Skip to main content
main-content

Über dieses Buch

This book constitutes the refereed proceedings of the Second International Conference on Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments, ISDDC 2018, held in Vancouver, BC, Canada, in November 2018.

The 10 full papers were carefully reviewed and selected from 28 submissions. This book also contains the abstracts of two keynote talks and one tutorial. The contributions included in this proceedings cover many aspects of theory and application of effective and efficient paradigms, approaches, and tools for building, maintaining, and managing secure and dependable systems and infrastructures, such as botnet detection, secure cloud computing and cryptosystems, IoT security, sensor and social network security, behavioral systems and data science, and mobile computing.

Inhaltsverzeichnis

Frontmatter

Identifying Vulnerabilities and Attacking Capabilities Against Pseudonym Changing Schemes in VANET

Abstract
Vehicular communication discloses critical information about the vehicle. Association of this information to the drivers put the privacy of the driver at risk. The broadcast of safety messages in plain text is essential for safety applications but not secure with respect to the privacy of the driver. Many pseudonymous schemes are proposed in the literature, yet the level of privacy is not being compared among these schemes. Our contribution in this paper is the identification of the vulnerabilities in the existing pseudonym changing schemes, determining the attacking capabilities of the local-passive attacker and demonstration of the optimal case for an attacker to deploy the network of eavesdropping stations with the feasible attacking capabilities. We have also provided the analysis and comparison of the different pseudonym changing schemes with a new metric to measure tracking ability of the local-passive attacker in highway and urban scenarios as well as with the varying number of attacking stations.
Ikjot Saini, Sherif Saad, Arunita Jaekel

An RSA-Based User Authentication Scheme for Smart-Homes Using Smart Card

Abstract
Internet of Things (IoT) is an emerging paradigm which enables physical objects to operate over the Internet, collect and share the data that describe the real physical world. One of its greatest opportunity and application still lies ahead in the form of smart home, known as push-button automated home. In this ubiquitous environment, due to the most likely heterogeneity of objects, communication, topology, security protocols, and the computationally limited nature of IoT objects, conventional authentication schemes may not comply with IoT security requirements since they are considered impractical, weak, or outdated. Focusing only on the issue of remote authentication in a smart home environment, in the presence of security threats, this paper proposes the design of a RSA-based two-factor user Authentication scheme for Smart-Home using Smart Card (denoted RSA-ASH-SC scheme). An informal security analysis of the proposed RSA-ASH-SC scheme is proposed as well as a study of its performance in terms of convergence speed, showing that the RSA-ASH-SC scheme is about 50% faster than the Om and Kumari scheme, and about 15 times faster than selected RSA variants in terms of RSA decryption speed when the RSA key length is 2048. The RSA-ASH-SC scheme is also shown to maintain the anonymity of the user using a one-time token.
Maninder Singh Raniyal, Isaac Woungang, Sanjay Kumar Dhurandher

Analysing Data Security Requirements of Android Mobile Banking Application

Abstract
Mobile banking applications are at high risk of cyber attacks due to security vulnerabilities in their application design and underlying operating systems. The Inter-Process Communication mechanism in Android enables applications to communicate, share data and reuse functionality between them. However, if used incorrectly, it can become an attack surface, which allows malicious applications to exploit devices and compromise sensitive financial information. In this research, we focused on addressing the intent vulnerabilities by applying a hybrid fuzzing testing technique to analyze the data security requirements of native Android financial applications. The system first automatically constructs an application behavior model and later apply hybrid fuzzing to the model to analyze the data leak vulnerabilities. Testing results help to discover the unknown exploitable entry points in the applications under test.
Shikhar Bhatnagar, Yasir Malik, Sergey Butakov

Adaptive Mobile Keystroke Dynamic Authentication Using Ensemble Classification Methods

Abstract
Mobile keystroke dynamic biometric authentication requires several biometric samples for enrolment. In some application context or scenario where the user scarcely uses the application, it could take quite a while to get enough samples for enrolment. This creates a window of vulnerability where the user cannot be authenticated using the keystroke dynamic biometric. We propose in this paper, an adaptive approach to derive initially the user profile online and passively with a minimum number of samples, and then progressively update the profile as more samples become available. The approach uses ensemble classification methods and the equal error rate as profile maturity metric. The approach was evaluated using an existing dataset involving 42 users yielding encouraging results. The best performance achieved was an EER of 5.29% using Random forest algorithm.
Faisal Alshanketi, Issa Traoré, Awos Kanan, Ahmed Awad

Automating Incident Classification Using Sentiment Analysis and Machine Learning

Abstract
The first step in an incident response plan of an organization is to establish whether the reported event is in fact an incident. This is not an easy task especially if it is a novel event, which has not previously been documented. A typical classification of a novel event includes consulting a database of events with similar keywords and making a subjective decision by human. Efforts have been made to categorize events but there is no universal list of all possible incidents because each incident can be described in multiple different ways. In this paper we propose automating the process of receiving and classifying an event based on the assumption that the main difference between an event and an incident in the field of security is that an event is a positive or a neutral occurrence whereas an incident has strictly negative connotations. We applied sentiment analysis on event reports from the RISI dataset, and the results supported our assumption. We further observed that the sentiment analysis score and magnitude parameters of similar incidents were also very similar and we used them as features in a machine learning model along with other features obtained from each report such as impact and duration in order to predict the likelihood that an event is an incident. We found that using sentiment analysis as a feature of the model increases its accuracy, precision, and recall by at least 10%. The difference between our approach and the typical incident classification approach is that in our approach we train the system to recognize the incidents before any incident actually takes place and our system can recognize incidents even if their descriptions do not include keywords previously encountered by the system.
Marina Danchovsky Ibrishimova, Kin Fun Li

Security Analysis of an Identity-Based Data Aggregation Protocol for the Smart Grid

Abstract
Recently, Wang et al. proposed an efficient identity-based aggregation protocol for the smart grid, and they proved the cryptographic primitives used in protocol formally. However, they did not use a formal methodology for evaluating their security or privacy guarantees, especially for resisting the colluding attacks. In this paper, we provide a formal security and privacy definitions for the identity-based data aggregation protocol. When we applied the security definitions for Wang et al.’s protocol, we find that this protocol can resist two kinds of colluding attacks, but it can be broken by the other three kinds of colluding attacks. Thus, this protocol is not secure in practical. Our analysis methodology also can be used for other data aggregation protocols, and it is beneficial for the protocol designers.
Zhiwei Wang, Hao Xie, Yumin Xu

A More Efficient Secure Fully Verifiable Delegation Scheme for Simultaneous Group Exponentiations

Abstract
Along with the recent advancements in cloud and mobile computing, secure and verifiable delegation of expensive computations to powerful servers has become a highly expedient and increasingly popular option. Group exponentiations (GEs) form one of the most expensive, though unavoidable, operations in order to utilize various security protocols since they are typically required as building blocks of advanced cryptographic technologies. In this paper, we address the problem of efficient, secure and verifiable delegation of simultaneous GEs. Firstly, we propose a secure, efficient and fully verifiable simultaneous delegation scheme \(\mathsf{InvDel}\) using two servers one of which is assumed to be malicious. \(\mathsf{InvDel}\) removes the requirement of computations of group inversions (GIs) completely while providing full verifiability. \(\mathsf{InvDel}\) considerably improves the computational efficiency of the delegation, and it is the most efficient delegation scheme for GEs. To the best of our knowledge, \(\mathsf{InvDel}\) is also the first secure delegation scheme for simultaneous GEs achieving full verifiability efficiently. Secondly, we give implementation results of \(\mathsf{InvDel}\) in an Android application together with a comprehensive efficiency analysis with the previous results. For example, when the required CPU costs for a single GE are compared with a 3072-bit modulus, \(\mathsf{InvDel}\) is at least 189-times (resp. 3-times) more efficient than the utilization of a local computation (resp. the utilization of the only available fully verifiable scheme introduced before). Furthermore, if the security level, whence the corresponding bit length, increases, then the advantage of \(\mathsf{InvDel}\) becomes much more better if compared with the previous delegation schemes. Finally, we also utilize \(\mathsf{InvDel}\) to speed-up the verification step of Schnorr’s signatures.
Stephan Moritz, Osmanbey Uzunkol

An Efficient Framework for Improved Task Offloading in Edge Computing

Abstract
In cloud environment the efficient techniques to balance the load are needed to equally distribute the load between available data centers to save some of the nodes from getting over loaded while others getting lightly loaded or free. The loads in cloud data centers should be mapped on to available resources in such a way that energy utilization in edge computing should be optimized. With the use of load balancing, utilization of resources can be optimized which can significantly decrease energy consumption and can even reduce carbon release along with cooling necessities in cloud data centers. In this paper, a novel game theoretic approach has been proposed to improve the throughput of the edge computing. Also, an effort is made to reduce the energy consumed during the offloading in the edge computing. Extensive analysis shows that the performance of proposed technique consumes lesser energy and provide faster response to edge users.
Amanjot Kaur, Ramandeep Kaur

Secure and Efficient Enhanced Sharing of Data Over Cloud Using Attribute Based Encryption with Hash Functions

Abstract
Cloud computing is a model on which association and people can work with application from anywhere on demand. The real issue of cloud computing is preserving integrity and confidentiality of data in data security. The essential solution for this issue is data encryption on cloud. Security in cloud computing being one of the great research subjects. Numerous strategies have been proposed on attribute-based encryption systems. Attribute Based Encryption (ABE) is a cryptographic crude that understands the thought of cryptographic access control. This research work proposed attribute-based encryption method based on hash function associated with asymmetric encryption. The performance of the proposed algorithm has been evaluated by simulation using Cloudsim toolkit. For simulation we have analyzed the results on the basis of different File Size and simulated the results of proposed algorithm. Encryption Time, Key Generation Time and decryption time are evaluated and compared with the existing algorithm. Performance of proposed hash-based ABE algorithm is compared with the existing ABE algorithm. Experimental results demonstrate that proposed technique takes less time for encryption, decryption and for computing key than the existing technique and hence, performs better than existing algorithm. The average improvement is 13.54% in the proposed ABE with hashing as compared to existing ABE on the basis of encryption time; average approximate increase in the efficiency of key computation time is 3.72% as compared with the existing; 11.08% of improvement in decryption time.
Prabhleen Singh, Kulwinder Kaur

Blockchain Technology and Its Applications in FinTech

Abstract
In this short paper we introduce the basics of blockchain technology including its many advantages and why and how they possess a number of attractive attributes for the banking and financial-services industry to simplify business processes while maintaining safe, trustworthy records of business agreement and transactions. In particular, some typical examples of applying blockchain in Financial Technology (FinTech) are discussed, including such as applying Bitcoin to drive various new business services, and implementing smart contracts based on blockchain technology to oversee the execution of legal transactions in real time. In addition, a pioneer effort of building up a distributed-ledger consortium model is addressed in the near future work.
Wei Lu

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise