International Journal of Computer Network and Information Security (IJCNIS)

IJCNIS Vol. 6, No. 11, Oct. 2014

Cover page and Table of Contents: PDF (size: 114KB)

Table Of Contents

REGULAR PAPERS

Cellular Automata based Encrypted ECG-hash Code Generation: An Application in Inter-human Biometric Authentication System

By Subrata Nandi Satyabrata Roy Jayanti Dansana Wahiba Ben Abdessalem Karaa Ruben Ray Shatadru Roy Chowdhury Sayan Chakraborty Nilanjan Dey

DOI: https://doi.org/10.5815/ijcnis.2014.11.01, Pub. Date: 8 Oct. 2014

In this modern era, biometrics incorporate various mechanisms to recognize inimitable features of human beings by utilizing their biological and evident features. This paper proposes a novel technique for constructing a resilient and secure biometric recognition system. In this paper, an ECG-hash code of two distinct individuals has been formed by taking dot product of electrocardiogram (ECG) feature matrices of two persons located at two different sites at respective databases. The validity of the system increases as samples from both persons, between whom the transmission takes place, are essential. Besides, electrocardiogram is such a unique feature of an individual that could not be compromised at any circumstance as contradictory to other features like fingerprints, face recognition etc. Moreover, the ECG-hash code is encrypted using rule vector of cellular automata that gives better security in terms of randomness of generated cipher text.

[...] Read more.
An Improved Trusted Greedy Perimeter Stateless Routing for Wireless Sensor Networks

By P. Raghu Vamsi Krishna Kant

DOI: https://doi.org/10.5815/ijcnis.2014.11.02, Pub. Date: 8 Oct. 2014

In this paper, an improvement over Trusted Greedy Perimeter Stateless Routing (T-GPSR) is presented. T-GPSR employs heuristic weight values to evaluate total trust value of neighboring nodes. However, heuristic assignment of weights provide flexibility but it is not suitable in presence of several security attacks such as Grey hole, selfish behavior, on-off attack etc., are launched in the network in different proportions. To overcome this limitation, an improvement is suggested with an emphasis on trust update, lightweight trust computation and storage to reduce communication and storage overhead. The simulation study indicates that the packet delivery ratio of the improved T-GPSR has improved by 10% over T-GPSR in the presence of 50% of malicious nodes in the network.

[...] Read more.
Implementation of Risk Management with SCRUM to Achieve CMMI Requirements

By Eman Talal Alharbi M. Rizwan Jameel Qureshi

DOI: https://doi.org/10.5815/ijcnis.2014.11.03, Pub. Date: 8 Oct. 2014

Majority of the software development companies are practicing agile methods to develop high quality products. SCRUM is one of the most widely used agile methods. Capability maturity model integration (CMMI) is one of the quality standards for software companies. In this research, we propose an implementation of risk management with SCRUM in order to make it compatible with CMMI. We conducted a survey to validate the proposed solution. Questionnaire includes 20 questions that are divided into three goals. The proposed solution is validated through survey with support of 70.94%. We anticipate that the proposed solution will enable software companies to achieve CMMI and it will also improve the quality of software products.

[...] Read more.
Optimized and Executive Survey of Physical Node Capture Attack in Wireless Sensor Network

By Bhavana Butani Piyush Kumar Shukla Sanjay Silakari

DOI: https://doi.org/10.5815/ijcnis.2014.11.04, Pub. Date: 8 Oct. 2014

Wireless sensor networks (WSNs) are novel large-scale wireless networks that consist of distributed, self organizing, low-power, low-cost, tiny sensor devices to cooperatively collect information through infrastructure less wireless networks. These networks are envisioned to play a crucial role in variety of applications like critical military surveillance applications, forest fire monitoring, commercial applications such as building security monitoring, traffic surveillance, habitat monitoring and smart homes and many more scenarios. Node capture attack is one of the most dreadful security attack exist in wireless sensor networks. An adversary steals cryptographic key or other confidential information like node’s id etc from a captured node to compromise entire network. So, Security of wireless sensor network is an important issue for maintaining confidentiality and integrity of wireless links. Now-a-days, researchers are paying attention towards developing security schemes against Node capture attack. Our survey provides deep insights of existing techniques that enhance the attacking efficiency of the node capture attack in wireless sensor network. It also analyzes various detection and key pre-distribution schemes for inventing a new scheme to improve resilience against node capture attack.

[...] Read more.
HTTP Packet Inspection Policy for Improvising Internal Network Security

By Kuldeep Tomar S.S. Tyagi

DOI: https://doi.org/10.5815/ijcnis.2014.11.05, Pub. Date: 8 Oct. 2014

Past few years the use of Internet and its applications has increased to a great extent. There is also an enormous growth in the establishment of computer networks by large, medium and small organizations, for data transfer and information exchange. Due to this huge growth, incidents of cyber-attacks and security breaches have also increased. Data on a network is transferred using protocols such as Hyper Text Transfer Protocol, which is very vulnerable. Many types of malicious contents are hidden in packets that are transferred over a network or system, which may can to get it slow, crash or buffer overflow etc. Thus it is very important to secure networks from such types of attacks. There are lots of mechanisms available but still they are not good enough because of dynamic environment. Such kind of attacks can be countered by applying appropriate policies on network edge devices like Adaptive Security Appliance, firewalls, web servers, router etc. Also the packets which are transferred between networks, they should deeply inspect for malicious or any insecure contents. In this paper firstly we would study Network security issues and available mechanism to counter them our focus would be on inspecting the HTTP packets deeply by applying policies on ASA. Finally we would use Graphical Network Simulator (GNS3) to test such a policy.

[...] Read more.
VoIP Performance Analysis over IPv4 and IPv6

By Monjur Ahmed Alan T Litchfield Shakil Ahmed Adnan Mahmood Emran Hossain Meazi

DOI: https://doi.org/10.5815/ijcnis.2014.11.06, Pub. Date: 8 Oct. 2014

The advance of technology often requires the emergence of complementary technologies, of which the transition from IPv4 to IPv6 presents a significant example. The move of protocol has focussed attention on the level of performance for associated technologies. Among the many Internet applications, in contemporary digital communications, VoIP stands apart in importance. This paper presents a performance analysis of VoIP using IPv4 and IPv6. Using OPNET to simulate the protocols and to investigate areas of performance weakness.

[...] Read more.
OpenFlow Technology: A Journey of Simulation Tools

By Rakesh K. Jha Pooja Kharga Idris Z. Bholebawa Sangeet Satyarthi Anuradha Shashi Kumari

DOI: https://doi.org/10.5815/ijcnis.2014.11.07, Pub. Date: 8 Oct. 2014

This paper presents a complete guideline for developing OpenFlow infrastructure. OpenFlow is standard network protocol to manage traffic between routers and Ethernet Switches. This approach will help to create the next generation virtual network, which provides the solution for network management, flow control of packets, delay optimization etc without interfering the backbone network. Here a brief idea about all the supporting tools involved in the journey of OpenFlow has been introduced. This paper provides a solution with top to bottom approach to install OpenFlow network tools. On the basis of one by one approach user is able to solve the problem appeared during the installation with proper justifications.

[...] Read more.
Detection Block Model for SQL Injection Attacks

By Diksha G. Kumar Madhumita Chatterjee

DOI: https://doi.org/10.5815/ijcnis.2014.11.08, Pub. Date: 8 Oct. 2014

With the rapid development of Internet, more and more organizations connect their databases to the Internet for resource sharing. However, due to developers' lack of knowledge of all possible attacks, web applications become vulnerable to multiple attacks. Thus the network databases could face multiple threats. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable asset in any organization. SQL injection is an attack technique in which specially crafted input string is entered in user input field. It is submitted to server and result is returned to the user. In SQL injection vulnerability, the database server is forced to execute malicious operations which may cause the data loss or corruption, denial of access, and unauthentic access to sensitive data by crafting specific inputs. An attacker can directly compromise the database, and that is why this is a most threatening web attack. SQL injection attack occupies first position in top ten vulnerabilities as specified by Open Web Application Security Project. It is probably the most common Website vulnerability today. Current scenarios which provide solutions to SQL injection attack either have limited scope i.e. can’t be implemented across all platforms, or do not cover all types of SQL injection attacks. In this work we implement Message Authentication Code (MAC) based solution against SQL injection attacks. The model works both on client and server side. Client side implements a filter function and server side is based on information theory. MAC of static and dynamic queries is compared to detect SQL injection attack.

[...] Read more.