for the benchmarking of video forensic techniques. This new video library has been designed and built for the purpose of video forensics specifically related to camera identification and integrity verification. As far as we know, no such library or similar currently exists in the community. SULFA contains original as well as forged video files, which will be freely available through the University of Surrey's website. There are approximately 150 videos collected from three camera sources, which are Canon SX220 (codec H.264) [1], Nikon S3000 (codec MJPEG) [2] and Fujifilm S2800HD (codec MJPEG) [3]. Each video is approximately 10 seconds long with resolution of 320×240 and 30 frames per second. All videos have been shot after carefully considering both temporal and spatial video characteristics. In order to present life-like scenarios, various complex and simple scenes have been shot with and without using camera support (tripod). Furthermore 9 original videos from each source in SULFA have been tested with Photo Response Non Uniformity (PRNU) based camera identification methods. Currently, SULFA also includes videos with cloning or copy-paste forgery. Each forged video includes full information of the doctored region. (5 pages)Robust image watermarking using two dimensional Walsh coding
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0435
This paper deals with a new blind watermarking technique using two dimensional Walsh coding. The aim of using the 2D Walsh coding is to improve the robustness of the algorithm. The watermark which is a hand written signature was encoded by using 2D Walsh functions then it was embedded in the low frequency coefficients of the discrete cosine transform of the host image. The new algorithm is blind and does not require the original image to extract the watermark and cause minimal distortion to the host image. The robustness of the algorithm was assessed against various Stirmark attacks such as JPEG compression, noise, and some filtering operations. The extent of the improvements is related to the scaling factor. (5 pages)Dyadic wavelets and dct based blind copy-move image forgery detection
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0439
This paper proposes a blind method of copy move image forgery detection using dyadic wavelet transform (DyWT) and discrete cosine transform (DCT). An input image is decomposed using DyWT to approximation (LL) subbands and detail (HH) subbands. DCT is then applied to overlapping blocks in LL and HH subbands, and Euclidean distances between the blocks are calculated using DCT coefficients. Decision is made based on similarity of the blocks in LL subband and dissimilarity of the blocks in HH subband. The proposed method is evaluated with images of different sizes, different compression qualities, and with or without rotation before pasting. Experimental results show that the method performs better in all cases than two other multiresolution based methods. (6 pages)Advanced video camera identification using conditional probability features
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0426
Today, the misuse of digital data especially images and videos become crucial with the existence of sophisticated high-tech equipment and it is available at relatively low cost. Illegal recording of movie in cinema has caused losses of millions of dollars a year. Law enforcement agencies are keen to find ways to counter illegal video recording. Current research into camera identification techniques is attracting a significant amount of attention. The main objective is to identify the camera equipment used to record digital image or video based on the data source obtained. In this paper, we propose a video camera identification technique based on the Conditional Probability (CP) Features. Specifically we focus on its performance for identification of video sources using cameras of different models. In our experiments, we demonstrate that the CP Features are able to correctly match the test video frames with their source with classification accuracy is approximately 97.2%. These findings provide a good indication that CP Features are suitable for digital video forensics. (5 pages)Privacy: the forgotten challenge in sensor and distributed systems
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0594
Privacy is a right that is granted by law and decree to all citizens of Europe and to the registered organisations they work, play or congregate through. The role of sensor networks in general, and wireless sensor networks in particular, in maintaining the privacy of users is considerable, but unfortunately very largely not addressed or not understood. The paper introduces on-going work in FP7 project i-Tour and in the world of standards at ETSI on the means to exchange privacy assertions across distributed networks such that the original consent is maintained even when new actors are introduced to the system. (4 pages)Understanding lack of trust in distributed agile teams: a grounded theory study
http://dl-live.theiet.org/content/conferences/10.1049/ic.2012.0011
Background: Trust fuels team performance and contributes to build an effective and cohesive team. The self-organizing and collaborative nature of Agile teams increases the importance of trust in software development teams. Trust is, however, affected in distributed teams. Aim: To investigate the emergent key concerns, particularly the impact of trust, in distributed Agile teams. Method: Through a Grounded Theory study that explores distributed software development from the specific perspective of Agile practitioners, we interviewed 45 participants from 28 different software companies in the USA, India, and Australia. Results: In this paper, we present the reasons for lack of trust and its adverse effects in distributed Agile teams that emerged from our analysis, using the causal-consequences theoretical model. Conclusion: Understanding the causes and consequences of lack of trust can develop awareness of the importance of trust in distributed teams, and pave ways for effectively building trust in project-oriented contexts.Performance triangle in digital substation architectures
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0067
In the traditional domain of teleprotection signalling, there is a recognised triangle of performance. This triangle depends upon the required speed of communication, the expected dependability of the command, and the security of receipt. These three aspects are interlinked, and the correct balance of each is required in order to offer the traditional functionality such as permissive signalling, blocking and intertripping schemes.This paper relates the traditional concepts to the application of automation schemes within digital substations. In this manner, it is anticipated that protection engineers can relate today's Ethernet technology by analogy with equivalent trusted practices. Firstly, the paper discusses aspects of speed, particularly in terms of the response required in message-based schemes, and the methods by which integrators can achieve accurate time-synchronising. Secondly, achieving adequate dependability by means of redundancy, and appropriate architectures is treated. Thirdly, security is covered, including aspects of cybersecurity and settings/configuration management. (6 pages)Recent developments in standards and industry solutions for cyber security and secure remote access to electrical substations
http://dl-live.theiet.org/content/conferences/10.1049/cp.2012.0064
This paper discusses real world examples of utility initiatives to address the issue of substation cyber security in the context of both industry best practices and the global standards organizations seeking to provide a blueprint for security implantation. The authors provide an overview of existing technologies for securing IP and Ethernet communications networks and end devices. One of the aspects helping secure access to utility networks are centralized secure access management systems that facilitate authentication and authorization of users and devices while increasing productivity by reducing manually repetitive tasks. A commercial implementation of such a system is described. The authors also provide a brief overview of the latest industry efforts in standardization and describe selected focus groups, initiatives and institutions that are developing cyber security guidance for the electric power industry. Finally the authors describe practical experience from deploying a secure remote access management system at a large transmission utility in the United Kingdom. Key challenges, issues and experience from system design and implementation are presented. (8 pages)Optimal implementation of digital steganography in an true color images for the secrete communication
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0057
A Real life requirement motivated this case study for secure the digital communication. Hiding data with security is the highly challenging and desirable task. The purpose of this research work is to develop a secure and optimal data hiding technique in 24 bit hue color image .My proposed method is flexible on size of secret message bits and allows us to embed a large amount of secret messages as well as maintaining good visual quality of stego-image. Using this method, message bits are embedded into uncertain and higher LSB layers, resulting in increased imperceptible and robustness of stego-image.A study on network intrusion detection and prevention system current status and challenging issues
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0075
A network based Intrusion Prevention System sits in-line on the network, monitoring the incoming packets based on certain prescribed rules and if any bad traffic is detected, the same is dropped in real-time. A signature based detection system was developed to perform TCP port scans, Trace route scan, ping scan and packet sniffing to monitor network. This paper is going to enhance the signature based system to monitor network traffic, creation of per-flow packet traces and adaptive learning of intrusion. The existing Hawkeye solutions are used for the network intrusion detection and prevention system. In this paper we have proposed new model which will combine the three technique such as Adaptive weighted sampling algorithm, packet count flow classifier and Adaptive learning algorithms to the existing system.Image CAPTCHA based on distorted faces
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0106
An image recognition-based CAPTCHA is proposed for increasing security in web applications. The proposed method uses distorted faces to create an image for a CAPTCHA test. The user has to recognise the well-known person that appears in the image choosing the name from a list. The method uses a feature-line morphing technique to distort the faces which morphs the well-known person's face into a cartoon or an animal. The performance of this approach is evaluated through different face recognition systems. The results show an improvement in human recognition in comparison with word-based CAPTCHAs and an increment in robustness against robots when trying to break through the tests. (6 pages)Pervasive monitoring: appreciating citizen's surveillance as digital evidence in legal proceedings
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0130
Images or video streams, extracted from data acquired through surveillance systems and intended to be used as evidence in court, should have all attributes of conventional digital evidence, meaning that they should be admissible, authentic, reliable, complete and believable. This paper discusses the first three attributes that surveillance systems should comply with to be submitted as evidence in legal proceedings and it identifies some of the obstacles in the way through harmonization. The focus is on data gathered from a range of ad hoc sources present at the scene of an incident, including smartphones and wireless sensor networks (used for safety, security or traffic management/environmental monitoring). New scenarios for crowd-sourced surveillance mediated by law enforcement supervision are further considered. Specific attention is brought to the compliance with privacy requirements that often condition the admissibility of the evidence. (6 pages)DEEPAV2: A DNS monitor tool for prevention of public IP DNS rebinding attack
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0054
Domain Name Systems (DNS) play a vital role in the proper functioning of the internet Almost all internet applications rely on DNS for the name resolutions. The existing DNS infrastructure has a number of security vulnerabilities and it is prone to attacks such as DNS Cache Poisoning attack, DNS Rebinding attack. Flooding attack, etc. If a DNS server is compromised, it affects all the users of the internet, resulting in adverse effect In this paper the focus has been on the prevention of DNS Rebinding attack. The solution for detecting and preventing DNS rebinding attack has been incorporated into DEEP A1. The extended DEEPA, viz., DEEPAV2 tool, containing the enhanced packet analyzer, the traffic differentiator, and enhanced packet filter modules, detects and differentiates the abnormal group of activities in the DNS traffic caused by the public IP DNS rebinding attack which is the combination of classical DNS rebinding attack and Anti-DNS pinning attack. The DEEPAV2 effectively filters the DNS rebinding attack packets by deeply analyzing the DNS packets. As the DNS rebinding attack is prevented, the subsequent attacks such as pharming, phishing, click frauds, email spamming, etc., could be prevented.Evaluating iris segmentation for scenario optimisation
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0098
Iris recognition is a biometric modality which offers the potential for high accuracy and, increasingly, for application in more diverse environments than hitherto. Poor segmentation is one of the most important factors likely to compromise iris recognition performance. Hence, research in the area of iris biometrics has often been focused on efforts to enhance the performance of iris segmentation techniques, and this has led to considerable work on iris segmentation. This paper presents a detailed investigation, evaluation and comparison of several segmentation approaches (including a new algorithm proposed by the authors) proposed in the literature based on their accuracy and processing speed. To be consistent with the research of others, for all quantitative experiments, algorithms have been evaluated on two iris databases, namely CASIA V1.0 and a subset of the BioSecure database. (6 pages)Hooligan detection: the effects of saliency and expert knowledge
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0131
We investigated differences in visual search of dangerous events between security experts and naive observers during the observation of large scenes, typically encountered on the grandstand of stadiums during soccer matches. Our main technical objective was the reduction of computational effort required for the detection and recognition of such events. To overcome the scarcity and legal issues associated with real footage, we designed a new algorithm for the synthesis of crowd scenes with well-controlled statistical properties. We characterize the relative importance of saliency and expert knowledge for the generation of correct detections and the visual search strategies for both security experts and naive observers. We found that during the first few seconds of this search task, experts and naive observers look at the scenes in a similar fashion, but experts see more. We compare the results with theoretical models for saliency and event classification. We show that the recognition model can deliver reasonable classification/detection performance even when operating under real-time constraints. When real-time operation is not a concern, performance can be improved further by allowing the model to grow. (6 pages)High-capacity reversible q-ry data hiding with location map-free capability
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0136
This paper proposes a high capacity and high quality image data hiding scheme based on a causal predictor, predictor error expansion and a local activity indicator. The utilization of the secret data from Galois field GF(q), q 2 allows to embed more than one bit per pixel in compliance with a high quality of stego image. Moreover, special conditions for location map-free embedding are derived. Experimental analysis demonstrates the effectiveness of the proposed approach in achieving the high embedding capacity along with the high image fidelity. (6 pages)Medical image security using LSB and chaotic logistic map
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0086
In this modem era, many researchers have been concentrating more on using the field of chaos and its applications for their research. Particularly, medical image encryption and decryption using chaotic signals are proposed frequently for medical image cryptography and steganography. In this article, the patient medical details in text form and medical image of the organ in pictorial form are encrypted and decrypted using two different set of algorithms. One of the advantages of this method is its security, which is provided by the chaotic signal.Extended visual cryptography scheme with an artificial cocktail party effect
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0114
Visual cryptography schemes have been introduced in 1994 by Naor and Shamir [9]. These kind of schemes have been also well described by C. Blundo, A. De Santis and D.R. Stinson in [3]. In this case, a secret image I may be encoded into n shadow images called the shares, and to give exactly one such shadow image to each member of a group P of n persons. Certain qualified subsets of participants can visually recover I, but other, forbidden sets of participants have no information on I. A visual recovery for a set X consists of photocopying the shares given to the participants and then stacking them. Shortly afterwards the discovery of visual cryptography schemes Droste gave a generalization of such schemes, and Ateniese et al, formalized the idea of Naor and Shamir of an extension of the model which conceals the very existence of the secret image. Ateniese et al have called this formalization, Extended Visual Cryptography [5, 7,10]. In order to encode and hide a given set I<sub xmlns="http://pub2web.metastore.ingenta.com/ns/">1</sub>, I<sub xmlns="http://pub2web.metastore.ingenta.com/ns/">2</sub>, . . . , I<sub xmlns="http://pub2web.metastore.ingenta.com/ns/">k</sub> of gray-level images, in this paper, we propose an Extended Visual Cryptography Scheme for which the decoding process simulates a cocktail party effect. (10 pages)Identifying humans using comparative descriptions
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0111
Soft biometrics is a new form of biometric identification which utilizes human descriptions of a subject's physical appearance. Although these descriptions intuitively have less discriminatory capability than traditional biometric approaches, they are able to retrieve and recognize subjects based solely on a human description. To permit soft biometric identification the human description must be accurate, yet conventional human descriptions comprising of absolute labels and estimations are often unreliable. In this paper we introduce a novel method of human description which utilizes comparative descriptors derived from visual comparisons between subjects. This innovative approach to obtaining human descriptions has been shown to counter many problems associated with absolute categorical labels. Comparative categorical labels are objective and can be used to infer descriptive continuous relative measurements. The resulting biometric signatures have been demonstrated to differ significantly from absolute descriptions allowing improved retrieval of subjects and could even be used to increase the accuracy of witness description in crime analysis. (6 pages)Iterative active querying for surveillance data retrieval in crime detection and forensics
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0133
Large sets of visual data are now available both, in real time and off line, at time of investigation in multimedia forensics, however passive querying systems often encounter difficulties in retrieving significant results. In this paper we propose an iterative active querying system for video surveillance and forensic applications based on the continuous interaction between the user and the system. The positive and negative user feedbacks are exploited as the input of a graph based transductive procedure for iteratively refining the initial query results. Experiments are shown using people trajectories and people appearance as distance metrics. (6 pages)Cryptographic keys generation using identity
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0068
Public key cryptography is a fundamental and widely used technology around the world for secure information exchange over Internet. Public key cryptography uses public key of the receiver to encrypt the message and receiver uses his/her private key to decrypt the message. Public key of receiver is known publicly, prior to the communication. Hence the authentication of the public key is a big challenge and for which public key certificates, provided by Certification Authority (CA), are used. At large scale communication to set up numerous CA"s is a major overhead of public key cryptography. Hence this paper attempts to avoid the use of public key certificates and proposes an RSA based algorithm to generate the cryptographic keys using identity such as E-Mail ID of a person. The algorithm uses a hash function to generate the keys. The simulation results for key generation using various hash functions are also shown in paper.Layered security approach in cloud
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0083
Cloud refers to a collection of nodes and the Cloud computing model focuses on the Cloud to provide the services to the customers. The model separates the client machine from the data and the application in use thus increases the Robustness and the Cost-Effectiveness of the Application. This paper introduces the security model for services like SaaS, DaaS etc. Its main purpose is to define a new solution to the security concerns of the cloud consumers using different approaches at different levels. This proposed security approach can me mingled with other emerging security proposals for implementing a robust and trustworthy cloud security.Survey on intrusion detection methods
http://dl-live.theiet.org/content/conferences/10.1049/ic.2011.0085
Intrusions in an information system are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion detection has been studied for approximately 20 years. It is based on the beliefs that an intruder's behavior will be noticeably different from that of a legitimate user and that many unauthorized actions will be detectable. Intrusion detection systems (IDSs) are usually deployed along with other preventive security mechanisms, such as access control and authentication, as a second line of defense that protects information systems. There are several reasons that make intrusion detection a necessary part of the entire defense system. This paper describes various Intrusion Detection methods like pattern matching, state full pattern matching, protocol decode-based analysis etc and how fuzzy clustering can apply in IDS.A privacy enhanced DNS scheme for the Internet of Things
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0758
In the environment of Internet of Things (IoT), smart devices' privacy protection is a significant issue in several security problems. When a static domain name was assigned to a specified IoT terminal smart device, the risk of the existing privacy will be raised. In this article we proposed a privacy protection enhanced DNS scheme for smart devices, which can authenticate the original user's identity, reject illegal access to the smart device. The scheme is compatible with widely used DNS and DNSSEC protocol.Universal access authentication for wireless network
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1022
This paper proposes a universal access authentication protocol in a safe and efficient way for wireless network. Firstly, an improved hierarchical identity based signature is designed to overcome key escrow. Secondly, based on the modified signature scheme, a new authenticating protocol, namely Priauth-HIBS, is proposed. It has its own advantages, such as identity based, hierarchy, local verification and single registration. In particular, Priauth-HIBS only involves two parties to accomplish mutual authentication and key establishment, which reduces the interactional complexity and makes authentication universal in wireless network. Besides, security level is enhanced against kinds of attacks. The theoretical and simulating results shows that Priauth-HIBS provides more secure and efficient service for roaming user. A further discussion reveals our near future work at last.Design of identity verification unit and management system
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0777
With an increasing emphasis on the emerging automatic handicap personal identification applications, living fingerprint-based identification and Smart cards are receiving a lot of attention. So as to achieve secure and reliable identity verification and the tracking of documentary files and stationary, the paper presents an identity verification unit and management system based on living fingerprint identification techniques and Internet of things (IOT). Additionally, for the goal of non-paper office, the unit resolves issues, e.g., the insecurity and simplex function in traditional identification unit, by providing professional function such as electronic seal.Design of WAP based application for mobile security
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0443
This paper discusses how secure is your data in the mobile and the steps that can be taken to make it secure to a certain level. The major theme running through this paper is Mobile system security/ privacy. There are many Well-known problems here, particularly in Ubiquitous/pervasive/ad-hoc, computing scenarios.Justifying the validity of safety assessment models with safety case patterns
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0261
Safety analysis is an essential part of the development process of complex systems. However, decisions that are based on flawed safety assessment models, or models used beyond their envelope of validity can negatively impact safety design choices, the effectiveness of certification, and operational practice. Therefore, the justification of assumptions, data sources and analytical methods is necessary for appropriate use of these analysis results. Currently, most of the existing guidance on the evaluation or assessment of safety analysis is concerned with the human aspects of safety reviews. However, there are few recommendations as to how to justify a collection of safety assessment models as part of forming a coherent argument, especially for safety assessments performed using novel safety modelling techniques (such as Failure Logic Modelling). This paper examines the concerns for model validation activities in general and presents an exemplar safety case pattern for the adequacy of safely assessment models. The justification concerns of safely assessment models have been developed in order to provide inspiration and a starting point for future safety case developments utilising novel safety assessment models. (6 pages)Identifier/locator separation: a worm detection and prevention perspective
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1417
Identifier/locator separation is widely recognized as a promising solution to the routing scalability issue of the Internet routing architecture. Although it is believed that networks with identifier/locator separation are more secure than networks without identifier/locator separation, identifier/locator separation cannot evade the damage of worms either. In this paper, we argue that identifier/locator separation can help detect and prevent worms by analyzing and evaluating the worm detection probability and the number of infected machines. The results show that the worm detection in networks with identifier/locator separation is easier than in networks without identifier/locator separation and identifier/locator separation is more resistive to worm propagation. To the best of our knowledge, this is the first attempt on understanding the worm detection and prevention in networks with identifier/locator separation.CIDMS: a security connection identifier mapping system for universal network
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1435
The identifier split is a design principle for new Internet architectures such as Universal Network, Lisp, which make Internet more scalable, reliable and security. One important form of identifier split in Universal Network is connection identifier/access identifier (CID/AID) split which is introduced to improve security isolation during communication. Using CID/AID split, terminals communicate with each other without knowledge of the opponent's access identifier, so as to eliminate targeted attacks such as denial-of-service attack. This spit relies on a mapping system to resolve a flat connection identifier that identifies a session to one or several appropriate access identifiers in response to mapping requests for specific connection identifier. In this paper we present a secure CID/AID split mechanism and its corresponding mapping system: CIDMS. We also present simulations of mapping system's performance, evaluate its resolution delay and scalability.An identified transport layer mechanism in the locator/identifier separation context
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1418
The traditional network design puts little emphasis on security and management of the transport layer mechanisms. However, new applications requiring security such as on-line bank and on-line shopping emerge sharply. Besides, various new applications induce the problem of management for pricing, reliability and resource distribution. Hence, a secure and manageable transport layer mechanism is significant and urgent under these occasions. In this paper, we propose an identified transport layer mechanism (ITM) in the locator/identifier separation protocol (LISP) context. ITM employs mapping cache to manage the packet transmitting process and separates host identifiers from the port numbers in the transport layer. Based on this mechanism, we can achieve enhanced security and management of the network transport layer.The design and research of improved JFKi protocol based on mobile IPv6
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1428
IPv6 as the trend of next generation Internet has increasingly implemented in the mobile Internet. The security of mobile IPv6 has become the key factor of restricting its development. The Internet Protocol Security (IPsec) protocol protects the exchange information between the Mobile Node (MN) and Home Agent (HA) through establishing the security association (SA). However, the IKEvl as the popular security protocol has the defects not to adapt the mobile Internet such as low efficiency and poor reliability. The Just Fast Keying (JFK) protocol is composed of JFKi and JFKr, and they are very similar in many respects. In this paper, we propose an improved mobile JFKi protocol based on IPv6. We simplify the complex of JFKi to improve the efficiency of establishing SA so that it reduces the load of mobile devices and improve feasibility of JFKi. We propose a model of mobility application based on mobile IPv6 to ensure JFKi adapt the mobility application. Through simulation, we prove correctness of the approach proposed by us.Mechanism for generic purpose SIM card communication and its applications
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1012
Mobile applications are increasingly developed thanks to the rapid progress on open mobile operating systems. In such applications, security issues are now becoming critical. To make use of the security capabilities of SIM card, generic purpose SIM access mechanism, e.g. JSR 177, is required. Unfortunately, JSR 177 is not supported by most mobile device. This paper presents a mechanism based on the event driven model of card application toolkit runtime environment (CATRE) to implement the generic purpose SIM access. The mechanism extends the development and deployment of high security mobile applications using SIM card as a security element in mobile devices that do not support JSR 177. Based on the mechanism, several methods are considered and discussed, and some applications in m-commerce, m-government and m-signature are also presented.A security enhanced network architecture for future networks
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1456
Security is one of the most urgent problems in today's Internet. For the lack of a clear definition of identifier of entity we seek to manage in the Internet, existing security mechanisms are not well integrated into the Internet architecture. These security mechanisms are designed as separate extensions and their effectiveness are limited. In this paper, we present a new network architecture, Security Enhanced Network Architecture (SENA), to provide a "built-in" security. In SENA, there are four identifiers, including service identifier, connection identifier, endpoint identifier and routing identifier. With a reinforced control plane, the architecture allows network administrators directly manage the mappings between different identifiers and provides security as an integrated solution.Cyber attack impact on power system blackout
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0520
Information & Communication Technology (ICT) plays a key role in modern power system. Component failure and malicious attack of cyber system could trigger outage, and sometimes, catastrophic blackout in powers system. Previous research shows that self-organized criticality of blackout arise from cascade overload and cascade outage. Whereas, recently observation show the other factors, including malicious sabotage, could contribute to SOC of blackout along without cascade outage. Stuxnet worm, as a new paradigm of malicious software that can spread in the physical isolated network, could initiate coordinated attack and result in ultra large blackout than expected. The cyber security issues of power system should be revisited correspondingly. (4 pages)Secure the signaling messages of mobile IPv6
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1420
Mobile IPv6 (MIPv6) is designed for IP mobility technology since Release 8[3], and DSMIPv6 as an important management based on host, applying IPSec/IKE as a default extension of MIPv6 has been adopted by 3GPP. security solution. Actually, till now there are other ways to protect the data traffic and signaling for host-based approaches. RFC 4285 proposes an alternate method for securing MIPv6 signaling messages between Mobile Nodes and Home Agents by an extension called authentication option, and recently IETF Mobility EXTensions for IPv6 (MEXT) working group adopts a WG draft which specified a means of security for MIPv6 based on Transport Layer Security (TLS). This paper presents the IPSec/IKE and authentication option security mechanism, and analyzes the problem occurred in MIPv6 working with IPSec/IKE. The security mechanism based on TLS is introduced and analyzed. Then a comprehensive comparison between the three means is given. Finally, we show the prototype implementing and testing with the TLS scheme. To the best of our knowledge, no papers have published TLS based MIPv6 signaling security implementation results.A QoS-supported scheme for quantum key distribution
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1461
As a technology of providing different service qualities to the different applications/users, QoS is a research hotspot in communication field. For quantum key distribution (QKD) networks which provide unconditional security for distribution of cryptographic keys, its unique characteristics, like extreme quantum key resource constraint and the different time requirements of secure key distribution, pose unprecedented challenges for the QoS support in QKD networks. In this paper, a service model is presented firstly, which includes three service classes with different distribution time requirements: key-guaranteed service, key-prioritized service and key-best-effort service. Then, a QoS-supported scheme is proposed to support this service model. Particularly, Quantum Key Reservation Approach (QKRA) is designed to reserve quantum keys for the key-guaranteed service. The simulation is conducted to investigate the performance of this QoS-supported scheme.System and methodology for unknown malware attack
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0475
Intrusion Detection Prevention Systems are increasingly a key part of systems defense. Various approaches to Intrusion Detection prevention are currently being used, but they are relatively ineffective. Artificial Intelligence plays a driving role in security services. This paper proposes a dynamic model Intelligent Intrusion Detection System, based on specific AI approach for intrusion detection. The techniques that are being investigated includes neural networks and fuzzy logic with network profiling, that uses simple data mining techniques to process the network data. The proposed system is a hybrid system that combines anomaly, misuse and host based detection.An IPsec seamless switching mechanism with high availability and scalability by extending IKEv2 protocol
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1421
IPsec as a very popular security protocol solves the increasing problems of network security. The IPsec-gateway cluster as a solution of large-scale IPsec implement improves the availability of IPsec-gateway. The traditional IPsec-gateway cluster needs to use a large number of hardware resources to keep availability of IPsec-gateway. However, the low utilization rate of resources restricts the scalability of IPsec-gateway cluster. In this paper, we propose a new IPsec-gateway cluster mechanism by improving and extending IKEv2 protocol. Meanwhile, we design a standby IPsec-gateway Selection Algorithm (GWSA), a distributed and switch SA policy (DSAP), ESP packets synchronous and retransmission policy. This mechanism can deploy IPsec-gateways in different network segments and prevent ESP packets loss when IPsec-gateway performs switching. Through simulation, we show that the above mechanism can improve the availability and scalability of IPsec-gateway cluster.Crowd sourced security, trust & cooperation for learning digital megacities: valuing social intangible assets for competitive advantage and harmonious development
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0316
This paper aims at providing some insights and evidence of the relevancy of a crowd sourced approach of security for complex socio technique systems, typical of those in a learning digital megacity. We argue that crowd sourced security associated with trust and cooperation are social intangible assets that can be valued for the attractiveness of a smart city, its competitive advantage, and its harmonious development. We show some empirical results concerning the use of security and trust enabling technologies and systems. (4 pages)Application-based identity management in M2M system
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1459
With the rapid development of Machine-to-Machine communication, privacy protection and identity authentication are paid more and more attention to. In this paper, an application-based Identity Management System is proposed, which allow devices with multiple functions to serve different applications with different identities so that their privacy can be protected. These identities can be generated by the devices using an authorized ID without interacting with the provider. A system prototype has been designed and interactive protocol has been presented.A novel secure and scalable resource/service acquisition scheme for future internet
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1437
Because of the mostly needless information about the resource providers, service-oriented resource acquisition is becoming a research hotspot of network service technology. However, it is very difficult for today's internet evolved from its original design to realize this mission. (1) The users must know which host should be connected. Actually, that is precisely what the user doesn't care about. (2) The ongoing streaming cannot be automatically transferred to another server that can provide the same service. (3) Traditional network architecture is lack of the uniform description to a variety of resource and services. Meanwhile, there are still some serious problems such as security, scalability, mobility. Therefore, some novel network and service architectures are proposed, one representative of which is the identifier and mapping network architecture. Based on the identifier and mapping network architecture, this paper proposes a Service-Oriented Resource/service Acquisition (SORA) scheme, which gives a clean-state redesign of Internet resource/service acquisition. The analysis and evaluation show that the scheme has good security and scalability, besides the basic capability to support service-oriented resource/service acquisition.Email encryption system based on hybrid AES and ECC
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0906
Advanced Encryption Standard (AES) and Elliptic Curve Cryptosystems (ECC) are the two most commonly used symmetric and asymmetric encryption algorithms. The paper analyzes both the AES algorithm and the ECC algorithm. Combining with the characteristics of the AES and ECC, a mixed email encryption system is designed, which can solve the problem such as password system speed and security, which can't efficiently realize the information, data encryption, signature and identity verification. And the hybrid encryption is applied into the email system to enhance the network security of information transmission.SPSA: shortest path selection algorithm to solve the unnecessary hop problem in LISP-DHT
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1472
LISP-DHT is a mapping system to support LISP. It is based on widely used DHT. LISP-DHT takes full advantage of the benefits of DHTs such as robustness, scalability and security etc. However, it achieves poor lookup efficiency due to the "Unnecessary Hop" problem. The unnecessary hop problem leads to a query message may traverse the same physical node multiple times, thus it heavily weakens the throughput and lookup efficiency of the mapping system. In this paper, we identify the issues with LISP-DHT which leads to "UH" problem and poor lookup efficiency. We propose the shortest path selection algorithm to solve the UH problem. The theory analysis and simulation results show that the SPSA can solve the Unnecessary Hop problem so as to improve the lookup efficiency of LISP-DHT.Improving feature extraction in keystroke dynamics using optimization techniques and neural network
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.0493
This paper presents a novel application of optimization technique to user identity authentication using keystroke dynamics. Keystroke dynamics is a biometric technique to identify a user based on the analysis of his/her typing rhythm. Mean, Median and Standard deviation of feature values such as Latency, Duration and Digraph are measured and compared the performance. Particle Swarm Optimization (PSO) and Genetic Algorithm (GA) are used to select the subset of the features extracted and Neural Net is used for classification. Particle Swarm Optimization gives moderate performance than Genetic Algorithm with regard to feature reduction rate. Digraph with median as the feature gives good result when compared with other features.IP traceback in GPRS
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1474
Recently, more and more crimes occur in computer network, such as DoS attacks, DDoS attacks, dissemination of pornographic contents and so on. However, due to the issues of network protocol's design, IP addresses can be forged, which makes it difficult to track the real source address. And that is why cybercrimes occur frequently. Mobile network crimes have also shown a growing trend together with the development of mobile network. In this article, we introduce the current state of the art in IP traceback. We also describe the meaning of IP traceback in GPRS and introduce a scheme for IP traceback in GPRS.A decentralized framework for content protection in mobile environment
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1477
With the pervasion of mobile devices and internet connections, more and more people create and share digital content in mobile environment. Some of these contents are involved with personal rights and interests, and Digital Rights Management (DRM) is desirable solution to provide them persistent protection. However, existing DRM schemes are highly dependent on centralized Trusted Authority (TA), which causes cost and privacy problems for individual content owners. In this paper, we propose a decentralized DRM framework that does not need the participation of TA. The establishment of trust between Content Owner and Content User is based on a distributed trust model built in DRM clients. To verify the usability of the scheme, a prototype has been developed.A scalable and backwards compatible transition solution for ID/locator separation architecture
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1426
The scalability of the Internet routing system suffers from the overloaded semantics of lP addresses. The IP address of a node means not only the identifier but also the locator. Many researchers propose the idea of separating the Internet into two independent evolving spaces, the identifier space and the locator space. However, this architecture is quite different from the Internet we are using, so a good transition plan is crucial for the further deployment of the ID/Locator separation architecture. In this paper, we propose a new compatible method, in which the nodes in the traditional network and the nodes in the access network of the ID/Locator separation architecture can communicate with each other. And we give a detailed analysis of the method. We show that, besides that the method supports the communication between the end node in the traditional network and the end node in the ID/Locator separation architecture, the method does not take extra delay and has good scalability. Using this method, the architecture can be incrementally deployed, and offers security, multi-homing, and mobility benefits even to early adopters.An intrusion detection scheme based on anomaly mining in Internet of Things
http://dl-live.theiet.org/content/conferences/10.1049/cp.2011.1014
Internet of things (IOT) is vulnerable to malicious attacks because of opening deployment and limited resources. It's heterogeneous and distributed characters make conventional intrusion detection methodologies hard to deploy. To overcome this problem, this paper shows an intrusion detection scheme based on the anomaly mining. The paper has two parts (i) in the first part an anomaly mining algorithm is developed to detect anomaly data of perception layer, (ii) in the second part a distributed intrusion detection scheme is designed based on the detected anomalies. Since not all anomalies are triggered by malicious intrusion, the intrusion semantic is analyzed to distinguish intrusion behaviors from anomalies. Finally our evaluation and analysis shows that our approach is accurate and extensible.