Articles

A novel quality assessment for visual secret sharing schemes

To evaluate the visual quality in visual secret sharing schemes, most of the existing metrics fail to generate fair and uniform quality scores for tested reconstructed images. We propose a new approach to measure...

Authors: Feng Jiang and Brian King

Fuzzing binaries with Lévy flight swarms

We present a new method for random testing of binary executables inspired by biology. In our approach, we introduce the first fuzzer based on a mathematical model for optimal foraging. To minimize search time ...

Authors: Konstantin Böttinger

Guest editorial special issues on security trends in mobile cloud computing, web, and social networking

Authors: B. B. Gupta, Shingo Yamaguchi and Pethuru Raj Chelliah

Unlinkable improved multi-biometric iris fuzzy vault

Iris recognition technologies are deployed in numerous large-scale nation-wide projects in order to provide robust and reliable biometric recognition of individuals. Moreover, the iris has been found to be rat...

Authors: Christian Rathgeb, Benjamin Tams, Johannes Wagner and Christoph Busch

Quality-based iris segmentation-level fusion

Iris localisation and segmentation are challenging and critical tasks in iris biometric recognition. Especially in non-cooperative and less ideal environments, their impact on overall system performance has be...

Authors: Peter Wild, Heinz Hofbauer, James Ferryman and Andreas Uhl

Identification performance of evidential value estimation for ridge-based biometrics

Law enforcement agencies around the world use ridge-based biometrics, especially fingerprints, to fight crime. Fingermarks that are left at a crime scene and identified as potentially having evidential value (...

Authors: Johannes Kotzerke, Hao Hao, Stephen A. Davis, Robert Hayes, L. J. Spreeuwers, R. N. J. Veldhuis and K. J. Horadam

Double JPEG compression forensics based on a convolutional neural network

Double JPEG compression detection has received considerable attention in blind image forensics. However, only few techniques can provide automatic localization. To address this challenge, this paper proposes a...

Authors: Qing Wang and Rong Zhang

Hidost: a static machine-learning-based detector of malicious files

Malicious software, i.e., malware, has been a persistent threat in the information security landscape since the early days of personal computing. The recent targeted attacks extensively use non-executable malw...

Authors: Nedim Šrndić and Pavel Laskov

Privacy-preserving load profile matching for tariff decisions in smart grids

In liberalized energy markets, matching consumption patterns to energy tariffs is desirable, but practically limited due to privacy concerns, both on the side of the consumer and on the side of the utilities. ...

Authors: Andreas Unterweger, Fabian Knirsch, Günther Eibl and Dominik Engel

DST approach to enhance audio quality on lost audio packet steganography

Lost audio packet steganography (LACK) is a steganography technique established on the VoIP network. LACK provides a high-capacity covert channel over VoIP network by artificially delaying and dropping a numbe...

Authors: Qilin Qi, Dongming Peng and Hamid Sharif

Adaptive identity and access management—contextual data based policies

Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at...

Authors: Matthias Hummer, Michael Kunz, Michael Netter, Ludwig Fuchs and Günther Pernul

The role and security of firewalls in cyber-physical cloud computing

Clouds are here to stay, and the same holds for cyber-physical systems—not to forget their combination. In light of these changing paradigms, it is of utter importance to reconsider security as both introduce ...

Authors: Johanna Ullrich, Jordan Cropper, Peter Frühwirt and Edgar Weippl

A flexible framework for mobile device forensics based on cold boot attacks

Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these devices can provide against digital forensics is of particular interest. A common method to a...

Authors: Manuel Huber, Benjamin Taubmann, Sascha Wessel, Hans P. Reiser and Georg Sigl

DB-SECaaS: a cloud-based protection system for document-oriented NoSQL databases

The trend of cloud databases is leaning towards Not Only SQL (NoSQL) databases as they provide better support for scalable storage and quick retrieval of exponentially voluminous data. One of the more prominen...

Authors: Yumna Ghazi, Rahat Masood, Abid Rauf, Muhammad Awais Shibli and Osman Hassan

Experimental comparison of simulation tools for efficient cloud and mobile cloud computing applications

Cloud computing provides a convenient and on-demand access to virtually unlimited computing resources. Mobile cloud computing (MCC) is an emerging technology that integrates cloud computing technology with mob...

Authors: Khadijah Bahwaireth, Lo’ai Tawalbeh, Elhadj Benkhelifa, Yaser Jararweh and Mohammad A. Tawalbeh

An adaptive approach for Linux memory analysis based on kernel code reconstruction

Memory forensics plays an important role in security and forensic investigations. Hence, numerous studies have investigated Windows memory forensics, and considerable progress has been made. In contrast, resea...

Authors: Shuhui Zhang, Xiangxu Meng and Lianhai Wang

A secure cloud storage system combining time-based one-time password and automatic blocker protocol

Cloud storages in cloud data centers can be used for enterprises and individuals to store and access their data remotely anywhere anytime without any additional burden. By data outsourcing, users can be reliev...

Authors: Sheren A. El-Booz, Gamal Attiya and Nawal El-Fishawy

Generalized weighted tree similarity algorithms for taxonomy trees

Taxonomy trees are used in machine learning, information retrieval, bioinformatics, and multi-agent systems for matching as well as matchmaking in e-business, e-marketplaces, and e-learning. A weighted tree si...

Authors: Pramodh Krishna D. and Venu Gopal Rao K.

An efficient privacy-preserving comparison protocol in smart metering systems

In smart grids, providing power consumption statistics to the customers and generating recommendations for managing electrical devices are considered to be effective methods that can help to reduce energy cons...

Authors: Majid Nateghizad, Zekeriya Erkin and Reginald L. Lagendijk

ASIC implementation of random number generators using SR latches and its evaluation

A true random number generator (TRNG) is proposed and evaluated by field-programmable gate arrays (FPGA) implementation that generates random numbers by exclusive-ORing (XORing) the outputs of many SR latches ...

Authors: Naoya Torii, Hirotaka Kokubo, Dai Yamamoto, Kouichi Itoh, Masahiko Takenaka and Tsutomu Matsumoto

A novel approach to protect against phishing attacks at client side using auto-updated white-list

Most of the anti-phishing solutions are having two major limitations; the first is the need of a fast access time for a real-time environment and the second is the need of high detection rate. Black-list-based...

Authors: Ankit Kumar Jain and B. B. Gupta

Software control and intellectual property protection in cyber-physical systems

Software control is a critical issue in cyber-physical systems (CPS); if the expected behavior of the software embedded in a single device of a CPS cannot be enforced then the behavior of the whole CPS may be ...

Authors: Raphael C. S. Machado, Davidson R. Boccardo, Vinícius G. Pereira de Sá and Jayme L. Szwarcfiter

A new usage control protocol for data protection of cloud environment

With the rapid development of the cloud computing service, utilizing traditional access control models was difficult to meet the complex requirements of data protection in cloud environment. In cloud environme...

Authors: Kefeng Fan, Xiangzhen Yao, Xiaohe Fan, Yong Wang and Mingjie Chen

HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting

The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on ne...

Authors: Martin Husák, Milan Čermák, Tomáš Jirsík and Pavel Čeleda

Secured ECG signal transmission for human emotional stress classification in wireless body area networks

Information security is key important when we are trying to interconnect the wireless body sensor network with the healthcare social network via mobile facilities. In this paper, we specially work on a secured...

Authors: Hansong Xu and Kun Hua

A landmark calibration-based IP geolocation approach

Aiming at the existing IP geolocation approaches does not consider the errors of landmarks and delay; a new geolocation approach-utilized landmark calibration is proposed in this paper. At first, we find out t...

Authors: Jingning Chen, Fenlin Liu, Xiangyang Luo, Fan Zhao and Guang Zhu

Asymptotics of fingerprinting and group testing: capacity-achieving log-likelihood decoders

We study the large-coalition asymptotics of fingerprinting and group testing and derive explicit decoders that provably achieve capacity for many of the considered models. We do this both for simple decoders (...

Authors: Thijs Laarhoven

Combating online fraud attacks in mobile-based advertising

Smartphone advertisement is increasingly used among many applications and allows developers to obtain revenue through in-app advertising. Our study aims at identifying potential security risks of mobile-based ...

Authors: Geumhwan Cho, Junsung Cho, Youngbae Song, Donghyun Choi and Hyoungshick Kim

Markov process-based retrieval for encrypted JPEG images

This paper develops a retrieval scheme for encrypted JPEG images based on a Markov process. In our scheme, the stream cipher and permutation encryption are combined to encrypt discrete cosine transform (DCT) c...

Authors: Hang Cheng, Xinpeng Zhang, Jiang Yu and Fengyong Li

Private function evaluation by local two-party computation

Information processing services are becoming increasingly pervasive, such as is demonstrated by the Internet of Things or smart grids. Given the importance that these services have reached in our daily life, t...

Authors: Stefan Rass, Peter Schartner and Monika Brodbeck

Anticollusion solutions for asymmetric fingerprinting protocols based on client side embedding

In this paper, we propose two different solutions for making a recently proposed asymmetric fingerprinting protocol based on client-side embedding robust to collusion attacks. The first solution is based on pr...

Authors: Tiziano Bianchi, Alessandro Piva and Dasara Shullani

Texture based features for robust palmprint recognition: a comparative study

Palmprint is a widely used biometric trait deployed in various access-control applications due to its convenience in use, reliability, and low cost. In this paper, we propose a novel scheme for palmprint recog...

Authors: R. Raghavendra and Christoph Busch

A survey on security attacks and countermeasures with primary user detection in cognitive radio networks

Currently, there are several ongoing efforts for the definition of new regulation policies, paradigms, and technologies aiming a more efficient usage of the radio spectrum. In this context, cognitive radio (CR...

Authors: José Marinho, Jorge Granjal and Edmundo Monteiro

Fingerprint-based crypto-biometric system for network security

To ensure the secure transmission of data, cryptography is treated as the most effective solution. Cryptographic key is an important entity in this process. In general, randomly generated cryptographic key (of...

Authors: Subhas Barman, Debasis Samanta and Samiran Chattopadhyay

Steganalysis of JSteg algorithm using hypothesis testing theory

This paper investigates the statistical detection of JSteg steganography. The approach is based on a statistical model of discrete cosine transformation (DCT) coefficients challenging the usual assumption that...

Authors: Tong Qiao, Florent Retraint, Rémi Cogranne and Cathel Zitzmann

Laribus: privacy-preserving detection of fake SSL certificates with a social P2P notary network

In this paper we present Laribus, a peer-to-peer network designed to detect local man-in-the-middle attacks against secure socket layer/transport layer security (SSL/TLS). With Laribus, clients can validate th...

Authors: Karl-Peter Fuchs, Dominik Herrmann, Andrea Micheloni and Hannes Federrath

Optimized combined-clustering methods for finding replicated criminal websites

To be successful, cybercriminals must figure out how to scale their scams. They duplicate content on new websites, often staying one step ahead of defenders that shut down past schemes. For some scams, such as...

Authors: Jake M Drew and Tyler Moore

MUSE: asset risk scoring in enterprise network with mutually reinforced reputation propagation

Cyber security attacks are becoming ever more frequent and sophisticated. Enterprises often deploy several security protection mechanisms, such as anti-virus software, intrusion detection/prevention systems, a...

Authors: Xin Hu, Ting Wang, Marc Ph Stoecklin, Douglas L Schales, Jiyong Jang and Reiner Sailer

DNSSEC for cyber forensics

Domain Name System (DNS) cache poisoning is a stepping stone towards advanced (cyber) attacks. DNS cache poisoning can be used to monitor users’ activities for censorship, to distribute malware and spam and to...

Authors: Haya Shulman and Michael Waidner

PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification

The distributed and decentralized nature of peer-to-peer (P2P) networks has offered a lucrative alternative to bot-masters to build botnets. P2P botnets are not prone to any single point of failure and have be...

Authors: Pratik Narang, Chittaranjan Hota and VN Venkatakrishnan

Conflict detection in obligation with deadline policies

Many papers have already provided models to formally specify security policies. In this paper, security policies are modeled using deontic concepts of permission and obligation. Permission rules are used to sp...

Authors: Nada Essaouini, Frédéric Cuppens, Nora Cuppens-Boulahia and Anas Abou El Kalam

Riding the saddle point: asymptotics of the capacity-achieving simple decoder for bias-based traitor tracing

We study the asymptotic-capacity-achieving score function that was recently proposed by Oosterwijk et al. for bias-based traitor tracing codes. For the bias function, we choose the Dirichlet distribution with ...

Authors: Sarah Ibrahimi, Boris Škorić and Jan-Jaap Oosterwijk

Taxonomy of social network data types

Online social networks (OSNs) have become an integral part of social interaction and communication between people. Reasons include the ubiquity of OSNs that is offered through mobile devices and the possibilit...

Authors: Christian Richthammer, Michael Netter, Moritz Riesner, Johannes Sänger and Günther Pernul

Document authentication using graphical codes: reliable performance analysis and channel optimization

This paper proposes to investigate the impact of the channel model for authentication systems based on codes that are corrupted by a physically unclonable noise such as the one emitted by a printing process. T...

Authors: Anh Thu Phan Ho, Bao An Mai Hoang, Wadih Sawaya and Patrick Bas

Detection and localization of double compression in MP3 audio tracks

In this work, by exploiting the traces left by double compression in the statistics of quantized modified discrete cosine transform coefficients, a single measure has been derived that allows to decide whether...

Authors: Tiziano Bianchi, Alessia De Rosa, Marco Fontani, Giovanni Rocciolo and Alessandro Piva

Edge-based image steganography

This paper proposes a novel steganography technique, where edges in the cover image have been used to embed messages. Amount of data to be embedded plays an important role on the selection of edges, i.e., the ...

Authors: Saiful Islam, Mangat R Modi and Phalguni Gupta

Enhancing the security of LTE networks against jamming attacks

The long-term evolution (LTE) is the newly adopted technology to offer enhanced capacity and coverage for current mobility networks, which experience a constant traffic increase and skyrocketing bandwidth dema...

Authors: Roger Piqueras Jover, Joshua Lackey and Arvind Raghavan

A detailed evaluation of format-compliant encryption methods for JPEG XR-compressed images

JPEG XR is the most recent still image coding standard, and custom security features for this format are required for fast adoption of the standard. Format-compliant encryption schemes are important for many a...

Authors: Stefan Jenisch and Andreas Uhl

How can sliding HyperLogLog and EWMA detect port scan attacks in IP traffic?

IP networks are constantly targeted by new techniques of denial of service attacks (SYN flooding, port scan, UDP flooding, etc), causing service disruption and considerable financial damage. The on-line detect...

Authors: Yousra Chabchoub, Raja Chiky and Betul Dogan

Inside the scam jungle: a closer look at 419 scam email operations

419 scam (also referred to as Nigerian scam) is a popular form of fraud in which the fraudster tricks the victim into paying a certain amount of money under the promise of a future, larger payoff.

Authors: Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Aurélien Francillon and David Balzarotti