检索结果-内蒙古大学图书馆

BEC Defender: QR code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks

SENSORS 2024年第5期24卷 1676页

作者： Papathanasiou, Anastasios Liontos, George Paparis, Georgios Liagkou, Vasiliki Glavas, Euripides Hellen Police Cyber Crime Div 173 Alexandras Ave Athens 11522 Greece Univ Ioannina Dept Informat & Telecommun Arta 47150 Greece Univ Ioannina Dept Mat Sci & Engn Ioannina 45110 Greece

In an era of ever-evolving and increasingly sophisticated cyber threats, protecting sensitive information from cyberattacks such as business email compromise (BEC) attacks has become a top priority for individuals and enterprises. Existing methods used to counteract the risks linked to BEC attacks frequently prove ineffective because of the continuous development and evolution of these malicious schemes. This research introduces a novel methodology for safeguarding against BEC attacks called the BEC Defender. The methodology implemented in this paper augments the authentication mechanisms within business emails by employing a multi-layered validation process, which includes a MAC address as an identity token, QR code generation, and the integration of timestamps as unique identifiers. The BEC-Defender algorithm was implemented and evaluated in a laboratory environment, exhibiting promising results against BEC attacks by adding an extra layer of authentication.

关键词： business email compromise (BEC) email security QR code encryption cryptography digital communication security message authentication code cybersecurity MAC address physical properties authentication

来源：评论

学校读者我要写书评

暂无评论

Crypto-Aided MAP Test for Low-Latency Detection of False Data in Short Packets

引用

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 2021年 16卷 4939-4949页

作者： Kim, Sang Wu Liu, Xudong Iowa State Univ Dept Elect & Comp Engn Ames IA 50011 USA Zhengzhou Univ Dept Elect Engn Zhengzhou 450001 Peoples R China

Cryptography has been used as the first line of defense to ensure data integrity. However, it incurs a significant overhead for short packets which represent the most common form of traffic in emerging applications, such as the Internet of Things. In this paper, we propose an interdisciplinary framework for detecting false data in short packets that are collected from multiple sources through a relay. The proposed scheme performs a lightweight cryptographic integrity check that employs a short message authentication code, thereby reducing the overhead for data integrity, followed by the maximum a posteriori (MAP) test at the physical layer that detects any remaining false data that the cryptographic integrity check misses. This interdisciplinary approach interplays between the cryptographic integrity check and the physical-layer integrity check to assure the data integrity of short packets with reduced overhead and low latency. The proposed scheme can also provide a significant reduction in the average probability of detection error over the traditional cryptographic integrity check.

关键词： Cryptography Wireless communication Relay networks (telecommunication) codes message authentication Low latency communication Internet of Things False data injection message authentication code MAP test integrity short packet low latency

来源：评论

学校读者我要写书评

暂无评论

Efficient and Secure Group based Collusion Resistant Public Auditing Scheme for Cloud Storage

引用

INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS 2021年第3期12卷 472-481页

作者： Chaudhari, Smita Swain, Gandharba Koneru Lakshmaiah Educ Fdn Dept Comp Sci & Engn Guntur 522502 Andhra Pradesh India

Tremendous changes have been seen in the arena of cloud computing from previous years. Many organizations share their data or files on cloud servers to avoid infrastructure and maintenance costs. Employees from different departments create their specific groups and share sensitive information among group members. Revoked users from the group may try to access this information by colluding with an untrusted cloud server. Many researchers have specified revocation procedures using re-signature, proxy-re-signature concept to deflect the collusion between the cloud server and a revoked user. But these techniques are costly in terms of communication overhead and verification cost if combined with auditing techniques to prove the integrity of outsourced data on the cloud server. To reduce this cost, a collusion resistant public auditing scheme with group member revocation is proposed in this paper. In this scheme, the data owner regularly updates the recent valid members list which is used by a third-party auditor to validate the signature so that collusion can be avoided. To verify the integrity of outsourced data, proposed scheme uses one of the modern cryptographic technique indistinguishability obfuscation combined with a one-way function which can reduce the verification time significantly. Experimental results show that the proposed scheme decreases the communication overhead and verification cost compared to existing schemes.

关键词： Public auditing collusion attack ring signature message authentication code indistinguishability obfuscation dynamic data

来源：评论

学校读者我要写书评

暂无评论

A Solution to Support Integrity in the Lawful Interception Ecosystem 10th

A Solution to Support Integrity in the Lawful Interception E...

引用

10th International Conference on Electronic Government and the Information Systems Perspective (EGOVIS)

作者： Buccafurri, Francesco Consoli, Angelo Labrini, Cecilia Nesurini, Alice Mariotti Univ Reggio Calabria Via Univ 25 Reggio Di Calabria Italy Univ Appl Sci & Arts Southern Switzerland SUPSI Lugano Switzerland

ISBN: (纸本)9783030866112;9783030866105

In this paper, we present an innovative solution to support integrity in a lawful interception ecosystem. The problem arises from the fact that whatever the interception system is organized, external (potentially untrusted) parties can be involved in the process. Therefore, the need to guarantee completeness, correctness, and freshness of the intercepted contents should be given. Moreover, contents often have to be transferred from law enforcement agencies to Courts or delivered to the defence, also partially. In this work, we design a complex architecture able to support effectively the above needs.

关键词： Lawful interception Data integrity message authentication code

来源：评论

学校读者我要写书评

暂无评论

Partial message verification in fog-based industrial Internet of things

引用

COMPUTERS & SECURITY 2023年 135卷

作者： Yan, Haotian Hu, Haibo Ye, Qingqing Hong Kong Polytech Univ Dept Elect Engn Hong Kong Peoples R China

Due to the emergence of fog computing, the computational resources can be deployed close to the data source and conduct data-driven tasks. A typical scenario is integrity assurance in Industrial Internet of Things (IIoT). However, since the devices in IIoT scenario have low computation capability, they cannot verify the integrity of all incoming messages using traditional message authentication code (MAC), especially when the messages are in large volume and high frequency. In this paper, we propose a novel MAC scheme, namely, Partial Verification message authentication code (PV-MAC), to partially offload the verification tasks to a device with more processing power, (e.g., a fog node). Moreover, the fog node can transparently choose parts of contents in the message for verification on behalf of the device that uses these data. Afterward, the user device can verify the integrity of the rest contents. The theoretical analysis and the experimental results show that our proposed schemes can achieve high efficiency and dynamic workload balancing while retaining a rigorous security guarantee.

关键词： Industrial Internet of thing Fog computing message integrity message authentication code Verification offloading

来源：评论

学校读者我要写书评

暂无评论

Analysis of One Verifiable Multiparty Quantum Key Agreement Based on Bivariate Polynomial

International Journal of Electronics and Information Enginee...

引用

International Journal of Electronics and Information Engineering 2023年第1期15卷 12-18页

作者： Lihua Liu Yingqing Qia

We show that the multiparty quantum key agreement [Inf. Sci., 2020 (521), 343-349] is flawed, because: (1) the specified conditions are insufficient for bivariate interpolation; (2) it fails to keep the trust consistency which leads to some unnecessary operations; (3) it can be greatly simplified due to the participation of the Trusted Designed Combiner who actually plays a courier. The findings could be helpful for the future work on designing QKD.

关键词： Bivariate polynomial message authentication code Quantum key agreement Quantum key distribution Trusted distributor

来源：评论

学校读者我要写书评

暂无评论

Single-Trace Side-Channel Analysis on Polynomial-Based MAC Schemes 11th

Single-Trace Side-Channel Analysis on Polynomial-Based MAC S...

引用

11th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE)

作者： Ueno, Rei Fukushima, Kazuhide Nakano, Yuto Kiyomoto, Shinsaku Homma, Naofumi Tohoku Univ Res Inst Elect Commun Aoba Ku 2-1-1 Katahira Sendai Miyagi 9808577 Japan KDDI Res Inc Ohara 2-1-15 Fujumino Saitama 3568502 Japan

ISBN: (纸本)9783030687731;9783030687724

This paper presents the first side-channel analysis (SCA) on polynomial-based message authentication code (MAC) schemes which is applicable to Poly1305. Typical SCAs (e.g., simple power analysis (SPA) and differential power analysis (DPA)) and conventional attacks on GCM/GMAC that focus on the first multiplication result in the universal hashing (i.e., polynomial evaluation) cannot be applied to Poly1305 owing to one-time keys and the structure of prime-field multiplication. On the other hand, the proposed attack retrieves the hash key from a single side-channel trace (e.g., a power/EM trace given by one execution) with a non-negligible probability and is applicable to polynomial-based MAC schemes implemented on an 8-bit micro-controller. The proposed attack allows the attacker to forge the authentication tag even if the hash key is a one-time key. The basic idea of the proposed attack is to exploit the addition in polynomial-based MAC schemes. Since the output or one input of the addition in these MAC schemes is known, we can efficiently estimate the unknown operands of addition, and then retrieve the hash key by the polynomial factorizations with the estimated candidates. This study also shows a cost-effective countermeasure for ChaCha20-Poly1305 using a combination of a lightweight masked Poly1305 and first-order mask conversion from Boolean to arithmetic.

关键词： ChaCha20-Poly1305 Polynomial hash function message authentication code Authenticated encryption Side-channel analysis

来源：评论

学校读者我要写书评

暂无评论

Twine Stack: A Hybrid Mechanism Achieving Less Cost for Return Address Protection 30

Twine Stack: A Hybrid Mechanism Achieving Less Cost for Retu...

引用

IEEE 30th Asian Test Symposium (ATS)

作者： Xu, Qizhen Chen, Liwei Shi, Gang Chinese Acad Sci Inst Informat Engn Beijing Peoples R China Univ Chinese Acad Sci Sch Cyber Secur Beijing Peoples R China

ISBN: (纸本)9781665440516

Return-oriented programming(ROP) is a prevalent technique that targets return addresses to hijack control flow. To prevent such attack, researchers mainly focus on either Shadow Stack or MAC-based mechanisms(message code authentication). But Shadow Stack suffers from additional memory overhead and information leakage, while MAC-based mechanisms(e.g. Zipper Stack) impose high runtime overhead for MAC calculations. In this paper, we propose Twine Stack, a hybrid and efficient return address protection mechanism with lightweight hardware extension. It utilizes a tiny hardware shadow stack to realize a new multi-chain Zipper Stack. Specifically, each entry in the shadow stack stores a return address and its MAC in each chain, allowing queueing calculation with just one hash module. At meantime, some return address verifications could be done by comparison with the hardware shadow stack, instead of calculation again. We implemented Twine Stack on RISC-V architecture, and evaluated it on FPGA board. Our experiments show that Twine Stack reduces over 95% hash verifications, and imposes merely 1.38% performance overhead with an area overhead of 974 LUTs and 726 flip flops. The result demonstrates that our hybrid scheme mitigates the drawbacks of each separate scheme.

关键词： Return-oriented programming Shadow stack message authentication code

来源：评论

学校读者我要写书评

暂无评论

Physical-Layer authentication via a Dynamic Scaling

引用

Chinese Journal of Electronics 2020年第4期29卷 651-659页

作者： LI Min JIANG Shaoquan LIAO Yongjian Institute of Information Security Mianyang Normal University School of Information and Software Engineering University of Electronic Science and Technology of China

message authentication is a process that allows sender Alice to transmit a source state to receiver Bob such that the latter is assured of the *** study this problem in the physical-layer where the channel is degraded by a Rayleigh fading and a Gaussian *** propose an efficient construction for our *** idea is to amplify a basic codeword of the source state with a small but dynamic scaling *** scaling factor is asymptotically *** thus essentially incurs no power *** authentication is achieved through a statistical *** scheme is provably secure and performs better than the related existing ***,our error analysis allows it to be realized with very practical parameters.

关键词： Physical-layer authentication Information security message authentication code

来源：评论

学校读者我要写书评

暂无评论

TESLA-Based authentication for BeiDou Civil Navigation message

引用

China Communications 2020年第11期17卷 194-218页

作者： Zhijun Wu Yun Zhang Liang Liu Meng Yue The College of Electronic Information&Automation Civil Aviation University of ChinaTianjin 300300China

Due to the civil BeiDou navigation system is open,unauthenticated,and non-encrypted,civilian BeiDou navigation signals may have great security loopholes during transmission or *** main security loophole here is spoofing *** attacks make the positioning or timing results of BeiDou civilian receivers *** errors may cause a series of security problems,which lays a serious hidden danger for Bei-Dou satellite information *** article proposes an anti-spoofing method for BeiDou navigation system based on the combination of SM commercial cryptographic algorithm and Timed Efficient Stream Loss-tolerant authentication(TESLA)for spoofing *** this solution,we use the SM3 algorithm to generate a TESLA key chain with time information,and then use the key in the key chain to generate the message authentication code for the BeiDou D2 navigation *** message authentication code is inserted into a reserved bit of the D2 navigation *** addition,this solution uses the SM2 algorithm to protect and encrypt time information in the TESLA key chain to prevent key replay attacks in *** experimental results tested on the experimental platform built in this paper show that this scheme reduces the possibility of the BeiDou navigation system being deceived and enhances the safety of the BeiDou navigation system.

关键词： BeiDou navigation system SM commercial cryptographic algorithm TESLA message authentication code D2 navigation message

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：