IJCNIS Vol. 10, No. 1, Jan. 2018
Cover page and Table of Contents: PDF (size: 205KB)
REGULAR PAPERS
In this paper, a new data hiding algorithm based on pixel pairs using chaotic map is proposed. Data hiding scheme is created by applying modulo function to pixel pairs. In here, pseudo random number generator (PRNG) is obtained from chaotic maps. The PRNG is very important for this algorithm since the data hiding coefficients are chosen by PRNG. For example, if the coefficient is 0, subtraction operator is used between pixel pairs. If coefficient is 1, summary operator is used for selected pixel pairs. The proposed algorithm is evaluated by embedding different sized secret data into different test images. This method is compared with the determined studies in the literature and the obtained results is evaluated. In this study, special rules are also defined to pixels which have boundary values for resolve overflow/underflow problem. Minimal changes are performed to reach the desired value of the pixel values. According to the results obtained, the proposed algorithm has high visual quality, good running time, secure and high payload capacity.
[...] Read more.One of the essential obstacles for the deployment of multicast is the lack of protection. And in multicast security, key management for securing organization or group communication is an important area that desires to be addressed. This paper will give an overview of four key management methods and Kerberos protocol. Cryptographic methods are frequently used for secure Data transmission wireless networks. Most cryptographic approaches can be symmetric and asymmetric, depending on the manner of the utilized keys. There are many kinds of key management methods which have been suggested for secure data transmission. This research includes a study of different key management methods to find an efficient key management for Secure and Reliable data transmission in the network. The experimental results showed that the fourth method represents the optimal key management method because it was providing a more secure way for the transmitted data, and the total time for data retrieval was (314.065, 376.119, 590.348, and 474.881) for the four key management methods sequentially to retrieve 71923records. The first three key management methods depend on symmetric key cryptography and the fourth key management method is a hybrid method, it was dependent on symmetric and asymmetric key cryptography, symmetric in the case of using user shared key and asymmetric in case of using server private key and this was unknown for any one.
[...] Read more.Currently, existing methods for enforcing access to records in an Electronic Health Record system relies on a single Trusted Server which stores health records and mediates access. Such Trusted Severs employ either a Ciphertext-Policy Attribute-Based Encryption (CP-ABE) or Key-Policy Attribute-Based Encryption (KP-ABE) method for storing and controlling access. However, Trusted Server storage of health records is susceptible to single-point-of-threat attack and a successful attack invariably leads to compromising the integrity of records on the server. In this research work. This paper presents a methodology that defines and creates simple Access Structures and eliminates need for private keys during encryption and/or decryption of health records which is the Enhanced Ciphertext-Policy Attribute-Based Encryption (ECP-ABE). The ECP-ABE yields high cryptographic performance creates simple Access Structures, eliminates need for private keys and presents an implementation architecture that makes cloud-based EHR system secure and confidential. The ECP-ABE also performs cryptographic functions using less CPU time, minimal computer memory and produces high encryption and decryption throughput especially with increasing file sizes.
[...] Read more.The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things. These things are connected together using different communication technologies to provide unlimited services. These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing. Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications. These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems. However, authentication and access control models can be used to address the security issue in the IoT. To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions. One of the dynamic features is the security risk. This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews. The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision. This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history. These risk factors are used to estimate a risk value associated with the access request to make the access decision. To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users. To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed. The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC model.
[...] Read more.Unauthorized Access has been difficult to stop or prevent in the last few decades using username and password authentication only. For an individual, data breach might just be a simple case of espionage or the loss of private credentials, for an enterprise, this could mean the loss of billions of dollars. Preventing Unauthorized Access to Enterprise Systems Using a Location-based Logical Access Control proposes a framework that uses time and location in preventing and defending against data breaches. The framework was developed using Java with an Eclipse IDE. The database was designed using MySQL and locations were collected using Google Maps API. Users registered at different locations in a university campus were unable to access another’s account in the database because they were both outside the known location and tried to do this at off-work hours. Users were registered with username and password at specified locations. The users are then made to login from same and different locations with correct username and passwords. it was discovered that access to the database was only given when the username and password was correct and location was same as at registered or as allowed by an administrator. The system was found to protect against unauthorized access arising from stolen login credentials and unauthorized remote logins from malicious users.
[...] Read more.Homomorphic Cryptography raised as a new solution used in electronic voting systems. In this research, Fully Homomorphic encryption used to design and implement an e-voting system. The purpose of the study is to examine the applicability of Fully Homomorphic encryption in real systems and to evaluate the performance of fully homomorphic encryption in e-voting systems. Most of homomorphic cryptography e-voting systems based on additive or multiplicative homomorphic encryption. In this research, fully homomorphic encryption used to provide both operations additive and multiplication, which ease the demonstration of none interactive zero-knowledge proof NIZKP. The proposed e-voting system achieved most of the important security issues of the internet-voting systems such as eligibility, privacy, accuracy, verifiability, fairness, and others. One of the most important properties of the implemented internet voting system its applicability to work on cloud infrastructure, while preserving its security characteristics. The implementation is done using homomorphic encryption library HELib. Addition and multiplication properties of fully homomorphic encryption were used to verify the correctness of vote structure as a NIZKP, and for calculating the results of the voting process in an encrypted way. The results show that the implemented internet voting system is secure and applicable for a large number of voters up to 10 million voters.
[...] Read more.The increase in the use of email in every day transactions for a lot of businesses or general communication due to its cost effectiveness and efficiency has made emails vulnerable to attacks including spamming. Spam emails also called junk emails are unsolicited messages that are almost identical and sent to multiple recipients randomly. In this study, a performance analysis is done on some classification algorithms including: Bayesian Logistic Regression, Hidden Na?ve Bayes, Radial Basis Function (RBF) Network, Voted Perceptron, Lazy Bayesian Rule, Logit Boost, Rotation Forest, NNge, Logistic Model Tree, REP Tree, Na?ve Bayes, Multilayer Perceptron, Random Tree and J48. The performance of the algorithms were measured in terms of Accuracy, Precision, Recall, F-Measure, Root Mean Squared Error, Receiver Operator Characteristics Area and Root Relative Squared Error using WEKA data mining tool. To have a balanced view on the classification algorithms’ performance, no feature selection or performance boosting method was employed. The research showed that a number of classification algorithms exist that if properly explored through feature selection means will yield more accurate results for email classification. Rotation Forest is found to be the classifier that gives the best accuracy of 94.2%. Though none of the algorithms did not achieve 100% accuracy in sorting spam emails, Rotation Forest has shown a near degree to achieving most accurate result.
[...] Read more.