Optimization of Secure Coding Practices in SDLC as Part of Cybersecurity Framework

Cybersecurity is a global goal that is central to national security planning in many countries. One of the most active research fields is design of practices for the development of so-called highly secure software as a kind of protection and reduction of the risks from cyber threats. The use of a secure software product in a real environment enables the reduction of the vulnerability of the system as a whole. It would be logical to find the most optimal solution for the integration of secure coding in the classic SDLC (software development life cycle). This paper aims to suggest practices and tips that should be followed for secure coding, in order to avoid cost and time overruns because of untimely identification of security issues. It presents the implementation of secure coding practices in software development, and showcases several real-world scenarios from different phases of the SDLC, as well as mitigation strategies. The paper covers techniques for SQL injection mitigation, authentication management for staging environments, and access control verification using JSON Web Tokens

Security problems with a chaos-based deniable authentication scheme

Recently, a new scheme was proposed for deniable authentication. Its main originality lied on applying a chaos-based encryption-hash parallel algorithm and the semi-group property of the Chebyshev chaotic map. Although original and practicable, its insecurity and inefficiency are shown in this paper, thus rendering it inadequate for adoption in e-commerce.Comment: 8 pages, 1 figure, latex forma

A New Handover Management Model for Two-Tier 5G Mobile Networks

There has been an exponential rise in mobile data traffic in recent times due to the increasing popularity of portable devices like tablets, smartphones, and laptops. The rapid rise in the use of these portable devices has put extreme stress on the network service providers while forcing telecommunication engineers to look for innovative solutions to meet the increased demand. One solution to the problem is the emergence of fifth-generation (5G) wireless communication, which can address the challenges by offering very broad wireless area capacity and potential cut-power consumption. The application of small cells is the fundamental mechanism for the 5G technology. The use of small cells can enhance the facility for higher capacity and reuse. However, it must be noted that small cells deployment will lead to frequent handovers of mobile nodes. Considering the importance of small cells in 5G, this paper aims to examine a new resource management scheme that can work to minimize the rate of handovers for mobile phones through careful resources allocation in a two-tier network. Therefore, the resource management problem has been formulated as an optimization issue that we aim to overcome through an optimal solution. To find a solution to the existing problem of frequent handovers, a heuristic approach has been used. This solution is then evaluated and validated through simulation and testing, during which the performance was noted to improve by 12% in the context of handover costs. Therefore, this model has been observed to be more efficient as compared to the existing model

A Tree-based Model of Unicast Stream Authentication

When proving the security of a message authentication scheme, the messages are considered to be atomic objects. Straightforward application of such schemes to some information resources may introduce security flaws. Gennaro and Rohatgi (Crypto \u2797) identified the streams of data as an important class of information resources that can not be considered to be message-like, and they proposed a solution to the problem of stream signing when the stream is not known in advance. The disadvantage of digital signing streams of data is that it is not efficient when non-repudiation is not important, as in the case of point-to-point communications. We present several schemes and also a family of schemes for stream authentication in a unicast setting. Since many authentication schemes have been broken, we will prove our solutions

Cryptanalysis of an MPEG-Video Encryption Scheme Based on Secret Huffman Tables

This paper studies the security of a recently-proposed MPEG-video encryption scheme based on secret Huffman tables. Our cryptanalysis shows that: 1) the key space of the encryption scheme is not sufficiently large against divide-and-conquer (DAC) attack and known-plaintext attack; 2) it is possible to decrypt a cipher-video with a partially-known key, thus dramatically reducing the complexity of the DAC brute-force attack in some cases; 3) its security against the chosen-plaintext attack is very weak. Some experimental results are included to support the cryptanalytic results with a brief discuss on how to improve this MPEG-video encryption scheme.Comment: 8 pages, 4 figure

On Resistance of DES to Related-Key Differential Cryptanalysis

The key schedule of the Data Encryption Standard is analyzed, and it is shown that the properties of the permuted choice PC-2 transformation and the number of bits that are left shifted during the key generation are critical for the security of the algorithm. More precisely, we were able to mount a low complexity related-key attack on DES with slightly modified key schedule although no related-key attack is known for the original algorithm

Applications of tripled chaotic maps in cryptography

Security of information has become a major issue during the last decades. New algorithms based on chaotic maps were suggested for protection of different types of multimedia data, especially digital images and videos in this period. However, many of them fundamentally were flawed by a lack of robustness and security. For getting higher security and higher complexity, in the current paper, we introduce a new kind of symmetric key block cipher algorithm that is based on \emph{tripled chaotic maps}. In this algorithm, the utilization of two coupling parameters, as well as the increased complexity of the cryptosystem, make a contribution to the development of cryptosystem with higher security. In order to increase the security of the proposed algorithm, the size of key space and the computational complexity of the coupling parameters should be increased as well. Both the theoretical and experimental results state that the proposed algorithm has many capabilities such as acceptable speed and complexity in the algorithm due to the existence of two coupling parameter and high security. Note that the ciphertext has a flat distribution and has the same size as the plaintext. Therefore, it is suitable for practical use in secure communications.Comment: 21 pages, 10 figure

Efficient and Secure Chaotic S-Box for Wireless Sensor Network

International audienceInformation security using chaotic dynamics is a novel topic in the wireless sensor network (WSN) research field. After surveying analog and digital chaotic security systems, we give a state of the art of chaotic S-Box design. The substitution tables are nonlinear maps that strengthen and enhance block crypto-systems. This paper deals with the design of new dynamic chaotic S-Boxes suitable for implementation on wireless sensor nodes. Our proposed schemes are classified into two categories: S-Box based on discrete chaotic map with floating point arithmetic (cascading piecewise linear chaotic map and a three-dimensional map) and S-Box based on discrete chaotic map with fixed-point arithmetic (using discretized Lorenz map and logistic–tent map). The security analysis and implementation process on WSN are discussed. The proposed methods satisfy Good S-Box design criteria and exceed the performance of Advanced Encryption Standard static S-Box in some cases. The energy consumption of different proposals and existing chaotic S-Box designs are investigated via a platform simulator and a real WSN testbed equipped with TI MSP430f1611 micro-controller. The simulations and the experimental results show that our proposed S-Box design with fixed-point arithmetic Lorenz map has the lowest energy-consuming profile compared with the other studied and proposed S-Box design

RRLC МЕТОД ЗА ОПРЕДЕЛУВАЊЕ НА ХЛОРОГЕНА КИСЕЛИНА ВО ПРОИЗВОДОТ CIRKON

Во овој труд истражувањето е насочено кон пронаоѓање на нов аналитички метод за идентификација и квантификација на активната компонента хлорогена киселина во препаратот Cirkon. Cirkon е претставник на новата генерација агрохемиските препарати, којшто претставува природен растителен биостимулатор. Според хемискиот состав претставува смеса од хлорогена, кофеинска и цикорична киселина, екстрахирани од лековитото растение Echinacea purpurea L. Moench, од кои доминанта е хлорогена киселина. За воспоставување на реверзно-фазните хроматографски методи се користени три аналитички колони со различни димензии и големина на честички (Purospher STAR RP-18e (30 mm × 4 mm; 3 µm), LiChrospher 60 RP-select B (125 mm × 4 mm; 5 µm) и Poroshell 120 EC-18 (50 mm × 3 mm; 2,7 µm)) и мобилни фази составени од метанол/вода, метанол/(0,5 % мравска киселина во вода), метанол/(0,05 % мравска киселина во вода) и ацетонитрил/(0,05 % мравска киселина во вода) со различни волуменски односи.Оптималните услови за квалитативно и квантитативно определување на хлорогената киселина се добиени со употреба на аналитичката колона Poroshell 120 EC-18 (50 mm × 3 mm; 2,7 µm), изократско елуирање со мобилна фаза составена од ацетонитрил/1% фосфорна киселина растворена во вода (10/90, V/V), проток на мобилната фаза од 1 mL/min, константна температура на колоната од 25 °С и UV детекција на 220 nm, при што се добиени добро раздвоени, тесни и симетрични хроматографски пикови. Предложениот RRLC метод со употреба на ултравиолетов детектор со низа од диоди (UVDAD) е реалтивно брз и едноставен метод, којшто овозможува идентификација и квантитативно определување на активната компонента хлорогена киселина во препаратот Cirkon.Добиената средна вредност за концентрацијата на хлорогена киселина во препаратот Cirkon изнесува 0,1 g/L, којашто одговара на декларираната вредност од производителот