International Journal of Computer Network and Information Security (IJCNIS)

IJCNIS Vol. 11, No. 11, Nov. 2019

Cover page and Table of Contents: PDF (size: 175KB)

Table Of Contents

REGULAR PAPERS

Active Defense Strategy against Jamming Attack in Wireless Sensor Networks

By Nawfal F. Abdulqader AL-Shaihk Reza Hassanpour

DOI: https://doi.org/10.5815/ijcnis.2019.11.01, Pub. Date: 8 Nov. 2019

Wireless Sensor Networks WSNs are being utilized increasingly nowadays due to their ability to collect data from stationary, moving, reachable or unreachable fields. Progressive developments in WSN techniques add efficiency, reliability and better power management possibility, but they are still vulnerable and sensitive to security threats. The most effective threat to WSN is DOS attacks, which are detectable but in many cases unpreventable yet. An authentication-based defensive approach against DOS attack combined with jamming attack that prevents transferring data between attacked nodes in a cluster and cluster head node is proposed in this study. The proposed method encompasses developing an algorithm with ability to bypass attacked path via alternative safe one under control of cluster head to mitigate the False Node Excluding DOS due to jamming attack. The proposed method has been experimentally tested against similar methods from the literature with arbitrary study cases. Our proposed algorithm shows promising results in mitigating False Node Exclusion DOS (FNEDOS) attack where a full recovery of the attacked node is achieved in case of isolated nodes, and improvement between 36% and 52% is obtained when the attack affects a group of nodes at proximity.

[...] Read more.
An Efficient (n, n) Visual Secret Image Sharing using Random Grids with XOR Recovery

By Ram Gopal Sharma Hitendra Garg Priti Dimri

DOI: https://doi.org/10.5815/ijcnis.2019.11.02, Pub. Date: 8 Nov. 2019

Visual cryptography by name itself suggests cryptography related to images. It is a branch of cryptography that deals with the encryption and decryption of images. Visual cryptography demonstrates a visual secret sharing scheme in which an image has been divided into n shares and original image can be decrypt with these shares without / less computational efforts. This paper proposed an efficient (n, n) visual secret image sharing method using random grids. This scheme gives the complete retrieval of secret image using XOR stacking without the need of a codebook. The Random Grid based Visual Cryptography results no pixel expansion. The proposed method works for (shares) for retrieval of original image. Experimental results demonstrate that the proposed method produces better results in terms of simplicity, visual quality and performance.

[...] Read more.
Enhancement of Capacity, Detectability and Distortion of BMP, GIF and JPEG images with Distributed Steganography

By Istteffanny I. Araujo Hassan Kazemian

DOI: https://doi.org/10.5815/ijcnis.2019.11.03, Pub. Date: 8 Nov. 2019

The advance of Big Data and Internet growth has driven the need for more abundant storage to hold and share data. People are sending more messages to one another and paying attention to the aspects of privacy and security as opposed to previous decades. One of the types of files that are widely shared and instantaneous available over the web are images. They can become available as soon as a shot is taken and keep this closely related to the owner; it is not easy. It has been proposed here to use Steganography to embed information of the author, image description, license of usage and any other secrete information related to it. Thinking of this, an analysis of the best file types, considering capacity, detectability, and distortion was necessary to determine the best solution to tackle current algorithm weaknesses. The performance of BMP, GIF, and JPEG initialises the process of addressing current weaknesses of Steganographic algorithms. The main weaknesses are capacity, detectability and distortion to secure copyright images. Distributed Steganography technique also plays a crucial part in this experiment. It enhances all the file formats analysed. It provided better capacity and less detectability and distortion, especially with BMP. BMP has found to be the better image file format. The unique combination of Distributed Steganography and the use of the best file format approach to address the weaknesses of previous algorithms, especially increasing the capacity. It will undoubtedly be beneficial for the day to day user of social media image creators and artists looking to protect their work with copyright.

[...] Read more.
Message Based Key Distribution Technique for Establishing a Secure Communication Channel in IoT Networks

By G.V.Hindumathi D. Lalitha Bhaskari

DOI: https://doi.org/10.5815/ijcnis.2019.11.04, Pub. Date: 8 Nov. 2019

Internets of Things (IoT) are distinguished by different devices, which support the ability to provide innovative services in various applications. The main aspects of security which involves maintaining confidentiality and authentication of data, integrity within the IoT network, privacy and trust among IoT devices are important issues to be addressed. Conventional security policies cannot be used directly to IoT devices due to the limitation of memory and high power consumption factors. One of the security breaches in the intranet is lack of encryption due to the IoT devices infrastructure. The basic IoT devices are 8-bit, low-cost, limited memory and power consumption devices which limit the complex algorithm execution. The key distribution is another major challenge in IoT network.
This paper proposes a solution to transmitting messages by adopting Random Number generation and distribution of session key for every message without any difficulty. It gives better result to resist from the brute force attack in a network.

[...] Read more.
A Domains Approach to Remote Access Logical Vulnerabilities Classification

By Samuel Ndichu Sylvester McOyowo Henry Okoyo Cyrus Wekesa

DOI: https://doi.org/10.5815/ijcnis.2019.11.05, Pub. Date: 8 Nov. 2019

Remote access facilitates collaboration and the creation of a seamless work environment. This technology enables employees to access the latest versions of data and resources from different locations other than the organization’s premises. These additional locations include home or untrusted networks not governed by the organization's security policy and baseline. Balancing between security and accessibility is a significant challenge. Remote access can be a high-security risk if not correctly safeguarded and monitored. This paper presents some technologies and methods for remote access. It then highlights security concerns, attack vectors, and logical vulnerabilities in remote access. To address these security concerns and weaknesses, we present a domains approach to logical vulnerabilities in remote access and vulnerability scoring using the Common Vulnerability Scoring System (CVSS). Domains simplify device and user authentication and separate the organization network into logical and discrete entities. The separation enables a unique security application to each domain. Vulnerability scoring enhances remediation efforts through prioritization of the logical vulnerabilities. The approach comprehensively covers all points of compromise during remote access and contributes to effective logical vulnerability management. The results of the experiments provide evidence that all remote access domains have a high severity rating of at least a 7.28 CVSS score. Our study highlights the drawbacks of the current remote access methods and technologies such as the Virtual Private Network (VPN) and shows the importance of securing all domains during remote access.

[...] Read more.
Delivering a Secured Cloud Computing Architecture and Traditional IT Outsourcing Environment via Penetration Tools in Ghana

By Umar Sayibu Frimpong Twum Issah Baako

DOI: https://doi.org/10.5815/ijcnis.2019.11.06, Pub. Date: 8 Nov. 2019

The decision to use either Cloud Computing (CC) applications or Traditional Information Technology Outsourcing (Traditional ITO) environments is a function of the security evaluations of these two options. Hackers are constantly nosing around websites and other computer networks for compromised computers that have some vulnerabilities to exploit them. Vulnerabilities in cloud computing and Traditional ITO environments are leading causes of recent data breaches. These breaches provide opportunities to hackers to attack and gain access to customer information such as credit cards and contact information, passwords, sending of malicious codes to website users or making users computer potential candidates of botnets and to hijack the sessions of authentic users to make unapproved purchases on their behalf. In this paper, security penetration tools have been employed to evaluate the security vulnerabilities of cloud-based solutions and Traditional ITO to discover possible vulnerabilities, their causes and mitigation strategies to securing web applications from the discovered vulnerabilities. Some web applications and a Traditional ITO network were ethically hacked to discover vulnerabilities in them. Analyses of the results obtained through the ZAP scan flagged Remote File Inclusion (RFI) alert were high priority alert. In all, RFI constitutes the most serious potential threat and it needs the fullest attention of CC service providers. Nmap disclosed opened ports in Traditional ITO Virtual Private Network which can make the server of the provider accessible to hackers leading to a considerable disclosure of information to unauthorized users.

[...] Read more.