Journal of Computer Security最新文献_第4页

Symbolic protocol verification with dice1 使用dice1进行符号协议验证

Journal of Computer Security Pub Date : 2023-10-13 DOI: 10.3233/jcs-230037

Vincent Cheval, Raphaëlle Crubillé, Steve Kremer

{"title":"Symbolic protocol verification with dice1","authors":"Vincent Cheval, Raphaëlle Crubillé, Steve Kremer","doi":"10.3233/jcs-230037","DOIUrl":"https://doi.org/10.3233/jcs-230037","url":null,"abstract":"Symbolic protocol verification generally abstracts probabilities away, considering computations that succeed only with negligible probability, such as guessing random numbers or breaking an encryption scheme, as impossible. This abstraction, sometimes referred to as the perfect cryptography assumption, has shown very useful as it simplifies automation of the analysis. However, probabilities may also appear in the control flow where they are generally not negligible. In this paper we consider a framework for symbolic protocol analysis with a probabilistic choice operator: the probabilistic applied π-calculus. We define and explore the relationships between several behavioral equivalences. In particular we show the need for randomized schedulers and exhibit a counter-example to a result in a previous work that relied on non-randomized ones. As in other frameworks that mix both non-deterministic and probabilistic choices, schedulers may sometimes be unrealistically powerful. We therefore consider two subclasses of processes that avoid this problem. In particular, when considering purely non-deterministic protocols, as is done in classical symbolic verification, we show that a probabilistic adversary has – maybe surprisingly – a strictly superior distinguishing power for may testing, which, when the number of sessions is bounded, we show to coincide with purely possibilistic similarity.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2023-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135805040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A certificateless signcryption with proxy-encryption for securing agricultural data in the cloud 使用代理加密的无证书签名加密，用于保护云中的农业数据

IF 1.2

Journal of Computer Security Pub Date : 2023-08-28 DOI: 10.3233/jcs-220107

I. Obiri, Abigail Akosua Addobea, Eric Affum, Jacob Ankamah, Albert Kofi Kwansah Ansah

{"title":"A certificateless signcryption with proxy-encryption for securing agricultural data in the cloud","authors":"I. Obiri, Abigail Akosua Addobea, Eric Affum, Jacob Ankamah, Albert Kofi Kwansah Ansah","doi":"10.3233/jcs-220107","DOIUrl":"https://doi.org/10.3233/jcs-220107","url":null,"abstract":"Precision agriculture (PA) involves collecting, processing, and analyzing datasets in agriculture for an informed decision. Due to the high data storage and application maintenance costs, farmers usually outsource their agricultural data obtained from PA to cloud service providers to leverage cloud services. Nonetheless, serious security concerns arise from using cloud services for farmers. For instance, an attacker can intercept agricultural data and run comprehensive statistical analyses to adjudicate farmers’ financial status, extort money, commit identity theft, etc. As a result, compelling data security schemes have become crucial for secure precision farming, where only legitimate users are required to access the agricultural data outsourced to the cloud. This article presents a certificateless signcryption scheme with proxy re-encryption (CLS-PRE) for secure access control in PA. An in-depth security analysis proves that the CLS-PRE scheme is secure in the Random Oracle Model. Detailed performance evaluation also shows that the scheme can reduce the time required to signcrypt and unsigncrypt messages and lower communication overhead.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74504717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Secure authentication protocols to resist off-line attacks on authentication data table 安全认证协议，抵御对认证数据表的离线攻击

IF 1.2

Journal of Computer Security Pub Date : 2023-06-06 DOI: 10.3233/jcs-210171

Vinod Ramesh Falmari, B. M.

{"title":"Secure authentication protocols to resist off-line attacks on authentication data table","authors":"Vinod Ramesh Falmari, B. M.","doi":"10.3233/jcs-210171","DOIUrl":"https://doi.org/10.3233/jcs-210171","url":null,"abstract":"In text-based authentication, the passwords along with user names are maintained in the Authentication Data Table (ADT). It is necessary to preserve the privacy of passwords in ADT to avoid offline attacks like brute force attacks, lookup table attacks, etc. In this paper, three password protection schemes, namely Encrypted Image Password (EIP), Dynamic Authentication Data Table (D-ADT), and Extended Encrypted Image Password (EEIP) are proposed for secure authentication. In EIP, the input passwords are first converted to hashed passwords and then transformed into images. Next, these image passwords are encrypted using a novel image password encryption system using chaos functions and confusion-diffusion mechanisms. In D-ADT, the hashed passwords are encrypted using a random key. The major highlight of this scheme is that during every log, the hashed password is encrypted with a new random key while keeping the plain password same as it is. So, during each login of the user, the old encrypted password is replaced with a new encrypted password in the authentication data table. The EEIP scheme combines both approaches. Passwords are converted to images and image passwords are encrypted with the new random key at every login. Performance and security analysis are carried out for the proposed algorithm concerning correlation analysis, differential analysis, entropy analysis, computation time, keyspace, and offline attack analysis.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79432754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A multiview clustering framework for detecting deceptive reviews 用于检测欺骗性评论的多视图聚类框架

IF 1.2

Journal of Computer Security Pub Date : 2023-03-13 DOI: 10.3233/jcs-220001

Yubao Zhang, Haining Wang, A. Stavrou

{"title":"A multiview clustering framework for detecting deceptive reviews","authors":"Yubao Zhang, Haining Wang, A. Stavrou","doi":"10.3233/jcs-220001","DOIUrl":"https://doi.org/10.3233/jcs-220001","url":null,"abstract":"Online reviews, which play a key role in the ecosystem of nowadays business, have been the primary source of consumer opinions. Due to their importance, professional review writing services are employed for paid reviews and even being exploited to conduct opinion spam. Posting deceptive reviews could mislead customers, yield significant benefits or losses to service vendors, and erode confidence in the entire online purchasing ecosystem. In this paper, we ferret out deceptive reviews originated from professional review writing services. We do so even when reviewers leverage a number of pseudonymous identities to avoid the detection. To unveil the pseudonymous identities associated with deceptive reviewers, we leverage the multiview clustering method. This enables us to characterize the writing style of reviewers (deceptive vs normal) and cluster the reviewers based on their writing style. Furthermore, we explore different neural network models to model the writing style of deceptive reviews. We select the best performing neural network to generate the representation of reviews. We validate the effectiveness of the multiview clustering framework using real-world Amazon review data under different experimental scenarios. Our results show that our approach outperforms previous research. We further demonstrate its superiority through a large-scale case study based on publicly available Amazon datasets.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77597931","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Discriminative spatial-temporal feature learning for modeling network intrusion detection systems 基于判别时空特征学习的网络入侵检测系统建模

IF 1.2

Journal of Computer Security Pub Date : 2023-02-27 DOI: 10.3233/jcs-220031

S. Wanjau, G. Wambugu, A. Oirere, G. M. Muketha

{"title":"Discriminative spatial-temporal feature learning for modeling network intrusion detection systems","authors":"S. Wanjau, G. Wambugu, A. Oirere, G. M. Muketha","doi":"10.3233/jcs-220031","DOIUrl":"https://doi.org/10.3233/jcs-220031","url":null,"abstract":"Increasing interest and advancement of internet and communication technologies have made network security rise as a vibrant research domain. Network intrusion detection systems (NIDSs) have developed as indispensable defense mechanisms in cybersecurity that are employed in discovery and prevention of malicious network activities. In the recent years, researchers have proposed deep learning approaches in the development of NIDSs owing to their ability to extract better representations from large corpus of data. In the literature, convolutional neural network architecture is extensively used for spatial feature learning, while the long short term memory networks are employed to learn temporal features. In this paper, a novel hybrid method that learn the discriminative spatial and temporal features from the network flow is proposed for detecting network intrusions. A two dimensional convolution neural network is proposed to intelligently extract the spatial characteristics whereas a bi-directional long short term memory is used to extract temporal features of network traffic data samples consequently, forming a deep hybrid neural network architecture for identification and classification of network intrusion samples. Extensive experimental evaluations were performed on two well-known benchmarks datasets: CIC-IDS 2017 and the NSL-KDD datasets. The proposed network model demonstrated state-of-the-art performance with experimental results showing that the accuracy and precision scores of the intrusion detection model are significantly better than those of other existing models. These results depicts the applicability of the proposed model in the spatial-temporal feature learning in network intrusion detection systems.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2023-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81408505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

User Privacy Concerns in Commercial Smart Buildings1 商业智能楼宇中的用户隐私问题1

IF 1.2

Journal of Computer Security Pub Date : 2022-06-13 DOI: 10.3233/jcs-210035

Scott Harper, M. Mehrnezhad, John C. Mace

{"title":"User Privacy Concerns in Commercial Smart Buildings1","authors":"Scott Harper, M. Mehrnezhad, John C. Mace","doi":"10.3233/jcs-210035","DOIUrl":"https://doi.org/10.3233/jcs-210035","url":null,"abstract":"Smart buildings are socio-technical systems that bring together building systems, IoT technology and occupants. A multitude of embedded sensors continually collect and share building data on a large scale which is used to understand and streamline daily operations. Much of this data is highly influenced by the presence of building occupants and could be used to monitor and track their location and activities. The combination of open accessibility to smart building data and the rapid development and enforcement of data protection legislation such as the GDPR and CCPA make the privacy of smart building occupants a concern. Until now, little if any research exists on occupant privacy in work-based or commercial smart buildings. This paper addresses this gap by conducting two user studies ( N = 81 and N = 40) on privacy concerns and preferences about smart buildings. The first study explores the perception of the occupants of a state-of-the-art commercial smart building, and the latter reflects on the concerns and preferences of a more general user group who do not use this building. Our results show that the majority of the participants are not familiar with the types of data being collected, that it is subtly related to them (only 19.75% of smart building residents (occupants) and 7.5% non-residents), nor the privacy risks associated with it. After being informed more about smart buildings and the data they collect, over half of our participants said that they would be concerned with how occupancy data is used. These findings show that despite the more public environment, there are similar levels of privacy concerns for some sensors to those living in smart homes. The participants called for more transparency in the data collection process and beyond, which means that better policies and regulations should be in place for smart building data.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":1.2,"publicationDate":"2022-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72766267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 6

A Study on the Types of Using Digital Services by Elderly Consumers: Focused on Internet Users 老年消费者使用数字服务类型研究:以互联网用户为研究对象

IF 1.2

Journal of Computer Security Pub Date : 2021-04-30 DOI: 10.35736/JCS.32.2.2

Jin-Myong Lee, Suyeon Kim, Ji H Baek, Jae-Sik Yang, J. Lim, Hyejin Jang

引用次数: 0

The Role of Trust in C2C Platforms 信任在C2C平台中的作用

IF 1.2

Journal of Computer Security Pub Date : 2021-04-30 DOI: 10.35736/JCS.32.2.4

B. Lee

引用次数: 0

A Study on the Types of Consumer Information Activity: Focused on Food Delivery Service App Reviews 消费者信息活动类型研究——以外卖服务App评论为例