Abstracted/ Indexed in: Ulrich's International Periodical Directory, Google Scholar, SCIRUS, Genamics JournalSeek
Quarterly published "Inventi Impact: Information Security" publishes high quality unpublished, as well as high impact pre-published research and reviews related to securing information from unauthorized access, modification, disruption, inspection, recording and destruction. Its readership includes scientific, industrial and military professionals.
In this article, we present an automatic face recognition system. We show that fractal features obtained from\r\nIterated Function System allow a successful face recognition and outperform the classical approaches. We propose\r\na new fractal feature extraction algorithm based on genetic algorithms to speed up the feature extraction step. In\r\norder to capture the more important information that is contained in a face with a few fractal features, we use a\r\nbi-dimensional principal component analysis. We have shown with experimental results using two databases as to\r\nhow the optimal recognition ratio and the recognition time make our system an effective tool for automatic face\r\nrecognition....
Blockchain, which has a distributed structure, has been widely used inmany areas. Especially in the area of smart cities, blockchain
technology shows great potential. The security issues of blockchain affect the construction of smart cities to varying degrees. With
the rapid development of quantum computation, elliptic curves cryptosystems used in blockchain are not secure enough. This
paper presents a blockchain system based on lattice cipher, which can resist the attack of quantum computation. The most
challenge is that the size of public keys and signatures used by lattice cryptosystems is typically very large. As a result, each block in
a blockchain can only accommodate a small number of transactions. It will affect the running speed and performance of the
The number of devices running the Android operating system is increasing with over 900\nmillion Android devices currently registered. As the Android operating system grows, security\nbecomes increasingly important. While the current Android operating system protects against\nsystem compromising viruses, it does not provide full protection against malware, adware,\nspyware and Trojan viruses. This creates issues for device security, privacy, and functionality.\nTo counter this, a number of antivirus applications have been made available to detect such\nmalicious applications that host these viruses. However, with more hackers looking to Android,\nit is essential that users have the best antivirus applications to protect their devices. In this\nstudy, fifteen applications that host malware, adware, spyware and Trojan viruses were\nprogrammed to test antivirus applications. The viruses also displayed how the harmful code can\nbe incorporated into an Android application. Additionally, a web server was programmed to\naccept data from the host applications. The efficacies of the twenty most popular antivirus\napplications were determined by introducing the viruses into the target phone through Android\napplication packages. After testing all twenty applications, it was found that Mobile Security &\nAntivirus by AVAST Software detected all fifteen harmful applications, making it the most\neffective antivirus application tested. On the other hand, the other nineteen Android antivirus\napplications detected, at most, four of the host applications. The experiment can serve to\nmaximize security on devices running Android and provide understanding of how antivirus\napplications function....
Cyber risk assessment requires defined and objective methodologies; otherwise, its results cannot be considered reliable. The lack\nof quantitative data can be dangerous: if the assessment is entirely qualitative, subjectivity will loom large in the process. Too much\nsubjectivity in the risk assessment process can weaken the credibility of the assessment results and compromise risk management\nprograms. On the other hand, obtaining a sufficiently large amount of quantitative data allowing reliable extrapolations and\nprevisions is often hard or even unfeasible. In this paper, we propose and study a quantitative methodology to assess a potential\nannualized economic loss risk of a company. In particular, our approach only relies on aggregated empirical data, which can be\nobtained from several sources. We also describe how the method can be applied to real companies, in order to customize the initial\ndata and obtain reliable and specific risk assessments....
JPEG XR is the most recent still image coding standard, and custom security features for this format are required for\nfast adoption of the standard. Format-compliant encryption schemes are important for many application scenarios\nbut need to be highly customised to a specific recent format like JPEG XR. This paper proposes, discusses, and\nevaluates a set of format-compliant encryption methods for the JPEG XR standard: coefficient scan order permutation,\nsign bit encryption, transform-based encryption, random level shift encryption, index-based VLC encryption, and encrypting\nentire frequency bands are considered. All algorithms are thoroughly evaluated by discussing possible compression\nimpact, by assessing visual security and cryptographic security, and by discussing applicability in real-world scenarios.\nMost techniques are found to be insecure and, in a cryptographic sense, have a limited range of applicability and\ncannot be applied to JPEG XR bitstreams in an efficient manner. Encrypting enti...
Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these\ndevices can provide against digital forensics is of particular interest. A common method to access arbitrary data in\nmain memory is the cold boot attack. The cold boot attack exploits the remanence effect that causes data in DRAM\nmodules not to lose the content immediately in case of a power cut-off. This makes it possible to restart a device and\nextract the data in main memory.\nIn this paper, we present a novel framework for cold boot-based data acquisition with a minimal bare metal\napplication on a mobile device. In contrast to other cold boot approaches, our forensics tool overwrites only a\nminimal amount of data in main memory. This tool requires no more than three kilobytes of constant data in the\nkernel code section. We hence sustain all of the data relevant for the analysis of the previously running system. This\nmakes it possible to analyze the memory with data acquisition tools. For this purpose, we extend the memory\nforensics tool Volatility in order to request parts of the main memory dynamically from our bare metal application. We\nshow the feasibility of our approach on the Samsung Galaxy S4 and Nexus 5 mobile devices along with an extensive\nevaluation. First, we compare our framework to a traditional memory dump-based analysis. In the next step, we show\nthe potential of our framework by acquiring sensitive user data....
As modern banking increasingly relies on the internet and computer technologies to operate\r\ntheir businesses and market interactions, the threats and security breaches are highly increase\r\nin recent years. Insider and outsider attacks have caused global businesses lost trillions of\r\nDollars a year. Therefore, that is a need for a proper framework to govern the information\r\nsecurity in banking system. This paper highlights the information assets and potential threats\r\nfor banking system. It further examines and compares the elements from the commonly used\r\ninformation security governance frameworks, standards and best practices. Their strength and\r\nweakness are considered in its approaches. This paper further proposes the initial framework\r\nfor governing the information security in banking system. The framework is categorized into\r\nthree levels which are strategic level, tactical, operational level, and technical level. This\r\nproposed framework will be implemented in real banking environment....
In vehicular ad hoc networks (VANETs), some distinct characteristics, such as high node mobility, introduce new\r\nnon-trivial challenges to quality-of-service (QoS) provisioning. Although some excellent works have been done on\r\nQoS issues in VANETs, security issues are largely ignored in these works. However, it is know that security always\r\ncomes at a price in terms of QoS performance degradation. In this article, we consider security and QoS issues jointly\r\nfor VANETs with cooperative communications. We take an integrated approach of optimizing both security and QoS\r\nparameters, and study the tradeoffs between them in VANETs. Specifically, we use recent advances in cooperative\r\ncommunication to enhance the QoS performance of VANETs. In addition, we present a prevention-based security\r\ntechnique that provides both hop-by-hop and end-to-end authentication and integrity protection. We derive the\r\nclosed-form effective secure throughput considering both security and QoS provisioning in VANETs with cooperative\r\ncommunications. The system is formulated as a partially observable Markov decision process. Simulation results are\r\npresented to show that security schemes have significant impacts on the throughput QoS of VANETs, and our\r\nproposed scheme can substantially improve the effective secure throughput of VANETs with cooperative...
Based on the research of business continuity and information security of the Internet of Things (IoT), a key business node
identification model for the Internet of Things security is proposed. First, the business nodes are obtained based on the business
process, and the importance decision matrix of business nodes is constructed by quantifying the evaluation attributes of nodes.
Second, the attribute weights are improved by the analytic hierarchy process (AHP) and entropy weighting method from
subjective and objective dimensions to form the combination weight decision matrix, and the analytic hierarchy process and
entropy weighting VIKOR (AE-VIKOR) method are used to calculate the business node importance coefficient to identify the key
nodes. Finally, according to the NSL-KDD dataset, the network security events of IoT network intrusion detection based on
machine learning are monitored purposefully, and after the information security event occurs in the smart mobile phone, which
impacts through IoT on the business system, the impact of the key business node on business continuity is analyzed, and the
business continuity risk value is calculated to evaluate the business risk to prove the effectiveness of the model. The experimental
results of the civil aviation departure business show that the AE-VIKOR method can effectively identify key business node, and the
impact of the key business node on business continuity is analyzed, which further proves the efficiency and accuracy of the model
in identifying the key business node....
SCADA (supervisory control and data acquisition)\nsystems are used for controlling and monitoring industrial\nprocesses.We propose a methodology to systematically\nidentify potential process-related threats in SCADA. Process-\nrelated threats take place when an attacker gains user\naccess rights and performs actions, which look legitimate,\nbut which are intended to disrupt the SCADA process. To\ndetect such threats, we propose a semi-automated approach\nof log processing. We conduct experiments on a real-life\nwater treatment facility. A preliminary case study suggests\nthat our approach is effective in detecting anomalous events\nthat might alter the regular process workflow....
� Copyright©2013. Inventi Journals Pvt.Ltd. All Right Reserved.