Frequency: Quarterly E- ISSN: 2277-6230 P- ISSN: Awaited Abstracted/ Indexed in: Ulrich's International Periodical Directory, Google Scholar, SCIRUS, Genamics JournalSeek, EBSCO Information Services
Quarterly published "Inventi Impact: Information Security" publishes high quality unpublished, as well as high impact pre-published research and reviews related to securing information from unauthorized access, modification, disruption, inspection, recording and destruction. Its readership includes scientific, industrial and military professionals.
In this article, we present an automatic face recognition system. We show that fractal features obtained from\r\nIterated Function System allow a successful face recognition and outperform the classical approaches. We propose\r\na new fractal feature extraction algorithm based on genetic algorithms to speed up the feature extraction step. In\r\norder to capture the more important information that is contained in a face with a few fractal features, we use a\r\nbi-dimensional principal component analysis. We have shown with experimental results using two databases as to\r\nhow the optimal recognition ratio and the recognition time make our system an effective tool for automatic face\r\nrecognition....
Blockchain, which has a distributed structure, has been widely used inmany areas. Especially in the area of smart cities, blockchain technology shows great potential. The security issues of blockchain affect the construction of smart cities to varying degrees. With the rapid development of quantum computation, elliptic curves cryptosystems used in blockchain are not secure enough. This paper presents a blockchain system based on lattice cipher, which can resist the attack of quantum computation. The most challenge is that the size of public keys and signatures used by lattice cryptosystems is typically very large. As a result, each block in a blockchain can only accommodate a small number of transactions. It will affect the running speed and performance of the blockchain...............
Chaotic systems play an indispensable role in the fields of cryptography and information security. Sine-Transform- Based Chaotic System (STBCS) can address the shortcomings of low complexity and limited chaotic behaviour of classical chaos systems. In this paper, a compact hardware STBCS is proposed and developed on the FPGA device by using the Stochastic Computation (SC) technique. The traditional arithmetic operations are replaced by the SC and finite state machines design. The structure of STBCS is optimised, where the disturbance method is employed to improve the chaotic behaviours and also taking the SC method into account for implementation. The hardware performance of the proposed design is verified via various tests of the chaotic system and corresponding random number generator. Experimental results show that the utilisation of the hardware resources is reduced especially the DSP components compared to the traditional design methods. This provides an efficient design for the random generator of the alternative cryptosystems....
The number of devices running the Android operating system is increasing with over 900\nmillion Android devices currently registered. As the Android operating system grows, security\nbecomes increasingly important. While the current Android operating system protects against\nsystem compromising viruses, it does not provide full protection against malware, adware,\nspyware and Trojan viruses. This creates issues for device security, privacy, and functionality.\nTo counter this, a number of antivirus applications have been made available to detect such\nmalicious applications that host these viruses. However, with more hackers looking to Android,\nit is essential that users have the best antivirus applications to protect their devices. In this\nstudy, fifteen applications that host malware, adware, spyware and Trojan viruses were\nprogrammed to test antivirus applications. The viruses also displayed how the harmful code can\nbe incorporated into an Android application. Additionally, a web server was programmed to\naccept data from the host applications. The efficacies of the twenty most popular antivirus\napplications were determined by introducing the viruses into the target phone through Android\napplication packages. After testing all twenty applications, it was found that Mobile Security &\nAntivirus by AVAST Software detected all fifteen harmful applications, making it the most\neffective antivirus application tested. On the other hand, the other nineteen Android antivirus\napplications detected, at most, four of the host applications. The experiment can serve to\nmaximize security on devices running Android and provide understanding of how antivirus\napplications function....
Federated learning (FL) is a type of distributed machine learning that enables multiple participants to collaboratively build machine learning models without transferring data outside their local devices, thereby ensuring data privacy and security. However, free-riding (FR) attacks pose significant threats by sending false, erroneous, or malicious model updates to the central server, attempting to extract private information from other devices during the federated learning process. This results in privacy leakage and reduced model accuracy. Traditional defenses measures against FR attacks typically employ auditing methods to identify malicious clients, but these methods are ineffective when multiple FR clients collude to inflate each other’s scores mutually. This paper proposes a novel defense method against collusion-based FR attacks. We first design a grouping mechanism based on gradient norm to group clients and then update the groups using an inter-client audit system. Finally, the correlation analysis of all groups is carried out to eliminate the attack group to ensure the security of the training process. This method defends against standard FR attacks and effectively detects attackers in collusion scenarios. Experimental results demonstrate that our method significantly improves the detection of malicious clients and enhances model accuracy by 10–20% compared to existing methods. Moreover, the proposed defense mechanism maintains its efficacy even in large-scale client environments, where more than 50% of the clients may be compromised by attackers....
There is growing concern about IT security in the healthcare sector due to the number of cyberattacks. The objective of the review is to analyze the state of adoption of computer security in the healthcare sector and provide valuable knowledge to researchers and health organizations interested in this field of study. An exhaustive search of international and regional articles on computer security in healthcare organizations was conducted using Scopus, Dimensions, and pubMed databases. Preferred reporting items for systematic reviews and meta-analysis (PRISMA) statement was used for the selection of articles published between 2018 and 2022. The final number of articles considered is 50. The review explored approaches related to computer security types, mechanisms, and technologies. The findings reveal that blockchain is the most widely used technology to protect medical information. In addition, network, software, and hardware security approaches are employed, using mechanisms such as data encryption, authentication, and access control. Based on these findings, a perimeter security model for the protection of medical information is proposed. In conclusion, these results highlight the importance of adopting robust security measures in terms of networks, software, and hardware, as well as adopting blockchain technology to improve data security in the healthcare sector....
Cyber risk assessment requires defined and objective methodologies; otherwise, its results cannot be considered reliable. The lack\nof quantitative data can be dangerous: if the assessment is entirely qualitative, subjectivity will loom large in the process. Too much\nsubjectivity in the risk assessment process can weaken the credibility of the assessment results and compromise risk management\nprograms. On the other hand, obtaining a sufficiently large amount of quantitative data allowing reliable extrapolations and\nprevisions is often hard or even unfeasible. In this paper, we propose and study a quantitative methodology to assess a potential\nannualized economic loss risk of a company. In particular, our approach only relies on aggregated empirical data, which can be\nobtained from several sources. We also describe how the method can be applied to real companies, in order to customize the initial\ndata and obtain reliable and specific risk assessments....
JPEG XR is the most recent still image coding standard, and custom security features for this format are required for\nfast adoption of the standard. Format-compliant encryption schemes are important for many application scenarios\nbut need to be highly customised to a specific recent format like JPEG XR. This paper proposes, discusses, and\nevaluates a set of format-compliant encryption methods for the JPEG XR standard: coefficient scan order permutation,\nsign bit encryption, transform-based encryption, random level shift encryption, index-based VLC encryption, and encrypting\nentire frequency bands are considered. All algorithms are thoroughly evaluated by discussing possible compression\nimpact, by assessing visual security and cryptographic security, and by discussing applicability in real-world scenarios.\nMost techniques are found to be insecure and, in a cryptographic sense, have a limited range of applicability and\ncannot be applied to JPEG XR bitstreams in an efficient manner. Encrypting enti...
Face recognition has been widely used in many fields and has become an important identification method. The templates in face recognition systems are associated with the facial biometric features of users, and once leaked, it will pose a persistent threat to the users. Therefore, it is particularly important to protect the security of templates. In this work, a novel face template protection scheme is proposed by combining chaotic map, error correction code and locality sensitive hashing. The scheme utilizes two sets of parameters: global keys and user keys, and the generated data consists of two parts: storage key and biometric template. When generating a template, the extracted feature vector is permuted by using chaotic sequences to disrupt the correlation between different dimensions. Then, the user keys are processed by error correction code to generate the storage key, which can be used to recover the user keys during authentication. Finally, the permuted vector is processed by the proposed random number based locality sensitive hashing to generate biometric template. Experimental results and theoretical analysis show that the scheme has good accuracy and security, and can effectively resist various attacks on the face template....
Mobile devices, like tablets and smartphones, are common place in everyday life. Thus, the degree of security these\ndevices can provide against digital forensics is of particular interest. A common method to access arbitrary data in\nmain memory is the cold boot attack. The cold boot attack exploits the remanence effect that causes data in DRAM\nmodules not to lose the content immediately in case of a power cut-off. This makes it possible to restart a device and\nextract the data in main memory.\nIn this paper, we present a novel framework for cold boot-based data acquisition with a minimal bare metal\napplication on a mobile device. In contrast to other cold boot approaches, our forensics tool overwrites only a\nminimal amount of data in main memory. This tool requires no more than three kilobytes of constant data in the\nkernel code section. We hence sustain all of the data relevant for the analysis of the previously running system. This\nmakes it possible to analyze the memory with data acquisition tools. For this purpose, we extend the memory\nforensics tool Volatility in order to request parts of the main memory dynamically from our bare metal application. We\nshow the feasibility of our approach on the Samsung Galaxy S4 and Nexus 5 mobile devices along with an extensive\nevaluation. First, we compare our framework to a traditional memory dump-based analysis. In the next step, we show\nthe potential of our framework by acquiring sensitive user data....
Loading....