Recent Trends in Network Security and Applications

Data aggregation is an important task in data centric heterogeneous wireless sensor networks because of its varying power and computational capabilities. Due to the deployment of sensor nodes in large numbers for different applications, a single node is not sufficient for performing data aggregation. Hence multiple nodes are required to summarize the relevant information from huge data sets. The process of data aggregation is vulnerable to many threats like loss of cryptographic keys, false data injection etc. To address these issues, we present the Secure Data Aggregation with Key Management (SDAKM) scheme. It provides a secure framework for the data centric heterogeneous wireless sensor networks using additive privacy homomorphism. It uses the heterogeneity of the sensor nodes for performing encrypted data processing and also provides an efficient key management scheme for data communication among sensor nodes in the network. This scheme offers higher security and has less computing overhead as it uses additive privacy homomorphism.

Hacking is one of the greatest problems in the wireless local area networks. Many algorithms have been used to prevent the outside attacks to eavesdrop or prevent the data to be transferred to the end-user safely and correctly. In this paper, a new symmetrical encryption algorithm is proposed that prevents the outside attacks. The new algorithm avoids key exchange between users and reduces the time taken for the encryption and decryption. It operates at high data rate in comparison with The Data Encryption Standard (DES), Triple DES (TDES), Advanced Encryption Standard (AES-256), and RC6 algorithms. The new algorithm is applied successfully on both text file and voice message.

The objective of this paper is to develop a Fuzzy Rule-Base Based Intrusion Detection System on Application Layer which works in the application layer of the network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based IDS looks for the specific pattern which is defined as malicious. A non-intrusive regular pattern can be malicious if it occurs several times with a short time interval. At application layer, HTTP traffic’s header and payload are analyzed for possible intrusion. In the proposed misuse detection module, the semantic intrusion detection system works on the basis of rules that define various application layer misuses that are found in the network. An attack identified by the IDS is based on a corresponding rule in the rule-base. An event that doesn’t make a ‘hit’ on the rule-base is given to a Fuzzy Intrusion Detection System (FIDS) for further analysis.

In a Rule-based intrusion detection system, an attack can either be detected if a rule is found in the rule base or goes undetected if not found. If this is combined with FIDS, the intrusions went undetected by RIDS can further be detected. These non-intrusive patterns are checked by the fuzzy IDS for a possible attack. The non-intrusive patterns are normalized and converted as linguistic variable in fuzzy sets. These values are given to Fuzzy Cognitive Mapping (FCM). If there is any suspicious event, then it generates an alarm to the client/ server. Results show better performance in terms of the detection rate and the time taken to detect. The detection rate is increased with reduction in false positive rate for a specific attack.

This paper introduces the security and trust concepts in wireless sensor networks and explains the difference between them, stating that even though both terms are used interchangeably when defining a secure system, they are not the same. The difference between reputation and trust is also explained, highlighting that reputation partially affects trust. The methodologies used to model trust and their references are presented. The factors affecting trust updating are summarised and some examples of the systems in which these factors have been implemented are given. The survey states that, even though researchers have started to explore the issue of trust in wireless sensor networks, they are still examining the trust associated with routing messages between nodes (binary events). However, wireless sensor networks are mainly deployed to monitor events and report data, both continuous and discrete. This leads to the development of new trust models addressing the continuous data issue and also to combine the data trust and the communication trust to infer the total trust.

The World Wide Web suffers from scaling and reliability problems due to overloaded and congested proxy servers. Caching at local proxy serves help, but cannot satisfy more than a third to half of requests; more requests are still sent to original remote servers. In this paper we have developed an algorithm for Distributed Web Cache, which incorporates cooperation among proxy servers of one cluster. This algorithm uses Distributed Web Cache concepts along with static hierarchies with geographical based clusters of level one proxy server with dynamic mechanism of proxy server during the congestion of one cluster. Congestion and scalability problems are being dealt by clustering concept used in our approach. This results in higher ratio of caches, with lesser latency delay for requested pages. This algorithm alsi guarantees data consistency between the original server objects and the proxy cache objects.

Many emerging applications like audio/video conferencing, stock quote updates, interactive gaming etc., require secure group communication. In these group based applications, data is to be delivered from one or more legitimate sources to a group of legitimate receivers. The critical issue in any group communication protocols is that the group membership is highly dynamic with frequent member addition and member eviction. Security can be achieved only though the renewing of the existing key material with every possible event like member addition and member leave. As these events are performed more often, the renewing and distribution of the key material to the entire group should be done in an efficient and scalable manner. Any network application requires minimum computational and communication costs. Generally with cryptographic protocols the computation cost is influenced by the number of encryptions/decryptions. This paper proposes two protocols one using the broadcast ring and the other using the combination of the ring and tree based protocol to minimize the communication overhead as well as computation burden.

We propose a simple method for classifying images to increase the reliability of steganalysis techniques in digital images. RS Steganalysis Method(RSM), Sample Pair Method(SPM), and Least Square Method(LSM) are the most reliable steganalysis methods in the literature for LSB replacement steganography on digital images in spatial domain. These methods give highly accurate results on most of the images. However all these methods show very high embedding ratio when no data or very small amount of data is hidden in some images. We propose a simple method to identify images which give very accurate results and images which give highly inaccurate results. The novelty of our method is that it does not require any knowledge about the cover images. The image classification is done based on certain statistical properties of the image, which are invariant with embedding. Thus it helps the steganalyst in attaching a level of confidence to the estimation he makes.

This research paper deals with a range of secure high-speed networking over a metropolitan or wide area. Since this is quite active research area, a full report is given of the interfaces that thrive in removing the bandwidth burden from long distance networks. Only those with the status or potential of a standard are taking into consideration. Next, the position of security is evaluated. It is recommended that the access Interface enjoy certain advantages over the upper layers. Hence, the results of this work are directly applicable to virtually any layered communication architecture. Amongst the security protocols that are available, the IEEE802.11 represents the only viable solution to have the CLS service properly secured. This protocol is designed for a different type of environment and the implications of this are known. In the real sense, IEEE802.11 proves to be a very valuable tool to built multi-level secure private and public networks using the most recent MAN/WAN technologies. Furthermore, it shows how to enhance the security issues related to Metropolitan and Wide Area Network considering the required security services and mechanism.

Covert Channels are malicious conversation in a legitimate secured network communication that violates the security policies laid down. Covert channels are hidden, unintended design in the legitimate communication whose motto is to leak information. Trapdoors are unintended design with a communication system that exists in network covert channels as a part of rudimentary protocols. Subliminal channel, a variant of covert channel works similarly as network covert channel except that trapdoor is set in cryptographic algorithm. A composition of covert channel with subliminal channel is the Hybrid Channel or Hybrid Covert Channel. Hybrid Covert Channels are a major threat for security which is clearly unacceptable in presence of secured network communication. The objective of the present paper is to make microscopic analysis of behavior of hybrid covert channel with a clearly understanding of theoretical literatures of composed covert channels. Paper proposes practical implementation of transport layer based hybrid covert channeling based on TCP and SSL.

The growth in multimedia based Internet applications can be seen in the quantity of growth in video telephony, video on demand, media server etc. With the current cyber threats, sensitive video need to be protected before transmission. Streaming video applications requires high security as well as high computational performance. The need for video data protection is on rise hence encryption of video is imperative. In highly sensitive videos such as military applications, confidential video broadcasting where every part of the video is important it is required Intra and Inter frames need to be encrypted. A new video encryption scheme is proposed for sensitive applications. In this paper the objective is to analyze a secure and computational feasible video encryption algorithm for MPEG video, to improve the security of existing algorithm by combining encryption in Intra and Inter frames and to test the algorithm against the common attacks.

Secure Hashing Algorithm (SHA) is increasingly becoming popular for the online security applications, specifically, for mobile and embedded system platforms. Hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. This necessitates a high performance hardware implementation of the SHA algorithms (SHA–512). In this paper we propose a new method for generating digital signature based on SHA-512 hash algorithm. This design uses two SHA-512 modules in parallel which operate simultaneously to provide highly secure, more efficient and high throughput mechanism to compute a 1024- bit Message Digest (MD) or Hash.

An ad hoc network is formed by wireless mobile nodes (hosts) that operate as terminals as well as routers in the network, without any centralized administration. Mobile ad hoc networks (MANETs) are characterized by lack of any fixed network infrastructure. In a MANET, there is no distinction between a host and a router, since all nodes can be sources as well as forwarders of traffic. Moreover, all MANET components can be mobile. MANETs differ from traditional, fixed-infrastructure mobile networks; MANETs require fundamental changes to conventional routing and packet forwarding protocols for both unicast and multicast communication. Wireless ad-hoc networks have gained a lot of importance in wireless communications. Wireless communication is established by nodes acting as routers and transferring packets from one to another in ad-hoc networks. Routing in these networks is highly complex due to moving nodes and hence many protocols have been developed. This Paper thesis concentrate mainly on routing protocols and their functionality in Ad-hoc networks with a Variable Bit Rate (VBR) discussion being made on four selected protocols MAODV, ADMRP, ODMRP and ABAM, ending with their comparison.

In this manuscript we deal with securing routing protocol of mobileadhoc network against Non forwarding nodes which originate selfish or passive attack .due to its unique feature of open nature, lack of infrastructure and central management, node mobility and change of dynamic topology, prevention methods from attacks on them are not enough. Further most of the mobile adhoc routing protocols assume that nodes are trust worthy and cooperative this renders them vulnerable to various types of attacks. In this scheme the nodes which originate the passive or selfish attacks are identified and isolated from the routing and data forwarding function. We considered DSR protocol in NS-2 for our simulation. The results obtained illustrates that the proposed scheme outscores the traditional DSR in all metrics.

IP based voice transmission technology is a flexible, simpler and a cost effective implementation of voice transmission. It provides a real convergence of various networks. This voice transmission technology does not support a quality that is equivalent to digitized voice, which is available in the existing PSTN networks. In addition to this, data network vulnerabilities affect the VOIP service causing a drop in the utilisation of voice communication. In this paper, the quality of service for voice calls is ensured with the integration of CAC mechanism with the bandwidth link utilization which makes an estimation of the demanded bandwidth. In terms of security, prevention of ARP cache poisoning attack is done by use of the signed MAC address response in local area networks. It makes the network confident that the admitted user is the authorized user and also it verifies that only the authorized users’ information is exchanged over the local area network. Also an approach that makes it difficult for the hacker to hack the data exchanged over the quality channel is proposed.

In this paper, a survey on routing protocols, challenges and applications in wireless mesh networks (WMNs) is conducted. Wireless Mesh network is a type of distributed, self-organizing, self-configuring and self-healing network. When access points in Wireless Local area Networks start to communicate and get networked in an ad hoc fashion to relay packets for their neighbors, a wireless mesh network comes into being. Wireless Mesh Networks are a promising way to provide internet access to fixed and mobile wireless devices. In mesh networks, traffic between mesh nodes and the Internet is routed over mesh gateways. In this paper, we discuss some of the routing protocols (i) OLSR, an Optimized Link State Routing Protocol and (ii) FSR, Fish-eye state routing protocol in detail and present various ad hoc routing protocols and their properties.

With the proliferation of

universal clients

over Internet, use of security protocols is rapidly on rise to minimize associated risks. Security protocols are required to be verified thoroughly before being used to secure applications. There are several approaches and tools exist to verify security protocols. Out of these one of the more suitable is the Formal approach. In this paper, we give an overview of different formal methods and tools available for security protocol verification.

Mobile databases are gaining popularity as portable devices have become need based and common. One key aspect of these database systems is their ability to deal with disconnection. Many businesses today are no longer solely conducting business within the confines of their buildings. They have employees who travel, who work in different geographic areas, or occasionally work from home. Many organizations allow the mobile workers to carry their sensitive data outside the physical boundaries in order to increase the productivity and revenue. But when the device is not protected properly all the data stored in the device will be exposed to outsiders including competitors. So security for the database that resides in the mobile device is the major concern for such type of organizations. In order to secure the mobile database a secured architecture is proposed in this paper.

Sensor networks are primarily designed for real-time collection and analysis of low level data in hostile environments. Basically sensor networks are application dependent. Wireless sensor network (WSN) applications can be classified into two - event based and continuous monitoring. This paper focuses on continuous monitoring application. One of the major challenges of wireless sensor network is security. The security of WSNs poses challenges because of the criticality of the data sensed by a node and in turn the node meets severe constraints like minimal energy, computational and communicational capabilities. Taking all the above mentioned challenges energy efficiency or battery life time plays a major role in network lifetime. Providing security consumes some energy consumed by a node, so there is a need to reduce the energy thus the cost incurred by security algorithm.In this paper the performance of the RSA cryptography algorithm is compared with the ELGAMAL cryptography algorithm by evaluating their energy efficiency and network lifetime. A cluster based wireless network topology environment is constructed in NS2 and the performances of different cluster are compared. From the simulated output the RSA algorithm consumes less energy than ELGAMAL algorithm.

A Mobile Ad-hoc Network (MANET) is an infrastructure-less network, operated and managed by the nodes themselves. Inherently secure routing protocols are must for operational continuity of such networks which requires sustained and benevolent behavior by all participating nodes. A number of secure routing protocols based on trust have recently been proposed, which are able to detect routing misbehavior in the direct neighborhood of a node. However, collusion of misbehaving nodes has not been adequately addressed yet. In this paper, we present and evaluate a protocol, in which multipath routing combined with trust information of the nodes involved, are used to detect misbehaviors on data delivery formed by one or more misbehaving nodes in an ad hoc network. Data and control packets are transmitted through node-disjoint trust-worthy paths. Our protocol is able to withstand against attacks carried out by multiple malicious nodes acting in collusion. We take advantage of the existence of multiple paths between nodes in an ad hoc network to increase the confidentiality and robustness of transmitted data. We have evaluated the misbehaving node detection rate and the performance of our method along a number of parameters through simulation. Results show that our method increases the throughput of the network while also discovering a secure route.

Attackers perform port scan to find reachability, liveness and services in a system or network. Current day scanning tools provide different scanning options and capable of evading various security tools like firewall, IDS and IPS. So in order to detect and prevent attacks in early stages, an accurate detection of scanning activity in real time is very much essential. In this paper we present a flow based protocol behavior analysis system to detect TCP based slow and fast scan. This system provides scalable, accurate and generic solution to TCP based scanning by means of automatic behavior analysis of the network traffic. Detection capability of proposed system is compared with SNORT and results proves the high detection rate of the system over SNORT.

User authentication is a continual problem, particularly with mobile and handheld devices such as Personal Digital Assistants (PDAs), Smartcard, Laptops. User authentication is a difficult for every system providing safe access to precious, private information, or personalized services. User authentication is the primary line of defence for a handheld device that comes into the hands of an unauthorized individual. Password or Personal Identification Number (PIN) based authentication is the leading mechanism for verifying the identity of actual device users. Remote mutual authentication is the best solution for remote accessing in Wi-Fi environment. In this paper we propose a new remote mutual authentication scheme in wireless environment without maintaining the password table. This is based on ElGamal’s. It provides high security and mutual authentication at a reasonable computational cost. Furthermore it restricts most of the current attacking mechanisms. It is simple and can be adopted in any kind of lightweight devices.

The

UCON

A

usage control authorization model supports concurrency and the model left issue of synchronizing usage control processes to the implementation. Manual verification of application specific concurrent usage control implementation is a hard problem. In this paper, we show the usage of a formal verification tool, the SPIN model checker, for verifying the correctness of the concurrent usage control implementation. We also provide an illustrative case study.

A high speed security algorithm is always important for wired/wireless environment. The symmetric block cipher plays a major role in the bulk data encryption. One of the best existing symmetric security algorithms to provide data security is AES. AES has the advantage of being implemented in both hardware and software. We implement the AES in hardware because the hardware implementation has the advantage of increased throughput and offers better security. In order to reduce the constraint on the hardware resources while implementing the look-up table based s-box we propose a search based s-box architecture. Also the pipelined architecture of the AES algorithm is used in order to increase the throughput of the algorithm. The key schedule algorithm of the AES encryption is also pipelined.

The widespread proliferation of wireless networks (WLAN) demands formal evaluation and analysis of security policy management in enterprise networks. The enforcement of organizational security policies in wireless local area networks (WLANs) requires protection over the network resources from unauthorized access. Hence it is required to ensure correct distribution of access control rules to the network access points conforming to the security policy. In WLAN security policy management, the role-based access control (RBAC) mechanisms can be deployed to strengthen the security perimeter over the network resources. Further, there is a need to model the time and location dependent access constraints. In this paper, we propose WLAN security management system supported by a spatio-temporal RBAC (STRBAC) model and a SAT based verification framework. The system stems from logical partitioning of the WLAN topology into various security policy zones. It includes a

Global Policy Server

(GPS) that formalizes the organizational access policies and determines the high level policy configurations; a

Central Authentication & Role Server

(CARS) which authenticates the users and the access points (AP) in various zones and also assigns appropriate roles to the users. Each policy zone consists of an

Wireless Policy Zone Controller

(WPZCon) that co-ordinates with a dedicated

Local Role Server

(LRS) to extract the low level access configurations corresponding to the zone access router. We also propose a formal spatio-temporal RBAC (STRBAC) model to represent the global security policies formally and a SAT based verification framework to verify the access configurations.

A DDoS attack saturates a network by overwhelming the network resources with an immense volume of traffic that prevent the normal users from accessing the network resources. When Intrusion Detection Systems are used, a huge number of alerts will be generated and these alerts consist of both False Positives and True Positives. Due to huge volume of attack traffic, there is a possibility of occurring more False Positives than True Positives which is difficult for the network analyst to classify the original attack and take remedial action. This paper focuses on development of alert classification system to classify False Positives and True Positives related to DDoS attacks. It consists of five phases : Attack Generation, Alert Collection, Alert Fusion, Alert Generalization and Alert classification. In Attack Generation, DDoS attacks are generated in experimental testbed. In Alert Collection, snort IDS will be used to generate alerts for the generated traffic in testbed and alerts are collected. In Alert Fusion, the repeated alerts will be fused together to form meta alerts. In Alerts Generalization, the alerts indicating traffic towards the servers will be taken for further analysis. In Alert Classification, using fuzzy inference system the alerts will be classified as True Positives and False Positives. This reduces the difficulty of the network analyst by eliminating the false positives. This system is tested using an experimental testbed.

Due to the tremendous improvement of internet technology and increasing importance of privacy, security, and wise use of computational resources, the corresponding technologies are increasingly being faced with the problem of file type detection. Digital forensics deals with an investigation of digital evidence to enable investigators to detect the facts for the offences

.

In digital forensics, there are numerous file formats in use and criminals have started using either non-standard file formats or change extensions of files while storing or transmitting them over a network. This makes recovering data out of these files difficult. This also poses a very severe problem for the unauthorized users to send malicious data across the network and it is essential to tackle this e-crime which may harm the entire organization and network . File type detection has the most usage and importance in the proper functionality of operating systems, firewalls, intrusion detection systems, anti viruses, filters, steganalysis and computer forensics. Certain organizations may ban specific file formats via their intranet or E-mail services and the technique to change file extension in sending across has to be severely monitored. Identifying the type of file format of a digital object will be a crucial function on ingest to a digital repository thereby attaining improved security and fraud prevention .This paper focuses on identifying the true file type , detect the presence of embedded data types to improve analysis efficiency in Digital forensic .

Privacy preserving mining of distributed data has numerous applications. Several constraints can imposed by the applications, it includes how the data is distributed; when the data is distributed privacy should be preserved...etc. Data mining has operated on a data warehousing model of gathering all data into a central site, then running an algorithm against that data. Privacy considerations may prevent this approach. This paper presents steganography techniques and shows how they can be used to solve several privacy-preserving data mining problems. Steganography is a technique to hide secret information in some other data (we call it a vessel) without leaving any apparent evidence of data alteration.

In 1998, Blaze, Bleumer, and Strauss (BBS) proposed proxy re-signatures, in which a semi-trusted proxy acts as a translator between Alice and Bob to translate a signature from Alice into a signature from Bob on the same message. The proxy, however, does not learn any signing key and cannot sign arbitrary messages on behalf of either Alice or Bob. In the 12

th

ACM Conference on Computer and Communications Security (CCS 2005), Ateniese and Hohenberger formalised the definition of security for a proxy re-signature and presented two secure proxy re-signature schemes based on bilinear maps. They left open the problem of determining whether or not a proxy re-signature scheme can be built that translates one type of signature scheme to another i.e. a scheme that translates Alice’s Schnorr signatures into Bob’s RSA based ones.

In this paper we address this open problem. We construct proxy signature scheme that translates Alice’s Schnorr/ElGamal signature to Bob’s RSA signature. We construct this by generating suitable proxy re-sign keys by establishing communication among delegatee, proxy signer and the delegator. At no point of conversion the security of Schnorr, ElGamal and RSA signature schemes are compromised. The Signatures generated by regular signature generation algorithm and the proposed re-signature algorithm are indistinguishable.

Peer-to-peer systems have gained a lot of attention as information sharing systems for the wide-spread exchange of resources and voluminous information that is easily accessible among thousands or even millions of users. However, current peer-to-peer information sharing systems work mostly on wired networks. With the growing number of communication-equipped mobile devices that can self-organize into infrastructure-less communication platform, namely mobile ad hoc networks (MANETs), peer-to-peer information sharing over MANETs becomes a promising research area. In this paper, we propose a Region-Based structure that enables efficient and secure peer-to-peer information sharing over MANETs. The implementation shows that the proposed scheme is Secure, scalable, efficient, and adaptive to node mobility and provides Reliable information sharing.

The explosive growth in wireless network over the last few years resembles the rapid growth of the internet within the last decade. The increasing popularity of IEEE 802.11 demands enhancement in network performance. WLAN uses frequency spectrum for providing wireless access to nomadic nodes which is in fact a very scarce resource. One common issue in deployment of a multi-channel multi-AP (access point) wireless network is interference. Interference can be minimized by adjusting the transmission power. This paper focuses on transmission power adjustment of APs by using the concept of cognitive radio. The approach requires RSSI (Received Signal Strength Indication) information to be sent by all the mobile WSs (workstations) in the coverage area to the associated AP at regular intervals to keep the AP updated about their distance. Depending on the current position of WS, AP’s power transmission level is adjusted (increased, decreased, remains same, transmission stopped). During adjustment of power level of the AP, cognitive radio concept is used to avoid the power level to reach beyond a maximum level so as to minimize the problem of interference. Each AP in the network considers itself to be secondary users as in a cognitive network and keeps it power level within a limit such that other APs (taken as primary users) do not face interference.

P2P networks are harbingers of copyright violations costing the music, movie and the software industries millions of dollars in lost revenue, through illegal sharing of content. Moreover, the anonymous social networking sites act as playgrounds for criminals and sexual predators, leading to a fast growing social malaise. Since, P2P networks are anonymous in nature, highly scalable and censorship-resistant by design, controlling shared content is non-trivial to say the least. Hence, there is an urgent need by the research community to counter these threats. We present the novel concept of

Conscience-Based Routing (CBR)

in which

Conscientious Peers

(CPs)

actively block queries pertaining to illegal music/movies or those pertaining to topics such as national security or pornography. Moreover, CPs pass poisoned content to peers requesting illegal content so that their overall experience is severely diminished, discouraging them from seeking illegal content. Such an approach is suitable for a pure decentralized P2P network where individual peers perform overlay query routing. We establish the effectiveness of our approach through simulation and also discuss strategies to encourage “conscientious” behavior by peers in a real-world scenario.

Cognitive radio has emerged as a new design paradigm for next generation wireless networks that aims to increase utilization of scarce radio spectrum. Intelligent algorithms are used to learn the surrounding environment, and the knowledge thus obtained is utilized by trans-receiver to achieve the best performance. For IEEE 802.11 wireless LANs with multiple access points, it is critical to allocate limited number of radio channels dynamically and efficiently. In this paper, we are trying to implement the idea of using cognitive techniques to optimize access point configuration for IEEE 802.11 WLAN. Similarly, we can have 802.11 based cognitive networks in which CR (cognitive radio) can employ DCF (Distributed co-ordination function) protocol for contention based channel access. We have tried to interrelate between Cognitive and IEEE 802.11 WLAN networks and improve network’s capability by taking useful part of other network.

Business Intelligence brings information in an intelligent way that enable a requester of data to analyze, justify their views and make timely decisions. In all these processes a good amount of data may be exposed based on user profile and in varying degree of extent. Also, the recent trends in Information Management such as cloud computing and pervasive BI, has set forth many questions in the arena of legal compliance and information security. Especially when, millions of customer records of an organization are outsourced for testing, warehousing and data mining. In this paper, we present an approach that will require a new layer to be incorporated for business intelligence architecture and shall be used to preserve the privacy of sensitive information without changing the consolidated, processed and strategically aggregated data; keeping intact the analysis and mining needs of stakeholders within and outside the organization.

Data Link Layer is the most important Layer in any type of Local Area Network. The main functions of the Data Link Layer is access control and flow control. The efficient implementation of access control protocol, decides the optimal usage of network resources. The backoff algorithm is a very important aspect in access control protocol implementation. Backoff algorithm is used to reduce the probability of frequent collisions when stations try to access the medium simultaneously. The basic Binary Exponential Backoff algorithm, Modified Binary Exponential Backoff algorithm and their drawbacks are analyzed and a new variation called Probability Based Backoff algorithm is proposed, which takes network traffic also into consideration.

In a typical cloud environment the client will be storing his data with a provider and paying as per the usage time. At the end of the contract the client, as the data owner, may like to see that the data should be properly shredded in the provider storage. In this paper we provide a scheme for Proof of Erasability (POE) for a client that a target data is completely destructed or is irreversibly rendered useless. The destruction of the data is achieved by a comprehensive destruction algorithm which systematically modifies the most significant bit(s) of every data chunk thereby making the data irrecoverably destructed and refuting any concerns on privacy and security.

In recent days, digital identity in a corporate environment needs to be treated with high priority. Irrespective of different applications we use in organization, resources need to be managed and allotted to the appropriate identity/user (i.e. Provisioning Management) with proper access rights (Access Management). Identity management or IdM refers to how humans are identified, authorized and managed across computer networks. It deals with issues such as creating identities to the users, different ways to protect those identities & related information and the technologies supporting that protection. This paper analyzes the latest IdM product vendors in today’s market. Also this paper aims to provide a survey/roadmap to compare the identity management solutions based on various important identity factors. In this paper, we are analysing different IdM systems based on two state-of-the-art identity management taxonomies, such as features & capabilities and strategy & vision.

The open and anonymous nature of peer-to-peer (P2P) networks creates almost ideal environment for malicious activities. The trust management (TM) allows to establish trust relationships between peers in such hostile environment and makes using the P2P network more secure. In this paper we present a novel trust management system called BubbleTrust which use some new approaches. The system creates a bubble around the unknown peers which includes all peers which trust them. Each peer is evaluated separately as a participant in network services and as a participant in the TM. The peer credibility is derived only from verified information about transactions between peers. Our aim was to create a system which is applicable in large P2P networks and provides the reliable results.

Dynamic collaborative peer groups generally have constantly changing application requirements and varied security requirements, and require a secure and reliable group communication. Self-organizing groups like f/oss motivate the need for dynamic multi-level access control. Currently there are some integrated solutions for secure group communication, but very few allow dynamic multi-level access control based on trust. We propose a framework for collaborative groups which integrates authentication, admission control, policy based access control, adaptive trust and key management. Our model permits peers to regulate their own behavior by deploying access control policies dynamically based on the behavior and trust level of peers in the group and the current group composition. Peers can collaboratively modify policies governing their level. Our trust metric is a tunable metric based on context specific attributes. Functionality of members in a group is also dynamic and the group can dynamically prioritise requests for join. We tested the behavior of groups under different application scenario by implementing our framework in overlay simulator peersim integrated with Prolog. Our experiments show that dynamic polices based on the adaptive trust and changing group composition lead to better group efficiency as compared to static access control policies.

With the significant increase in use of networks, network security has become more important and challenging. An intrusion detection system plays a major role in providing security. This paper proposes a model in which Artificial Neural Network and Data Mining approaches are used together. In this model “Self Organizing Map” approach is used for behavior learning and “Outlier Mining” approach is used for detecting an intruder. The scope of the proposed model is for internet. This model improves the capability of detecting intruders: both masqueraders and misfeasors.

Ciphertext policy attribute based encryption (CP-ABE) allows to encrypt data under an access policy. The access policy can be formed with the logical combination of attributes.. Such ciphertexts can be decrypted by anyone with a set of attributes that satisfy the access policy. In CP-ABE, access policy is sent along with the ciphertext. We propose a method in which the access policy need not be sent along with the ciphertext, by which we are able to preserve the privacy of the encryptor. The proposed construction is provably secure under Decision Bilinear Diffe-Hellman assumption.

The issues related to mobile network like disconnection, node failures, message loss etc. needs to have reliable and efficient method of execution for transactions along with recovery of database into consistent state. The most widely used technique for database recovery is Log based recovery. During failure / crash to recover data values prior to modification and the new value after modification can be accessed with the transaction log. Checkpoints are used to reduce the number of log records that the system must scan when recovering from a crash.

In this paper we present an atomic commit protocol called Reliable Timeout Based Commit Protocol that uses notion of 2PC & TCOT for mobile environments. This model uses two alternative possible execution strategies for mobile transactions i.e. execution at MH & Execution at FH with using timeout based mechanism. The performance of our system is compared with the 2PC and TCOT in terms of message complexity, force writes etc. The proposal is also been made to have reliable execution of mobile transactions by maintaining logged information using flash memory at MH & BS by means of recovery algorithm, through which we can have durability in transactions.

IoT is an intelligent collaboration of tiny sensors and devices giving new challenges to security and privacy in end to end communication of things. Protection of data and privacy of things is one of the key challenges in the IoT. Lack of security measures will result in decreased adoption among users and therefore is one of the driving factors in the success of the IoT. This paper gives an overview, analysis and taxonomy of security and privacy challenges in IoT. Finally, Security Model for IoT has been proposed.

One of the most profound changes today is the increase in mobility of portable yet powerful wireless devices capable of communicating via several different kinds of wireless radio networks of varying link-level characteristics. Requirement for identity is not adequately met in networks, especially given the emergence of ubiquitous computing devices that are mobile and use wireless communications. Addressing identity problem requires changes to the architecture for naming, addressing, and discovery. Challenges include resource discovery; ways to expose relevant privacy distinctions to users, naming and addressing that restricts precise knowledge of identity to authorized parties. This paper presents the identity management (IdM) framework for internet of things (IoT) with the study of existing systems, and addresses the key challenges.

In this paper, an extended TUX-TMS: A reputation based Trust Management System is presented for enhancing reputation for enabling transaction between unknown users in grid environments. TUX-TMS evaluates trustworthiness and reputation of a domain on the basis of user feedback which is further computed using trust context factor, risk assessment, trust inheritance and trust & reputation decay. TUX-TMS is further extended by including user zones and phylogenetic tree for the users. The parameters are enhanced and redefined to secure transactions and make the information provided more trustworthy. The reputation information is also aggravated hierarchically which enables new entities to inherit domain’s reputation information.

Many real-world scenarios require the effective enforcement of a common bulk of strong security services that nowadays Wireless Sensor Network (WSN) implementations are far from achieving. This paper introduces a new cryptographic primitive which seems very promising to achieve authentication of the nodes involved in a WSN in such usage scenarios. We show the feasibility of this primitive by showing some its remarkable features in the context of radio communications and by comparing its power consumption to those of Public-Key Certificates.

This paper presents a Reliability-based Source Routing (RSR) protocol for mobile ad hoc networks (MANETs). RSR works as follows: Before sending a Route Reply (RREP) packet on a preferred path, the destination validates the discovered path by sending an encrypted Probe packet to the source. If the source node receives the Probe packet, it sends back an Acknowledgment back to the destination. If the Acknowledgment packet is received, the destination sends the RREP packet. Otherwise, the destination chooses the path that has the largest Reliability Metric. The Reliability Metric of a path is the minimum of the Reliability Metric of the constituent nodes of the path. The Reliability Metric of a node (a measure of trust) is updated based on the periodic encrypted beacon exchange, propagation of the Route Request (RREQ), RREP and data packets. The above procedure is repeated until a route can or cannot be discovered.

Vehicular Ad-hoc Networks (VANET) technology provides a fast, easy to deploy and an inexpensive solution for intelligent traffic control and traffic disaster preventive measure. In VANET, moving vehicles communicate using wireless technology. This communication can be used to divert traffic from congested or dysfunctional routes, to seek help in an emergency and to prevent accident escalation in addition to providing intelligent traffic control. However, an attacker can use the same system to spread false warning messages resulting in congestion on certain routes thereby leading to accidents or causing delay in providing help etc. One of the harmful attacks against VANET is Sybil attack, in which an attacker generates multiple identities to feign multiple nodes. In this paper, we present an implementation of simulated Sybil attack scenario in VANET and discuss its impact on network performance. A cooperative approach of Sybil attack detection, inferred through analysis of Sybil attack, is also presented.

In general, speech recognition is a process that is referred to convert spoken string into machine-understandable string. Speech Recognition consists of 2 processes, i) removal of background noise (background noise is generated due to the stressful noise environment) and ii) phoneme separation word by word (also involves phoneme recognition). In real time situation, sound signals consist of both noises (target noise as well as background noise).

This paper critically evaluates the currently available signal analysis techniques and the modeling of phonemes, as applied to isolated and context-independent phoneme recognition. The proposed methodology introduces the technique of determining the pure speech-signal in a noisy environment (without background noise) and phonemes-isolation word by word using some clustering approach. With the use of proposed methodology, high accuracy of background noise-isolation (obtaining clean speech-signal without background noise) and high accuracy of phoneme isolation from clean speech-signal have been achieved which can be qualitatively compared to previous research done on continuous phoneme recognition. Performance evaluation also shows the improvement to achieve the speech recognition in a stressful noise situation and better quality of phoneme separation process.

Currently, spam mails are the major issue over mail boxes as well as over the internet. Spam mails can be the cause of phishing attack, hacking of banking accounts, attacks on confidential data. Spamming is growing at a rapid rate since sending a flood of mails is easy and very cheap. Spam mails disturb the mind-peace, waste time and consume resources e.g., memory space and network bandwidth, so fighting against spam is a big issue in internet security.

This paper presents an approach of spam filtering which is based on mining knowledge base, analysis of the mail header, cross validation. Proposed methodology includes the several techniques of spam filtering with the higher accuracy. It works well with all kinds of spam mails (text based spam as well as image spam). Our experiments and results shows promising results, and spam’s are filtered out at least 97.34 % with 0.11% false positive.

With the rapid advancement in the wireless networking and mobile technologies, devices have become tiny and are able to interact with one another seamlessly offering services which can be accessed anytime, anywhere. Mobile devices have got the capability to dynamically form networks with other devices and can host a variety of services which others can access. In such an environment, security and privacy are the major barriers and addressing these issues is vital for the penetration of ubiquitous applications. Traditional security solutions won’t suffice to the needs of ubiquitous environments formed with resource constraint devices and pose potential limitations. Context and Role Based Access Control (CRBAC) mechanism can be used for enterprise ubiquitous applications, where as in case of peer-to-peer ubiquitous applications since unknown entities involve in interactions, dynamic trust formation plays a vital role. In this paper, we propose a novel approach for trust management framework using RAINBOW model which represents the human-notion of trust in terms of computational algorithm with seven factors Peer Recommendation, Operational Risk, Operational Cost, Reputation, Role, Privacy and Identity.

The scalability of the Internet routing system has caught much attention in the recent years as it affects the performance of the Internet greatly. IP address fragmentation is one main cause for routing scalability and existing address allocation practices are one major contributor to address fragmentation. Address fragmentation increases routing table size, hence IP look-up and routing efficiency. It also constraints the processing and memory capabilities of routers leading to failing routes if the burgeoning growth of the routing table size is not contained. A proper address allocation algorithm coupled with appropriate address allocation policies will help to scale the existing addressing and routing system. This research proposes a hybrid address allocation algorithm for IPv6 by combining some of the existing address allocation algorithms leveraging on their merits. The proposed hybrid address allocation algorithm would help in reducing address fragmentation to a greater extent compared to the existing address allocation schemes. This would facilitate in reducing routing table size, increase scalability and hence improve the performance of the Internet.

A MANET (Mobile Adhoc network) is an autonomous system consisting of a set of mobile hosts that are free to move without the need for a wired backbone or a fixed base station. Conventional on-demand route discovery for Adhoc routing protocols extensively use simple flooding, which could potentially lead to high channel contention, causing redundant retransmissions and thus excessive packet collisions in the network. Broadcasting is an essential building block of any MANET, so it is imperative to utilize the most efficient broadcast methods possible, to ensure a reliable network. This paper proposes a new AODV-Efficient and dynamic probabilistic broadcasting approach which is quite efficient and dynamic in nature and solves the broadcast storm problem in AODV. The simulation is done on Global Mobile Simulator (GloMoSim). Routing overhead and end-to-end delays are considered as main performance evaluation metrics. The results show that at a very heavy traffic load , the normalized routing load is reduced to around 35% and 25% compared with AODV-blind flooding and AODV-fixed probability model, when used with AODV-EDPB. The data packets in proposed algorithm experience lower latency than in AODV-blind flooding and AODV-FP model. Also the results show that at higher pause times there is proportionally more decrease in normalized routing load when compared with AODV-FP and AODV-BF approaches and achieve lower overhead and improved delivery latency as compared to conventional AODV, especially in dense networks.

Wireless mesh networks (WMNs) are evolving as a key technology for next-generation wireless networks showing rapid progress and numerous applications. These networks have the potential to provide robust and high-throughput data delivery to wireless users. In a WMN, high speed routers equipped with advanced antennas, communicate with each other in a multi-hop fashion over wireless channels and form a broadband backhaul. However, the throughput of a WMN may be severely degraded due to presence of some selfish routers that avoid forwarding packets for other nodes even as they send their own traffic through the network. This paper presents an algorithm for detection of selfish nodes in a WMN that uses statistical theory of inference for reliable clustering of the nodes based on local observations. Simulation results show that the algorithm has a high detection rate and a low false positive rate.

In a multi-hop

mobile ad hoc network

(MANET), mobile nodes cooperate to form a network without using any infrastructure such as access points or base stations. The mobility of the nodes and the fundamentally limited capacity of the wireless medium, together with wireless transmission effects such as attenuation, multi-path propagation, and interference combine to create significant challenges for security in MANETs. Traditional cryptographic mechanisms such as authentication and encryption are not capable of handling some kinds of attacks such as packet dropping by malicious nodes in MANETs. This paper presents a mechanism for detecting malicious packet dropping attacks in MANETs. The mechanism depends on a trust module on each node, which is based on the reputation value computed for that node by its neighbors. The reputation value of a node is computed based on its packet forwarding behavior in the network. The reputation information is gathered, stored and exchanged between the nodes, and computed under different scenario. The proposed protocol has been simulated in a network simulator. The simulation results show the efficiency of its performance.

In this paper, we present a process based on aspect oriented methodology to treat a trust model against trust related threats. The trust services are based on a service oriented architecture. We believe that due to the crosscutting natures of concerns in trust dependent applications, concepts of aspect oriented methodology can be applied to develop specifications for trust models. The trust modeling process comprises of the trust service primary model to specify trust services and trust treated aspect model to specify threats as patterns. The primary and aspect models can be composed with application specific scenarios to develop a trust treated model. We have selected the reputation service as an example of a trust service to illustrate the trust modeling process.

Contactless Smartcards are typically used in fields of electronic ticketing, transport and access control. More recently, they have been for electronic payment transactions. This apparent reluctance to the use of contactless smartcards in fields that involve money transactions as well as many other fields and applications is because contactless technology is erroneously believed to be less secure than contact technology. Research has shown that contactless smartcards are not fundamentally less secure than contact cards. However certain security threats are inherently facilitated by contactless smart cards and contactless technology. The various security issues in contactless technology are Eavesdropping, Denial of Service, Covert Transactions, and Man-in-the-Middle.

In this paper, we explore the possibility of using cryptography as a solution to the security issues in contactless technology. We provide the effectiveness of cryptography on these issues, the limitations we have to impose on our applications in order to use cryptography, and further enhancements that are possible to reduce, if not eliminate, the severity of security threats in contactless technology which will further enable use of contactless smart cards in more fields hitherto unexplored.

Steganography is the art of hiding information in ways that avert the revealing of hiding messages. This paper proposes a new Compressed Video Steganographic scheme. In this algorithm, data hiding operations are executed entirely in the compressed domain. Here data are embedded in the macro blocks of I frame with maximum scene change. To enlarge the capacity of the hidden secret information and to provide an imperceptible stego-image for human vision, a novel steganographic approach called tri-way pixel-value differencing (TPVD) is used for embedding. In this scheme all the processes are defined and executed in the compressed domain. Though decompression is not required. Experimental results demonstrate that the proposed algorithm has high imperceptibility and capacity.

It is obvious that if a data mining algorithm is run against the union of the databases, and its output becomes known to one or more of the parties, it reveals something about the contents of the other databases. Research in secure distributed computation, which was done as part of a larger body of research in the theory of cryptography, has achieved remarkable results. These results were shown using generic constructions that can be applied to any function that has an efficient representation as a circuit. We describe these results, discuss their efficiency, and demonstrate their relevance to privacy preserving computation of data mining algorithms. Note that we consider here a distributed computing scenario, rather than a scenario where all data is gathered in a central server, which then runs the algorithm against all data. (The central server scenario introduces interesting privacy issues, too, but they are outside the scope of this paper.)

Association Rule Mining (ARM) is an important problem in spatial database system. Much effort has been devoted for developing algorithms for efficiently discovering relationship between objects in space. In this paper, we propose an enhancement of existing mining algorithm for efficiently mining frequent patterns for positive and negative spatial objects for spatial objects occurring in space such as a city is located near a river. This approach reveals that the enhanced algorithm is suitable both for dense as well as sparse spatial objects when minimum support is high and it overcomes some limitations of the previous method.

In this paper, we present a genetic algorithm to perform global searching for generating interesting association rules from Spatial Gene Expression Data. The typical approach of association rule mining is to make strong simplifying assumptions about the form of the rules, and limit the measure of rule quality to simple properties such as minimum support or minimum confidence. Minimum-support or minimum confidence means that users must specify suitable thresholds for their mining tasks though they may have no knowledge concerning their databases. The presented approach does not require users to specify thresholds. Instead of generating an unknown number of association rules, only the most interesting rules are generated according to interestingness measure as defined by the fitness function. Computational results show that applying this genetic algorithm to search for high quality association rules with their confidence and interestingness acceptably maximized leads to better results.

The Pessimistic commit protocol specifies set of rules which guarantee that every single transaction in a mobile database environment is executed to its completion or none of its operations are performed. To show the effectiveness of pessimistic commit protocols, a generic simulator is designed and implemented to demonstrate how the transactions are committed and how the data consistency is maintained when the transactions are executed concurrently. Further the constraints imposed by mobile database environments like mobility, blocking of data items etc. are effectively handled. The simulator is tested for efficiency for all timeout based strategies proposed in the literature.

State of Iowa is an agricultural rich state in north central region and is divided into 99 counties. NCRA in the United States maintains agricultural databases to facilitate crop and risk analysis, pest management and forecasting. NC94 is one such dataset which is intensively used and is available for public use through many sources to process and analyze to get future predictions about agriculture. In this work we calculate the cumulative degree of coldness in Iowa with spatial granularity as county in last 30 years. To demonstrate the degree of coldness, we choose blue as the base color and counties are rendered with different shades of blue color based on the degree of coldness. Higher intensity of the color reflects the higher coldness whereas the lower intensity corresponds to lower coldness. We expect that the results of this research provide direct benefits to farmers and will attract the attention of agricultural/ computational scientific community.

Embedded database technology can be used to manage MPEG-7 data with limited resources. In that case, we need a clustering method for the efficient storage of MPEG-7 documents. The present study designed and implemented a MPEG-7 document management system that can store MPEG-7 documents efficiently in mobile terminals such as PDA. The system used Berkeley DB XML, an embedded XML database system based on MPEG-7 data clustering.