Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

Android Smartphones are proliferating extensively in the digital world due to their widespread applications in a myriad offields.The increased popularity of the android platform entices malware developers to design malicious apps to achieve their malevolent intents.Also,static analysis approaches fail to detect run-time behaviors of malicious apps.To address these issues,an optimal unification of static and dynamic features for smartphone security analysis is proposed.The proposed solution exploits both static and dynamic features for generating a highly distinct unified feature vector using graph based cross-diffusion strategy.Further,a unified feature is subjected to the fuzzy-based classification model to distinguish benign and malicious applications.The suggested framework is extensively experimentally validated through both qualitative and quantitative analysis and results are compared with the existing solutions.Performance evaluation over benchmarked datasets from Google Play Store,Drebin,Androzoo,AMD,and CICMalDroid2020 revealed that the suggested solution outperforms state-of-the-art methods.We achieve average detection accuracy of 98.62%and F1 Score of 0.9916.

Application of periodic orbit theory in chaos-based security analysis

Chaos-based encryption schemes have been studied extensively, while the security analysis methods for them are still problems to be resolved. Based on the periodic orbit theory, this paper proposes a novel security analysis method. The periodic orbits theory indicates that the fundamental frequency of the spiraling orbits is the natural frequency of associated linearized system, which is decided by the parameters of the chaotic system. Thus, it is possible to recover the plaintext of secure communication systems based on chaotic shift keying by getting the average time on the spiraling orbits. Analysis and simulation results show that the security analysis method can break chaos shift keying secure communication systems, which use the parameters as keys.

The Security Analysis of Two-Step Quantum Direct Communication Protocol in Collective-Rotation Noise Channel

To analyze the security of two-step quantum direct communication protocol （QDCP） by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 （2003）042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo（M ： （Q0, 1.0）） is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.

Security Analysis of Discrete Logarithm Based Cryptosystems

Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.

Security analysis of continuous-variable quantum key distribution scheme

In this paper security of the quantum key distribution scheme using correlations of continuous variable Einstein- Podolsky-Rosen （EPR） pairs is investigated. A new approach for calculating the secret information rate △I is proposed by using the Shannon information theory. Employing an available parameter F which is associated with the entanglement of the EPR pairs, one can detect easily the eavesdropping. Results show that the proposed scheme is secure against individual bearn splitter attack strategy with a proper squeeze parameter.

Security Analysis for a VANET Privacy Protection Scheme

Vehicular ad hoc network(VANET)is a self-organizing wireless sensor network model,which is extensively used in the existing traffic.Due to the openness of wireless channel and the sensitivity of traffic information,data transmission process in VANET is vulnerable to leakage and attack.Authentication of vehicle identitywhile protecting vehicle privacy information is an advantageous way to improve the security of VANET.We propose a scheme based on fair blind signature and secret sharing algorithm.In this paper,we prove that the scheme is feasible through security analysis.

Security Analysis of a Privacy-Preserving Identity-Based Encryption Architecture

Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.

MV-Honeypot:Security Threat Analysis by Deploying Avatar as a Honeypot in COTS Metaverse Platforms

Nowadays,theuse of Avatars that are unique digital depictions has increased by users to access Metaverse—a virtual reality environment—through multiple devices and for various purposes.Therefore,the Avatar and Metaverse are being developed with a new theory,application,and design,necessitating the association of more personal data and devices of targeted users every day.This Avatar and Metaverse technology explosion raises privacy and security concerns,leading to cyber attacks.MV-Honeypot,or Metaverse-Honeypot,as a commercial off-the-shelf solution that can counter these cyber attack-causing vulnerabilities,should be developed.To fill this gap,we study user’s engagements with Avatars in Metaverse,analyze possible security vulnerabilities,and create a model named Simplified Avatar Relationship Association with Non-linear Gradient(SARANG)that draws the full diagram of infrastructure components and data flow through accessing Metaverse in this paper.We also determine the most significant threat for each component’s cyberattacks that will affect user data and Avatars.As a result,the commercial off-the-shelf(COTS)of the MV-Honeypot must be established.

Towards Fully Secure 5G Ultra-Low Latency Communications: A Cost-Security Functions Analysis

Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable low-latency communications(URLLC)but whose security properties remain under discussion.Although different 5G network slices may have different requirements,in general,both visions seem to fall short at provisioning secure URLLC in the future.In this work we address this challenge,by introducing cost-security functions as a method to evaluate the performance and adequacy of most developed and employed non-native enhanced security mechanisms in 5G networks.We categorize those new security components into different groups according to their purpose and deployment scope.We propose to analyze them in the context of existing 5G architectures using two different approaches.First,using model checking techniques,we will evaluate the probability of an attacker to be successful against each security solution.Second,using analytical models,we will analyze the impact of these security mechanisms in terms of delay,throughput consumption,and reliability.Finally,we will combine both approaches using stochastic cost-security functions and the PRISM model checker to create a global picture.Our results are first evidence of how a 5G network that covers and strengthened all security areas through enhanced,dedicated non-native mechanisms could only guarantee secure URLLC with a probability of∼55%.

A car-following model based on the optimized velocity and its security analysis

An enhanced optimal velocity model(EOVM)that considers driving safety is established to alleviate traffic congestion and ensure driving safety.Time headway is introduced as a criterion for determining whether the car is safe.When the time headway is less discussed to ensure the model's safety and maintain the following state.A stability analysis of the model was carried out to determine than the minimum time headway(TH_(min))or more than the most comfortable time headway(TH_(com)),the acceleration constraints are the stability conditions of the model.The EOVM is compared with the optimal velocity model(OVM)and fuzzy car-following model using the real dataset.Experiments show that the EOVM model has the smallest error in average,maximum and median with the real dataset.To confirm the model's safety,design fleet simulation experiments were conducted for three actual scenarios of starting,stopping and uniform process.

Novel Static Security and Stability Control of Power Systems Based on Artificial Emotional Lazy Q-Learning

The stability problem of power grids has become increasingly serious in recent years as the size of novel power systems increases.In order to improve and ensure the stable operation of the novel power system,this study proposes an artificial emotional lazy Q-learning method,which combines artificial emotion,lazy learning,and reinforcement learning for static security and stability analysis of power systems.Moreover,this study compares the analysis results of the proposed method with those of the small disturbance method for a stand-alone power system and verifies that the proposed lazy Q-learning method is able to effectively screen useful data for learning,and improve the static security stability of the new type of power system more effectively than the traditional proportional-integral-differential control and Q-learning methods.

Generic security analysis framework for quantum secure direct communication

Quantum secure direct communication provides a direct means of conveying secret information via quantum states among legitimate users.The past two decades have witnessed its great strides both theoretically and experimentally.However,the security analysis of it still stays in its infant.Some practical problems in this field to be solved urgently,such as detector efficiency mismatch,side-channel effect and source imperfection,are propelling the birth of a more impeccable solution.In this paper,we establish a new framework of the security analysis driven by numerics where all the practical problems may be taken into account naturally.We apply this framework to several variations of the DL04 protocol considering real-world experimental conditions.Also,we propose two optimizing methods to process the numerical part of the framework so as to meet different requirements in practice.With these properties considered,we predict the robust framework would open up a broad avenue of the development in the field.

Security Analysis of a Park-level Agricultural Energy Network Considering Agrometeorology and Energy Meteorology

China’s industrial manufacturing industry is well developed,but its agriculture is primitive.The only way to solve this problem is to improve through modern agriculture.The cross integration of new energy development and modern agriculture is becoming more and more critical.However,the research on the interaction between the meteorological disaster of facility agriculture and the power supply security of the integrated energy supply system has not formed a systematic theoretical system,which challenges the collaborative security of the facility agriculture and energy system.In this paper,energy meteorology and agrometeorology are considered and modeled,and the static security of a park-level agricultural energy network is simulated and analyzed under different weather conditions.

Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities

To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.

Polynomial Analysis of DH Secrete Key and Bit Security

In this paper, we lower the upper bound of the number of solutions of oracletransformation polynomial F(x) over GF(q) So one can also recover all the secrete keys with fewercalls We use our generalized ' even-and-odd test' method to recover the least significant p-adic'bits' of representations of the Lucas Cryptosystem secret keys x Finally, we analyze the EfficientCompact Subgroup Trace Representation (XTR) Diffic-Hellmen secrete keys and point out that if theorder of XIR-subgroup has a specialform then all the bits of the secrete key of XIR ean be recoveredform any bit of the exponent x.

Amassing the Security:An Enhanced Authentication and Key Agreement Protocol for Remote Surgery in Healthcare Environment

The development of the Internet of Things has facilitated the rapid development of various industries.With the improvement in people’s living standards,people’s health requirements are steadily improving.However,owing to the scarcity of medical and health care resources in some areas,the demand for remote surgery has gradually increased.In this paper,we investigate remote surgery in the healthcare environment.Surgeons can operate robotic arms to perform remote surgery for patients,which substantially facilitates successful surgeries and saves lives.Recently,Kamil et al.proposed a secure protocol for surgery in the healthcare environment.However,after cryptanalyzing their protocol,we deduced that their protocols are vulnerable to temporary value disclosure and insider attacks.Therefore,we design an improved authentication and key agreement protocol for remote surgeries in the healthcare environment.Accordingly,we adopt the real or random(ROR)model and an automatic verification tool Proverif to verify the security of our protocol.Via security analysis and performance comparison,it is confirmed that our protocol is a relatively secure protocol.

Combinatorial Method with Static Analysis for Source Code Security in Web Applications

Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.

A Novel Formal Theory for Security Protocol Analysis of Denial of Service Based on Extended Strand Space Model

Denial of Service Distributed Denial of Service （DOS） attack, especially （DDoS） attack, is one of the greatest threats to Internet. Much research has been done for it by now, however, it is always concentrated in the behaviors of the network and can not deal with the problem exactly. In this paper, we start from the security of the protocol, then we propose a novel theory for security protocol analysis of Denial of Service in order to deal with the DoS attack. We first introduce the conception of weighted graph to extend the strand space model, then we extend the penetrator model and define the goal of anti-DoS attack through the conception of the DoS-stop protocol, finally we propose two kinds of DoS test model and erect the novel formal theory for security protocol analysis of Denial of Service. Our new formal theory is applied in two example protocols. It is proved that the Internet key exchange （IKE） easily suffers from the DoS attacks, and the efficient DoS- resistant secure key exchange protocol （JFK） is resistant against DoS attack for the server, respectively.

Security Risk Analysis Model for Identification and Resolution System of Industrial Internet

Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.

A Design of an SMTP Email Server

This study developed a mail server program using Socket API and Python.The program uses the Hypertext Transfer Protocol(HTTP)to receive emails from browser clients and forward them to actual email service providers via the Simple Mail Transfer Protocol(SMTP).As a web server,it handles Transmission Control Protocol(TCP)connection requests from browsers,receives HTTP commands and email data,and temporarily stores the emails in a file.Simultaneously,as an SMTP client,the program establishes a TCP connection with the actual mail server,sends SMTP commands,and transmits the previously saved emails.In addition,we also analyzed security issues and the efficiency and availability of this server,providing insights into the design of SMTP mail servers.