发布求助
文献互助 智能选刊 最新文献

2014 Conference on Information Assurance and Cyber Security (CIACS)最新文献

筛选
英文 中文
Threats in end to end commercial deployments of Wireless Sensor Networks and their cross layer solution 端到端无线传感器网络商业部署中的威胁及其跨层解决方案
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861325
Arshad Mahmood, A. Akbar
{"title":"Threats in end to end commercial deployments of Wireless Sensor Networks and their cross layer solution","authors":"Arshad Mahmood, A. Akbar","doi":"10.1109/CIACS.2014.6861325","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861325","url":null,"abstract":"Commercial Wireless Sensor Networks (WSNs) can be accessed through sensor web portals. However, associated security implications and threats to the 1) users/subscribers 2) investors and 3) third party operators regarding sensor web portals are not seen in completeness, rather the contemporary work handles them in parts. In this paper, we discuss different kind of security attacks and vulnerabilities at different layers to the users, investors including Wireless Sensor Network Service Providers (WSNSPs) and WSN itself in relation with the two well-known documents i.e., “Department of Homeland Security” (DHS) and “Department of Defense (DOD)”, as these are standard security documents till date. Further we propose a comprehensive cross layer security solution in the light of guidelines given in the aforementioned documents that is minimalist in implementation and achieves the purported security goals.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114204520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Analysis and prevention of vulnerabilities in cloud applications 云应用漏洞分析与防范
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861330
A. Durrani
{"title":"Analysis and prevention of vulnerabilities in cloud applications","authors":"A. Durrani","doi":"10.1109/CIACS.2014.6861330","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861330","url":null,"abstract":"Cloud computing has emerged as the single most talked about technology of recent times. Its aim, to provide agile information technology solutions and infrastructure is the primary reason for its popularity. It enables the organizations to ensure that their resources are utilized efficiently, development process is enhanced and investments or costs incurred to buy technological resources are reduced. At the same time Cloud computing is being scrutinized in the security world due to the various vulnerabilities and threats that it poses to the user data or resources. This paper highlights the vulnerabilities that exist in applications available on the cloud and aims to make an analysis of different types of security holes found in these applications by using open source vulnerability assessment tools. It identifies the security requirements pertinent to these applications and makes an assessment whether these requirements were met by them by testing two of these applications using the vulnerability tools. It also provides remedial measures for the security holes found in these applications and enables the user to select a secure provider for themselves while at the same time enabling the cloud provider to improve their services and find a competitive edge in the market.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129251314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
NFC — Vulnerabilities and defense NFC -漏洞和防御
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861328
Naveed Ashraf Chattha
{"title":"NFC — Vulnerabilities and defense","authors":"Naveed Ashraf Chattha","doi":"10.1109/CIACS.2014.6861328","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861328","url":null,"abstract":"Near Field Communication (NFC) has been in use for quite some time by many users in mobile devices. Its use is increasing by the rapid increase in the availability of the NFC enabled devices in the market. It enables data transfer by bringing the two devices in close proximity, about 3-5 inches. It is designed for integration with mobile phones, which can communicate with other phones (peer-to-peer) or read information on tags and cards (reader). An NFC device can also be put in card emulation mode, to offer compatibility with other contactless smart card standards. This enables NFC enabled smart-phones to replace traditional contactless plastic cards used in public transport ticketing, access control, ATMs and other similar applications. NFC is a new and innovative technology with futuristic uses, but technology comes at a price both in terms of financial effects as well as the maintenance costs. The most pertinent concern would be that how much vulnerable the new technology is. There had already been instances where the security of NFC has been put to questions. It is vulnerable to numerous kinds of attacks. This research paper will list down the basic working principles of NFC, the protocols involved, vulnerabilities reported so far and possible countermeasures against the weaknesses.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"190 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115133981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Security analysis of IEEE 802.15.4 MAC in the context of Internet of Things (IoT) 物联网环境下IEEE 802.15.4 MAC的安全性分析
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861324
Syed Muhammad Sajjad, Muhammad Yousaf
{"title":"Security analysis of IEEE 802.15.4 MAC in the context of Internet of Things (IoT)","authors":"Syed Muhammad Sajjad, Muhammad Yousaf","doi":"10.1109/CIACS.2014.6861324","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861324","url":null,"abstract":"A paradigm in which household substances around us with embedded computational competences and capable of producing and distributing information is referred to as Internet of Things (IoT). IEEE 802.15.4 presents power efficient MAC layer for Internet of Things (IoT). For the preservation of privacy and security, Internet of Things (IoT) needs stern security mechanism so as to stop mischievous communication inside the IoT structure. For this purpose security weaknesses of the MAC protocol of IEEE 802.15.4 and their most important attacks have to be examined. Also security charter of IEEE 802.15.4 is to be analyzed in order to ascertain their limitations with regard to Internet of Things (IoT). Various ranges of attacks taking place in the Contention Free Period (CFP) in addition to Contention Access Period (CAP) of the super-frame structure needs to be explored and discussed. In view of the shortlisted weaknesses we would be arriving at the conclusion that the IEEE 802.15.4 security charter may be harmonized in accordance with the requirements of the Internet of Things. The missing functionalities may be incorporated in the upper layers of Internet of Things (IoT) Architecture.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126075973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
Compact implementation of SHA3-512 on FPGA FPGA上SHA3-512的紧凑实现
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861327
Alia Arshad, D. Kundi, A. Aziz
{"title":"Compact implementation of SHA3-512 on FPGA","authors":"Alia Arshad, D. Kundi, A. Aziz","doi":"10.1109/CIACS.2014.6861327","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861327","url":null,"abstract":"In this work we present a compact design of newly selected Secure Hash Algorithm (SHA-3) on Xilinx Field Programable Gate Array (FPGA) device Virtex-5. The design is logically optimized for area efficiency by merging Rho, Pi and Chi steps of algorithm into single step. By logically merging these three steps we save 16 % logical resources for overall implementation. It in turn reduced latency and enhanced maximum operating frequency of design. It utilizes only 240 Slices and has frequency of 301.02 MHz. Comparing the results of our design with the previously reported FPGA implementations of SHA3-512, our design shows the best throughput per slice (TPS) ratio of 30.1.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"40 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122347163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
BIOS integrity an advanced persistent threat BIOS完整性是一种高级的持续威胁
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861331
Muhammad Irfan Afzal Butt
{"title":"BIOS integrity an advanced persistent threat","authors":"Muhammad Irfan Afzal Butt","doi":"10.1109/CIACS.2014.6861331","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861331","url":null,"abstract":"Basic Input Output System (BIOS) is the most important component of a computer system by virtue of its role i.e., it holds the code which is executed at the time of startup. It is considered as the trusted computing base, and its integrity is extremely important for smooth functioning of the system. On the contrary, BIOS of new computer systems (servers, laptops, desktops, network devices, and other embedded systems) can be easily upgraded using a flash or capsule mechanism which can add new vulnerabilities either through malicious code, or by accidental incidents, and deliberate attack. The recent attack on Iranian Nuclear Power Plant (Stuxnet) [1:2] is an example of advanced persistent attack. This attack vector adds a new dimension into the information security (IS) spectrum, which needs to be guarded by implementing a holistic approach employed at enterprise level. Malicious BIOS upgrades can also cause denial of service, stealing of information or addition of new backdoors which can be exploited by attackers for causing business loss, passive eaves dropping or total destruction of system without knowledge of user. To address this challenge a capability for verification of BIOS integrity needs to be developed and due diligence must be observed for proactive resolution of the issue. This paper explains the BIOS Integrity threats and presents a prevention strategy for effective and proactive resolution.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131363229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A layer2 firewall for software defined network 用于软件定义网络的第二层防火墙
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861329
T. Javid, Tehseen Riaz, A. Rasheed
{"title":"A layer2 firewall for software defined network","authors":"T. Javid, Tehseen Riaz, A. Rasheed","doi":"10.1109/CIACS.2014.6861329","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861329","url":null,"abstract":"The software defined networking is an emerging three layer architecture which defines data, control, and application planes. Data and control planes implement forwarding and routing functions, respectively. Application plane contains communicating processes. This paper presents a layer2 fire-wall implementation using an example tree topology with one controller, three switches, and four hosts. Our implementation uses POX controller at control plane of the architecture. The modified code successfully controlled flow of packets between hosts according to firewall rules.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121285124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 46
Blind signcryption scheme based on elliptic curves 基于椭圆曲线的盲签名加密方案
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861332
Riaz Ullah, Nizamuddin, A. I. Umar, Noor ul Amin
{"title":"Blind signcryption scheme based on elliptic curves","authors":"Riaz Ullah, Nizamuddin, A. I. Umar, Noor ul Amin","doi":"10.1109/CIACS.2014.6861332","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861332","url":null,"abstract":"In this paper blind signcryption using elliptic curves cryptosystem is presented. It satisfies the functionalities of Confidentiality, Message Integrity, Unforgeability, Signer Non-repudiation, Message Unlink-ability, Sender anonymity and Forward Secrecy. The proposed scheme has low computation and communication overhead as compared to existing blind Signcryption schemes and best suited for mobile phone voting and m-commerce.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"124 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127411744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
ReSA: Architecture for resources sharing between clouds ReSA:用于云之间资源共享的架构
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861326
A. Waqas, Z. M. Yusof, Asadullah Shah, Moharntnad Asif Khan
{"title":"ReSA: Architecture for resources sharing between clouds","authors":"A. Waqas, Z. M. Yusof, Asadullah Shah, Moharntnad Asif Khan","doi":"10.1109/CIACS.2014.6861326","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861326","url":null,"abstract":"Cloud computing has emerged as paradigm for hosting and delivering services over the Internet. It is evolved as a key computing platform for delivering on-demand resources that include infrastructures, software, applications, and business processes. Mostly, clouds are deployed in a way that they are often isolated from each other. These implementations cause lacking of resources collaboration between different clouds. For example, cloud consumer requests some resource and that is not available at that point in time. Client satisfaction is important for business as denying the client may be expensive in many ways. To fulfill the client request, the cloud may ask the requested resource from some other cloud. In this research paper we aim to propose a trust worthy architecture named ReSA (Resource Sharing Architecture) for sharing on-demand resources between different clouds that may be managed under same or different rules, policies and management.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124406345","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Security of sharded NoSQL databases: A comparative analysis NoSQL分片数据库安全性对比分析
2014 Conference on Information Assurance and Cyber Security (CIACS) Pub Date : 2014-06-12 DOI: 10.1109/CIACS.2014.6861323
Anam Zahid, Rahat Masood, M. A. Shibli
{"title":"Security of sharded NoSQL databases: A comparative analysis","authors":"Anam Zahid, Rahat Masood, M. A. Shibli","doi":"10.1109/CIACS.2014.6861323","DOIUrl":"https://doi.org/10.1109/CIACS.2014.6861323","url":null,"abstract":"NoSQL databases are easy to scale-out because of their flexible schema and support for BASE (Basically Available, Soft State and Eventually Consistent) properties. The process of scaling-out in most of these databases is supported by sharding which is considered as the key feature in providing faster reads and writes to the database. However, securing the data sharded over various servers is a challenging problem because of the data being distributedly processed and transmitted over the unsecured network. Though, extensive research has been performed on NoSQL sharding mechanisms but no specific criterion has been defined to analyze the security of sharded architecture. This paper proposes an assessment criterion comprising various security features for the analysis of sharded NoSQL databases. It presents a detailed view of the security features offered by NoSQL databases and analyzes them with respect to proposed assessment criteria. The presented analysis helps various organizations in the selection of appropriate and reliable database in accordance with their preferences and security requirements.","PeriodicalId":192017,"journal":{"name":"2014 Conference on Information Assurance and Cyber Security (CIACS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121756855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信