Pankaj Choudhary,Rajendra Aaseri,Nirmal Roberts

DOI: https://doi.org/10.5121/ijnsa.2013.5306

2013-06-07

Abstract:Now a days, a new family of web applications open applications, are emerging (e.g., Social Networking, News and Blogging). Generally, these open applications are non-confidential. The security needs of these applications are only client/server authentication and data integrity. For securing these open applications, effectively and efficiently, HTTPI, a new transport protocol is proposed, which ensures the entire security requirements of open applications. Benefit of using the HTTPI is that it is economical in use, well-suited for cache proxies, like HTTP is, and provides security against many Internet attacks (Server Impersonation and Message Modification) like HTTPS does. In terms of performance HTTPI is very close to the HTTP, but much better than HTTPS. A Web service is a method of communication between two ends over the Internet. These web services are developed over XML and HTTP. Today, most of the open applications use web services for most of their operations. For securing these web services, security design based on HTTPI is proposed. Our work involves securing the web services over SOAP, based on the HTTPI. This secure web service might be applicable for open applications, where authentication and integrity is needed, but no confidentiality required. In our paper, we introduce a web service security model based on HTTPI protocol over SOAP and develop a preliminary implementation of this model. We also analyze the performance of our approach through an experiment and show that our proposed approach provides higher throughput, lower average response time and lower response size than HTTPS based web service security approach.

Cryptography and Security,Networking and Internet Architecture,Performance

Sanjay Majumder,Sanjay Chakraborty,Suman Das

DOI: https://doi.org/10.5120/16257-5904

2014-06-18

Abstract:Network & internet security is the burning question of today's world and they are deeply related to each other for secure successful data transmission. Network security approach is totally based on the concept of network security services. In this paper, a new system of network security service is implemented which is more secure than conventional network security services. This technique is mainly deals with two essential network security services, one is user authentication and other is data confidentiality. For user authentication this paper introduces Graphical Username & Voice Password approaches which provides better security than conventional username & password authentication process. In data confidentiality section this paper introduces two layer private key for both message encryption & decryption which is mainly applicable on 8 bit plain text data. This paper also provides the hints of introducing other two network security services (integrity and non-repudiation) as a future work.

Cryptography and Security

Madan Solanki,Prof. (Dr.) Vrinda Tokekar,,

DOI: https://doi.org/10.35940/ijitee.l9324.11111222

2022-11-30

International Journal of Innovative Technology and Exploring Engineering

Abstract:Cloud applications are becoming a necessary part of modern life. Security is one of the most important non-functional requirements of every solution. Early days, security and data privacy was just luxury part of software development and it was an optional requirement but nowadays it plays a critical role in daily life. The presented work will be made to observe the need for symmetric security algorithms in Cloud application with Amazon web service. This work observes that the current security level of existing applications recommend improved security solutions to enhance the security level as well performance of proposed architecture. This work recommends Blowfish, RC6 algorithm (symmetric key cryptography) can be used to achieve confidentiality during communication Amazon web service Platform. It also considers the MD5 algorithm to maintain the integrity and modified Kerberos algorithm to achieve authentication. The complete work will propose a security architecture having solution to achieve confidentiality, integrity with strong authentication policy for Cloud application development in Amazon web service. The strong security architecture provide for data and minimum executive time in upload and download file, different key size, file size and chunking size in file. File size divided into chunk 512 bit, 1024 bit, 2048 bit after process in Amazon web service, we are found the optimum time are chunking file size 2048 bits reduce time in encryption and decryption data process and maintain strong security data file in communication including file size 5, 10, 15 and 20 Megabyte.

Sandeep K. Sood

DOI: https://doi.org/10.1016/j.jnca.2012.07.007

IF: 7.574

2012-11-01

Journal of Network and Computer Applications

Abstract:Cloud computing is a forthcoming revolution in information technology (IT) industry because of its performance, accessibility, low cost and many other luxuries. It is an approach to maximize the capacity or step up capabilities vigorously without investing in new infrastructure, nurturing new personnel or licensing new software. It provides gigantic storage for data and faster computing to customers over the internet. It essentially shifts the database and application software to the large data centers, i.e., cloud, where management of data and services may not be completely trustworthy. That is why companies are reluctant to deploy their business in the cloud even cloud computing offers a wide range of luxuries. Security of data in cloud is one of the major issues which acts as an obstacle in the implementation of cloud computing. In this paper, a frame work comprising of different techniques and specialized procedures is proposed that can efficiently protect the data from the beginning to the end, i.e., from the owner to the cloud and then to the user. We commence with the classification of data on the basis of three cryptographic parameters presented by the user, i.e., Confidentiality (C), Availability (A) and Integrity (I).The strategy followed to protect the data utilizes various measures such as the SSL (Secure Socket Layer) 128-bit encryption and can also be raised to 256-bit encryption if needed, MAC (Message Authentication Code) is used for integrity check of data, searchable encryption and division of data into three sections in cloud for storage. The division of data into three sections renders supplementary protection and simple access to the data. The user who wishes to access the data is required to provide the owner login identity and password, before admittance is given to the encrypted data in Section 1, Section 2, and Section 3.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Gaurav Ojha,Gaurav Kumar Tak

DOI: https://doi.org/10.48550/arXiv.1209.2557

2012-09-12

Abstract:A large part of modern day communications are carried out through the medium of E-mails, especially corporate communications. More and more people are using E-mail for personal uses too. Companies also send notifications to their customers in E-mail. In fact, in the Multinational business scenario E-mail is the most convenient and sought-after method of communication. Important features of E-mail such as its speed, reliability, efficient storage options and a large number of added facilities make it highly popular among people from all sectors of business and society. But being largely popular has its negative aspects too. E-mails are the preferred medium for a large number of attacks over the internet. Some of the most popular attacks over the internet include spams, and phishing mails. Both spammers and phishers utilize E-mail services quite efficiently in spite of a large number of detection and prevention techniques already in place. Very few methods are actually good in detection/prevention of spam/phishing related mails but they have higher false positives. These techniques are implemented at the server and in addition to giving higher number of false positives, they add to the processing load on the server. This paper outlines a novel approach to detect not only spam, but also scams, phishing and advertisement related mails. In this method, we overcome the limitations of server-side detection techniques by utilizing some intelligence on the part of users. Keywords parsing, token separation and knowledge bases are used in the background to detect almost all E-mail attacks. The proposed methodology, if implemented, can help protect E-mail users from almost all kinds of unwanted mails with enhanced efficiency, reduced number of false positives while not increasing the load on E-mail servers.

Cryptography and Security

Daniel Guamán,Franco Guamán,Danilo Jaramillo,Roddy Correa

DOI: https://doi.org/10.1007/978-3-319-31232-3_65

2016-01-01

Abstract:There are recommendations and tools, given by OWASP that suggest basic techniques of prevention and protection of computer attacks over web applications where the common types of attacks are XSS and SQL Injection; for that reasons, we apply recommendations and good practice to minimize this kind of attacks; used some tools to validate automatically attacks and built some expressions to validate manually the intrusions in web applications. Therefore, this study was based on the development of a prototype under REST, design pattern Facade, Java EE and Glassfish [13]. With the development of the prototype it was found that by the use of standards and norms recommend by OWASP the security in terms of overall design and source code in web applications can be greatly improved.

Rohit Bhadauria,Rajdeep Borgohain,Abirlal Biswas,Sugata Sanyal

DOI: https://doi.org/10.48550/arXiv.1308.0824

2013-08-04

Cryptography and Security

Abstract:Cloud computing is a revolutionary concept that has brought a paradigm shift in the IT world. This has made it possible to manage and run businesses without even setting up an IT infrastructure. It offers multi-fold benefits to the users moving to a cloud, while posing unknown security and privacy issues. User authentication is one such growing concern and is greatly needed in order to ensure privacy and security in a cloud computing environment. This paper discusses the security at different levels viz. network, application and virtualization, in a cloud computing environment. A security framework based on one-time pass key mechanism has been proposed. The uniqueness of the proposed security protocol lies in the fact, that it provides security to both the service providers as well the users in a highly conflicting cloud environment.

WEI Ruan-jie,LU Hong-tao

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.03.030

2010-01-01

Abstract:Web application is more and more used in current popular Internet sites; the security of the web application has become a very important issue. These papers implements a novel Web application tamper proof system,and analyzes the property that one feasible message digest algorithm should have in our scheme. This paper compares the new proposed system with intrusion detection system,and analyzes why this system can prevent more kinds of malevolence attack. The performance of the system is also evaluated by simulation results.

Satish Narayana Srirama,Anton Naumenko

DOI: https://doi.org/10.48550/arXiv.1007.3649

2010-07-21

Abstract:It is now feasible to host basic web services on a smart phone due to the advances in wireless devices and mobile communication technologies. While the applications are quite welcoming, the ability to provide secure and reliable communication in the vulnerable and volatile mobile ad-hoc topologies is vastly becoming necessary. The paper mainly addresses the details and issues in providing secured communication and access control for the mobile web service provisioning domain. While the basic message-level security can be provided, providing proper access control mechanisms for the Mobile Host still poses a great challenge. This paper discusses details of secure communication and proposes the distributed semantics-based authorization mechanism.

Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Shaik Rasool,G. Sridhar,K. Hemanth Kumar,P. Ravi Kumar

DOI: https://doi.org/10.48550/arXiv.1110.1701

2011-10-08

Cryptography and Security

Abstract:This paper puts forward a safe mechanism of data transmission to tackle the security problem of information which is transmitted in Internet. The encryption standards such as DES (Data Encryption Standard), AES (Advanced Encryption Standard) and EES (Escrowed Encryption Standard) are widely used to solve the problem of communication over an insecure channel. With advanced technologies in computer hardware and software, these standards seem not to be as secure and fast as one would like. In this paper we propose a encryption technique which provides security to both the message and the secret key achieving confidentiality and authentication. The Symmetric algorithm used has two advantages over traditional schemes. First, the encryption and decryption procedures are much simpler, and consequently, much faster. Second, the security level is higher due to the inherent poly-alphabetic nature of the substitution mapping method used here, together with the translation and transposition operations performed in the algorithm. Asymmetric algorithm RSA is worldwide known for its high security. In this paper a detailed report of the process is presented and analysis is done comparing our proposed technique with familiar techniques

Shaik Shakeel Ahamad

DOI: https://doi.org/10.1109/access.2021.3139065

IF: 3.9

2022-01-01

IEEE Access

Abstract:The unprecedented growth of mobile applications promoted the usage of these mobile applications for payments. The current research works in mobile payments and commerce are prone to reverse-engineering attacks and lacked transport layer protection, so these research works do not ensure security. Therefore, such attacks on Mobile Payment Applications (MPA) will be successful, which leads to severe financial loss. To address these issues, we propose a secure framework incorporating a defense-in-depth approach for Near Field Communication (NFC) based mobile payment frameworks. Our defense-in-depth approach has three levels, i.e., Defense at hardware, mobile application, and communication level. We have proposed a NFC based Secure Protocol for Mobile Transaction (NSPMT) protocol and successfully verified a mobile payment protocol with BAN (Burrows, Abadi, and Needham) logic and Scyther tool, and our proposed protocol overcome multi-protocol attack, RAM (Random Access Memory) scrapping attack, DOS (Denial Of Service), DDOS (Distributed Denial Of Service), and Phlashing attacks. Our proposed mobile Payment system overcomes the known mobile application vulnerabilities, including Heartbleed and ROBOT (Return Of Bleichenbacher’s Oracle Threat). Our proposed protocol ensures all the security properties and the energy and communication cost and computational cost are far less than the existing works in the literature. Finally, we have successfully implemented our protocol using kotlin language in Android Studio, with two Mobile Payment Applications (MPA) and POS Payment Application (PPA), Elliptic Curve Digital Signature Algorithm (ECDSA) is used and Advanced Encryption Standard (AES) with GCM (Galois/Counter Mode) mode is used for encryption and decryption of Customer Payment Data at MPA and PPA.

computer science, information systems,telecommunications,engineering, electrical & electronic

Irum Rauf,Elena Troubitsyna

DOI: https://doi.org/10.48550/arXiv.1805.05519

2018-05-15

Software Engineering

Abstract:The widespread adoption of cloud computing has resulted in the proliferation of open source cloud computing frameworks that give more control to enterprises over their data and networks. Though the benefits of open source software are widely recognized, there is a growing concern over their security assurance. Often open source software is a subject of frequent updates. The updates might introduce or remove a variety of features and hence violate security properties of the previous releases. Obviously, a manual inspection of security would be prohibitively slow and inefficient. In this work, we propose an automated approach that can help developers to assure the security of open source cloud framework even in the presence of frequent releases. Our methodology consists of creating a (stateful) wrapper that emulates the usage scenarios with explicit representation of security and functional requirements as contracts. We use a model-driven approach to model REST APIs of KeyStone, an identity service in OpenStack. OpenStack is an open source cloud computing framework providing IaaS. Our models define structural and behavioral properties of Keystone together with its security requirements. We detail the implementation of these models in Django Web Framework and also show how to use the behavioral interfaces to implement a service monitor for the cloud services. This mechanism facilitates verification and validation of functional behavior and security requirement in an automated manner.

Shantanu Pal,Sunirmal Khatua,Nabendu Chaki,Sugata Sanyal

DOI: https://doi.org/10.48550/arXiv.1108.4100

2011-08-20

Cryptography and Security

Abstract:In order to determine the user's trust is a growing concern for ensuring privacy and security in a cloud computing environment. In cloud, user's data is stored in one or more remote server(s) which poses more security challenges for the system. One of the most important concerns is to protect user's sensitive information from other users and hackers that may cause data leakage in cloud storage. Having this security challenge in mind, this paper focuses on the development of a more secure cloud environment, to determine the trust of the service requesting authorities by using a novel VM (Virtual Machine) monitoring system. Moreover, this research aims towards proposing a new trusted and collaborative agent-based two-tier framework, titled WAY (Who Are You?), to protect cloud resources. The framework can be used to provide security in network, infrastructure, as well as data storage in a heterogeneous cloud platform. If the trust updating policy is based on network activities, then the framework can provide network security. Similarly, it provides storage security by monitoring unauthorized access activities by the Cloud Service Users (CSU). Infrastructure security can be provided by monitoring the use of privileged instructions within the isolated VMs. The uniqueness of the proposed security solution lies in the fact that it ensures security and privacy both at the service provider level as well as at the user level in a cloud environment.

Vishal Vadgama,Bhavin Tanti,Chirag Modi,Nishant Doshi

DOI: https://doi.org/10.48550/arXiv.1208.3859

2012-08-19

Cryptography and Security

Abstract:In today's world of E-Commerce everything comes online like Music, E-Books, Shopping all most everything is online. If you are using some service or buying things online then you have to pay for that. For that you have to do Net Banking or you have to use Credit card which will do online payment for you. In today's environment when everything is online, the service you are using for E-Payment must be secure and you must protect your banking information like debit card or credit card information from possible threat of hacking. There were lots way to threat like Key logger, Forgery Detection, Phishing, Shoulder surfing. Therefore, we reveal our actual information of Bank and Credit Card then there will be a chance to lose data and same credit card and hackers can use banking information for malicious purpose. In this paper we discuss available E-Payment protocols, examine its advantages and delimitation's and shows that there are steel needs to design a more secure E-Payment protocol. The suggested protocol is based on using hash function and using dynamic or virtual password, which protects your banking or credit card information from possible threat of hacking when doing online transactions.

Kun Ma,Chengping Fang,Bo Yang,Zhenxiang Chen

DOI: https://doi.org/10.1109/carpi.2012.6356412

2012-01-01

Abstract:Web Service is a popular technology for the development of distributed system, and its security becomes more and more important. The security of Web Service depends on the security of Simple Object Access Protocol (SOAP) message crucially. In this paper, not only the security extension of SOAP protocol is proposed, but also the architecture, syntax rule, work theory and the implementation method of the protocol based on the Open-Source Services Framework-Apache (CXF) are described in detail. Finally, an example of this application based on the protocol proves that our approach is feasible in practice. The properties added to the SOAP header are more comprehensive, you can choose one or two properties to use in different occasions. And the paper will be helpful to the developers who need to add security extension based on SOAP.

Ms. Deepika Dhamija,Dr. Anu Bharti,,

DOI: https://doi.org/10.35940/ijeat.b3791.129219

2019-12-30

International Journal of Engineering and Advanced Technology

Abstract:The recent advancements in Information Technology have brought considerable changes in the way tasks are accomplished across the globe. The world has become a more connected place and a major impact as well as reason of this can be attributed to the steep rise in the usage of mobile devices. Mobile devices are being used for online payments in the form of shopping, money transfers, bill payments and what not. The majority of monetary transactions on the Internet now take place through mobile devices and therefore, mobile payment systems being wireless systems calls for an even more secure protocols and payment environment. Although the various security protocols available today boast of implementing the security requirements i.e. data confidentiality, integrity, non-repudiation, authentication and authorization, still the security of m-commerce transactions remain a major concern for mobile payment users. A number of m-commerce security techniques, models and protocols have been proposed by authors in recent past. This paper presents the recent advancements of the models and techniques authors proposed and the technologies and protocols used in these models. The paper also highlights the open areas of research in the field.

CUI Jian-Ming,FAN Li-Lin,WANG Xiao-Dong

DOI: https://doi.org/10.3969/j.issn.1672-6871.2006.03.012

2007-01-01

Abstract:Security and reliability of Web Services-based distributed system is introduced.Main technologies of current Web Services data transfer are analyzed and their weak points discussed.On this base,a detailed solution,which is a combination of encryption and digital signature to communicate with customer-end with canonical XML,is put forward.The transfer security of share data and the reliable trust relation between Web Services Server and customer is enhanced by this solution.

Y Rao,Bq Feng,Jc Han

DOI: https://doi.org/10.1007/978-3-540-30208-7_49

2004-01-01

Abstract:A security architecture model for web services, Security extended-Resources, Services, Roles, Protocols and Methods (SX-RSRPM) model, was proposed based on the conceptions about security of web services and Degree of Safety for Web Services (DoS4WS), which is a qualitative analysis index of Web Services security, in the paper. This model could effectively increase the value of DoS4WS by the extended emerging XML-based security of protocol stacks and a new affiliated role as security CA center. In addition, an integrated security solution has been developed and the results in practice show that this solution can build a confidence security environment for all roles and provide a flexible and extensible security manage mechanism.

Mohit Kumar,Kavita,Sahil Verma,Ashwani Kumar,Muhammad Fazal Ijaz,Danda B. Rawat

DOI: https://doi.org/10.1109/tii.2022.3181614

IF: 12.3

2022-10-05

IEEE Transactions on Industrial Informatics

Abstract:The Internet of Medical Things (IoMT) is an arising trend that provides a significant amount of efficient and effective services for patients as well as healthcare professionals for the treatment of disparate diseases. The IoMT has numerous benefits; however, the security issue still persists as a challenge. The lack of security awareness among novice IoMT users and the risk of several intermediary attacks for accessing health information severely endanger the use of IoMT. In this article, rooted elliptic curve cryptography with Vigenère cipher (RECC-VC) centered security amelioration on the IoMT is proposed for enhancing security. First, this work utilizes the exponential K-anonymity algorithm for privacy preservation. Second, a new improved Elman neural network (IENN) is proposed for analyzing the sensitivity level of data. The Gaussian mutated chimp optimization is employed for weight updating in this IENN. Finally, a novel RECC-VC is proposed for securely uploading the data to the cloud server. Additionally, data are stored in the cloud server using blockchain technology. In experimental analysis, the proposed methodologies attain better results than the prevailing methods. The proposed IENN model achieves an accuracy of 96% and is validated against state-of-the-art methods. Also, the proposed RECC-VC attains 98% of the security level.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Cheng Zhan,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.10.007

2008-01-01

Abstract:Web Service security problem is one of the highlighted topics in information security area recently.This article presents two security mechanisms for Web Services,transport-level security and message-level security.Then the security technology used to implement message-level security is introduces in detail.Finally,it gives a conclusion to Web Service security and proposes a new Web Service layered security model.