scholarly journals Automatic Security Assessment for Next Generation Wireless Mobile Networks

2011 ◽  
Vol 7 (3) ◽  
pp. 217-239 ◽  
Author(s):  
Francesco Palmieri ◽  
Ugo Fiore ◽  
Aniello Castiglione
Keyword(s):  
Mobile Networks ◽  
Security Analysis ◽  
Mobile Node ◽  
Malicious Code ◽  
Third Party ◽  
Security Assessment ◽  
Security Risk ◽  
Concept Model ◽  
Reliable Knowledge ◽  
Automated Support

Wireless networks are more and more popular in our life, but their increasing pervasiveness and widespread coverage raises serious security concerns. Mobile client devices potentially migrate, usually passing through very light access control policies, between numerous and heterogeneous wireless environments, bringing with them software vulnerabilities as well as possibly malicious code. To cope with these new security threats the paper proposes a new active third party authentication, authorization and security assessment strategy in which, once a device enters a new Wi-Fi environment, it is subjected to analysis by the infrastructure, and if it is found to be dangerously insecure, it is immediately taken out from the network and denied further access until its vulnerabilities have been fixed. The security assessment module, that is the fundamental component of the aforementioned strategy, takes advantage from a reliable knowledge base containing semantically-rich information about the mobile node under examination, dynamically provided by network mapping and configuration assessment facilities. It implements a fully automatic security analysis framework, based on AHP, which has been conceived to be flexible and customizable, to provide automated support for real-time execution of complex security/risk evaluation tasks which depends on the results obtained from different kind of analysis tools and methodologies. Encouraging results have been achieved utilizing a proof-of-concept model based on current technology and standard open-source networking tools.

scholarly journals DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽  
2021 ◽  
Vol 1 (2) ◽  
pp. 75-94
Author(s):  
Ed Kamya Kiyemba Edris ◽  
Mahdi Aiash ◽  
Jonathan Loo
Keyword(s):  
Mobile Networks ◽  
Service Providers ◽  
Security Analysis ◽  
Mobile Network ◽  
End Users ◽  
Third Party ◽  
Control Mechanisms ◽  
Security Measures ◽  
Data Caching ◽  
Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

Research on Intrusion Detection Method Based on Neural Network

2011 ◽  
Vol 403-408 ◽  
pp. 1483-1486
Author(s):  
Chi Xu ◽  
Wen Fang Zhang
Keyword(s):  
Risk Assessment ◽  
Network Security ◽  
Security Analysis ◽  
Assessment Model ◽  
Security Assessment ◽  
Security Risk ◽  
Analysis Model ◽  
Model Based ◽  
Security Risk Assessment ◽  
Meaningful Definition

The research of this dissertation focuses on the quantitative methodologies of the network security assessment. So the dissertation gives the term “Model-based network security risk assessment” a more meaningful definition. The methodology called a model-based will use one network security analysis model to design the scenarios of threatens according to the Patterns behaviors of vulnerabilities and threatens in the network. And then the risk assessment will be done under those scenarios. Following this new definition. The dissertation Proposes a Component-centric Access Graph Based Network Security Risk Assessment Model (Oc-AGNSRAM).

scholarly journals A Multi-Tier Security Analysis of Official Car Management Apps for Android

2021 ◽  
Vol 13 (3) ◽  
pp. 58
Author(s):  
Efstratios Chatzoglou ◽  
Georgios Kambourakis ◽  
Vasileios Kouliaridis
Keyword(s):  
Fuel Efficiency ◽  
Security Analysis ◽  
Third Party ◽  
Security Assessment ◽  
Vehicle Owner ◽  
Vehicle Data ◽  
Security Practices ◽  
Single Vehicle ◽  
Software Updates ◽  
Vehicle Management

Using automotive smartphone applications (apps) provided by car manufacturers may offer numerous advantages to the vehicle owner, including improved safety, fuel efficiency, anytime monitoring of vehicle data, and timely over-the-air delivery of software updates. On the other hand, the continuous tracking of the vehicle data by such apps may also pose a risk to the car owner, if, say, sensitive pieces of information are leaked to third parties or the app is vulnerable to attacks. This work contributes the first to our knowledge full-fledged security assessment of all the official single-vehicle management apps offered by major car manufacturers who operate in Europe. The apps are scrutinised statically with the purpose of not only identifying surfeits, say, in terms of the permissions requested, but also from a vulnerability assessment viewpoint. On top of that, we run each app to identify possible weak security practices in the owner-to-app registration process. The results reveal a multitude of issues, ranging from an over-claim of sensitive permissions and the use of possibly privacy-invasive API calls, to numerous potentially exploitable CWE and CVE-identified weaknesses and vulnerabilities, the, in some cases, excessive employment of third-party trackers, and a number of other flaws related to the use of third-party software libraries, unsanitised input, and weak user password policies, to mention just a few.

A Practical Conflicting Role-based Cloud Security Risk Evaluation Method

2019 ◽  
Vol 13 ◽  
Author(s):  
Jin Han ◽  
Jing Zhan ◽  
Xiaoqing Xia ◽  
Xue Fan
Keyword(s):  
Risk Evaluation ◽  
Evaluation Method ◽  
Service Providers ◽  
Risk Preferences ◽  
Cloud Service ◽  
Cloud Security ◽  
Third Party ◽  
Security Evaluation ◽  
Security Risk ◽  
Cloud Users

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

scholarly journals IoT Cloud Security Review

2021 ◽  
Vol 54 (4) ◽  
pp. 1-36
Author(s):  
Fei Chen ◽  
Duming Luo ◽  
Tao Xiang ◽  
Ping Chen ◽  
Junfeng Fan ◽  
...  
Keyword(s):  
Case Studies ◽  
Service Providers ◽  
Risk Mitigation ◽  
Rapid Development ◽  
Security Analysis ◽  
Cloud Security ◽  
Future Research ◽  
Security Risk ◽  
Research Attention ◽  
Cloud Systems

Recent years have seen the rapid development and integration of the Internet of Things (IoT) and cloud computing. The market is providing various consumer-oriented smart IoT devices; the mainstream cloud service providers are building their software stacks to support IoT services. With this emerging trend even growing, the security of such smart IoT cloud systems has drawn much research attention in recent years. To better understand the emerging consumer-oriented smart IoT cloud systems for practical engineers and new researchers, this article presents a review of the most recent research efforts on existing, real, already deployed consumer-oriented IoT cloud applications in the past five years using typical case studies. Specifically, we first present a general model for the IoT cloud ecosystem. Then, using the model, we review and summarize recent, representative research works on emerging smart IoT cloud system security using 10 detailed case studies, with the aim that the case studies together provide insights into the insecurity of current emerging IoT cloud systems. We further present a systematic approach to conduct a security analysis for IoT cloud systems. Based on the proposed security analysis approach, we review and suggest potential security risk mitigation methods to protect IoT cloud systems. We also discuss future research challenges for the IoT cloud security area.

scholarly journals Blockchain as a CA: A Provably Secure Signcryption Scheme Leveraging Blockchains

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Tzung-Her Chen ◽  
Ting-Le Zhu ◽  
Fuh-Gwo Jeng ◽  
Chien-Lung Wang
Keyword(s):  
Security Analysis ◽  
Third Party ◽  
Maintenance Cost ◽  
Communication Overhead ◽  
Operational Cost ◽  
Computational Costs ◽  
The Past ◽  
Certificate Chain ◽  
Signcryption Scheme ◽  
Provably Secure

Although encryption and signatures have been two fundamental technologies for cryptosystems, they still receive considerable attention in academia due to the focus on reducing computational costs and communication overhead. In the past decade, applying certificateless signcryption schemes to solve the higher cost of maintaining the certificate chain issued by a certificate authority (CA) has been studied. With the recent increase in the interest in blockchains, signcryption is being revisited as a new possibility. The concepts of a blockchain as a CA and a transaction as a certificate proposed in this paper aim to use a blockchain without CAs or a trusted third party (TTP). The proposed provably secure signcryption scheme implements a designated recipient beforehand such that a sender can cryptographically facilitate the interoperation on the blockchain information with the designated recipient. Thus, the proposed scheme benefits from the following advantages: (1) it removes the high maintenance cost from involving CAs or a TTP, (2) it seamlessly integrates with blockchains, and (3) it provides confidential transactions. This paper also presents the theoretical security analysis and assesses the performance via the simulation results. Upon evaluating the operational cost in real currency based on Ethereum, the experimental results demonstrate that the proposed scheme only requires a small cost as a fee.

Research and Application of Static Security Check for Monthly Maintenance Schedule

2014 ◽  
Vol 1070-1072 ◽  
pp. 1511-1515
Author(s):  
Chuan Cheng Zhang ◽  
Cui Hui Yan ◽  
Sai Dai ◽  
Dan Xu ◽  
Yi Zhu ◽  
...  
Keyword(s):  
Power Flow ◽  
Security Analysis ◽  
Security Risk ◽  
Evaluation Indexes ◽  
Analysis And Evaluation ◽  
Maintenance Schedule ◽  
Capacity Loss ◽  
Generation Capacity ◽  
Static Security ◽  
State Changes

Monthly maintenance schedule has an important guiding significance to day ahead maintenance arrangement. However, the current management of monthly maintenance schedule is short of quantitative analysis methods. Consequently it can’t effectively take the security risk that may exist under monthly maintenance schedule. This paper presents a static security checking method for monthly maintenance schedule. First, established the monthly power grid network model based on the realtime model and device state changes, including the commissioning and decommissioning devices and maintenance devices. Next, the month-contract energy was decomposed to every day and every hour, then combined with monthly load forecast and maintenance schedule, the power system typical operation modes were generated automatically. Finally, quantitative assessment of monthly maintenance schedule was completed by power flow calculation, security analysis and evaluation indexes, including load supply adequacy and equivalent generation capacity loss. This method is instructive for monthly maintenance arrangement and its feasibility is proved by practical application.

Mobile Commerce Security and Its Prevention

2018 ◽  
pp. 433-449
Author(s):  
Mona Adlakha
Keyword(s):  
Mobile Devices ◽  
Best Practice ◽  
Personal Data ◽  
Mobile Commerce ◽  
Mitigation Strategies ◽  
Risk Prevention ◽  
Third Party ◽  
Security Measures ◽  
Security Risk ◽  
Security Standards

Mobile commerce is the next generation of e-commerce, where payments and financial transactions can be carried out with utmost ease using handheld mobile devices. Mobile devices are at a higher security risk due to the large amount of critical financial and personal data available on it. The cause or consequence of these threats could be - malware and spyware attacks; multiple or incorrect m-Commerce payments; breaches due to unauthorized access or disclosure, unauthenticated transactions and risk due to the use of third party networks. This chapter discusses how to manage security risks in m-commerce by first identifying them and then discussing preventive measures for their mitigation. A continuous approach for risk prevention needs to be followed, reviewing the strategy according to the latest challenges. Various risk prevention and mitigation strategies can be adopted. Service providers must follow physical and digital security measures to protect consumer's business information. Independent auditing should ensure compliance with best practice security standards.

scholarly journals A Risk Analysis Framework for Social Engineering Attack Based on User Profiling

2020 ◽  
Vol 32 (3) ◽  
pp. 37-49
Author(s):  
Ziwei Ye ◽  
Yuanbo Guo ◽  
Ankang Ju ◽  
Fushan Wei ◽  
Ruijie Zhang ◽  
...  
Keyword(s):  
Risk Analysis ◽  
Security Analysis ◽  
Social Engineering ◽  
Cloud Service ◽  
User Profiling ◽  
Assessment Instruments ◽  
Security Assessment ◽  
Analysis Framework ◽  
Protection Mechanism ◽  
The Social

Social engineering attacks are becoming serious threats to cloud service. Social engineering attackers could get Cloud service custom privacy information or attack virtual machine images directly. Existing security analysis instruments are difficult to quantify the social engineering attack risk, resulting in invalid defense guidance for social engineering attacks. In this article, a risk analysis framework for social engineering attack is proposed based on user profiling. The framework provides a pathway to quantitatively calculate the possibility of being compromised by social engineering attack and potential loss, so as to effectively complement current security assessment instruments. The frequency of related operations is used to profile and group users for respective risk calculation, and other features such as security awareness and capability of protection mechanism are also considered. Finally, examples are given to illustrate how to use the framework in actual scenario and apply it to security assessment.

scholarly journals A Situation-Aware Scheme for Efficient Device Authentication in Smart Grid-Enabled Home Area Networks

Electronics ◽  
2020 ◽  
Vol 9 (6) ◽  
pp. 989 ◽  
Author(s):  
Anhao Xiang ◽  
Jun Zheng
Keyword(s):  
Smart Grid ◽  
Smart Grids ◽  
Communication Complexity ◽  
Situational Awareness ◽  
Security Analysis ◽  
Risk Level ◽  
Security Risk ◽  
Risk Levels ◽  
Home Area ◽  
Home Area Networks

Home area networks (HANs) are the most vulnerable part of smart grids since they are not directly controlled by utilities. Device authentication is one of most important mechanisms to protect the security of smart grid-enabled HANs (SG-HANs). In this paper, we propose a situation-aware scheme for efficient device authentication in SG-HANs. The proposed scheme utilizes the security risk information assessed by the smart home system with a situational awareness feature. A suitable authentication protocol with adequate security protection and computational and communication complexity is then selected based on the assessed security risk level. A protocol design of the proposed scheme considering two security risk levels is presented in the paper. The security of the design is verified by using both formal verification and informal security analysis. Our performance analysis demonstrates that the proposed scheme is efficient in terms of computational and communication costs.

Sign in / Sign up

Export Citation Format

Share Document