International Journal of Information Security
Volume:6 Issue: 2, Jul 2014

Traditionally, risk assessment consists of evaluating the probability of «feared events», corresponding to known threats and attacks, as well as these events'' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification of «typical» threats and attack vectors. Also, the dynamic, multi-party nature of cloud-based processes makes severity assessment very dependent on the particular set of stakeholders involved in each process execution. In this paper, we tackle these problems by presenting a novel, process-oriented quantitative risk assessment methodology aimed at disclosure risks on cloud computing platforms. Key advantages of our methodology include (i) a fully quantitative and iterative approach, which enables stakeholders to compare alternative versions of cloud-based processes (e. g., with and without security controls) (ii) non-frequency-based probability estimates, which allow analyzing threats for which a detailed history is not available (iii) support for quick visual comparisons of risk profiles of alternative processes even when impact cannot be exactly quantified.

Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the inverse of the permutation in the decryption function, which causes the resource efficiency. Artemia permutations have an efficient and a simple structure and are provably secure against the differential and linear cryptanalysis. In the permutations, MDS recursive layers are used that can be easily implemented in both software and hardware.

The wireless communication with delivering variety of services to users is growing rapidly in recent years. The third generation of cellular networks (3G), and local wireless networks (WLAN) are the two widely used technologies in wireless networks. 3G networks have the capability of covering a vast area; while, WLAN networks provide higher transmission rates with less coverage. Since the two networks have complementary properties, some attempts are made for their integration which could lead to an advantageous heterogeneous network. In such a heterogeneous network, provision of services like authentication, billing and quality of service are essential. In this article, a new mutual authentication protocol, namely, Non-Reputation Billing Protocol (NRBP) is proposed based on extensible authentication protocols. This authentication scheme provides a non-repudiation property for the billing problem. The proposed scheme is analyzed based on different security features and computation overhead. In comparison with previous approaches, this protocol contains all the considered security parameters. Moreover, the computation overhead of this protocol is less than other schemes.

Nowadays, information plays an important role in organizations. Sensitive information is often stored in databases. Traditional mechanisms such as encryption, access control, and authentication cannot provide a high level of confidence. Therefore, the existence of Intrusion Detection Systems in databases are necessary. In this paper, we propose an intrusion detection system for detecting attacks in both database transaction level and inter-transaction level (user task level). For this purpose, we propose a detection method at transaction level, which is based on describing the expected transactions within the database applications. Then at inter-transaction level, we propose a detection method that is based on anomaly detection and uses data mining to find dependency and sequence rules. The main advantage of this system, in comparison with the previous database intrusion detection systems, is that it can detect malicious behaviors in both transaction and inter-transaction levels. Also, it gains advantages of a hybrid method, including specification-based detection and anomaly detection, to minimize both false positive and false negative alarms. In order to evaluate the accuracy of the proposed system, some experiments have been done. The experiment results demonstrate that the true positive rate (recall metric) is higher than 80%, and the false positive rate is lower than 10% per different data sets and choosing appropriate ranges for support and confidence thresholds. The experimental evaluation results show high accuracy and effectiveness of the proposed system.

The aim of image steganalysis is to detect the presence of hidden messages in stego images. We propose a blind image steganalysis method in Contourlet domain and then show that the embedding process changes statistics of Contourlet coefficients. The suspicious image is transformed into Contourlet space, and then the statistics of Contourlet subbands coefficients are extracted as features. We use absolute Zernike moments and characteristic function moments of Contourlet subbands coefficients of the image to distinguish between the stego and non-stego images. Absolute Zernike moments are used to examine the randomness in the test image and characteristic function moments of Contourlet coefficients is used to form our feature set that can catch the changes made to the histogram of Contourlet coefficients. These features are fed to a nonlinear SVM classifier with an RBF kernel to distinguish between cover and stego images. We show that the embedding process distorts statistics of Contourlet coefficients, leading to detection of stego images. Experimental results confirm that the proposed features are highly sensitive to the change made by the embedding process. These results also reveal advantage of the proposed method over its counterpart steganalyzers, in cases of five popular JPEG steganography techniques.

Mobile ad-hoc networks (MANETs) have no fixed infrastructure, so all network operations such as routing and packet forwarding are done by the nodes themselves. However, almost all common existing routing protocols basically focus on performance measures regardless of security issues. Since these protocols consider all nodes to be trustworthy, they are prone to serious security threats. Wormhole attack is a kind of such threats against routing processes which is particularly a challenging problem to detect and prevent in MANETs. In this paper, a two-phase detection scheme is proposed to detect and prevent wormhole attacks. First phase checks whether a wormhole tunnel exists on the selected path or not. If there is such a tunnel, the second phase is applied to confirm the existence of the wormhole attack, and locate a malicious node. The proposed detection scheme can appropriately detect all types of this kind of attacks such as in-band and out-of-band ones in different modes such as hidden or exposed, without any need of special hardware or time synchronization. In order to evaluate the performance of the proposed scheme, some various scenarios are simulated in the NS-2 simulator, and different measures are assessed. The results obtained from simulating the proposed scheme and other benchmarks indicate that in most criteria considered in this paper, the proposed scheme outperforms the proposed methods in prior works.