101,920 research outputs found
Social Networks Research Aspects: A Vast and Fast Survey Focused on the Issue of Privacy in Social Network Sites
The increasing participation of people in online activities in recent years
like content publishing, and having different kinds of relationships and
interactions, along with the emergence of online social networks and people's
extensive tendency toward them, have resulted in generation and availability of
a huge amount of valuable information that has never been available before, and
have introduced some new, attractive, varied, and useful research areas to
researchers. In this paper we try to review some of the accomplished research
on information of SNSs (Social Network Sites), and introduce some of the
attractive applications that analyzing this information has. This will lead to
the introduction of some new research areas to researchers. By reviewing the
research in this area we will present a categorization of research topics about
online social networks. This categorization includes seventeen research
subtopics or subareas that will be introduced along with some of the
accomplished research in these subareas. According to the consequences (slight,
significant, and sometimes catastrophic) that revelation of personal and
private information has, a research area that researchers have vastly
investigated is privacy in online social networks. After an overview on
different research subareas of SNSs, we will get more focused on the subarea of
privacy protection in social networks, and introduce different aspects of it
along with a categorization of these aspects
An Analytical Perspective to Traffic Engineering in Anonymous Communication Systems
Anonymous communication systems (ACS) offer privacy and anonymity through the
Internet. They are mostly free tools and are popular among users all over the
world. In the recent years, anonymity applications faced many problems
regarding traffic engineering methods. Even though they ensure privacy under
some conditions, their anonymity will be endangered by high performance
processing units. To address these issues, this study is devoted to
investigating traffic-engineering methods in anonymous communication systems,
and proposes an analytical view of the current issues in ACS privacy and
anonymity. Our study also indicates new types of solutions for these current
issues with ACS
Password Cracking and Countermeasures in Computer Security: A Survey
With the rapid development of internet technologies, social networks, and
other related areas, user authentication becomes more and more important to
protect the data of the users. Password authentication is one of the widely
used methods to achieve authentication for legal users and defense against
intruders. There have been many password cracking methods developed during the
past years, and people have been designing the countermeasures against password
cracking all the time. However, we find that the survey work on the password
cracking research has not been done very much. This paper is mainly to give a
brief review of the password cracking methods, import technologies of password
cracking, and the countermeasures against password cracking that are usually
designed at two stages including the password design stage (e.g. user
education, dynamic password, use of tokens, computer generations) and after the
design (e.g. reactive password checking, proactive password checking, password
encryption, access control). The main objective of this work is offering the
abecedarian IT security professionals and the common audiences with some
knowledge about the computer security and password cracking, and promoting the
development of this area.Comment: add copyright to the tables to the original authors, add
acknowledgement to helpe
New Threats to SMS-Assisted Mobile Internet Services from 4G LTE: Lessons Learnt from Distributed Mobile-Initiated Attacks towards Facebook and Other Services
Mobile Internet is becoming the norm. With more personalized mobile devices
in hand, many services choose to offer alternative, usually more convenient,
approaches to authenticating and delivering the content between mobile users
and service providers. One main option is to use SMS (i.e., short messaging
service). Such carrier-grade text service has been widely used to assist
versatile mobile services, including social networking, banking, to name a few.
Though the text service can be spoofed via certain Internet text service
providers which cooperated with carriers, such attacks haven well studied and
defended by industry due to the efforts of research community. However, as
cellular network technology advances to the latest IP-based 4G LTE, we find
that these mobile services are somehow exposed to new threats raised by this
change, particularly on 4G LTE Text service (via brand-new distributed
Mobile-Initiated Spoofed SMS attack which is not available in legacy 2G/3G
systems). The reason is that messaging service over LTE shifts from the
circuit-switched (CS) design to the packet-switched (PS) paradigm as 4G LTE
supports PS only. Due to this change, 4G LTE Text Service becomes open to
access. However, its shields to messaging integrity and user authentication are
not in place. As a consequence, such weaknesses can be exploited to launch
attacks (e.g., hijack Facebook accounts) against a targeted individual, a large
scale of mobile users and even service providers, from mobile devices. Current
defenses for Internet-Initiated Spoofed SMS attacks cannot defend the
unprecedented attack. Our study shows that 53 of 64 mobile services over 27
industries are vulnerable to at least one threat. We validate these
proof-of-concept attacks in one major US carrier which supports more than 100
million users. We finally propose quick fixes and discuss security insights and
lessons we have learnt.Comment: 16 pages, 13 figure
Data Leak Detection As a Service: Challenges and Solutions
We describe a network-based data-leak detection (DLD)
technique, the main feature of which is that the detection
does not require the data owner to reveal the content of the
sensitive data. Instead, only a small amount of specialized
digests are needed. Our technique – referred to as the fuzzy
fingerprint – can be used to detect accidental data leaks due
to human errors or application flaws. The privacy-preserving
feature of our algorithms minimizes the exposure of sensitive
data and enables the data owner to safely delegate the
detection to others.We describe how cloud providers can offer
their customers data-leak detection as an add-on service
with strong privacy guarantees.
We perform extensive experimental evaluation on the privacy,
efficiency, accuracy and noise tolerance of our techniques.
Our evaluation results under various data-leak scenarios
and setups show that our method can support accurate
detection with very small number of false alarms, even
when the presentation of the data has been transformed. It
also indicates that the detection accuracy does not degrade
when partial digests are used. We further provide a quantifiable
method to measure the privacy guarantee offered by our
fuzzy fingerprint framework
Towards an Interoperable Identity Management Framework: a Comparative Study
The development of services and the growing demand for resources sharing
among users from different organizations with some level of affinity have
motivated the creation of Identity Management Systems. Identity Management has
gained significant attention in recent years in the form of several projects
producing many standards, prototypes and application models both in the
academia and the industry. However, the interoperability between different
Identity Management Solutions is still a complex challenge yet to achieve. The
user can only use one Identity Provider within a single Service Provider
session, when in many scenarios the user needs to provide attributes from
multiple Identity Providers. This paper presents the state of the art of our
researches and it focuses on two main topics: first, to provide a detailed
study about the Identity Management and the integrated disciplines and
technologies in general; secondly, to summarize the main approaches that have
been proposed to overcome the interoperability challenge
Survey of Security and Privacy Issues of Internet of Things
This paper is a general survey of all the security issues existing in the
Internet of Things (IoT) along with an analysis of the privacy issues that an
end-user may face as a consequence of the spread of IoT. The majority of the
survey is focused on the security loopholes arising out of the information
exchange technologies used in Internet of Things. No countermeasure to the
security drawbacks has been analyzed in the paper.Comment: 7 pages, 3 figure
PPLS: A Privacy-Preserving Location-Sharing Scheme in Vehicular Social Networks
Recent advances in Socially Aware Networks (SANs) have allowed its use in
many domains, out of which social Internet of vehicles (SIOV) is of prime
importance. SANs can provide a promising routing and forwarding paradigm for
SIOV by using interest-based communication. Though able to improve the
forwarding performance, existing interest-based schemes fail to consider the
important issue of protecting users' interest information. In this paper, we
propose a PRivacy-preserving Interest-based Forwarding scheme (PRIF) for SIOV,
which not only protects the interest information, but also improves the
forwarding performance. We propose a privacy-preserving authentication protocol
to recognize communities among mobile nodes. During data routing and
forwarding, a node can know others' interests only if they are affiliated with
the same community. Moreover, to improve forwarding performance, a new metric
{\em community energy} is introduced to indicate vehicular social proximity.
Community energy is generated when two nodes encounter one another and
information is shared among them. PRIF considers this energy metric to select
forwarders towards the destination node or the destination community. Security
analysis indicates PRIF can protect nodes' interest information. In addition,
extensive simulations have been conducted to demonstrate that PRIF outperforms
the existing algorithms including the BEEINFO, Epidemic, and PRoPHET
Recommended from our members
Mundane is the New Radical: The Resurgence of Energy Megaprojects and Implications for the Global South [Opinion]
A Security Plan for Smart Grid Systems Based On AGC4ISR
This paper is proposed a security plan for Smart Grid Systems based on
AGC4ISR which is an architecture for Autonomic Grid Computing Systems. Smart
Grid incorporates has many benefits of distributed computing and communications
to deliver a real-time information and enable the near-instantaneous balance of
supply and demand at the device level. AGC4ISR architecture is Organized by
Autonomic Grid Computing and C4ISR (Command, Control, Communications, Computers
and Intelligence, Surveillance, & Reconnaissance) Architecture. In this paper
we will present a solution for as security plan which will be consider
encryption, intrusion detection, key management and detail of cyber security in
Smart Grids. In this paper we use the cryptography for the packet in the C4ISR
and we use a key management for send and receive a packet in the smart grid
because it is necessary for intelligent networks to keeping away from packet
missing.Comment: The International Journal of Soft Computing and Software Engineering
[JSCSE], Vol. 3, No. 3, Special Issu
- …