Security and Communication Networks

In this paper, the information security issue on biometric data is studied, focusing on distribution in space domain and uniform diffusion in frequency domain. Related tests and analysis on key space, sensitivity, correlation and uniform distribution are performed with comparison to diverse schemes including triple data encryption standard algorithm and chaotic mapping cipher. Experiment results show that the proposed approach possesses good secure performances on both random scrambling in space domain and uniform distribution in frequency domain.

This paper proposes the address-based counter mode encryption for non-volatile main memory. It is secure and very efficient. It can be implemented with low cost and be deployed conveniently. Additionally, it brings no side-effects to wear-leveling techniques.

In this paper, we propose a new broadcast authentication scheme utilizing Combined Key Chains with multiple trust sources. If there are m trust sources, our scheme generates m + 1 key chains, where m of them are distributed among the m source nodes and the last one is used as a verification key chain in all the receiver nodes. The communication overhead is small and constant, and the memory requirement at a verifier node is also minimal.

Improving anomaly-based malware detection techniques using a filtering and abstraction process. This process has positive impacts on the processing performance and the accuracy of the selected malware detection approach.

The relations between features are modeled as a weighted graph, where each weight is the correlation between two features. We perform a composition operation between normal graph and attack graph to generate a strongly-correlated graph. We apply the model on the NSL-KDD dataset. We evaluate the performance of the proposed model under NSL-KDD. The performance evaluation of the proposed model under KDD99 dataset shows better results in terms of receiver operating characteristic distance compared with other multivariate intrusion detection systems targeting denial-of-service attacks.

In this paper, without adding extra hardware devices, we present a user-friendly, dual-factor authentication scheme, called Duth, for smartphones. Duth scheme is characterized by utilizing the spatial and time features of the user's writing process as two factors of authentication, and a user can be authenticated only if these two features are fulfilled. We implement Duth on a popular mobile platform, Android, and extensive experiments show that Duth can achieve efficient and effective dual-factor authentication.

In this paper, we formalize a security model for identity-based proxy ring signatures for the first time. Then, we present the first provably secure scheme for this primitive using a new paradigm called sequential aggregation under the RSA assumption, in the random oracle model. The proxy key exposure attack cannot be applied to our scheme, and also it outperforms the existing schemes in terms of efficiency and practicality.

We present new obfuscation techniques, on the basis of some of the features of the upcoming HTML5 standard, which can be used to deceive malware detection systems. The proposed techniques have been experimented on a reference set of obfuscated malware. Our results show that the malware rewritten using our obfuscation techniques go undetected while being analyzed by a large number of detection systems.

The cryptographic criteria (nonlinearity, resiliency, degree, algebraic immunity, and fast algebraic resistance) of our n-variable Boolean functions below are generally superior to the currently best-known results.

IEEE 802.11i standard provides authentication and security at the Medium Access Control (MAC) layer in wireless local area networks. The standard suffers under denial of service (DoS) attacks. The paper presents a review of DoS attacks and existing solutions pertaining to IEEE 802.11i security standard.

In the paper, we introduce a social analysis method as a new approach to build an intrusion detection system (SN-IDS) in ad hoc networks. The SN-IDS explores single and multiple social rules to detect suspicious activities of mobile nodes. The system can effectively detect common attacks with high detection rates and low false alarm rates. It also shows clear advantages over the conventional association rule based data mining IDS in terms of computation and system complexity.

This study presents a rigorous evaluation of sequence-based approaches on masquerade detection. The newly proposed technique MUCS (matching of unordered command sequences) is compared with the techniques MOCS (matching of ordered command sequences) and MC (matching of commands). The performance of these methods on different types of users and masqueraders is also analyzed.

In this paper, we introduce a novel comprehensive detection method based on the protocol behaviors. The protocol behavior characters are utilized to evaluate the regularities or correlations between adjacent packets that are changed by the information hiding in header fields of transmission control protocol/Internet protocol. A support vector machine is lastly applied to the behavior feature sets for discovering the existence of covert channels. The experimental results and performance comparison show that our scheme is of high effectiveness.

In this paper, we propose an efficient recommendation-based data dissemination protocol for mobile social networks, which can efficiently disseminate high-quality messages in a privacy-preserving way. Detailed security analysis demonstrates that our protocol can effectively resist various attacks launched by the adversary. In addition, the simulation results show that high-quality messages can be disseminated widely and efficiently, while low-quality ones will be eliminated shortly to avoid occupying network resources.

The secret data are embedded into non-reference pixels based on the high correlation. The interpolation prediction is used to embed secret data for reference pixels. The proposed scheme provides better embedding performance than some compared schemes.

In this paper, we propose an approach for anonymizing multirelation constraints (ternary or more) with (t,k) hypergraph anonymization in data publishing. In this model, we use t-means-clustering algorithm. This algorithm classifies the objects based on attributes/features into t groups where t is a positive integer number. The grouping is carried out by minimizing the sum of squares of distances between data and the corresponding cluster centroid. In addition, anonymization is carried out with a k-anonymity method in every cluster.

The paper emphasizes the importance of the steganographic cost, which is an indicator for the degradation or distortion of the carrier caused by the application of the steganographic method.

Security aspects in service level agreements (SLAs) have received much attention to guarantee security in a user perspective in personal cloud computing environments. A consensus and quantitative measurement of security metrics are key issues for security-SLA. This paper provides a novel holistic approach to determine suitable service and the right level of security for user according to the service type and network environment based on the cooperative security-SLA evaluation model.

This paper provides efficient and safe access managing mechanism to solve personal health record (PHR) implement on cloud environment's security problem, avoiding possibility that the information security being threatened in the Cloud may lead to the collapse of medical care, patients' stolen data, loss of personal privacy, and financial or other serious consequences. We present bilinear pairing that was constructed in the cloud computing environment of the new PHR access control mechanism, which suited for deploying a large scale and multiple identities of users, and users are safe and efficient in accessing the PHR information.