Osama Ali Awad; Mais Monqith
Abstract
Wireless Networked Control System (WNCS) consists of a control system and communication network system. The insertion of the communication network in control systems has enormous advantages but on the other hand, it brings several issues like network induced delays or packet dropouts that bring negative ...
Read More
Wireless Networked Control System (WNCS) consists of a control system and communication network system. The insertion of the communication network in control systems has enormous advantages but on the other hand, it brings several issues like network induced delays or packet dropouts that bring negative impact on the performance of the system and may lead to instability, the delay caused by wireless network transmission may have bad impacts on the system, so We need to know the behaviour of networked control systems to design better and optimum control that reduces the effect of the delay. In this paper the wireless networked control system is simulated using TrueTime. TrueTime is a Matlab/Simulink-based simulation toolbox which is used to design a wireless network model of ZigBee, using PID control for DC motor system. The evaluation tests show that the PID controller cannot stabilize the system when the data rare of ZigBee network is 20kbps.
Shadab Kalhoro; Farhan Bashir Shaikh; Anam Kalhoro; Junaid Ur Rehman Abbasi; Ramesh Kumar Ayyasamy
Abstract
With the advancement of ICTs, the fifth generation has developed into an emergent communication platform that supports high speed, low latency, and excellent connectivity to numerous devices with modern radio technology, service-oriented design, and cloud infrastructure. The recent developments in the ...
Read More
With the advancement of ICTs, the fifth generation has developed into an emergent communication platform that supports high speed, low latency, and excellent connectivity to numerous devices with modern radio technology, service-oriented design, and cloud infrastructure. The recent developments in the fifth Generation and existing proposed plans are centred on the security model of this study, with authentication, availability, confidentiality, integrity, visibility, and centralized security policy. However, initiating innovative technologies and enhanced aspects in the 5th Generation communication raises new requirements and has given various security challenges. 5G-based applications face security risks because of using modern technology. This paper presents a study of security attacks and the security risks faced by 5G intelligent applications. This research article also investigates the three main 5G usage scenarios (i.e., eMBB, uRLLC, and mMTC). This research recommends the steps to be taken to reduce the security risks of 5G usage scenarios & intelligent applications.
Abdllkader Esaid; Mary Agoyi; Muhannad Tahboush
Abstract
Ad hoc network is infrastructure-less support, so network nodes are vulnerable to many attacks. Security attacks in Ad-Hoc networks are increasing significantly with time. They communicated and exchanged data should be also secured and kept confidential. Therefore, hybrid cryptography is proposed to ...
Read More
Ad hoc network is infrastructure-less support, so network nodes are vulnerable to many attacks. Security attacks in Ad-Hoc networks are increasing significantly with time. They communicated and exchanged data should be also secured and kept confidential. Therefore, hybrid cryptography is proposed to avoid unauthorized access to data. Data will be transmitted in an encrypted state, through Diffie-Hellman and later decrypted by the intended party. If a third party intercepts the encrypted data, it will be difficult to decipher. Ad Hoc on Demand Distance Vector (AODV) routing protocol is employed to determine the destination. The proposed solution is a hybrid mechanism of encryption algorithms. The NS-2.3 simulator was used to evaluate the performance of the proposed security algorithm. Simulation results have shown the performance of the proposed algorithm in the ad-hoc network on several metrics outperformed many developed security algorithm. A hybrid encryption algorithm for mitigating the effects of attacks in ad hoc networks was developed based on ADOV routing protocol. The algorithm manipulated AES and Blowfish encryption algorithms to increase the speed of the algorithm as well as encryption which will lead to preventing access to a packet while transmission in Ado- hoc network
Hadi Aghaee; Bahareh Akhbari
Abstract
In this paper, we want to investigate classical-quantum multiple access wiretap channels (CQ-MA-WTC) under one-shot setting. In this regard, we analyze the CQ-MA-WTC using a simultaneous position-based decoder for reliable decoding and using a newly introduced technique to decode securely. Also, for ...
Read More
In this paper, we want to investigate classical-quantum multiple access wiretap channels (CQ-MA-WTC) under one-shot setting. In this regard, we analyze the CQ-MA-WTC using a simultaneous position-based decoder for reliable decoding and using a newly introduced technique to decode securely. Also, for the sake of comparison, we analyze the CQ-MA-WTC using Sen’s one-shot joint typicality lemma for reliable decoding. The simultaneous position-based decoder tends to a multiple hypothesis testing problem. Also, using convex splitting to analyze the privacy criteria in a simultaneous scenario becomesproblematic. To overcome both problems, we first introduce a new channel that can be considered as a dual to the CQ-MA-WTC. This channel is called a point-to-point quantum wiretap channel with multiple messages (PP-QWTC). In the following, as a strategy to solve the problem, we also investigate and analyze quantum broadcast channels (QBC) in the one-shot regime.
Afnan Alotaibi; Lujain Alghufaili; Dina M.Ibrahim
Abstract
At the present period of time, web applications are growing constantly in the whole society with the development of communication technology. Since the utilization of WWW (World Wide Web) expanded and increased since it provides many services, such as sharing data, stay connected and other services. ...
Read More
At the present period of time, web applications are growing constantly in the whole society with the development of communication technology. Since the utilization of WWW (World Wide Web) expanded and increased since it provides many services, such as sharing data, stay connected and other services. As a consequence, these numerous numbers of web application users susceptible to cybersecurity breaches in order to steal sensitive information or crashing the users’ systems, etc. Particularly, the most common vulnerability todays in web applications are the Cross-Site Scripting (XSS) attack.Furthermore, online cyber attacks utilizing cross-site scripting were responsible for 40% of the attack instances that struck enterprises in North America and Europe in the 2019. Therefore, cross-site scripting is a form of an injection that targets both vulnerable and non-vulnerable websites, for the injection of malicious scripts. Cross-site scripting XSS operates by directing users to a vulnerable website that contains malicious JavaScript. Then, when malicious code runs in a victim’s browser, the attacker has complete control over how they interact with the application. In order to protect website or prevent the XSS, must know the application complexity and the way it handles data must be known so it could be controlled by the user. However, Detecting XSS effectively is still a work in progress and XSS is considered a gateway for various attacks. However in this paper, we will introduce the XSS attack and the forms of XSS as review paper. In addition, the methods and techniques that help to detect cross site scripting (XSS) attacks.
Hamed Ramzanipour; Navid Vafaei; Nasour Bagheri
Abstract
Differential fault analysis, a kind of active non-invasive attack, is an effective way of analyzing cryptographic primitives that have lately earned more attention. In this study, we apply this attack on CRAFT, a recently proposed lightweight tweakable block cipher, supported by simulation and experimental ...
Read More
Differential fault analysis, a kind of active non-invasive attack, is an effective way of analyzing cryptographic primitives that have lately earned more attention. In this study, we apply this attack on CRAFT, a recently proposed lightweight tweakable block cipher, supported by simulation and experimental results. This cipher accepts a 64-bit Tweak, a 64-bit plaintext, and a 128-bit key to produce a 64-bit ciphertext. We assume that the target implementation of CRAFT does not use countermeasures in this paper. The considered fault model in the initial phase of this paper is a single-bit, but random nibble-injected fault, where we first present the fault injection attack as a simulation and then report on how to retrieve the round sub-keys. Next, we use frequency glitch as a fault injection technique in the experimental phase. This part aims to produce a single fault at a nibble in a specific round of the CRAFT. Following our statistical analysis and according to the simulation findings, we can reduce the key space to 30.28 and 24.37 bits, respectively, by using 4 and 5 faults. The experimental section also identifies the location of random faults injected by the hardware mechanism.
Sumayia Al-Anazi; Isra Al-Turaiki; Najwa Altwaijry
Abstract
Motif discovery is a challenging problem in bioinformatics. It is an essential step towards understanding gene regulation. Although numerous algorithms and tools have been proposed in the literature, the accuracy of motif finding is still low. In this paper, we tackle the motif discovery problem using ...
Read More
Motif discovery is a challenging problem in bioinformatics. It is an essential step towards understanding gene regulation. Although numerous algorithms and tools have been proposed in the literature, the accuracy of motif finding is still low. In this paper, we tackle the motif discovery problem using ensemble methods. A review and classification of current ensemble motif discovery tools is presented. We then propose our Cluster-based Ensemble Motif Discovery Tool (CEMD) which is based on k-medoids clustering of state-of-art stand-alone motif finding tools. We evaluate the performance of CEMD on benchmark datasets and compare the results to both stand-alone and similar ensemble tools. Experimental results indicate that CEMD has better sensitivity than state-of-art stand-alone tools when dealing with human datasets. CEMD also obtains better values of sensitivity when motifs are implanted in real promoter sequences. As for the comparison of CEMD with ensemble motif discovery tools, results indicate that CEMD achieves better results than MEME-ChIP on all evaluation measures. CEMD shows comparable performance to RSAT peak-motifs and MODSIDE.
Mohammad Ali A. Hammoudeh; Renad Ibrahim; Lama Alshraryan; Manar Alnomise; Ragad Alhumidan
Abstract
Recently, the interest in cybercrime and cybersecurity has increased dramatically both in terms of critical security issues and national economic information infrastructure and sensitive dealing policies, such as protection and data privacy. Moreover, the growing threat of cybersecurity has prompted ...
Read More
Recently, the interest in cybercrime and cybersecurity has increased dramatically both in terms of critical security issues and national economic information infrastructure and sensitive dealing policies, such as protection and data privacy. Moreover, the growing threat of cybersecurity has prompted the kingdom to pay more attention to its national cybersecurity strategy as the state embarks on a Vision 2030 plan, which aims to diversify the economy and create new jobs. Therefore, Any Computer system is always having security threats which are considered as a big problem and this including application Codes as increasing demand. The paper aims to give a detailed information about secure coding with Python and present security guidelines and considerations in different disciplines. It focuses on giving an overview of the authentication methods used in application (Code) and show program security mistakes to introduce vulnerabilities (Ex. SQL Injection). We reviewthe new user authentication techniques, making it easier for the manager to choose the appropriate techniques for his organization by understanding the way it works, advantages, and disadvantages. The administrator can integratethese mechanisms in a manner that is appropriate for his security plan. This will be useful for programmers and users to keep their codes and applications more secure and viable for usage in sensitive environments.
Seyed Salar Ghazi; Haleh Amintoosi; Sahar Pilevar Moakhar
Abstract
In recent years, blockchain technology has been used in many fields, including IoT and Smartphones. Since most of these devices are battery constrained and have low processing capabilities, conventional blockchains are not suitable for these types of systems. In this field, critical challenges that need ...
Read More
In recent years, blockchain technology has been used in many fields, including IoT and Smartphones. Since most of these devices are battery constrained and have low processing capabilities, conventional blockchains are not suitable for these types of systems. In this field, critical challenges that need to be addressed are providing security for transactions and power consumption. An available solution to meet the mentioned challenges is TrustChain. Unlike conventional blockchains, TrustChain does not have a single global chain. Instead, each node is responsible for building and maintaining its local chain.With all the benefits, TrustChain is vulnerable to the whitewashing attack and suffers from client vulnerability issues. Moreover, once a fatal error occurs, the recovery time of each TrustChain node is considerably high. In this paper, wepropose a solution to address the attacks mentioned above by implementing an authentication system with MongoDB on top of TrustChain. Moreover, we connected TrustChain to the distributed cloud storage to significantly reduce the recovery time of nodes in fatal errors (up to 80%). Finally, we evaluate improved TrustChain with the PoW-based smartphone-oriented blockchains from two aspects of security and power consumption, proving that improved TrustChain does not significantly affect the lifetime of the smartphone battery. Its power consumption is less than mentioned blockchains and is more securethan these systems against main attacks.
Parichehr Dadkhah; Mohammad Dakhilalian; Parvin Rastegari
Abstract
Wireless Body Area Networks (WBANs) have attracted a lot of attention in recent researches as they play a vital role in diagnosing, controlling and treating diseases. These networks can improve the quality of medical services by following the health status of people and providing online medical advice ...
Read More
Wireless Body Area Networks (WBANs) have attracted a lot of attention in recent researches as they play a vital role in diagnosing, controlling and treating diseases. These networks can improve the quality of medical services by following the health status of people and providing online medical advice for them, momentarily. Despite the numerous advantages of these networks, they may cause irrecoverable problems for patients, if security considerations are not properly met. So, it is very important to find solutions for satisfying security requirements in these networks. A signcryption scheme can be considered as one of the most important cryptographic tools for providing the security requirements in WBANs. Recently, Kasyoka et al. proposed a signcryption scheme based on which they designed an access control protocol for WBANs. They proved the security of their proposals in the random oracle model (ROM). In this paper, we concentrate on Kasyoka et al.’s proposals and show that their proposed signcryption scheme and consequently their proposed access control protocol for WBANs are vulnerable against various attacks, in contrast to their claims. Afterward, we fix the scheme to be secure against our proposed attacks.
Isra Al-Turaiki; Najwa Altwaijry; Abeer Agil; Haya Aljodhi; sara Alharbi; Lina Alqassem
Abstract
With present-day technological advancements, the number of devices connected to the Internet has increased dramatically. Cybersecurity attacks are increasingly becoming a threat to individuals and organizations. Contemporary security frameworks incorporate Network Intrusion Detection Systems (NIDS). ...
Read More
With present-day technological advancements, the number of devices connected to the Internet has increased dramatically. Cybersecurity attacks are increasingly becoming a threat to individuals and organizations. Contemporary security frameworks incorporate Network Intrusion Detection Systems (NIDS). These systems are an essential component for ensuring the security of computer networks against attacks. In this paper, two deep learning architectures are proposed for both binary and multi-class classification of network attacks. The models, CNN-IDS and LSTM-IDS, are based on Convolutional Neural Network and Long Short Term Memory architectures, respectively. The models are evaluated using the well-known NSL-KDD dataset. The performance is measured in terms of accuracy, precision, recall, and F-measure. Experimental results show that the models achieve good performance in terms of accuracy and recall. Network intrusion detection systems are an integral part of contemporary networks. They provide administrators with an early warning for known and unknown attacks. In this paper, two deep learning architectures to aid administrators in detecting network attacks are outlined
Morteza Amirmohseni; Sadegh Dorri Nogoorani
Abstract
Smart contracts are applications that are deployed on a blockchain and can be executed through transactions. The code and the state of the smart contracts are persisted on the ledger, and their execution is validated by all blockchain nodes. Smart contracts often hold and manage amounts of cryptocurrency. ...
Read More
Smart contracts are applications that are deployed on a blockchain and can be executed through transactions. The code and the state of the smart contracts are persisted on the ledger, and their execution is validated by all blockchain nodes. Smart contracts often hold and manage amounts of cryptocurrency. Therefore, their code should be secured against attacks. Smart contracts can be secured either by fixing their source/byte code before deployment (offline) or by inserting some protection code into the runtime (online). On the one hand, the offline methods do not have enough data for effective protection, and on the other hand, the existing online methods are too costly. In this paper, we propose an online method to complement the offline methods with a low overhead. Our protections are categorized into multiple \emph{safety guards}. These guards are implemented in the blockchain nodes (clients), and require some parameters to be set in the constructor to be activated. After deployment, the configured guards protect the contract and revert suspicious transactions. We have implemented our proposed safety guards by small changes to the Hyperledger Besu Ethereum client. Our evaluations show that our implementation is effective in preventing the corresponding attacks, and has low execution overhead.
Norah Alajlan; Meshael Alyahya; Noorah Alghasham; Dina M. Ibrahim
Abstract
Date fruits are considered essential food and the most important agricultural crop in Saudi Arabia. Where Saudi Arabia produces many of the types of dates per year. Collecting large data for date fruits is a difficult task and consumedtime, besides some of the date types are seasonal. Wherein convolutional ...
Read More
Date fruits are considered essential food and the most important agricultural crop in Saudi Arabia. Where Saudi Arabia produces many of the types of dates per year. Collecting large data for date fruits is a difficult task and consumedtime, besides some of the date types are seasonal. Wherein convolutional neural networks (CNN) model needs large datasets to achieve high classification accuracy and avoid the overfitting problem. In this paper, an augmented date fruits dataset was developed using deep convolutional generative adversarial networks techniques (DCGAN). The dataset contains 600 images for three varieties of dates (Sukkari, Suggai and Ajwa). The performance of DCGAN was evaluated using Keras and MobileNet models. An extensive simulation shows the classify using DCGAN with the MobileNet model achieved 88% of accuracy. Whilst 44% for the Keras. Besides, MobileNet achieved better classification in the original dataset.
Mohammad Ali
Abstract
Remote data auditing (RDA) protocols enable a cloud server to persuade an auditor that it is storing a data file honestly. Unlike digital signature(DS) schemes, in RDA protocols, the auditor can carry out the auditing procedure without having the entire data file. Therefore, RDA protocols seem to be ...
Read More
Remote data auditing (RDA) protocols enable a cloud server to persuade an auditor that it is storing a data file honestly. Unlike digital signature(DS) schemes, in RDA protocols, the auditor can carry out the auditing procedure without having the entire data file. Therefore, RDA protocols seem to be attractive alternatives to DSs as they can effectively reduce bandwidth consumption. However, existing RDA protocols do not provide adequately powerful tools for user authentication. In this paper, we put forward a novel attribute-based remote data auditing and user authentication scheme. In our proposed scheme, without having a data file outsourced to a cloud server, an auditor can check its integrity and the issuer’s authenticity. Indeed, through a challenge-response protocol, the auditor can check whether 1) the cloud server has changed the content of the data file or not; 2) the data owner possesses specific attributes or not. We show that our scheme is secure under the hardness assumption of the bilinear Diffie-Hellman (BDH) problem.
Amirhosein Salehi; Siavash Ahmadi; Mohammad Reza Aref
Abstract
Industrial control systems are widely used in industrial sectors and critical infrastructures to monitor and control industrial processes. Recently, the security of industrial control systems has attracted a lot of attention, because these systems are now increasingly interacting with the Internet. Classic ...
Read More
Industrial control systems are widely used in industrial sectors and critical infrastructures to monitor and control industrial processes. Recently, the security of industrial control systems has attracted a lot of attention, because these systems are now increasingly interacting with the Internet. Classic systems are suffering from many security problems and with the expansionof Internet connectivity, they are now exposed to new types of threats and cyber-attacks. Addressing this, intrusion detection technology is one of the most important security solutions that is used in industrial control systems to identifypotential attacks and malicious activities. In this paper, we propose Stacked Autoencoder-Deep Neural Network (SAE-DNN), as a semi-supervised Intrusion Detection System (IDS) with appropriate performance and applicability on a wide range of Cyber-Physical Systems (CPSs). The proposed approach comprises a stacked autoencoder, a deep learning-based feature extractor, helping us with a low dimension and low noise representation of data. In addition, our system includes a deep neural network (DNN)-based classifier, which is used to detect anomalies with a high detection rate and low false positive rate in a real-time process. The SAE-DNN’s performance is evaluated on the WADI dataset, which is a real testbed for a water distribution system. The results indicate the superior performance of our approach over existing supervised and unsupervised methods while using a few percentages of labeled data.
Saja Ahmed Albliwi; Hanan Abdullah Alkharmani
Abstract
With the revolution in mobile technologies and the growing number of mobile internet users, Mobile Payment was born as a convenient channel of communication between customers and firms or organizations. Nowadays, Mobile Payments are on the way to disrupting the traditional Payment methods and contributing ...
Read More
With the revolution in mobile technologies and the growing number of mobile internet users, Mobile Payment was born as a convenient channel of communication between customers and firms or organizations. Nowadays, Mobile Payments are on the way to disrupting the traditional Payment methods and contributing to a massive shift to a cashless society. However, some Mobile Payment users may be resistant to changing from conventional Payment methods. Therefore, it is critical to guarantee users’ continuance intention (CI) toward Mobile Payments to ensure the widespread uptake of Mobile Payments. Given this, this research aims to study the influence of the quality of Mobile Payment impacts users’ CI in Saudi Arabia (SA). Methods: The conceptual model was constructed based on the Information System Success Model and Information System post-adoption researches to support the framework of the current study. Results are drawn from a self-administered survey of a random sample of 389 respondents who regularly use Mobile Payment services in SA. Quantitative analysis is used to determine the impact of Mobile Payment quality on persistence intention to operate in Saudi Arabia. Results: The current study outcomes have shown that all three dimensions of quality (system quality (SYSQ), service quality (SERQ), and information quality (INFQ)), influence user satisfaction (SAT).
Wedad Alawad; Awatef Balobaid
Abstract
Digital forensics is a process of uncovering and exploring evidence from digital content. A growth in digital data in recent years has made it challenging for forensic investigators to uncover useful information. Moreover, the applied use of cloud computing has increased significantly in past few years ...
Read More
Digital forensics is a process of uncovering and exploring evidence from digital content. A growth in digital data in recent years has made it challenging for forensic investigators to uncover useful information. Moreover, the applied use of cloud computing has increased significantly in past few years and has introduced new challenges to forensic experts. Cloud forensics assist organizations who exercise due diligence and comply with the requirements related to sensitive information protection, maintain the records required for audits, and notify concerned parties when confidential information is compromised or exposed. One of the problems with cloud forensics is the limitation of cloud forensic models and guidelines. The aim of this project is to propose a new cloud forensic model that will help investigators and cloud service providers achieve digital forensic readiness within the cloud environment. To achieve this goal, we have studied and compared differentforensic process models to determine their limitations. Based on results of this comparative study, a new cloud forensic framework– Forensic-enabled Security as a Service (FESaaS) is presented. The security and forensic layers are aggregated to discover evidence in the proposed framework. Compared to other cloud forensic frameworks, our framework deals with live data, reports, and logs. Thus, it is sufficient and provides the capability for rapid response.
Fatemeh Deldar; Mahdi Abadi; Mohammad Ebrahimifard
Abstract
With the widespread use of Android smartphones, the Android platform has become an attractive target for cybersecurity attackers and malware authors. Meanwhile, the growing emergence of zero-day malware has long been a major concern for cybersecurity researchers. This is because malware that has not ...
Read More
With the widespread use of Android smartphones, the Android platform has become an attractive target for cybersecurity attackers and malware authors. Meanwhile, the growing emergence of zero-day malware has long been a major concern for cybersecurity researchers. This is because malware that has not been seen before often exhibits new or unknown behaviors, and there is no documented defense against it. In recent years, deep learning has become the dominant machine learning technique for malware detection and could achieve outstanding achievements. Currently, most deep malware detectiontechniques are supervised in nature and require training on large datasets of benign and malicious samples. However, supervised techniques usually do not perform well against zero-day malware. Semi-supervised and unsupervised deep malware detection techniques have more potential to detect previously unseen malware. In this paper, we present MalGAE, a novel end-to-end deep malware detection technique that leverages one-class graph neural networks to detect Android malware in a semi-supervised manner. MalGAE represents each Android application with an attributed function call graph (AFCG) to benefit the ability of graphs to model complex relationships between data. It builds a deep one-class classifier by training a stacked graph autoencoder with graph convolutional layers on benign AFCGs. Experimental results show that MalGAE can achieve good detection performance in terms of different evaluation measures.
Atieh Bakhshandeh; Abdalsamad Keramatfar; Amir Norouzi; Mohammad M. Chekidehkhoun
Abstract
In recent years, artificial intelligence has had a conspicuous growth in almost every aspect of life. One of the most applicable areas is security code review, in which a lot of AI-based tools and approaches have been proposed. Recently, ChatGPT has caught a huge amount of attention with its remarkable ...
Read More
In recent years, artificial intelligence has had a conspicuous growth in almost every aspect of life. One of the most applicable areas is security code review, in which a lot of AI-based tools and approaches have been proposed. Recently, ChatGPT has caught a huge amount of attention with its remarkable performance in following instructions and providing a detailed response. Regarding the similarities between natural language and code, in this paper, we study the feasibility of using ChatGPT for vulnerability detection in Python source code. Toward this goal, we feed an appropriate prompt along withvulnerable data to ChatGPT and compare its results on two datasets with the results of three widely used Static Application Security Testing tools (Bandit, Semgrep, and SonarQube). We implement different kinds of experiments with ChatGPT and the results indicate that ChatGPT reduces the false positive and false negative rates and has the potential to be used for Python source code vulnerability detection.
Marcelo S. Alencar; Karcius D. R. Assis
Abstract
This paper reviews the characteristics of the main digest algorithms, and presents a new derivation of the leftover hash lemma, using the collision probability to derive an upper bound on the statistical distance between the key and seed joint probability, and the hash bit sequence distribution. The ...
Read More
This paper reviews the characteristics of the main digest algorithms, and presents a new derivation of the leftover hash lemma, using the collision probability to derive an upper bound on the statistical distance between the key and seed joint probability, and the hash bit sequence distribution. The paper discussed the use of the hash function in cryptography and presented a new derivation of the upper bound on the statistical distance between the joint distribution of the key and the seed, and the distribution of the hash bit distribution, based on the collision probability. A cryptographic hash function is used to verify whether a data file maps onto a certain hash value. On the other hand, it is difficult to reconstruct the information based on the hash value. Therefore, it is used to assure data in- integrity, and is the building block of a Hash-based Message Authentication Code (HMAC), which provide message authentication.
Mehmet Ali Yalçınkaya; Ecir Uğur Küçüksille
Abstract
The widespread use of web applications and running on sensitive data has made them one of the most significant targets of cyber attackers. One of the most crucial security measures that can be taken is the detection and closure of vulnerabilities on web applications before attackers. In this study, a ...
Read More
The widespread use of web applications and running on sensitive data has made them one of the most significant targets of cyber attackers. One of the most crucial security measures that can be taken is the detection and closure of vulnerabilities on web applications before attackers. In this study, a web application vulnerability scanner was developed based on dynamic analysis and artificial intelligence, which could test web applications using GET and POST methods and had test classes for 21 different vulnerability types. The developed vulnerability scanner was tested on a web application test laboratory, which was created within the scope of this study and had 262 different web applications. A data set was created from the results of the tests performed using the developed vulnerability scanner. In this study, as a first stage, web page classification was made using the mentioned data set. The highest success rate in the page classification process was determined by 95.39% using the Random Forest Algorithm. The second operation performed using the dataset was the association analysis between vulnerabilities. The proposed model saved the 21% time than the standard scanning model. The page classification process was also used in the crawling of the web application in this study.
Bodor Almotairy; Manal Abdullah; Rabeeh Abbasi
Abstract
Entrepreneurship involves an immense network of activities, linked via collaborations and information propagation. Information dissemination is extremely important for entrepreneurs. Finding influential users with high levels of interaction and connectivity in social media and involving them in information ...
Read More
Entrepreneurship involves an immense network of activities, linked via collaborations and information propagation. Information dissemination is extremely important for entrepreneurs. Finding influential users with high levels of interaction and connectivity in social media and involving them in information spread helps disseminating the information quickly. Thus, facilitating key entrepreneurial actors to find and collaborate with each other. Identifying and ranking entrepreneurial top influential people is still in infancy. This paper proposes an ERank framework for topic-specific influence theories that are specialized with respect to Twitter. Firstly, it extracts four dimensions to characterize influencers, including user popularity, activity, reliability, and tweet quality. Afterwards, it uses linear combinations of these dimensions to assign influence score to each user. Experimental results on a real-life dataset containing 233,018 Arabic tweets show that ERank successfully ranks 8 out of 10 entrepreneurial influencers. Unlike other existing approaches, ERank doesn’t require any labelled data and has lower computational cost. To ensure the effectiveness and efficiency of ERank, three validation techniques were used (1) to compare the detected influencers with the real-world influencers, (2) to investigate the spread of information of the detected influencers, and (3) to compare the quality of ERank results with other ranking methods.
Mohammed S. Albulayhi; Dina M. Ibrahim
Abstract
The Open Web Application Security Project (OWASP) is a nonprofit organization battling for the improvements of software protection and enhancing the security of web applications. Moreover, its goal is to make application security “accessible” so that individuals and organizations can make ...
Read More
The Open Web Application Security Project (OWASP) is a nonprofit organization battling for the improvements of software protection and enhancing the security of web applications. Moreover, its goal is to make application security “accessible” so that individuals and organizations can make educated decisions about security threats. The OWASP is a repository of tools and standards for web security study. OWASP released an annual listing of the top 10 most common vulnerabilities on the web in 2013 and 2017. This research paper proposed a comprehensive study on Components with known vulnerabilities attack, which is ninth attack (A9) among the top 10 vulnerabilities. Components with known vulnerabilities are the third-party components that focal system uses as authentication frameworks. Depending on the vulnerability it could range from subtle to seriously bad. This danger arises because the app’s modules, like libraries and frameworks, are almost always run with the highest privileges. If a compromised aspect is abused, the hacker’s task of causing significant loss of information or server takeover is easier.
Iman Jafarian; Siavash Khorsandi
Abstract
The Internet of Things has significantly improved healthcare with its promise of transforming technological, social, and economic perspectives. Medical devices with wireless internet access enable remote monitoring of patients, and collectively, these increasingly smart and connected medical devices ...
Read More
The Internet of Things has significantly improved healthcare with its promise of transforming technological, social, and economic perspectives. Medical devices with wireless internet access enable remote monitoring of patients, and collectively, these increasingly smart and connected medical devices can provide unique and contemporary medical and health services envisioned to be deployed in a large-scale fashion. For this, medical data and records generally are collected, stored, and shared through open-air wireless networks and public cloud infrastructures, which poses severe challenges regarding the confidentiality of sensitive medical data while maintaining low service overhead and system complexity. This paper presents a novel scheme for secure cloud-assisted Internet of Medical Things connecting patients/smart medical devices to smart applications/medical service providers in a scalable one-to-many fashion to make novel medical services practical. The proposed scheme uses index-based searchable encryption for data screening without decryption. It uses a low-overhead proxy re-encryption scheme for secure data sharing through public clouds
Amirhosein Sayyadabdi; Behrouz Tork Ladani; Bahman Zamani
Abstract
Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can potentially ...
Read More
Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can potentially lead to vulnerabilities that grant unauthorized access to resources by malicious applications. In this paper, we present a formal approach for modeling and verifying the security properties of APS. We demonstrate the usability of the proposed approach by showcasing the detection of a well-knownvulnerability found in Android’s custom permissions.