219 research outputs found
Application of Stochastic Diffusion for Hiding High Fidelity Encrypted Images
Cryptography coupled with information hiding has received increased attention in recent years and has become a major research theme because of the importance of protecting encrypted information in any Electronic Data Interchange system in a way that is both discrete and covert. One of the essential limitations in any cryptography system is that the encrypted data provides an indication on its importance which arouses suspicion and makes it vulnerable to attack. Information hiding of Steganography provides a potential solution to this issue by making the data imperceptible, the security of the hidden information being a threat only if its existence is detected through Steganalysis. This paper focuses on a study methods for hiding encrypted information, specifically, methods that encrypt data before embedding in host data where the âdataâ is in the form of a full colour digital image. Such methods provide a greater level of data security especially when the information is to be submitted over the Internet, for example, since a potential attacker needs to first detect, then extract and then decrypt the embedded data in order to recover the original information.
After providing an extensive survey of the current methods available, we present a new method of encrypting and then hiding full colour images in three full colour host images with out loss of fidelity following data extraction and decryption. The application of this technique, which is based on a technique called âStochastic Diffusionâ are wide ranging and include covert image information interchange, digital image authentication, video authentication, copyright protection and digital rights management of image data in general
Selected Computing Research Papers Volume 1 June 2012
An Evaluation of Anti-phishing Solutions (Arinze Bona Umeaku) ..................................... 1
A Detailed Analysis of Current Biometric Research Aimed at Improving Online Authentication Systems (Daniel Brown) .............................................................................. 7
An Evaluation of Current Intrusion Detection Systems Research
(Gavin Alexander Burns) .................................................................................................... 13
An Analysis of Current Research on Quantum Key Distribution (Mark Lorraine) ............ 19
A Critical Review of Current Distributed Denial of Service Prevention Methodologies (Paul Mains) ............................................................................................... 29
An Evaluation of Current Computing Methodologies Aimed at Improving the Prevention of SQL Injection Attacks in Web Based Applications (Niall Marsh) .............. 39
An Evaluation of Proposals to Detect Cheating in Multiplayer Online Games (Bradley Peacock) ............................................................................................................... 45
An Empirical Study of Security Techniques Used In Online Banking
(Rajinder D G Singh) .......................................................................................................... 51
A Critical Study on Proposed Firewall Implementation Methods in Modern Networks (Loghin Tivig) .................................................................................................... 5
Development of a secure multi-factor authentication algorithm for mobile money applications
A Thesis Submitted in Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Information and Communication Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyWith the evolution of industry 4.0, financial technologies have become paramount and mobile
money as one of the financial technologies has immensely contributed to improving financial
inclusion among the unbanked population. Several mobile money schemes were developed but,
they suffered severe authentication security challenges since they implemented two-factor
authentication. This study focused on developing a secure multi-factor authentication (MFA)
algorithm for mobile money applications. It uses personal identification numbers, one-time
passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile
money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet
encryption were used to secure the authentication factors, confidential financial information and
data before transmission to the remote databases. A literature review, survey, evolutionary
prototyping model, and heuristic evaluation and usability testing methods were used to identify
authentication issues, develop prototypes of native genuine mobile money (G-MoMo)
applications, and identify usability issues with the interface designs and ascertain their usability,
respectively. The results of the review grouped the threat models into attacks against privacy,
authentication, confidentiality, integrity, and availability. The survey identified authentication
attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systemsâ
security issues. The researcher designed a secure MFA algorithm for mobile money applications
and developed three native G-MoMo applications to implement the designed algorithm to prove
the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to
non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy,
and user anonymity, was highly effective against several attacks but had high communication
overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the
G-MoMo applicationsâ interface designs lacked forward navigation buttons, uniformity in the
applicationsâ menu titles, search fields, actions needed for recovery, and help and documentation.
Similarly, the usability testing revealed that they were easy to learn, effective, efficient,
memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and
understandable. Implementing a secure mobile money authentication and authorisation by
combining multiple factors which are securely stored helps mobile money subscribers and other
stakeholders to have trust in the developed native G-MoMo applications
Protecting the infrastructure: 3rd Australian information warfare & security conference 2002
The conference is hosted by the We-B Centre (working with a-business) in the School of Management Information System, the School of Computer & Information Sciences at Edith Cowan University. This year\u27s conference is being held at the Sheraton Perth Hotel in Adelaide Terrace, Perth. Papers for this conference have been written by a wide range of academics and industry specialists. We have attracted participation from both national and international authors and organisations.
The papers cover many topics, all within the field of information warfare and its applications, now and into the future.
The papers have been grouped into six streams:
âą Networks
âą IWAR Strategy
âą Security
âą Risk Management
âą Social/Education
âą Infrastructur
On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes
Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet â the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications.
A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical.
The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elÀmme, on muovautunut teknologian kehityksen myötÀ todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tÀmÀn kehityksen seurauksena. TÀmÀn muutoksen keskiössÀ on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenÀisen viestinnÀn ennennÀkemÀttömÀssÀ mittakaavassa. Internet on muovautunut ehkÀ keskeisimmÀksi osaksi globaalia viestintÀinfrastruktuuria, ja siksi myös globaalin viestinnÀn turvaaminen korostuu tulevaisuudessa yhÀ enemmÀn. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttÀvÀt vakaan, turvallisen ja nopean viestintÀjÀrjestelmÀn olemassaoloa.
Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittÀvÀn uhan tÀmÀn jÀrjestelmÀn vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen kÀytetyt menetelmÀt ja työkalut eivÀt vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettÀ, vaan myös vaarantavat kaiken Internet-liikenteen ja siitÀ riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tÀmÀn kaltaisia valuvikoja ja haavoittuvuuksia sisÀltÀvÀn jÀrjestelmÀn varaan, keskeinen uhkatekijÀ on, ettÀ yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. NÀiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tÀmÀn vÀitöskirjatyön keskiössÀ. Koska työssÀ on teknisen sisÀllön lisÀksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirÀ laajemmin myös yhteiskunnallisesta nÀkökulmasta.
TÀssÀ vÀitöskirjassa pyritÀÀn rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistÀ, sekÀ tuomaan esiin uusia ratkaisuja ja avauksia eri nÀkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistÀ turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. TeknisestÀ nÀkökulmasta työssÀ esitetÀÀn suunnitteluvuo kryptografisia primitiivejÀ tehokkaasti hyödyntÀville rajallisen laskentatehon sulautetuviiille jÀrjestelmille, analysoidaan biometrisiin passeihin, kansainvÀliseen passijÀrjestelmÀÀn, sekÀ sÀhköiseen ÀÀnestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan kÀytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekÀ tutkitaan suomalaisten Internet-kÀyttÀjien salasanatottumuksia verkkosovelluksissa.
Teknis-yhteiskunnallisesta nÀkökulmasta työssÀ tarkastellaan valvonnan teoriaa ja perehdytÀÀn siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. LisÀksi kehitetÀÀn menetelmiÀ parempaan tietoturvaopetukseen kaikilla koulutusasteilla, mÀÀritellÀÀn keskeiset tietoturvatietouden kÀsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan kerÀÀmÀn tiedon hallintaan ja kÀyttöön, sekÀ tutkitaan luottamuksen merkitystÀ yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin
An enhanced fingerprint template protection scheme
Fingerprint template protection (FTP) is required to secure authentication due to fingerprint has been widely used for user authentication systems. Fingerprint authentication consists of a microcontroller, fingerprint sensor, secure access control, and human interface. However, as many users frequently assess the systems,
fingerprints could be replicated and modified by attackers. Currently, most existing FTP schemes fail to meet the properties of fingerprint authentication systems, namely diversity, revocability, security, and match/recognition performance, due to intra-user variability in fingerprint identifiers and matching issues in unencrypted domains.
Therefore, this study aims to enhance the existing schemes by using chaos-based encryption and hash functions to meet the specified properties by securing usersâ fingerprint templates (FT) within the embedded systems. Furthermore, an improved chaos-based encryption algorithm was proposed for encrypting FT. The MATLAB
simulation with Fingerprint Verification Competition (FVC) 2002 database was used to measure the encryption results, secret key spaces, key sensitivity, histogram, correlation, differential, entropy information, matching/recognition analysis, and revocability. The proposed FTP scheme was also evaluated using BurrowsâAbadiâ
Needham (BAN) logic analysis for protocol robustness with resistance to replay attacks, stolen-verifier attacks, and perfect forward secrecy. The results demonstrate that the enhanced chaos-based encryption algorithm for FTP improves its encryption time, which is 0.24 seconds faster than the selected benchmark study. The enhanced FTP scheme also achieved security, revocability, diversity, and matching/recognition performance properties. The matching/recognition performance evaluation produced higher verification rates and a low false rejection rate. The rates were 99.10 % and 0.90%, respectively. The equal error rate decreased from 2.10% to 1.05%. As a conclusion, the enhanced FTP scheme could be an alternative to the existing FTP for embedded system authentication to withstand various possible attacks and provides
the desired security features. The scheme also can be a reference to comprehensive security analysis
Identity Theft in Cyberspace: Issues and Solutions
Cet article prĂ©sente et analyse la menace grandissante que reprĂ©sente le vol dâidentitĂ© dans le cyberespace. Le dĂ©veloppement, dans la derniĂšre dĂ©cennie, du commerce Ă©lectronique ainsi que des transactions et des communications numĂ©riques sâaccĂ©lĂšre. Cette progression non linĂ©aire a gĂ©nĂ©rĂ© une myriade de risques associĂ©s Ă lâutilisation des technologies de lâinformation et de la communication (les TIC) dans le cyberespace, dont un des plus importants est sans conteste la menace du vol dâidentitĂ©. Cet article vise Ă donner un aperçu des enjeux et des risques relatifs au vol dâidentitĂ© et cherche Ă offrir certaines solutions basĂ©es sur la nĂ©cessitĂ© dâopter pour une politique Ă trois volets qui englobe des approches stratĂ©giques et rĂšglementaires, techniques et culturelles.This article addresses and analyses the growing threat of identity theft in cyberspace. E-commerce and digital transactions and communications have, over the past decade, been increasingly transpiring at an accelerated rate. This non-linear progression has generated a myriad of risks associated with the utilization of information and communication technologies (ICTs) in cyberspace communications, amongst the most important of which is: the threat of identity theft. On such account, this article aims to provide an overview of the issues and risks pertinent to identity theft and seeks to offer some solutions based on the necessity of pursuing a tri-fold policy encompassing strategic and regulatory, technical, and cultural approaches
Authentication schemes for Smart Mobile Devices: Threat Models, Countermeasures, and Open Research Issues
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.This paper presents a comprehensive investigation of authentication schemes for smart mobile devices. We start by providing an overview of existing survey articles published in the recent years that deal with security for mobile devices. Then, we give a classification of threat models in smart mobile devices in five categories, including, identity-based attacks, eavesdropping-based attacks, combined eavesdropping and identity-based attacks, manipulation-based attacks, and service-based attacks. This is followed by a description of multiple existing threat models. We also provide a classification of countermeasures into four types of categories, including, cryptographic functions, personal identification, classification algorithms, and channel characteristics. According to the characteristics of the countermeasure along with the authentication model iteself, we categorize the authentication schemes for smart mobile devices in four categories, namely, 1) biometric-based authentication schemes, 2) channel-based authentication schemes, 3) factors-based authentication schemes, and 4) ID-based authentication schemes. In addition, we provide a taxonomy and comparison of authentication schemes for smart mobile devices in form of tables. Finally, we identify open challenges and future research directions
Privacy-aware Security Applications in the Era of Internet of Things
In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties.
The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods
- âŠ