Towards the Development of a Time-Out Multiple C-R CAPTCHA Framework Using Integrated Mathematical Modeling

The internet has suffered from large forms of insecurity ranging from scamming, hacking and theft of information. Lately the use of CAPTCHAs has become a common security tool for authentication and authorization. However CAPTCHAS has suffered from certain vulnerabilities in the context of the simplicity offered by the challenge-response scenario and its timing which leaves room for improvement. This paper proposes a Time-Out Multiple Challenge-Response (C-R) CAPTCHA Framework that Utilizes Mathematical Modelling as a basis for overcoming some of the challenges faced by current CAPTCHA Systems. Our approach ensures security during the authorization and authentication process

Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques

Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet for lightweight portable devices. This would allow multi-fold increase in the capacity or capabilities of the existing and new software. In a cloud computing environment, the entire data reside over a set of networked resources, enabling the data to be accessed through virtual machines. Since these data-centers may lie in any corner of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and taken care of. Also, one can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be dealt with respect to security and privacy in a cloud computing scenario. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders linked to it.Comment: 20 pages, 2 Figures, 1 Table. arXiv admin note: substantial text overlap with arXiv:1109.538

State of the Art Survey on Session Hijacking

With the advent of online banking more and more users are willing to make purchases online and doing so flourishes the online E-Business sector ever so more. Attackers are ever so vigilant and active now on web than ever to leverage the insecure web application and database that is out there on the internet to exploit. Today2019;s internet as we see are heavily integrated with sophisticated network whether it2019;s wired or wireless network. But the inherent compliancy to not integrating security while developing application leave it vulnerable to many attacks. One of the attack that has been prevalent now-a-days is: session hijacking

An approach to preventing spam using Access Codes with a combination of anti-spam mechanisms

Spam is becoming a more and more severe problem for individuals, networks, organisations and businesses. The losses caused by spam are billions of dollars every year. Research shows that spam contributes more than 80% of e-mails with an increased in its growth rate every year. Spam is not limited to emails; it has started affecting other technologies like VoIP, cellular and traditional telephony, and instant messaging services. None of the approaches (including legislative, collaborative, social awareness and technological) separately or in combination with other approaches, can prevent sufficient of the spam to be deemed a solution to the spam problem. The severity of the spam problem and the limitations of the state-of-the-Art solutions create a strong need for an efficient anti-spam mechanism that can prevent significant volumes of spam without showing any false positives. This can be achieved by an efficient anti-spam mechanism such as the proposed anti-spam mechanism known as "Spam Prevention using Access Codes", SPAC. SPAC targets spam from two angles i.e. to prevent/block spam and to discourage spammers by making the infrastructure environment very unpleasant for them. In addition to the idea of Access Codes, SPAC combines the ideas behind some of the key current technological anti-spam measures to increase effectiveness. The difference in this work is that SPAC uses those ideas effectively and combines them in a unique way which enables SPAC to acquire the good features of a number of technological anti-spam approaches without showing any of the drawbacks of these approaches. Sybil attacks, Dictionary attacks and address spoofing have no impact on the performance of SPAC. In fact SPAC functions in a similar way (i.e. as for unknown persons) for these sorts of attacks. An application known as the "SPAC application" has been developed to test the performance of the SPAC mechanism. The results obtained from various tests on the SPAC application show that SPAC has a clear edge over the existing anti-spam technological approaches

WARDOG: Awareness detection watchbog for Botnet infection on the host device

Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper presents WARDOG – an awareness and digital forensic system that informs the end-user of the botnet’s infection, exposes the botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all information and automatically generates a unitary documentation for the case. The document contains undisputed forensic information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the low computational/communicational overheads of WARDOG in the field

Analysis of non-detectable cases of Cyber Crime Law

Cybercrime is emerging and it covers the limelight of today’s generation. The extreme growth of new technologies have always brought solutions that aid human innovations in all aspect. But enabled criminals with complex and sophisticated knowledge to use computers in illegal ways that may result to crimes and human rights violations. The Cybercrime Prevention Act of 2012 is the first law in the Philippines that define and penalized cybercrimes. There are several types of cybercrimes under cybercrime law: (1) illegal access; (2) illegal interception; (3) data interference; (4) system interference; (5) misuse of devices; (6) cyber-squatting; (7) computer-related forgery; (8) computer-related fraud; (9) computer-related identity theft; (10) cybersex; (11) child pornography; (12) libel and the three cases which falls in the accomplices and liabilities of cyber criminals; (13) aiding or abetting in the commission of the crime; (14) attempt in the commission of the cybercrime; and (15) corporate liabilities. That defines the scope of its authority to exercise control within the juridical person either with or without supervision or control in committing such acts

CAPTCHA Types and Breaking Techniques: Design Issues, Challenges, and Future Research Directions

The proliferation of the Internet and mobile devices has resulted in malicious bots access to genuine resources and data. Bots may instigate phishing, unauthorized access, denial-of-service, and spoofing attacks to mention a few. Authentication and testing mechanisms to verify the end-users and prohibit malicious programs from infiltrating the services and data are strong defense systems against malicious bots. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is an authentication process to confirm that the user is a human hence, access is granted. This paper provides an in-depth survey on CAPTCHAs and focuses on two main things: (1) a detailed discussion on various CAPTCHA types along with their advantages, disadvantages, and design recommendations, and (2) an in-depth analysis of different CAPTCHA breaking techniques. The survey is based on over two hundred studies on the subject matter conducted since 2003 to date. The analysis reinforces the need to design more attack-resistant CAPTCHAs while keeping their usability intact. The paper also highlights the design challenges and open issues related to CAPTCHAs. Furthermore, it also provides useful recommendations for breaking CAPTCHAs

Detecting, Preventing, and Responding to “Fraudsters” in Internet Research: Ethics and Tradeoffs

Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/111094/1/jlme12200.pd