IJCNIS Vol. 9, No. 1, Jan. 2017
Cover page and Table of Contents: PDF (size: 577KB)
REGULAR PAPERS
Social engineering is the attack aimed to manipulate dupe to divulge sensitive information or take actions to help the adversary bypass the secure perimeter in front of the information-related resources so that the attacking goals can be completed. Though there are a number of security tools, such as firewalls and intrusion detection systems which are used to protect machines from being attacked, widely accepted mechanism to prevent dupe from fraud is lacking. However, the human element is often the weakest link of an information security chain, especially, in a human-centered environment. In this paper, we reveal that the human psychological weaknesses result in the main vulnerabilities that can be exploited by social engineering attacks. Also, we capture two essential levels, internal characteristics of human nature and external circumstance influences, to explore the root cause of the human weaknesses. We unveil that the internal characteristics of human nature can be converted into weaknesses by external circumstance influences. So, we propose the I-E based model of human weakness for social engineering investigation. Based on this model, we analyzed the vulnerabilities exploited by different techniques of social engineering, and also, we conclude several defense approaches to fix the human weaknesses. This work can help the security researchers to gain insights into social engineering from a different perspective, and in particular, enhance the current and future research on social engineering defense mechanisms.
[...] Read more.Digital Signature protects the document`s integrity and binds the authenticity of the user who have signed. Present Digital Signature algorithm confirms authenticity but it does not ensure secrecy of the data. Techniques like encryption and decryption are needed to be used for this purpose. Biometric security has been a useful way for authentication and security as it provides a unique identity of the user. In this paper we have discussed the user authentication process and development of digital signatures. Authentication was based on hash functions which uses biometric features. Hash codes are being used to maintain the integrity of the document which is digitally signed. For security purpose, Encryption and Decryption techniques are used to develop a bio -cryptosystem. User information when gets concatenated with feature vector of biometric data, which actually justifies the sense of authentication. Various online or offline transaction where authenticity and integrity is the top most priority can make use of this development.
[...] Read more.Web Server log files can reveal lots of interesting patterns when analyzed. The results obtained can be used in various applications, one of which is detecting intrusions on the web. For good quality of data and usable results, there is the need for data preprocessing. In this research, different stages of data preprocessing were carried out on web server log files obtained over a period of five months. The stages are Data Conversion, Session Identification, Data Cleaning and Data Discretization. Data Discretization was carried out in two phases to take care of data with continuous attributes. Some comparisons were carried out on the discretized data. The paper shows that with each preprocessing step, the data becomes clearer and more usable. At the final stage, the data presented offers a wide range of opportunities for further research. Therefore, preprocessing web server log files provides a standard processing platform for adequate research using web server logs. This method is also useful in monitoring and studying web usage pattern in a particular domain. Though the research covers webserver log obtained from a University domain, and thus, reveals the pattern of web access within a university environment, it can also be applied in e-commerce and any other terrain.
[...] Read more.Impersonating users’ identity in Online Social Networks (OSNs) is one of the open dilemmas from security and privacy point of view. Scammers and adversaries seek to create set of fake profiles to carry out malicious behaviors and online social crimes in social media. Recognizing the identity of Fake Profiles is an urgent issue of concern to the attention of researchers. In this paper, we propose a detection technique called Fake Profile Recognizer (FPR) for verifying the identity of profiles, and detecting the fake profiles in OSNs. The detection method in our proposed technique is based on utilizing Regular Expression (RE) and Deterministic Finite Automaton (DFA) approaches. We evaluated our proposed detection technique on three datasets types of OSNs: Facebook, Google+, and Twitter. The results explored high Precision, Recall, accuracy, and low False Positive Rates (FPR) of detecting Fake Profiles in the three datasets.
[...] Read more.The Internet main goals are largely achieved, majority of using Internet, are data retrieval and access to services. Whereas host-to-host architecture is designed for applications. According to this problem that existing Internet is like a tree of physical equipment which is established to outflow in packets from each leaf to another leaf, despite having effective communication it has problems in scalability. Also the content-centric network can recognize large amount of information that is produced for first time and used after saving it. The change is using of host-to-host-centric to completely new architecture, that its design represents our understanding of strengths and limitations of architecture of the existing Internet. In NDN applications based data and Content-centric networks, packets are retrieved according to their names instead of their source and destination addresses. This performance is for scalability, security and ease access to data. This paper discussed methods of Internet architecture based data including TDRID, DONA, Netinf, CCN, and NDN.
[...] Read more.Less contiguous nature of military applications demands for surveillance of widespread areas that are indeed harder to monitor. Unlike traditional Wireless Sensor Networks (WSNs), a military based large size sensor network possesses unique requirements/challenges in terms of self-configuration, coverage, connectivity and energy dissipation. Taking this aspect into consideration, this paper proposes a novel, efficient and secure clustering method for military based applications. In any clustering based approach, one of the prime concerns is appropriate selection of Cluster Heads and formation of balanced clusters. This paper proposes and analyzes two schemes, Average Energy based Clustering (AEC) and Threshold Energy based Clustering (TEC). In AEC, a node is elected as Cluster Head (CH) if its residual energy is above the average energy of its cluster whereas in case of TEC, a node is elected as Cluster Head if its residual energy is above the threshold energy. Further, both AEC and TEC choose nodes as CHs if their distance lies within safety zone of the Base Station. In this paper, aim is to come up with a solution that not only conserves energy but balance load while electing safe nodes as CHs. The performance of proposed protocols was critically evaluated in terms of network lifetime, average residual energy of nodes and uniformity in energy dissipation of nodes. Results clearly demonstrated that AEC is successful in incorporating security whilst increasing overall lifetime of network, load balance and uniform energy dissipation.
[...] Read more.The mechanisms adopted by cellular technologies for user identification allow an adversary to collect information about individuals and track their movements within the network; and thus exposing privacy of the users to unknown risks. Efforts have been made toward enhancing privacy preserving capabilities in cellular technologies, culminating in Long Term Evolution LTE technology. LTE security architecture is substantially enhanced comparing with its predecessors 2G and 3G; however, LTE does not eliminate the possibility of user privacy attacks. LTE is still vulnerable to user identity privacy attacks. This paper includes an evaluation of LTE security architecture and proposes a security solution for the enhancement of user identity privacy in LTE. The solution is based on introducing of pseudonyms that replace the user permanent identifier (IMSI) used for identification. The scheme provides secure and effective identity management in respect to the protection of user privacy in LTE. The scheme is formally verified using proVerif and proved to provide an adequate assurance of user identity privacy protection.
[...] Read more.