This paper presents a study of hardware implementations of Elliptic Curve Cryptography (ECC) in Wireless Sensor Networks (WSN). A critical study of the underlying finite field, representation basis, occupied chip area, consumed power, and time performances of these implementations is conducted. The study shows that most of the reviewed implementations were implemented on Application Specific Integrated Circuits (ASCI) and only one was implemented on Field Programmable Gate Array (FPGA). Most of these implementations were implemented over the binary fields GF(2m) and using polynomial basis representation.

This paper presents an implementation of an Elliptic Curve Cryptography (ECC) cryptoprocessor on a Nano Field Programmable Gate Array (FPGA). Nano FPGAs offer groundbreaking possibilities in power, size, lead-times, operating temperature and cost. To the best of our knowledge, this is the first ECC implementation on Nano FPGAs. The proposed ECC cryptoprocessor was modeled using VHDL and synthesized on Actel IGLOO AGLN250V2-VQFP100 Nano FPGA. The synthesis results show that the targeted Nano FPGA can not exceed the values of m  11 bits. This is because of the limited number of resources available on Nano FPGAs, which opens a new challenging opportunity for future Nano FPGAs to satisfy the needs of critical portable applications. However, these results may be interesting for battery limited applications that require moderate level of security such as those of Wireless Sensor Networks (WSN).

Side channel analysis attacks have been successfully used to attack embedded systems and cryptographic hardware systems. These attacks have been categorized into different types of attacks yielding to a specific countermeasure for each type based on the nature of the attack. As a result, a significant overhead in terms of performance and resources is introduced by the countermeasures applied to the cryptosystems. Having a unified scheme to counteract different attacks can be challenging. In this paper, we introduce a unified gate-level countermeasure scheme that protects against both power analysis attacks and fault attacks simultaneously. In this paper, we show and study how such a unified countermeasure can be applied to todays cryptographic RFIDs.

This paper investigates the effect of common war-driving on wireless network. Different war-driving software tools are examined and their effects are compared. It also investigates how forensics tools can monitor war drivers. The experiments show that significant numbers of homes are deploying wireless access points without much regard to the security of these devices and it is anticipated that more digital crime cases in this field will be deployed. Such cases include connecting to an unsecured home Wi-Fi network and performing illegal activities, or stealing personal data, with sensitive information and using it to threaten victims or performing identity theft.

This paper presents a novel architecture of XTS-AES mode for data storage devices. An enhanced fully pipelined and area efficient XTS-AES mode design using one AES core is proposed. We propose a design of XTS module to handle the data blocks to be encrypted using a single AES core. Considering previous work in XTS, few designs have been published that use a single AES core, and few efforts have been targeted toward their optimization. This paper describes hardware implementation of XTS-AES design with a throughput of 19.56 Gbps and a maximum achievable frequency of 153.84 MHz. This design is written in Verilog HDL and verified on Altera Cyclone II FPGA.

Cryptographic properties of Boolean functions such as balancedness, high nonlinearity and high algebraic degree play an important role in the design of the symmetric key encryption schemes, especially the design of S-boxes for block ciphers and the design of robust pseudo-random generators for stream ciphers. In this paper, we focus on Boolean functions for the design of stream ciphers. First, we give brief introduction to stream ciphers and Boolean functions. Then, we provide the ways of constructing appropriate Boolean functions with good cryptographic characteristics needed to design stream ciphers. Last, we survey the resistance of Boolean function against algebraic attack which is a powerful tool of cryptanalysis.

The Rijndael cipher or Advanced Encryption Standard (AES) is the most widely used block cipher these days. It is composed of a number of rounds of transformations. The transformations in each round are similar except for the last round where a linear mixing operation (called MixColumns) is omitted. Since its acceptance in 1999, the designers of the cipher had advocated, and it was widely believed, that the omission of the last round MixColumns has no security implications, and is left out for optimization reasons. However, in mid 2010, it was claimed that such an omission operation may have security implications as it may reduce the time complexity of the majority of attacks targeted against the AES. This paper investigates both claims and evaluates the security of the AES when including and omitting the MixColumns operation in the AES. The paper also studies the performance overhead when including the MixColumns operation.

Hiding a secret is needed in many situations. One might need to hide a password, an encryption key, a secret recipe, and etc. Information can be secured with encryption, but the need to secure the secret key used for such encryption is important too. Imagine you encrypt your important files with one secret key and if such a key is lost then all the important files will be unattainable. Thus, secure and efficient key management mechanisms are required. One of them is secret sharing scheme (SSS) that lets you split your secret into several parts and distribute them among selected parties. The secret can be recovered once these parties collaborate in some way. This paper will study these schemes and explain the need for them and their security. Across the years, various schemes have been presented. This paper will survey some of them varying from trivial schemes to threshold based ones. Explanations on these schemes constructions are presented. The paper will also look at some applications of SSS.

Security of several cryptosystems rests on different computational hard problems. Many popular cryptographic schemes are based on the intractability of number theoretic problems such as factoring and discrete logarithms. These hard problems are widely believed to be intractable for classical algorithms. However, these problems may turn to be polynomial- time solvable when the quantum computer comes into existence. Therefore, it is desired to investigate new classes of alternative candidates of hard problems that have exponential complexity to both the ordinary and quantum computers, for instance, error correcting codes, lattice problems, braid groups and subset -product. In this paper, we will focus on the computationally hard problems and their applications to cryptography.

In the notion of traditional public key infrastructure (PKI), we need to deliver public keys in an authentic way. More precisely, digital certificate binds a public key with the identity of its owner. However, significant overhead is associated with managing digital certificates. For this reason, the new notion called "identity-based public key cryptography" (ID-PKC) in which bitstring of user identity (could be name, email addresses, etc) is directly being the public key. The private key generator (PKG) is responsible for creating users private keys according to their public keys (identities). As a result, the need of certificates is eliminated because the authenticity of the public key is highly achieved. On the other hand, key escrow issue exists since PKG is able to find (calculate) any user's private key. Can you imagine what a malicious or compromised PKG can do? In order to overcome this issue a new paradigm which is certificateless public key cryptography (CL-PKC) is introduced in which the private key is partially determined by the key generating centre (KGC). In this paper we study the first CL-PKC scheme which is proposed by Al-Riyami and Paterson.

A new electronic voting protocol is presented by using techniques of cut-and-choose, Shamir threshold scheme, multi-party secure computation and key escrow. It satisfies most properties including anonymity, traceability, receipt-freeness ect.. In this protocol, we use secret sharing to reduce the probability of the corruption and there isn't any authority need to be highly trusted. A sub protocol for registration phase is designed to cut the vote-voter link before casting the ballot. Finally, we analyse the security in an informal way and test the performance by implement a simple process.

Virtualization is an emerging technology which offers organizations some benefits but still suffers from some potential security threats. This review paper mainly emphasizes on several security challenges that virtualization technology may introduce to an IT environment. To start with, we will further our understanding of the state of knowledge for virtualization technology up until what it means today. We will then provide an in-depth explanation about the various forms of virtualization and discuss the benefits and drawbacks that accompany virtualization technology. The paper also highlights several security challenges that exist in a virtualized environment.

The implementation of robust synchronization technique between transmitter-receiver pair in chaotic communication is the main challenge in chaotic communication system design. In this paper we present a new approach to achieve chaotic synchronization by the design of a compensator at the receiver side depending on several optimization algorithms that are genetic algorithm GA, pattern search, and particle swarm optimization PSO. The behavior of these optimization algorithms are evaluated under the condition of imperfect linear transmitting channel with constant attenuation and offset. Our evaluation shows that the optimization algorithms can be used to accomplish robust chaotic synchronization. Moreover, the compensator that depends on pattern search or PSO behaves much better than that which depends on GA. The validity of our proposal is discussed by a numerical means.

Although a significant amount of research has been given to wavelet transform as a denoising technique, little has been done to apply new approach to chaotic noisy signal and most of them have a lack of details and they do not discuss the results on a complete chaotic communication system. In this paper a comprehensive study for a new approach to denoise chaotic signals by using wavelet transform has been studied. A detailed study for Lorenz chaotic signal is applied in order to obtain the optimal denoising parameters including the threshold selection rule, wavelet form, the threshold rescaling methods, and wavelet decomposition level. The validity of this approach is verified by numerical simulations. Moreover, our results can be expanded easily to other chaotic signals.

Generation of chaos is of the highest interest for many kind of applications as secure transmissions, image processing or telecommunications. In this paper, we continue previous studies in order to show that chaotic signals can be obtained from very simple circuits including switches. Such circuits are very easy to implement and robust chaos can be obtained, depending upon parameter values. For this aim, it is necessary to study and understand the bifurcation structures of the circuit model.

We propose a novel noise-resisting ciphering method resorting to a chaotic multi-stream pseudorandom number generator (denoted Cms-PRNG). This Cms-PRNG co-generates an arbitrarily large number of uncorrelated chaotic sequences. These cogenerated sequences are actually used in several steps of the ciphering process. Noisy transmission conditions are considered, with realistic assumptions. The efficiency of the proposed method for ciphering and deciphering is illustrated through numerical simulations based on a Cms-PRNG involving ten coupled chaotic sequences.

The major problems of multicast satellite communications are the security and the scalability. The multicast protocols in DVB-S cause a massive load on the system resources, and create performance deterioration. In this paper, we propose a new encapsulation method called EULE, derived from the ULE standard encapsulation method. The EULE relies on the 'spot beam' technology and the 'label-switching' approach in order to ensure an efficient filtering and multicast forwarding. Additionally, we propose a new multicast security protocol in DVB-S which uses the EULE and provides all security services. The idea of our proposed protocol consists of using a 2-tiered architecture of independent LKH, a satellite-layer and a terrestrial-layer. All the keys of both layers are obtained by chaotic generators. The chaos is also used to encrypt the keys and the transmitted multicast data in our system. The analysis of the proposed protocol shows that it can handle a very large multicast system securely and effectively. Simulated results reveal a low cost for data overhead and more than twofold reduction in bandwidth consumption for the key management data versus the best competitive method.

As a low-consumption, low-cost, distributed self-organized network, wireless sensor network communicates as a self-similar, small-world and scale-free complex network. Based on the defects analysis of digital communication and sufficientnecessary condition of analog signal synchronization, we proposed a novel key distribution scheme in this paper. While some performance analyses as well as some prospects are also given in the end.

Attack graph increasingly becomes a key technique for network security analysis, however, the prevalent Attacker's Ability Monotonic Assumption (AAMA) constraint for attack graph generation couldn't make full use of the direction of network attack and the hierarchy of defence, and therefore not enough efficient to be used in the process of attack graph construction for large-scale complicated network. To this end, we proposed the concept of Network Security Gradient (NSG) to reflect the hierarchy of network defence, and the Gradient Attack Assumption (GAA) based on NSG to constraint the process of attack graph construction for the purpose of improving the efficiency of attack graph construction and reducing attack graph's complexity. To make the theory of NSG more sound and reasonable, we proposed two NSG marking algorithms, respectively from static analysis of network topology and dynamic analysis of network access flow, to ranking network nodes automatically. Experiment results showed that both of the two algorithms can mark NSG for network correct and reasonable.

Scalability and high availability are essential features upon considering security as a foundation of cloud computing. However, the existing centralized access control mechanism is not able to satisfy these requirements. Therefore, we would like to propose a decentralized access control mechanism using authorization certificates. In this article, we describe a method to decentralize CRL (Certificate Revocation List) and a method to improve the performance of access control. We show evaluation results of the availability and scalability of our proposed mechanism through simulation and prototype implementation.

We present a new space-time encoder based on packet-level redundancy which can increase the space-time encoder rate beyond unity without compromising diversity gains. A complementary low-complexity decoding algorithm based on maximum ratio combining and successive interference cancelation is further proposed. A major merit of the decoding algorithm is that it allows to adaptively tradeoff between diversity and multiplexing gains based on the estimated channel parameters at the receiver without requiring any channel state information at the transmitter. System level simulation results give insight into the advantages of the proposed scheme when compared to its Alamouti and MIMO multiplexing based on single value decomposition counterparts

Computer networks are inevitable attacked by attackers for its openness, while adversaries often penetrate target networks gradually to achieve their shady goals by exploiting vulnerabilities existing in them. Attack graph consisted of atomic attacks (instantiations of vulnerability exploit patterns) can fully display the exploitation and dependence relations among all of the vulnerabilities existing in network, therefore, is a very useful tool for network vulnerability analysis and network security evaluation. However, its construction methods are still not efficient enough, and its complexity still greatly impact on its intelligibility and visualization, especially when facing with large-scale complicated network. In this paper, we give a detailed description of the circuitous attack path problem for its negative impact on attack graph construction and its complexity, and propose the concept of network security gradient to reflect the direction of the network attack and the hierarchy of defence. Under this new perspective, we propose the gradient attack assumption to constraint the process of attack graph construction for the purpose of making full use of the direction of network attack and the hierarchy of defence to avoiding circuitous attack paths. Testified by a case study, using the gradient attack assumption to constraint the process of attack graph construction can destruct circuitous attack paths, therefore, is an effective way to improve the efficiency of attack graph construction and reduce the complexity of attack graph, and enhance its intelligibility and visualization.

Creating ontologies and access control policies have one thing in common - a lot of work is spent on creating precise definitions like "who is a full time student" and answering difficult questions like "Are unpaid teachers employees?". Thus ontologies written in OWL and SWRL are a good match for access control policies. However the research in this area always assumed that the semantic information about a user is readily available. But such assumption can be satisfied only in a centralized system, not in decentralized systems enabled by the recent formation of identity federations, in which organizations can authenticate users from other organizations, and make authorization decisions about access to their resources based on user information provided by the other organizations.

For security and privacy reasons, all available information about a user cannot be released to everyone, but only on a strictly need-to-know basis. In today's federated systems, the user information is selected and released at once in the moment of user authentication, but it may be inadequate if the user information is used for processing using rich ontology-based access control policies.

This paper proposes a novel method for releasing semantic information between organizations in an identity federation, based on automated trust negotiation between the releasing Identity Provider and the consuming Service Provider. In the negotiation, the Service Provider gradually asks for more and more information about the user, until an authorization decision can be made. The paper also proposes an algorithm for detecting which information needed for a decision is missing in an OWL2 ontology.

Automated fingerprint identification system (AFIS) is very popular now days for biometric security because of the uniqueness of individual's fingerprint. The need for fingerprint classification arises due to very large fingerprint databases resulting in long response time which is unsuitable for real time applications. Hence in order to reduce number of comparisons fingerprint classification is necessary. It also plays a key role in identifying fingerprints. In this paper we have proposed a new classification technique based on the detection of singular points (core and delta points) consisting of four stages. In the first stage, preprocessing of input fingerprint image is done followed by fine orientation field estimation in second stage. In the third stage, singular points are located using modified Poincare index technique and hence in the fourth stage, classification is done on the basis of these singular points. The proposed technique was tested on NIST 4 database and the results show a significant improvement in classification of different types of fingerprints.

Authentication solution based on handwriting dynamics "TEOFRAST" that was developed to identify users while entering MS Windows XP, Windows 7 operating systems proves to be very successful for integration with electronic document flow systems and a convenient and reliable method of providing information security for iPad computers. Algorithms of generating cryptographic keys based on the described technology provide a foundation for creating more reliable and forgery resistant digital signatures.

Biometrics are used for personal recognition based on some physiologic or behavioral characteristics. In this era, biometric security systems are widely used which mostly include fingerprint recognition, face recognition, iris and speech recognition etc. Retinal recognition based security systems are very rare due to retina acquisition problem but still it provides the most reliable and stable mean of biometric identification. This paper presents a four stage personal identification system using vascular pattern of human retina. In first step, it acquires and preprocesses the colored retinal image. Then blood vessels are enhanced and extracted using 2-D wavelet and adaptive thresholding respectively. In third stage, it performs feature extraction and filtration followed by vascular pattern matching in forth step. The proposed method is tested on three publicly available databases i.e DRIVE, STARE and VARIA. Experimental results show that the proposed method achieved an accuracy of 0.9485 and 0.9761 for vascular pattern extraction and personal recognition respectively.

A new method for generating fingerprint templates with high recognition accuracy and high security is proposed. In the method the phase distribution of the discrete fractional sine transform (DFST) is used to hide the information of the original fingerprint image itself. The condition to realize the high recognition accuracy of fingerprint recognition using the proposed templates is made clear on the basis of the minimum error rate (MER). In addition, the robustness of the templates is indicated.

Lately, dorsal hand vein pattern is gaining popularity in biometric security system due to its uniqueness and stability. Though dorsal vein patterns are not complex, this does not reflect in its extraction and representation. Various existing methods consider vein pattern as straight lines or use some of its features like ending points and bifurcation points for its representation. However, this type of vein representation is not the ideal solution since important features may be lost. Consequently, using all the pixel values representing the vein pattern is a better alternative. But the processing and matching time is at stake when using all the pixel values of the considered image. This problem can be solved by using dimension reduction techniques. In this work, the vein patterns are represented using Independent Component Analysis (ICA). This representation and reduction technique is carefully explored by providing details of the vein matrices. The experiments are carried out on 100 individuals, and the efficiency of the system is tested by the computation of the false acceptance rate and the false rejection rate.

This paper presents a new semantic image CAPTCHA, called Multiple SEIMCHA. Multiple SEIMCHA system warps images using geometric transformations. Then a 2d view of warped image is shown to user. Users should click on the upright orientation of warped image. Multiple SEIMCHA GUI shows 8 images to user and evaluates user by implementing the idea of almost right response instead of completely right response. This idea uses hardness rate concept. The proposed system has a great response time and success rate as usability metrics and it is secure to bots.

This paper focuses on the security of transmissions and proposes the cryptanalysis of a digital chaotic cryptosystem based on the identification of chaotic map parameters using the Extended Kalman Filter. Chaotic sequences are used to cipher a message for which the map's initial conditions and parameters are part of the secret key. We therefore estimate these parameters using only sequences generated by this map. The estimation complexity is increased by making a multiplicative shift of sequence terms so that no transmission of consecutive terms occurs. The impact of the shift on the identification process is especially studied by scanning the basin of the chaotic attractor of a two-dimensional cubic map and by gradually increasing the shift until the EKF algorithm diverges. Many simulations have been done considering three parameters and various initial condition sets. In all cases, we obtain a maximum shift value from which it is not possible to estimate the parameters. This means that the sequence from which the ciphertext results cannot be reconstructed and a hacker cannot decipher the message.

This paper presents a cryptographic system based on cellular automata (CA) theory. The entire encryption system is implemented in reconfigurable hardware (FPGA) and it is used to protect data sent over the internet. It is shown how a series of simple elements called „cells" interact between each other using certain rules and topologies to form a larger system further used to encrypt/decrypt data. The complexity analysis of the specific security system has been discussed in support of the fact that simple, modular hardware oriented design of CA based security is ideally suited for network communications. An experimental hardware platform based on a reconfigurable FPGA of type Spartan 3E Starter Board - XC3S500E was used in order to verify the proposed encryption algorithm.

Cloud computing is set of resources and services offered through the Internet. Cloud services are delivered from data centers located throughout the world. Cloud computing facilitates its consumers by providing virtual resources via internet. General example of cloud services is Google apps, provided by Google and Microsoft SharePoint. The rapid growth in field of "cloud computing" also increases severe security concerns. Security has remained a constant issue for Open Systems and internet, when we are talking about security cloud really suffers. Lack of security is the only hurdle in wide adoption of cloud computing. Cloud computing is surrounded by many security issues like securing data, and examining the utilization of cloud by the cloud computing vendors. The wide acceptance www has raised security risks along with the uncountable benefits, so is the case with cloud computing. The boom in cloud computing has brought lots of security challenges for the consumers and service providers. How the end users of cloud computing know that their information is not having any availability and security issues? Every one poses, Is their information secure? This study aims to identify the most vulnerable security threats in cloud computing, which will enable both end users and vendors to know about the key security threats associated with cloud computing. Our work will enable researchers and security professionals to know about users and vendors concerns and critical analysis about the different security models and tools proposed.

Chaotic systems produce pseudo-random sequences with good randomness; therefore, these systems are suitable to efficient image encryption. In this paper, a low complexity image encryption based on Nested Piece Wise Linear Chaotic Map (NPWLCM) is proposed. Bit planes of the grey or color levels are shuffled to increase the encryption complexity. A security analysis of the proposed system is performed and presented. The proposed method combine pixel shuffling, bit shuffling, and diffusion which is highly disorder the original image. The initial values and the chaos control parameters of NPWLCM maps are derived from external secret key. The cipher image generated by this method is the same size as the original image and is suitable for practical use in the secure transmission of confidential information over the Internet. The experimental results of the proposed method show advantages of low complexity, and high-level security.

In this paper, we propose a new fast and secure scheme for image encryption based on a robust uniform chaotic pseudo-random generator. This generator is used to provide the control parameters of substitution and permutation. Many image encryption algorithms use fixed control parameters in the permutation and substitution stages, during the whole encryption process, which can be easily attacked. The proposed crypto-system presents a substitution process of the gray value based on discretized skew tent map, and a bits permutation process based on the standard map. The substitution and permutation processes are done by controlling in a chaotic manner the parameters of the skew tent and standard maps. The proposed crypto-system has a large key space. It is suitable for software and hardware implementations. Theoretical and simulation results of the proposed crypto-system show that it is immune to linear, differential, chosen/known-plaintext, brute force, and statistical attacks.

This paper proposes an ID-Based authentication method for the Extensible Authentication Protocol (EAP), as an alternative to methods relying on PKI (Public Key Infrastructure), to provide nodes with private and public keys. It proposes to derive the public key from the node's identity directly. As such, there is no need for deployment of CA (Certification Authority) and the burdensome management of certificates is removed. The presented authentication method is resistant to the Key Escrow Attack. In addition, the results from implementation tests are given and prove how efficient the ID-Based cryptography might be for use in wireless networks.

In this paper, we propose a new leakage-resilient authentication and data management system that can be regarded as a prominent solution for secure public cloud storage where a cloud service provider completely maintains/controls authentication servers as well as storages. This system not only guarantees a higher level of security against active attacks as well as leakage of stored secrets (i.e., credentials and keys) but also makes a user possible to securely store/retrieve data keys in a distributed manner.

This position paper focuses on deriving some of the challenges for trust establishment in Cloud Computing. We start by providing a conceptual model of Cloud infrastructure, and then discuss the dynamic nature of Cloud based on the provided model. We identify that the dynamic nature of a Cloud infrastructure is essential for its desirable properties (e.g. elasticity, resilience, availability, and reliability), but such dynamism results in novel challenges in Cloud context. Our contribution is identifying the effects of this dynamism on trust relationships, identifying the main challenges resulting from these effects and derive our research agenda.

One of the major concerns for users of public cloud storage is data confidentiality and availability. Secured Virtualized Diffused File System (SVDFS) is a distributed file system which aims to address this concern by allowing users to layer on top of the existing public cloud infrastructure to transparently provide a secured and virtualized file system for their existing applications. The virtualized file system uses Information Dispersal Algorithm to slice up data into multiple unrecognizable slices and "diffuse" them across multiple storage servers in one or more cloud providers. With IDA, the attacker is required to obtain a minimum number of slices as well as the information on the transform matrix to be able to reconstruct the information. IDA also provides availability of data without requiring full replication. This helps to mitigate the loss of information in case a storage server or a specific storage medium is corrupted or compromised. The proposed architecture supports a clear separation of storage owner and information owner. Unlike traditional use of IDA for secured file archiving, SDVFS supports file system semantics by providing dynamic read and write of files which have been dispersed using IDA.

In complex environments, multiple web services are needed to interoperate together. Web Services Business Process Execution Language (WS-BPEL) has become a de facto standard for implementing complex business processes. It is an XML-based language that is used to orchestrate web services to render composite web services. Composite web services are deployed on distributed environments and in most cases accessible through the world wide web. In consequence, an increasing number of security threats challenge composite web services. Unfortunately, orchestration languages such as WS-BPEL bypass some business mandatory security considerations such as authentication and authorization. On the other hand, several paradigms for protecting against unauthorized access has emerged. Role-Based Access Control (RBAC) has gained wide acceptance as a paradigm for controlling users access to software systems. In this paper we extend the parameterized RBAC model to produce an authorization model and integrate it into WS-BPEL based composite web services. The objective is to address the unauthorized access vulnerability issues that may arise in composite systems developed using WS-BPEL. The new authorization model for WS-BPEL provides restriction of access up to the level of the variables of the business process.

Due to the vast scale of Cloud Computing systems, management of the numerous physical and virtual components may become unwieldy. Many software packages that have historically been installed on desktops / workstations for years are slowly but surely being converted to Cloud Computing solutions. The problems that are emerging today are only set to worsen as Cloud Computing becomes ever more pervasive. This paper synopsises previous investigatory research concerning these emerging problems. It then continues, to describe and review the structure and operation of the Cloud Computing Management System which utilizes an object mapping declarative language which in turn utilizes an object oriented system to support key operations.

Introduction of cloud computing into aircraft data networks will help in increasing the opportunity of providing services such as VoIP and VoD for passengers. Cloud computing concept in the aircraft data networks will help to reduce the overall power consumption and maintenance costs. This paper explores on the vulnerabilities of the cloud computing network , It also highlights the attack that exploit these vulnerabilities. This paper also addresses the vulnerabilities arising out of usage of VM Migration in Aircraft Data Networks.

Having a better understanding of the properties of network traffic can help in both evaluating current networking protocols and in creating more realistic models which might help in improving today's Internet service. Based on one month traceroute data from 6 different sources to more than 380 destinations, we present an analysis of how the hop count (HC) varies as seen by IPs in the same Autonomous System (AS) and same country, IPs in the same country but different AS, and IPs in different AS and different country. To the best of our knowledge, no previous research studied the HC overlap as seen by different IPs located in various ASs and countries. Our results show that IPs in the same AS have a high degree of overlap in terms of HC as compared to IPs in the same country. This HC overlap also drops significantly as we compare IPs in different ASs and countries.

Spam is the main problem of email systems nowadays. The total amount of spam emails account for more than 75% of the total emails exchanged worldwide; recent reports raise this number up to more than 90%. Novel anti-spam solutions are proposed constantly, to be followed by announcements of sophisticated methods to overcome them through the use of advanced software to reach the spammers' goal. In this paper we propose a collaborative spam filter over a social network, exchanging vote databases containing the hash values of the emails perceived as spam by its users, the mailbook. Social networks are blooming nowadays and users are accustomed to their use more and more every day. Our proposal builds upon that strong attachment between friends and people with the same interests and habits. We propose a user based collaborative approach to address the spam problem. Users characterize spam mail and exchange their votes among their friends through mailbook. User profiles are created in mailbook to express user interests, which in turn are used for evaluating mail as spam according to the user's characteristics. Users also form groups of interests which are also used by our method as another mean to evaluate spam for the specific group in a more effective way.

A new organization of DHCP server's is proposed in this research paper. This hierarchical model is designed to provide each user with a dedicated IP address with an option to move anywhere in the world. This design makes a user's IP address independent of an ISP (Internet Service Provider). DHCP servers are organized into three levels i) Organization level DHCP server ii) Country level DHCP server iii) Root level DHCP server. One IP address is bind against each registered user and this information is stored at all root level servers. A user can now access internet through any ISP, ISP will use the hierarchical design to search for users dedicated IP and a user will always be facilitated by his dedicated IP address. A small protocol is also designed to provide effective communication between different level DHCP servers, between ISP and DHCP server and between client and ISP. This design does not demand any complex changes in existing system rather some intelligent organization of already existing DHCP servers is sufficient to create the new model.

We introduce in this paper an abstract language on top of XACML (eXtensible Access Control Markup Language) for web services security. It is based on the automatic generation of XACML security policies from abstract XACML profile(s). Our proposed approach allows first to specify the XACML profiles, which are then translated using our intended compiler into XACML security policies. The main contributions of our approach are: (1) Describing dynamic security policies using an abstract and user friendly profile language on top of XACML, (2) generating automatically the the XACML policies and (3) separating the business and security concerns of composite web services, and hence developing them separately. Our solution address the problems related to the complexity and difficulty of specifying security policies in XACML and other standard languages. We tested the feasibility of our approach by developing the library system (LB) that is composed of several Web services and applying/realizing our approach to enforce security. Case studies and experimental results are also presented to defend our propositions.

According to the client-server architecture, a thin client is a client program which relies heavily on the computing resources of the server. Current implementations include web-based applications that only have their graphical user interface displayed on a browser program, and the rest of the application run on back-end servers. Business rules, however, are normally parts of the application logic and are hard-coded as an integral part of the application program. Rules maintenance thus implies costly application program modifications. Also rules modifications could involve modifications of several programs that refer to the same rules. Thus makes application maintenance even more challenging. In fact, it has long been recognized that integrity constraints including business rules, as described by a conceptual schema, should be enforced by the database management system. This paper presents a combined Object Constraint Language (OCL) and Object Role Model (ORM) for integrity constraints modeling, and demonstrates an implementation which enforces them by using a commercially available DBMS.

As computers become more and more networked, and more bandwidth will be consumed by network flow because customers will be connected through networks which will transfer files and data, such as video files (MPEGn, AVI, WMV, etc.) to be watched at a customer's computer. The main purpose of this paper is exploring more researches that were developed before for low bandwidth and less storage space where used to optimize large scale network handling capabilities for large system inventories by using adaptive simulation to simulate the selective files or data that are transferred to the host computer on Network Optimization Dynamically Complex Systems (NODCS) [1], [2]. More in depth simulation of a total downloading and deferential time series between different nodes, will be presented in a large-scale networking for large system inventory and how that will affect the growing need by reducing downloading time between servers and nodes for one side and between different nodes on the other side. The behavior of these nodes, produce new revolution of growing more dynamically complex systems. In addition, to different demands, experimental tools and software for computers, mathematical analysis, used as a power tools to explain the complexity of a system. Furthermore, these systems infrastructures have become more interconnected. This strong interconnection means that an action in one part of one infrastructure can rapidly cascade and propagate through the same network. The research will present techniques that optimize transfer storage media for the purpose of minimizing waiting time and hardware cost while maximizing efficiency.

In this work we present a solution for designing a Reed-Muller decoder using an associative memory with Hopfield network. By decoding using classical methods request high computation resources and take long response times. Our solution allows the correction of the wordcodes with one erroneous bit. In the next works, we will implement errors correction codes with a higher capability of correction.

This paper proposes enhancements for the initial identification and for the Authentication and Key Agreement (AKA) protocols that solve two known vulnerabilities of UMTS security: identity catching and secret key exposure. The solution, inspired from Al Saraireh identification protocol, realizes the encryption of the permanent identity of the subscriber and establishes a temporary secret key that will be used by the Authentication and Key Agreement protocol. Also the identification messages have their integrity protected while the AKA messages have their confidentiality and integrity protected.

The Signature Record Type Definition was released by the Near Field Communication (NFC) Forum to provide integrity and authenticity to the NFC Data Exchange Format (NDEF). It achieves this goal by adding a digital signature and corresponding certificates to the NDEF message. Although the Signature Record Type Definition (Signature RTD) specifies the use of strong cryptographic algorithms like RSA, DSA, ECDSA, a few vulnerabilities have been discovered in its implementation. A recently published Record Composition Attack by Roland et al (2011) describes how data can be modified in an NDEF message by exploiting the Type Name Format (TNF) field even though the NDEF message is protected by a Signature Record. This paper takes a close look at this attack and points out that, apart from TNF value, a few other fields of NDEF header must also be manipulated in order to implement this attack successfully. It is shown how to do this and some modifications to the signature scheme are proposed in order to counter such attacks. However, more significantly, we need to propose an update to the NDEF record specification in order to achieve the security required from a signature scheme.

Filtering image email spam is considered to be a challenging problem because spammers keep modifying the images being used in their campaigns by employing different obfuscation techniques. Therefore, preventing text recognition using Optical Character Recognition (OCR) tools and imposing additional challenges in filtering such type of spam. In this paper, we propose an image spam filtering technique, called Image Texture Analysis-Based Image Spam Filtering (ITA-ISF), that makes use of low-level image features for image characterization. We evaluate the performance of several machine learning-based classifiers and compare their performance in filtering image spam based on low-level image texture features. These classifiers are: C4.5 Decision Tree (DT), Support Vector Machine (SVM), Multilayer Perception (MP), Naïve Bays (NB), Bayesian Network (BN), and Random Forest (RF). Our experimental studies based on two publicly available datasets show that the RF classifier outperforms all other classifiers with an average precision, recall, accuracy, and F-measure of 98.6%.

We suggest a distributed, reactive demand-side management mechanism that facilitates dynamic allocation of a resource to clusters of applications. Different levels of criticality, assigned to these clusters, reflect the prioritisation of distribution of the resource, with respect to quality of service and demand. Under the assumption that the quality of service constraints imposed on the clusters can be subject to an minimal degree of flexibility in times of severe resource shortage the approach facilitates an almost perfect supply to critical infrastructure without centralised intervention or distribution control.

In this paper, we attempt to develop a secure delay-tolerant network system that enables citizens to communicate freely in an environment where public communication methods, such as mobile networks and the Internet, are intercepted and used by the authorities to monitor civilian activities. The proposed system is composed of several disconnected zones in which data marshals between private key generators and normal nodes in different zones through mobile gateway nodes that carry messages between the different zones.

Mobile Adhoc Network is an autonomous network formed by creating nodes and establishing wireless connections dynamically, so that messages in packets can be sent from a sender to receiver. The unique architecture of MANET offers several advantages and security challenges as passive and active attacks on the network. We discuss elaborately about the security attacks and two more popular security techniques, Intrusion Detection System (IDS) and Watchdog and Path rater (WPR). The two techniques are evaluated using two measures, viz., Availability Factor (AF) and Integrity Factor (IF). We present our results and our insights on suitability of a particular technique to a specific networking application. Our research is on-going and we indicate the extension possibilities that we are working upon.

Security of airport operations has been a major concern during recent years. Information systems have become a critical source for protecting the internal operations of airports. As such, securing the airports against cyber attacks has become the first step to address heightened security concerns for airport operations. The purpose of this paper is to offer a practical approach for improving the security of information systems in airports. The approach can be used by airport system administrators and consultants to analyze any vulnerability in the existing systems and to offer proactive recommendations to protect the system against potential threats. This paper discusses advantages and disadvantages of the proposed approach and offers recommendations for its implementation.

The paper deals with the synchronization of two chaotic Sigma-Delta Modulators. The synchronization is reached via two modulators: one of the modulators is used to code the input information into a bitstream, while the second demodulator is used to decode the obtained bitstream into the original state of the applied input signal. In this way, the system could also be used for chaotic encryption. An alternative solution may be achieved via observers, which can reconstruct all the states of the original system with only partial output information.

A continuous and fully automated software exploit discovery and development pipeline for real-world problems has not yet been achieved, but is desired by defenders and attackers alike. We have made significant steps toward that goal by combining and enhancing known bug hunting and analysis techniques. The first step is the implementation of an easy-to-use distributed fuzzer. Single fuzzers take too long to produce the number of results required. Since distributed fuzzers achieve high-output (typically many found bugs) sorting is required, which we include. We add another layer of triage support by combining in an enhanced fault localization process. Our work automates much of the process so that human resources are only needed at a few key checkpoints along the pipeline, arguably enhancing overall system efficiency. We demonstrate our process on contrived code, the Siemens suite, and two real-world pieces of code: Firefox and Java.

secure routing protocols present one of the most important challenges of Mobile Ad hoc Networks (MANETs). This is due to their special characteristics such as shared wireless medium, stringent resource constraints and highly dynamic network topology. This paper presents a solution to the problem of routing information disclosure and traffic analysis in a new way that doesn't require exchanging a group secret key between one-hop neighbors. In addition, the proposed solution maintains the routing data integrity and node authentication features. Furthermore, the solution provides a new method for securing neighborhood discovery (ND) using PKI.

The Idea of data clustering with PSO has been around for recent years. In this paper, the technique of data clustering using Particle Swarm Optimization Algorithm improves with offering a new fitness. After that, it is applied to fuzzy clustering. Then, our clustering PSO improved by combining it with chaos theory. Different chaotic maps were used in our CPSO Clustering Algorithm. They are all analyzed and compared to each other and their impact on clustering results are measured. At last, our new idea was compared to previous methods in action and experiments show a tremendous improvement in the results.

In the internet today, computing and communication networks are very chaotic and complex. They do not have any centralized organization or hierarchical control. Thus there has been much interest in peer-to-peer networks because they provide a good substrate for creating large scale data sharing, content distribution and application level multicast. Many internet applications need to perform large scale data transfer from multiple sources example: massive data mining applications in geographic frameworks. An application layer multicast using peer to peer overlay structure is a good alternative.

In this paper an overlay network structure is created with N nodes such that nodes satisfy certain proximity conditions. An overlay structure based on Chord system is created which considers proximity factors to enhance the date of delivery performance. The proximity factor implemented in this paper enables fast data transfer by finding the shortest distance between nodes. A tree structure is generated from the overlay, which then broadcasts the data to the required nodes. Overlay networks that are proximity aware have better performance than other overlay networks.

Cloud computing has become a compelling and emerging computing model for delivering and consuming on demand computing resources. In this paper, we study and compare the performance of three popular Cloud IaaS (Infrastructure as a Service) providers. These three popular Cloud IaaS providers include Amazon EC2, ElasticHosts, and BlueLock. The performance is studied in terms of execution time of CPU-bound processes, size of memory bandwidth, and speed of read write disk I/O. To make the comparison fair, we strived to create virtual server on each of the providers with similar hardware and system configurations. Experiment results show that the performance of these selected servers varies with regard to different benchmarks.

This paper is concerned about developing a mechanism for identifying insiders and their interdependencies in cloud computing. We provide a set of conceptual models for the interaction between cloud computing system entities that include all possible actors, applications, and the underlaying infrastructural components. We used these to derive a method for identifying insiders. We applied our method to home heathcare system by first providing home heathcare system scenario, and then identifying insiders in the scenario. Next, we provide a threat analysis for insiders impact on home healthcare system. Finally we draw out our research agenda in this direction. We have just started the work in this area as part of EU funded Trusted cloud (TClouds) project.

Sandboxing is a modern technique that can by employed at the application or OS level to test untrusted or untested programs. It monitors and limits the level of access that the program has. This can prevent the damaging effect of a program if it is malicious or not coded properly. Nonetheless, sandboxing adds extra overhead cost which affects the speed and performance of a running program. In this paper, we focus on evaluating experimentally popular sandboxes that run at the application level. We examine the performance of application sandboxes by running different types of benchmarks within these sandboxes. We examine the performance in terms of execution time and the usage of physical memory, disk I/O, and network I/O.

This paper describes a mobile application with several features which can be used to teach Arabic sign language and to communicate using it. These features include translating from Arabic text to Arabic sign language, video chatting where two users can use the application to chat in Arabic sign language, SMS messaging and translating SMS messages to Arabic sign language, in addition to other features such as easy indexing for Arabic words and recording own sentence.

In this paper we considered some ways of crypto algorithm enhancement to attacks based on related keys with the combination of the differential cryptanalysis. As a one way, we highlight enhancement key mechanism. In order to provide high speed of crypto algorithms based on controlled substitution-permutation networks, we propose to use the schemes of iterative generation of round cipher keys, in which generation of the next round key is implemented simultaneously with the current encryption round.

Most switches and routers now come with built in Internetwork Operating System (IOS) .These IOS provides command level interface to network engineers to troubleshoot and manage working of these devices .The most critical aspect of managing a good network is to keep all the critical devices up and running with minimum downtime. Thus it is very important to reduce the time required in resolving problem and configuring network because reducing the troubleshooting time guarantees better services. This paper provides comparative analysis of currently used well accepted practices for monitoring and debugging using IOS and with the optimization techniques based on Human Computer Interface (HCI) to reduce troubleshooting cycle. Both the techniques are compared using Key-stroke Level Model (KLM) model.

The Arabic language is used by a significant percentage of the world's population. Furthermore, beyond personal and public communication within the Arab countries, the Arabic language is becoming very important on the Internet. Numerous documents, resources and applications rely on the language to reach the Arabic speaking audiences. Thus the Arabic language is striving to take its place among the languages supported on Internet such as English, French and Chinese. Efforts are being taken to increase Arabic content, Arabic-based search tools and other models and applications on the Internet. In this paper we offer an overview of the evolution of the Arabic language use on the Internet. There are several obstacles and challenges that the language faces and those need to be resolved efficiently to make the language more usable. Furthermore, we explore how the Arabic language evolution and use on the Internet affects the business world.

The traditional location based service simply includes surrounding environments with the location-awareness technologies and that focuses on nearby users and surrounding mass information. Currently, there are increasing demands and interests for the location-based context publishing with advancements of the smart devices, and the recommended context from the user profiles is a key issue on various Location-based services. Similarly, the user created context can be aggregated into the service data in order to provide personalized recommendations for social media services as the user created context is a part of the service information including the surrounding physical location. The paper carry out a study of the Geo-Context Engine, which guarantees semantic context management technologies for users' interests by combining the location information and social network structure in order to provide personalized context's recommendations for the social media services.

This work introduces the Cassiopeia model, which allows for knowledge discovery in textual bases, used for the purposes of text mining in distinct and/or antagonistic domains. The most relevant contributions include the use of summarized texts as an entrance in pre-processing stage of clusterization, language independence with the use of stop words and the treatment of high dimensionality, a problem that is inherent to Text Mining. In the knowledge extraction, the texts are clustered and reclustered according to a similarity criterion. With the results obtained, the study hopes to show the impact of including summarization in the process of text clusterization. The experiments conducted in this study indicate that text clusterization using summaries is in fact much more effective than direct clusterization of texts in their entirety, as measured by internal and external measures traditionally employed in the field of text clusterization. Finally, the pos-processing stage creates clusters of summarized texts with a high degree of informativity, a quality that is inherent to summarization. The clusters are highly esteemed with the indexed words. This fact is due to the process proposed by the Cassiopeia model, which allows for strong similarity among the clustered texts. In the future, this similarity will allow for the creation of categories based on the word indices of each cluster.

Energy harvesting is the conversion of ambient energy into electricity to power small devices such as wireless sensors, making them self-sufficient. The electrical energy used to power them is variable over time and limited by the capacity of the energy storage (battery or ultra-capacitor). In general, these embedded devices have to adhere to real-time constraints expressed in terms of deadlines. In this paper, we present power management and scheduling solutions for energy harvesting systems having real-time constraints such as most of wireless sensors. We show how to answer questions like the following: When should the system use energy? When should it be idle and recharge the energy storage? We review the main properties of a scheduler known as Earliest Deadline with Energy Guarantee (EDeg) and we report results of an experimental study.

e-Learning is a pedagogy empowered by Information and Communication Technologies supporting education / training. While e-Learning exists over the past decade and a half, it is receiving considerable attention only in the recent times. Both Industry and Academia are heavily depending on e-Learning in streamlining their teaching process and also in meeting the just-in-time learning requirements of individual learners. Though huge budget is spent in creating, maintaining and offering the courses through e-Learning, security is still not considered as an important aspect in e-Learning. This leads to unauthorized access to course content, thread of discussions, evaluation reports of the learners etc. Any security compromise in e-Learning Ecosystem will have serious impact on credibility of the institution. While security tools are used to tackle various issues independently, these alone will not suffice but process should be in place in order to address the continuously growing security threat. Through this paper we propose a Process Framework for securing an e-Learning Ecosystem which addresses the security problem in a systematic way, in order to foster the benefits of e-Learning.

The rapid burst of Internet usage and the corresponding growth of security risks and online attacks for the everyday user or enterprise employee have emerged the terms Awareness Creation and Information Security Culture. Nevertheless, security education has remained an academic issue mainly. Teaching system security or network security on the basis of practical experience inherits a great challenge for the teaching environment, which is traditionally solved using a computer laboratory at a university campus. The Tele-Lab project offers a system for hands-on IT security training in a remote virtual lab environment - on the web, accessible by everyone. The Tele-Lab platform provides individual learning environments for each student, that may consist of up to three virtual machines per learning environment. Besides in explorative learning, where students use the laboratory whenever they like, the Tele-Lab is used in a blended learning approach: a lecturer introduces a security topic in class using e.g. Powerpoint slides. Subsequently, the students perform a supervised practical exercise in the virtual laboratory. A typically sized course with 15 students can in consequence request up to 45 virtual machines from the Tele-Lab server. The paper at hand briefly presents usage, management and operation of Tele-Lab as well as its architecture. Furthermore, this work introduces an architecture for clustering of the virtual lab on application level and the necessary prerequisites for the implementation. The paper also presents an existing distributed usage scenario.

Phishing is a semantic attack that takes advantage of the naivety of the human behind electronic systems (e.g. e-banking). Educating end-users can minimize the impact of phishing attacks, however it remains relatively expensive and time consuming. Thus, many software-based solutions, such as classifiers, are being proposed by researchers. However, no software solutions have been proposed to minimize the impact of spear phishing attacks, which are the targeted form of phishing, and have a higher success rate than generic bulk phishing attacks. In this paper, we describe a novel framework to mitigate spear phishing attacks via the use of document authorship techniques --- Anti-Spear phishing Content-based Authorship Identification (ASCAI). ASCAI informs the user of possible mismatches between the writing styles of a received email body and of trusted authors by studying the email body itself (i.e. the writeprint), as opposed to traditional user ID-based authentication techniques which can be spoofed or abused. As a proof of concept, we implemented the proposed framework using Source Code Author Profiles (SCAP), and the evaluation results are presented.

Phishing emails contain socially engineered messages to lure victims into performing certain actions, such as clicking on a URL where a phishing website is hosted, or executing a malware code. In a previous study, we proposed a lexical URL analysis approach for detecting phishing websites. In this study, we extend the approach to the phishing email classification domain. The primary motive behind this study is that most phishing email messages contain URLs that point to phishing websites, and lexically analyzing the URLs can enhance the classification accuracy of email messages. As evaluated in this study, the addition of URL lexical analysis in phishing email classification is effective and results in a highly accurate anti-phishing email classifier.

Mobile phones are gradually replacing PCs and even laptops. With so many platforms and apps available, consumers are often confused and managing these devices security requires an extra knowledge. This paper presents the findings of a survey into the opinions of users regarding mobile security, their level of awareness towards current threats, and the need for more security. The paper concludes with the foundation elements that affect security awareness for mobile devices which will be used to form a framework for future improvements.

Trust propagation is a widely-used approach to estimate the trustworthiness level of a target node in a web of trust, especially when the source node has no experience of direct interaction with the target. It is important to have not only an accurate estimate of trust, but also a measure of confidence in the propagated trust. In this paper we introduce a novel approach for propagation of trust and confidence through a web of trust based on our proposed idea of representation of trust and confidence using intervals. We consider this propagation method as a kind of multiplication among trust intervals. We show that this operator is more accurate for evaluation of propagated trust than the current approaches. We also report and analyze the results of experiments carried out on a well-known trust dataset which show that our proposed method improves the accuracy of trust propagation.

Since several years the number of VoIP (Voice over IP) infrastructures increases and, consequently, the number of VoIP users increases too. Under these circumstances VoIP systems get more and more attractive for attackers, since the probability of successful attacks increases and attackers gain benefits, e.g., money with fee-based telephone numbers. Therefore, this paper describes a solution to capture, monitor and report VoIP attacks to gain more knowledge on current and new VoIP attacks.

Considering the large amounts of data to be processed when distributing 3D audio-visual content, it is reasonable to combine broadcasting and P2P distribution, an approach that has been chosen within the EU project DIOMEDES. Two of issues to be solved within such a scenario are related to security: Access control, to support business models where only authorized receivers can access certain content. And content authentication, to avoid distribution of unauthorized and corrupted content. This paper describes how access control and content authentication have been addressed within DIOMEDES, including evaluation of different broadcast encryption schemes with respect to the requirements of the hybrid DVB-T2/P2P distribution scenario. The presented approach is agnostic with respect to both the content format and the P2P network used, and can also be adapted to other, similar scenarios.

Watermarking and steganography are two of the most researched topics in multimedia forensics. However, easy availability of tools and technology has made their misuse a serious concern. To counteract this development some effective tools are necessary to remove malicious steganography. In this work, we introduce a novel watermark attack method which can destroy hidden information embedded in images based on the principle of re-interpolation of Color Filter Array (CFA) artifacts. In digital cameras and scanners, CFA filters are used to acquire low-resolution physical color channel information and produce a high-quality image by subsequent interpolation. We propose to emulate a similar scheme in which image information is removed and reconstructed through interpolation and thereby destroy any hidden information without impairing the visual quality. Most importantly, our presented method is general and does not assume any knowledge of the used watermarking methods, the hidden message or the host image.

In this paper, we proposed an effective document image binarization technique to work with various kind of document degradation such as, bleed-through, aging and bad illumination conditions. The proposed method was compared to various global and local methods. The obtained results demonstrate the effectiveness of the proposed approach versus local and global approaches.

This paper presents a multi-agent recommender system in which agents collaborate with each other, through the message passing communication model, to facilitate providing travel recommendations. A set of rules are organized using a decision tree machine learning technique that enable the agents to behave in an intelligent pro-active way. The agents are also in charge of building/updating profiles of travelers. History of the travelers' selections is kept using a multidimensional rating approach. Maximum likelihood probability and multi attribute theory are used to get the recommendations ratings implicitly and store them for future anticipated recommendations. The effectiveness of the system was evaluated by a diverse set of users with a variety of scenarios. The overall results indicate that the system is capable of pro-actively providing the required types of services with a good degree of accuracy.

Access control security is one of the important aspects in Service Oriented Architecture (SOA) that is considered as a challenge. This issue requires further attention and review because of the architecture's distributed nature, its high re-usability, simple accessibility and the autonomy of logical solutions units. Since the most important way for implementing SOA is the use of web services, in this paper we propose an access control model for web services to protect services and to adopt some policies on the applications using SAML and XACML standard languages. This model is defined in terms of its authentication, authorization architecture and policy formulation. Separation of duties (SoD) is a security principle that has been used extensively to prevent conflict of interest, fraud and error control in organizations. In recent years many IT organizations have struggled to identify potential SoD violations within their IT systems. Hence we propose an approach to defining SoD policy rules in our model.

There are several QoS-based approaches for web service selection. But in reality, users want to choice most used web services with better trade-off between quality and cost. Referring to Alexa, this paper proposes a framework for collecting QoS and cost of web services, and counting visits, and introduces VI (Visits Index) to indicate the popularity of web services and argue VI. VI not only reflects total visits, but also reflects the rate of visits increment. Users can select web services based on VI ranking. For web service providers, how to balance properties of QoS and cost to make as many visits as possible is a problem. This paper uses ANN to establish the relation of QoS and cost to VI. Web service providers can use the trained ANN published by the framework to predict VI ranking of their web services, and design non-functional properties to have as many visits as possible. The framework can be used for open web service marketplaces to rank web services and analyze correlation between non-functional properties and visits of web services similar to Alexa for websites.

Manufactured product items are usually transported from the factory to distributors first and then distributed to retailers before selling to customers. Since RFID technology is widely adopted for supply chain management, ownership transaction is able to record inside the attached RFID tag when a product item with its RFID tag was sold and transported to its new owner such as distributor and retailer. Existing RFID-based ownership transfer protocols were challenged by researchers in terms of security robustness, owner privacy protection and protocol efficiency. In this study, we proposed a novel ownership transfer protocol for RFID-tagged objects using lightweight computing operators to achieve general security requirements during ownership transaction. Our analyses show that our proposed protocol provides stronger security robustness and higher performance efficiency in comparison with existing solutions.

As the issues like global warming and depletion of fossil fuel are considered as urgent problems, the development of electric vehicle (EV) is becoming more attention by automobile industry. Recently, many major automobile companies have launched various types of EV in the market. But the wide adoption of EVs is not coming yet, because of many issues concerning conventional battery charging EV such as long recharging time and expensive price of batteries etc. As an alternative solution to the battery charging EV, the idea of battery changing EV is introduced. To realize the battery changing business model, one should solve the ownership issue of battery. To address such issue, the concept of battery sharing should be considered together with good traceability system. In this study, we studied RFID code structure to provide visibility and traceability for shared EV batteries.

Radio Frequency Identification (RFID) is a technology used for automatic identification of objects, people, and virtually anything one can think of. Applications of RFID technology are expanding and its usage has been adopted worldwide. As such, major efforts have been made to secure the communications in RFID systems and to protect them from various attacks. This paper surveys RFID security vulnerabilities and some of the proposed solutions that guard against these vulnerabilities. Then, a novel approach to achieve mutual authentication for ultralightweight tags is proposed using Physically Unclonable Functions (PUFs). The proposed approach provides robust security properties as well as good performance.

Recently Chen \textit{et al.} have proposed a RFID access control protocol based on the strategy of indefinite-index and challenge-response. They have claimed that their protocol provides optimal location privacy and resists against man in the middle, spoofed tag and spoofed reader attacks. However, in this paper we show that Chen \textit{ et al.} protocol does not provide the claimed security. More precisely, we present the following attacks on the protocol:

\begin{enumerate} \item Tag impersonation attack. \item Reader impersonation attack. \item Location traceability attack. \end{enumerate} All attacks presented in this paper have the success probability of '1' on the cost of only one or two runs of protocol.

The popularity of Wireless Sensor Networks (WSNs) is increasing especially in applications where data needs to be remotely collected, such as in fire detection, health, or environmental monitoring. WSN nodes are limited in terms of processing capabilities and battery life. Thus, encryption is usually avoided and the readings are sent in the clear. This allows any eavesdropper to access data that could be confidential. Lightweight encryption techniques are proposed to overcome the limitations of sensor nodes. Identity-based encryption (IBE) that uses elliptic curve cryptography (ECC) seems to be very promising in terms of energy efficiency. Since the issue of key management is critical for a security system, we propose a novel decentralized IBE-based key management scheme that reduces the energy by using multiple base stations. The keys are pre-distributed in the WSN and refreshed at specific time intervals. The system ensures confidentiality of the messages and the availability of WSN service even when multiple nodes and base stations are compromised, at a significant reduction in overall system energy.

RFID systems, similar to other wireless systems, are inherently susceptible to security and privacy related attacks. The Tiny Encryption Algorithm (TEA) is a suitable lightweight cryptographic algorithm used in medium security systems such as RFID systems. However, TEA has few weaknesses, most notably from equivalent keys and related-key attacks. So, a Modified TEA algorithm (MTEA) is proposed which uses the Linear Feedback Shift Register (LFSR) to overcome the security weakness of the TEA algorithm against attacks. In this paper an implementation of MTEA algorithm is presented and benchmarked with the standard TEA algorithm considering the area and power consumption.

Cloud computing is a distributed technology that can extend the resources available for computers connected to the Internet. Computers can benefit from remote servers to gain extra storage capacities or to execute complex computations that require extended memories. However, the cloud fails to employ sufficient security measure to preserve the privacy of each client connecting to it. In this paper, we present novel techniques that enable clients to process encrypted data without the need to decrypt such data. Furthermore, clients are able to execute treatments through encrypted processes. Using these techniques, a malicious party can neither access the manipulated data nor learn the nature of the operations executed over them. A prototype has been built to investigate the performance of our techniques. This prototype is capable of executing oblivious SQL queries over encrypted data and it has been used to prove the practicality of the proposed techniques.

We suggest the use of reactive pricing system based on an indicator for the aggregated demand within a population of service-related electrical appliances. Previous results from a generic implementation are provided to indicate the feasibility of the approach. The indicator is adapted to a specific problem and the respective parameters are investigated. An exemplary (simulated) implementation of the solution for air conditioning units in residential high rise structures is presented and its performance is evaluated on the basis of numerical results.

Need for computational power grows faster and faster so that we have "Cloud Computing" concept emerged from this need. In the other hand with growing popularity of computing and communication, request for more energy power increases and area of Green Computing try to moderate this procedure with revising old computing method or inventing new method to have more efficient computing material that would work more while consuming less energy and making less pollution. In this paper, the researchers tried to reduce energy consumed in Cloud Computing IaaS datacenters by revising virtual machines scheduling method while keeping QoS parameters as high as possible. We implemented our approach using CloudSim toolkit and evaluated it in compare with recent popular methods. Evaluation result demonstrates our success in reaching our aims to reduce energy consumption while keeping SLA Violation in acceptable range by reduction in number of VM migrations.

This paper describes a cost-effective infrastructure and implementation for creating dynamic, scalable context-aware networks for collaboration and interaction amongst multiple parties. The infrastructure combines auto-detection and network presence sensing, hybrid peer-to-peer and client-server architectures, autonomous connection negotiation, and real-time web-based interactivity to provide a rich information sharing system. The system uses many patterns of interactions supported by a range of mobile and handheld computer devices to allow for comprehensive connectivity and information exchange. A prototype system is designed and built and a few use-case scenarios have been successfully tested.

With the advent in cloud computing technologies, use of cloud computing infrastructure is increasing day by day and a lot of enterprises are shifting their computing from in-house infrastructure to the cloud infrastructure. Over a small period of time, it has substantiated to be an attractive choice for the enterprises. Especially for those, who wants to have minimal upfront cost for their technology infrastructure. This aspect of cloud computing makes it particularly suitable for a new enterprise. Currently, cloud services are a bit expensive, but a good number of enterprises and individuals can be attracted to the cloud computing by providing the low cost cloud services. In a fast growing cloud vendor market, provision of low cost cloud services is a trivial task for the cloud vendors. In this paper, we have presented a model of Virtual Cloud. The concept of Virtual cloud revolves around the concept, ``Rent Out the Rented Resources''. In this model, we propose to virtualize an already virtualized infrastructure. To achieve this, cloud vendor offers the low cost cloud services by acquiring underutilized resources from some big third party enterprise.

For the safe driver assistance systems, relative positioning technology is the most important research area. However, most researches are based on expensive DGPS technology ($10,000~) therefore the relative positioning system is only experimented in laboratory level. In this paper, we use the low-cost GPS(~$50). Also, we design and implement the relative positioning system with the low-cost GPS and 802.11b,g,n. For the performance evaluation, network connection time, delay time and lost rate is tested

The requirement of high bandwidth services such as High Definition TV over IPTV, online gaming, high speed Internet, etc. makes the deployment of FTTx networks the best choice to deliver those services. However, an optimal design of FTTx access networks requires the consideration of many factors, such as the type, number, position of component, cabling paths, demand distribution and future growth. With the manual approach, quality of designs often varies based on the planners' experience. In addition, the pressure imposed on the planner makes it impossible to produce an optimal design. In this paper, based on a mixed integer linear programming (MILP) approach, a design tool is proposed to automate the FTTH designs with respect to future growth. Different planning scenarios have been considered in order to investigate the impact of the future growth and the planning methodology on the planning cost with respect to the cost of materials/installation.

The presented work on behavioural game AI stems from a research into using games to assess and evaluate human (game playing) behaviour. These games must be designed such that all (human) players are faced with identical situations because only then can the results be compared. This in turn requires the AI players to adhere to precisely defined behaviours. This paper outlines a formalism for the unambiguous description of behaviour, presents a model for rational decision making and showcases a proof of concept game implemented for mobile phones. The formalism draws on standards from logic and behavioural psychology.

Replacing humans with robots, or at least assist them, in the search and rescue operations is a necessity given the risks and dangers human rescue forces might be exposed to. Indoor fire situations are among the demanding fields for aid of specialized robots for assisting in the operations. The major risk to fire victims is smoke inhalation and its consequences, not the fire itself. Due to the high density of the smoke in indoor fires, visibility is very likely to be extremely limited making it highly hazardous for fire personals to explore. Other dangerous factors are possible leakage of poisonous gases and structural collapse.

Devising a solution for this class of SAR operations require repeated testing and verification of the exploration solutions in the existence of smoke and fire. Due to the difficulties of constructing real life scenarios a 3D simulator need to be adopted. USARSim the 3D Robotics Simulator is presented as the best candidate for this scenario. The high-fidelity nature of the simulator implies realistic results that are likely to work and operate practically in the real world. Moreover, it supports the development of multi-robot systems, which is an essential requirement in this research. USARSim can add realistic effects that are necessary to simulate indoor fire scenarios, such as smoke. In this paper we present an overview of existing 3D simulators and present USARSim architecture, components and features as a verification of choosing it over other existing simulators.

Imperialist Competitive Algorithm (ICA) is a new socio-politically motivated global search strategy that has recently been introduced for dealing with different optimization problems. In this paper, we adopt ICA to solve the quadratic assignment problem which is a NP-Complete problem and is one of the most interesting and most challenging combinatorial optimization problems in existence. We test our algorithm on some of the benchmark instances of QAPLIB, a well-known library of QAP instances. This algorithm compared with two meta heuristic strategies. These methods are based on simulated annealing approach and genetic algorithm. In most of instances, the proposed method outperforms other approaches. Experimental results illustrate the effectiveness of ICA approach on the quadratic assignment problem.

Hybrid CDN-P2P architecture, benefits from the advantages of both CDNs and P2P networks. In this novel architecture the content is delivered either by Client-Server or P2P approach. A key challenge in these systems is the strategy, used for multicasting the content from distribution servers to the edge servers. In this, article supposing existence of a Replica Placement mechanism, a multicasting tree construction problem in this domain is presented formally. It is proved that the problem is NP-Hard, and an economic heuristic solution to the problem is proposed. The performance of the solution is studied and proved that the solution is a two approximate and its time complexity belongs to O(n3). The experimental results clearly show that the solution produces applicable and near optimal results.

Autonomic computing and policy based systems are closely related concepts that can be strong enablers for managing the next wave of information and network technologies. Lessons learned in these areas are therefore important not only for present day applications, but also for the future developments. In this paper we present some lessons learned in the deployment experiences with these technologies in the Government and the industry projects. The paper identifies the difficulties encountered in the practical development and deployment of these technologies, as well as possible approaches to overcome these difficulties.

This paper presents a formal model for the analysis and verification of a multi-agent system based on the Distributed Lightweight Kerberos (DLK) protocol. Verifying the security protocol exposes security defects and aids in fixing them. The verification process of the DLK protocol uses ProVerif tool. Based on this tool, the security mechanism of the protocol is clearlyexposed . The results of using ProVerif indicate that DLK is secure as initially claimed.

A recent trend in home automation are gateway devices that offer a Web service based Application Programming Interface (API) to access an underlying home automation system. Due to the ease of use and the interoperability of Web services numerous use cases can be found for third party applications using such APIs. Smart homes allow to control nearly every aspect of living within a building, which imposes great security and privacy concerns. Therefore this paper contributes a generic access control concept for Web service based APIs using the Security Assertion Markup Language and the Extensible Access Control Markup Language. The concept allows a user to securely authorize the access of third party applications to the home automation system in order to protect the privacy and to ensure security. The access control concept is generic since no API change is required and therefore leaving the service provider and service consumer untouched.

Information Privacy and Security issues are serious matters that organizations from all industries have to deal with. Healthcare industry is no exception. Personally identifiable healthcare information automated by the healthcare industry can be stolen, intercepted, altered, and misused. Acceptable safeguards, therefore, have to be in place in order to ensure the privacy and protection of this information. Without governmental intervention however, it seems unlikely that the healthcare industry will voluntarily implement such safeguards. Specific laws and ePHI security rules does not exist at this point of time in the UAE. The qualitative investigation in this paper was aimed at finding out if healthcare authorities are in the process of formulating and imposing healthcare privacy and security rules and standards. If healthcare institutions adhere to these privacy and security rules. Also, if lack of specific laws open the door to none compliance and adherence to healthcare privacy and security rules and standards imposed by regulatory bodies. This research study revealed that while Health Authorities are doing their best to improve healthcare standards through data standards, implementation of EHR and ePHI protection, data collected revealed mixed results. While some healthcare institutions are striving to meet some recommendations, others are less responsive. Therefore, a detailed privacy and security rule and enforcing mechanisms are required.

Medical image encryption (MIE) is an important technique to achieve security for medical images. Many researchers use advanced encryption standard (AES) to ensure the security of medical images. Applying AES encryption method for medical images directly leads to a long processing time; also it results in obvious background regions, which are considered flaws. In this paper we apply information theory (IT) to identify the two regions of a medical image: the region of interest (ROI) and the region of background (ROB). In order to reduce the processing time needed to protect a medical image using AES with a higher level of security, we propose a hybrid encryption, where AES is applied for ROI and a coding method such as Gold code (GC) is applied for the ROB after improvement. The proposed method has a shorter processing time than applying AES for the whole medical image. In addition, it has better security as seen in the related entropy and correlation calculations.

Knowing more details about people's identities is becoming one of the digital society's growing needs and in the same time compromising security. Privacy protection is perceived as medium that would secure people's identities, reduce identity theft and increase trust. In many digital identity management system implementation initiatives, privacy needs are only dealt from technical perspective and they are not considered as being part of the core software requirements from the beginning of projects. In this article, we explain that privacy is to be dealt from the start with an integrated and multidisciplinary approach. Therefore, we provide a specification of privacy requirements that are drawn from global, domestic, and business-specific privacy policies. The requirements are to be considered in the design phase of digital identity management systems.

SELinux is one of most used access control models in Linux operating systems. This paper provides an encoding of a default SELinux security policy using the Organisation based access control model (Orbac). We will use Fedora 14 as an example of a Linux distribution in order to illustrate our encoding. For each concept (role, type, context,..) used in SELinux we provide its counterpart in Orbac model. This confirms the expressive power of Orbac model.

Mobile networks are constantly changing and adapting to the needs of users and providers. The legacy global system for mobile communications (GSM) step in the evolution of mobile networks has by far the largest installed user-base. The very large user-base has made it a requirement for providers to modify their future systems to interoperate with the legacy GSM system. The security problems brought about by this legacy integration have a major impact on the security improvements developed for the universal mobile telecommunications systems (UMTS). This paper proposes simple and effective solutions to reduce the possible attacks on the UMTS systems due to the above integration. First we propose a subtle modification to the GSM security protocols as a standalone solution, and then a modification to the UMTS security protocols is proposed as a second solution.

Real-Time traffic classification is a fundamental task for many network management decisions: by timely identifying the applications that generate traffic on a specific network link, network managers can optimize the utilization of their networks; better Quality-of-Service (QoS) can be offered to connected clients, while preventing the saturation of many network resources; the timely identification of malicious traffic or traffic presenting anomalous patterns is also crucial to assure the protection of the connected hosts and network resources. However, achieving such ability is not an easy task. The inherent complexity of current network applications and services and the existence of several privacy and legal restrictions that prevent the analysis of the packets contents are important obstacles for an accurate and timely traffic classification. In this paper, we address this problem by performing an analysis of real captured traffic over several classification windows, until an accurate identification decision is achieved. The use of traffic information such as the packet inter-arrival time and the packet length will allows us to reduce the width of the classification windows, therefore achieving a real-time traffic identification: from these statistics, a multi-scale decomposition is performed in order to evaluate the different frequency components and obtain a frequency spectrum profile that can be associated to the corresponding application using several probabilistic approaches. The obtained results allow us to conclude that the proposed approach can accurately and timely identify the traffic generated by the most important Internet applications, as well as identify traffic presenting illicit patterns.

Because security attacks in IP networks become more difficult to detect, we must develop detection systems to protect network users. One possible method which could be used is forecasting network behaviour. In this paper, we study the use of Holt-Winters forecasting algorithm in aber-rant behaviour detection. We have built a test platform which collects real IP network traffic and calculates forecasts for collected network traffic. Open source software NfSen is used to represent graphs about collected and forecasted network traffic to end user.

Security-functionality tradeoffs are well-known fact. In general boosting IT system functionality may lead to depleting security (confidentiality and integrity) and vice-versa. Furthermore there is a tradeoff between different basic security aspects: confidentiality and availability. Increasing confidentiality level may cause decrease in availability level. The problems should be carefully analyzed, especially in the risky phase of immature, dual-stack architecture characteristic for IPv4/IPv6 transition period. The paper presents a survey of tradeoffs related to this critical, transition period

Recently a modified SET protocol for mobile payment (MSET) has been proposed in the literature. MSET claims to be a promising protocol for mobile payment. However, we have observed certain flaws and drawbacks in the proposed protocol. In this paper we discuss those flaws and drawbacks and propose counter measures for the same to ensure secure transaction. The first flaw is that a dishonest client can buy goods from a merchant without paying the actual price of the goods. We also observed that the MSET protocol lacks the Non-Repudiation property of transaction. Further, we would like to mention that the modified SET is using certificate, which is having no use once the symmetric key is distributed. This causes communication overhead for the mobile application. As a result the protocol will be useful only for mobiles with reasonably high processing power. With the growing demand of mobile based payment systems in developing countries this could be a disadvantage.

Firewalls play an important role in the security of communication systems. They are widely adopted for protecting private networks by filtering out undesired network traffic in and out of the secured network. The verification of firewalls is a great challenge because of the dynamic characteristics of their operation, their configuration is highly error prone, and finally, they are considered the first defense to secure networks against attacks and unauthorized access. In this paper, we propose a new approach for modeling and verification of firewall configuration rules using domain restriction method. Our approach is implemented in Event-B formal techniques, where we model firewall configuration rules, and then use invariant checking to verify the consistency of firewall configurations in Event-B theorem proving framework.

This paper deals with Web Structure Mining. While browsing the web, the user has to go through many pages of the Internet, filter data and download required information. This task of searching and downloading is time consuming. Sometimes the search queries call for specific option, say, limiting search to few links. To reduce the time spent by users, a web link extraction tool has been designed and implemented in Java, that analyzes the ways of extracting web link information using a standard interface. The Test Scenario has been presented with various keywords like Higher Education, Conference Alerts and Special Interest Group. The present work can be a useful input to Web Users, Faculty, Students and Web Administrators in a University Environment.

Although the conventional Social Network Services (SNS) provides a solution for internetworking social users to share information and social media contents based on the Web, there are additional requirements to support increasing demands of social users with commencing Web 2.0 and Semantic Web technologies. With increasing popularity of social network services and smartphones, there are easy accesses and chances for users to share memo, photos, information on the next generation social media services including real-time conversation and messaging. In order to meet such dynamic demands and requirements of users and services, the paper proposes a social media service framework which provides a platform technologies and enables to share various user generated contents as well as the distributed information. Although conventional social network services provide functionalities for sharing user contents via the 3G or Wi-Fi networks, it prohibits dynamic contents sharing between users and groups especially for the multimedia contents. In order to provides a solution to overcome the limitation of conventional On-Demand multimedia services, that are mostly based on the server and applicable for a particular platforms and services, the proposed social multimedia service helps to achieve multimedia and information sharing in peer-to-peer manner within their social networks and joined digital communities.

Designing domain ontologies from scratch is a time-consuming process. In many cases, both the terminologies and the syntactic structures of domain data models are already described in form of XML Schemas. XSLT transformations are used to lift the syntactic level of XML documents to the semantic level of OWL ontologies by mapping any XML Schemas to generated ontologies automatically. Ontology engineers base domain ontologies on generated ontologies to enrich the information located in the XML schemas with additional domain specific semantic information. The aim of this paper is to show the implementation of the general approach transforming any XML Schemas into generated ontologies automatically using XSLT.

This paper presents a modified scheme for run length encoding. A significant improvement in compression ratio for almost any kind of data can be achieved by the proposed scheme. All the limitations and problems in the original run length encoding scheme have been highlighted and discussed in detail in this research paper. A proposed solution has been suggested and performed for each problem to achieve intelligent and efficient coding. One of the major problems with original design is that a larger number of bits are used to represent length of each run. This has been resolved by introducing bit stuffing in RLE. Such larger sequences that affects compression ratio are broken into small sequences using bit stuffing. To allow more compression and flexibility, the length of maximum allowable bit sequence is not fixed and can be adjusted with input. Secondly we ignore the large numbers of small sequences that are largely responsible for expansion of data instead of compression. Four random sequences have been analyzed and when applied by modified scheme, a compression ratio of as high as 50% is observed

Efficient water resources management is an issue of major importance in the field of sustainable development. Several models for resolving this problem can be found in literature, especially in the agricultural sector which represents the main consumer through irrigations. Therefore irrigation management is an important and innovating area which was the subject of several research and studies to cope with the various activities, comportments and conflicts between the different users. Modeling, and more particularly, the Agent-Based Modeling (ABM), allows to better representing the multiplicity of the different actors (especially the stakeholders and farmers), the diversity of their roles, the communication and the social interactions between them. Another advantage of the ABM, that it has a great potential in representing dynamic processes in a complex system such as Systems of Gravity Irrigation Networks. In our work, we are particularly focused on open canal irrigation networks, since this type of irrigation is the most common in Morocco and exists around the world. These systems are characterized to be energy efficient but have several limitations and raise a large water loss. Proper management of this irrigation systems and better allocation of water resources among the various actors will be therefore needed. In this paper, we propose the use of multi-agent framework modeling of Management Systems of Gravity Irrigation Networks (MSGIN), operating with a water tower. Our objectives are mainly located on two levels. The first one, concerns the MSGIN modeling by a multi-agent technology and the agent modeling through AML language. The second one focuses on the negotiation modeling among the various stakeholders and users of water resources. For the implementation of our approach, we opted for an open-source environment: StarUML and JADE multiagent platform.

In this paper, we describe an identity management architecture to makes digital identities available to an integrated personalized TV service in a secure and efficient manner. By developing a prototype system based on our architecture, we show that a single user authentication step allows a viewer to receive personal data from multiple services securely without interrupting the TV-viewing experience.

In this paper, the privacy of two recent RFID tag ownership transfer protocols are investigated against the tag owners as adversaries. The first protocol called ROTIV is a scheme which claims to provides a privacy-preserving ownership transfer by using an HMAC-based authentication with public key encryption. However, our passive attack on this protocol shows that any owner which has experienced the ownership of a specific tag is able to trace the tag either in the past or in the future interrogations. Tracing the tag is also possible via an active attack for any adversary who is able to tamper the tag and extract its information. The second protocol called Chen et al.'s protocol, is an ownership transfer protocol for passive RFID tags which comforts EPC Class1 Generation2 standard. Our attack on this protocol shows that the previous owner of a particular tag is able to trace it in future interrogations. Furthermore, she is able even to obtain the tag's information at any time in the future which makes the adversary capable of impersonating the tag.

Low cost RFID tags are increasingly being deployed in various practical applications these days. Security analysis of the way these tags are used in an application is a must for successful adoption of the RFID technology. Depending on the requirements of the particular application, security demands on these tags cover some or all of the aspects such as privacy, untraceability and authentication. As a result of increasing deployment of RFID tags, many works on RFID protocols and their security analysis have appeared in the literature in the past few years. Although most protocol proposals also provide some justification for the claimed security properties of these protocols, independent third party evaluation has often revealed weaknesses in these protocols. In this work, we present a third party security evaluation of a recently proposed mutual authentication protocol $LMAP^{++}$.

Mutual authentication protocols are an important class of protocols for RFID applications. In these protocols, the reader and the tag of an RFID system run an interactive game to authenticate themselves to each other. In this work, we present traceability and desynchronization attacks against the protocol $LMAP^{++}$. First we show that $LMAP^{++}$ does not satisfy the security notion of traceability as defined in the model proposed by Jules and Weis. Using the ideas of this traceability attack, next we show that $LMAP^{++}$ also suffers from a desynchronization attack. The presented attacks have low complexities and high success probabilities. To the best of our knowledge, this the first attack on the $LMAP^{++}$ protocol.

Radio Frequency Identification (RFID) systems, due to recent technological advances, have been used for various advantages in industries like production facilities, supply chain management etc. However, this can require a dense deployment of readers to cover the working area. Without optimizing reader's location and number, many of them can be redundant, reducing the efficiency of the whole RFID system. There are many algorithms proposed by researchers to solve redundant reader problem, but all these algorithms are based on omni-directional reader antenna patterns, which is not practical. In this paper we present an algorithm for redundant reader elimination for directional antenna. It uses a radio propagation model and also accounts for loss due to multipath fading to model communication between a reader and a tag. The efficiency of the proposed approach was demonstrated while preserving the tag coverage.

Energy conservation is among society's greatest challenges, and the built environment has a concentrated impact on our natural environment, economy, and health. Fundamental understandings of how energy is consumed, monitored, and controlled are key prerequisites for an energy conservation process. This paper evaluates the effectiveness of real-time energy monitors (RTM) to influence behavior change in residential consumers. A methodology for remote identification of load types along the electrical circuitry where they (load) are being consumed is also presented. The load type and status (on, off, standby) are determined both remotely and in a non-intrusive manner using Non-Intrusive Load Monitoring Methods. A bottom-up approach to real-time energy monitoring by integrating virtual and physical domains to increase user awareness on where, when, how and why aspect of energy to make inform decisions regarding energy consumption, optimization and conservation is proposed. A virtual 3-D environment is developed to display actual space/zone/building real-time power consumption information and to allow users to easily locate equipment/loads that are in standby/inefficient and causing energy waste in the real/physical environment. The proposed system using wireless ZigBee based monitoring system is demonstrated via a prototype board virtually integrated with a real world test environment. The results establish a promising tool in this filed.

During the last years prices for hard drive space declined constantly and by contrast the average size of storage media is continuously increasing. So users are able to store large amount of heterogeneous data on his PC. For an effective retrieval of this data more and more a desktop search engine (DSE) is used. The paper presents first findings of a study in desktop search engines comparison. We use a multi-layer approach for building a hierarchical set of criteria for the comparison within a specific test environment. So, we are able to determine good and bad performances for every tested DSE. And finally the chosen set of criteria can be kept for future studies and evaluations of desktop search engines.

The Government plays an important role in citizens' lives either by defining norms and laws to be complied or by providing trustworthy information and services to be properly used. On the other hand the number of people accessing internet on mobile phones has increased sharply which is improving the development of mobile government systems (M-Government), and how citizens will interact with such technology and services remains yet an open issue. In this paper we describe the design of a mobile prototype aimed to provide government-related information and services to the visually impaired citizens. That is the reason why this work has developed the usage of combined interactions in order to provide accessibility and usability to those special users. As part of a formative evaluation studies, we are looking for the users' preferences and experiences while interacting with the mobile prototype. The results of the preliminary studies guide future improvements of the prototype in order to encourage effective and usable interaction with the A-CitizenMobile system.

With the advancement in technologies, the last decades have seen a sea change in the way people interact and communicate. For instance, contents, services and applications previously executed locally or on a local network are gradually finding its way to the cloud. As people and environment changes, so must education in order to be able to adapt and embrace to this paradigm shift in the educational landscape. Cloud-based education has thus arisen and has since gathered a lot of interests in the recent years. This paper thus describes the issues that need to be solved in order to arrive at cloud education, including integration, ownership, security and assessment, and offers a holistic approach to cloud education. It also put forward a new perspective in embedding mobile cloud education, an amalgamation between cloud-learning and mobile-learning domains, within a holistic intelligent campus environment.

A software application developed by IIT-CNR was designed to supply a survey system of Customer Satisfaction which is cost effective and easy to use. The system software is now under revision to enhance it with additional functionalities. The new release will include the implementation of an interface for evaluating the PA services supplied through the Web, and a kiosk system interface for rating the perceived quality of the services offered at the front office. The kiosk rating interface will be also accessible by the user via web and will allow the user to rate the service from home, by a given time limit. Indeed, these two additional channels are foreseen in the framework of the pilot.

Influenced by the impacts of globalization, the surfacing of newer technologies and emergence of new players in the market of financial services, banks are seeking to adopt newer solutions not only to establish their services, but also to contribute to their branding. The adoption of ebanking becomes necessary for banks that wish to maintain their market share as well as retain and attract more customers. The adoption of ebanking however is not a simple process due to several factors that play a major role to promote the rapid conversion to the holders of ebanking. Hence, become an obstacle to ownership. The aim of this paper is to analyze some organizational factors, structural and policies that can accelerate or conversely hinder the adoption of this mode of distribution and electronic communications by banks. A closer look is focused on the case of the Moroccan market as a field of study.

Growing need for protecting user's data in operating system level, results in developing various cryptographic file systems with their own key management and access control models. But threat model in existing models is not extensive enough, so that they are vulnerable to replay attack, user forging and also to collusion of users, so they can't have secure auditing and separation of duty in a secure way. Super users and recovery agents are in trust domain and this is a security risk. These models have performance overload in some operations such as right revocation. Another problem is about keeping lots of crypto metadata in existing models. In this paper we show a new secure model for key management and access control (SeKMAC) using special concepts for optimizing number of crypto metadata and structure of metadata in system which eliminates attacks on crypto metadata with a desired degree. Key management is based on symmetric operations which causes improvement in performance. We consider parameters for avoiding reply attacks, user forging and collusion of users in insecure environments. SeKMAC includes auditing and separation of duty in a secure way and recovery is done with less trust on external agents and revocation is done in an optimum way.

The concept of 'virtual role' is used in scientific literature in various ways when focusing on role management. The term often also appears in work which deals with access control and virtual organizations. However, a common definition for the term is missing and no consistent definition work has been done. This paper presents a summary of a systematic literature review that has been done to clarify the term virtual role. From all available material, a number of 27 studies were selected for the review. Important phases of our research included database searches for relevant research material, data extraction from selected studies, quality assessment of the research material and a summarization of the concept. We found 4 subclasses in which the selected studies can be grouped. Our study presents a summarization of the virtual role concept and describes different aspects on how it is used in different contexts related to access control and role management systems. The literature reveals gaps for future research and we argue that the perspectives of this study could offer important additional insights to information system design using virtual role.

Runtime monitoring is a body of techniques concerning monitoring and analyzing event sequences in software execution. It is widely used to improve software's security and reliability. However, the event pattern languages used in current runtime monitoring frameworks are not fully capable of expressing relations among monitored events. This makes them inadequate to describe some desired event sequences. To this problem, we propose a new event pattern language. Our event pattern language is composed of two level operators. The lower level operators select single events based on only local information, while the higher level operators fully leverage the control flow relation and data flow relation among events. This feature makes our language able to select a larger spectrum of event sequences in a modular and declaration way. We also present a demonstration of preventing SQL injection in this language and implement a compiler for this language.

This paper presents mechanisms on integrating security related activities to an established software process in an organization. The main challenge is to attain a security model that is fit to the organization's security objectives and environment. We quest for an adapted security model that is lightweight yet provide an optimize security impacts in delivering software products. Implementation of the adapted security model must also comprehend the limiting factor of people resources. We share experiences and lesson learned in transforming the adapted security model into secure software process.

In classical multilevel access control, classifications and clearance level are defined in advance and does not change during the duration of their use. We thought that the level of clearance of a user can change and that the classification level of an object may decrease after some time. For this, we propose to enrich our description logic reasoner with default and exception JClassic DE with temporal operators to represent the temporal context and the change in levels over time.

This paper presents Trust-Based Access Control for XML (Extensible Markup Language) Databases. Trust-based access is an established technique in many fields, such as networks and distributed systems, but has not previously been used for XML databases. In trust-based access control, user privileges are calculated dynamically depending on the user's trust value. Applying the technique to XML databases should have many advantages over current techniques, such as role based access.

This paper discusses the aspects of Digital Forensics education in UAE. It states the percentage of Digital Forensics programs available in UAE and the quality of these programs. It also discusses the need for such programs in UAE, not only from the technical aspect but as well from the law aspect, because of the increasing cyber threats in the area.

This paper highlights the importance of Facebook's instant messaging service (Facebook Chat) as a source of potential evidence in an investigation. The paper discusses the process of recovering and reconstructing artifacts left by the use of Facebook Chat on a computer's hard disk. The paper describes experiments in which Facebook Chat conversations in Latin and Arabic character sets were conducted using three major web browsers, and then forensically retrieved. The results highlight how Facebook Chat artifacts of Arabic conversations can be difficult to locate with keyword search functions. The paper describes appropriate steps to overcome these difficulties.

Privacy preservation and computer forensics investigation are two contradictory information security directions. The privacy preservation principle stress on utmost protection of users privacy as privacy is a right, whereas computer forensics investigation attempts to unearth user data for possible digital evidences hidden within them. Although, a number of research efforts have been directed towards privacy preservation during forensics investigation process and consequently, forensics tools are in existence, most of them employ binary privacy levels, i.e., user privacy is either fully protected or not at all. In this paper, we introduce the concept of quaternary privacy levels and their protection mechanism in computer forensics investigation process. The privacy levels are identified on the basis of different entities and their participation roles during a computer forensics investigation process and represent different granule of privacy that can be enforced by the court of law depending on the nature of crime to be investigated. We also re-define the forensics investigation steps to regard different privacy levels for an investigation process.

Research into the issue of the rights protection of digital data is of critical importance since legal measures have proved ineffective against digital piracy. Digital watermarking tops the list of technical countermeasures. Its process involves the incorporation of a set of some data in the item to be protected; this set of data is called watermark. The accuracy of the item is slightly degraded but the watermark acts as a seal that henceforth identifies the intellectual owner. This paper proposes a novel watermarking scheme for relational data which is efficient against a range of attacks that may be issued to remove or destroy the watermark. The paper provides experimental results for a variety of parameter settings, revealing the robustness of the proposed scheme in numerous possible attacks.

Routing is one of the most important challenges regarding mobile ad hoc networks (MANETs). Having no fixed infrastructure along with frequent network topology changes, as a result of nodes mobility, necessitate routing protocols to operate under cooperation of all network nodes. Lack of cooperation in routing can lead to performance reduction and even network denial of service. Uncooperative behavior of nodes can be performed selfishly by refraining from forwarding data packets or, in a more advanced class, maliciously in the form of an attack against the network. One of the most famous, challenging, and destructive routing attacks in MANETs, which can dramatically reduce network performance, is known as Black-hole attack. Black hole attack operates based upon two different phases. The first phase consists of absorbing a considerable amount of network traffic towards attacker node, and the second one is dropping received data packets. In optimized link state routing (OLSR) protocol, a well-known proactive routing algorithm for MANETs, Black hole attack can be implemented in different methods. The objective of this paper is to evaluate effects of different Black hole implementations as well as various selfish behaviors on OLSR based MANETs. Assessment of network parameters has been carried out using Network Simulator (NS-2). Simulation results represent that a special implementation of Black hole attack, which is named as TC-HELLO-Black-Hole and considered in this paper for the first time, is more devastating compared to other implementations and selfish nodes. Furthermore, such attack lessens routing overhead compared to basic OLSR.

This paper investigates the multiply-by-7 Elliptic Curve (EC) point P Scalar Multiplication algorithm for reduced computational complexity and enhanced inherent parallel property based on the Area-Time (AT2) metric. The findings were compared with those obtained when the algorithm was again realized on the Jacobian projective coordinate and the Non-Adjacent Form (NAF). The investigation revealed 27% and 7% computational complexity reductions over the Jacobian and NAF realizations. The algorithm also presents the best AT2 value.