The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
A lot of research shows that network coding can significantly improve the performance of multi-cast transmission. However, due to the inherent disadvantage of network coding, it is very vulnerable to pollution attacks in which adversaries can inject bogus data. Moreover, those bogus data will be used with legitimate data at the downstream nodes, resulting in the failure of decoding original data as...
Compression is desirable for network applications as it saves bandwidth. Differently, when data is compressed before being encrypted, the amount of compression leaks information about the amount of redundancy in the plaintext. This side channel has led to the “Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH)” attack on web traffic protected by the TLS protocol...
SQL Injection Attack (SQLIA) has been consistently ranked among the top security threats against web applications for more than a decade. Nowadays, attackers use sophisticated tools to launch automated injection attacks. The problem of prevention and detection of SQLIA has been long attended by the research community, but hardly any solution exists for protecting multiple websites in a shared hosting...
Proofs of retrievability (POR) are interactive protocols that allow a verifier to check the consistent existence and availability of data residing at a potentially untrusted storage provider, e.g., a cloud. While most POR protocols strictly refer to static files, i.e., content that is read-only, dynamic PORs shall achieve the same security guarantees (existence, consistency and the possibility to...
We study the problem of secure transmission over a caching D2D network. In this model, end users can prefetch a part of popular contents in their local cache. Users make arbitrary requests from the library of available files and interact with each other to deliver requested contents from the local cache to jointly satisfy their demands. The transmission between the users is wiretapped by an external...
Cloud storage provides service to the user for storing and maintaining their data. The users can access their data from anywhere, independent of location and provides less storage and maintenance cost. As the cloud is unreliable so this data storage service introduces security challenges, such as Confidentiality, Integrity, Availability and Reliability of data. In this paper we propose a new approach...
Nowadays, voice over IP (VoIP) is rapidly replacing standard phone line as a telephony service of choices. However, VoIP can be exploited by an attacker using method such as eavesdropping, hijacking and etc. To ensure confidentiality and integrity of the conversation or messages sent in the network, a more secure protocol is needed. This research proposes a solution to enhance the security of VoIP...
Recently, the IETF has generated a number of standards that are intended to be foundational for large networks of constrained devices, also known as the Internet of Things. Among these are a Web transfer protocol realizing the REST (Representational State Transfer) principles, the Constrained Application Protocol (CoAP), and the Concise Binary Object Representation (CBOR). As with the existing Internet,...
Regenerating Codes strip a file in several servers, such that it is possible to recover the file when at least a given number of them is online. The difference between these codes and traditional erasure codes such as Reed-Solomon (RS), is that they require less bandwidth to repair failed nodes. This property is meant to improve storage reliability in cloud storage data systems. In this article, we...
In this paper we overview the existing technologies and services that could be used to offer an infrastructure of a specific distributed file system for e-learning platforms. We provide an analysis of the design considerations that are relevant for such services. Moreover, in the following report we provide a description of the environment that will be used to evaluate alternative designs. Finally,...
In today's “era of Tera”, everything is possible in terms of storage and service. The long-held dream of computing as a utility has been achieved in the form of cloud computing. It has transformed the world where large part of IT industry is simplified by Platform as a Service, Software's are developed and rented more attractively in the form of Development as a Service, Software as a Service. It...
The mobile payment service is an important and popular service that attracts attentions. Number of mobile users is growing up every day. The users like to have more and more services ready on the wireless networks. Companies try to produce more smart phones while customers buy and use them. More smart phones mean a more proper infrastructure to use 2-dimensional barcodes (2D-barcodes) in mobile payment...
This paper analyzes current threats in computer security for web-based applications with a SQL database. We conduct a penetration test in a real-case scenario of multiple attacks against the network, the web application and the SQL database. The test infrastructure includes two servers, a firewall and one machine that acts as an attacker's computer. Based on our empirical analysis we diagnose specific...
Distributed storage is a scheme to store data in networked storage services, which is the basis of popular cloud storage solutions. Although this scheme has huge benefits in reducing maintenance and operation cost, it has several security concerns. Among them, malicious file deletion by the storage providers is a top concern. In this paper, we develop a novel error-tolerant solution, ET-DME, to effectively...
The existing scheme of disaster-tolerant cann't satisfy the requirments for confidential datum. The systemic framework of distributed secure storage is put forward. The structure of metedata servers, storage servers and the mechanism of data renewal are designed. According to the requirement for security of the storage system, the secure coding scheme of information dispersal algorithm based on cross-checksum...
Remote Data Checking (RDC) allows clients to efficiently check the integrity of data stored at untrusted servers. This allows data owners to assess the risk of outsourcing data in the cloud, making RDC a valuable tool for data auditing. A robust RDC scheme incorporates mechanisms to mitigate arbitrary amounts of data corruption. In particular, protection against small corruptions (i.e., bytes or even...
The emergence of mobile P2P systems is largely due to the evolution of mobile devices into powerful information processing units. The relatively structured context that results from the mapping of mobile patterns of behaviour onto P2P models is however constrained by the vulnerabilities of P2P networks and the inherent limitations of mobile devices. Whilst the implementation of P2P models gives rise...
Communication technology plays an increasingly important role in the growing automated metering infrastructure (AMI) market. This paper presents a thorough analysis and comparison of four application layer protocols in the smart metering context. The inspected protocols are DLMS/COSEM, the Smart Message Language (SML), and the MMS and SOAP mappings of IEC 61850. The focus of this paper is on their...
XSS (Cross-Site Scripting) is a major security threat for web applications. Due to lack of source code of web application, fuzz technique has become a popular approach to discover XSS in web application except Webmail. This paper proposes a Webmail XSS fuzzer called L-WMxD (Lexical based Webmail XSS Discoverer). L-WMxD , which works on a lexical based mutation engine, is an active defense system to...
Many research and development efforts have been devoted towards the design of dependable storage systems, but the effort in evaluating and comparing different designs for widely distributed environment is limited. In this paper, we develop models to evaluate the availability, security, and access performance of various storage designs for the cloud environment where storage resources are offered by...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.