International Science Index
Design of an Ensemble Learning Behavior Anomaly Detection Framework
Data assets protection is a crucial issue in the
cybersecurity field. Companies use logical access control tools to
vault their information assets and protect them against external
threats, but they lack solutions to counter insider threats. Nowadays,
insider threats are the most significant concern of security analysts.
They are mainly individuals with legitimate access to companies
information systems, which use their rights with malicious intents.
In several fields, behavior anomaly detection is the method used by
cyber specialists to counter the threats of user malicious activities
effectively. In this paper, we present the step toward the construction
of a user and entity behavior analysis framework by proposing a
behavior anomaly detection model. This model combines machine
learning classification techniques and graph-based methods, relying
on linear algebra and parallel computing techniques. We show the
utility of an ensemble learning approach in this context. We present
some detection methods tests results on an representative access
control dataset. The use of some explored classifiers gives results
up to 99% of accuracy.
Internet of Health Things as a Win-Win Solution for Mitigating the Paradigm Shift inside Senior Patient-Physician Shared Health Management
Internet of Health Things (IoHT) has already proved to be a persuasive means to support a proper assessment of the living conditions by collecting a huge variety of data. For a customized health management of a senior patient, IoHT provides the capacity to build a dynamic solution for sustaining the shift inside the patient-physician relationship by allowing a real-time and continuous remote monitoring of the health status, well-being, safety and activities of the senior, especially in a non-clinical environment. Thus, is created a win-win solution in which both the patient and the physician enhance their involvement and shared decision-making, with significant outcomes. Health monitoring systems in smart environments are becoming a viable alternative to traditional healthcare solutions. The ongoing “Non-invasive monitoring and health assessment of the elderly in a smart environment (RO-SmartAgeing)” project aims to demonstrate that the existence of complete and accurate information is critical for assessing the health condition of the seniors, improving wellbeing and quality of life in relation to health. The researches performed inside the project aim to highlight how the management of IoHT devices connected to the RO-SmartAgeing platform in a secure way by using a role-based access control system, can allow the physicians to provide health services at a high level of efficiency and accessibility, which were previously only available in hospitals. The project aims to identify deficient aspects in the provision of health services tailored to a senior patient’s specificity and to offer a more comprehensive perspective of proactive and preventive medical acts.
A Combined Cipher Text Policy Attribute-Based Encryption and Timed-Release Encryption Method for Securing Medical Data in Cloud
The biggest problem in cloud is securing an outsourcing data. A cloud environment cannot be considered to be trusted. It becomes more challenging when outsourced data sources are managed by multiple outsourcers with different access rights. Several methods have been proposed to protect data confidentiality against the cloud service provider to support fine-grained data access control. We propose a method with combined Cipher Text Policy Attribute-based Encryption (CP-ABE) and Timed-release encryption (TRE) secure method to control medical data storage in public cloud.
A Survey on MAC Protocols for Vehicular Ad-Hoc Networks
Vehicular Ad-hoc Network (VANET) is an emerging and very promising technology that has great demand on the access capability of the existing wireless technology. VANETs help improve trafﬁc safety and efficiency. Each vehicle can exchange their information to inform the other vehicles about the current status of the traffic ﬂow or a dangerous situation such as an accident. To achieve these, a reliable and efficient Medium Access Control (MAC) protocol with minimal transmission collisions is required. High speed nodes, absence of infrastructure, variations in topology and their QoS requirements makes it difficult for designing a MAC protocol in vehicular networks. There are several MAC protocols proposed for VANETs to ensure that all the vehicles could send safety messages without collisions by reducing the end-to-end delay and packet loss ratio. This paper gives an overview of the several proposed MAC protocols for VANETs along with their benefits and limitations and presents an overall classification based on their characteristics.
A Biometric Template Security Approach to Fingerprints Based on Polynomial Transformations
The use of biometric identifiers in the field of
information security, access control to resources, authentication in
ATMs and banking among others, are of great concern because of
the safety of biometric data. In the general architecture of a biometric
system have been detected eight vulnerabilities, six of them allow
obtaining minutiae template in plain text. The main consequence
of obtaining minutia templates is the loss of biometric identifier
for life. To mitigate these vulnerabilities several models to protect
minutiae templates have been proposed. Several vulnerabilities in the
cryptographic security of these models allow to obtain biometric data
in plain text. In order to increase the cryptographic security and ease
of reversibility, a minutiae templates protection model is proposed.
The model aims to make the cryptographic protection and facilitate
the reversibility of data using two levels of security. The first level
of security is the data transformation level. In this level generates
invariant data to rotation and translation, further transformation is
irreversible. The second level of security is the evaluation level,
where the encryption key is generated and data is evaluated using a
defined evaluation function. The model is aimed at mitigating known
vulnerabilities of the proposed models, basing its security on the
impossibility of the polynomial reconstruction.
The Security Trade-Offs in Resource Constrained Nodes for IoT Application
The concept of the Internet of Things (IoT) has
received much attention over the last five years. It is predicted
that the IoT will influence every aspect of our lifestyles in the
near future. Wireless Sensor Networks are one of the key enablers
of the operation of IoTs, allowing data to be collected from the
surrounding environment. However, due to limited resources, nature
of deployment and unattended operation, a WSN is vulnerable to
various types of attack. Security is paramount for reliable and safe
communication between IoT embedded devices, but it does, however,
come at a cost to resources. Nodes are usually equipped with small
batteries, which makes energy conservation crucial to IoT devices.
Nevertheless, security cost in terms of energy consumption has
not been studied sufficiently. Previous research has used a security
specification of 802.15.4 for IoT applications, but the energy cost
of each security level and the impact on quality of services (QoS)
parameters remain unknown. This research focuses on the cost of
security at the IoT media access control (MAC) layer. It begins
by studying the energy consumption of IEEE 802.15.4 security
levels, which is followed by an evaluation for the impact of security
on data latency and throughput, and then presents the impact of
transmission power on security overhead, and finally shows the effects
of security on memory footprint. The results show that security
overhead in terms of energy consumption with a payload of 24 bytes
fluctuates between 31.5% at minimum level over non-secure packets
and 60.4% at the top security level of 802.15.4 security specification.
Also, it shows that security cost has less impact at longer packet
lengths, and more with smaller packet size. In addition, the results
depicts a significant impact on data latency and throughput. Overall,
maximum authentication length decreases throughput by almost 53%,
and encryption and authentication together by almost 62%.
Design and Implementation of Medium Access Control Based Routing on Real Wireless Sensor Networks Testbed
IEEE 802.15.4 is a Low Rate Wireless Personal Area Networks (LR-WPAN) standard combined with ZigBee, which is going to enable new applications in Wireless Sensor Networks (WSNs) and Internet of Things (IoT) domain. In recent years, it has become a popular standard for WSNs. Wireless communication among sensor motes, enabled by IEEE 802.15.4 standard, is extensively replacing the existing wired technology in a wide range of monitoring and control applications. Researchers have proposed a routing framework and mechanism that interacts with the IEEE 802.15.4 standard using software platform. In this paper, we have designed and implemented MAC based routing (MBR) based on IEEE 802.15.4 standard using a hardware platform “SENSEnuts”. The experimental results include data through light and temperature sensors obtained from communication between PAN coordinator and source node through coordinator, MAC address of some modules used in the experimental setup, topology of the network created for simulation and the remaining battery power of the source node. Our experimental effort on a WSN Testbed has helped us in bridging the gap between theoretical and practical aspect of implementing IEEE 802.15.4 for WSNs applications.
An Attribute Based Access Control Model with POL Module for Dynamically Granting and Revoking Authorizations
Currently, resource sharing and system security are
critical issues. This paper proposes a POL module composed of
PRIV ILEGE attribute (PA), obligation and log which improves
attribute based access control (ABAC) model in dynamically granting
authorizations and revoking authorizations. The following describes
the new model termed PABAC in terms of the POL module
structure, attribute definitions, policy formulation and authorization
architecture, which demonstrate the advantages of it. The POL
module addresses the problems which are not predicted before and
not described by access control policy. It can be one of the subject
attributes or resource attributes according to the practical application,
which enhances the flexibility of the model compared with ABAC.
A scenario that illustrates how this model is applied to the real world
BTG-BIBA: A Flexibility-Enhanced Biba Model Using BTG Strategies for Operating System
Biba model can protect information integrity but might
deny various non-malicious access requests of the subjects, thereby
decreasing the availability in the system. Therefore, a mechanism that
allows exceptional access control is needed. Break the Glass (BTG)
strategies refer an efficient means for extending the access rights of
users in exceptional cases. These strategies help to prevent a system
from stagnation. An approach is presented in this work for integrating
Break the Glass strategies into the Biba model. This research proposes
a model, BTG-Biba, which provides both an original Biba model used
in normal situations and a mechanism used in emergency situations.
The proposed model is context aware, can implement a fine-grained
type of access control and primarily solves cross-domain access
problems. Finally, the flexibility and availability improvement with
the use of the proposed model is illustrated.
C-LNRD: A Cross-Layered Neighbor Route Discovery for Effective Packet Communication in Wireless Sensor Network
One of the problems to be addressed in wireless sensor networks is the issues related to cross layer communication. Cross layer architecture shares the information across the layer, ensuring Quality of Services (QoS). With this shared information, MAC protocol adapts effective functionality maintenance such as route selection on changeable sensor network environment. However, time slot assignment and neighbour route selection time duration for cross layer have not been carried out. The time varying physical layer communication over cross layer causes high traffic load in the sensor network. Though, the traffic load was reduced using cross layer optimization procedure, the computational cost is high. To improve communication efficacy in the sensor network, a self-determined time slot based Cross-Layered Neighbour Route Discovery (C-LNRD) method is presented in this paper. In the presented work, the initial process is to discover the route in the sensor network using Dynamic Source Routing based Medium Access Control (MAC) sub layers. This process considers MAC layer operation with dynamic route neighbour table discovery. Then, the discovered route path for packet communication employs Broad Route Distributed Time Slot Assignment method on Cross-Layered Sensor Network system. Broad Route means time slotting on varying length of the route paths. During packet communication in this sensor network, transmission of packets is adjusted over the different time with varying ranges for controlling the traffic rate. Finally, Rayleigh fading model is developed in C-LNRD to identify the performance of the sensor network communication structure. The main task of Rayleigh Fading is to measure the power level of each communication under MAC sub layer. The minimized power level helps to easily reduce the computational cost of packet communication in the sensor network. Experiments are conducted on factors such as power factor, on packet communication, neighbour route discovery time, and information (i.e., packet) propagation speed.
Towards a Secure Storage in Cloud Computing
Cloud computing has emerged as a flexible computing paradigm that reshaped the Information Technology map. However, cloud computing brought about a number of security challenges as a result of the physical distribution of computational resources and the limited control that users have over the physical storage. This situation raises many security challenges for data integrity and confidentiality as well as authentication and access control. This work proposes a security mechanism for data integrity that allows a data owner to be aware of any modification that takes place to his data. The data integrity mechanism is integrated with an extended Kerberos authentication that ensures authorized access control. The proposed mechanism protects data confidentiality even if data are stored on an untrusted storage. The proposed mechanism has been evaluated against different types of attacks and proved its efficiency to protect cloud data storage from different malicious attacks.
Development of a Secured Telemedical System Using Biometric Feature
Access to advanced medical services has been one of the medical challenges faced by our present society especially in distant geographical locations which may be inaccessible. Then the need for telemedicine arises through which live videos of a doctor can be streamed to a patient located anywhere in the world at any time. Patients’ medical records contain very sensitive information which should not be made accessible to unauthorized people in order to protect privacy, integrity and confidentiality. This research work focuses on a more robust security measure which is biometric (fingerprint) as a form of access control to data of patients by the medical specialist/practitioner.
Dynamic Bandwidth Allocation in Fiber-Wireless (FiWi) Networks
Fiber-Wireless (FiWi) networks are a promising candidate for future broadband access networks. These networks combine the optical network as the back end where different passive optical network (PON) technologies are realized and the wireless network as the front end where different wireless technologies are adopted, e.g. LTE, WiMAX, Wi-Fi, and Wireless Mesh Networks (WMNs). The convergence of both optical and wireless technologies requires designing architectures with robust efficient and effective bandwidth allocation schemes. Different bandwidth allocation algorithms have been proposed in FiWi networks aiming to enhance the different segments of FiWi networks including wireless and optical subnetworks. In this survey, we focus on the differentiating between the different bandwidth allocation algorithms according to their enhancement segment of FiWi networks. We classify these techniques into wireless, optical and Hybrid bandwidth allocation techniques.
Threshold Based Region Incrementing Secret Sharing Scheme for Color Images
In this era of online communication, which transacts data in 0s and 1s, confidentiality is a priced commodity. Ensuring safe transmission of encrypted data and their uncorrupted recovery is a matter of prime concern. Among the several techniques for secure sharing of images, this paper proposes a k out of n region incrementing image sharing scheme for color images. The highlight of this scheme is the use of simple Boolean and arithmetic operations for generating shares and the Lagrange interpolation polynomial for authenticating shares. Additionally, this scheme addresses problems faced by existing algorithms such as color reversal and pixel expansion. This paper regenerates the original secret image whereas the existing systems regenerates only the half toned secret image.
Design and Implementation of a Memory Safety Isolation Method Based on the Xen Cloud Environment
In view of the present cloud security problem has increasingly become one of the major obstacles hindering the development of the cloud computing, put forward a kind of memory based on Xen cloud environment security isolation technology implementation. And based on Xen virtual machine monitor system, analysis of the model of memory virtualization is implemented, using Xen memory virtualization system mechanism of super calls and grant table, based on the virtual machine manager internal implementation of access control module (ACM) to design the security isolation system memory. Experiments show that, the system can effectively isolate different customer domain OS between illegal access to memory data.
Temporal Case-Based Reasoning System for Automatic Parking Complex
In this paper the problem of the application of
temporal reasoning and case-based reasoning in intelligent decision
support systems is considered. The method of case-based reasoning
with temporal dependences for the solution of problems of real-time
diagnostics and forecasting in intelligent decision support systems is
described. This paper demonstrates how the temporal case-based
reasoning system can be used in intelligent decision support systems
of the car access control. This work was supported by RFBR.
Indian License Plate Detection and Recognition Using Morphological Operation and Template Matching
Automatic License plate recognition (ALPR) is a technology which recognizes the registration plate or number plate or License plate of a vehicle. In this paper, an Indian vehicle number plate is mined and the characters are predicted in efficient manner. ALPR involves four major technique i) Pre-processing ii) License Plate Location Identification iii) Individual Character Segmentation iv) Character Recognition. The opening phase, named pre-processing helps to remove noises and enhances the quality of the image using the conception of Morphological Operation and Image subtraction. The second phase, the most puzzling stage ascertain the location of license plate using the protocol Canny Edge detection, dilation and erosion. In the third phase, each characters characterized by Connected Component Approach (CCA) and in the ending phase, each segmented characters are conceptualized using cross correlation template matching- a scheme specifically appropriate for fixed format. Major application of ALPR is Tolling collection, Border Control, Parking, Stolen cars, Enforcement, Access Control, Traffic control. The database consists of 500 car images taken under dissimilar lighting condition is used. The efficiency of the system is 97%. Our future focus is Indian Vehicle License Plate Validation (Whether License plate of a vehicle is as per Road transport and highway standard).
Performance Evaluation of XMAC and BMAC Routing Protocol under Static and Mobility Scenarios in Wireless Sensor Network
Based on application requirements, nodes are static or
mobile in Wireless Sensor Networks (WSNs). Mobility poses
challenges in protocol design, especially at the link layer requiring
mobility adaptation algorithms to localize mobile nodes and predict
link quality to be established with them. This study implements
XMAC and Berkeley Media Access Control (BMAC) routing
protocols to evaluate performance under WSN’s static and mobility
conditions. This paper gives a comparative study of mobility-aware
MAC protocols. Routing protocol performance, based on Average
End to End Delay, Average Packet Delivery Ratio, Average Number
of hops, and Jitter is evaluated.
An Optimized Virtual Scheme for Reducing Collisions in MAC Layer
The main function of Medium Access Control (MAC) is to share the channel efficiently between all nodes. In the real-time scenario, there will be certain amount of wastage in bandwidth due to back-off periods. More bandwidth will be wasted in idle state if the back-off period is very high and collision may occur if the back-off period is small. So, an optimization is needed for this problem. The main objective of the work is to reduce delay due to back-off period thereby reducing collision and increasing throughput. Here a method, called the virtual back-off algorithm (VBA) is used to optimize the back-off period and thereby it increases throughput and reduces collisions. The main idea is to optimize the number of transmission for every node. A counter is introduced at each node to implement this idea. Here counter value represents the sequence number. VBA is classified into two types VBA with counter sharing (VBA-CS) and VBA with no counter sharing (VBA-NCS). These two classifications of VBA are compared for various parameters. Simulation is done in NS-2 environment. The results obtained are found to be promising.
Enhancing Security in Resource Sharing Using Key Holding Mechanism
This paper describes a logical method to enhance
security on the grid computing to restrict the misuse of the grid
resources. This method is an economic and efficient one to avoid the
usage of the special devices. The security issues, techniques and
solutions needed to provide a secure grid computing environment are
described. A well defined process for security management among
the resource accesses and key holding algorithm is also proposed. In
this method, the identity management, access control and
authorization and authentication are effectively handled.
Research and Development of Net-Centric Information Sharing Platform
Compared with traditional distributed environment, the
net-centric environment brings on more demanding challenges for
information sharing with the characteristics of ultra-large scale and
strong distribution, dynamic, autonomy, heterogeneity, redundancy.
This paper realizes an information sharing model and a series of core
services, through which provides an open, flexible and scalable
information sharing platform.
Enhance Security in XML Databases: XLog File for Severity-Aware Trust-Based Access Control
The topic of enhancing security in XML databases is important as it includes protecting sensitive data and providing a secure environment to users. In order to improve security and provide dynamic access control for XML databases, we presented XLog file to calculate user trust values by recording users’ bad transaction, errors and query severities. Severity-aware trust-based access control for XML databases manages the access policy depending on users' trust values and prevents unauthorized processes, malicious transactions and insider threats. Privileges are automatically modified and adjusted over time depending on user behaviour and query severity. Logging in database is an important process and is used for recovery and security purposes. In this paper, the Xlog file is presented as a dynamic and temporary log file for XML databases to enhance the level of security.
Component Lifecycle and Concurrency Model in Usage Control (UCON) System
Access control is one of the most challenging issues
facing information security. Access control is defined as, the ability to
permit or deny access to a particular computational resource or digital
information by an unauthorized user or subject. The concept of usage
control (UCON) has been introduced as a unified approach to capture a
number of extensions for access control models and systems. In
UCON, an access decision is determined by three factors:
authorizations, obligations and conditions. Attribute mutability and
decision continuity are two distinct characteristics introduced by
UCON for the first time. An observation of UCON components
indicates that, the components are predefined and static. In this paper,
we propose a new and flexible model of usage control for the creation
and elimination of some of these components; for example new
objects, subjects, attributes and integrate these with the original
UCON model. We also propose a model for concurrent usage
scenarios in UCON.
Performance Improvement of MAC Protocols for Broadband Power-Line Access Networks of Developing Countries: A Case of Tanzania
This paper investigates the possibility of improving throughputs of some Media Access Controls protocols such as ALOHA, slotted ALOHA and Carrier Sense Multiple Access with Collision Avoidance with the aim of increasing the performance of Powerline access networks. In this investigation, the real Powerline network topology in Tanzania located in Dar es Salaam City, Kariakoo area was used as a case study. During this investigation, Wireshark Network Protocol Analyzer was used to analyze data traffic of similar existing network for projection purpose and then the data were simulated using MATLAB. This paper proposed and analyzed three improvement techniques based on collision domain, packet length and combination of the two. From the results, it was found that the throughput of Carrier Sense Multiple Access with Collision Avoidance protocol improved noticeably while ALOHA and slotted ALOHA showed insignificant changes especially when the hybrid techniques were employed.
A General Mandatory Access Control Framework in Distributed Environments
In this paper, we propose a general mandatory access framework for distributed systems. The framework can be applied into multiple operating systems and can handle multiple stakeholders. Despite considerable advancements in the area of mandatory access control, a certain approach to enforcing mandatory access control can only be applied in a specific operating system. Other than PC market in which windows captures the overwhelming shares, there are a number of popular operating systems in the emerging smart phone environment, i.e. Android, Windows mobile, Symbian, RIM. It should be noted that more and more stakeholders are involved in smartphone software, such as devices owners, service providers and application providers. Our framework includes three parts—local decision layer, the middle layer and the remote decision layer. The middle layer takes charge of managing security contexts, OS API, operations and policy combination. The design of the remote decision layer doesn’t depend on certain operating systems because of the middle layer’s existence. We implement the framework in windows, linux and other popular embedded systems.
Modeling and Analysis for Effective Capacity of a Cross-Layer Optimized Wireless Networks
New generation mobile communication networks have
the ability of supporting triple play. In order that, Orthogonal
Frequency Division Multiplexing (OFDM) access techniques have
been chosen to enlarge the system ability for high data rates
networks. Many of cross-layer modeling and optimization schemes
for Quality of Service (QoS) and capacity of downlink multiuser
OFDM system were proposed. In this paper, the Maximum Weighted
Capacity (MWC) based resource allocation at the Physical (PHY)
layer is used. This resource allocation scheme provides a much better
QoS than the previous resource allocation schemes, while
maintaining the highest or nearly highest capacity and costing similar
complexity. In addition, the Delay Satisfaction (DS) scheduling at the
Medium Access Control (MAC) layer, which allows more than one
connection to be served in each slot is used. This scheduling
technique is more efficient than conventional scheduling to
investigate both of the number of users as well as the number of
subcarriers against system capacity. The system will be optimized for
different operational environments: the outdoor deployment scenarios
as well as the indoor deployment scenarios are investigated and also
for different channel models. In addition, effective capacity approach
 is used not only for providing QoS for different mobile users, but
also to increase the total wireless network's throughput.
Enhanced Data Access Control of Cooperative Environment used for DMU Based Design
Through the analysis of the process digital design
based on digital mockup, the fact indicates that a distributed
cooperative supporting environment is the foundation conditions to
adopt design approach based on DMU. Data access authorization is
concerned firstly because the value and sensitivity of the data for the
enterprise. The access control for administrators is often rather weak
other than business user. So authors established an enhanced system to
avoid the administrators accessing the engineering data by potential
approach and without authorization. Thus the data security is
A Survey of Access Control Schemes in Wireless Sensor Networks
Access control is a critical security service in Wire- less
Sensor Networks (WSNs). To prevent malicious nodes from joining
the sensor network, access control is required. On one hand, WSN
must be able to authorize and grant users the right to access to the
network. On the other hand, WSN must organize data collected by
sensors in such a way that an unauthorized entity (the adversary)
cannot make arbitrary queries. This restricts the network access only
to eligible users and sensor nodes, while queries from outsiders will
not be answered or forwarded by nodes. In this paper we presentee
different access control schemes so as to ?nd out their objectives,
provision, communication complexity, limits, etc. Using the node
density parameter, we also provide a comparison of these proposed
access control algorithms based on the network topology which can
be flat or hierarchical.
W-CAS: A Central Users Authentication and Authorization System for Enterprise Wide Web Applications
Centrally controlled authentication and authorization services can provide enterprise with an increase in security, more flexible access control solutions and an increased users' trust. By using redirections, users of all Web-based applications within an organization are authenticated at a single well known and secure Web site and using secure communication protocol. Users are first authenticated at the central server using their domain wide credentials before being redirected to a particular Web-based application. The central authentication server will then provide others with pertinence authorization related particulars and credentials of the authenticated user to the specific application. The trust between the clients and the server hosts is established by secure session keys exchange. Case- studies are provided to demonstrate the usefulness and flexibility of the proposed solution.
Secure Resource Selection in Computational Grid Based on Quantitative Execution Trust
Grid computing provides a virtual framework for
controlled sharing of resources across institutional boundaries.
Recently, trust has been recognised as an important factor for
selection of optimal resources in a grid. We introduce a new method
that provides a quantitative trust value, based on the past interactions
and present environment characteristics. This quantitative trust value
is used to select a suitable resource for a job and eliminates run time
failures arising from incompatible user-resource pairs. The proposed
work will act as a tool to calculate the trust values of the various
components of the grid and there by improves the success rate of the
jobs submitted to the resource on the grid. The access to a resource
not only depend on the identity and behaviour of the resource but
also upon its context of transaction, time of transaction, connectivity
bandwidth, availability of the resource and load on the resource. The
quality of the recommender is also evaluated based on the accuracy
of the feedback provided about a resource. The jobs are submitted for
execution to the selected resource after finding the overall trust value
of the resource. The overall trust value is computed with respect to
the subjective and objective parameters.