Article
Computer Science, Information Systems
Hong Zhong, Chuanwang Zhang, Jie Cui, Yan Xu, Lu Liu
Summary: This article proposes an efficient solution to the prevailing challenge of cross-cloud data migration faced by mobile users. The solution involves a data migration model and a cryptographic scheme for mutual authentication and key agreement between cloud providers. Mathematical verification and comparison with existing schemes demonstrate the superior performance of the proposed solution in terms of computational and communication cost reduction.
IEEE TRANSACTIONS ON CLOUD COMPUTING
(2022)
Article
Energy & Fuels
Feng Zhai, Ting Yang, Wei Sun, Xu Fang
Summary: In this paper, we propose a lightweight and dynamic authenticated key agreement and management protocol for the secure communication between smart meters and electricity service providers in the advanced metering infrastructure of the smart grid. Our protocol, based on identity cryptosystem and elliptic curve cryptography, significantly reduces the computation overhead of resource-constrained smart meters. We also introduce a one-way key tree technique for efficient generation and updating of group keys in multicast communication. Through systematic proof and simulated experiments, we demonstrate that our protocol guarantees message confidentiality, integrity, and resists various attacks.
FRONTIERS IN ENERGY RESEARCH
(2023)
Article
Computer Science, Information Systems
Yanru Chen, Fengming Yin, Shunfang Hu, Limin Sun, Yang Li, Bin Xing, Liangyin Chen, Bing Guo
Summary: Nowadays, the progress and extensive use of Industrial Internet of Things (IIoT) technology have brought serious information security threats to the industrial control systems (ICSs). This paper proposes a lightweight authenticated key agreement (AKA) protocol based on the elliptic curve cryptography (ECC) algorithm to adapt to resource-constrained environments. The protocol only uses hash operation, XOR operation, and ECC algorithm for encryption, and avoids involving the register center during key agreement, ensuring both performance and security. Security analysis shows that the protocol meets nine critical security requirements, more than any existing protocols, and performance analysis indicates that it has less computational and communication overhead compared to other similar protocols.
IEEE INTERNET OF THINGS JOURNAL
(2023)
Article
Computer Science, Hardware & Architecture
Sarra Cherbal, Rania Benchetioui
Summary: Internet of Things (IoT) is a growing trend in wireless communication, where connected objects have become a part of our daily lives. However, the openness of the network exposes it to various attacks, making security a major concern. This paper proposes a smart card-based protocol that enables mutual authentication and secure session key establishment using Elliptic curve cryptography (ECC) and lightweight operations. The protocol is evaluated using Burrows-Abadi-Needham (BAN) logic, Scyther verification tool, and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool, showing its robustness, suitability for IoT devices, and efficiency compared to other protocols.
COMPUTERS & ELECTRICAL ENGINEERING
(2023)
Article
Mathematics
Fairuz Shohaimay, Eddie Shahril Ismail
Summary: This research proposes an improved ECC-based authentication scheme with a session key agreement. It solves the infeasible computations and provides a mechanism for the password change/update phase. The proposed scheme achieves mutual authentication and resists privileged insider attacks, suggesting potential applicability of the three hard problems in designing identification and authentication schemes in distributed computer networks.
Article
Computer Science, Information Systems
Chien-Lung Hsu, Anh-Tuan Nguyen, Guan-Lin Cheng
Summary: The emergence of 6G technology will revolutionize wireless communication by providing faster data transfer rates and lower latency. This technology presents a promising solution for the challenges faced by Wireless Body Area Networks (WBANs) in terms of efficient data bandwidth and edge computing. However, security and safety concerns from cybersecurity threats remain a potential challenge for 6G-based WBAN healthcare systems.
Article
Engineering, Multidisciplinary
Bimal Kumar Meher, Ruhul Amin, Ashok Kumar Das, Muhammad Khurram Khan
Summary: Elliptic Curve Cryptography (ECC)-based authentication schemes have emerged as a safe and efficient option for RFID environments. However, limited resources in passive tags make practical implementation difficult. This study presents a key-less scheme based on the Elliptic Curve Discrete Logarithm Problem (ECDLP), enabling efficient authentication in Warehouse Management Systems (WMS) while reducing memory usage and computation costs.
IEEE TRANSACTIONS ON NETWORK SCIENCE AND ENGINEERING
(2022)
Article
Engineering, Electrical & Electronic
Yangfan Liang, Entao Luo, Yining Liu
Summary: In order to prevent physically extracting secrets from device storage, Physical Unclonable Function (PUF) is utilized in various authentication schemes. However, these schemes are not suitable for VANETs due to the high mobility of vehicles and the impracticality of frequent interaction with Trusted Authorities (TAs). Therefore, we propose a physically secure and conditional-privacy authenticated key agreement scheme for VANETs, which utilizes PUF to prevent physical extraction of secrets and provides conditional privacy through a pseudonym mechanism. Formal and informal security analysis demonstrate that the proposed scheme achieves the expected goals and is secure against several known attacks in VANETs. Furthermore, compared to existing studies, the proposed scheme has advantages in terms of computation burden and communication burden.
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY
(2023)
Article
Computer Science, Hardware & Architecture
Fares Mezrag, Salim Bitam, Abdelhamid Mellouk
Summary: This paper proposes a new identity-based authentication and key agreement scheme called IBAKAS for Clustered Wireless Sensor Networks (CWSNs). It combines Elliptic Curve Cryptography (ECC) and Identity-Based Cryptography (IBC) to provide mutual authentication and establish secret session keys over insecure channels. IBAKAS achieves desirable security properties of key agreement, prevents specific cyber-attacks on CWSN, and reduces computational and communication overheads, as well as energy consumption of the sensor node.
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS
(2022)
Article
Computer Science, Software Engineering
Seshu Babu Pulagara, P. J. A. Alphonse
Summary: Smart cities focus on providing necessary services to citizens, while smart vehicles form a network called VANET for data exchange and decision-making. The proposed privacy preserving scheme using elliptic curve cryptography is intelligent, efficient, and easily deployable.
CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE
(2021)
Article
Computer Science, Theory & Methods
Qing Yang, Xiaoqian Zhu, Xiaoliang Wang, Junjie Fu, Jing Zheng, Yuzhen Liu
Summary: This paper proposes a mutual anonymous authentication and key agreement scheme based on an elliptic curve for the vehicular ad-hoc networks to enable vehicles to quickly join the network. The scheme divides identity authentication into initial authentication and subsequent authentication, and ensures the confidentiality of communication data using lightweight operations and the elliptic curve discrete logarithm problem. The security of the scheme is also analyzed and verified, and performance analysis demonstrates its superiority.
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE
(2023)
Article
Computer Science, Hardware & Architecture
Xiaofeng Lu, Fan Yang, Luwen Zou, Pietro Lio, Pan Hui
Summary: This paper analyzes the security vulnerabilities of the LTE authentication and key agreement process (EPS-AKA) and proposes an ECC self-certified authentication key agreement scheme (ESC-AKA) based on elliptic curve cryptography (ECC) self-certified public keys. The scheme includes the addition of a trusted center (TC) and three communication protocols. A strand space model is used for formal analysis, and performance and security analyses are conducted. The results show that this scheme can effectively address the security vulnerabilities of the original EPS-AKA scheme and protect the communication security of the LTE network.
IEEE-ACM TRANSACTIONS ON NETWORKING
(2023)
Article
Engineering, Electrical & Electronic
Shehzad Ashraf Chaudhry
Summary: The paper identifies flaws in the PALK authentication scheme proposed by Khan et al., specifically pointing out errors in the login and authentication phases due to superficial ECC operations and issues with the use of public keys in the presence of multiple communicating devices. A solution iPALK is proposed by the authors, which is proven to be secure and correct using formal BAN logic and ProVerif automated tool, with performance comparisons showing iPALK to be more efficient in computation and communication costs compared to PALK.
INTERNATIONAL JOURNAL OF ELECTRICAL POWER & ENERGY SYSTEMS
(2021)
Article
Computer Science, Information Systems
Uddalak Chatterjee, Sangram Ray, Sharmistha Adhikari, Muhammad Khurram Khan, Mou Dasgupta
Summary: Wireless sensor networks are used to sense data/information and transmit it to a base station for processing, but the limited computation ability and power capacity of sensor nodes pose a challenge for remote user authentication.
COMPUTER COMMUNICATIONS
(2023)
Article
Computer Science, Information Systems
Ashish Tomar, Sachin Tripathi
Summary: Research on integrating fog computing with blockchain to address latency, single point of failure, and centralization has been expanding, with limited focus on authentication and key establishment for blockchain-based smart grid under fog environment. This paper introduces a mutual authentication and key agreement scheme for blockchain-based smart grid environment, reducing dependency on single trusted authorities and establishing secure shared keys among smart meter, fog node, and cloud server for message confidentiality. Evaluations using hyperledger fabric and cryptographic libraries show the proposed scheme to be efficient in computational and communication costs, meeting predefined security goals.
CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS
(2022)
Article
Computer Science, Information Systems
Kashan Ahmed, Syed Khaldoon Khurshid, Sadaf Hina
Summary: This paper mainly introduces the construction of the cyber threat intelligence knowledge graph and the information extraction technique. By using joint extraction technique, it solves the problem of traditional techniques becoming ineffective due to the increasing size of CTI data. Experimental results show that this technique outperforms state-of-the-art models in knowledge triple extraction on CTI data and improves the F1 score.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Xinlong He, Yang Xu, Sicong Zhang, Weida Xu, Jiale Yan
Summary: This paper proposes a new membership inference attack method in federated learning, which utilizes data poisoning and sequence prediction confidence. The attack is effective and results in minimal overall model performance degradation.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Tieming Chen, Huan Zeng, Mingqi Lv, Tiantian Zhu
Summary: In this paper, the authors propose a deep learning based dynamic malware detection method called CTIMD, which integrates threat knowledge from CTIs into the learning process of API call sequences with runtime parameters. Experimental results show that CTIMD outperforms existing methods in terms of performance.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Wonwoo Choi, Minjae Seo, Seongman Lee, Brent Byunghoon Kang
Summary: This paper proposes SUM, a backward-edge control flow protection scheme for ARM Cortex-M processors. It combines MPU and the overlooked hardware feature FaultMask to achieve efficient and robust protection. The empirical evaluation shows minimal runtime overhead for the proposed solution.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Liliana Ribeiro, Ines Sousa Guedes, Carla Sofia Cardoso
Summary: Phishing susceptibility is influenced by individual and contextual factors. The study found that individuals who perceive themselves as capable of detecting phishing and those who use online services more frequently are more susceptible to phishing. However, technology competencies and other individual variables do not predict phishing susceptibility.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Wenjie Wang, Yuanhai Shao, Yiju Wang
Summary: In this paper, we investigate the adversarial perturbations of twin support vector machines (TWSVMs) and propose an optimization framework, which provides explicit solutions to increase the interpretability of the conclusion and convenience for calculation.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Snofy D. Dunston, V. Mary Anita Rajam
Summary: This paper proposes a novel adversarial attack technique that can synthesize adversarial images to mislead deep learning models, and also studies interpretability plots. The research findings show that the proposed attack technique influences the interpretability plots, regardless of the success of the attack.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Junchen Li, Guang Cheng, Zongyao Chen, Peng Zhao
Summary: Protocol Reverse Engineering (PRE) is a direct approach for analyzing unknown traffic. This paper proposes a method for clustering unknown traffic based on private protocol labels, and the experimental results demonstrate its advantages on real-world network traffic.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Rafal Kozik, Massimo Ficco, Aleksandra Pawlicka, Marek Pawlicki, Francesco Palmieri, Michal Choras
Summary: The inclusion of Explainability of Artificial Intelligence (xAI) has become a mandatory requirement for designing and implementing reliable, interpretable, and ethical AI solutions. However, it has been shown that xAI can enable successful adversarial attacks in the domain of fake news detection, leading to a decrease in AI security. This paper presents an attack scheme that uses an explainable solution to reshape the structure of the original message, allowing the adversary to manipulate the model's prediction while keeping the message's meaning intact.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Benyuan Yang, Lili Luo, Zhimeng Wang
Summary: Interoperation is widely used in practical industrial applications, but merging local access control policies may lead to security violations. Dealing with these issues in a multidomain environment is critical, but finding the maximum secure interoperation among individual systems poses a challenge due to the large number of entities and access involved.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Binghui Zou, Chunjie Cao, Longjuan Wang, Sizheng Fu, Tonghua Qiao, Jingzhang Sun
Summary: The ongoing struggle between security researchers and malware has led to the exploration of using convolutional neural networks and capsule networks for classification and identification of malware. However, training these networks requires a significant amount of data and parameters, and the research on capsule networks is still in its early stages, posing challenges.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Hongsong Chen, Xingyu Li, Wenmao Liu
Summary: Multivariate time-series anomaly detection is crucial for maintaining normal operation of physical equipment. Recent advances have been made in this field, but two challenges have limited the model's ability to generalize. To address these challenges, a multivariate time-series anomaly detection model consisting of a characterization network and a forecasting network is proposed. Experimental results demonstrate that this method outperforms baseline methods in terms of detection performance and robustness.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Roberto Doriguzzi-Corin, Domenico Siracusa
Summary: This paper discusses the application of federated learning in the field of cybersecurity and proposes an adaptive mechanism-based federated learning solution for DDoS attack detection in dynamic cybersecurity scenarios. Through experiments, it is demonstrated that the proposed solution outperforms state-of-the-art federated learning algorithms in terms of convergence time and accuracy.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Antonio Giovanni Schiavone
Summary: The usage of HTTPS protocol is crucial for secure communication with websites, ensuring the confidentiality, integrity, and authenticity of online data transmissions. The Municipality2HTTPS research project analyzed the implementation of HTTPS in Italian municipalities' websites and identified areas for improvement.
COMPUTERS & SECURITY
(2024)
Article
Computer Science, Information Systems
Domna Bilika, Nikoletta Michopoulou, Efthimios Alepis, Constantinos Patsakis
Summary: Voice Assistants (VAs) are widely used in smart devices, but are vulnerable to attacks, as shown by experiments with popular VAs revealing successful attack rates exceeding 30% and statistical variations among vendors, calling for additional countermeasures to protect user information.
COMPUTERS & SECURITY
(2024)