Optimal Unification of Static and Dynamic Features for Smartphone Security Analysis

Android Smartphones are proliferating extensively in the digital world due to their widespread applications in a myriad offields.The increased popularity of the android platform entices malware developers to design malicious apps to achieve their malevolent intents.Also,static analysis approaches fail to detect run-time behaviors of malicious apps.To address these issues,an optimal unification of static and dynamic features for smartphone security analysis is proposed.The proposed solution exploits both static and dynamic features for generating a highly distinct unified feature vector using graph based cross-diffusion strategy.Further,a unified feature is subjected to the fuzzy-based classification model to distinguish benign and malicious applications.The suggested framework is extensively experimentally validated through both qualitative and quantitative analysis and results are compared with the existing solutions.Performance evaluation over benchmarked datasets from Google Play Store,Drebin,Androzoo,AMD,and CICMalDroid2020 revealed that the suggested solution outperforms state-of-the-art methods.We achieve average detection accuracy of 98.62%and F1 Score of 0.9916.

Application of periodic orbit theory in chaos-based security analysis

Chaos-based encryption schemes have been studied extensively, while the security analysis methods for them are still problems to be resolved. Based on the periodic orbit theory, this paper proposes a novel security analysis method. The periodic orbits theory indicates that the fundamental frequency of the spiraling orbits is the natural frequency of associated linearized system, which is decided by the parameters of the chaotic system. Thus, it is possible to recover the plaintext of secure communication systems based on chaotic shift keying by getting the average time on the spiraling orbits. Analysis and simulation results show that the security analysis method can break chaos shift keying secure communication systems, which use the parameters as keys.

The Security Analysis of Two-Step Quantum Direct Communication Protocol in Collective-Rotation Noise Channel

To analyze the security of two-step quantum direct communication protocol （QDCP） by using Einstein-Podolsky Rosen pair proposed by Deng et al. [Phys. Rev. A 68 （2003）042317] in collective-rotation noise channel, an excellent model of noise analysis is proposed. In the security analysis, the method of the entropy theory is introduced, and is compared with QDCP, an error rate point Qo（M ： （Q0, 1.0）） is given. In different noise levels, if Eve wants to obtain the same amount of information, the error rate Q is distinguishable. The larger the noise level ~ is, the larger the error rate Q is. When the noise level ~ is lower than 11%, the high error rate is 0.153 without eavesdropping. Lastly, the security of the proposed protocol is discussed. It turns out that the quantum channel will be safe when Q 〈 0.153. Similarly, if error rate Q〉 0.153 = Q0, eavesdropping information I 〉 1, which means that there exist eavesdroppers in the quantum channel, and the quantum channel will not be safe anymore.

Security Analysis of Discrete Logarithm Based Cryptosystems

Discrete logarithm based cryptosysterns have subtle problems that make the schemes vulnerable. This paper gives a comprehensive listing of security issues in the systems and analyzes three classes of attacks which are based on mathematical structure of the group which is used in the schemes, the disclosed information of the subgroup and implementation details respectively. The analysis will, in turn, allow us to motivate protocol design and implementation decisions.

Security analysis of continuous-variable quantum key distribution scheme

In this paper security of the quantum key distribution scheme using correlations of continuous variable Einstein- Podolsky-Rosen （EPR） pairs is investigated. A new approach for calculating the secret information rate △I is proposed by using the Shannon information theory. Employing an available parameter F which is associated with the entanglement of the EPR pairs, one can detect easily the eavesdropping. Results show that the proposed scheme is secure against individual bearn splitter attack strategy with a proper squeeze parameter.

Security Analysis for a VANET Privacy Protection Scheme

Vehicular ad hoc network(VANET)is a self-organizing wireless sensor network model,which is extensively used in the existing traffic.Due to the openness of wireless channel and the sensitivity of traffic information,data transmission process in VANET is vulnerable to leakage and attack.Authentication of vehicle identitywhile protecting vehicle privacy information is an advantageous way to improve the security of VANET.We propose a scheme based on fair blind signature and secret sharing algorithm.In this paper,we prove that the scheme is feasible through security analysis.

Security Analysis of a Privacy-Preserving Identity-Based Encryption Architecture

Identity-Based Encryption (IBE) has seen limited adoption, largely due to the absolute trust that must be placed in the private key generator (PKG)—an authority that computes the private keys for all the users in the environment. Several constructions have been proposed to reduce the trust required in the PKG (and thus preserve the privacy of users), but these have generally relied on unrealistic assumptions regarding non-collusion between various entities in the system. Unfortunately, these constructions have not significantly improved IBE adoption rates in real-world environments. In this paper, we present a construction that reduces trust in the PKG without unrealistic non-collusion assumptions. We achieve this by incorporating a novel combination of digital credential technology and bilinear maps, and making use of multiple randomly-chosen entities to complete certain tasks. The main result and primary contribution of this paper are a thorough security analysis of this proposed construction, examining the various entity types, attacker models, and collusion opportunities in this environment. We show that this construction can prevent, or at least mitigate, all considered attacks. We conclude that our construction appears to be effective in preserving user privacy and we hope that this construction and its security analysis will encourage greater use of IBE in real-world environments.

Towards Fully Secure 5G Ultra-Low Latency Communications: A Cost-Security Functions Analysis

Future components to enhance the basic,native security of 5G networks are either complex mechanisms whose impact in the requiring 5G communications are not considered,or lightweight solutions adapted to ultrareliable low-latency communications(URLLC)but whose security properties remain under discussion.Although different 5G network slices may have different requirements,in general,both visions seem to fall short at provisioning secure URLLC in the future.In this work we address this challenge,by introducing cost-security functions as a method to evaluate the performance and adequacy of most developed and employed non-native enhanced security mechanisms in 5G networks.We categorize those new security components into different groups according to their purpose and deployment scope.We propose to analyze them in the context of existing 5G architectures using two different approaches.First,using model checking techniques,we will evaluate the probability of an attacker to be successful against each security solution.Second,using analytical models,we will analyze the impact of these security mechanisms in terms of delay,throughput consumption,and reliability.Finally,we will combine both approaches using stochastic cost-security functions and the PRISM model checker to create a global picture.Our results are first evidence of how a 5G network that covers and strengthened all security areas through enhanced,dedicated non-native mechanisms could only guarantee secure URLLC with a probability of∼55%.

A car-following model based on the optimized velocity and its security analysis

An enhanced optimal velocity model(EOVM)that considers driving safety is established to alleviate traffic congestion and ensure driving safety.Time headway is introduced as a criterion for determining whether the car is safe.When the time headway is less discussed to ensure the model's safety and maintain the following state.A stability analysis of the model was carried out to determine than the minimum time headway(TH_(min))or more than the most comfortable time headway(TH_(com)),the acceleration constraints are the stability conditions of the model.The EOVM is compared with the optimal velocity model(OVM)and fuzzy car-following model using the real dataset.Experiments show that the EOVM model has the smallest error in average,maximum and median with the real dataset.To confirm the model's safety,design fleet simulation experiments were conducted for three actual scenarios of starting,stopping and uniform process.

Novel Static Security and Stability Control of Power Systems Based on Artificial Emotional Lazy Q-Learning

The stability problem of power grids has become increasingly serious in recent years as the size of novel power systems increases.In order to improve and ensure the stable operation of the novel power system,this study proposes an artificial emotional lazy Q-learning method,which combines artificial emotion,lazy learning,and reinforcement learning for static security and stability analysis of power systems.Moreover,this study compares the analysis results of the proposed method with those of the small disturbance method for a stand-alone power system and verifies that the proposed lazy Q-learning method is able to effectively screen useful data for learning,and improve the static security stability of the new type of power system more effectively than the traditional proportional-integral-differential control and Q-learning methods.

Security Analysis of a Park-level Agricultural Energy Network Considering Agrometeorology and Energy Meteorology

China’s industrial manufacturing industry is well developed,but its agriculture is primitive.The only way to solve this problem is to improve through modern agriculture.The cross integration of new energy development and modern agriculture is becoming more and more critical.However,the research on the interaction between the meteorological disaster of facility agriculture and the power supply security of the integrated energy supply system has not formed a systematic theoretical system,which challenges the collaborative security of the facility agriculture and energy system.In this paper,energy meteorology and agrometeorology are considered and modeled,and the static security of a park-level agricultural energy network is simulated and analyzed under different weather conditions.

Generic security analysis framework for quantum secure direct communication

Quantum secure direct communication provides a direct means of conveying secret information via quantum states among legitimate users.The past two decades have witnessed its great strides both theoretically and experimentally.However,the security analysis of it still stays in its infant.Some practical problems in this field to be solved urgently,such as detector efficiency mismatch,side-channel effect and source imperfection,are propelling the birth of a more impeccable solution.In this paper,we establish a new framework of the security analysis driven by numerics where all the practical problems may be taken into account naturally.We apply this framework to several variations of the DL04 protocol considering real-world experimental conditions.Also,we propose two optimizing methods to process the numerical part of the framework so as to meet different requirements in practice.With these properties considered,we predict the robust framework would open up a broad avenue of the development in the field.

Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities

To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.

Polynomial Analysis of DH Secrete Key and Bit Security

In this paper, we lower the upper bound of the number of solutions of oracletransformation polynomial F(x) over GF(q) So one can also recover all the secrete keys with fewercalls We use our generalized ' even-and-odd test' method to recover the least significant p-adic'bits' of representations of the Lucas Cryptosystem secret keys x Finally, we analyze the EfficientCompact Subgroup Trace Representation (XTR) Diffic-Hellmen secrete keys and point out that if theorder of XIR-subgroup has a specialform then all the bits of the secrete key of XIR ean be recoveredform any bit of the exponent x.

Amassing the Security:An Enhanced Authentication and Key Agreement Protocol for Remote Surgery in Healthcare Environment

The development of the Internet of Things has facilitated the rapid development of various industries.With the improvement in people’s living standards,people’s health requirements are steadily improving.However,owing to the scarcity of medical and health care resources in some areas,the demand for remote surgery has gradually increased.In this paper,we investigate remote surgery in the healthcare environment.Surgeons can operate robotic arms to perform remote surgery for patients,which substantially facilitates successful surgeries and saves lives.Recently,Kamil et al.proposed a secure protocol for surgery in the healthcare environment.However,after cryptanalyzing their protocol,we deduced that their protocols are vulnerable to temporary value disclosure and insider attacks.Therefore,we design an improved authentication and key agreement protocol for remote surgeries in the healthcare environment.Accordingly,we adopt the real or random(ROR)model and an automatic verification tool Proverif to verify the security of our protocol.Via security analysis and performance comparison,it is confirmed that our protocol is a relatively secure protocol.

Combinatorial Method with Static Analysis for Source Code Security in Web Applications

Security weaknesses in web applications deployed in cloud architectures can seriously affect its data confidentiality and integrity.The construction of the procedure utilized in the static analysis tools of source code security differs and therefore each tool finds a different number of each weakness type for which it is designed.To utilize the possible synergies different static analysis tools may process,this work uses a new method to combine several source codes aiming to investigate how to increase the performance of security weakness detection while reducing the number of false positives.Specifically,five static analysis tools will be combined with the designed method to study their behavior using an updated benchmark for OWASP Top Ten Security Weaknesses(OWASP TTSW).The method selects specific metrics to rank the tools for different criticality levels of web applications considering different weights in the ratios.The findings show that simply including more tools in a combination is not synonymous with better results;it depends on the specific tools included in the combination due to their different designs and techniques.

Security Risk Analysis Model for Identification and Resolution System of Industrial Internet

Identification and resolution system of the industrial Internet is the“neural hub”of the industrial Internet for coordination.Catastrophic damage to the whole industrial Internet industry ecology may be caused if the identification and resolution system is attacked.Moreover,it may become a threat to national security.Therefore,security plays an important role in identification and resolution system of the industrial Internet.In this paper,an innovative security risk analysis model is proposed for the first time,which can help control risks from the root at the initial stage of industrial Internet construction,provide guidance for related enterprises in the early design stage of identification and resolution system of the industrial Internet,and promote the healthy and sustainable development of the industrial identification and resolution system.

Hybrid Security Assessment Methodology for Web Applications

This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.

System Architecture and Key Technologies of Network Security Situation Awareness System YHSAS

Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.

An efficient multiparty quantum secret sharing scheme using a single qudit

The aim of quantum secret sharing,as one of most promising components of quantum cryptograph,is one-tomultiparty secret communication based on the principles of quantum mechanics.In this paper,an efficient multiparty quantum secret sharing protocol in a high-dimensional quantum system using a single qudit is proposed.Each participant's shadow is encoded on a single qudit via a measuring basis encryption method,which avoids the waste of qudits caused by basis reconciliation.Security analysis indicates that the proposed protocol is immune to general attacks,such as the measure-resend attack,entangle-and-measure attack and Trojan horse attack.Compared to former protocols,the proposed protocol only needs to perform the single-qudit measurement operation,and can share the predetermined dits instead of random bits or dits.