Journal of Network and Computer Applications最新文献

{"title":"Exclusively in-store: Acoustic location authentication for stationary business devices","authors":"Sungbin Park ,&nbsp;Changbae Seo ,&nbsp;Xueqiang Wang ,&nbsp;Yeonjoon Lee ,&nbsp;Seung-Hyun Seo","doi":"10.1016/j.jnca.2024.104028","DOIUrl":"10.1016/j.jnca.2024.104028","url":null,"abstract":"<div><p>Over the past decade, the adoption of Internet of Things (IoT) devices has greatly revolutionized the retail and commerce industries. However, these devices are vulnerable to attacks, such as theft, which raises significant security and privacy concerns for business assets. Securing such business-owned devices is challenging, particularly due to the business contexts that require not only authenticating the devices but also verifying the environment in which the devices are located. In this study, we present a zero-effort authentication approach based on acoustic fingerprints, namely <em>AcousticAuth</em>. <em>AcousticAuth</em> enables a “verifier” device to authenticate and verify the work environment of multiple “prover” devices (e.g., kiosks) by extracting their acoustic fingerprints and direction information. Additionally, we adopt a novel method based on beamforming to expand the fingerprint space of the provers. We implemented a prototype of <em>AcousticAuth</em> using real-world IoT devices, and the evaluation of the prototype indicates that <em>AcousticAuth</em> is highly effective and achieves high sensitivity when authenticating different devices across environments. Our results demonstrate that <em>AcousticAuth</em> can accurately distinguish between different devices and the same model devices with the error rate of 0.03%, significantly enhancing the security of IoT devices in retail settings. <em>AcousticAuth</em> also distinguishes between the different environments with an error rate of 0.00%. Lastly, the system shows robustness against various acoustic interference scenarios, making it a practical solution for dynamic business environments. We not only introduce a novel security mechanism that pushes the limit of fingerprint-based authentication by expanding the fingerprint pool but also provide comprehensive insights into its implementation and performance, paving the way for more secure IoT deployments in the commercial sector.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104028"},"PeriodicalIF":7.7,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142274301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Living on the edge: A survey of Digital Twin-Assisted Task Offloading in safety-critical environments","authors":"Pedro R.X. do Carmo ,&nbsp;Diego de Freitas Bezerra ,&nbsp;Assis T. Oliveira Filho ,&nbsp;Eduardo Freitas ,&nbsp;Miguel L.P.C. Silva ,&nbsp;Marrone Dantas ,&nbsp;Beatriz Oliveira ,&nbsp;Judith Kelner ,&nbsp;Djamel F.H. Sadok ,&nbsp;Ricardo Souza","doi":"10.1016/j.jnca.2024.104024","DOIUrl":"10.1016/j.jnca.2024.104024","url":null,"abstract":"<div><p>This survey delves into the synergy between Digital Twin technology and Task Offloading within safety-critical sectors, offering a nuanced understanding of their integration, potential benefits, and associated challenges. By defining fundamental concepts and exploring real-world implementations, this study evaluates the impact of Digital Twin-Assisted Task Offloading on optimizing resource utilization in safety-critical environments. Central to our analysis is the evaluation of key performance metrics guiding task offloading strategies, notably latency, and energy consumption, which are critical for achieving real-time efficiency and sustainable operations in edge computing environments. The survey further identifies a gap in the literature concerning cybersecurity and privacy concerns, crucial elements given the vulnerability of these systems to cyber threats and data breaches. It also highlights the emerging significance of 6G technology as a pivotal enabler for future advancements. This work not only serves as a valuable resource for professionals and researchers in safety-critical industries but also underscores the importance of addressing cybersecurity measures, advocating for standardized frameworks, and aligning with future technological trends to fully harness the potential of Digital Twin-Assisted Task Offloading.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104024"},"PeriodicalIF":7.7,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142230793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Distributed Fog computing system for weapon detection and face recognition","authors":"Héctor Martinez,&nbsp;Francisco J. Rodriguez-Lozano,&nbsp;Fernando León-García,&nbsp;Jose M. Palomares,&nbsp;Joaquín Olivares","doi":"10.1016/j.jnca.2024.104026","DOIUrl":"10.1016/j.jnca.2024.104026","url":null,"abstract":"<div><p>Surveillance systems are very important to prevent situations where armed people appear. To minimize human supervision, there are algorithms based on artificial intelligence that perform a large part of the identification and detection tasks. These systems usually require large data processing servers. However, a high number of cameras causes congestion in the networks due to a large amount of data being sent. This work introduces a novel system for identifying individuals with weapons by leveraging Edge, Fog, and Cloud computing. The key advantages include minimizing the data transmitted to the Cloud and optimizing the computations performed within it. The main benefits of our proposal are the high and simple scalability, the immediacy of the detection, as well as the optimization of processes through distributed processing of high performance in the Fog layer. Moreover, the structure of this proposal is suitable for 5G camera networks, which require low latency and quick responses.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104026"},"PeriodicalIF":7.7,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142236885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A survey on Ethereum pseudonymity: Techniques, challenges, and future directions","authors":"Shivani Jamwal ,&nbsp;José Cano ,&nbsp;Gyu Myoung Lee ,&nbsp;Nguyen H. Tran ,&nbsp;Nguyen Truong","doi":"10.1016/j.jnca.2024.104019","DOIUrl":"10.1016/j.jnca.2024.104019","url":null,"abstract":"<div><p>Blockchain technology has emerged as a transformative force in various sectors, including finance, healthcare, supply chains, and intellectual property management. Beyond Bitcoin’s role as a decentralized payment system, Ethereum represents a notable application of blockchain, featuring Smart Contract functionality that enables the development and execution of decentralized applications (DApps). A key feature of Ethereum, and public blockchains in general, is pseudonymity, typically achieved by using public keys as pseudonyms for users. Despite implementing several privacy-preserving techniques, the public recording of user activities on the blockchain allows various deanonymization methods that can profile users, reveal sensitive information, and potentially re-identify them. Most blockchains, such as Bitcoin, Litecoin, and Cardano, employ the Unspent Transaction Output (UTXO) model for accounting, which focuses on individual transactions and is susceptible to various deanonymization techniques. In contrast, Ethereum uses an account-based transaction model, integrating the concepts of accounts and wallets at the protocol level. This makes most UTXO-based deanonymization techniques ineffective for Ethereum. However, alternative methods with the potential to deanonymize Ethereum users have been proposed and developed. Privacy preservation techniques have been used to counteract deanonymization attempts; however, the challenges related to these techniques, their effectiveness and efficiency, and the trade-off between usability and protection levels remain areas for further exploration. This survey presents a comprehensive analysis of state-of-the-art privacy preservation along with deanonymization techniques in the blockchain and Ethereum ecosystems. This survey examines the intrinsic mechanisms supporting pseudonymity in Ethereum, providing a detailed assessment of the advantages and disadvantages of privacy preservation techniques, and suggests potential countermeasures against those deanonymization methods. It also discusses the implications arising from the intersection of DApps and data protection legislation, which is vital for ensuring the coexistence and advancement of groundbreaking blockchain capabilities and protecting user data.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104019"},"PeriodicalIF":7.7,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142236891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DeCa360: Deadline-aware edge caching for two-tier 360° video streaming","authors":"Tao Lin ,&nbsp;Yang Chen ,&nbsp;Hao Yang ,&nbsp;Yuan Zhang ,&nbsp;Bo Jiang ,&nbsp;Jinyao Yan","doi":"10.1016/j.jnca.2024.104022","DOIUrl":"10.1016/j.jnca.2024.104022","url":null,"abstract":"<div><p>Two-tier 360° video streaming provides a robust solution for handling inaccurate viewport prediction and varying network conditions. Within this paradigm, the client employs a dual-buffer mechanism consisting of a long buffer for panoramic basic-quality segments and a short buffer for high-quality tiles. However, designing an efficient edge caching strategy for two-tier 360° videos is non-trivial. First, as basic-quality segments and high-quality tiles possess different delivery deadlines as well as content popularity, ignoring these discrepancies may result in inefficient edge caching. Second, accurately predicting the popularity of 360° videos at a fine granularity of video segments and tiles remains a challenge. To address these issues, we present DeCa360, a deadline-aware edge caching framework for 360° videos. Specifically, we introduce a lightweight runtime cache partitioning approach to achieve a careful balance between improving the cache hit ratio and guaranteeing more on-time delivery of objects. Moreover, we design a content popularity prediction method for two-tier 360° videos that combines a learning-based prediction model with domain knowledge of video streaming, leading to improved prediction accuracy and efficient cache replacement. Extensive experimental evaluations demonstrate that DeCa360 outperforms all baseline algorithms in terms of byte-hit ratio and on-time delivery ratio, making it a promising approach for efficient edge caching of 360° videos.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104022"},"PeriodicalIF":7.7,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142166723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A survey on fuzz testing technologies for industrial control protocols","authors":"Xiaoyan Wei ,&nbsp;Zheng Yan ,&nbsp;Xueqin Liang","doi":"10.1016/j.jnca.2024.104020","DOIUrl":"10.1016/j.jnca.2024.104020","url":null,"abstract":"<div><p>The development of the industrial Internet of Things enables industrial control systems to become inter-networked and inter-connected, making them intelligent with high productivity. However, these systems are exposed to external environments and vulnerable to network attacks, which also suffer from internal vulnerabilities. Fuzz testing, in short fuzzing, is a technique to enhance the security of industrial control systems by finding errors when repeatedly executing software that injects illegal, malformed, or unexpected inputs into the systems. Unfortunately, traditional fuzzing of communication protocols faces low coverage and efficiency problems when being applied to industrial protocols, considering the characteristics of industrial protocols such as real-time and multi-interaction. Moreover, fuzzing is difficult to perform because many structures of industrial control protocols are not publicly available. Although researchers have started to focus on the fuzzing of industrial control protocols, existing literature still lacks a thorough survey of its recent advances. To fill this gap, we conduct a comprehensive survey on existing fuzzing methods for industrial control protocols. After a brief introduction to industrial control protocols and fuzzing, we propose a set of metrics for judging the pros and cons of existing fuzzing methods. Based on these metrics, we evaluate and compare the performance of fuzzing methods of industrial control protocols in the past eight years. Based on our review and analysis, we further summarize the open problems of these methods for achieving the proposed metrics and elaborate on future research directions toward secure industrial control systems.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104020"},"PeriodicalIF":7.7,"publicationDate":"2024-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142158326","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"PHIGrader: Evaluating the effectiveness of Manifest file components in Android malware detection using Multi Criteria Decision Making techniques","authors":"Yash Sharma ,&nbsp;Anshul Arora","doi":"10.1016/j.jnca.2024.104021","DOIUrl":"10.1016/j.jnca.2024.104021","url":null,"abstract":"<div><p>The popularity of the Android operating system has itself become a reason for privacy concerns. To deal with such malware threats, researchers have proposed various detection approaches using static and dynamic features. Static analysis approaches are the most convenient for practical detection. However, several patterns of feature usage were found to be similar in the normal and malware datasets. Such high similarity in both datasets’ feature patterns motivates us to rank and select only the distinguishing set of features. Hence, in this study, we present a novel Android malware detection system, termed as <em>PHIGrader</em> for ranking and evaluating the efficiency of the three most commonly used static features, namely permissions, intents, and hardware components, when used for Android malware detection. To meet our goals, we individually rank the three feature types using frequency-based Multi-Criteria Decision Making (MCDM) techniques, namely TOPSIS and EDAS. Then, the system applies a novel detection algorithm to the rankings involving machine learning and deep learning classifiers to present the best set of features and feature type with higher detection accuracy as an output. The experimental results highlight that our proposed approach can effectively detect Android malware with 99.10% detection accuracy, achieved with the top 46 intents when ranked using TOPSIS, which is better than permissions, hardware components, or even the case where other popular MCDM techniques are used. Furthermore, our experiments demonstrate that the proposed system with frequency-based MCDM rankings is better than other statistical tests such as mutual information, Pearson correlation coefficient, and t-test. In addition, our proposed model outperforms various popularly used feature ranking methods such as Chi-square, Principal Component Analysis (PCA), Entropy-based Category Coverage Difference (ECCD), and other state-of-the-art Android malware detection techniques in terms of detection accuracy.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104021"},"PeriodicalIF":7.7,"publicationDate":"2024-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142230792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Clone node detection in static wireless sensor networks: A hybrid approach","authors":"Muhammad Numan ,&nbsp;Fazli Subhan ,&nbsp;Mohd Nor Akmal Khalid ,&nbsp;Wazir Zada Khan ,&nbsp;Hiroyuki Iida","doi":"10.1016/j.jnca.2024.104018","DOIUrl":"10.1016/j.jnca.2024.104018","url":null,"abstract":"<div><p>Wireless Sensor Networks (WSNs) security is a serious concern due to the lack of hardware protection on sensor nodes. One common attack on WSNs is the cloning attack, where an adversary captures legitimate nodes, creates multiple replicas, and reprograms them for malicious activities. Therefore, creating an efficient defense to mitigate this challenge is essential. Several witness node-based techniques have been developed to solve this issue, but they often suffer from higher communication and memory overheads or low detection accuracy, making them less effective. In response to the limitations of existing techniques, we propose a novel approach called Hybrid Random Walk assisted Zone-based (HRWZ) for clone node detection in static WSNs. The HRWZ method relies on the random selection of Zone-Leader (<span><math><msub><mrow><mi>Z</mi></mrow><mrow><mi>L</mi></mrow></msub></math></span>) in WSNs to detect clones effectively while maintaining network lifespan. We compared HRWZ to known witness node-based techniques, namely Randomized Multicast (RM), Line Selected Multicast (LSM), Random Walk (RAWL) and Table-assisted RAndom WaLk (TRAWL), under different simulation settings. The simulation results confirmed the improved performance and reliability of the proposed HRWZ technique. Our approach reduces communication costs and provides an effective way of selecting <span><math><msub><mrow><mi>Z</mi></mrow><mrow><mi>L</mi></mrow></msub></math></span> for high-probability clone node detection.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104018"},"PeriodicalIF":7.7,"publicationDate":"2024-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1084804524001954/pdfft?md5=a1d53d6c117165e079b5f3dfe62294f6&pid=1-s2.0-S1084804524001954-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142162850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An efficient certificateless blockchain-enabled authentication scheme to secure producer mobility in named data networks","authors":"Cong Wang ,&nbsp;Tong Zhou ,&nbsp;Maode Ma ,&nbsp;Yuwen Xiong ,&nbsp;Xiankun Zhang ,&nbsp;Chao Liu","doi":"10.1016/j.jnca.2024.104007","DOIUrl":"10.1016/j.jnca.2024.104007","url":null,"abstract":"<div><p>Named Data Networking (NDN) aims to establish an efficient content delivery architecture. In NDN, secure and effective identity authentication schemes ensure secure communication between producers and routers. Currently, there is no feasible solution to perform identity authentication of mobile producers in NDNs. Identity authentication schemes in other networks are either weak in security or performance, such as privacy leakage, difficulty to establish cross-domain trust, and long handover delays, and are not fully adaptable to the security requirements of NDNs. Additionally, the mobility of producers was not fully considered in the initial design of NDNs. This paper first revises the structure of packets and routers to support the identity authentication and mobility of producers. On this basis, this paper proposes a secure and efficient certificateless ECC-based producer identity authentication scheme (CL-BPA), which includes initial authentication and re-authentication, aimed at achieving rapid switch authentication and integrating blockchain to solve single-point failure issues. Using the Canetti and Krawczyk (CK) adversarial model and informal security analysis, the proposed CL-BPA scheme is demonstrated to be resistant to anonymity attacks, identity forgery attacks, and man-in-the-middle attacks. The performance analysis demonstrates that the proposed CL-BPA scheme exhibits excellent capabilities in terms of computation delay, communication cost, smart contract execution time, average response delay, and throughput.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104007"},"PeriodicalIF":7.7,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142151248","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An online cost optimization approach for edge resource provisioning in cloud gaming","authors":"Guoqing Tian,&nbsp;Li Pan,&nbsp;Shijun Liu","doi":"10.1016/j.jnca.2024.104008","DOIUrl":"10.1016/j.jnca.2024.104008","url":null,"abstract":"<div><p>Cloud gaming (CG), as an emergent computing paradigm, is revolutionizing the gaming industry. Currently, cloud gaming service providers (CGSPs) begin to integrate edge computing with cloud to provide services, with the aim of maximizing gaming service revenue while considering the costs incurred and the benefits generated. However, it is non-trivial to maximize gaming service revenue, as future requests are not known beforehand, and poor resource provisioning may result in exorbitant costs. In addition, the edge resource provisioning (ERP) problem in CG necessitates a trade-off between cost and inevitable queuing issues in CG systems. To address this issue, we propose ERPOL (ERP Online), a convenient and efficient approach to formulate ERP strategies for CGSPs, without requiring any future information. The performance of ERPOL has been theoretically validated and experimentally evaluated. Experiments driven by real-world traces show that it can achieve significant cost savings. The proposed approach has the potential to transform how CGSPs manage their infrastructure.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104008"},"PeriodicalIF":7.7,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142094756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}