IEEE 2012-13 –DotNet Projects
IEEE 2013: Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks
IEEE 2013: Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-based Encryption
IEEE 2012: Efficient audit service outsourcing for data integrity in clouds
IEEE 2012: Cloud Computing Security: From Single to Multi-Clouds
IEEE 2011: A Policy Enforcing
Mechanism for Trusted Ad Hoc Networks
.jpg)
IEEE 2011: Facial Expression
Recognition Using Facial Movement Features
.jpg)
IEEE 2011: Live
Streaming with Receiver-based Peer-division Multiplexing
IEEE 2011: Enabling Public Audit
ability and Data Dynamics for Storage Security in Cloud Computing
IEEE 2011: Going Back and Forth:
Efficient Multideployment and Multisnapshotting on Clouds
.jpg)
IEEE 2010 VEBEK: Virtual
Energy-Based Encryption and Keying for Wireless Sensor Networks
.jpg)
IEEE 2008: Rabbit-MAC: Lightweight
Authenticated Encryption in Wireless Sensor Networks
IEEE 2013: Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks
IEEE 2013 Transaction on Mobile Computing
Technology - Available in .Net
Abstract— Ad hoc low-power wireless networks are an exciting
research direction in sensing and pervasive computing. Prior security work in
this area has focused primarily on denial of communication at the routing or
medium access control levels. This paper explores resource depletion attacks at
the routing protocol layer, which permanently disable networks by quickly
draining nodes' battery power. These "Vampire” attacks are not specific to
any specific protocol, but rather rely on the properties of many popular
classes of routing protocols. We find that all examined protocols are
susceptible to Vampire attacks, which are devastating, difficult to detect, and
are easy to carry out using as few as one malicious insider sending only
protocol-compliant messages. In the worst case, a single Vampire can increase
network-wide energy usage by a factor of O(N), where N in the number of network
nodes. We discuss methods to mitigate these types of attacks, including a new
proof-of-concept protocol that provably bounds the damage caused by Vampires
during the packet forwarding phase.
IEEE 2013 TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS
Abstract—Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients’ control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access and efficient user revocation, have remained the most important challenges toward achieving fine-grained, photographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute based encryption (ABE) techniques to encrypt each patient’s PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multi-authority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytically and experimental results are presented which show the security, scalability and efficiency of our proposed scheme.
IEEE 2012: Revisiting Defenses against Large-Scale Online Password Guessing Attacks
IEEE 2012: A Novel Anti phishing framework based on visual cryptography
IEEE 2012 INTERNATIONAL CONFERENCE ON POWER, SIGNALS, CONTROLS AND COMPUTATION
Abstract - With the advent of internet, various online attacks has been increased and among them the most popular attack is phishing. Phishing is an attempt by an individual or a group to get personal confidential information such as passwords, credit card information from unsuspecting victims for identity theft, financial gain and other fraudulent activities. Fake websites which appear very similar to the original ones are being hosted to achieve this. In this paper we have proposed a new approach named as "A Novel Anti-phishing framework based on visual cryptography "to solve the problem of phishing. Here an image based authentication using Visual Cryptography is implemented. The use of visual cryptography is explored to preserve the privacy of an image captcha by decomposing the original image captcha into two shares (known as sheets) that are stored in separate database servers(one with user and one with server) such that the original image captcha can be revealed only when both are simultaneously available; the individual sheet images do not reveal the identity of the original image captcha. Once the original image captcha is revealed to the user it can be used as the password. Using this website cross verifies its identity and proves that it is a genuine website before the end users.
IEEE 2012: Revisiting Defenses against Large-Scale Online Password Guessing Attacks
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, FEBRUARY 2012
Abstract— Brute force and dictionary attacks on password-only remote login services are now widespread and ever increasing. Enabling convenient login for legitimate users while preventing such attacks is a difficult problem. Automated Turing Tests (ATTs) continue to be an effective, easy-to-deploy approach to identify automated malicious login attempts with reasonable cost of inconvenience to users. In this paper, we discuss the inadequacy of existing and proposed login protocols designed to address large scale online dictionary attacks (e.g., from a Botnet of hundreds of thousands of nodes). We propose a new Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed to restrict such attacks. While PGRP limits the total number of login attempts from unknown remote hosts to as low as a single attempt per username, legitimate users in most cases (e.g., when attempts are made from known, frequently-used machines) can make several failed login attempts before being challenged with an ATT. We analyze the performance of PGRP with two real-world data sets and find it more promising than existing proposals.
IEEE 2012: Algorithms for the Digital Restoration of Torn Films
IEEE TRANSACTIONS ON IMAGE PROCESSING, FEBRUARY 2012
Abstract— This paper presents algorithms for the digital restoration of films damaged by tear. As well as causing local image data loss, a tear results in a noticeable relative shift in the frame between the regions at either side of the tear boundary. This paper describes a method for delineating the tear boundary and for correcting the displacement. This is achieved using a graph-cut segmentation framework that can be either automatic or interactive when automatic segmentation is not possible. Using temporal intensity differences to form the boundary conditions for the segmentation facilitates the robust division of the frame. The resulting segmentation map is used to calculate and correct the relative displacement using a global-motion estimation approach based on motion histograms. A high-quality restoration is obtained when a suitable missing-data treatment algorithm is used to recover any missing pixel intensities.
IEEE 2012: Efficient audit service outsourcing for data integrity in clouds
IEEE 2012 Transactions on Cloud Computing,
Abstract — Cloud-based outsourced storage relieves the client’s burden for storage management and maintenance by providing a comparably low-cost, scalable, location-independent platform. However, the fact that clients no longer have physical possession of data indicates that they are facing a potentially formidable risk for missing or corrupted data. To avoid the security risks, audit services are critical to ensure the integrity and availability of outsourced data and to achieve digital forensics and credibility on cloud computing. Provable data possession (PDP), which is a cryptographic technique for verifying the integrity of data without retrieving it at an untrusted server, can be used to realize audit services. In this paper, profiting from the interactive zero-knowledge proof system, we address the construction of an interactive PDP protocol to prevent the fraudulence of prover (soundness property) and the leakage of verified data (zero-knowledge property). We prove that our construction holds these properties based on the computation Diffie–Hellman assumption and the rewindable black-box knowledge extractor. We also propose an efficient mechanism with respect to probabilistic queries and periodic verification to reduce the audit costs per verification and implement abnormal detection timely. In addition, we present an efficient method for selecting an optimal parameter value to minimize computational overheads of cloud audit services. Our experimental results demonstrate the effectiveness of our approach.
IEEE 2012 - 45th Hawaii International Conference on System Sciences
Abstract — The use of cloud computing has increased rapidly in many organizations. Cloud computing provides many benefits in terms of low cost and accessibility of data. Ensuring the security of cloud computing is a major factor in the cloud computing environment, as users often store sensitive information with cloud storage providers but these providers may be untrusted. Dealing with “single cloud” providers is predicted to become less popular with customers due to risks of service availability failure and the possibility of malicious insiders in the single cloud. A movement towards “multi-clouds”, or in other words,“interclouds” or “cloud-of-clouds” has emerged recently. This paper surveys recent research related to single and multi-cloud security and addresses possible solutions. It is found that the research into the use of multi-cloud providers to maintain security has received less attention from the research community than has the use of single clouds. This work aims to promote the use of multi-clouds due to its ability to reduce security risks that affect the cloud computing user.
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,
JUNE 2011
Abstract— To ensure
fair and secure communication in Mobile Ad hoc Networks (MANETs), the
applications running in these networks must be regulated by proper
communication policies.However,
enforcing policies in MANETs is challenging because they lack the infrastructure
and trusted entities encountered in traditional distributed systems. This paper
presents the design and implementation of a policy enforcing mechanism based onsite,
a kernel-level trusted execution monitor built on top of the Trusted Platform
Module. Under this mechanism, each Application or protocol has an associated policy. Two instances of an application running
on different nodes may engage in communication only if these nodes enforce the
same set of policies for both the application and the underlying protocols used
by the application. In this way, nodes can form trusted application centric networks.
Before allowing a node to join such a network, Steam verifies its
trustworthiness of enforcing the required set of policies. Furthermore, Steam
protects the policies and the software enforcing these policies from being
tampered with. If any of them is compromised, Steam disconnects the node from the
network. We demonstrate the correctness of our solution through security
analysis, and its low overhead through performance evaluation of two MANET
applications.
.jpg)
IEEE 2011: Facial Expression
Recognition Using Facial Movement Features
IEEE 2011 TRANSACTIONS ON AFFECTIVE COMPUTING
Abstract— Facial expression is an important
channel for human communication and can be applied in many real applications.
One critical step for facial expression recognition (FER) is to accurately
extract emotional features. Current approaches on FERin static images have not
fully considered and utilized the features of facial element and muscle
movements, which represent static and dynamic, as well as geometric and appearance
characteristics of facial expressions. This paper proposes an approach to solve
this limitation using ‘salient’ distance features, which are obtained by
extracting patch-based 3D Gabor features, selecting the ‘salient’ patches, and
performing patch matching operations. The experimental results demonstrate high
correct recognition rate (CRR), significant performance improvements due to the
consideration of facial element and muscle movements, promising results under
face registration errors, and fast processing time. The comparison with the
state-of-the-art performance confirms that the proposed approach achieves the
highest CRR on the JAFFE database and is among the top performers on the
Cohn-Kanade (CK) database.
.jpg)
IEEE 2011 ACM TRANSACTIONS ON NETWORKING, FEB
Abstract— A number of
commercial peer-to-peer systems for live streaming have been introduced in
recent years. The behavior of these popular systems has been extensively
studied in several measurement papers. Due to the proprietary nature of these commercial
systems, however, these studies have to rely on a “black-box” approach, where
packet traces are collected from a single or a limited number of measurement
points, to infer various properties of traffic on the control and data planes. Although
such studies are useful to compare different systems from end-user’s
perspective, it is difficult to intuitively understand the observed properties
without fully reverse-engineering the underlying systems. In this paper we
describe the network architecture of Zattoo, one of the largest production live
streaming providers in Europe at the time of writing, and present a large-scale
measurement study of Zattoo using data collected by the provider. To highlight,
we found that even when the Zattoo system was heavily loaded with as high as
20,000 concurrent users on a single overlay, the median channel join delay
remained less than 2 to 5 seconds, and that, for a majority of users, the
streamed signal lags over-the-air broadcast signal by no more than 3 seconds.
IEEE 2011 Transaction Parallel and
Distributed Systems, IEEE Transactions on May 2011
Abstract — Cloud computing is the long dreamed vision
of computing as a utility, where users can remotely store their data into the
cloud so as to enjoy the on-demand high quality applications and services from
a shared pool of configurable computing resources. By data outsourcing, users
can be relieved from the burden of local data storage and maintenance. Thus,
enabling public audit ability for cloud data storage security is of critical
importance so that users can resort to an external audit party to check the
integrity of outsourced data when needed. To securely introduce an effective
third party auditor (TPA), the following two fundamental requirements have to
be met: 1) TPA should be able to efficiently audit the cloud data storage
without demanding the local copy of data, and introduce no additional on-line
burden to the cloud user. Specifically, our contribution in this work can be
summarized as the following three aspects:
1) We motivate the
public auditing system of data storage security in Cloud Computing and provide
a privacy-preserving auditing protocol, i.e., our scheme supports an external
auditor to audit user’s outsourced data in the cloud without learning knowledge
on the data content.
2) To the best of our
knowledge, our scheme is the first to support scalable and efficient public
auditing in the Cloud Computing. In particular, our scheme achieves batch
auditing where multiple delegated auditing tasks from different users can be
performed simultaneously by the TPA.
3) We prove the security
and justify the performance of our proposed schemes through concrete
experiments and comparisons with the state-of-the-art.
IEEE/ACM CLOUD
COMPUTING June 2011
Abstract — Infrastructure as a Service (IaaS) cloud computing has
revolutionized the way we think of acquiring resources by introducing a simple
change: allowing users to lease computational resources from the cloud
provider’s datacenter for a short time by deploying virtual machines (VMs) on
these resources. This new model raises new challenges in the design and
development of IaaS middleware. One of those challenges is the need to deploy a
large number (hundreds or even thousands) of VM instances simultaneously. Once
the VM instances are deployed, another challenge is to simultaneously take a
snapshot of many images and transfer them to persistent storage to support
management tasks, such as suspend-resume and migration. With datacenters growing
rapidly and configurations becoming heterogeneous, it is important to enable
efficient concurrent deployment and snapshot ting that are at the same time
hypervisor independent and ensure a maximum compatibility with different
configurations. This paper addresses these challenges by proposing a virtual
file system specifically optimized for virtual machine image storage. It is
based on a lazy transfer scheme coupled with object versioning that handles snapshot
ting transparently in a hypervisor-independent fashion, ensuring high
portability for different configurations. Large-scale experiments on hundreds
of nodes demonstrate excellent performance results: speedup for concurrent VM
deployments ranges from a factor of 2 up to 25, with a reduction in bandwidth
utilization of as much as 90%.
IEEE 2010: Localized Multicast: Efficient and Distributed Replica Detection in Large-Scale Sensor Networks
IEEE 2010: Localized Multicast: Efficient and Distributed Replica Detection in Large-Scale Sensor Networks
IEEE TRANSACTIONS ON MOBILE COMPUTING, JULY 2010
Abstract— Due to the poor physical protection of sensor nodes, it is generally assumed that an adversary can capture and compromise a small number of sensors in the network. In a node replication attack, an adversary can take advantage of the credentials of a compromised node to surreptitiously introduce replicas of that node into the network. Without an effective and efficient detection mechanism, these replicas can be used to launch a variety of attacks that undermine many sensor applications and protocols. In this paper, we present a novel distributed approach called Localized Multicast for detecting node replication attacks. The efficiency and security of our approach are evaluated both theoretically and via simulation. Our results show that, compared to previous distributed approaches proposed by Par no et al., Localized Multicast is more efficient in terms of communication and memory costs in large-scale sensor networks, and at the same time achieves a higher probability of detecting node replicas.
.jpg)
IEEE TRANSACTIONS ON MOBILE COMPUTING, JULY
2010
Abstract— Designing cost-efficient, secure
network protocols for Wireless Sensor Networks (WSNs) is a challenging problem
because sensors are resource-limited wireless devices. Since the communication
cost is the most dominant factor in a sensor’s energy consumption, we introduce
an energy-efficient Virtual Energy-Based Encryption and Keying (VEBEK) scheme
for WSNs that Significantly reduces the number of transmissions needed for
rekeying to avoid stale keys. In addition to the goal of saving energy, minimal
transmission is imperative for some military applications of WSNs where an
adversary could be monitoring the wireless spectrum. VEBEK is a secure
communication framework where sensed data is encoded using a scheme based on a
permutation code Generated via the RC4 encryption mechanism. The key to the RC4
encryption mechanism dynamically changes as a function of the residual virtual energy
of the sensor. Thus, a one-time dynamic key is employed for one packet only and
different keys are used for the successive packets of the stream. The
intermediate nodes along the path to the sink are able to verify the
authenticity and integrity of the incoming packets using a predicted value of
the key generated by the sender’s virtual energy, thus requiring no need for
specific rekeying messages. VEBEK is able to efficiently detect and filter
false data injected into the network by malicious outsiders. The VEBEK framework
consists of two operational modes (VEBEK-I and VEBEK-II), each of which is
optimal for different scenarios. In VEBEK-I, each node monitors its one-hop
neighbors where VEBEK-II statistically monitors downstream nodes. We have
evaluated VEBEK’s feasibility and performance analytically and through
simulations. Our results show that VEBEK, without incurring transmission
overhead (increasing packet size or sending control messages for rekeying), is
able to eliminate malicious data from the network in an energy efficient manner.
We also show that our framework performs better than other comparable schemes
in the literature with an overall 60-100 percent improvement in energy savings
without the assumption of a reliable medium access control layer.
.jpg)
IEEE INTERNATIONAL CONFERENCE ON
INFORMATION AND AUTOMATION JUNE, 2008
Abstract— In this
paper, we propose a new Lightweight Authenticated Encryption Mechanism based on
Rabbit stream cipher referred to as Rabbit-MAC, for Wireless Sensor Networks (WSNs)
that fulfils both requirements of security as well as energy efficiency. Our
proposed scheme provides data authentication, confidentiality and integrity in
WSNs. We construct a Rabbit based MAC function, which can be used for data
authentication and data integrity. Our proposed security protocol is an idea
for resource constrained WSNs, and can be widely used in the applications of
secure communication where the communication nodes have limited processing and storage
capabilities while requiring sufficient levels of security. The features of
Rabbit-MAC scheme conclude that this particular scheme might be more efficient
than the existing schemes in terms of security and resource consumption
No comments:
Post a Comment