Security and Communication Networks

We introduce an efficient signcryption scheme for hybrid authenticated encryption that is provably secure in the standard model under a strong multiuser insider setting. Our new signcryption scheme is built on the basis of a variant of Boneh-CBoyen short signature, which works under bilinear groups. The new construction idea is to reuse the signature value to derive the encryption key. This could dramatically save not only the computational cost but also the communication bandwidth.

In addition,

1. A sufficient condition that the absolute indicator of two bent functions achieves its lowest value is derived

2. A construction of substitution boxes with good autocorrelation properties from vectorial bent functions is given.

3. Two classes of nonlinear vectorial semi-bent functions with good autocorrelation properties are proposed.

We construct the first certificateless signature scheme that can be proven secure against malicious-but-passive key generation center attack of super adversaries. Moreover, our scheme is still secure when the adversary is allowed to obtain valid signatures on the target identity and message. Our construction is based on the hard lattice problems in the random oracle model.

The methods of detecting stepping stones were easily affected by the Internet or the attackers. In this paper, we proposed a new attribute, causality probability, which can avoid these effects.

This paper presents an attribute-based signature scheme for the case of threshold predicates from lattices. This scheme is existentially unforgeable against selective predicate and static chosen message attacks in the standard model, with respect to the hardness of the small integer solution problem. To the best of our knowledge, this work constitutes the first attribute-based signature scheme based on lattices.

This paper proposes a new alert correlation system based on entropy called E-correlator. The main idea of this paper is that the huge number of raw alerts contains some information that can be displayed by fewer hyper-alerts. For more visualization, we define the hyper-alerts graph, which provides a global view of intrusion alerts. We achieved the promising reduction ratio of 99.98% in LLS_DDOS_1.0 attack scenario in DARPA2000 dataset while the constructed hyper-alerts have enough information to discover the attack scenario.

In this paper we address the problem of network anomaly detection by proposing some new statistical techniques, based on the use of several statistical models to characterize the normal behavior of the network traffic running over TCP.

Namely, our proposal is based on the use of Markov chains, co- occurrence matrices, and compression algorithms, for modeling the TCP connections, in terms of statistical analysis of some of the packet header fields.

The entropy-based method has been compared with a known method for detection of Synchronize sequence numbers (SYN) flood attacks, which relies on application of Cumulative sum control chart (CUSUM) algorithm over the number of SYN packets. The experimental evaluation confirms that entropy-based detection does not reach the performance of a method tailored for a specific type of attack but it has generality that allows the use in viable detection of a range of attacks.

A novel network-based Distributed Mobility and Authentication Mechanism is proposed, which offers solutions to the limitations in centralized mobility management. The limitations are single-point failure, non-optimal routing, low scalability, authentication latency, and signaling messages overhead of the mobility protocols. Further, the authentication is based on symmetric cryptographic and collision-free one-way hash function, which is simple to be implemented in mobile devices.

A novel Energy-efficient Clustering Approach based on Convergence Degree chain for wireless sensor networks, termed as ECACD, is proposed in this paper. ECACD protocol use convergence degree and residual energy for cluster head election, and take the energy threshold policy for cluster maintenance, and apply convergence degree chain based cluster head rotation. Analysis and simulation on the cluster header characteristics and the network life time show that ECACD can effectively increases the stability and extends the network life.

Summary:

1. To propose, design, and evaluate a new filtering detection protocol with the development of algorithms for filtering denial of service attacks in vehicular ad hoc network.

2. To verify through extensive simulation the performance of the proposed protocols with the established and state-of-the-art contemporary protocols.

We propose a ciphertext-policy hidden vector encryption scheme that supports multiuser searching on the encrypted data by the method of attributed-based access control. The most important advantage of our scheme is that it is based on bilinear group of prime order. Because the group with prime order is more efficient than the group with composite order, our scheme is more efficient than other constructions.

The essence of phishing attacks is brand spoofing, where favicon, logo and copyright notice as the most important brand identities are widely used by phishing criminals to trick victims. In this paper, favicon, logo and copyright features are extracted first; then, redirection, incoming links and Domain Name System resolution information-based brand authorization feature is further extracted to discriminate the sites with branding rights from phishing sites. Based on extracted brand identity and authorization features, statistical anti-phishing classification models are trained.

The proposed reversible data embedding can embed one secret bit into both the search-order coding index and the vector quantization index. The compression ratio of our method can approximate that of the standard search-order coding method with no secret message embedded. Base on the embedding mechanism of index parity matching, the performances of hiding capacity and compression for our method are satisfactory, which are also not influenced by the distribution of secret bits.

The computation of kP over elliptic curves is done using new ZOTEC method that is based on ZOT recoding method was proposed to accelerate the EC computations. ZOTEC is a bidirectional method. ZOTEC multiplication and recoding is more efficient than other methods in terms of field complexity and time complexity.

In this paper, we present a formal definition of security model for identity-based designated verifier proxy signature (ID-DVPS) scheme. We also propose a novel ID-DVPS scheme and show a formal security proof of our new scheme based on the bilinear Diffie–Hellman assumption. Compared with other ID-DVPS schemes, it has the following advantages: lower computational cost and shorter signature size (only one element is needed for a signature).

This paper presents a research study on defense mechanisms for Sybil attack detection in vehicular ad hoc network. First, it organizes all mechanisms into three general categories; and then discusses about advantages and problems for selected recent works to be applicable. In some cases, it provides the solutions for problems that indicate a number of open research issues.

Misuse patterns describe a generic way of performing an attack that takes advantage of the specific vulnerabilities of some environment and present a way to counteract its development as well as a way to trace back the information needed at each stage of the attack. The purpose of misuse patterns is to guide the design, evaluation, and test of systems in development. Misuse patterns can also guide forensic examiners in the process of searching for evidence.

In order to realize efficient cross-domain authentications in virtual enterprises (VEs), a novel virtual bridge certificate authority trust model is put forward, based on which an effective cross-domain certification scheme is further presented using the threshold elliptic curve cryptosystem signature algorithm. Analysis shows that the new scheme has the advantages of simple construction of inter-enterprise certification paths, low cost, high bit security, high efficiency, conspiracy attack resistance, and adaptability to diverse collaboration modes of VE, which make it suitable for cross-authentications in VEs especially for resource-limited applications.