Latest Articles from JUCS - Journal of Universal Computer Science Latest 61 Articles from JUCS - Journal of Universal Computer Science https://lib.jucs.org/ Thu, 28 Mar 2024 12:17:39 +0200 Pensoft FeedCreator https://lib.jucs.org/i/logo.jpg Latest Articles from JUCS - Journal of Universal Computer Science https://lib.jucs.org/ Visualizing Portable Executable Headers for Ransomware Detection: A Deep Learning-Based Approach https://lib.jucs.org/article/104901/ JUCS - Journal of Universal Computer Science 30(2): 262-286

DOI: 10.3897/jucs.104901

Authors: Tien Quang Dam, Nghia Thinh Nguyen, Trung Viet Le, Tran Duc Le, Sylvestre Uwizeyemungu, Thang Le-Dinh

Abstract: In recent years, the rapid evolution of ransomware has led to the development of numerous techniques designed to evade traditional malware detection methods. To address this issue, a novel approach is proposed in this study, leveraging machine learning to encode critical information from Portable Executable (PE) headers into visual representations of ransomware samples. The proposed method selects highly impactful features for data sample classification and encodes them as images based on predefined color rules. A deep learning model named peIRCECon (PE Header-Image-based Ransomware Classification Ensemble with Concatenating) is also developed by integrating prominent architectures, such as VGG16 and ResNet50, and incorporating the concatenating method to enhance ransomware detection and classification performance. Experimental results using self-collected datasets demonstrate the efficacy of this approach, achieving high accuracy of 99.85% in distinguishing between ransomware and benign samples. This promising approach holds the potential to significantly improve the effectiveness of ransomware detection and classification, thereby contributing to more robust cybersecurity defense systems.

HTML

XML

PDF

]]>
Research Article Wed, 28 Feb 2024 16:00:07 +0200
Cybersecurity Verification and Validation Testing in Automotive https://lib.jucs.org/article/71833/ JUCS - Journal of Universal Computer Science 27(8): 850-867

DOI: 10.3897/jucs.71833

Authors: Damjan Ekert, Jürgen Dobaj, Alen Salamun

Abstract: The new generations of cars have a number of ECUs (Electronic Control Units) which are connected to a central gateway and need to pass cybersecurity integration tests to fulfil the homologation requirements of cars. Cars usually have a gateway server (few have additional domain servers) with Linux and a large number of ECUs which are real time control of actuators (ESP, EPS, ABS, etc. – usually they are multicore embedded controllers) connected by a real time automotive specific bus (CAN-FD) to the domain controller or gateway server. The norms (SAE J3061, ISO 21434) require cybersecurity related verification and validation. Fir the verification car manufacturers use a network test suite which runs > 2000 test cases and which have to be passed for homologation. These norms have impact on the way how car communication infrastructure is tested, and which cybersecurity attack patterns are checked before a road release of an ECU/car.This paper describes typical verification and validation approaches in modern vehicles and how such test cases are derived and developed.

HTML

XML

PDF

]]>
Research Article Sat, 28 Aug 2021 10:00:00 +0300
Cybersecurity Threat Analysis, Risk Assessment and Design Patterns for Automotive Networked Embedded Systems: A Case Study https://lib.jucs.org/article/72367/ JUCS - Journal of Universal Computer Science 27(8): 830-849

DOI: 10.3897/jucs.72367

Authors: Jürgen Dobaj, Damjan Ekert, Jakub Stolfa, Svatopluk Stolfa, Georg Macher, Richard Messnarz

Abstract: Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

HTML

XML

PDF

]]>
Research Article Sat, 28 Aug 2021 10:00:00 +0300
Recent Advances in Cybersecurity and Safety Architectures in Automotive, IT, and Connected Services https://lib.jucs.org/article/72072/ JUCS - Journal of Universal Computer Science 27(8): 793-795

DOI: 10.3897/jucs.72072

Authors: Richard Messnarz, Ricardo Colomo-Palacios, Georg Macher, Andreas Riel, Miklos Biro

Abstract: This is a special issue in cooperation with EuroSPI (www.eurospi.net). EuroSPI represents a large international network of renowned experts and annual European conference series running successfully since its foundation in 1994. From 2013 onwards, an international functional safety and from 2016 onwards a functional safety and cybersecurity workshop has been established, to which leading European and Asian industry and research have been actively contributing to.High-quality, original papers about best practices for implementing functional safety and cybersecurity in automotive, IT, and connected services have been selected for this special issue. They provide insights into the current state of the art implementations in automotive safety and cybersecurity, IT security, and safety in future highly autonomous self-learning vehicles.

HTML

XML

PDF

]]>
Editorial Sat, 28 Aug 2021 10:00:00 +0300
Fuzzy Adaptive Data Packets Control Algorithm for IoT System Protection https://lib.jucs.org/article/24142/ JUCS - Journal of Universal Computer Science 26(11): 1435-1454

DOI: 10.3897/jucs.2020.076

Authors: Łukasz Apiecionek, Matusz Biedziak

Abstract: One of huge problem for recent IT systems are attacks on their resources called Distributed Denial of Service attacks. Many servers which are accessible from public network were a victim of such attacks or could be in the future. Unfortunately, there is still no effective method for protecting network servers against source of the attack, while such attack could block network resources for many hours. Existing solutions for protecting networks and IoT systems are using mainly firewalls and IDS/IPS mechanisms, which is not sufficient. This article presents the method minimizing the DDoS attacks. Proposed method provides possibilities for the network administrators to protect their servers and IoT network resources during the attack. The proposed fuzzy adaptive algorithm is using Ordered Fuzzy Numbers for predicting amount of packets which could be passed over the network boarder gateway. Proposed solution will give the opportunity for ordinary users to finish their work when the attack occurs.

HTML

XML

PDF

]]>
Research Article Sat, 28 Nov 2020 00:00:00 +0200
Utilizing Debugging Information of Applications in Memory Forensics https://lib.jucs.org/article/24088/ JUCS - Journal of Universal Computer Science 26(7): 805-826

DOI: 10.3897/jucs.2020.044

Authors: Mohammed Al-Saleh, Ethar Qawasmeh, Ziad Al-Sharif

Abstract: The rapid development in the digital world has contributed to the dramatic increase in the number of cybercrimes. An application's volatile data that is kept in memory (RAM) could give clues on how a criminal has been using the application up to acquisition time. Unfortunately, application-level memory forensics has been conducted in an ad hoc manner because a forensic investigator has to come up with a new technique for a new application. This process has become problematic and exhausting. This paper proposes a general solution to investigate any application in memory. We heavily utilize applications' debugging information generated by compilers in our solution. Furthermore, we extend Volatility [Walters, 2007], an open-source memory forensic framework, by developing and integrating a plugin to investigate applications in memory. We design several experiments to evaluate the effectiveness of our plugin. Interestingly, our plugin can parse debugging information and extract variables' names and data types regardless of their scope and complexity. In addition, we experimented with a real world application and succeeded in collecting vital information out of it. By accurately computing the Virtual Addresses (VA) of variables along with their allocated memory sizes based on their types, we are able to extract their values out of memory. In addition, we trace call stacks as per threads to extract local variables' values. Finally, direct and indirect pointers are successfully dereferenced.

HTML

XML

PDF

]]>
Research Article Tue, 28 Jul 2020 00:00:00 +0300
Analysis of the Infection and the Injection Phases of the Telnet Botnets https://lib.jucs.org/article/22670/ JUCS - Journal of Universal Computer Science 25(11): 1417-1436

DOI: 10.3217/jucs-025-11-1417

Authors: Tomáš Bajtoš, Pavol Sokol, Andrej Gajdoš, Katarína Lučivjanská, Terézia Mézešová

Abstract: With the number of Internet of Things devices increasing, also the number of vulnerable devices connected to the Internet increases. These devices can become part of botnets and cause damage to the Internet infrastructure. In this paper we study telnet botnets and their behaviour in the first two stages of its lifecycle - initial infection, and secondary infection. The main objective of this paper is to determine specific attributes of their behavior during these stages and design a model for profiling threat agents into telnet botnets groups. We implemented a telnet honeynet and analyzed collected data. Also, we applied clustering methods for security incident profiling. We consider K-modes and PAM clustering algorithms. We found out that a number of sessions and credential guessing are easily collected and United States of Americable attributes for threat agents profiling.

HTML

XML

PDF

]]>
Research Article Thu, 28 Nov 2019 00:00:00 +0200
Detection of Size Modulation Covert Channels Using Countermeasure Variation https://lib.jucs.org/article/22669/ JUCS - Journal of Universal Computer Science 25(11): 1396-1416

DOI: 10.3217/jucs-025-11-1396

Authors: Steffen Wendzel, Florian Link, Daniela Eller, Wojciech Mazurczyk

Abstract: Network covert channels enable stealthy communications for malware and data exfiltration. For this reason, developing effective countermeasures for these threats is important for the protection of individuals and organizations. However, due to the large number of available covert channel techniques, it is considered impractical to develop countermeasures for all existing covert channels. In recent years, researchers started to develop countermeasures that (instead of only countering one particular hiding technique) can be applied to a whole family of similar hiding techniques. These families are referred to as hiding patterns. Considering above, the main contribution of this paper is to introduce the concept of countermeasure variation. Countermeasure variation is a slight modification of a given countermeasure that was designed to detect covert channels of one specific hiding pattern so that the countermeasure can also detect covert channels that are representing other hiding patterns. We exemplify countermeasure variation using the compressibility score, the ε-similarity and the regularity metric originally presented by Cabuk et al. All three methods are used to detect covert channels that utilize the Inter-packet Times pattern and we show that countermeasure variation allows the application of these countermeasures to detect covert channels of the Size Modulation pattern, too.

HTML

XML

PDF

]]>
Research Article Thu, 28 Nov 2019 00:00:00 +0200
Trust Based Cluster Head Election of Secure Message Transmission in MANET Using Multi Secure Protocol with TDES https://lib.jucs.org/article/22655/ JUCS - Journal of Universal Computer Science 25(10): 1221-1239

DOI: 10.3217/jucs-025-10-1221

Authors: K. Shankar, Mohamed Elhoseny

Abstract: In wireless communication, Mobile Ad Hoc Network (MANET) consists of a number of mobile nodes which are communicated with each other without any base station. One of the security attacks in MANETs is Packet forwarding misbehaviour attack; this makes MANETs weak by showing message loss behavior. For securing message transmission in MANET, the work proposes Energy Efficient Clustering Protocol (EECP) with Radial Basis Function (RBF) based CH is elected for formed Clusters. Moreover, here some Network measures are considered to detect the malicious nodes and CH model that is speed, mobility, trust and so on. The trust value of the node is computed from the neighbor node which helps in further location to find a malicious node in the network to avail message drop and energy consumption (EC). After detecting malicious nodes, Multi secure Protocols that is Secure Efficient Distance Vector Routing (SEDV) and Secure Link State Routing Protocol (SLSP) with encryption technique used for message security. If the" HELLO" message sending by the sender, its encrypted and decrypted triples in receiver end to get the plain message, this technique is Triple Data Encryption Standard (TDES). Finally, the implementation results are evaluated to analyze the message security level of the proposed system in MANET in terms, of Packet to Delivery Ratio (PDR, Network Life Time (NLT) and some other important Measures.

HTML

XML

PDF

]]>
Research Article Mon, 28 Oct 2019 00:00:00 +0200
Designing Statistical Model-based Discriminator for Identifying Computer-generated Graphics from Natural Images https://lib.jucs.org/article/22650/ JUCS - Journal of Universal Computer Science 25(9): 1151-1173

DOI: 10.3217/jucs-025-09-1151

Authors: Mingying Huang, Ming Xu, Tong Qiao, Ting Wu

Abstract: The purpose of this paper is to differentiate between natural images (NI) acquired by digital cameras and computer-generated graphics (CG) created by computer graphics rendering software. The main contributions of this paper are threefold. First, we propose to utilize two different denoising filters for acquiring the first-order and second-order noise of the inspected image, and analyze its characteristics with assuming that residual noise follows the proposed statistical model. Second, under the framework of the hypothesis testing theory, the problem of identifying between NI and CG is smoothly transferred to the design of the likelihood ratio test (LRT) with knowing all the nuisance parameters, and meanwhile the performance of the LRT is theoretically investigated. Third, in the practical classiffication, using the estimated model parameters, we propose to establish a generalized likelihood ratio test (GLRT). A large scale of experimental results on simulated and real data directly verify that our proposed test has the ability of identifying CG from NI with high detection performance, and show the comparable effectiveness with some prior arts. Besides, the robustness of the proposed classi_er is veri_ed with considering the attacks generated by some post-processing techniques.

HTML

XML

PDF

]]>
Research Article Sat, 28 Sep 2019 00:00:00 +0300
Precise Performance Characterization of Antivirus on the File System Operations https://lib.jucs.org/article/22647/ JUCS - Journal of Universal Computer Science 25(9): 1089-1108

DOI: 10.3217/jucs-025-09-1089

Authors: Mohammed Al-Saleh, Hanan Hamdan

Abstract: The Antivirus (AV) is of an important concern to the end-users community. Mainly, the AV achieves security by scanning data against its database of virus signatures. In addition, the AV tries to reach a pleasant balance between security and United States of Americability. When to scan data is an important design decision an AV has to make. Because AVs are equipped with on-access scanners that scan files when necessary, we want to have a fine-grained approach that provides us with high precision explanation of the performance impact of the AVs on different file system operations. Microsofts minifilter driver technology helps us achieve exactly what we want. By deploying a minifilter driver, we show that most overhead of the tested AVs are greatly imposed on the OPEN operation. Interestingly, we also show that the AV greatly enhances the timing for the READ operation. Finally, the WRITE and CLEANUP operations show almost no differences in terms of performance.

HTML

XML

PDF

]]>
Research Article Sat, 28 Sep 2019 00:00:00 +0300
Harmonizing IoT-Architectures with Advanced Security Features - A Survey and Case Study https://lib.jucs.org/article/22613/ JUCS - Journal of Universal Computer Science 25(6): 571-590

DOI: 10.3217/jucs-025-06-0571

Authors: Łukasz Apiecionek, Marcel Großmann, Udo Krieger

Abstract: In recent years we have realized a rapid development regarding the Internet of Things (IoT). Its goal is to interconnect all possible devices to the Internet and to enhance these physical objects by new functionalities. In this way a user's life standard shall be improved. Regarding the application of Internet of Things concepts, there are some commonly known types of an IoT architecture which can provide different technical opportunities. However, comparative studies on Internet of Things architectures are rare. To relieve the difficulties of establishing a single universal IoT architecture, we describe some well-known architectures and compare these proposals with a special regard to important security aspects. A major focus is devoted to methods repulsing Denial-of-Service attacks. We compile a set of criteria that support network administrators in their decision-making processes with regard to a considered specific IoT scenario and its solution. The goal is to fit optimally to the requirements of these solutions. Finally, the proposed approach is illustrated by three already deployed IoT systems and a comparison of their related architectures and functionalities is presented.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jun 2019 00:00:00 +0300
A New Identification Scheme based on Syndrome Decoding Problem with Provable Security against Quantum Adversaries https://lib.jucs.org/article/22599/ JUCS - Journal of Universal Computer Science 25(3): 294-308

DOI: 10.3217/jucs-025-03-0294

Authors: Bagus Santoso, Chunhua Su

Abstract: Recently, in order to guarantee security against quantum adversaries, several identification (ID) schemes based on computational problems which are supposed to be hard even for quantum computers have been proposed. However, their security are only proven against non-quantum adversaries. In this paper, we proposed a novel four-pass code-based identification scheme. By using quantum random oracle model, we provide a security proof for our scheme against quantum adversaries which aim to impersonate the prover under concurrent active attacks, based on the hardness assumption of syndrome decoding (SD) problem. Our security proof is interesting in its own right, since it only requires a non-programmable quantum random oracle, in contrast to existing security proofs of digital signatures generated from ID scheme via Fiat-Shamir transform which require programmable quantum random oracles.

HTML

XML

PDF

]]>
Research Article Thu, 28 Mar 2019 00:00:00 +0200
CCA-Secure Deterministic Identity-Based Encryption Scheme https://lib.jucs.org/article/22596/ JUCS - Journal of Universal Computer Science 25(3): 245-269

DOI: 10.3217/jucs-025-03-0245

Authors: Meijuan Huang, Bo Yang, Yi Zhao, Kaitai Liang, Liang Xue, Xiaoyi Yang

Abstract: Deterministic public-key encryption, encrypting a plaintext into a unique ciphertext without involving any randomness, was introduced by Bellare, Boldyreva, and O'Neill (CRYPTO 2007) as a realistic alternative to some inherent drawbacks in randomized public-key encryption. Bellare, Kiltz, Peikert and Waters (EUROCRYPT 2012) bring deterministic public-key encryption to the identity-based setting, and propose deterministic identity-based encryption scheme (DIBE). Although the construc- tions of chosen plaintext attack (CPA) secure DIBE scheme have been studied intensively, the construction of chosen ciphertext attack (CCA) secure DIBE scheme is still challenging problems. In this paper, we introduce the notion of identity-based all-but-one trapdoor functions (IB-ABO-TDF), which is an extension version of all-but-one lossy trapdoor function in the public-key setting. We give a instantiation of IB-ABO-TDF under decisional linear assumption. Based on an identity-based lossy trapdoor function and our IB-ABO-TDF, we present a generic construction of CCA-secure DIBE scheme.

HTML

XML

PDF

]]>
Research Article Thu, 28 Mar 2019 00:00:00 +0200
Provably Secure Ciphertext-Policy Attribute-Based Encryption from Identity-Based Encryption https://lib.jucs.org/article/22589/ JUCS - Journal of Universal Computer Science 25(3): 182-202

DOI: 10.3217/jucs-025-03-0182

Authors: Yi-Fan Tseng, Chun-I Fan, Chih-Wen Lin

Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) is an access control mechanism where a data provider encrypts a secret message and then sends the ciphertext to the receivers according to the access policy which she/he decides. If the attributes of the receivers match the access policy, then they can decrypt the ciphertext. This paper shows a relation between CP-ABE and identity-based encryption (IBE), and presents a bi-directional conversion between an access structure and identities. By the proposed conversion, the CP-ABE scheme constructed from an IBE scheme will inherit the features, such as constant-size ciphertexts and anonymity, from the IBE scheme, and vice versa. It turns out that the proposed conversion also gives the first CP-ABE achieving access structures with wildcard and constant-size ciphertexts/private keys. Finally, we prove the CCA security for confidentiality and anonymity.

HTML

XML

PDF

]]>
Research Article Thu, 28 Mar 2019 00:00:00 +0200
Methods for Information Hiding in Open Social Networks https://lib.jucs.org/article/22577/ JUCS - Journal of Universal Computer Science 25(2): 74-97

DOI: 10.3217/jucs-025-02-0074

Authors: Jędrzej Bieniasz, Krzysztof Szczypiorski

Abstract: This paper summarizes research on methods for information hiding in Open Social Networks. The first contribution is the idea of StegHash, which is based on the use of hashtags in various open social networks to connect multimedia files (such as images, movies, songs) with embedded hidden data. The proof of concept was implemented and tested using a few social media services. The experiments confirmed the initial idea. Next, SocialStegDisc was designed as an application of the StegHash method by combining it with the theory of filesystems. SocialStegDisc provides the basic set of operations for files, such as creation, reading or deletion, by implementing the mechanism of a linked list. It establishes a new kind of mass-storage characterized by unlimited data space, but limited address space where the limitation is the number of the hashtags' unique permutations. The operations of the original StegHash method were optimized by trade-offs between the memory requirements and computation time. Features and limitations were identified and discussed. The proposed system broadens research on a completely new area of threats in social networks.

HTML

XML

PDF

]]>
Research Article Thu, 28 Feb 2019 00:00:00 +0200
SOMSteg - Framework for Covert Channel, and its Detection, within HTTP https://lib.jucs.org/article/23379/ JUCS - Journal of Universal Computer Science 24(7): 864-891

DOI: 10.3217/jucs-024-07-0864

Authors: Waldemar Graniszewski, Jacek Krupski, Krzysztof Szczypiorski

Abstract: Due to high efficiency and relatively ease of use, application-layer covert channels, especially HyperText Transfer Protocol (HTTP), have been extensively studied in recent years. This paper extends a new steganographic method where the covert channel is created within the HTTP protocol header, i.e., trailer field. HTTP is the most popular protocol for browsing the Internet and gives the possibility of information sharing. The popularity of HTTP traffic is one of the requirements for undetectable message exchange. This paper presents SOMSteg - a framework for a covert channel, and its detection as a countermeasure, within HTTP. The server's and client's parts are implemented in the JavaScript language and based on the Node.js. Several machine learning techniques can be used for anomaly detection. We tested the detection possibility of such hidden communication by Self Organizing Maps (SOMs). SOMs were also used for tuning the parameters of the covert channel settings within the HTTP trailer. The results of the performed studies are also presented.

HTML

XML

PDF

]]>
Research Article Sat, 28 Jul 2018 00:00:00 +0300
WoDiCoF - A Testbed for the Evaluation of (Parallel) Covert Channel Detection Algorithms https://lib.jucs.org/article/23219/ JUCS - Journal of Universal Computer Science 24(5): 556-576

DOI: 10.3217/jucs-024-05-0556

Authors: Ralf Keidel, Steffen Wendzel, Sebastian Zillien, Eric Conner, Georg Haas

Abstract: With the increasing number of steganography-capable malware and the increasing trend of stealthy data exfiltrations, network covert channels are becoming a crucial security threat - also for critical infrastructures (CIs): network covert channels enable the stealthy remote-control of malware nested in a CI and allow to exfiltrate sensitive data, such as sensor values, firmware or configuration parameters. We present WoDiCoF, a distributed testbed, accessible for the international research community to perform a unified evaluation of detection algorithms for network covert channels. In comparison to existing works, our testbed is designed for upcoming big- data scenarios, in which huge traffic recordings must be analyzed for covert channels. It is the first testbed to allow the testing of parallel detection algorithms. To evaluateWoDiCoF, we took a detection algorithm published in ACM CCS/TISSEC, verified several of the original results and enhanced the understanding of its performance by considering previously unconsidered parameters. By parallelizing the algorithm, we could moreover achieve a speed-up of 2.89 with three nodes.

HTML

XML

PDF

]]>
Research Article Mon, 28 May 2018 00:00:00 +0300
A Fine-Grained Hardware Security Approach for Runtime Code Integrity in Embedded Systems https://lib.jucs.org/article/23154/ JUCS - Journal of Universal Computer Science 24(4): 515-536

DOI: 10.3217/jucs-024-04-0515

Authors: Xiang Wang, Weike Wang, Bin Xu, Pei Du, Lin Li, Muyang Liu

Abstract: Embedded systems are subjected to various adversaries including software attacks, physical attacks, and side channel attacks. Most of these malicious attacks can lead to the invalid execution of programs, and launch of destructive actions or reveal critical information. However, most previous security mechanisms suffer from coarse checking granularity and unacceptable performance overhead, due to strict restriction on system resources. This paper presents a fine-grained hardware-based security approach to ensure runtime code integrity in the embedded systems by offline profiling of the program features and runtime integrity check. We design a hardware implemented instruction stream integrity checker (ISIC) to perform runtime checking of pre-extracted features. Any invalid execution of the program will trigger the corresponding exception signal. We implement the ISIC with OR1200 processor on XC5VLX50T field-programmable gate array (FPGA). The experimental results show that the proposed approach can detect all the attacks destructing integrity of the instruction stream, and the performance overhead induced by the security mechanism is less than 3.45% according to the selected benchmarks.

HTML

XML

PDF

]]>
Research Article Sat, 28 Apr 2018 00:00:00 +0300
A New Hybrid Access Control Model for Security Policies in Multimodal Applications Environments https://lib.jucs.org/article/23146/ JUCS - Journal of Universal Computer Science 24(4): 392-416

DOI: 10.3217/jucs-024-04-0392

Authors: Hasiba Attia, Laid Kahloul, Saber Benharzallah

Abstract: New technologies as cloud computing and internet of things (IoT) has expanded the range of multimodal applications. This expansion, in several computing and heterogeneous environments, makes access control an important issue in multimodal applications. Indeed, a variety of access control models have been developed to address different aspects of security problems. The two most popular basic models are: Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). The both models RBAC and ABAC have their specific features and they can complement each other. For that, providing a hybrid model which considers both concepts "roles" as well as "attributes" has become an important research topic. This paper proposes a new access control model based principally on roles, attributes, access modes and the type of resources. An empirical method is applied to compare the new proposed model versus three existing models: RBAC, ABAC, and the hybrid model Attribute Enhanced RBAC (AERBAC). The results of the empirical method demonstrate that the new proposed model acquires the advantages of the two models RBAC and ABAC and avoids their limitations. In fact, the new proposed model reduces the complexity of security policies and allows expressing the fine granularity of systems without any explosion in the number of roles or rules in the security policy.

HTML

XML

PDF

]]>
Research Article Sat, 28 Apr 2018 00:00:00 +0300
Secure Method for Combining Cryptography with Iris Biometrics https://lib.jucs.org/article/23141/ JUCS - Journal of Universal Computer Science 24(4): 341-356

DOI: 10.3217/jucs-024-04-0341

Authors: Alawi Al-Saggaf

Abstract: Cryptography and biometrics are widely used in providing information security. Cryptographic systems rely on keys for secure information. Unlike biometric systems, the keys in cryptographic systems must be exactly reproducible and not strongly linked to the user identity. Each of the two systems has some issue associated with it. Combining cryptography and biometrics in a secure way can mitigate these issues. This paper presents a secure cryptographic authentication method based on the discrete logarithm problem. Through the security analysis of the proposed scheme, we prove that the security characteristics of the proposed scheme relative to the properties of the discrete logarithm problem. Based on the proposed scheme, a biometric cryptosystem is constructed. The proposed system evaluated using CASIA iris database from 70 different eyes, with 7 samples of each eye. Experimental results demonstrate that the proposed system is more effective, promising in terms of cope up to 21.41% percent of error bits within an iris code, and can generate up to 98 bits of the cryptographic key from the iris codes.

HTML

XML

PDF

]]>
Research Article Sat, 28 Apr 2018 00:00:00 +0300
Contactless Vulnerability Analysis using Google and Shodan https://lib.jucs.org/article/23138/ JUCS - Journal of Universal Computer Science 23(4): 404-430

DOI: 10.3217/jucs-023-04-0404

Authors: Kai Simon, Cornelius Moucha, Jörg Keller

Abstract: The increasing number of attacks on internet-based systems calls for security measures on behalf those systems' operators. Beside classical methods and tools for penetration testing, there exist additional approaches using publicly available search engines. We present an alternative approach using contactless vulnerability analysis with both classical and subject-specific search engines. Based on an extension and combination of their functionality, this approach provides a method for obtaining promising results for audits of IT systems, both quantitatively and qualitatively. We evaluate our approach and confirm its suitability for a timely determination of vulnerabilities in large-scale networks. In addition, the approach can also be used to perform vulnerability analyses of network areas or domains in unclear legal situations.

HTML

XML

PDF

]]>
Research Article Sat, 1 Apr 2017 00:00:00 +0300
Unified Description for Network Information Hiding Methods https://lib.jucs.org/article/23672/ JUCS - Journal of Universal Computer Science 22(11): 1456-1486

DOI: 10.3217/jucs-022-11-1456

Authors: Steffen Wendzel, Wojciech Mazurczyk, Sebastian Zander

Abstract: Until now hiding methods in network steganography have been described in arbitrary ways, making them difficult to compare. For instance, some publications describe classical channel characteristics, such as robustness and bandwidth, while others describe the embedding of hidden information. We introduce the first unified description of hiding methods in network steganography. Our description method is based on a comprehensive analysis of the existing publications in the domain. When our description method is applied by the research community, future publications will be easier to categorize, compare and extend. Our method can also serve as a basis to evaluate the novelty of hiding methods proposed in the future.

HTML

XML

PDF

]]>
Research Article Tue, 1 Nov 2016 00:00:00 +0200
Secure Control Applications in Smart Homes and Buildings https://lib.jucs.org/article/23507/ JUCS - Journal of Universal Computer Science 22(9): 1249-1273

DOI: 10.3217/jucs-022-09-1249

Authors: Friedrich Praus, Wolfgang Kastner, Peter Palensky

Abstract: With today's ongoing integration of heterogeneous building automation systems, increased comfort, energy efficiency, improved building management, sustainability as well as advanced applications such as active & assisted living scenarios become possible. These smart homes and buildings are implemented as decentralized systems, where embedded devices are connected via networks to exchange their data. Obviously, the demands - especially regarding security - increase: Secure communication becomes equally important as secure software being executed on the embedded devices. While the former has been addressed by standardization committees, manufacturers and researchers, until now the problem of secure control applications in this domain has not been addressed extensively. This leads to insecure and unprotected software being executed on the embedded devices. Thus, adversaries are capable of attacking building automation systems. This paper introduces an architecture for distributed control applications in smart homes and buildings, which tackles the problem on how to secure software running on different device classes. The following novelties are contributed: an application model capable of depicting control applications in a formal way, the concept of security attributes, being able to formally specify a security policy, and a framework, which allows the secure development and execution of control applications, and an enforcement of the defined security policies.

HTML

XML

PDF

]]>
Research Article Thu, 1 Sep 2016 00:00:00 +0300
Rewriting-Based Enforcement of Noninterference in Programs with Observable Intermediate Values https://lib.jucs.org/article/23356/ JUCS - Journal of Universal Computer Science 22(7): 956-991

DOI: 10.3217/jucs-022-07-0956

Authors: Afshin Lamei, Mehran Fallah

Abstract: Program rewriting is defined as transforming a given program into one satisfying some intended properties. This technique has recently been suggested as a means for enforcing security policies. In this paper, we propose rewriting mechanisms based on program dependence graphs to enforce noninterference in programs with observable intermediate values. We first formulate progress-insensitive and progress-sensitive noninterference for the programs of a model language. Then, we give rewriting mechanisms that correctively enforce such policies. The notion of corrective enforcement is also introduced. It is indeed a realization of transparent rewriting in which the good behaviors of the program are preserved irrespective of whether the program is secure or not. Unlike purely static mechanisms, our rewriting mechanisms allow tracking those points on dependence graphs that are actually traversed at run-time, thereby achieving transparency. The rewriting-based enforcement of noninterference also obviates the need for changing the run-time system, something that cannot be avoided in dynamic enforcement mechanisms. The proposed rewriters are provably sound and transparent for the class of programs whose loops can be analyzed for termination and any dependency in their dependence graphs definitely reflects the existence of a flow.

HTML

XML

PDF

]]>
Research Article Fri, 1 Jul 2016 00:00:00 +0300
On the Analysis and Detection of Mobile Botnet Applications https://lib.jucs.org/article/23128/ JUCS - Journal of Universal Computer Science 22(4): 567-588

DOI: 10.3217/jucs-022-04-0567

Authors: Ahmad Karim, Muhammad Khan, Aisha Siddiqa, Kim-Kwang Choo

Abstract: Mobile botnet phenomenon is gaining popularity among malware writers in order to exploit vulnerabilities in smartphones. In particular, mobile botnets enable illegal access to a victim's smartphone, can compromise critical user data and launch a DDoS attack through Command and Control (C&C). In this article, we propose a static analysis approach, DeDroid, to investigate botnet-specific properties that can be used to detect mobile applications with botnet intensions. Initially, we identify critical features by observing code behavior of the few known malware binaries having C&C features. Then, we compare the identified features with the malicious and benign applications of Drebin dataset. The results show against the comparative analysis that, Drebin dataset has 35% malicious applications which qualify as botnets. Upon closer examination, 90% of the potential botnets are confirmed as botnets. Similarly, for comparative analysis against benign applications having C&C features, DeDroid has achieved adequate detection accuracy. In addition, DeDroid has achieved high accuracy with negligible false positive rate while making decision for state-of-the-art malicious applications.

HTML

XML

PDF

]]>
Research Article Fri, 1 Apr 2016 00:00:00 +0300
Secure Channel Coding Schemes based on Algebraic-Geometric Codes over Hermitian Curves https://lib.jucs.org/article/23127/ JUCS - Journal of Universal Computer Science 22(4): 552-566

DOI: 10.3217/jucs-022-04-0552

Authors: Omar Alzubi, Thomas Chen, Jafar Alzubi, Hasan Rashaideh, Nijad Al-Najdawi

Abstract: Algebraic-Geometric (AG) codes are new paradigm in coding theory with promising performance improvements and diverse applications in point to point communications services and system security. AG codes offer several advantages over stateof-the art Reed-Solomon (RS) codes. Algebraic-Geometric Codes are proposed and implemented in this paper. The design, construction and implementation are investigated and a software platform has been developed. Simulation results are presented for the first time showing significant performance improvements of AG codes over RS codes using different modulation schemes. The superiority in error correcting and security of AG codes over RS codes has been demonstrated clearly when Rayleigh fading channel is used. Also the results show an obvious improvement when using higher modulation schemes, namely 16QAM and 64QAM.

HTML

XML

PDF

]]>
Research Article Fri, 1 Apr 2016 00:00:00 +0300
Web Data Amalgamation for Security Engineering: Digital Forensic Investigation of Open Source Cloud https://lib.jucs.org/article/23121/ JUCS - Journal of Universal Computer Science 22(4): 494-520

DOI: 10.3217/jucs-022-04-0494

Authors: Asif Imran, Shadi Aljawarneh, Kazi Sakib

Abstract: The largely distributed nature and growing demand for open source Cloud makes the infrastructure an ideal target for malicious attacks that grants unauthorized access to its data storage and posses a serious threat to Cloud software security. In case of any nefarious activity, the Cloud provenance information used by Digital Forensic experts to identify the issue is itself prone to tampering by the malicious entities and results in insecure software running in Cloud. This paper proposes a scheme that ensures Software Security and Security of Cloud provenance in a series of steps, the first of which involves binding the provenance journals with user-data from which those were derived. Next, mechanisms for merging provenance with unstructured web data for improved Security Intelligence (SI) is identified. Detection of attack models for nefarious malware activities in six Software as a Service (SaaS) applications running in real-life Cloud is taken as the research case and the performance of the proposed algorithms for those are analyzed. The Success Rates (SR) for melding the web data to secure provenance for the six specific SaaS applications are found to be 85.0554%, 96.7032%, 98.3871%, 93.9732%, 80.5000% and 84.9257% respectively. Hence, this paper proposes a framework for effectively ameliorating the current scheme of Cloud based Software Security, thereby achieving wider acceptance of open source Cloud.

HTML

XML

PDF

]]>
Research Article Fri, 1 Apr 2016 00:00:00 +0300
A Novel Similar Temporal System Call Pattern Mining for Efficient Intrusion Detection https://lib.jucs.org/article/23120/ JUCS - Journal of Universal Computer Science 22(4): 475-493

DOI: 10.3217/jucs-022-04-0475

Authors: Vangipuram Radhakrishna, Puligadda Kumar, Vinjamuri Janaki

Abstract: Software security pattern mining is the recent research interest among researchers working in the areas of security and data mining. When an application runs, several process and system calls associated are invoked in background. In this paper, the major objective is to identify the intrusion using temporal pattern mining. The idea is to find normal temporal system call patterns and use these patterns to identify abnormal temporal system call patterns. For finding normal system call patterns, we use the concept of temporal association patterns. The reference sequence is used to obtain temporal association system call patterns satisfying specified dissimilarity threshold. To find similar (normal) temporal system call patterns, we apply our novel method which performs only a single database scan, reducing unnecessary extra overhead incurred when multiple scans are performed thus achieving space and time efficiency. The importance of the approach coins from the fact that this is first single database scan approach in the literature. To find if a given process is normal or abnormal, it is just sufficient to verify if there exists a temporal system call pattern which is not similar to the reference system call support sequence for specified threshold. This eliminates the need for finding decision rules by constructing decision table. The approach is efficient as it eliminates the need for finding decision rules (2n is usually very large for even small value of n) and thus aims at efficient dimensionality reduction as we consider only similar temporal system call sequence for deciding on intrusion.

HTML

XML

PDF

]]>
Research Article Fri, 1 Apr 2016 00:00:00 +0300
Analysis of Permission-based Security in Android through Policy Expert, Developer, and End User Perspectives https://lib.jucs.org/article/23118/ JUCS - Journal of Universal Computer Science 22(4): 459-474

DOI: 10.3217/jucs-022-04-0459

Authors: Ajay Jha, Woo Lee

Abstract: Being one of the major operating system in smartphone industry, security in Android is paramount importance to end users. Android applications are published through Google Play Store which is an official marketplace for Android. If we have to define the current security policy implemented by Google Play Store for publishing Android applications in one sentence then we can write it as "all are suspect but innocent until proven guilty". It means an application does not have to go through rigorous security review to be accepted for publication. It is assumed that all the applications are benign which does not mean it will remain so in future. If any application is found doing suspicious activities then the application will be categorized as malicious and it will be removed from the Play Store. Though filtering of malicious applications is performed at Play Store, some malicious applications escape the filtering process. Thus, it becomes necessary to take strong security measures at other levels. Security in Android can be enforced at system and application levels. At system level Android uses sandboxing technique while at application level it uses permission. In this paper, we analyze the permission-based security implemented in Android through three different perspectives - policy expert, developer, and end user.

HTML

XML

PDF

]]>
Research Article Fri, 1 Apr 2016 00:00:00 +0300
Creativity in Mind: Evaluating and Maintaining Advances in Network Steganographic Research https://lib.jucs.org/article/23758/ JUCS - Journal of Universal Computer Science 21(12): 1684-1705

DOI: 10.3217/jucs-021-12-1684

Authors: Steffen Wendzel, Carolin Palmer

Abstract: The research discipline of network steganography deals with the hiding of information within network transmissions, e.g. to transfer illicit information in networks with Internet censorship. The last decades of research on network steganography led to more than hundred techniques for hiding data in network transmissions. However, previous research has shown that most of these hiding techniques are either based on the same idea or introduce limited novelty, enabling the application of existing countermeasures. In this paper, we provide a link between the field of creativity and network steganographic research. We propose a framework and a metric to help evaluating the creativity bound to a given hiding technique. This way, we support two sides of the scientific peer review process as both authors and reviewers can use our framework to analyze the novelty and applicability of hiding techniques. At the same time, we contribute to a uniform terminology in network steganography.

HTML

XML

PDF

]]>
Research Article Tue, 1 Dec 2015 00:00:00 +0200
Restricted Identification Secure in the Extended Canetti-Krawczyk Model https://lib.jucs.org/article/23038/ JUCS - Journal of Universal Computer Science 21(3): 419-439

DOI: 10.3217/jucs-021-03-0419

Authors: Lucjan Hanzlik, Mirosław Kutyłowski

Abstract: In this paper we consider restricted identification (RI) protocols which enable strongauthentication and privacy protection for access control in an unlimited number of domains. A single secret key per user is used to authenticate and derive his identity within any domain,while the number of domains is unlimited and the scheme guarantees unlinkability between identities of the same user in different domains. RI can be understood as an universal solution thatmay replace unreliable login and password mechanisms. It has to secure against adversaries that gather personal data by working on a global scale, e.g. by breaking into one service for gettingpasswords that a user frequently re-uses at different places. We consider security of an extended version of the Chip Authentication Restricted Identification(ChARI) protocol presented at the 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012). We preserve the features of ChARI (avoidingthe critical security problems of group keys in the RI solution deployed in the German personal identity cards), but provide security proof in the well-studied Canetti-Krawczyk model (sucha proof has not been provided for ChARI). Our extension has similar computational complexity as the original ChARI protocol in terms of the number of modular exponentiations.

HTML

XML

PDF

]]>
Research Article Sun, 1 Mar 2015 00:00:00 +0200
Polymorphic Malicious JavaScript Code Detection for APT Attack Defence https://lib.jucs.org/article/23035/ JUCS - Journal of Universal Computer Science 21(3): 369-383

DOI: 10.3217/jucs-021-03-0369

Authors: Junho Choi, Chang Choi, Ilsun You, Pankoo Kim

Abstract: The majority of existing malware detection techniques detects malicious codes by identifying malicious behavior patterns. However, they have difficulty identifying new or modified malicious behaviors; consequently, new techniques that can effectively and accurately detect new malicious behaviors are crucial. This paper proposes a method that defines the malicious behaviors of malware using conceptual graphs that are able to describe their concepts and the relationships among them and, consequently, infer their malicious behavior patterns. The inferred patterns are then learned by a Support Vector Machine (SVM) classifier that compares and classifies the behaviors as either normal or malicious. The results of experiments conducted verify that the proposed method detects malicious codes more efficiently than conventional methods. In the experimental results, it exhibits a better detection rate than that of malicious code detection methods that rely solely on the signature based approach. This suggests that the proposed method is not only suitable for detection of malicious codes, but is also more efficient than other detection methods as it combines the advantages of more than two malicious code detection methods.

HTML

XML

PDF

]]>
Research Article Sun, 1 Mar 2015 00:00:00 +0200
Observations of Skipjack-like Structure with SP/SPS Round Function https://lib.jucs.org/article/23930/ JUCS - Journal of Universal Computer Science 19(16): 2453-2471

DOI: 10.3217/jucs-019-16-2453

Authors: Ting Cui, Chenhui Jin, Guoshuang Zhang

Abstract: Impossible differential cryptanalysis is an important tool for evaluating the security level of a block cipher, and the key step of this cryptanalysis is to find the longest impossible differential. This paper focuses on retrieving impossible differentials for m-cell Skipjack-like structure with SP/SPS round function (named SkipjackSP and SkipjackSPS resp.). Up to now, known longest impossible differentials in m-cell Skipjack-like structures is m2 rounds. In this paper, we provide some new m2 rounds impossible differentials for these two structures. Further, we prove that if P layer is chosen from binary matrices, we can always retrieve m2 + 1 rounds impossible differentials for these two structures, and m2 + 2 rounds impossible differentials for SkipjackSP. Moreover, if P layer satisfies some satiable conditions, we may further obtain m2 + 2 rounds impossible differential for SkipjackSPS. Our results show that we should choose P layer carefully when employing these two structures.

HTML

XML

PDF

]]>
Research Article Tue, 1 Oct 2013 00:00:00 +0300
Applying Professional Solutions within the Educational Environments by Means of Cloud Computing: Coaching for Teachers https://lib.jucs.org/article/23725/ JUCS - Journal of Universal Computer Science 19(12): 1703-1717

DOI: 10.3217/jucs-019-12-1703

Authors: Habib Fardoun, Abdulfattah Mashat, Sebastián López

Abstract: In a world where the most used sentences is: "I haven't got the time..." Information Technologies (IT) plays an important role in supporting our daily work, including in everyday educational settings. Such technologies can aid a complete educational system to function successfully so to help the whole school educational life. For this to prove, we present the "Coaching for Teacher" system, a personal technological conversational coach; it aims to provide solutions to overcome difficulties that teachers face during their teaching and learning process. In real time, a teacher can appeal and seek advice rapidly by comfortably talking to an agent. In this paper, we present the steps we followed to design and develop this agent-based application, and a case study conducted in an educational centre for proof that the concept works in an authentic educational environment.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jun 2013 00:00:00 +0300
Interactive Design System for Schools using Cloud Computing https://lib.jucs.org/article/23321/ JUCS - Journal of Universal Computer Science 19(7): 950-964

DOI: 10.3217/jucs-019-07-0950

Authors: Habib Fardoun, Bassam Zafar, Abdulrahman Altalhi, Antonio Paules

Abstract: The design of an educational system involves a good understanding of the whole school environment in order to find the correct approach to develop a comprehensive educational system that will meet real educational needs in their operation. This article describes a design model for an educational system based on the teaching methods applied in the Spanish classrooms, which takes into account new advances in technology, while preserving the current teaching methods in the classroom to ensure a quality teaching and learning process. This development has been achieved by combining technological components such as Cloud Computing, Web Services and Distributed User Interfaces. The proposed system is based on a systematic approach where different phases are implemented, containing workflows and stages.

HTML

XML

PDF

]]>
Research Article Mon, 1 Apr 2013 00:00:00 +0300
Engineering Security into Distributed Systems: A Survey of Methodologies https://lib.jucs.org/article/23985/ JUCS - Journal of Universal Computer Science 18(20): 2920-3006

DOI: 10.3217/jucs-018-20-2920

Authors: Anton Uzunov, Eduardo Fernandez, Katrina Falkner

Abstract: Rapid technological advances in recent years have precipitated a general shift towards software distribution as a central computing paradigm. This has been accompanied by a corresponding increase in the dangers of security breaches, often causing security attributes to become an inhibiting factor for use and adoption. Despite the acknowledged importance of security, especially in the context of open and collaborative environments, there is a growing gap in the survey literature relating to systematic approaches (methodologies) for engineering secure distributed systems. In this paper, we attempt to fill the aforementioned gap by surveying and critically analyzing the state-of-the-art in security methodologies based on some form of abstract modeling (i.e. model-based methodologies) for, or applicable to, distributed systems. Our detailed reviews can be seen as a step towards increasing awareness and appreciation of a range of methodologies, allowing researchers and industry stakeholders to gain a comprehensive view of the field and make informed decisions. Following the comprehensive survey we propose a number of criteria reflecting the characteristics security methodologies should possess to be adopted in real-life industry scenarios, and evaluate each methodology accordingly. Our results highlight a number of areas for improvement, help to qualify adoption risks, and indicate future research directions.

HTML

XML

PDF

]]>
Research Article Sat, 1 Dec 2012 00:00:00 +0200
New Results of Related-key Attacks on All Py-Family of Stream Ciphers https://lib.jucs.org/article/23721/ JUCS - Journal of Universal Computer Science 18(12): 1741-1756

DOI: 10.3217/jucs-018-12-1741

Authors: Lin Ding, Jie Guan, Wen-long Sun

Abstract: The stream cipher TPypy has been designed by Biham and Seberry in January 2007 as the strongest member of the Py-family of stream ciphers. At Indocrypt 2007, Sekar, Paul and Preneel showed related-key weaknesses in the Py-family of stream ciphers including the strongest member TPypy. Furthermore, they modified the stream ciphers TPypy and TPy to generate two fast ciphers, namely RCR-32 and RCR-64, in an attempt to rule out all the attacks against the Py-family of stream ciphers. So far there exists no attack on RCR-32 and RCR-64. In this paper, we show that the related-key weaknesses can be still used to construct related-key distinguishing attacks on all Py-family of stream ciphers including the modified versions RCR-32 and RCR-64. Under related keys, we show distinguishing attacks on RCR-32 and RCR-64 with data complexity 2139.3 and advantage greater than 0.5. We also show that the data complexity of the distinguishing attacks on Py-family of stream ciphers proposed by Sekar et al. can be reduced fromto. These results constitute the best attacks on the strongest members of the Py-family of stream ciphers Tpypy, RCR-32 and RCR-64. By modifying the key setup algorithm, we propose two new stream ciphers TRCR-32 and TRCR-64 which are derived from RCR-32 and RCR-64 respectively. Based on our security analysis, we conjecture that no attacks lower than brute force are possible on TRCR-32 and TRCR-64 stream ciphers.

HTML

XML

PDF

]]>
Research Article Thu, 28 Jun 2012 00:00:00 +0300
Security Analysis of Three Password Authentication Schemes https://lib.jucs.org/article/30011/ JUCS - Journal of Universal Computer Science 17(11): 1623-1633

DOI: 10.3217/jucs-017-11-1623

Authors: Kyung-Ah Shim

Abstract: In this paper, we show that a verifier-based password authentication scheme and two remote user authentication schemes are insecure against several active attacks. These results demonstrate that no more password authentication schemes should be constructed with such ad-hoc methods, i.e, the formal design methodology using provable security should be employed.

HTML

XML

PDF

]]>
Research Article Fri, 1 Jul 2011 00:00:00 +0300
Performance Evaluation of Snort under Windows 7 and Windows Server 2008 https://lib.jucs.org/article/30010/ JUCS - Journal of Universal Computer Science 17(11): 1605-1622

DOI: 10.3217/jucs-017-11-1605

Authors: Khaled Salah, Mojeeb-Al-Rhman Al-Khiaty, Rashad Ahmed, Adnan Mahdi

Abstract: Snort is the most widely deployed network intrusion detection system (NIDS) worldwide, with millions of downloads to date. PC-based Snort typically runs on either Linux or Windows operating systems. In this paper, we present an experimental evaluation and comparison of the performance of Snort NIDS when running under the two newly released operating systems of Windows 7 and Windows Server 2008. Snort's performance is measured when subjecting a PC host running Snort to both normal and malicious traffic. Snort's performance is evaluated and compared in terms of throughput and packet loss. In order to offer sound interpretations and get a better insight into the behaviour of Snort, we also measure the packet loss encountered at the kernel level. In addition, we study the impact of running Snort under different system configurations which include CPU scheduling priority given to user applications or kernel services, uni and multiprocessor environment, and processor affinity.

HTML

XML

PDF

]]>
Research Article Fri, 1 Jul 2011 00:00:00 +0300
A Trusted Computing Identity Collation Protocol to Simplify Deployment of New Disaster Response Devices https://lib.jucs.org/article/29674/ JUCS - Journal of Universal Computer Science 16(9): 1139-1151

DOI: 10.3217/jucs-016-09-1139

Authors: Peter Danner, Daniel Hein

Abstract: The use of modern computing equipment by emergency service units in a disaster area assures increased efficiency during disaster response. Emergency devices must be easy to use and secure. Trusted Computing is a promising approach to help protect the software integrity of commodity emergency devices and thus increase their security. To efficiently use Trusted Computing in an emergency scenario it is necessary to establish an initial trust relationship between the emergency infrastructure providers and a user, her devices, and the software running on those devices. Currently, this requires physical presence of the involved entities. In this paper we propose a remote protocol that employs electronic identity facilities and Trusted Computing to aggregate the identity of a user, the identity of her devices and a set of trusted software states as well as the users facilities and skills. Such a protocol alleviates the need for physical presence. Thus, the protocol facilitates deployment of new electronic emergency equipment, while maintaining a high level of security. We belief that such a protocol is an important step in the process of introducing new capabilities for disaster response.

HTML

XML

PDF

]]>
Research Article Sat, 1 May 2010 00:00:00 +0300
VIMM: Runtime Integrity Measurement of a Virtualized Operating System https://lib.jucs.org/article/29618/ JUCS - Journal of Universal Computer Science 16(4): 554-576

DOI: 10.3217/jucs-016-04-0554

Authors: Chun Suen

Abstract: This paper discusses the design of the Virtualization Integrity Measurement Monitor (VIMM) framework, which aims to provide runtime integrity measurement of a virtualized guest OS. Kernel memory and additional hardware state changes are constantly monitored and aggregated into a combined guest OS state, which is reported to a Trusted Platform Module (TPM), thus providing a trusted integrity measurement in runtime. This measurement can then be used for data protection (sealing of secret keys) and remote attestation based on the runtime integrity of the guest OS.

HTML

XML

PDF

]]>
Research Article Sun, 28 Feb 2010 00:00:00 +0200
Towards a Virtual Trusted Platform https://lib.jucs.org/article/29613/ JUCS - Journal of Universal Computer Science 16(4): 531-542

DOI: 10.3217/jucs-016-04-0531

Authors: Martin Pirker, Ronald Toegl

Abstract: The advances and adoption of Trusted Computing and hardware assisted virtualisation technologies in standard PC platforms promise new approaches in building a robust virtualisation platform for security sensitive software modules. The amalgam of these technologies allows an attractive off-the-shelf environment, capable of supporting security levels potentially higher than commonly deployed today. This article proposes a practical approach of combining technology elements available today to create such a platform using available components. The design supports operating high-security and low-security compartments side by side. The high security compartment is able to use the functionality of the Trusted Platform Module. The low security compartment is isolated through hardware-assisted virtualisation. The platform boots via Intel Trusted Execution Technology to resist manipulation. We discuss the building blocks of the architecture and present a number of open research challenges.

HTML

XML

PDF

]]>
Research Article Sun, 28 Feb 2010 00:00:00 +0200
Graph-Based Approach to the Edit Distance Cryptanalysis of Irregularly Clocked Linear Feedback Shift Registers https://lib.jucs.org/article/29532/ JUCS - Journal of Universal Computer Science 15(15): 2981-2998

DOI: 10.3217/jucs-015-15-2981

Authors: Pino Caballero-Gil, Amparo Fúster-Sabater, Candelaria Hernández-Goya

Abstract: This paper proposes a speed-up of a known-plaintext attack on some stream ciphersbased on Linear Feedback Shift Registers (LFSRs). The algorithm consists of two basic steps: first, to guess the initial seed value of one of the LFSRs, and then to use the resulting binarysequence in order to deduce useful information about the cipher parameters. In particular, the proposed divide-and-conquer attack is based on a combination of graph-based techniques withedit distance concepts. While the original edit distance attack requires the exhaustive search over the set of all possible initial states of the involved LFSR, this work presents a new heuristic op-timization that avoids the evaluation of an important number of initial states through the identification of the most promising branches of the search graph. The strongest aspects of the proposalare the facts that the obtained results from the attack are absolutely deterministic, and that many inconsistent initial states of the target LFSRs are recognized and avoided during search.

HTML

XML

PDF

]]>
Research Article Tue, 1 Sep 2009 00:00:00 +0300
Light-Weight Key Exchange with Different Passwords in the Standard Model https://lib.jucs.org/article/29366/ JUCS - Journal of Universal Computer Science 15(5): 1042-1064

DOI: 10.3217/jucs-015-05-1042

Authors: Jeong Kwon, Ik Jeong, Dong Lee

Abstract: In this paper, we consider password-based authenticated key exchange with different passwords, where the users only share a password with the trusted server but do not share between themselves. The server helps the users share a cryptographically secure session key by using their different passwords. We propose a light-weight password-based authenticated key exchange protocol with different passwords, i.e., it requires only 2 rounds and 4 modular exponentiations per user. The protocol provides forward secrecy, known-key secrecy, key secrecy against the curious server, and security against undetectable online dictionary attacks without random oracles.

HTML

XML

PDF

]]>
Research Article Sun, 1 Mar 2009 00:00:00 +0200
Protecting Mobile TV Multimedia Content in DVB/GPRS Heterogeneous Wireless Networks https://lib.jucs.org/article/29362/ JUCS - Journal of Universal Computer Science 15(5): 1023-1041

DOI: 10.3217/jucs-015-05-1023

Authors: Shiguo Lian, Yan Zhang

Abstract: Normally, the multimedia content provider and network service providers are separated in mobile TV systems. The TV programs are broadcasted from the content provider to the mobile terminals through Digital Video Broadcasting Transmission System for Handheld Terminals (DVB-H), and the access information is unicasted from the service provider to the user via General Packet Radio Services (GPRS) networks. Due to the network architecture heterogeneity, protocols variation and algorithms difference, securing mobile TV content is becoming a significant challenge. In this paper, we present the architecture, protocol, user identification and digital right management (DRM) for protecting mobile TV multimedia content. The network architecture describes the integrated DVB-H and GPRS to provide secure mobile TV services. The efficient protocols and algorithms are proposed to encrypt the content and also decrypt the coded content. The user identification is able to identify the legal user by matching the username-password pair or the scanned fingerprint. The DRM is able to protect the data from both DVB-H and GPRS. Following this framework, the illegal usage of the mobile TV services can be efficiently prevented and the real-time multimedia Quality-of-Service (QoS) with respect to delay can be guaranteed. The real implementation has demonstrated the effectiveness of the multimedia content protection in the heterogeneous mobile networks. In addition, the delay is sufficiently low to provide live TV.

HTML

XML

PDF

]]>
Research Article Sun, 1 Mar 2009 00:00:00 +0200
DS RBAC - Dynamic Sessions in Role Based Access Control https://lib.jucs.org/article/29323/ JUCS - Journal of Universal Computer Science 15(3): 538-554

DOI: 10.3217/jucs-015-03-0538

Authors: Joerg Muehlbacher, Christian Praher

Abstract: Besides the well established access control models, Discretionary Access Control (DAC) and Mandatory Access Control (MAC), the policy neutral Role Based Access Control (RBAC) is gaining increasingly momentum. An important step towards a wide acceptance of RBAC has been achieved by the standardization of RBAC through the American National Standards Institute (ANSI) in 2004. While the concept of sessions specified in the ANSI RBAC standard allows for differentiated role selections according to tasks that have to be performed by users, it is very likely that more roles will be activated in a session than are effectively needed to perform the intended activity. Dynamic Sessions in RBAC (DS RBAC) is an extension to the existing RBAC ANSI standard that dynamically deactivates roles in a session if they are not exercised for a certain period of time. This allows for the selection of an outer-shell of possibly needed permissions at the initation of a session through a user, while adhering to the principle of least privilege by automatically reducing the effective permission space to those roles really exercised in the session. Analogous to the working set model known from virtual memory, only the minimal roles containing permissions recently exercised by the user are left in a session in the DS RBAC model. If the user tries to access a role that has aged out due to inactivity, a role fault occurs. A role fault can be resolved by the role fault handler that is responsible for re-activating the expired role. As will be presented in this paper, role re-activation may be subject to constraints that have to be fulfilled by the user in order to re-access the aged role.

HTML

XML

PDF

]]>
Research Article Sun, 1 Feb 2009 00:00:00 +0200
Stability in Heterogeneous Multimedia Networks under Adversarial Attacks https://lib.jucs.org/article/29316/ JUCS - Journal of Universal Computer Science 15(2): 444-464

DOI: 10.3217/jucs-015-02-0444

Authors: Dimitrios Koukopoulos

Abstract: A distinguishing feature of today's large-scale platforms for multimedia distribution and communication, such as the Internet, is their heterogeneity, predominantly manifested by the fact that a variety of communication protocols are simultaneously running over different hosts. A fundamental question that naturally arises for such common settings of heterogeneous multimedia systems concerns the presence (or not) of stability properties when individual greedy, contention-resolution protocols are composed in a large packet-switched multimedia network. A network is stable under a greedy protocol (or a composition of protocols) if, for any adversary of injection rate less than 1, the number of packets in the network remains bounded at all times. We focus on a basic adversarial model for packet arrival and path determination for which the time-averaged arrival rate of packets requiring a single edge is no more than 1. Within this framework, we study the property of stability under various compositions of contention-resolution protocols (such as LIS (Longest-in-System), FIFO (First-In-First-Out), FFS (Furthest-from-Source), and NTG (Nearest-to-Go)) and different packet trajectories trying to characterise this property in terms of network topologies. Such a characterisation provides us with the family of network topologies that, under specific compositions of protocols, can be made unstable by some adversarial traffic pattern. Finally, we present an experimental evaluation of the stability behaviour of specific network constructions with different protocol compositions under an adversarial strategy. Interestingly, some of our results indicate that such a composition leads to worst stability behaviour than having a single unstable protocol for contention-resolution. This suggests that the potential for instability incurred by the composition of protocols may be worse than that of any single protocol.

HTML

XML

PDF

]]>
Research Article Wed, 28 Jan 2009 00:00:00 +0200
Non-repudiation Mechanism of Agent-based Mobile Payment Systems: Perspectives on Wireless PKI https://lib.jucs.org/article/29143/ JUCS - Journal of Universal Computer Science 14(14): 2309-2328

DOI: 10.3217/jucs-014-14-2309

Authors: Chung-Ming Ou, Chung-Ren Ou

Abstract: Non-repudiation of a mobile payment transaction ensures that when a buyer (B) sends some messages to a seller (S), neither B nor S can deny having participated in this transaction. An evidence of a transaction is generated by wireless PKI (WPKI) mechanism such that B and S cannot repudiate sending and receiving the purchase order respectively. Broker generates a mobile agent for B which carries encrypted purchase order to S. A trusted third party (TTP) acts as a lightweight notary for evidence generations. One advantage of this agent-based non-repudiation protocol is to reduce inconvenience for mobile clients such as connection time and search for suitable merchant servers, etc.; it provides necessary security mechanisms for fair mobile payment transactions.

HTML

XML

PDF

]]>
Research Article Mon, 28 Jul 2008 00:00:00 +0300
ASM Refinement Preserving Invariants https://lib.jucs.org/article/29108/ JUCS - Journal of Universal Computer Science 14(12): 1929-1948

DOI: 10.3217/jucs-014-12-1929

Authors: Gerhard Schellhorn

Abstract: This paper gives a definition of ASM refinement suitable for the verification that a protocol implements atomic transactions. We used this definition as the basis of the formal verification of the refinements of the Mondex case study with the interactive theorem prover KIV. The refinement definition we give differs from the one we gave in earlier work which preserves partial and total correctness assertions of ASM runs. The reason is that the main goal of the refinement of the Mondex protocol is to preserve a security invariant, while total correctness is not preserved. To preserve invariants, the definition of generalized forward simulation is limited to the use of "small" diagrams, which contain of a single protocol step. We show a technique that allows to use the natural "big" diagrams that consist of an atomic action being refined by a full protocol run.

HTML

XML

PDF

]]>
Research Article Sat, 28 Jun 2008 00:00:00 +0300
Efficient k-out-of-n Oblivious Transfer Schemes https://lib.jucs.org/article/28953/ JUCS - Journal of Universal Computer Science 14(3): 397-415

DOI: 10.3217/jucs-014-03-0397

Authors: Cheng-Kang Chu, Wen-Guey Tzeng

Abstract: Oblivious transfer is an important cryptographic protocol in various security applications. For example, in on-line transactions, a k-out-of-n oblivious transfer scheme allows a buyer to privately choose k out of n digital goods from a merchant without learning information about other n-k goods. In this paper, we propose several efficient two-round k-out-of-n oblivious transfer schemes, in which the receiver R sends O(k) messages to the sender S, and S sends O(n) messages back to R. The schemes provide unconditional security for either sender or receiver. The computational security for the other side is based on the Decisional Diffie-Hellman (DDH) or Chosen-Target Computational Diffie-Hellman (CT-CDH) problems. Our schemes have the nice property of universal parameters, that is, each pair of R and S need not hold any secret before performing the protocol. The system parameters can be used by all senders and receivers without any trapdoor specification. In some cases, our OTkn schemes are the most efficient ones in terms of the communication cost, either in rounds or the number of messages. Moreover, one of our schemes is extended to an adaptive oblivious transfer scheme. In that scheme, S sends O(n) messages to R in one round in the commitment phase. For each query of R, only O(1) messages are exchanged and O(1) operations are performed. The preliminary version of this paper was published at PKC '05 [Chu and Tzeng 2005].

HTML

XML

PDF

]]>
Research Article Fri, 1 Feb 2008 00:00:00 +0200
New Results on NMAC/HMAC when Instantiated with Popular Hash Functions https://lib.jucs.org/article/28951/ JUCS - Journal of Universal Computer Science 14(3): 347-376

DOI: 10.3217/jucs-014-03-0347

Authors: Christian Rechberger, Vincent Rijmen

Abstract: Message Authentication Code (MAC) algorithms can provide cryptographically secure authentication services. One of the most popular algorithms in commercial applications is HMAC based on the hash functions MD5 or SHA-1. In the light of new collision search methods for members of the MD4 family including SHA-1, the security of HMAC based on these hash functions is reconsidered. We present a new method to recover both the inner- and the outer key used in HMAC when instantiated with a concrete hash function by observing text/MAC pairs. In addition to collisions, also other non-random properties of the hash function are used in this new attack. Among the examples of the proposed method, the first theoretical full key recovery attack on NMAC-MD5 is presented. Other examples are distinguishing, forgery and partial or full key recovery attacks on NMAC/HMAC-SHA-1 with a reduced number of steps (up to 62 out of 80). This information about the new, reduced security margin serves as an input to the selection of algorithms for authentication purposes.

HTML

XML

PDF

]]>
Research Article Fri, 1 Feb 2008 00:00:00 +0200
Internet Payment System: A New Payment System for Internet Transactions https://lib.jucs.org/article/28769/ JUCS - Journal of Universal Computer Science 13(4): 479-503

DOI: 10.3217/jucs-013-04-0479

Authors: Zoran Đurić, Ognjen Marić, Dragan Gašević

Abstract: Payment systems need to address a number of security issues in order to be an effective and secure means of transferring payments across the Internet. To be accessible to a wider audience, they also need to be easy to use for their end-users (customers and merchants). Trying to address these issues, we created the Internet Payment System (IPS). IPS tries to combine the advantages of several existing payment systems. While strong emphasis is made on the mobility and ease of use for its customers, IPS still retains strong security properties. It achieves privacy, integrity, authentication and non-repudiation by using different cryptographic algorithms and techniques. To demonstrate that the protocol satisfies the desired security properties, we use a recently proposed tool for formal verification, called AVISPA.

HTML

XML

PDF

]]>
Research Article Sat, 28 Apr 2007 00:00:00 +0300
RSA-based Certified Delivery of E-Goods Using Verifiable and Recoverable Signature Encryption https://lib.jucs.org/article/28346/ JUCS - Journal of Universal Computer Science 11(1): 175-192

DOI: 10.3217/jucs-011-01-0175

Authors: Aleksandra Nenadic, Ning Zhang, Barry Cheetham, Carole Goble

Abstract: Delivering electronic goods over the Internet is one of the e-commerce applications that will proliferate in the coming years. Certified e-goods delivery is a process where valuable e-goods are exchanged for an acknowledgement of their reception. This paper proposes an efficient security protocol for certified e-goods delivery with the following features: (1) it ensures strong fairness for the exchange of e-goods and proof of reception, (2) it ensures non-repudiation of origin and non-repudiation of receipt for the delivered e-goods, (3) it all ows the receiver of e-goods to verify, during the exchange process, that the e-goods to be received are the one he is signing the receipt for, (4) it uses an off-line and transparent semi-trusted third party (STTP) only in cases when disput es arise, (5) it provides the confidentiality protection for the exchanged items from the STTP, and (6) achieves these features with less computational and communicational overheads than related protocols.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jan 2005 00:00:00 +0200
ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention https://lib.jucs.org/article/28341/ JUCS - Journal of Universal Computer Science 11(1): 83-103

DOI: 10.3217/jucs-011-01-0083

Authors: Sachin Joglekar, Stephen Tate

Abstract: Intrusion Detection Systems (IDS) are responsible for monitoring and analyzing host or network activity to detect intrusions in order to protect information from unauthorized access or manipulation. There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature_based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot detect unknown attacks for which there is no signature available. Anomaly-based detection uses machine-learning techniques to create a profile of normal system behavior and uses this profile to detect deviations from the normal behavior. Although this technique is effective in detecting unknown attacks, it has a drawback of a high false alarm rate. In this paper, we describe our anomaly_based IDS designed for detecting malicious use of cryptographic and application-level protocols. Our system has several unique characteristics and benefits, such as the ability to monitor cryptographic protocols and application-level protocols embedded in encrypted sessions, a very lightweight monitoring process, and the ability to react to protocol misuse by modifying protocol response directly.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jan 2005 00:00:00 +0200
Increasing Robustness of LSB Audio Steganography by Reduced Distortion LSB Coding https://lib.jucs.org/article/28338/ JUCS - Journal of Universal Computer Science 11(1): 56-65

DOI: 10.3217/jucs-011-01-0056

Authors: Nedeljko Cvejic, Tapio Seppänen

Abstract: In this paper, we present a novel high bit rate LSB audio watermark ing method that reduces embedding distortion of the host audio. Using the proposed twostep algorithm, watermark bits are embedded into higher LSB layers, resulting in increased robustness against noise addition. In addition, listening tests showed that perceptual quality of watermarked audio is higher in the case of the proposed method than in the standard LSB method.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jan 2005 00:00:00 +0200
Sliding Window Protocol for Secure Group Communication in Ad-Hoc Networks https://lib.jucs.org/article/28336/ JUCS - Journal of Universal Computer Science 11(1): 37-55

DOI: 10.3217/jucs-011-01-0037

Authors: In Khor, Johnson Thomas, Istvan Jonyer

Abstract: Existing ad hoc routing protocols are either unicast or multicast. In this paper we propose a simple extension to the Dynamic Source Routing Protocol (DSR) to cater for group communications where all node addresses are unicast addresses and there is no single multicast address. The proposed sliding window protocol for multiple communications results in significant improvement in total packet delivery. Due to the high frequency of mobility, attrition and reinforcement in ad hoc networks, in order to preserve confidentiality, it becomes necessary to rekey each time a member enters or leaves a logically defined group. We compare our group rekeying rate on sliding window protocol versus other kinds of Rekeying algorithms. The proposed sliding window protocol performs better. The proposed sliding window is therefore simple and improves both communications and security performance.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jan 2005 00:00:00 +0200
Low-Intrusive Consistent Disk Checkpointing: A Tool for Digital Forensics https://lib.jucs.org/article/28335/ JUCS - Journal of Universal Computer Science 11(1): 20-36

DOI: 10.3217/jucs-011-01-0020

Authors: Sriranjani Sitaraman, S. Venkatesan

Abstract: An important problem in digital forensics is to record a checkpoint of a disk drive mounted as a file system on a host machine without disrupting the disk s normal operations. We present a checkpointing methodology for a disk that has a Unix-like file system. While our algorithm is built around the Unix file system, it can be used to checkpoint disks formatted for other file systems such as NTFS, etc. Our algorithm satisfies several correctness conditions.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jan 2005 00:00:00 +0200
Physically Locating Wireless Intruders https://lib.jucs.org/article/28334/ JUCS - Journal of Universal Computer Science 11(1): 4-19

DOI: 10.3217/jucs-011-01-0004

Authors: Frank Adelstein, Prasanth Alla, Rob Joyce, Golden G. Richard Iii

Abstract: Wireless networks, specifically IEEE 802.11, are inexpensive and easy to deploy, but their signals can be detected by eavesdroppers at great distances. Even with existing and new security measures, wireless networks have a higher risk than wired nets. WIDS, Wireless Intrusion Detection System, provides an additional layer of security by combining intrusion detection with physical location determination, using directional antennas. We briefly describe WIDS and present our initial results of remote station location using inexpensive hardware.

HTML

XML

PDF

]]>
Research Article Fri, 28 Jan 2005 00:00:00 +0200
Using Cryptographic Hash Functions for Discretionary Access Control in Object-Oriented Databases https://lib.jucs.org/article/27372/ JUCS - Journal of Universal Computer Science 3(6): 730-753

DOI: 10.3217/jucs-003-06-0730

Authors: Ahmad Baraani-Dastjerdi, Josef Pieprzyk, Reihaneh Safavi-Naini, Janusz Getta

Abstract: This is a discussion paper which presents a cryptographic solution for discretionary access control in object-oriented databases. Our approach is based on the use of pseudo-random functions and sibling intractable function families (SIFF). Each entity (object or class) in the object-oriented database model is associated with access keys that ensure secure access to that entity and all related entities. The main advantage of our approach is its ability to verify an access request during query processing. Pseudo-random functions and SIFF are applied in such a way that cryptographic keys can be generated from keys of related objects or users. The security of the system depends on the difficulty of predicting the output of pseudo-random functions and on finding extra collision for the sibling intractable function family. The authorization system supports ownership and granting/revoking of privileges.

HTML

XML

PDF

]]>
Research Article Sat, 28 Jun 1997 00:00:00 +0300
Levels of Anonymity https://lib.jucs.org/article/27080/ JUCS - Journal of Universal Computer Science 1(1): 35-47

DOI: 10.3217/jucs-001-01-0035

Authors: Bill Flinn, Hermann Maurer

Abstract: In this paper we make a first attempt at systematically investigating levels of anonymity required in networked computer systems: we feel it is often overlooked that beyond such obvious cases as identified by means of a password or anonymous use there are many other levels of anonymity, identification and authenticity necessary in various applications.

HTML

XML

PDF

]]>
Research Article Sat, 28 Jan 1995 00:00:00 +0200