Cyber Security and Applications最新文献_第7页

Cryptanalysis of Secure ECC-Based Three Factor Mutual Authentication Protocol for Telecare Medical Information System 基于安全ECC的远程医疗信息系统三因素相互认证协议的密码分析

Cyber Security and Applications Pub Date : 2023-02-05 DOI: 10.1016/j.csa.2023.100013

C. Madan Kumar , Ruhul Amin , M. Brindha

{"title":"Cryptanalysis of Secure ECC-Based Three Factor Mutual Authentication Protocol for Telecare Medical Information System","authors":"C. Madan Kumar , Ruhul Amin , M. Brindha","doi":"10.1016/j.csa.2023.100013","DOIUrl":"https://doi.org/10.1016/j.csa.2023.100013","url":null,"abstract":"<div><p>Telecare Medical Information System (TMIS) is gaining importance in the present COVID-19 crisis. TMIS as a technology, offers patients a range of remote medical services, incorporated into Wireless Body Area Network (WBAN). The patient’s medical report is confidentially transmitted over an open channel in TMIS environments. An attacker may attempt to compromise the security, such as forgery, replay, and impersonation attacks. To ensure secure communication, various authentication solutions have been introduced for TMIS. Biometrics and Elliptic Curve Cryptography-based mutual authentication protocol was recommended by Sahoo et al. (2020) and is proved to have some loopholes in the protocol. We discovered, however, Sahoo et al. method is unable to prevent privileged insider attacks and insider attacks along with patient anonymity. Jongseok Ryu et al. recommended a ECC based three-factor mutual authentication protocol and ensures patient’s confidentiality for TMIS with proof of informal analysis. They have also performed formal security studies utilizing the Automated Validation of Internet Security Protocols and Applications (AVISPA), the Burrows–Abadi–Needham (BAN) logic and Real-Or-Random (ROR) model. However, we have reviewed the Jongseok Ryu et al.’s proposal. Based on his attacker model, we have examined that this scheme is unsafe against Message Substitution Attacks, Man-in-the-Middle attacks, Session Key Disclosure attacks, Privileged Insider attacks, and Stolen verifier attacks. we suggest a technique to be safe from the above security threats.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100013"},"PeriodicalIF":0.0,"publicationDate":"2023-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194378","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 3

Secure session key pairing and a lightweight key authentication scheme for liable drone services 用于可靠无人机服务的安全会话密钥配对和轻量级密钥身份验证方案

Cyber Security and Applications Pub Date : 2022-12-15 DOI: 10.1016/j.csa.2022.100012

Rajkumar ．S．C , Jegatha Deborah ．L , Vijayakumar ．P , Karthick ．KR

{"title":"Secure session key pairing and a lightweight key authentication scheme for liable drone services","authors":"Rajkumar ．S．C , Jegatha Deborah ．L , Vijayakumar ．P , Karthick ．KR","doi":"10.1016/j.csa.2022.100012","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100012","url":null,"abstract":"<div><p>Recent advancements in drone technology have created new application opportunities, particularly for small drones. However, these advancements raise concerns about security, adaptability, and consistency. Data security is jeopardized by flying intelligent devices. The distributed nature of drones, their accessibility, mobility, adaptability, and autonomy will all have an effect on how security vulnerabilities and threats are identified and controlled. However, attackers and cybercriminals have begun to employ drones for malevolent reasons in recent years. These attacks are frequent and can be fatal. There is also the matter of prevention to consider. The communication entities of the drone network can communicate securely via authentication procedures. Such solutions, however, must strike a balance between security and portability. However, the proposed technique is implemented to improve security to avoid attacks and provides a secure, lightweight, and proven solution to a key agreement for drone communication. A novel certificate-less Drone integration approach that depends on trusted authorities centres to help communication entities establish their key pairs while keeping those same trusted authorities centers from knowing about them has been devised. The proposed scheme results achieved higher security of 94 percent than existing schemes.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100012"},"PeriodicalIF":0.0,"publicationDate":"2022-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Hybrid defense mechanism against malicious packet dropping attack for MANET using game theory 基于博弈论的MANET恶意丢包混合防御机制

Cyber Security and Applications Pub Date : 2022-11-26 DOI: 10.1016/j.csa.2022.100011

S Vijayalakshmi , S Bose , G Logeswari , T Anitha

{"title":"Hybrid defense mechanism against malicious packet dropping attack for MANET using game theory","authors":"S Vijayalakshmi , S Bose , G Logeswari , T Anitha","doi":"10.1016/j.csa.2022.100011","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100011","url":null,"abstract":"<div><p>Ad hoc networks are a new perspective of wireless communication for versatile hosts. Security is a colossal worry for ad hoc networks, especially for those security-touchy applications. The huge highlights of ad hoc networks cause both difficulties and openings in accomplishing security objectives. One such aim is to consider the assaults from within the system by compromised nodes correspondingly as to consider harmful assaults propelled from outside the system. Designing an Intrusion Detection System (IDS) that suits the security needs and characteristics of ad hoc networks for viable and proficient performance against intrusions is one potential solution to vanquish vulnerabilities. This paper examines a genuine and hurtful attack called, “Malicious Packet Dropping Attack” in the network layer. To secure against this attack, a novel methodology utilizing game theory is proposed. The proposed system monitors the conduct of the neighbor nodes and conquers the demerits such as false positives present in traditional IDS, thereby providing secure correspondence between nodes that communicate with one another to course the traffic from source to destination. With the existence of malicious nodes, the proposed system has accomplished a 42% increase in the packet delivery ratio.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100011"},"PeriodicalIF":0.0,"publicationDate":"2022-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194372","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Edge intelligent collaborative privacy protection solution for smart medical 智能医疗的边缘智能协同隐私保护解决方案

Cyber Security and Applications Pub Date : 2022-10-13 DOI: 10.1016/j.csa.2022.100010

Jinshan Lai , Xiaotong Song , Ruijin Wang , Xiong Li

引用次数: 3

Cryptanalysis on “a secure three-factor user authentication and key agreement protocol for TMIS with user anonymity ” “一种具有用户匿名性的TMIS安全三因素用户认证和密钥协商协议”的密码分析

Cyber Security and Applications Pub Date : 2022-09-23 DOI: 10.1016/j.csa.2022.100008

Anjali Singh, Marimuthu Karuppiah, Rajendra Prasad Mahapatra

引用次数: 1

A decentralised KYC based approach for microfinance using blockchain technology 使用区块链技术的基于KYC的去中心化小额信贷方法

Cyber Security and Applications Pub Date : 2022-09-18 DOI: 10.1016/j.csa.2022.100009

Bodicherla Digvijay Sri Sai, Ramisetty Nikhil, Shivangini Prasad, Nenavath Srinivas Naik

{"title":"A decentralised KYC based approach for microfinance using blockchain technology","authors":"Bodicherla Digvijay Sri Sai, Ramisetty Nikhil, Shivangini Prasad, Nenavath Srinivas Naik","doi":"10.1016/j.csa.2022.100009","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100009","url":null,"abstract":"<div><p>Financial inclusion is seen as a dynamic tool for achieving multifaceted microeconomic stability, (and) sustainable economic growth, job creation, poverty reduction, and income equality for both developed and developing nations. The needy segments of the population must be provided with financial services to accomplish this inclusion. Still, the traditional financial market is unavailable due to its lack of collateral and shallow income. Thus, they go to local moneylenders, also known as \"loan sharks,\" who charge exorbitant interest rates. Introduction to microfinance came as a new and refreshing light to these needy segments of the population as it provides small valued loans (micro-credit) to support their micro-scale businesses and engage in productive activities. As emerging technology started to be incorporated into every aspect of society, thus microfinance also needed to be incorporated into the technology. An application is required to protect data integrity and smoothly influence the microfinance sector. As the databases are vulnerable to data manipulation, this can affect the transaction history of the loan. Blockchain technology can be used to solve this problem, as data in the Blockchain is stored immutably. So, we designed a microfinance application that uses blockchain technology with decentralised KYC architecture to reduce multiple KYC verification and easy access to micro-credit.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100009"},"PeriodicalIF":0.0,"publicationDate":"2022-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A secure and efficient DSSE scheme with constant storage costs in smart devices 智能设备中具有恒定存储成本的安全高效DSSE方案

Cyber Security and Applications Pub Date : 2022-08-23 DOI: 10.1016/j.csa.2022.100006

Weiwei Yan , Sai Ji

{"title":"A secure and efficient DSSE scheme with constant storage costs in smart devices","authors":"Weiwei Yan , Sai Ji","doi":"10.1016/j.csa.2022.100006","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100006","url":null,"abstract":"<div><p>With the continuous development of the Internet of Things (IOT) and cloud computing, smart devices are playing an increasingly important role in users’ daily life. Dynamic searchable symmetric encryption (DSSE) schemes are popular on smart devices because of their efficient retrieval performance and low computational overhead. Traditional DSSE with forward update privacy and backward security can resist file injection attack and statistical inference attack. However, it is high cost and not suitable for smart devices due to large local storage and low storage capacity. To achieve forward update privacy, we design a novel index structure called RC-II (Inverted Index with Retrieve Control) for search control which improves the security of DSSE. Besides, we combine on and off-chain to decrease client’s local storage to a constant. Specifically, we transfer a significant amount of local overhead to the service peers off blockchain. We solve the trust problem between the client and the service by putting authentication data on blockchain. Compared with the state-of-the-art schemes, our scheme has a constant client storage overhead and an excellent retrieval performance which provides guarantee for smart devices under IOT environment.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100006"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194365","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

PPT-LBS: Privacy-preserving top-k query scheme for outsourced data of location-based services PPT-LBS：基于位置服务外包数据的隐私保护top-k查询方案

Cyber Security and Applications Pub Date : 2022-08-23 DOI: 10.1016/j.csa.2022.100007

Yousheng Zhou , Xia Li , Ming Wang , Yuanni Liu

{"title":"PPT-LBS: Privacy-preserving top-k query scheme for outsourced data of location-based services","authors":"Yousheng Zhou , Xia Li , Ming Wang , Yuanni Liu","doi":"10.1016/j.csa.2022.100007","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100007","url":null,"abstract":"<div><p>Location-based service (LBS) is enjoying a great popularity with the fast growth of mobile Internet. As the volume of data increases dramatically, an increasing number of location service providers (LSPs) are moving LBS data to cloud platforms for benefit of affordability and stability. However, while cloud server provides convenience and stability, it also leads to data security and user privacy leakage. Aiming at the problems of insufficient privacy protection and inefficient query in the existing LBS data outsourcing schemes, this paper presents a novel privacy-preserving top-k query for outsourcing situations. Firstly, to ensure data security of LSP and privacy of the user, the enhanced asymmetric scalar-product preserving encryption and public key searchable encryption have been adopted to encrypt outsourced data and LBS query, which can effectively lower the computational cost and realize the privacy protection search. Secondly, an efficient and secure index structure is constructed by using a coded quadtree and the bloom filter, so that the cloud server can quickly locate the user’s query region to improve retrieval efficiency. Finally, the formal security analysis is given under the random oracle model, and the performance is evaluated by experiments which demonstrates that our scheme is preferable to existing schemes.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100007"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

An advanced and secure framework for conducting online examination using blockchain method 使用区块链方法进行在线考试的高级安全框架

Cyber Security and Applications Pub Date : 2022-08-11 DOI: 10.1016/j.csa.2022.100005

Md Rahat Ibne Sattar , Md. Thowhid Bin Hossain Efty , Taiyaba Shadaka Rafa , Tusar Das , Md Sharif Samad , Abhijit Pathak , Mayeen Uddin Khandaker , Md. Habib Ullah

{"title":"An advanced and secure framework for conducting online examination using blockchain method","authors":"Md Rahat Ibne Sattar , Md. Thowhid Bin Hossain Efty , Taiyaba Shadaka Rafa , Tusar Das , Md Sharif Samad , Abhijit Pathak , Mayeen Uddin Khandaker , Md. Habib Ullah","doi":"10.1016/j.csa.2022.100005","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100005","url":null,"abstract":"<div><p>Nowadays, the online platform has been used by many educational institutions, to conduct tests, especially for secondary to tertiary level students. The most popular online test program is run by providing a user id and password to the candidates, and subsequently, they log in to the given web page to answer the questions. However, this system has a lot of bugs, the password can be misused followed by cheating in the test. This shows the importance of a secure system being implemented to avoid such a problem. This paper presents a blockchain framework that secures the online examination system. The proposed framework has been used to secure a data management system that connects to existing educational data. Institutions can simply compile their data history without requiring a copy from the central servers. The proposed blockchain framework improves data security and removes any potential cheating between users or third-party institutions that access applications and services. In this regard, this study provides a secured framework for conducting and evaluating subject tests to ensure consistency between student and server, and secure delivery of questionnaire from the server.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100005"},"PeriodicalIF":0.0,"publicationDate":"2022-08-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 5

Secure distributed data integrity auditing with high efficiency in 5G-enabled software-defined edge computing 支持5G的软件定义边缘计算中高效的安全分布式数据完整性审计

Cyber Security and Applications Pub Date : 2022-07-23 DOI: 10.1016/j.csa.2022.100004

Dengzhi Liu , Zhimin Li , Dongbao Jia

{"title":"Secure distributed data integrity auditing with high efficiency in 5G-enabled software-defined edge computing","authors":"Dengzhi Liu , Zhimin Li , Dongbao Jia","doi":"10.1016/j.csa.2022.100004","DOIUrl":"https://doi.org/10.1016/j.csa.2022.100004","url":null,"abstract":"<div><p>In edge computing, the idle resources of the devices in the network can be virtualized into a platform that provides clients with storage resource and computing capability. Note that the service response of edge computing is faster than that of cloud computing. The service provision speed and the distributed resources utilization rate of edge computing will be further improved when integrated with 5 G and software definition paradigm in the design of the network system. However, the issues of data storage security and edge devices’ trustworthiness seriously restrict the development of edge computing. To enhance the security of the data storage in edge computing, a secure distributed data integrity auditing is proposed. The proposed auditing scheme in this paper can be used to guarantee the correctness and the completeness of the stored data in 5G-enabled software-defined edge computing. The auditing results of the distributed data in the proposed scheme can be used as an important basis for evaluating the trustworthiness of the edge devices. Due to the utilization of certificateless cryptography in the design of the proposed scheme, the computational cost of the terminal side can be highly reduced. Security analysis of the proposed scheme demonstrates that the properties of key exposure resistance and privacy-preserving are provided in data auditing. Simulation results of the time cost of the server side and the terminal side show that the proposed scheme is highly efficient compared to previous schemes.</p></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"1 ","pages":"Article 100004"},"PeriodicalIF":0.0,"publicationDate":"2022-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"50194362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2