Search results
1 – 10 of 294Krishna Prakasha, Balachandra Muniyal and Vasundhara Acharya
The purpose of the study is to develop a secure, efficient, and enhanced user authentication mechanism to achieve reliable and authenticated connection. In online transactions…
Abstract
Purpose
The purpose of the study is to develop a secure, efficient, and enhanced user authentication mechanism to achieve reliable and authenticated connection. In online transactions, users and resources are located at different places, and the sensitive information is to be protected and transferred using the suitable, reliable mechanism.
Design/methodology/approach
One of the latest approach to handle the requirement is by a Public Key Infrastructure (PKI) or its variant Wireless Public Key Infrastructure (WPKI). Fundamental management techniques are required to be very secure and vital since they are one of the points of attack in public key cryptosystem. Entity authentication and key agreement (AKA) is a critical cryptographic problem in wireless communication, where a mutual entity authentication plays a vital role in the establishment of the secure and authentic connection. This paper proposes an efficient and enhanced AKA scheme (EAKA) with the end-to-end security and verifies the proposed system for protection using automated validation of internet security protocols and applications. An efficient way for the implementation of an enhanced version of the protocol is proposed using a lattice-based cryptographic algorithm.
Findings
The time consumed for the proposed research work shows that it is practical and acceptable.
Originality/value
The proposed research work is an efficient and enhanced user authentication mechanism.
Details
Keywords
C. Clissman, R. Murray, E. Davidson, J. Hands, O. Sijtsma, A. Noordzij, R. Moulton, S. Shanawa, J. Darzentas and I. Pettman
Provides a brief introduction to the UNIverse Project and its major objectives. Continues and completes the overview of the international standards, softwares and systems which…
Abstract
Provides a brief introduction to the UNIverse Project and its major objectives. Continues and completes the overview of the international standards, softwares and systems which will enable bibliographic searching of multiple distributed library catalogues. Part 3 reviews three further areas: ‐ inter library loans protocols; multimedia document delivery and authentication and directory services.
Details
Keywords
Mazen El-Masri and Eiman Mutwali Abdelmageed Hussain
Blockchain is evolving to become a platform for securing Internet of things (IoT) ecosystems. Still, challenges remain. The purpose of this literature review is to highlight the…
Abstract
Purpose
Blockchain is evolving to become a platform for securing Internet of things (IoT) ecosystems. Still, challenges remain. The purpose of this literature review is to highlight the applicability of blockchain as a medium to secure IoT ecosystems. A two-dimensional framework anchored on (1) IoT layers and (2) security goals is used to organize the existent IoT security threats and their corresponding countermeasures identified in the reviewed literature. The framework helped in mapping the IoT security threats with the inherent features of blockchain and accentuate their prominence to IoT security.
Design/methodology/approach
An approach integrating computerized natural language processing (NLP) with a systematic literature review methodology was adopted. A large corpus of 2,303 titles and abstracts of blockchain articles was programmatically analyzed in order to identify the relevant literature. The identified literature was subjected to a systematic review guided by a well-established method in IS research.
Findings
The literature evidently highlights the prominence of blockchain as a mean to IoT security due to the distinctive features it encompasses. The authors’ investigation revealed that numerous existent threats are better addressed with blockchain than conventional mechanisms. Nevertheless, blockchain consumes resources such as electricity, time, bandwidth and disk space at a rate that is not yet easily accessible to common IoT ecosystems.
Research limitations/implications
Results suggest that a configurational approach that aligns IoT security requirements with the resource requirements of different blockchain features is necessary in order to realize the proper balance between security, efficiency and feasibility.
Practical implications
Practitioners can make use of the classified lists of convention security mechanisms and the IoT threats they address. The framework can help underline the countermeasures that best achieve their security goals. Practitioners can also use the framework to identify the most important features to seek for in a blockchain technology that can help them achieve their security goals.
Originality/value
This study proposes a novel framework that can help classify IoT threats based on the IoT layer impacted and the security goal at risk. Moreover, it applies a combined man-machine approach to systematically analyze the literature.
Details
Keywords
The purpose of this paper is to critically examine the Indian IT Act 2000 and IT (Amendment) Act 2008 in the light of e‐commerce perspective to identify the present status of…
Abstract
Purpose
The purpose of this paper is to critically examine the Indian IT Act 2000 and IT (Amendment) Act 2008 in the light of e‐commerce perspective to identify the present status of e‐commerce laws in India.
Design/methodology/approach
The paper presents a critical reflection on the current e‐commerce laws in India. The paper is based on the Indian IT Act 2000 and IT (Amendment) Act 2008. The paper presents critical content analysis of various provisions of IT Act in e‐commerce prespective. The paper also highlights legal issues arising from e‐commerce.
Findings
There are many important issues which are critical for the success of e‐commerce that have not been covered or properly addressed by IT Act. The paper reveals that the present IT Act is weak on various fronts and in the absence of sound legal framework e‐commerce cannot create a success story in India. Indian Government must appreciate that for safe and secure business environment on cyberspace, a sound legal framework is needed. This paper suggests that there is strong need to introduce separate laws for e‐commerce in India.
Practical implications
The paper identified various loopholes/problems/weakness of existing e‐commerce laws in India. These issues should be addressed by Goverment of India to protect the interests of Indian software industries, BPO sector and other stakeholders.
Originality/value
The issue identified in the paper is somewhat new, timely and interesting, taking into consideration its importance to economic development in emerging economies such as India.
Details
Keywords
Francisco A. Pujol, Higinio Mora, José Luis Sánchez and Antonio Jimeno
Cryptography has become an essential feature for many current technological applications. Cryptographic methods are usually divided into private‐key (or symmetric) and public‐key…
Abstract
Purpose
Cryptography has become an essential feature for many current technological applications. Cryptographic methods are usually divided into private‐key (or symmetric) and public‐key (or asymmetric) algorithms. The purpose of this paper is to propose a client/server architecture to efficiently authenticate users by means of their fingerprint biometric feature. To do this, the personal data of each user are acquired at the client and, afterwards, they are conveniently encrypted using a combination of up‐to‐date symmetric and asymmetric cryptographic algorithms.
Design/methodology/approach
First the main issues related to public‐key and private‐key cryptography, including well‐known algorithms, such as data encryption standard and Rijndael methods are reviewed. After that, a proposal for the implementation of a client/server architecture to authenticate users by means of fingerprint features is proposed.
Findings
The results of the experiments show that such architecture is optimal for being applied in real authentication systems, provides high‐security standards and can be applied to any practical biometric system.
Originality/value
Biometrics has become an attractive alternative to password‐based systems: using a password is insecure, as they can easily be forgotten or stolen. Fingerprints are the most widely used biometric feature. This paper uses recent fingerprint identification algorithms together with the most advanced cryptographic methods recommended nowadays. This way, the system utilizes state‐of‐the‐art techniques that are also introduced in many practical systems; that is the reason why it will be flexible enough to integrate, any forthcoming needs of cryptographic systems.
Details
Keywords
Rhea Gupta, Sara Dharadhar and Prathamesh Churi
Cloud computing is becoming increasingly popular as it facilitates convenient, ubiquitous, on-demand network access to a shared pool of configurable computing resources and…
Abstract
Purpose
Cloud computing is becoming increasingly popular as it facilitates convenient, ubiquitous, on-demand network access to a shared pool of configurable computing resources and applications that can be quickly retrieved and released. Despite its numerous merits, it faces setbacks in data security and privacy. Data encryption is one of the most popular solutions for data security in the cloud. Various encryption algorithms have been implemented to address security concerns. These algorithms have been reviewed along with the Jumbling Salting algorithm and its applications. The framework for using Jumbling Salting to encrypt text files in the cloud environment (CloudJS) has been thoroughly studied and improvised. The purpose of this paper is to implement the CloudJS algorithm, to discuss its performance and compare the obtained results with existing cloud encryption schemes.
Design/methodology/approach
The paper uses six research questions to analyze the performance of CloudJS algorithm in the cloud environment. The research questions are about measuring encryption time and throughput, decryption time and throughput, the ratio of cipher to the plain text of CloudJS algorithm with respect to other Cloud algorithms like AES and DES. For this purpose, the algorithm has been implemented using dockers-containers in the Linux environment.
Findings
It was found that CloudJS performs well in terms of encryption time, decryption time and throughput. It is marginally better than AES and undoubtedly better than DES in these parameters. The performance of the algorithm is not affected by a number of CPU cores, RAM size and Line size of text files. It performs decently well in all scenarios and all resultant values fall in the desired range.
Research limitations/implications
CloudJS can be tested with cloud simulation platforms (CloudSim) and cloud service providers (AWS, Google Cloud). It can also be tested with other file types. In the future, CloudJS algorithm can also be implemented in images and other files.
Originality/value
To the best of the knowledge, this is the first attempt to implement and analysis of a custom encryption algorithm (CloudJS) in the cloud environment using dockers-containers.
Details
Keywords
Anita Philips, Jayakumar Jayaraj, Josh F.T. and Venkateshkumar P.
Digitizing of the electrical power grid promotes the advantages of efficient energy management alongside the possibilities of major vulnerabilities. A typical inadequacy that…
Abstract
Purpose
Digitizing of the electrical power grid promotes the advantages of efficient energy management alongside the possibilities of major vulnerabilities. A typical inadequacy that needs critical attention to ensure the seamless operation of the smart grid system remains in the data transmission between consumer premises smart devices and the utility centres. Many researches aim at establishing security protocols to ensure secure and efficient energy management resulting in perfect demand–supply balance.
Design/methodology/approach
In this paper, the authentication of the smart meter data has been proposed with enhanced Rivest–Shamir–Adleman (RSA) key encryption using an efficient way of generating large prime numbers. The trapdoor one-way function applied in the RSA algorithm makes it almost impossible for the reverse engineering attempts of cracking the key pair.
Findings
The algorithm for generating prime numbers has been tested both with the convention method and with the enhanced method of including a low-level primality test with a first few hundred primes. The combination of low-level and high-level primality tests shows an improvement in execution time of the algorithm.
Originality/value
There is a considerable improvement in the time complexities when using the combination method. This efficient generation of prime numbers can be successfully applied to the smart meter systems, thereby increasing the strength and speed of the key encryption.
Details
Keywords
Vamsi Desam and Pradeep Reddy CH
Several chaotic system-based encryption techniques have been presented in recent years to protect digital images using cryptography. The challenges of key distribution and…
Abstract
Purpose
Several chaotic system-based encryption techniques have been presented in recent years to protect digital images using cryptography. The challenges of key distribution and administration make symmetric encryption difficult. The purpose of this paper is to address these concerns, the novel hybrid partial differential elliptical Rubik’s cube algorithm is developed in this study as an asymmetric image encryption approach. This novel algorithm generates a random weighted matrix, and uses the masking method on image pixels with Rubik’s cube principle. Security analysis has been conducted, it enhances and increases the reliability of the proposed algorithm against a variety of attacks including statistical and differential attacks.
Design/methodology/approach
In this light, a differential elliptical model is designed with two phases for image encryption and decryption. A modified image is achieved by rotating and mixing intensities of rows and columns with a masking matrix derived from the key generation technique using a unique approach based on the elliptic curve and Rubik’s cube principle.
Findings
To evaluate the security level, the proposed algorithm is tested with statistical and differential attacks on a different set of test images with peak signal-to-noise ratio, unified average changed intensity and number of pixel change rate performance metrics. These results proved that the proposed image encryption method is completely reliable and enhances image security during transmission.
Originality/value
The elliptic curve–based encryption is hard to break by hackers and adding a Rubik’s cube principle makes it even more complex and nearly impossible to decode. The proposed method provides reduced key size.
Details
Keywords
Tomasz Müldner, Gregory Leighton and Jan Krzysztof Miziołek
The purpose of this paper is to consider the secure publishing of XML documents, where a single copy of an XML document is disseminated and a stated role‐based access control…
Abstract
Purpose
The purpose of this paper is to consider the secure publishing of XML documents, where a single copy of an XML document is disseminated and a stated role‐based access control policy (RBACP) is enforced via selective encryption. It describes a more efficient solution over previously proposed approaches, in which both policy specification and key generation are performed once, at the schema‐level. In lieu of the commonly used super‐encryption technique, in which nodes residing in the intersection of multiple roles are encrypted with multiple keys, it describes a new approach called multi‐encryption that guarantees each node is encrypted at most once.
Design/methodology/approach
This paper describes two alternative algorithms for key generation and single‐pass algorithms for multi‐encrypting and decrypting a document. The solution typically results in a smaller number of keys being distributed to each user.
Findings
The paper proves the correctness of the presented algorithms, and provides experimental results indicating the superiority of multi‐encryption over super‐encryption, in terms of encryption and decryption time requirements. It also demonstrates the scalability of the approach as the size of the input document and complexity of the schema‐level RBACP are increased.
Research limitations/implications
An extension of this work involves designing and implementing re‐usability of keyrings when a schema or ACP is modified. In addition, more flexible solutions for handling cycles in schema graphs are possible. The current solution encounters difficulty when schema graphs are particularly deep and broad.
Practical implications
The experimental results indicate that the proposed approach is scalable, and is applicable to scenarios in which XML documents conforming to a common schema are to be securely published.
Originality/value
This paper contributes to the efficient implementation of secure XML publication systems.
Details
Keywords
This paper presents a state‐of‐the‐art review of the Web privacy and anonymity enhancing security mechanisms, tools, applications and services, with respect to their architecture…
Abstract
This paper presents a state‐of‐the‐art review of the Web privacy and anonymity enhancing security mechanisms, tools, applications and services, with respect to their architecture, operational principles and vulnerabilities. Furthermore, to facilitate a detailed comparative analysis, the appropriate parameters have been selected and grouped in classes of comparison criteria, in the form of an integrated comparison framework. The main concern during the design of this framework was to cover the confronted security threats, applied technological issues and users' demands satisfaction. GNUnet's Anonymity Protocol (GAP), Freedom, Hordes, Crowds, Onion Routing, Platform for Privacy Preferences (P3P), TRUSTe, Lucent Personalized Web Assistant (LPWA), and Anonymizer have been reviewed and compared. The comparative review has clearly highlighted that the pros and cons of each system do not coincide, mainly due to the fact that each one exhibits different design goals and thus adopts dissimilar techniques for protecting privacy and anonymity.
Details