International Conferences: IACC 2015, India

 

 
SoS Logo

International Conferences:

IACC 2015

India



The 2015 IEEE International Advance Computing Conference (IACC) was held June 12 –13, 2015 in Bangalore, India. More than 300 papers were presented. The ones cited here relate to Science of Security and include topics such as cyber-physical systems, privacy, and resiliency. 



Billure, R.; Tayur, V.M.; Mahesh, V., “Internet of Things — A Study on the Security Challenges,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 247–252, 12–13 June 2015. doi:10.1109/IADCC.2015.7154707

Abstract: The vision of Internet of Things (IoT) is to enable devices to collaborate with each other on the Internet. Multiple devices collaborating with each other have opened up various opportunities in multitude of areas. It has presented unique set of challenges in scaling the Internet, techniques for identification of the devices, power efficient algorithms and communication protocols. Always connected devices have access to private sensitive information and any breach in them is a huge security risk. The IoT environment is composed of the hardware, software and middleware components making it a complex system to manage and secure. The objective of this paper is to present the challenges in IoT related to security, its challenges and recent developments through a comprehensive review of the literature.

Keywords: Internet of Things; data privacy; middleware; security of data; IoT; hardware component; information privacy; security risk; software component; Computers; Jamming; Lead; Middleware; Radiofrequency identification; Reliability; Security; security in IOT (ID#: 15-6814)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154707&isnumber=7154658

 

Chatterjee, S., “Security and Privacy Issues in E-Commerce: A Proposed Guidelines to Mitigate the Risk,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 393–396, 12–13 June 2015. doi:10.1109/IADCC.2015.7154737

Abstract: Threat of security issues in Information Science has now become an important subject of discussion amongst the concerned users. E-Commerce is one of the parts of Information Science framework and its uses are gradually becoming popular. However now-a-days, ironically, these users are gradually found to be bit reluctant on pain of threats of security and privacy issues. Needless to say, E-Commerce business has opened a new era in banking industry too. But unfortunately the banking business through E-Commerce is covered with risks for these issues. Thus if these threats of privacy and security are not eliminated, users will not have trust and users will not visit or shop at a site and the sites will also not be able to function properly. These two issues i.e. security and privacy are required to be looked into through social, organizational, technical and economic perspectives. In this paper attempts are being taken to discuss with overview of security and privacy issues in E-Commerce transactions. We shall also discuss in particular different steps required to be taken before online shopping and also shall discuss the purpose of security and privacy in E-Commerce and after discussion we shall provide a guideline to be adopted to mitigate risks and vulnerabilities while an user is involved in E-Commerce transaction.

Keywords: bank data processing; data privacy; electronic commerce; security of data; socio-economic effects; banking industry; e-commerce transaction; economic perspectives; information science; online shopping; organizational perspectives; privacy issues; risk mitigation; security issues; social perspectives; technical perspectives; Business; Cryptography; E-Commerce Cycle; E-Commerce Security tools; E-Commerce Transaction Phases; Guidelines for safe online transaction; Security Dimensions of E-Commerce (ID#: 15-6815)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154737&isnumber=7154658

 

Mohammed, N.; Kisore, N.R., “Experimental Evaluation of Security in 2G Cellular Networks in India,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 701–705, 12–13 June 2015. doi:10.1109/IADCC.2015.7154797

Abstract: In general, security evaluation of communication networks has always been of prime interest and in particular the ever increasing use of mobile phones in the last decade has led to keen interest in studying the possibility of hacking cellular networks. Security comes at an overhead in terms of either CPU cycles (computational overhead), bandwidth (communication overhead) and/or memory. While it is possible to theoretically design a system that is 100% secure, the operational overhead makes it uneconomical to deploy such a system in the real world. Often compromises are made in the real world implementation of a communication system and a trade-off is made between security and cost of operation of the communication system. In this paper we build a low cost GSM testbed to evaluate the security features in the commercially deployed 2G and 2.5G cellular networks in India.

Keywords: cellular radio; mobile handsets; telecommunication security; 2G cellular network security evaluation; CPU cycle; GSM; mobile phone; Hardware; Libraries; Radio frequency; Security; Software; Synchronization; Cellular networks; Communications (ID#: 15-6816)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154797&isnumber=7154658

 

Salvi, S.; Sanjay, H.A.; Deepika, K.M.; Rangavittala, S.R., “An Encryption, Compression and Key(ECK) Management Based Data Security Framework for Infrastructure as a Service in Cloud,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 872–876, 12–13 June 2015. doi:10.1109/IADCC.2015.7154830

Abstract: Cloud Computing is the recent technology that is based on shared pool of resources and provides features like Ubiquitous access, multi-tenancy, flexibility, scalability and pay as you use, which makes it more resource efficient and cost effective. But Cloud-based systems open unfamiliar threats in authentication and authorization. Explicit authorization accordance must be defined at smallest level, especially in multi-tenant environments. The liaison between Cloud Service Provider & customer must also be clearly mentioned in relation like who holds administrative rights and indirect access to privileged customer information. Moreover the scenario of cloud in educational and research community is still developing and has some security concerns. This paper provides a brief review about Cloud Security concerns for adoption of cloud computing in data sensitive research and technology aided education. Also this paper proposes, ECK based framework for securing end-user data in Community Cloud. Implications and considerations for additional research are provided as well.

Keywords: authorisation; cloud computing; cryptography; data compression; message authentication; ECK management; authentication; authorization; cloud computing security; cloud-based system; data security framework; encryption compression and key management; infrastructure as a service; Cloud computing; Computer architecture; Encryption; Virtual machining; Cloud Computing; Data Securtiy; Educational Cloud (Edu-Cloud); Virtual Machine (VM); Xen Server (ID#: 15-6817)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154830&isnumber=7154658

 

Mahajan, S.; Katti, J.; Walunj, A.; Mahalunkar, K., “Designing a Database Encryption Technique for Database Security Solution with Cache,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 357–360, 12–13 June 2015. doi:10.1109/IADCC.2015.7154730

Abstract: A database is a vast collection of data which helps us to collect, retrieve, organize and manage the data in an efficient and effective manner. Databases are critical assets. They store client details, financial information, personal files, company secrets and other data necessary for business. Today people are depending more on the corporate data for decision making, management of customer service and supply chain management etc. Any loss, corrupted data or unavailability of data may seriously affect its performance. The database security should provide protected access to the contents of a database and should preserve the integrity, availability, consistency, and quality of the data This paper describes the architecture based on placing the Elliptical curve cryptography module inside database management software (DBMS), just above the database cache. Using this method only selected part of the database can be encrypted instead of the whole database. This architecture allows us to achieve very strong data security using ECC and increase performance using cache.

Keywords: cache storage; database management systems; public key cryptography; DBMS; client details; company secrets; corporate data; corrupted data; customer service management; data availability; data collection; data consistency; data integrity; data loss; data management; data organization; data quality; data retrieval; database cache; database encryption technique; database management software; database security solution; decision making; elliptical curve cryptography module; financial information; personal files; supply chain management; Computer architecture; Databases; Elliptic curve cryptography; Elliptic curves; Encryption; Advanced Encryption Standard (AES); Database Cache; Elliptic Curve Cryptography (ECC); RSA (ID#: 15-6818)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154730&isnumber=7154658

 

Lakshmi Devi, V.; Sujatha, P.; Anjaneyulu, K.S.R., “A Novel Approach for Security Constrained Unit Commitment Using Bat Computation,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 623–628, 12–13 June 2015. doi:10.1109/IADCC.2015.7154782

Abstract: The most economical operation of modern power systems is to provide the power generation optimally from different units with possible lowest cost by trying to meet all the system Constraints. This work necessitates an answer to security constrained unit commitment (SCUC) problem with an objective function incorporating equality and inequality constraints of the system. The objective of the problem will be solved using multiple optimization function. The constraints such as real power operating limits, power balance, minimum up and down time, emission, spinning reserve etc. will be subjected to project a solution to the problem by using BAT procedure. The performance of the proposed method is implemented in MATLAB working platform and the performance is evaluated with the testing system of 3-unit and 10-unit system.

Keywords: optimisation; power generation dispatch; power generation scheduling; BAT procedure; SCUC problem; inequality constraints; multiple optimization function; objective function; power balance; real power operating limits; Conferences; Economics; Fuels; Generators; Optimization; Power generation; Power systems; BAT algorithm; constraints; security constrained unit commitment (ID#: 15-6819)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154782&isnumber=7154658

 

Kumar, S.; Syam Kumar, P., “Secure and Efficient Design and Implementation of Out-of-Band Storage Virtualization,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1021–1025, 12–13 June 2015. doi:10.1109/IADCC.2015.7154859

Abstract: Storage virtualization is the most applied word in the industry due to its importance. Now a day’s data become more import, to hold and to extract needful information. Datacenter become an integral part of any organization, so its management too. For best and efficient result as well as proper storage utilization and management we need storage area network (SAN). In the environment of SAN, there is the compatibility issue with the different vendors and their drivers, so we are going for storage virtualization. Storage virtualization is applied in SAN environment. The classical techniques [1] to achieve storage virtualization is suffering from many problems like improper disk utilization, high latency, power consumption, different attacks and security issues. In this paper we design and implement storage virtualization technique EC2S2 to get better yield in terms of security, high throughput, efficient management and least latency. Through the security and performance analysis we show that our method is secure and efficient.

Keywords:  computer centres; disc storage; security of data; storage area networks; storage management; storage media; SAN; datacenter; disk utilization; high latency; out-of-band storage virtualization; power consumption; storage area network; storage utilization and management; storage virtualization technique; Computer architecture; Security; Software; Storage area networks; Switches; Virtual machine monitors; Virtualization; memory management; out-of-band; power management; security; storage; thin-provisioning; virtualization (ID#: 15-6820)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154859&isnumber=7154658

 

Surv, N.; Wanve, B.; Kamble, R.; Patil, S.; Katti, J., “Framework for Client Side AES Encryption Technique in Cloud Computing,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 525–528, 12–13 June 2015. doi:10.1109/IADCC.2015.7154763

Abstract: Nowadays, cloud computing is most popular network in world. Cloud computing provides resource sharing and online data storage for the end users. In existed cloud computing systems there are many security issues. So, security becomes essential part for the data which is stored on cloud. To solve this problem we have proposed this paper. This paper presents client side AES encryption and decryption technique using secret key. AES encryption and decryption is high secured and fastest technique. Client side encryption is an effective approach to provide security to transmitting data and stored data. This paper proposed user authentication to secure data of encryption algorithm with in cloud computing. Cloud computing allows users to use browser without application installation and access their data at any computer using browser. This infrastructure guaranteed to secure the information in cloud server.

Keywords: cloud computing; message authentication; private key cryptography; resource allocation; storage management; client side AES decryption; client side AES encryption technique; cloud computing systems; cloud server; online data storage; resource sharing; secret key; security issues; user authentication; Ciphers; Cloud computing; Data privacy; Databases; Encryption; AES Algorithm; Cloud Computing; Cloud Security; Cryptography (ID#: 15-6821)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154763&isnumber=7154658

 

Devaki, P.; Rao, R., “A Novel Way of ICON Based Authentication Methods,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 449–453, 12–13 June 2015. doi:10.1109/IADCC.2015.7154748

Abstract: Authentication is one of the important security aspects to secure the critical or sensitive information in a system. The authentication system must allow only the authorized users to access the critical information. So it must be strong enough to identify only the valid users and at the same time it should be user friendly. There are many authentication systems designed and used, but most commonly used authentication system is login-password. But this suffers with the attack called shoulder surfing, and brute force method of password guessing. The work carried out to explore the strengths of different graphical based password system to avoid the attack of shoulder surfing and enhance the security in terms of authentication. Also we have proposed a new graphical based authentication system.

Keywords: authorisation; computer graphics; ICON based authentication methods; authorized users; brute force method; graphical based authentication system; graphical based password system; login-password; password guessing; security aspects; shoulder surfing; Authentication; Bandwidth; Conferences; Face; Fingerprint recognition; Iris recognition; Attacker; Authentication; Braille; Graphical based password; Security; Shoulder Surfing (ID#: 15-6822)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154748&isnumber=7154658

 

Grewal, R.; Kaur, J.; Saini, K.S., “A Survey on Proficient Techniques to Mitigate Clone Attack in Wireless Sensor Networks,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1148–1152, 12–13 June 2015. doi:10.1109/IADCC.2015.7154883

Abstract: Due to open deployment of sensor nodes in hostile environment and lack of physical shielding, sensor networks are exposed to different types of physical threats including Clone attack where an adversary physically compromises a node, extract all the credentials such as keys, identity and stored codes, make hardware replicas with the captured information and introduce them at specified positions in the network. Replica detection has become an important and challenging issue in the field of security. This paper surveys the existing schemes for clone attack detection. To conclude the paper, a comparison is shown of all the existing techniques in the literature.

Keywords: telecommunication security; wireless sensor networks; clone attack detection; clone attack mitigation; hostile environment; physical shielding; physical threats; replica detection; wireless sensor network; Base stations; Cloning; Conferences; Protocols; Routing; Security; Wireless sensor networks; WSNs; distributed; node clone; security (ID#: 15-6823)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154883&isnumber=7154658

 

Mangalwedekar, S.; Surve, S.K., “Measurement Sets in Power System State Estimator in Presence of False Data Injection Attack,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 855–860, 12–13 June 2015. doi:10.1109/IADCC.2015.7154827

Abstract: False data injection attacks (FDIA) on smart grid is a popular subject of current research. The presence of FDIA and other such attacks in smart grid is partly due to the combination of Information and Communication Technology with Power Systems. The FDIA on linear model of power system has been extensively analyzed in literature. However the non linear system model has not received the same amount of attention. This paper proposes the concept of balanced and unbalanced measurement set for the purpose of corrupting the state variables in linear and non-linear power system state estimators. The effect of balanced and unbalanced measurement sets for targeted constrained and unconstrained attacks are analyzed for linear and non-linear state estimators.

Keywords: power engineering computing; power system security; power system state estimation; security of data; smart power grids; FDIA; false data injection attack; information and communication technology; nonlinear state estimators; power system state estimator; smart grid; unconstrained attacks; Fluid flow measurement; Linear systems; Measurement uncertainty; Power measurement; Power systems; Transmission line measurements; Voltage measurement; Cyber security; cyber physical; false data injection attacks; linear state estimation; non-linear state estimation (ID#: 15-6824)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154827&isnumber=7154658

 

Kangavalli, R.; Vagdevi, S., “A Mixed Homomorphic Encryption Scheme for Secure Data Storage in Cloud,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp.1062–1066, 12–13 June 2015. doi:10.1109/IADCC.2015.7154867

Abstract: Cloud computing has been considered as the architectural model for future generation Information Technology. Inspite of its numerous advantages in both technical and business aspects, cloud computing still poses new challenges particularly in data storage security. The main threat here is trustworthiness. Data centers which power a cloud cannot perform computations on encrypted data stored on cloud. With the advances in homomorphic encryption techniques, data stored in cloud can be analyzed without decryption of the entire data. This paper discusses about various homomorphic encryption schemes and their applications on various domains. A homomorphic method with byte level homomorphism has been proposed.

Keywords: cloud computing; computer centres; cryptography; architectural model; byte level homomorphism; data centers; data storage security; information technology; mixed homomorphic encryption scheme; Ciphers; Cloud computing; Encryption; Memory; Servers; Cloud Data storage; Data Security; Fully Homomorphic Encryption; Homomorphic Encryption; Homomorphic Key (ID#: 15-6825)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154867&isnumber=7154658

 

Prasanna M.D.; Roopa, S.R., “SSO-Key Distribution Center Based Implementation Using Serpent Encryption Algorithm for Distributed Network (Securing SSO in Distributed Network),” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 425–429, 12–13 June 2015. doi:10.1109/IADCC.2015.7154743

Abstract: Network of things is expanding day by day, with that security, flexibility and ease of use became concern of the user. We do have a different technique to full fill user’s demands. Some of them are: Single Sign On (SSO), Cryptography techniques like RSA-VES, Serpent etc. In this paper an effort is made to provide all mentioned facilities to the user. Single Sign On (SSO) authorizes user only once and allow user to access multiple services and make the system very easy to use and also provides flexibility to use multiple programs or applications. The combination of cryptographic algorithms: Serpent (symmetric encryption) and RSA-VES (asymmetric encryption) which are known as one of the secured cryptographic algorithms are used with “session time” which makes communication very secure and reliable.

Keywords: public key cryptography; RSA-VES; SSO-key distribution center; Serpent encryption algorithm; cryptography techniques; distributed network; securing SSO; single sign on; Authentication; Ciphers; Encryption; Public key; Servers; authorization; distributed computer networks; information security; private key; public key; single sign-on (SSO); symmetric key (ID#: 15-6826)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154743&isnumber=7154658

 

Sricharan, K.G.; Kisore, N.R., “Mathematical Model to Study Propagation of Computer Worm in a Network,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 772–777, 12–13 June 2015. doi:10.1109/IADCC.2015.7154812

Abstract: Large scale digitization of essential services like governance, banking, public utilities etc has made the internet an attractive target for worm programmers to launch large scale cyber attack with the intention of either stealing information or disruption of services. Large scale attacks continue to happen in spite of the best efforts to secure a network by adopting new protection mechanisms against them. Security comes at a significant operational cost and organizations need to adopt an effective and efficient strategy so that the operational costs do not become more than the combined loss in the event of a wide spread attack. The ability to access damage in the event of a cyber attack and choose an appropriate and cost effective strategy depends on the ability to successfully model the spread of a cyber attack and thus determine the number of machines that would get affected. The existing models fail to take into account the impact of security techniques deployed on worm propagation while accessing the impact of worm on the computer network. Further they consider the network links to be homogenous and lack the granularity to capture the heterogeneity in security risk across the various links in a computer network. In this paper we propose a stochastic model that takes into account the fact that different network paths have different risk levels and also capture the impact of security defenses based on memory randomization on the worm propagation.

Keywords: Internet; computer network security; invasive software; stochastic processes; Internet; computer network; computer worm propagation;cyber attack; essential service digitization; mathematical model; memory randomization; network security; operational costs; protection mechanisms; security risk; stochastic model; Computational modeling; Computers; Grippers;  Mathematical model; Security; Stochastic processes; Cyber defense; Large-scale cyber attack; Stochastic model (ID#: 15-6827)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154812&isnumber=7154658

 

Pramod, A.; Ghosh, A.; Mohan, A.; Shrivastava, M.; Shettar, R., “SQLI Detection System for a Safer Web Application,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 237–240, 12–13 June 2015. doi:10.1109/IADCC.2015.7154705

Abstract: SQL Injection (SQLI) is a quotidian phenomenon in the field of network security. It is a potent and effective way of intruding into secured databases thereby jeopardizing the confidentiality, integrity and availability of information in them. SQL Injection works by inserting malicious queries into legal queries thereby rendering it increasingly arduous for most detection systems to be able to discern its occurrence. Hence, the need of the hour is to build a coherent and a smart SQL Injection detection system to make web applications safer and thus, more reliable. Unlike a great majority of current detection tools and systems that are deployed at a region between the web server and the database server, the proposed system is deployed between client and the web server, thereby shielding the web server from the inimical impacts of the attack. This approach is nascent and efficient in terms of detection, ranking and notification of the attack designed using pattern matching algorithm based on the concept of hashing.

Keywords: Internet; SQL; computer network security; cryptography; file organisation; file servers; pattern matching; SQL Injection; SQLI detection system; Web application; Web server; database security; database server; hashing function; network security; pattern matching algorithm; Algorithm design and analysis; Databases; Inspection; Security; Time factors; Web servers; Deep Packet Inspection; Hardware Network Analyzer; SQL injection attack (ID#: 15-6828)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154705&isnumber=7154658

 

Bindu, C.S., “Click Based Graphical CAPTCHA to Thwart Spyware Attack,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 324–328, 12–13 June 2015. doi:10.1109/IADCC.2015.7154723

Abstract: Software that gathers information regarding the computer’s use secretly and conveys that information to a third party is Spyware. This paper proposes a click based Graphical CAPTCHA to overcome the spyware attacks. In case of traditional Text-Based CAPTCHA’s user normally enters disorder strings to form a CAPTCHA, the same is stored in the key loggers where spywares can decode it easily. To overcome this, Click-Based Graphical CAPTCHA uses a unique way of verification where user clicks on a sequence of images to form a CAPTCHA, and that sequence is stored in pixels with a random predefined order. This paper also analyzes the proposed scheme in terms of usability, security and performance.

Keywords: image sequences; invasive software; click based graphical CAPTCHA; image sequence; key loggers; spyware attack; text-based CAPTCHA; Barium; CAPTCHAs; Computers; Conferences; Spyware; Usability; CAPTCHA; Spyware; Usability (ID#: 15-6829)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154723&isnumber=7154658

 

Patkar, S.S.; Ambawade, D.D., “Secure 3GPP-WLAN Authentication Protocol Based On EAP-AKA,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1011–1016, 12–13 June 2015. doi:10.1109/IADCC.2015.7154857

Abstract: EAP-AKA is used as an authentication protocol during handoff across heterogeneous systems with different underlying technologies like the 3GPP-WLAN internetwork. However the protocol cannot be put to practical use due to its high authentication delay and vulnerabilities to several attacks like user identity disclosure, man in the middle attack and DoS attack. Moreover, the validity of Access Point of the WLAN network is often not checked, leaving the user vulnerable to several attacks even after heavy authentication procedure. For this purpose we propose a modified, secure EAP-SAKA protocol using Elliptic Curve Diffie Hellman for symmetric key generation by taking into consideration the validation of access point. Additionally, we make EAP-SAKA faster by decreasing the propagation delay of the signaling messages. The proposed protocol is supported using detailed security analysis and performance analysis. Also, security validation of EAP-SAKA is carried out using a widely accepted formal verification tool called AVISPA and is found to be safe.

Keywords: 3G mobile communication; computer network security; cryptographic protocols; formal verification; internetworking; mobility management (mobile radio); public key cryptography; wireless LAN; 3GPP-WLAN internetwork; AVISPA; DoS attack; EAP-AKA; WLAN network; access point validation; attack vulnerability; authentication delay; detailed security analysis; elliptic curve Diffie Hellman; formal verification tool; handoff; heavy authentication procedure; heterogeneous systems; identity disclosure; man in the middle attack; performance analysis; propagation delay; secure 3GPP-WLAN authentication protocol; secure EAP-SAKA protocol; security validation; signaling message; symmetric key generation; Authentication; Delays; Handover; Protocols; Servers; EAP-SAKA; ECDH; Full-Authentication (ID#: 15-6830)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154857&isnumber=7154658

 

Kaur, S.; Khandnor, P., “A Survey on Two-Factor User Authentication Schemes in Wireless Sensor Networks,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1077–1081, 12–13 June 2015. doi:10.1109/IADCC.2015.7154870

Abstract: Wireless Sensor Networks have emerged as one of the most promising technologies and promoted research avenues due to their widespread applicability. Wireless Sensor Networks have found applications in critical information infrastructure like military surveillance, nuclear power plants, etc., hence there arises the need to restrict access to critical information of such systems. So as to maintain confidentiality, user authentication is required so that only legitimate users are allowed to retrieve the information. Several two-factor user authentication schemes have been suggested by the research community. In this paper, a brief review of various security issues, security attacks and authentication schemes pertaining to Wireless Sensor Networks has been presented.

Keywords: authorisation; information retrieval; telecommunication security; wireless sensor networks;  security attack; two-factor user authentication scheme; wireless sensor network; Authentication; Resilience; Servers; Smart cards; Wireless communication; Wireless sensor networks; Base station (BS); Gateway node (GWN); Sensor node; Wireless Sensor Network (WSN) (ID#: 15-6831)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154870&isnumber=7154658

 

Srividya, R.; Ramesh, B., “Authentication Technique to Reduce Call Setup Delay Incurred Due to Authentication in Mobiles,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 126–130, 12–13 June 2015. doi:10.1109/IADCC.2015.7154684

Abstract: Wireless Mobile Adhoc network is an infrastructure less network which consists of equally distributed self configuring mobile nodes. Secured access to these mobile nodes is a major issue, since these devices are most widely used in our day to day life due to their diverse capabilities like online transactions processing. Designing a reliable authentication technique for users of these mobile nodes with minimum delay incurred for the authentication process is the most vital and challenging task, so that only legitimate users can access their personal data and also communicate with the other mobile devices in the network. In this paper we present an approach for authentication of the Mobile users with minimum time delay incurred for authentication process, which is well explained with a scenario of setting up a call session during an emergency, unlike traditional techniques and hence reducing the average delay caused due to setting up a call session after authenticating the user. Performance valuation indicates that this approach achieves a reliable security for nodes with a minimum time overhead.

Keywords: mobile ad hoc networks; telecommunication network reliability; telecommunication security; authentication technique; call setup delay reduction; mobiles device; wireless mobile ad hoc network security; Accuracy; Authentication; Delays; Mobile communication; Mobile computing; Mobile handsets; Telecommunication traffic; Authentication; Biometrics; Call Setup; In-Call; Legitimate; Mobile Phones (ID#: 15-6832)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154684&isnumber=7154658

 

Manjunath, C.R.; Anand, S.; Nagaraja, G.S., “An Hybrid Secure Scheme for Secure Transmission in Grid Based Wireless Sensor Network,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 472–475, 12–13 June 2015. doi:10.1109/IADCC.2015.7154753

Abstract: In a Wireless Sensor Networks (WSNs) the sensor nodes are placed in an environment depending on the applications where secure communication is in high demand. To ensure the privacy and safety of data transactions in the network, a unique identification for the nodes and secure key for transportation have become major concerns. In order to establish a secure communication channel in the network, care and address the recourse constraints related to the devices and the scalability of the network when designing a secure key management. An approach for secure communication channel establishment is made in order to suite the functional and architectural features of WSNs. Here a hybrid key management scheme for symmetric key cryptography is attempted to establish a secure communication. An ECC and DH based key management and a certificate generation scheme, where the key is generated to decrypt the certificates to establish link for communication in the network. The hybrid scheme is tested based on amount of energy consumed and security analysis by simulation.

Keywords: data privacy; public key cryptography; telecommunication power management; telecommunication security; wireless sensor networks; DH based key management; Diffie-Hellman based key management; ECC; WSN; certificate generation scheme; data transactions; elliptic curve cryptography; grid based wireless sensor network; hybrid key management scheme; hybrid secure scheme; secure communication channel; secure key management; secure transmission; security analysis; sensor nodes; symmetric key cryptography; Base stations; Clustering algorithms; Elliptic curve cryptography; Elliptic curves; Wireless sensor networks; Elliptic Curve Cryptography; Wireless Sensor Networks; certificate; key establishment; scheme; secure communication (ID#: 15-6833)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154753&isnumber=7154658

 

Deshmukh, L.R.; Potgantwar, A.D., “Ensuring an Early Recognition and Avoidance of the Vampire Attacks in WSN Using Routing Loops,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 61–66, 12–13 June 2015. doi:10.1109/IADCC.2015.7154669

Abstract: In sensing it’s the ad-hoc sensor and data routing which is an important research direction. Security work is prioritized in this area and focusing primarily at medium access control or the routing levels on denial of communication. Attacks focusing on routing protocol layer are known as resource depletion attacks in this paper. This attack impacts by persistently disabling the network and causing the node’s battery power drain drastically. There are protocols established which tends to protect from DOS attacks, however it isn’t possible perfectly. Vampire attack is one such DOS attack. These Vampire attacks depends on various characteristics of well-known many classes of routing protocols as these are not specific to any particular protocol. These Vampire attacks can be easily executed using even a single malicious intruder, who sends simply protocol complaint message, these attacks are thus destructing and very hard to detect. In the nastiest condition, an individual attacker has the ability to enlarge the energy usage of the network by a factor of O(N), where N is the quantity of nodes in the network. A new proof-of-concept protocol is a method discussed to mitigate these kinds of attacks. This protocol limits the damage caused at the time of packet forwarding done by Vampires. To diminish the Vampire attacks using PLGP-a which identifies malicious attack, certain approaches have also been discussed.

Keywords: access protocols; ad hoc networks; computer network security; routing protocols; wireless sensor networks; DOS attack; PLGP-a; WSN; ad hoc sensor; data routing protocol layer; malicious attack identification; malicious intruder; medium access control; packet forwarding; proof-of-concept protocol; resource depletion attack; vampire attack avoidance; vampire attack early recognition; Ad hoc networks; Receivers; Routing; Routing protocols; Topology; Wireless sensor networks; Wireless networks; ad-hoc networks; routing protocols; sensor network; vampire attack (ID#: 15-6834)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154669&isnumber=7154658

 

Saggi, M.K.; Kaur, R., “Isolation of Sybil Attack in VANET Using Neighboring Information,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 46–51, 12–13 June 2015. doi:10.1109/IADCC.2015.7154666

Abstract: The advancement of wireless communication leads researchers to conceive and develop the idea of vehicular networks, also known as vehicular ad hoc networks (VANETs). In Sybil attack, the WSN is destabilized by a malicious node which creates an innumerable fraudulent identities in favor of disrupting networks protocols. In this paper, a novel technique has been proposed to detect and isolate Sybil attack on vehicles resulting in proficiency of network. It will work in two-phases. In first phase RSU registers the nodes by identifying their credentials offered by them. If they are successfully verified, second phase starts & it allots identification to vehicles thus, RSU gathers information from neighboring nodes & define threshold speed limit to them & verify the threshold value is exceed the defined limit of speed. A multiple identity generated by Sybil attack is very harmful for the network & can be misused to flood the wrong information over network. Simulation results show that proposed detection technique increases the possibilities of detection and reduces the percentage of Sybil attack.

Keywords: computer network security; RSU; Sybil attack; VANET; credentials; fraudulent identities; malicious node; neighboring nodes; networks protocols disruption; threshold speed limit; threshold value; vehicular ad hoc networks; Mobile nodes; Monitoring; Protocols; Roads; Routing; Vehicles; Vehicular ad hoc networks; Collision; MANET; Malicious node; Sybil Attack; V2V communication (ID#: 15-6835)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154666&isnumber=7154658

 

Bajaj, S.B.; Grewal, M., “TL-SMD: Two Layered Secure Message Digest Algorithm,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 349–352, 12–13 June 2015. doi:10.1109/IADCC.2015.7154728

Abstract: In this era of technology with an increasing usage of Internet, data security has become a major issue. Various cryptographic hash function such as MD4, MD5, SHA-1, SHA-2 has been defined to provide data security. In this paper we proposed a new algorithm, TL-SMD (Two Layered-Secure Message Digest) for building a secure hash function, which can provide two level processing security. For the construction of this algorithm, various techniques have been used that includes block cipher technique, modified combination of Merkle-Damgard construction and fast wide pipe construction. For computing the hash value from the input block, combination of cipher block chaining (CBC) mode and electronic codebook (ECB) mode with some modification is used.

Keywords:  codes; cryptography; CBC mode; ECB mode; Internet; MD4; MD5; Merkle-Damgard construction; SHA-1; SHA-2; TL-SMD; block cipher technique; cipher block chaining mode; cryptographic hash function; data security; electronic codebook mode; two layered secure message digest algorithm; two level processing security; wide pipe construction; Computers; Cryptography; Optimization; Merkle-Damgard construction; cipher block chaining; electronic codebook; fast wide pipe construction (ID#: 15-6836)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154728&isnumber=7154658

 

Prasad, T.S.; Kisore, N.R., “Application of Hidden Markov Model for Classifying Metamorphic Virus,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1201–1206, 12–13 June 2015. doi:10.1109/IADCC.2015.7154893

Abstract: Computer virus is a rapidly evolving threat to the computing community. These viruses fall into different categories. It is generally believed that metamorphic viruses are extremely difficult to detect. Metamorphic virus generating kits are readily available using which potentially dangerous viruses can be created with very little knowledge or skill. Classification of computer virus is very important for effective defection of any malware using anti virus software. It is also necessary for building and applying right software patch to overcome the security vulnerability. Recent research work on Hidden Markov Model (HMM) analysis has shown that it is more effective tool than other techniques like machine learning in detecting of computer viruses and their classification. In this paper, we present a classification technique based on Hidden Markov Model for computer virus classification. We trained multiple HMMs with 500 malware files belonging to different virus families as well as compilers. Once trained the model was used to classify new malware of its kind efficiently.

Keywords: computer viruses; hidden Markov models; invasive software; pattern classification; HMM analysis; antivirus software; compilers; computer virus classification; hidden Markov model; malware files; metamorphic virus classification; security vulnerability; software patch; Computational modeling; Computers; Hidden Markov models; Malware; Software; Training; Viruses (medical); Hidden Markov Model; Malware Classification; Metamorphic Malware; N-gram (ID#: 15-6837)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154893&isnumber=7154658

 

Reddy, M.R.; Reddy, V.B., “A Quasigroup Based Cipher Algorithm for Ad-Hoc Wireless Networks,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 241–246, 12–13 June 2015. doi:10.1109/IADCC.2015.7154706

Abstract: Security is the main concern in today's wireless network environment. However, cipher algorithms consume a lot of resources to provide the required confidentiality. Ad-Hoc wireless networks are one area where the devices are extremely resource constrained. Therefore computationally simple yet cryptographically strong cipher algorithms are required for such kind of networks. In this paper a light weight Quasigroup based stream cipher is proposed and implemented on a Virtex-6 FPGA. It is also subjected to the NIST-STS test suite. Its performance is evaluated in MANETs using Glomosim simulator.

Keywords: field programmable gate arrays; mobile ad hoc networks; public key cryptography; Glomosim simulator; MANET; NIST-STS test; Virtex-6 FPGA; ad hoc wireless network security; cryptographically strong cipher algorithm; light weight quasigroup based stream cipher algorithm; public key algorithm; Ad hoc networks; Algorithm design and analysis; Ciphers; Encryption; Energy consumption; Field programmable gate arrays; Ad-Hoc; Cryptography; FPGA; Quasigroup (ID#: 15-6838)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154706&isnumber=7154658

 

Dhanuka, S.K.; Sachdeva, P.; Shaikh, S.S., “Cryptographic Algorithm Optimisation,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 1111–1116, 12–13 June 2015. doi:10.1109/IADCC.2015.7154876

Abstract: Lightweight cryptographic algorithm is intended for implementation in resource constrained devices such as smart cards, wireless sensors, Radio Frequency Identification (RFID) tags which aim at providing adequate security. Hummingbird is a recent encryption algorithm based on ultra-lightweight cryptography and its design is based on blend of block cipher and stream cipher. This paper presents design space exploration of the algorithm and optimisation using different architectural approaches. It provides comparative analysis of different models of substitution box, cipher and encryption blocks.

Keywords: cryptography; Hummingbird encryption algorithm; RFID tags; architectural approach; block cipher; cipher block; cryptographic algorithm optimisation; design space exploration; encryption block; radiofrequency identification tags; resource constrained devices; smart cards; stream cipher; substitution box model; ultralightweight cryptographic algorithm; wireless sensors; Algorithm design and analysis; Ciphers; Encryption; Optimization; Resource management; Table lookup; Boolean Function Representation (BFR); Cryptography; Hummingbird; Look Up Table (LUT); Resource Constrained Devices (RCD); Resource Sharing (ID#: 15-6839)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154876&isnumber=7154658

 

Suhas, H.V.; Malla, R.; Ravi, S., “Red Black Cryptography,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 716–720, 12–13 June 2015. doi:10.1109/IADCC.2015.7154800

Abstract: Cryptography is defined as the practice and study of techniques for secure communication in the presence of third party attackers. It is a good way to protect sensitive information. Over the years, the need to protect information has increased. Confidentiality is of utmost importance. Complete protection of information is not an easy task. In this paper, a method is proposed that consists of three different levels of encryption, accomplished using Red Black Trees and Linear Congruential Generator. Due to the existence of three levels, it becomes extremely difficult for an attacker to hack data.

Keywords: cryptography; data privacy; trees (mathematics); communication security; confidentiality; data hacking; encryption; linear congruential generator; red black cryptography; red black trees; sensitive information protection; third party attackers; Ciphers; Generators; Image color analysis; Receivers; Vegetation; Cryptography; Decryption; Encryption; Linear Congruential Generator; Red-Black Trees (ID#: 15-6840)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154800&isnumber=7154658

 

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.