This document proposes an efficient security method for mobile instant messengers. It suggests using elliptic curve cryptography algorithms for authentication and encryption in a peer-to-peer architecture rather than a client-server model. The proposed method generates key pairs for each communication session to sign and encrypt messages efficiently. It is designed to be compatible with mobile devices and improve upon existing methods that lack encryption or have high computational requirements. The document outlines the security model and describes algorithms for encryption, decryption, signing and verifying messages that could provide secure communication for mobile instant messaging applications.
Instant Messenger (IM) becomes one of the most popular applications in mobile technology and
communication. A lot of users around the world installed it for daily activities. Current IM found security
lacks both in authentication and encryption matters. Various IM growing today still not apply an efficient
method in authentication and encryption process, conventional security methods and client-server
architecture system have to risk too many users for attacking server such as compromising, cracking
password or PINs by Unauthorized people. Common IM services lack native encryption to protect
information being transmitted over the public network and still used high computation in the mobile
environment, this problem needs efficient security methods. Then, in public IM also found various
messages with fake users, it occurs because public IM carry out the separate system in authentication and
encryption process, strong authentication need to solve this issue in messenger environment. The
tremendous growth of mobile IM user needs efficient and secure communication way. This paper proposes
a new efficient method for securing message both in encryption and authentication within the end-to-end
model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) works in
Peer to Peer (P2P) architecture than a conventional client-server model. The result shows this method
produces efficient time in authentication and encryption process while applying in a mobile environment.
Besides, it is compatible with the mobile phone which has a limitation of computation capabilities and
resources.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Comprehensive survey on security problems and key technologies of the interne...RSIS International
Internet of things (IoT) is a collection of many
interconnected objects, services, humans, and devices that can
communicate, share data, and information to achieve a common
goal in different areas and applications. The vision of IoT is to
enable devices to collaborate with each other on the Internet. IoT
security focuses on authentication and access control protocols.
IoT security is the area with protection connected devices and
networks. There are many key challenges in designing a secure
IoT: Privacy, Authentication, Access Control, Trust,
Confidentiality, Mobile Security, etc. Attacks on IoT security
devices are physical attacks, side channel attacks, cryptanalysis
attacks, software attacks, network attacks. This paper describes
Security Problems of IoT, Security issues and Key Technologies
of IoT.
A Novel Security Approach for Communication using IOTIJEACS
The Internet of Things (IOT) is the arrangement of physical articles or "things" introduced with equipment, programming, sensors, and framework accessibility, which enables these things to accumulate and exchange data. Here outlining security convention for the Internet of Things, and execution of this relating security convention on the inserted gadgets. This convention will cover the honesty of messages and verification of every customer by giving a productive confirmation component. By this venture the protected correspondence is executed on implanted gadgets.
Instant Messenger (IM) becomes one of the most popular applications in mobile technology and
communication. A lot of users around the world installed it for daily activities. Current IM found security
lacks both in authentication and encryption matters. Various IM growing today still not apply an efficient
method in authentication and encryption process, conventional security methods and client-server
architecture system have to risk too many users for attacking server such as compromising, cracking
password or PINs by Unauthorized people. Common IM services lack native encryption to protect
information being transmitted over the public network and still used high computation in the mobile
environment, this problem needs efficient security methods. Then, in public IM also found various
messages with fake users, it occurs because public IM carry out the separate system in authentication and
encryption process, strong authentication need to solve this issue in messenger environment. The
tremendous growth of mobile IM user needs efficient and secure communication way. This paper proposes
a new efficient method for securing message both in encryption and authentication within the end-to-end
model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) works in
Peer to Peer (P2P) architecture than a conventional client-server model. The result shows this method
produces efficient time in authentication and encryption process while applying in a mobile environment.
Besides, it is compatible with the mobile phone which has a limitation of computation capabilities and
resources.
Implementing High Grade Security in Cloud Application using Multifactor Auth...IJwest
As a high
-
speed internet foundation is being developed and people are informationized, most
of the tasks are engaged in internet field so there is
a risk that any private data like personal information or
applications for managing money can be wiretapped or eavesdropped. The consolidation of One Time
Passwords (OTPs) and Hash encryption algorithms are used to evolve a more secured password
-
protected
web sites and data storage systems. The new outlined scheme had higher security, small system overhead
and is easy to implement.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Comprehensive survey on security problems and key technologies of the interne...RSIS International
Internet of things (IoT) is a collection of many
interconnected objects, services, humans, and devices that can
communicate, share data, and information to achieve a common
goal in different areas and applications. The vision of IoT is to
enable devices to collaborate with each other on the Internet. IoT
security focuses on authentication and access control protocols.
IoT security is the area with protection connected devices and
networks. There are many key challenges in designing a secure
IoT: Privacy, Authentication, Access Control, Trust,
Confidentiality, Mobile Security, etc. Attacks on IoT security
devices are physical attacks, side channel attacks, cryptanalysis
attacks, software attacks, network attacks. This paper describes
Security Problems of IoT, Security issues and Key Technologies
of IoT.
A Novel Security Approach for Communication using IOTIJEACS
The Internet of Things (IOT) is the arrangement of physical articles or "things" introduced with equipment, programming, sensors, and framework accessibility, which enables these things to accumulate and exchange data. Here outlining security convention for the Internet of Things, and execution of this relating security convention on the inserted gadgets. This convention will cover the honesty of messages and verification of every customer by giving a productive confirmation component. By this venture the protected correspondence is executed on implanted gadgets.
Security Aspects of the Information Centric Networks ModelCSCJournals
With development of internet and the enormous growth of contents over networks, that motivated the researchers to proposed new paradigm model called Information Centric Networks ICN , the most features of ICN model is based on the content itself, instead, of the server located the contents over internet. This new model has a lot of challenges such as, mobility of contents, naming, replications, cashing, communications, and the security issue to secure the contents, customer, and providers. In this paper we will focus on ICN Model and propose solutions of security to protect the network elements, since the security is based on the packet itself rather than the host-centric.
June 2021 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
The Cloud based services provide much efficient
and seamless ways for data sharing across the cloud. The fact
that the data owners no longer possess data makes it very
difficult to assure data confidentiality and to enable secure
data sharing in the cloud. Despite of all its advantages this
will remain a major limitation that acts as a barrier to the
wider deployment of cloud based services. One of the possible
ways for ensuring trust in this aspect is the introduction of
accountability feature in the cloud computing scenario. The
Cloud framework requires promotion of distributed
accountability for such dynamic environment[1]. In some
works, there‘s an accountable framework suggested to ensure
distributed accountability for data sharing by the generation
of only a log of data access, but without any embedded feedback
mechanism for owner permission towards data
protection[2].The proposed system is an enhanced client
accountability framework which provides an additional client
side verification for each access towards enhanced security of
data. The integrity of content of data which resides in the
cloud service provider is also maintained by secured
outsourcing. Besides, the authentication of JAR(Java Archive)
files are done to ensure file protection and to maintain a safer
environment for data sharing. The analysis of various
functionalities of the framework depicts both the
accountability and security feature in an efficient manner.
Trusting Smart Speakers: Understanding the Different Levels of Trust between ...CSCJournals
The growing usage of smart speakers raises many privacy and trust concerns compared to other technologies such as smart phones and computers. In this study, a proxy measure of trust is used to gauge users’ opinions on three different technologies based on an empirical study, and to understand which technology most people are most likely to trust. The collected data were analyzed using the Kruskal-Wallis H test to determine the statistical differences between the users’ trust level of the three technologies: smart speaker, computer and smart phone. The findings of the study revealed that despite the wide acceptance, ease of use and reputation of smart speakers, people find it difficult to trust smart speakers with their sensitive information via the Direct Voice Input (DVI) and would prefer to use a keyboard or touchscreen offered by computers and smart phones. Findings from this study can inform future work on users’ trust in technology based on perceived ease of use, reputation, perceived credibility and risk of using technologies via DVI.
May 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Securing mobile cloud using finger print authenticationIJNSA Journal
Mobile cloud computing becomes part of mobile users daily life transactions. Mobile devices with Internet
capabilities have increased the use of mobile clouding computing. Due to hardware limitations in mobile
devices, these devices can't install and run applications require heavy CPU processing or extensive
memory. Cloud computing allows mobile users to synchronize their data with remote storage and utilize
applications require heavy CPU processing or extensive memory such as Microsoft Office or Adobe
Photoshop, as they run in a desktop computer.
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
Practical requirements for securely demonstrating identities between two handheld
devices are an important concern. The adversary can inject a Man-In- The-Middle (MITM) attack to
intrude the protocol. Protocols that employ secret keys require the devices to share private
information in advance, in which it is not feasible in the above scenario. Apart from insecurely
typing passwords into handheld devices or comparing long hexadecimal keys displayed on the
devices’ screen, many other human-verifiable protocols have been proposed in the literature to solve
the problem. Unfortunately, most of these schemes are unsalable to more users. Even when there are
only three entities attempt to agree a session key, these protocols need to be rerun for three times.
So, in the existing method a bipartite and a tripartite authentication protocol is presented using a
temporary confidential channel. Besides, further extend the system into a transitive authentication
protocol that allows multiple handheld devices to establish a conference key securely and efficiently.
But this method detects only the outsider attacks. Method does not consider the insider attacks. So,
in the proposed method trust score based method is introduced which computes the trust values for
the nodes and provide the security. The trust score is computed has a positive influence on the
confidence with which an entity conducts transactions with that node. Network the behavior of the
node will be monitored periodically and its trust value is also updated .So depending on the behavior
of the node in the network trust relation will be established between two nodes.
PRIVACY-PRESERVING MACHINE AUTHENTICATED KEY AGREEMENT FOR INTERNET OF THINGSIJCNCJournal
Internet of things (IoT) is the integration of computer-based systems and the physical world in which things
interact with each other. Due to heterogeneity and resource-constrained feature of IoT devices, there are
many privacy and security challenges resulting in many threat vulnerabilities in IoT environments. After
reviewing and analyzing the recent IoT security, privacy, and authentication protocols, we will withdraw
research gaps focused on the elimination of human factors in IoT authentication. In order to fill these
research gaps, this paper proposes a privacy-preserving machine authenticated key agreement based on
IoT, denoted as IoTMAKA. IoTMAKA uses dynamic identity and machine fingerprint to provide security and
privacy. Security analysis shows that IoTMAKA provides anonymity and untraceability, provides freshness,
and is secure against passive and active attacks. IoTMAKA reduces communication overheads by 20% and
computational overheads by 25% on average as compared to the previous related works.
Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health
departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases
from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing
applications increased because an adversary can use them as surveillance tools that violate the user’s
privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in
its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf
hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security
vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a non-
interactive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard.
The new protocol can replace the authentication protocol in the Bluetooth stack without any modification
in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-the-
middle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE
standard shows that our method mitigates the tracking attack with low communication messages. Our
results help enhance the contact-tracing application’s security in which Bluetooth access is available.
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
As per the recent studies, the volatile growth has been seen in the use of mobile devices as
the supporting technology for accessing Internet based services, as well as for personal
communication needs in networking. Various studies indicate that it is impossible to utilize strong
cryptographic functions for implementing security protocols on mobile devices. Our research negates
this. Explicitly, a performance analysis focused on the most commonly used cryptographic protocols
based on the location address (latitude & longitude) of the user for mobile applications and projected
provably secure authentication protocol that is more efficient than any of the prevailing
authentication protocol is being used by the network security methods. Understanding the use of
public key cryptography which makes potential use of discrete logarithms problem. The security of
ECC depends on the difficulty of Elliptic Curve Discrete Logarithm. To provide secure
communication for mobile devices, authenticated protocol is an important primitive for establishing
trusted connection. In this paper, it has been shown that the location based system using improved
Rabin Algorithm provides a better security and acquires much less energy consumption than the
existing authentication protocols.
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
Smart cities are expected to significantly improve people's quality of life, promote sustainable development, and enhance the efficiency of operations. With the implementation of many smart devices, c problems have become a serious challenge that needs strong treatments, especially the cyber-attack, which most countries suffer from it.
My study focuses on the security of smart city systems, which include equipment like air conditioning, alarm systems, lighting, and doors. Some of the difficulties that arise daily may be found in the garage. This research aims to come up with a simulation of smart devices that can be and reduce cyber attach. Use of Cisco Packet tracer Features Simulated smart home and c devices are monitored. Simulation results show that smart objects can be connected to the home portal and objects can be successfullymonitored which leads to the idea of real-life implementation and see. In my research make manysolutions for attachingissues,which was great, and apply some wirelessprotocol.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
VPN usage across the world has increased due to the COVID-19 pandemic. With companies trying to lay
the course through this unfamiliar state, corporations had to implement a Business Continuity Plan which
included several elements to maintain a scalable and robust VPN connection. During this time of
uncertainty, best practices need to be deployed by corporations and government entities more than ever.
The purpose of this study is to highlight the necessary path SD Telecom would take to ensure a secure,
reliable network during global traffic surge. Specific VPN solutions, access needs, and eligibility
requirements vary based on the end user.
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
Wearable Technology also called wearable gadget, is acategory of technology devices with low processing
capabilities that can be worn by a user with the aim to provide information and ease of access to the master
devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable
technology becomes significant when people start their invention in wearable computing, where their
mobile devices become one of the computation sources. However, wearable technology is not mature yet in
term of device security and privacy acceptance of the public. There exists some security weakness that
prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is
authentication issue. The low processing due to less computing power of wearable device causethe
developer's inability to equip some complicated security mechanisms and algorithm on the device.In this
study, an overview of security and privacy vulnerabilities on wearable devices is presented.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
In this abstract, we analyze the state of the art of end-to-end security Instant Messaging applications.
This includes the applications' network architectures, current and future challenges, and potential legal and social impact.
The Proposed Development of Prototype with Secret Messages Model in Whatsapp ...IJECEIAES
Development of prototype at data security through secret messages is needed for disguising the messages sent in smartphone chatting application, WhatsApp (WA) Chat. We propose a model to disguise a plaintext message which is first encrypted by cryptosystem to change the plaintext message to ciphertext. Plaintext or plainimage entering the smartphone system is changed into encrypted text; receiver then can read the message by using similar key with the sender. The weakness of this proposal is the message random system is not planted directly in the chatting application; therefore message removing process from cryptosystem to WA application is still needed. The strength of using this model is the messages sent will not be easily re-encrypted by hacker and can be used at client computing section.
Security Aspects of the Information Centric Networks ModelCSCJournals
With development of internet and the enormous growth of contents over networks, that motivated the researchers to proposed new paradigm model called Information Centric Networks ICN , the most features of ICN model is based on the content itself, instead, of the server located the contents over internet. This new model has a lot of challenges such as, mobility of contents, naming, replications, cashing, communications, and the security issue to secure the contents, customer, and providers. In this paper we will focus on ICN Model and propose solutions of security to protect the network elements, since the security is based on the packet itself rather than the host-centric.
June 2021 - Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Cloud Security and Data Integrity with Client Accountability FrameworkIDES Editor
The Cloud based services provide much efficient
and seamless ways for data sharing across the cloud. The fact
that the data owners no longer possess data makes it very
difficult to assure data confidentiality and to enable secure
data sharing in the cloud. Despite of all its advantages this
will remain a major limitation that acts as a barrier to the
wider deployment of cloud based services. One of the possible
ways for ensuring trust in this aspect is the introduction of
accountability feature in the cloud computing scenario. The
Cloud framework requires promotion of distributed
accountability for such dynamic environment[1]. In some
works, there‘s an accountable framework suggested to ensure
distributed accountability for data sharing by the generation
of only a log of data access, but without any embedded feedback
mechanism for owner permission towards data
protection[2].The proposed system is an enhanced client
accountability framework which provides an additional client
side verification for each access towards enhanced security of
data. The integrity of content of data which resides in the
cloud service provider is also maintained by secured
outsourcing. Besides, the authentication of JAR(Java Archive)
files are done to ensure file protection and to maintain a safer
environment for data sharing. The analysis of various
functionalities of the framework depicts both the
accountability and security feature in an efficient manner.
Trusting Smart Speakers: Understanding the Different Levels of Trust between ...CSCJournals
The growing usage of smart speakers raises many privacy and trust concerns compared to other technologies such as smart phones and computers. In this study, a proxy measure of trust is used to gauge users’ opinions on three different technologies based on an empirical study, and to understand which technology most people are most likely to trust. The collected data were analyzed using the Kruskal-Wallis H test to determine the statistical differences between the users’ trust level of the three technologies: smart speaker, computer and smart phone. The findings of the study revealed that despite the wide acceptance, ease of use and reputation of smart speakers, people find it difficult to trust smart speakers with their sensitive information via the Direct Voice Input (DVI) and would prefer to use a keyboard or touchscreen offered by computers and smart phones. Findings from this study can inform future work on users’ trust in technology based on perceived ease of use, reputation, perceived credibility and risk of using technologies via DVI.
May 2021: Top 10 Read Articles in Network Security and Its ApplicationsIJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Securing mobile cloud using finger print authenticationIJNSA Journal
Mobile cloud computing becomes part of mobile users daily life transactions. Mobile devices with Internet
capabilities have increased the use of mobile clouding computing. Due to hardware limitations in mobile
devices, these devices can't install and run applications require heavy CPU processing or extensive
memory. Cloud computing allows mobile users to synchronize their data with remote storage and utilize
applications require heavy CPU processing or extensive memory such as Microsoft Office or Adobe
Photoshop, as they run in a desktop computer.
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
Practical requirements for securely demonstrating identities between two handheld
devices are an important concern. The adversary can inject a Man-In- The-Middle (MITM) attack to
intrude the protocol. Protocols that employ secret keys require the devices to share private
information in advance, in which it is not feasible in the above scenario. Apart from insecurely
typing passwords into handheld devices or comparing long hexadecimal keys displayed on the
devices’ screen, many other human-verifiable protocols have been proposed in the literature to solve
the problem. Unfortunately, most of these schemes are unsalable to more users. Even when there are
only three entities attempt to agree a session key, these protocols need to be rerun for three times.
So, in the existing method a bipartite and a tripartite authentication protocol is presented using a
temporary confidential channel. Besides, further extend the system into a transitive authentication
protocol that allows multiple handheld devices to establish a conference key securely and efficiently.
But this method detects only the outsider attacks. Method does not consider the insider attacks. So,
in the proposed method trust score based method is introduced which computes the trust values for
the nodes and provide the security. The trust score is computed has a positive influence on the
confidence with which an entity conducts transactions with that node. Network the behavior of the
node will be monitored periodically and its trust value is also updated .So depending on the behavior
of the node in the network trust relation will be established between two nodes.
PRIVACY-PRESERVING MACHINE AUTHENTICATED KEY AGREEMENT FOR INTERNET OF THINGSIJCNCJournal
Internet of things (IoT) is the integration of computer-based systems and the physical world in which things
interact with each other. Due to heterogeneity and resource-constrained feature of IoT devices, there are
many privacy and security challenges resulting in many threat vulnerabilities in IoT environments. After
reviewing and analyzing the recent IoT security, privacy, and authentication protocols, we will withdraw
research gaps focused on the elimination of human factors in IoT authentication. In order to fill these
research gaps, this paper proposes a privacy-preserving machine authenticated key agreement based on
IoT, denoted as IoTMAKA. IoTMAKA uses dynamic identity and machine fingerprint to provide security and
privacy. Security analysis shows that IoTMAKA provides anonymity and untraceability, provides freshness,
and is secure against passive and active attacks. IoTMAKA reduces communication overheads by 20% and
computational overheads by 25% on average as compared to the previous related works.
Bluetooth is an essential wireless standard for short-distance and low-power wireless networks. Health
departments’ contact-tracing applications depended on Bluetooth technology to prevent infectious diseases
from spreading, especially COVID-19. The security threats of the Bluetooth-based contact-tracing
applications increased because an adversary can use them as surveillance tools that violate the user’s
privacy and revealpersonal information. The Bluetooth standard mainly depends on the device address in
its authenticated pairing mechanism (Secure Simple Pairing), which can collect with off-the-shelf
hardware and software and leads to a tracking attack. To avoid the risk of tracking based on this security
vulnerability in the Bluetooth protocol, we suggest a novel authentication protocol based on a non-
interactive zero-knowledge scheme to substitute the authentication protocol used in the Bluetooth standard.
The new protocol can replace the authentication protocol in the Bluetooth stack without any modification
in the device pairing flow. Finally, we prove the security of our proposed scheme against the man-in-the-
middle attack and tracking attack. A performance comparison with the authentication algorithm in the BLE
standard shows that our method mitigates the tracking attack with low communication messages. Our
results help enhance the contact-tracing application’s security in which Bluetooth access is available.
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
As per the recent studies, the volatile growth has been seen in the use of mobile devices as
the supporting technology for accessing Internet based services, as well as for personal
communication needs in networking. Various studies indicate that it is impossible to utilize strong
cryptographic functions for implementing security protocols on mobile devices. Our research negates
this. Explicitly, a performance analysis focused on the most commonly used cryptographic protocols
based on the location address (latitude & longitude) of the user for mobile applications and projected
provably secure authentication protocol that is more efficient than any of the prevailing
authentication protocol is being used by the network security methods. Understanding the use of
public key cryptography which makes potential use of discrete logarithms problem. The security of
ECC depends on the difficulty of Elliptic Curve Discrete Logarithm. To provide secure
communication for mobile devices, authenticated protocol is an important primitive for establishing
trusted connection. In this paper, it has been shown that the location based system using improved
Rabin Algorithm provides a better security and acquires much less energy consumption than the
existing authentication protocols.
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
Smart cities are expected to significantly improve people's quality of life, promote sustainable development, and enhance the efficiency of operations. With the implementation of many smart devices, c problems have become a serious challenge that needs strong treatments, especially the cyber-attack, which most countries suffer from it.
My study focuses on the security of smart city systems, which include equipment like air conditioning, alarm systems, lighting, and doors. Some of the difficulties that arise daily may be found in the garage. This research aims to come up with a simulation of smart devices that can be and reduce cyber attach. Use of Cisco Packet tracer Features Simulated smart home and c devices are monitored. Simulation results show that smart objects can be connected to the home portal and objects can be successfullymonitored which leads to the idea of real-life implementation and see. In my research make manysolutions for attachingissues,which was great, and apply some wirelessprotocol.
THE INTERNET OF THINGS: NEW INTEROPERABILITY, MANAGEMENT AND SECURITY CHALLENGESIJNSA Journal
The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It
extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates
opportunities in numerous domains. However, this increase in connectivity creates many prominent
challenges. This paper provides a survey of some of the major issues challenging the widespread adoption
of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the
IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security,
management, and privacy.
VPN usage across the world has increased due to the COVID-19 pandemic. With companies trying to lay
the course through this unfamiliar state, corporations had to implement a Business Continuity Plan which
included several elements to maintain a scalable and robust VPN connection. During this time of
uncertainty, best practices need to be deployed by corporations and government entities more than ever.
The purpose of this study is to highlight the necessary path SD Telecom would take to ensure a secure,
reliable network during global traffic surge. Specific VPN solutions, access needs, and eligibility
requirements vary based on the end user.
WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSISIJNSA Journal
Wearable Technology also called wearable gadget, is acategory of technology devices with low processing
capabilities that can be worn by a user with the aim to provide information and ease of access to the master
devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable
technology becomes significant when people start their invention in wearable computing, where their
mobile devices become one of the computation sources. However, wearable technology is not mature yet in
term of device security and privacy acceptance of the public. There exists some security weakness that
prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is
authentication issue. The low processing due to less computing power of wearable device causethe
developer's inability to equip some complicated security mechanisms and algorithm on the device.In this
study, an overview of security and privacy vulnerabilities on wearable devices is presented.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
In this abstract, we analyze the state of the art of end-to-end security Instant Messaging applications.
This includes the applications' network architectures, current and future challenges, and potential legal and social impact.
The Proposed Development of Prototype with Secret Messages Model in Whatsapp ...IJECEIAES
Development of prototype at data security through secret messages is needed for disguising the messages sent in smartphone chatting application, WhatsApp (WA) Chat. We propose a model to disguise a plaintext message which is first encrypted by cryptosystem to change the plaintext message to ciphertext. Plaintext or plainimage entering the smartphone system is changed into encrypted text; receiver then can read the message by using similar key with the sender. The weakness of this proposal is the message random system is not planted directly in the chatting application; therefore message removing process from cryptosystem to WA application is still needed. The strength of using this model is the messages sent will not be easily re-encrypted by hacker and can be used at client computing section.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
E-Commerce Privacy and Security SystemIJERA Editor
The Internet is a public networks consisting of thousand of private computer network connected together. Private computer network system is exposed to potential threats from anywhere on the public network. In physical world, crimes often leave evidence finger prints, footprints, witnesses, video on security comes and so on. Online a cyber –crimes, also leaves physical, electronic evidence, but unless good security measures are taken, it may be difficult to trace the source of cyber crime. In certain e-commerce-related areas, such as networking, data transfer and data storage, researchers applied scanning and testing methods, modeling analysis to detect potential risks .In the Security system ,Questions are related to online security in which given options are Satisfied, Unsatisfied ,Neutral, Yes, No. and weak password , Strong password. it is revealed that it is quite difficult, if not impossible, to suggest that which online security is best. Online security provide the flexibility, efficiency of work, provide the better security of net banking . The main feature of the research that the data is safe in banking management for long time and open any account after along time. The Future scope of the study of Security is use to reduce threats. Security is used in the long run results in the reduction of number of branches, saying rentals of related and properties. If the better Security operate than net banking and e-marketing will be increase.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
Design and development of non server peer 2 peer secure communication using j...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Android Based Total Security for System AuthenticationIJERA Editor
In this Paper [5], A highly severe menace to any computing device is the impersonation of an authenticate user. The most frequent computer authentication scheme is to use alphanumerical usernames and passwords. But the textual passwords are prone to dictionary attacks, eves dropping, shoulder surfing and social engineering. As such, graphical passwords have been introduced as an alternative to the traditional authentication process. Though the graphical password schemes provide a way of making more user friendly passwords, while increasing the level of security, they are vulnerable to shoulder surfing. To address this problem, text can be used in combination with the colors and images to generate the session passwords, thereby making a stronger authentication means. In general, session passwords are those that can be used only once and for every new session, a new password is engendered. This paper [7] describes a method of implementing two factor authentication using mobile phones. The proposed method guarantees that authenticating to services, such as online banking or ATM machines, is done in a very secure manner. The proposed system involves using a mobile phone as a software token for One Time Password generation. The generated One Time Password is valid for only a short user defined period of time and is generated by factors that are unique to both, the user and the mobile device itself. Additionally, an SMS-based mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. The proposed method has been implemented and tested. Initial results show the success of the proposed method.
This report analysis web security password authentication based on single- block hash function, written by Shi-Qi Wang, Jing-Ya Wang and Yong-Zhen Li and presented at the 2013 International Conference on Electronic Engineering and Computer Science. To analyze an algorithm means to study the specification of the Algorithm and come to a conclusion about how the implementation of that algorithm will perform in general. Here, the amount of resources necessary to execute the algorithm is determined and its equivalent running time (time complexity) or efficiency of the algorithm.
A review of some of the available literature provides insights into various web security and user identity authentication mechanisms, single- block hash function algorithm, its types, design and functions.
The key findings include:
The Single- Block Hash Function Algorithm has variable input length and fixed out length
The flow chart in figure 1 of the studies shows that the algorithm is Message Digest Method 5 (MD 5)
MD5 algorithm appends padding bits, appends length bits, initialize MD buffer and process each 512- bit block.
In processing each 512- bit block, a total of 64 operations are performed in 4 stages and each stage undergoes 16 iterations.
Collision Resistance Scenario: MD 5 has a very weak collision resistance and its therefore not recommended for encryption. However, MD 5 can withstand tamper with and replay. Running Time (Time Complexity): The time complexity of MD 5 is O(n), where n represents the size of the input data. it is considered relatively fast and efficient than the traditional password but slower than modern hash functions.
Many researchers research to use Single-Block hash algorithm to realize the Web user ID authentication
MD 5 solves deficiency of the traditional username-password authentication or digital signature to realize Web user’s identity authentication
The information presented in this report has been gathered from secondary sources and has been prepared for submission as Information Security Course at AAMUSTED.
In the ever-evolving world of web app development services, staying ahead of security threats is more critical than ever. As technology advances, so do the tactics of cybercriminals.
Design and Development of an E-Commerce Security Using RSA CryptosystemAM Publications,India
E-commerce has presented a new way of doing transactions all over the world using internet. The success of ecommerce depends greatly on how its information technology is used. Over the years the rate at which ecommerce sensitive information is sent over the internet and network has increased drastically. It is for this reason that every company wants to ensure that its ecommerce information is secured. There is need for ecommerce information transmitted via the internet and computer networks to be protected. There is substantial growth in the areas of credit card fraud and identity theft because the internet is a public network with thousands of millions of users. Amongst users are crackers or hackers that carry out the credit card fraud and identity theft in numerous ways facilitated by poor internet security; a concern regarding the exchange of money securely and conveniently over the internet increases. The criticality, danger, and higher priority importance of any e-commerce money transfer makes it a hot area of research interest in modern computer science and informatics. E-commerce industry is slowly addressing security issues on their internal networks but security protection for the consumers is still in its infancy, thus posing a barrier to the development of e-commerce. There is a growing need for technological solutions to globally secure ecommerce transaction information by using appropriate data security technology. The technology solution proposed for solving this security problem is the RSA cryptosystem. This research paper focuses on securing ecommerce information sent through the computer network and internet using RSA cryptography. It elucidates the implementation of RSA algorithm and shows that ecommerce security powered with RSA cryptography is very important in ecommerce transaction. While many attacks exist, the system has proven to be very secure
A Novel Passwordless Authentication Scheme for Smart Phones Using Elliptic Cu...ADEIJ Journal
Today, a large number of people access internet through their smart phones to login to their bank accounts, social networking accounts and various other blogs. In such a scenario, user authentication has emerged as a major security issue in mobile internet. To date, password based authentication schemes have been extensively used to provide authentication and security. The password based authentication has always been cumbersome for the users because human memory is transient and remembering a large number of long and complicated passwords is impossible. Also, it is vulnerable to various kinds of attacks like brute force, rainbow table, dictionary, sniffing, shoulder surfing and so on. As the main contribution of this paper, a new passwordless authentication scheme for smart phones is presented which not only resolves all the weaknesses of password based schemes but also provide robust security. The proposed scheme relieves users from memorizing and storing long and complicated passwords. The proposed scheme uses ECDSA which is based on Elliptic Curve Cryptography (ECC). ECC has remarkable strength and efficiency advantages in terms of bandwidth, key sizes and computational overheads over other public key cryptosystems. It is therefore suitable for resource constraint devices like smart phone. Furthermore, the proposed scheme incorporate CAPTCHA which play a very important role in protecting the web resources from spamming and other malicious activities. To the best of our knowledge, until now no passwordless user authentication protocol based on ECC has been proposed for smart phones. Finally, the security and functionality analysis shows that compared with existing password based authentication schemes, the proposed scheme is more secure and efficient.
OneTK: Key Distribution Center at Cloud Providers towards End to End, Securit...Editor IJMTER
Using End to End Connection in packet Switching networks for providing higher
security in Cloud Computing. In cloud computing a major role is provide security to services that
may be PaaS( Platform as a Service), SaaS( Software as a Service) , CaaS( Communication as a
Service) , IaaS( Infrastructure as a Services) , MaaS ( Monitoring as a Service)n, XaaS( X: Platform,
Software, Monitoring, Infrastructure). Cloud computing provides wide range of services. Large,
Small and medium businesses are depending on out sourcing of data services and computation on
cloud this is mainly deals with SaaS. The cloud provides a very high efficient service for the business
organizations. These business organizations trust cloud service providers on their data security. But
providing security is highly risk in cloud through the third party, especially in private cloud services.
Existing data security methods are not so effective. By using this End to End Connection and Session
Keys and attempts is to be covered secularism in the area of Cloud computing users.
A new approach for securing the data from cloud. OTK – “One Time Key Distribution File” is a
service that protects unauthorized file downloading form the cloud.
A Review of Information Security from Consumer’s Perspective Especially in On...Dr. Amarjeet Singh
In the current internet technology, most of the transactions to banking system are effective through online transaction. Predominantly all these e-transactions are done through e-commerce web sites with the help of credit/debit cards, net banking and lot of other payable apps. So, every online transaction is prone to vulnerable attacks by the fraudulent websites and intruders in the network. As there are many security measures incorporated against security vulnerabilities, network thieves are smart enough to retrieve the passwords and break other security mechanisms. At present situation of digital world, we need to design a secured online transaction system for banking using multilevel encryption of blowfish and AES algorithms incorporated with dual OTP technique. The performance of the proposed methodology is analyzed with respect to number of bytes encrypted per unit time and we conclude that the multilevel encryption provides better security system with faster encryption standards than the ones that are currently in use.
RunPool: A Dynamic Pooling Layer for Convolution Neural NetworkPutra Wanda
Deep learning (DL) has achieved a significant performance in computer vision problems, mainly in automatic feature extraction and representation. However, it is not easy to determine the best pooling method in a different case study. For instance, experts can implement the best types of pooling in image processing cases, which might not be optimal for various tasks. Thus, it is
required to keep in line with the philosophy of DL. In dynamic neural network architecture, it is not practically possible to find
a proper pooling technique for the layers. It is the primary reason why various pooling cannot be applied in the dynamic and multidimensional dataset. To deal with the limitations, it needs to construct an optimal pooling method as a better option than max pooling and average pooling. Therefore, we introduce a dynamic pooling layer called RunPool to train the convolutional
neuralnetwork(CNN)architecture.RunPoolpoolingisproposedtoregularizetheneuralnetworkthatreplacesthedeterministic
pooling functions. In the final section, we test the proposed pooling layer to address classification problems with online social network (OSN) dataset
2. TELKOMNIKA ISSN: 1693-6930
Efficient Data Security for Mobile Instant Messenger (Putra Wanda)
1427
mobile phone prefers social presence, flow, and self-disclosure than security aspect. It will be
a serious problem for their data privacy [6].
Various IM growing today still not apply the efficient method in authentication and
encryption process, conventional security methods and client-server architecture system have a
risk to many users for attacking server such as compromising, cracking password or leakage of
PINs. Unauthorized people may able to crack the simple passwords and build attack on it, PINs
leakage issue not only in mobile devices but in wearable devices [7]. several studies have tried
to solve the problems with conventional public-key cryptography (PKC) implemented to give
user authentication [18], model of the ranking algorithm using a transitional Bayesian inference
model [8]
But solving that issue with PKC architecture is not strong enough while implemented in
a client-server model with vast users. As we know, public-key computations need large memory
and long time enough, for this problem algorithm choice become a solution to alleviate
computation overhead. Computational overhead is one of the main concerns for the public key
model. So that in this paper we propose a method to solve the problem of computational
overhead. Currently, most of IM doesn’t implement an efficient method for securing data while
transmitting via a public network. Therefore a novel approach needed in data security by digital
signature and encryption method which have good security level, low computational, fastly
encryption.
Therefore, this paper proposes a novel approach focused on the efficient method in
securing message both in encryption and authentication within the end-to-end model. In this
research, security method proposes new algorithms based on Elliptic Curve (EC) scheme with
the specific curve. This model computed within the specific curve, with prime selected p-256 for
achieving efficient computation. This model is Peer to Peer (P2P) architecture than using
conventional client-server model. In this method, end-to-end authentication phase will make
each of data become validated among users. Then, encryption process uses to achieve data
privacy simultaneously. This is a novel approach with Curve computing concept in securing
mobile communication environment
2. Related Work
Several ways to secure instant messaging based on A research in 2011, a paper
proposed a secure module for the instant messaging which adds other “secure module” and
apply a hash algorithm to secure the path in transceiver and routing modules. On the paper, the
hash algorithm is helping secure network conversation and it will result in a private environment
data transmitting along sender and receiver in IM message. While sending, the application
disguises the text in the network that a process it protected toward the attackers. It will secure
the system.
In this approach, a secure architecture divided into four modules; chat module,
transceiver module, secure module, and a routing module. In this research, secure module
applied the hash algorithm. The main function of the hash algorithm is to convert into a hash
value. Purpose of encryption is to make sure unauthorized person cannot view the original data
or information through the network. IM application in securing IM has developed and tested [9].
Another authentication for security method called group authentication, which
authenticates all users on a line. It is particular design to support applications with group
oriented. Propose a special type of authentication, called group authentication which designed
for group-oriented applications. The proposed method is no longer a one-to-one type of
authentication but in this approach, it is a many-to-many type of authentication. Group
authentication can authenticate multiple users [10].
Besides, authentication agent needs to secure data on the internet, it like the system
designed for e-Shopping. In its model, an agent creates connectivity anytime, anywhere, any-
device-basis in providing the customer the specific goods. But Internet being heterogeneous
and nonsecure medium; privacy, authenticity, integrity, and non-repudiation are the key
requirements to addressed by such systems where face to face interaction is impossible. Most
of the systems don’t provide the required level of security service so that many problems exist in
the systems like denying, losing, misusing, stealing double spending etc. This approach address
all the security service problems to an e-shopping system using Elliptic Curve Cryptosystem
(ECC) [11]
3. ISSN: 1693-6930
TELKOMNIKA Vol. 16, No. 3, June 2018: 1426-1435
1428
3. Mobile Security Overview
Nowadays, various methods have proposed for securing mobile internet from threats,
such as by Business Diversification, Platform Diverse, Terminal Security etc. [12]. Terminal
security is a problem that solved in mobile Internet and is also the most concerned by users.
Mobile internet terminal securities mean includes the traditional terminal protection, mobile
terminal security management, terminal access control and other [13].
IM is one of the most important applications in Mobile Internet. Based on a review of
several papers, the most popular IM products: Skype Messenger, Facebook Instant Messenger,
Yahoo Messenger, Google Talk Instant Messenger, eBuddy, Whatsapps instant messaging
and SimpPro are still vulnerable to security violations. They allow users to transfer clear text in
chat sessions that risk in IM communication, it will give an opportunity eavesdropper for
changing a message. Some IM application still sends the message to sender and receiver over
the internet in a plaintext. The following table will show format of the text while transmitting.
Table 1. List of Instant Message Encryption Web Based
Messenger Text conversation over the internet Text conversation android browser
Skype App Encrypted Message -
WhatsApp Encrypted Message -
Yahoo App Plaintext -
Gmail Messenger Encrypted Message Encrypted Message
Facebook Messenger Plaintext -
Google Talk Plaintext -
The table shows how to risk the message that sends over the internet [14]. Based on
the paper, vulnerable aspect can cause a program to sniff and change the packet that sends via
public networks. As we know, the main concept of security defined that s Confidentiality: How
an information still in secrecy while transmitting over a network. Authentication will ensure that
the people using the application which sending a message are the authorized users of that
system. Then, Non-Repudiation systems able to ensures that neither sender nor the receiver
can deny communication while they exchange a message [15].
4. Our Approach
There are possibilities of making the algorithm more efficient and secure in a public-key
cryptosystem. Elliptic Curve Cryptography has become one of the latest trends in the field of
public-key cryptography. EC Cryptography promises a faster and more secure method of
encryption compared to any other standard public-key cryptosystem. Elliptic curve widely used
in security, various aspect successfully applied this algorithm for achieving high-level security
such as internet protocol, image processing until securing service for Session Initiation
Protocol [16].
One of the methods which used to authenticate message while transmitting via the
public internet is Digital Signature. It can use to help authenticate the HTML script, message
text etc. Digital signatures can help build secure and efficient internet application. Wider
adoption of digital signatures would be possible to make the method for securing IM message
while running a chat in a session efficiently [17].
4.1. Security model
While many methods have proposed in client-server communication architecture, in this
paper, we use two schemas for securing IM data in Peer to Peer architecture, authentication,
and cryptography process. Authentication ensures that the people using the application which
sent a message to authorized people [15]. Cryptography use to create a random text for
avoiding unauthorized people compromise data while transmitting over the internet.
This study will use Elliptic Curve concept for designing authentication and cryptography
algorithm efficiently. This model, each user generates a key pair with specific algorithms
before initiating a communication between them. Generating process produces private key and
public key, the key is a key air which used along with a communication session. The key
pair will be erased after communicating finished completely.
4. TELKOMNIKA ISSN: 1693-6930
Efficient Data Security for Mobile Instant Messenger (Putra Wanda)
1429
4.1.1. Authentic process
Each of user will own a key pair consists of a private key and public key. The private
key will be saved for signing and decrypting message while public key used for verifying and
encrypting the message. In the authentication process, each user sent a public key by peer to
peer communication, this model may able to fasten keys transaction between them.
Authentication process will use a key pair. The key pair own private key and public key,
the private key will sign the message (M) while sending a message over the internet and the
public key will verify the message. In this process, generating key pair session will apply Elliptic
Curve concept in that algorithm.
4.1.2. Crypto process
Crypto process is an encryption and decryption process which will use to change
plaintext into ciphertext, this process will get the key pair that generated. Key pair includes a
private key and public key, receiver’s public key will encrypt the message (M) and receiver’s
private key will decrypt a ciphertext.
At the sender, for instance, Alice, the private key will sign M message and M has to add
a hash function as a message digest. Combination of hash value and sign will produce Message
signature (S). S as a secure message will be exchanged via the public internet. An example, Bob
is M receiver. When the receiver gets M in the application, Alice’s Public key will verify M
message. It will use a hash function for comparing the M value. If the value is compatible, so S is
a valid Message from Alice and vice-versa. This cryptography will result in communication of IM
be fastly and fulfill the level of security. The proposed model illustrated in Figure 1.
M Sign Verify M
Alice Private Key
Alice Bob
Encrypt Decrypt
S
Alice Public Key
Bob Public Key Bob Private Key
Peer to Peer Communcation
Figure 1. Efficient security model in IM communication
When Alice wants to make a chat with Bob, Alice will send a message (M). While M message
sends to Bob, ECC schema will encrypt it become ciphertext and generate its signature. Bob will
decrypt the ciphertext with his private key and verify the signature with the public key of Alice.
Since the Bob knows Alice’s public key, it can verify whether Alice sends the message indeed.
In this paper, each data exchange use key pair per session used for a session data
transaction in mobile IM system. Key pair will guard user along a session information transaction
after a session is finished, the system will automatically delete the key pair so that other session
cannot use to sign or encrypt a message when they start another session.
4.2. Designed algorithms
In this paper, we make several algorithms to reach efficient security for data transaction
in mobile IM. Two types algorithms in our model, encryption-decryption algorithm and signature
algorithm.
Algorithm 1. Encryption
Input: Message (M)
Output: Ciphertext (M’)
S1: Choose public key Q=dP based Elliptic
Curve
S2: Choose a point of P (in Elliptic Curve)
S3: Choose a prime number p
S4: Choose a random k ∈{2,…,p-1} and compute
kQ dan kP.
Ciphertext: M’=[kP, M ⊕ X(kQ)]
5. ISSN: 1693-6930
TELKOMNIKA Vol. 16, No. 3, June 2018: 1426-1435
1430
Then, when the receiver wants to read the original message, he will use decryption process.
Decryption process will use the following algorithm.
Algorithm 2. Decryption
Input: Message ciphertext (M’)
Output: Message plaintext (M)
S1: Read a private key d for Elliptic Curve E
S2: Read the value of kP and compute d(kP).
S3: read binary number of M2
Decryption: M=[M2 ⊕ X(d(kP))]
While sending a message, a user will sign it with ECC algorithm to give authentication. Signing
process will use the following algorithm.
Algorithm 3. Signing Message
Input: Message (M)
Output: Message Signature (S)
S1: Choose random integer k for Elliptic Curve E
S2: Choose base point P for Elliptic Curve E
S3: Compute kP
S4 : Compute r=x1 mod n
S5 : Compute s=k-1
{h(m)+dr} mod n
Signature of M=(r,s)
After receiving a signature message, the receiver will verify it with public key based on ECC
algorithm to check the validation of signature. Verifying process will use the following algorithm.
Algorithm 4. Verifying signature of Message
Input: Message Signature (S)
Output: Valid or Invalid
S1: Choose the public key Q
S2: r and s is in [1, n-1] interval
S3 : Compute w=s-1
mod n dan h(m).
S4: Apply a Hash (SHA-256) for M
S5 : Compute u1=h(m)w mod n and u2=rw mod
S6 : Compute u1P+u2Q=(x1, y1) and v=x1 mod n.
If v=r then Signature is Valid
Each of user will always run two processes when exchange messages each other. The
process includes Authentic process and crypto process. The authentic process steps to sign or
verify the message and crypto process is a step when user will encrypt or decrypt the message
in a data exchange. To reach efficient message security in mobile IM, we use several
parameters in ECC algorithm. The mobile device hasn’t a good resource for running heavy
computation for all security. So that, in this paper we make ECC algorithm to give good level
security aspect and low-level computation overhead in a mobile device.
4. Result
This paper will show the efficient level of above algorithm to give security in mobile IM.
there are three indicators that will use to test efficient level include computation time, ciphertext
length and signature length. To measure the efficient levels, testing uses more specification in
the android emulator with different resources. Encryption time is period for converting a plaintext
into ciphertext and Decryption time is vice versa. Encryption process uses a various length of
key based ECC parameters. The result of encryption and decryption show in Figure 2.
Figure 2 shows the difference of time which uses to encryption and decryption with
various os key length. In this research, as more little time in running the process, as more
efficient the key length. The result of this testing shows that key lengths which 224 and 256-bit
size is the most effective than another size of key length.
6. TELKOMNIKA ISSN: 1693-6930
Efficient Data Security for Mobile Instant Messenger (Putra Wanda)
1431
Figure 2: Encryption-decryption time based on key length
On the other hand, time of signing process uses to give a signature and verification of a
message. In the testing report, this study produced different time with various of key length.
Using of Elliptic Curve in this process has produced efficient time and resource computation,
Elliptic Curve concept with key length 224 and 256 bit own good level of signing and verifying
process. Therefore, these key size is preferable for implementing in mobile IM. Another aspect
of the testing part is the signature length of the message. It is the random character of a
message after hash processing finished. Signature length will affect the use of internal memory
in the mobile device. The result of signature length shown in Figure 3.
Figure 3. Length of message signature with Elliptic Curve
Figure 3 describes that the length of digital signature affected by key length used in the
signing of the message. Testing result show as more key length used to sign the message, as
more length of a digital signature of that message. Based on above testing, key length with 256
bit which produces 72 bit of digital signature is the most preferable in mobile IM to reach both
efficient security and good strength.
6. Analysis
In this research, we propose a secure communication model with Elliptic Curve concept
with both authentication message and encryption-decryption process while exchange data over
the public internet. In the first step, one of the most important aspects of security called
authentication where an entity should be identified before or during the communication. This
avoids any type of attack or malicious activity by which a malicious user and identifies himself
as the real user while communication occurs. This study use designed algorithm based on
Elliptic Curve basic within formula
7. ISSN: 1693-6930
TELKOMNIKA Vol. 16, No. 3, June 2018: 1426-1435
1432
Algorithm build based on various parameter in NIST recommendation prime curves
includes p-256, and value of while is the size of the underlying field, therefore
new equation for designing algorithm with new curve ( ):
This model computed within the above curve, with prime selected p-256 based on NIST
recommendation curve [24]. This curve is used to achieve fast and secure implementations of
Digital Signature for the curve P-256, providing 128-bits of security, on low-cost and low-power
when testing in available hardware. The curve used to compute key generation and encryption
process, generation is an important phase that generates a key pair in a communication
session. The sender will be encrypting the message with receiver’s public key and the receiver
will decrypt the message with the private key in the same curve. This is a novel approach to
securing mobile communication environment. This application runs in peer-to-peer architecture
chat so that the message will be more private than client-server architecture. Then, this method
will update key pair (public key and private key) of each user when they want to build a session
chat in the IM environment.
6.1. Peer to peer secure chat
Security in mobile IM message will be held between sender and receiver using the
designed algorithm. Peer to Peer architecture more precise and fast in IM environment, then it
may able to elevate the level of data privacy for users.
In this architecture, each of session generate a key pair consist of public key and private
key that used by sender and receiver, environment will delete the key pair when a
communication session finished completely, the key pair will only valid for one session, when
sender or receiver isn’t active, the key pair will be deleted so that unauthorized people can't use
the key pair. The schema avoids unauthorized people to compromise the data.
6.2. Efficient security with curve computing
In this research, using of Elliptic Curve concept for designing new algorithm in mobile IM
has more advantage such as shorter key size, less computational overhead, less memory
space. Based on the study, mobile devices consumed less power in running security process
both in authentication and encryption process. In another hand, Elliptic Curve is known as for
high-security level. it is easy to implement both in hardware and software. Since EC has
enormous feature for providing security and high-efficiency application. Designing specific
algorithms for mobile IM have achieved efficient computation and good security level.
This study uses a curve computing in building the security algorithm and this is a novel
approach in mobile IM security. Based on our result, implementation of Elliptic Curve in mobile
IM produced efficient time with using little resources in running the security process like to run
encryption-decryption and to generate a digital signature. In another hand, this research uses
designed algorithms that show the effective result in generating and confirm the sign so that it
can cut the power in computation and it is very compatible when applying in a current mobile
device that owns limit hardware resources. Many researchers put his effort to develop
cryptographic algorithm and protocol based on Elliptic Curve. This feature makes ECC very
popular among the many cryptographic systems.
7. Comparison Result
Various research conducted in IM security and algorithms before, those papers
proposed securing data or communication architecture in IM environment. Yusof et al. proposed
a secure architecture divided into four modules; chat module, transceiver module, secure
module, and a routing module. In this research, secure module applied the hash algorithm. The
main function of the hash algorithm is to convert into a hash value. Purpose of encryption is to
make sure unauthorized person cannot view the original data or information through the
network. IM application for securing IM has developed and tested for security analysis [19].
Marc et al proposed a simple security mechanism to protect Peer to Peer applications
against various of vulnerabilities when transmitting over the public network. The protocol
overhead tested to assess its impact on device performance, an important requisite on limited
8. TELKOMNIKA ISSN: 1693-6930
Efficient Data Security for Mobile Instant Messenger (Putra Wanda)
1433
devices. This method implemented the modifications of the JXME protocols to solve the most
glaring vulnerabilities, providing basic protection against simple spoofing and replay attacks in
the network [20-21].
A model of work proposed a security framework based on JXTA architecture The main
features of the in this work include a modular approach which may cater to set of scenarios, an
effective secure key distribution and a hybrid authenticity scheme which balances the need for
important information at end-user level and simplicity at the lower middleware layers. This
model designed in Peer to Peer application, design focused on scalability or overall
performance issues [22]. Each of study produced different overhead in computing process,
overhead consist of cryptography time and overall time used in computation process. Overhead
in this research formulated by:
Various research in securing Peer to Peer communication especially in IM environment has
been conducted. Based on above formula, more different overhead in computing process
shown in Table 2:
Table 2. Comparison Result in Computing Overhead
Research Activity Interval time (s) Hash Size (byte) Overhead (%)
Yusof et al. Generate Hash 1 50 56.4 %
(SHA) 5 250 44.5 %
Marc et al. Generate Hash 1 50 47 %
(JXME Protocol) 5 250 44.3 %
Joan et al. Secure Login 1 - 51 %
(JXTA Overlay) 5 - 46 %
This approach Generate Hash 1 50 42.1 %
(Elliptic Curve Computing) 5 250 38 %
Our study with designed algorithms based on Elliptic Curve concept produced more
efficient result both in authentication and cryptography process. Curve Computing are
possibilities of making the algorithm more efficient and secure in public-key cryptosystem and
promises a faster and more secure method of encryption.
In another hand, an experiment conducted in Windows and Linux environment for
analyzing Elliptic Curve Cryptosystem (ECC) as an asymmetric block cipher algorithm and a set
of symmetric block cipher algorithms namely Triple-Data Encryption Standard (T-DES),
Advanced Encryption Standard (AES), and Blowfish. Performance evaluation based on CPU
execution time is shown in Figure 4
Figure 4. Performance Comparison of symmetric and asymmetric block ciphe algorithms
9. ISSN: 1693-6930
TELKOMNIKA Vol. 16, No. 3, June 2018: 1426-1435
1434
In this study, Elliptic Curve Cryptosystem (ECC) as an asymmetric block cipher
algorithm and three symmetric block ciphers: Triple-DES, AES, and Blowfish were presented.
This experiment runs in Java environment with Cryptography Architecture (JCA) and Java
Cryptography Extension (JCE). Based on CPU execution time, ECC outperform the other three
algorithms in all tests and under the computing environment [23].
8. Conclusion and Future Work
Common mobile IM services lack native encryption to protect information being
transmitted over the public network and still used high computation, this problem should be
addressed with efficient security methods. In this study, we propose an efficient method with
Elliptic Curve concept. It has designed new algorithm with designed Curve for building security
model in mobile IM environment. Security model based on Elliptic Curve (EC) works in Peer to
Peer (P2P) architecture rather than a conventional client-server model. In this method, end-to-
end authentication phase will make each of data become validated among users. Then,
encryption process uses to achieve data privacy between them.
The result shows this method produces efficient time in authentication and encryption
process while applying in a mobile environment. This paper recommends Elliptic Curve for using
in mobile IM security with key length 256 bit within curve . It has produced
efficient in time to each of security process include generating key, signing, verifying, encryption
and decryption. Therefore, this security method suitable to mobile IM environment. Besides, EC
algorithm outperform others cryptography algorithms both symmetric and asymmetric block
cipher algorithms. Besides, it is compatible with a mobile phone which has the limitation of
computation capabilities and resources. This research still testing in text format, so that it next
time probably will use other data format. Then, to increase authentication level, it needs to add
SHA-3 (Keccak) algorithm in Elliptic Curve Cryptography.
References
[1] T Sutikno, D Stiawan, IMI Subroto. Fortifying Big Data infrastructures to Face Security and Privacy
Issues. TELKOMNIKA (Telecommunication Computing Electronics and Control). 2014; 12(4): 751-
752.
[2] O Nait Hamoud, T Kenaza, Y Challal. Security in device-to-device communications: a survey. in IET
Networks, 2018; 7(1):14-22.
[3] Mehdi Dadkhah, Tole Sutikno, Shahaboddin Shamshirband, Social Network Applications and Free
Online Mobile Numbers: Real Risk, International Journal of Electrical and Computer Engineering
(IJECE), 2015: 5(2):175-176
[4] M Al-Qurishi, M Al-Rakhami, A Alamri, M Alrubaian, SMM Rahman, MS Hossain. Sybil Defense
Techniques in Online Social Networks: A Survey. in IEEE Access; 2017; 5:1200-1219.
[5] C. Anglano, M. Canonico, M. Guazzone, Forensic analysis of Telegram Messenger on Android
smartphones, Digital Investigation, Elsevier; 2017; 23: 31-49,
[6] S Park, K Cho, BG Lee. What makes smartphone users satisfied with the mobile instantmessenger?:
Social presence, flow, and self-disclosure. Int. J. Multimed. Ubiquitous Eng. 2014; 9(11) :315–324.
[7] C Wang, X Guo, Y Chen, Y Wang, B Liu. Personal PIN Leakage from Wearable Devices. In IEEE
Transactions on Mobile Computing; 2018; 17(3): 646-660.
[8] B Rashidi, C Fung, A Nguyen, T Vu, E Bertino. Android User Privacy Preserving Through
Crowdsourcing. in IEEE Transactions on Information Forensics and Security, 2018; 13(3): 773-787.
[9] M Yusof, A Abidin. A secure private instant messenger. in Proc. 17
th
Ascia-Pacific Conference on
Communications, 2011; 821-825.
[10] L Ham. Group Authentication. IEEE Trans. Vehicular Technology; 2013; 62(9).
[11] L Ham.Agent Based Secured e-Shopping Using Elliptic Curve Cryptography. International Journal of
Advanced Science and Technology; 2012; 38.
[12] Y Zhu, L Yan, J Li. Mobile Internet Information Security Analysis and Countermeasures .
TELKOMNIKA (Telecommunication Computing Electronics and Control). 2016: 14(3A): 333~337
[13] Dadkhah M, Sutikno T. Phishing or hijacking? Forgers hijacked DU journal by copying content of
another authenticate journal. Indonesian Journal of Electrical Engineering and Informatics (IJEEI).
2015; 3(3): 119-120.
[14] NB Al Barghuthi,H Said. Social networks IM forensics:Encryption analysis. J.Commun.2013; 8(11):
708–715.
[15] Forouzan, A Behrouz. Cryptography and Network Security. Singapore. Mc Graw-Hill Education
(Asia), 2008
10. TELKOMNIKA ISSN: 1693-6930
Efficient Data Security for Mobile Instant Messenger (Putra Wanda)
1435
[16] M Azrour, M Ouanan, Y Farhaou, SIP Authentication Protocols Based on Elliptic Curve
Cryptography: Survey and comparison. Indonesian Journal of Electrical Engineering and Computer
Science 2016: 4(1): 231-239
[17] N Harigopal KB Ponnapalli, A Saxena. A Digital Signature Architecture for Web Apps. J. ComSoc.
2013; 13.
[18] L Harn, J Ren. Generalized Digital Certificate for User Authentication and Key Establishment for
Secure Communications. IEEE Trans. Wireless Comm. 2011; 10(7): 2372-2379.
[19] M Yusof, A Abidin. A secure private instant messenger. in Proc. 17
th
Ascia-Pacific Conference on
Communications, 2011; 821-825.
[20] M Domingo-Prieto, J. Arnedo-Moreno. Lightweight Security for JXME-Proxied Relay Authentication.
2011 14th International Conference on Network-Based Information Systems, Tirana, 2011: 104-111.
[21] M Domingo-Prieto, J Arnedo-Moreno, J Herrera-Joancomart´, J Prieto-Bl´ azquez. Towards secure
mobile P2P applications using JXME. Journal of Internet Services and Information Security (JISIS),
2012; 2(1):1-21
[22] J Arnedo-Moreno, K Matsuo, L Barolli, F Xhafa. Secure Communication Setup for a P2P-Based
JXTA-Overlay Platform. in IEEE Transactions on Industrial Electronics; 2011; 58(6): 2086-2096
[23] NA Kofahim. An Empirical Study to Compare the Performance of some Symmetric and Asymmetric
Ciphers. International Journal of Security and Its Applications. 2013;7(5):1-16.
[24] M Adalier. Efficient and Secure Elliptic Curve Cryptography Implementation of Curve P-256, National
Institute of Standards and Technology (NIST) Article, 2017.