发布求助
文献互助 智能选刊 最新文献

Information Security Journal: A Global Perspective最新文献

筛选
英文 中文
Code integrity verification using cache memory monitoring 代码完整性验证使用缓存内存监控
Information Security Journal: A Global Perspective Pub Date : 2021-03-24 DOI: 10.1080/19393555.2021.1902592
R. Shrivastava, Varun Natu, C. Hota
{"title":"Code integrity verification using cache memory monitoring","authors":"R. Shrivastava, Varun Natu, C. Hota","doi":"10.1080/19393555.2021.1902592","DOIUrl":"https://doi.org/10.1080/19393555.2021.1902592","url":null,"abstract":"ABSTRACT This paper addresses the challenges of building a secure software system to prevent Man-at-the-End attacks. Ensuring the security of systems is challenging due to unfavorable constraints faced by the end-point host system. Constraints such as hostile environments leave the host system at the peril of would-be attackers. In this paper, we verify program integrity through L3 cache by monitoring the security-sensitive code points and verify them in memory. This paper uses a cache-based monitoring program to verify code integrity. In particular, we show that side-channel information can be used to encode the invariant of the program execution state. These invariants can be periodically and externally monitored as a proxy for application integrity. This monitoring system uses a sliding window scheme that can detect the violation of these invariant with high reliability. The proposed solution is transparent to the attacker and utilizes a side-channel technique (Flush + Reload) along with a sliding window scheme to monitor security-sensitive code and detect MATE attacks to prevent malicious manipulation of software.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115978781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
PCSP: A Protected Cloud Storage Provider employing light weight techniques PCSP:采用轻量级技术的受保护云存储提供商
Information Security Journal: A Global Perspective Pub Date : 2021-03-18 DOI: 10.1080/19393555.2021.1900465
S. Srisakthi, Gufran Ahmad Ansari
{"title":"PCSP: A Protected Cloud Storage Provider employing light weight techniques","authors":"S. Srisakthi, Gufran Ahmad Ansari","doi":"10.1080/19393555.2021.1900465","DOIUrl":"https://doi.org/10.1080/19393555.2021.1900465","url":null,"abstract":"ABSTRACT One of the major practices of cloud computing is the storage service that it offers. In spite of its many creditable advantages, it also has some disadvantages like data security and data availability. These two are the main issues that a user face. Many models have been proposed to solve these issues. These models use cryptographic methods to secure the data and data redundancy method to ensure data availability. Both these methods solved the issues at the cost of extra storage space and increased time consumption both at the user and at the server side. This paper recommends a model PCSP (Protected Cloud Service Provider) which solves these issues in a novel way. The model uses light weight techniques which does not employ cryptographic methods. PCSP uses a layered approach, with three entities – the user, the PCSP, and the vendor. Due to the use of light weight techniques, the execution time is reduced by 80% and the storage needed is also reduced by 60%. Thus, there is still more reduction in the storage space. The implementation and analysis serve as the proof of concept","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116911427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A secure video steganography scheme using DWT based on object tracking 一种基于目标跟踪的小波变换安全视频隐写方案
Information Security Journal: A Global Perspective Pub Date : 2021-03-12 DOI: 10.1080/19393555.2021.1896055
Mukesh Dalal, Mamta Juneja
{"title":"A secure video steganography scheme using DWT based on object tracking","authors":"Mukesh Dalal, Mamta Juneja","doi":"10.1080/19393555.2021.1896055","DOIUrl":"https://doi.org/10.1080/19393555.2021.1896055","url":null,"abstract":"ABSTRACT Videos are nowadays the most frequent and easy mode of communication over the internet; the reason behind the growth is the accessibility to video processing software available on the internet. Video steganography is a field where the data is embedded in video keeping the visual quality of the video intact. This study presents a new video steganography scheme with a stable trade-off between robustness and imperceptibility using 2D-DWT (Discrete Wavelet Transform) based on object detection and tracking. The main contribution of this paper includes embedding of secret data in the moving objects after applying object detection for the video frames where the secret bits are embedded in middle frequency sub-bands after applying 2D-DWT. To highlight the effectiveness of the proposed scheme, experimental results are carried out both quantitatively and qualitatively where quantitative analysis is done using different metrics such as PSNR, SSIM, BER and qualitative analysis is done using visual results of the frames. The experimental results illustrated that the proposed approach outperforms existing techniques in terms of qualitative and quantitative evaluation with high imperceptibility and robustness against noise attack. Eventually, the scheme has also been tested against existing steganalysis techniques to ensure the security of the proposed scheme.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132893638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Novel adaptive cyberattack prediction model using an enhanced genetic algorithm and deep learning (AdacDeep) 基于增强型遗传算法和深度学习的自适应网络攻击预测模型(AdacDeep)
Information Security Journal: A Global Perspective Pub Date : 2021-03-04 DOI: 10.1080/19393555.2021.1883777
Ayei E. Ibor, F. Oladeji, O. Okunoye, C. Uwadia
{"title":"Novel adaptive cyberattack prediction model using an enhanced genetic algorithm and deep learning (AdacDeep)","authors":"Ayei E. Ibor, F. Oladeji, O. Okunoye, C. Uwadia","doi":"10.1080/19393555.2021.1883777","DOIUrl":"https://doi.org/10.1080/19393555.2021.1883777","url":null,"abstract":"ABSTRACT Some of the problems of extant cyberattack prediction approaches are low prediction accuracy, high false positive rate, very long training time, and the choice of hyperparameters to overcome overfitting or under fitting the model on the training data. These problems have culminated in the escalation of cyberattacks in recent times and as such significant improvement to the performance of extant models is crucial. Some deep learning architectures such as Recurrent Neural Networks (RNN) have been applied to cyberattack prediction. However, Recurrent Neural Networks (RNN) suffer from the vanishing and exploding gradient problem, and are difficult to train. Also, determining the different states and hyperparameters of the network for optimal prediction performance is difficult. Therefore, this paper proposes a novel approach called AdacDeep that uses an Enhanced Genetic Algorithm (EGA), Deep Autoencoder and a Deep Feedforward Neural Network (DFFNN) with backpropagation learning to accurately predict different attack types. The performance of AdacDeep is evaluated using two well-known datasets, namely, the CICIDS2017 and UNSW_NB15 datasets as the benchmark. The experimental results show that AdacDeep outperforms other state-of-the-art comparative models in terms of prediction accuracy with 0.22–35% improvement, F-Score with 0.1–34.7% improvement and very low false positive rate.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130231033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Security of electronic personal health information in a public hospital in South Africa 南非一家公立医院的电子个人健康信息安全
Information Security Journal: A Global Perspective Pub Date : 2021-03-01 DOI: 10.1080/19393555.2021.1893410
K. Chuma, M. Ngoepe
{"title":"Security of electronic personal health information in a public hospital in South Africa","authors":"K. Chuma, M. Ngoepe","doi":"10.1080/19393555.2021.1893410","DOIUrl":"https://doi.org/10.1080/19393555.2021.1893410","url":null,"abstract":"ABSTRACT Digital health technologies have changed the healthcare sector landscape and thus generated new opportunities for collecting, storing and accessing electronic personal health information (ePHI). However, this has also caused ePHI to be exposed to a variety of new security threats, attacks and vulnerabilities. This qualitative study explored the security of ePHI in a public hospital in South Africa. Data were collected through semi-structured interviews with purposively selected network controllers, IT technicians, administrative and records clerks and triangulated through document analysis. Data were coded and analyzed using ATLAS.ti, version 8. The findings showed that the public hospital is witnessing a deluge of cyber threats such as Worms, Trojan horses, and shortcut viruses. This is compounded by technological vulnerabilities such as power and system failure, obsolete computers, and systems. Security measures such as username-password, encryption, firewall, and antivirus and security audit log exist in the hospital to protect ePHI. The study recommends the need to implement an intrusion protection system and constantly update the firewall and antivirus. It is concluded that without proper security protocols, ePHI could be exposed to threats and cyber attacks. The public hospital is urged to use blockchain technology to strengthen the security of ePHI.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116317684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
PCC-RPL: An efficient trust-based security extension for RPL PCC-RPL:一个高效的基于信任的RPL安全扩展
Information Security Journal: A Global Perspective Pub Date : 2021-02-12 DOI: 10.1080/19393555.2021.1887413
M. Pishdar, Y. Seifi, M. Nasiri, M. Bag-Mohammadi
{"title":"PCC-RPL: An efficient trust-based security extension for RPL","authors":"M. Pishdar, Y. Seifi, M. Nasiri, M. Bag-Mohammadi","doi":"10.1080/19393555.2021.1887413","DOIUrl":"https://doi.org/10.1080/19393555.2021.1887413","url":null,"abstract":"ABSTRACT RPL is a de facto routing protocol for IoT (Internet of Things). In this paper, an efficient IDS (intrusion detection system) is proposed to solve a major security vulnerability of RPL, which is called fabricated parent change. We show that many well-known attacks and security breaches are carried out via this vulnerability. The proposed method, which is called PCC-RPL (Parental Change Control RPL), prevents unsolicited parent changes by utilizing the trust concept. In PCC-RPL, all parents monitor their children behavior continuously. When a malicious activity is detected by the parent, it decreases the child's trust level and informs the root by sending a suspicion message. Our simulation results indicate that PCC-RPL can detect almost all common RPL attacks with an acceptable accuracy compared to a well-known method. Low control overhead, low energy consumption, short attack detection delay, and high precision are the main features of the proposed scheme.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114685253","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Challenges and opportunities in biometric security: A survey 生物识别安全的挑战与机遇:调查
Information Security Journal: A Global Perspective Pub Date : 2021-01-14 DOI: 10.1080/19393555.2021.1873464
Shefali Arora, M. Bhatia
{"title":"Challenges and opportunities in biometric security: A survey","authors":"Shefali Arora, M. Bhatia","doi":"10.1080/19393555.2021.1873464","DOIUrl":"https://doi.org/10.1080/19393555.2021.1873464","url":null,"abstract":"ABSTRACT Biometric systems identify individuals based on unique traits such as the face, fingerprints, iris etc. The main objective of the study is to understand the role of deep learning in the process of authentication as well as its application in the enhancement of security of biometric systems. We highlight the studies using deep learning approaches to authenticate enrolled users under ideal and non-ideal environmental conditions. We summarize these approaches and explore the challenges that continue to restrict the full potential of biometric systems. The foremost are: building robust algorithms for authentication, ensuring the security of enrolled templates and protecting systems against spoofing attacks. In this paper, we review the performance achieved by various studies in overcoming the aforesaid challenges, along with the potential improvements and future directions in this domain.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123727693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
New method for improving add round key in the advanced encryption standard algorithm 改进高级加密标准算法中添加圆密钥的新方法
Information Security Journal: A Global Perspective Pub Date : 2021-01-05 DOI: 10.1080/19393555.2020.1859654
S. M. Kareem, A. M. Rahma
{"title":"New method for improving add round key in the advanced encryption standard algorithm","authors":"S. M. Kareem, A. M. Rahma","doi":"10.1080/19393555.2020.1859654","DOIUrl":"https://doi.org/10.1080/19393555.2020.1859654","url":null,"abstract":"ABSTRACT This paper proposes a new modification to the AES in order to ensure a high-level security. This is accomplished by replacing the binary Exclusive OR (XOR) operation in each add-round-key stage of the AES with a new (#) operation. The (#) operation requires an additional and randomly generated control key to determine the state table (among 256 optional state tables) needed to apply the (#) operation. The 256 states tables are formed based on the addition operation in the Galois Field GF (28) to increase the randomness of the algorithm. The modified AES algorithm has been evaluated based on several security metrics. In our proposed algorithm, an attacker needs, at minimum, up to (2431)10 probabilities of keys to decrypt an encrypted message; thus, the proposed AES algorithm increases the complexity of the original AES against the differential cryptanalysis. Moreover, compared to the original AES, applying the (#) operation in our modified algorithm also improves the performance in other security metrics, such as NIST and histogram. Consequently, this replacement by using two keys in both the encryption and decryption process adds a new level of “protection and a greater degree of robustness against breaking methods.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133065003","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Creating a sense of digital privacy in the private sector 在私营部门建立数字隐私意识
Information Security Journal: A Global Perspective Pub Date : 2021-01-02 DOI: 10.1080/19393555.2020.1797948
Richard Charles Hornberger
{"title":"Creating a sense of digital privacy in the private sector","authors":"Richard Charles Hornberger","doi":"10.1080/19393555.2020.1797948","DOIUrl":"https://doi.org/10.1080/19393555.2020.1797948","url":null,"abstract":"ABSTRACT The research question explores factors that create a feeling of privacy violation and discusses steps organizations can take to improve the perception of digital privacy for employees answering, “What intrusion, interference, and information access factors can be implemented by organizations to create a sense of digital privacy for employees in for-profit organizations?” Moor’s Theory of Privacy guides the research examining three components of normative privacy in a digital age: intrusion protection, interference protection, and information access protection. The method of inquiry is a systematic review of twenty-one articles containing published in peer-reviewed academic journals over the last five years. Intrusion protection recommendations include monitoring and compliance with existing legislation, exhibition of transparency on policies and procedures, creating or revisiting existing organizational policies, and providing or enhancing training practices. Interference protection recommendations include gaining consent on policies, and encouraging systems that allow self-control of privacy. Information access protection recommendations involve weighing benefits and costs of security controls, limiting excessive data collection, anonymizing or obfuscating data collection, deleting data when use is complete, creating sanctions for information security misbehavior, and reviewing mobile device management environments. This discovered framework can decrease levels of stress, improve task performance, and decrease bad behavior will improving levels of job satisfaction and organizational commitment.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130832413","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Enhancing the blockchain voting process in IoT using a novel blockchain Weighted Majority Consensus Algorithm (WMCA) 使用新的区块链加权多数共识算法(WMCA)增强物联网中的区块链投票过程
Information Security Journal: A Global Perspective Pub Date : 2021-01-01 DOI: 10.1080/19393555.2020.1869356
Manal Mohamed Alhejazi, R. Mohammad
{"title":"Enhancing the blockchain voting process in IoT using a novel blockchain Weighted Majority Consensus Algorithm (WMCA)","authors":"Manal Mohamed Alhejazi, R. Mohammad","doi":"10.1080/19393555.2020.1869356","DOIUrl":"https://doi.org/10.1080/19393555.2020.1869356","url":null,"abstract":"ABSTRACT Internet of Things (IoT) is expected to improve our lifestyle in a noticeable way. However, although the IoT holds a lot of chances, it contains a lot of serious risks. This leads to a focus on developing security techniques that can increase the security level of IoT. Blockchain is considered as an innovative technique for securing IoT and sharing data in a secure and tamperproof way. The blockchain is a peer-to-peer connection system that performs transactions securely by using consensus algorithms with no need for a trusted third party. Blockchain proved its applicability in securing IoT networks, and the research in this area is still enticing researchers to delve deeper and deeper. Decentralized voting is considered the fundamental principle that blockchain relies on for making the appropriate decision that would offer a proper security level for IoT. In this research a novel decentralized blockchain Weighted Majority Consensus Algorithm is proposed. The algorithm is inspired by the well-known weighted majority voting algorithm in the ensemble data mining learning approach. A java implementation of WMCA has been created for testing several scenarios with the aim of confirming the applicability of the proposed WMCA and the results were very promising.","PeriodicalId":103842,"journal":{"name":"Information Security Journal: A Global Perspective","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122594086","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信