A Bastion Mobileid-Based Authentication Technique (BMBAT)

Abdelmunem Abuhasan and Adwan Yasin

Department of Computer Science, Arab American University, Jenin, Palestine 

ABSTRACT

Despite their proven security breaches, text passwords have been dominating all other methods of human authentication over the web for tens of years, however, the frequent successful attacks that exploit the passwords vulnerable model raises the need to enhance web authentication security. This paper proposes BMBAT; a new authentication technique to replace passwords, that leverages the pervasive user mobile devices, QR codes and the strength of symmetric and asymmetric cryptography. In BMBAT, the user’s mobile device acts as a user identity prover and a verifier for the server; it employs a challenge-response model with a dual mode of encryption using AES and RSA keys to mutually authenticate the client to the server and vice-versa. BMBAT combats a set of attack vectors including phishing attacks, man in the middle attacks, eavesdropping and session hijacking. A prototype of BMBAT has been developed and evaluated; the evaluation results show that BMBAT is a feasible and competitive alternative to passwords.

KEYWORDS

Web Authentication, Mobile Authentication, phishing, User Identity, Password.

More....

A Mechanism for Early Detecting Ddos Attacks Based On M/G/R Ps Queue

Nguyen Hong Son

Department of Information and Communication Technology, Post and

Telecommunication Institute of Technology, Ho Chi Minh City, Viet Nam

ABSTRACT

When service system is under DDoS attacks, it is important to detect anomaly signature at starting time of attack for timely applying prevention solutions. However, early DDoS detection is difficult task because the velocity of DDoS attacks is very high. This paper proposes a DDoS attack detection method by modeling service system as M/G/R PS queue and calculating monitoring parameters based on the model in odder to early detect symptom of DDoS attacks. The proposed method is validated by experimental system and it gives good results.

KEYWORDS

DDoS, Detection, M/G/R Processor Sharing queue

More ....

Steganalysis Algorithm for PNG Images Based On Fuzzy Logic Technique

Jawaher alqahtani, Daniyal Alghazzawi 1and Li Cheng 2

1Department of Information Systems, King Adbulaziz University, Jeddah, Saudi Arabia

2Xinjiang Technical Institute of Physics & Chemistry, Chinese Academy of Sciences, China

ABSTRACT

Embedding a message in media files, also known as steganography, is a common approach to hide secret information. It has been exploited by some criminals to confidentially exchange messages. As a countermeasure, tools have been developed in order to detect hidden information form digital media such as text, image, audio or video files. However the efficiency and performance of previous approaches still have room for improvement. In this research, we focus on algorithm design for better efficiency of hidden message detection from PNG files. We employ three classic AI approaches including neural network, fuzzy logic, and genetic algorithm and evaluate their efficiency and performance in controlled experiments.Finally we introduce our message detection system for PNG files based on LSB approach and present its usability in different case scenarios.

KEYWORDS

Steganography, Steganalysis, Artificial Intelligence, fuzzy logic.

More...