ebook img

Advances in Security in Computing and Communications PDF

194 Pages·2017·3.52 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Advances in Security in Computing and Communications

ADVANCES IN EA ADVANCES IN dD SECURITY IN COMPUTING iteV dA bN SECURITY IN yC AND COMMUNICATIONS JE aS yd IN ip COMPUTING AND SS eE nC Edited by Jaydip Sen U COMMUNICATIONS R Prof. Jaydip Sen has around 25 years of experience in the field I ofcommunicationnetworks,protocoldesign,networkanalysis, T Y cryptography,network security,and data analytics in reputed organizations like Oil and Natural Gas Corporation Ltd., India; I N OracleIndiaPvt.Ltd.,India;AkamaiTechnologyPvt.Ltd.,India;TataConsultan- C Edited by Jaydip Sen cy Services Ltd.,India; National Instituteof Science and Technology,India; and O Calcutta Business School,India. Currently,he is associated with Praxis Business M School,Kolkata,India,as professor. His research areas includesecurity and priva- cy issues in computing and communications, intrusion detection systems, secure P routing protocols in wireless ad hoc and sensor networks,and privacy issues in U the Internet of Things. Prof. Sen obtained his Bachelor of Engineering in Mechan- T I ical Engineering with honors from Jadavpur University, Kolkata, India, in the year N 1988 and Master of Technology in Computer Science with honors from the Indian G Statistical Institute, Kolkata, in 2001. A In the era of Internet of Things (IoT) and with the explosive worldwide growth of N electronic data volume,and associated need of processing,analysis,and storage D of such humongous volume of data, several new challenges are faced in protect- C ing privacy of sensitive data and securing systems by designing novel schemes O forsecureauthentication,integrityprotection,encryption,andnon-repudiation. M Lightweight symmetric key cryptography and adaptive network security algo- M rithms arein demand for mitigating these challenges. This bookpresents some of the state-of-the-art research work in thefield of cryptography and security U in computing and communications. It is a valuable source of knowledgefor re- N searchers, engineers, practitioners, graduates, and doctoral students who are I C working in the field of cryptography,network security,and security and privacy A issues in the Internet of Things (IoT). It will also be useful for faculty members of T graduate schools and universities. I O N S ISBN 978-953-51-3345-2 © iStock / vladru INTECHOPEN.COM ADVANCES IN SECURITY IN COMPUTING AND COMMUNICATIONS Edited by Jaydip Sen Advances in Security in Computing and Communications http://dx.doi.org/10.5772/65228 Edited by Jaydip Sen Contributors Javier Franco-Contreras, Gouenou Coatrieux, Nilay K Sangani, Haroot Zarger, Faouzi Jaidi, Bob Duncan, Alfred Bratterud, Andreas Happe, Chin-Feng Lin, Che-Wei Liu, Walid Elgeanidi, Muftah Fraifer, Thomas Newe, Eoin OConnell, Avijit Mathur, Ruolin Zhang, Eric Filiol Published by InTech Janeza Trdine 9, 51000 Rijeka, Croatia © The Editor(s) and the Author(s) 2017 The moral rights of the editor(s) and the author(s) have been asserted. All rights to the book as a whole are reserved by InTech. The book as a whole (compilation) cannot be reproduced, distributed or used for commercial or non-commercial purposes without InTech's written permission. Enquiries concerning the use of the book should be directed to InTech's rights and permissions department ([email protected]). Violations are liable to prosecution under the governing Copyright Law. Individual chapters of this publication are distributed under the terms of the Creative Commons Attribution 3.0 Unported License which permits commercial use, distribution and reproduction of the individual chapters, provided the original author(s) and source publication are appropriately acknowledged. More details and guidelines concerning content reuse and adaptation can be found at http://www.intechopen.com/copyright-policy.html. Notice Statements and opinions expressed in the chapters are these of the individual contributors and not necessarily those of the editors or publisher. No responsibility is accepted for the accuracy of information contained in the published chapters. The publisher assumes no responsibility for any damage or injury to persons or property arising out of the use of any materials, instructions, methods or ideas contained in the book. Publishing Process Manager Romina Rovan Technical Editor SPi Global Cover InTech Design team First published July, 2017 Printed in Croatia Legal deposit, Croatia: National and University Library in Zagreb Additional hard copies can be obtained from [email protected] Advances in Security in Computing and Communications, Edited by Jaydip Sen p. cm. Print ISBN 978-953-51-3345-2 Online ISBN 978-953-51-3346-9 PUBLISHED BY World’s largest Science, Technology & Medicine Open Access book publisher 103,000+ 3,050+ 100+ MILLION INTERNATIONAL OPEN ACCESS BOOKS AUTHORS AND EDITORS DOWNLOADS AUTHORS AMONG BOOKS 12.2% TOP 1% DELIVERED TO AUTHORS AND EDITORS 151 COUNTRIES MOST CITED SCIENTISTS FROM TOP 500 UNIVERSITIES THOBMSOONO REKUTERS Selection of our books indexed in the CITATION Book Citation Index in Web of Science™ INDEX Core Collection (BKCI) INDEXED Interested in publishing with us? Contact [email protected] Numbers displayed above are based on data collected at the time of publication, for latest information visit www.intechopen.com Contents Preface VII Section 1 Computing Security 1 Chapter 1 Proactive Detection of Unknown Binary Executable Malware 3 Eric Filiol Chapter 2 Cloud Cyber Security: Finding an Effective Approach with Unikernels 31 Bob Duncan, Andreas Happe and Alfred Bratterud Chapter 3 Machine Learning in Application Security 61 Nilaykumar Kiran Sangani and Haroot Zarger Chapter 4 Advanced Access Control to Information Systems: Requirements, Compliance and Future Directives 83 Faouzi Jaidi Chapter 5 Protection of Relational Databases by Means of Watermarking: Recent Advances and Challenges 101 Javier Franco Contreras and Gouenou Coatrieux Chapter 6 Implementing Secure Key Coordination Scheme for Line Topology Wireless Sensor Networks 125 Walid Elgenaidi, Thomas Newe, Eoin O’Connel, Muftah Fraifer, Avijit Mathur, Daniel Toal and Gerard Dooly Section 2 Communications Security 147 Chapter 7 Energy-Secrecy Trade-offs for Wireless Communication 149 Ruolin Zhang VI Contents Chapter 8 Implementation of a Multimaps Chaos-Based Encryption Software for EEG Signals 167 Chin-Feng Lin and Che-Wei Liu Preface The field of cryptography as a separate discipline of computer science and communications engineering announced its arrival onto the world stage in the early 1990s with a full promise to secure the Internet. At that point of time, many envisioned cryptography as a great tech‐ nological equalizer that could put the weakest privacy-seeking individual on the same plat‐ form as the greatest national intelligence agencies with powerful resources at their command. Some political strategists forecasted that the power of cryptography would bring about the downfall of nations when governments would no longer be able to snoop on peo‐ ple in the cyberspace, while others looked forward to it as a fantastic tool for the drug deal‐ ers, terrorists, and child pornographers, who would be able to communicate in perfect secrecy. Some proponents also imagined cryptography as a technology that would enable global commerce in this new online world. Even 25 years later, none of these expectations are met in reality today. Despite the phenomenal advances in cryptographic algorithms, the Internet's national borders are more apparent than ever. The ability to detect and eavesdrop on criminal communications has more to do with politics and manual interventions by human rather than by automatic detection or prevention by mathematics of cryptographic protocols. Individuals still don't stand a chance against pow‐ erful and well-funded government agencies by seeking protection under the shield of cryptog‐ raphy. And the rise of global commerce had more to do with open economic policies of the nations than on the prevalence of cryptographic protocols and standards. While it is true that cryptography has failed to provide its users the real security it prom‐ ised, the reasons for this failure have less to do with cryptography as a mathematical sci‐ ence. Rather, poor implementation of cryptographic protocols and algorithms has been the major source of problems. Although to a large extent we have been successful in developing cryptographic systems, what we have been less effective at is to convert the mathematical promise and ideas of cryptographic security into a secure working system in practice. Another aspect of cryptography that is responsible for its failure in real world is that there are too many myths about it. There is no dearth of engineers who consider cryptography as a sort of magic wand that they can wave over their hardware or software in order to achieve the security level promised by the cryptographic algorithms. Far too many users impose their full faith on the word "encrypted" in the products they use and live under the false impression of magical security in their operations. Reviewers have also no exceptions, com‐ paring algorithms and protocols on the basis of key lengths and then falsely believing that products using longer key lengths are more secure. The literature of cryptography has also served no good in spreading the myths about cryp‐ tography. Numerous propositions have been made for increasing the key length of a partic‐ VIII Preface ular protocol to enhance its mythical security level without any concrete specification and guidelines about how to generate the keys. Sophisticated and complex cryptographic proto‐ cols have been designed without adequate considerations about the business and social and computing constraints under which those protocols would have to work. Too much effort has been spent in promoting cryptography as a pure mathematical ideal working in an iso‐ lated magic box, untarnished by and oblivious of any real-world constraints and realities. But it's exactly those real-world constraints and realities that make the difference between the promise of cryptographic magic and the reality of digital security. While the Advanced Encryption Standard (AES) is being embedded into more and more devices and there are some interesting developments in the area of public key cryptography, many implementation challenges confront the security researchers and engineers today. Side channels, poorly designed APIs, and protocol failures continue to break systems. Per‐ vasive computing also has opened up new challenges. As computers and communications become embedded invisibly everywhere in the era of the Internet of Things (IoT), the prob‐ lems that used to only affect the traditional computers have cropped up in all other devices including smartphones, tablets, refrigerators, air-conditions, televisions, and other house‐ hold gadgets and devices. Today, security also interacts with safety in applications from cars through utilities to electronic healthcare. Hence, it has become imperative for security engi‐ neers and practitioners to understand not only the technicalities of cryptographic algorithms and operating systems but also the economics and human factors of the applications as well. With the advent of ubiquitous computing and the Internet of Things, the issue of security and privacy in computing and communications is no longer a problem challenging some computer scientists and system engineers. Computer forensics is increasingly becoming an important and multidisciplinary subject with many of the crimes today being committed us‐ ing servers, laptop computers, smartphones, and other specialized handheld digital devices. It is becoming mandatory for lawyers, accountants, managers, bankers, and other professio‐ nals whose day-to-day job may not involve technicalities of computer engineering to have working-level awareness of system and communication security, access control, and other privacy-related issues in their computing systems so as to effectively perform their tasks. Exponential growth in the number of users of social networking applications like Facebook, Twitter, Quora, etc. and online services provided by companies like Google and Amazon has changed the world too. Ensuring robust authentication and providing data privacy in massively parallel and distributed systems have posed significant challenges to the security engineers and scientists. Fixing bugs in online applications has become a critical issue to handle as an increasingly large numbers of sensitive applications are launched in the web and smartphones. Securing an operating system and an application software is not enough in today's connected world. What is needed is a complete security analysis of the entire com‐ puting system including its online and mobile applications. In other words, we are witness‐ ing a rapidly changing world of extremely fast-evolving techno-socio-economic systems without having much knowledge about how the evolution is being driven and who is in control. The one incident of recent past that has brought about most significant changes in the security industry by altering our perceptions and priorities in design and operations of our systems is the tragic event of September 2001. Since then, terrorism is no longer being just considered as a risk. It is now being treated as a proactive perception of risk and the subsequent manipulation and mitigation, if not elimination of that risk. This has resulted in security being an amalgamation of technology, psychology, politics, and economics. In this current context, security engineers must contribute to political and policy debates so that

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.