Threats that have been primarily targeting nation states and their associated entities expanded the target zone to include private corporate sectors. This class of threats, well known as advanced persistent threats (APTs), are those every well-established organization fears wants protect itself against. While nation-sponsored APT attacks will always be marked by sophistication, become prominent in sectors do not make it any less challenging for organizations. The rate at which attack tools...

Cloud security is one of most important issues that has attracted a lot research and development effort in past few years. Particularly, attackers can explore vulnerabilities cloud system compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, compromising identified vulnerable zombies, finally through the compromised zombies. Within...

In this paper, we propose a new privacy preservation scheme, named pseudonymous authentication-based conditional (PACP), which allows vehicles in vehicular ad hoc network (VANET) to use pseudonyms instead of their true identity obtain provably good privacy.In our interact with roadside units help them generate for anonymous communication.In setup, the are only known but have no other entities network.In addition, scheme provides an efficient revocation mechanism that be identified and...

Network defenses based on traditional tools, techniques, and procedures (TTP) fail to account for the attacker's inherent advantage present due static nature of network services configurations. To take away this asymmetric advantage, Moving Target Defense (MTD) continuously shifts configuration underlying system, in turn reducing success rate cyberattacks. In survey, we analyze recent advancements made development MTDs highlight (1) how these can be defined using common terminology, (2) more...

Sensor networks are composed of a large number low power sensor devices. For secure communication among sensors, secret keys must be established between them. Recently, several pairwise key schemes have been proposed for distributed networks. These randomly select set from pool and install the in memory each sensor. After deployment, sensors can up by using preinstalled keys. Due to lack tamper-resistant hardware, vulnerable node capture attacks. The information gained captured nodes used...

Cloud services can greatly enhance the computing capability of mobile devices. Mobile users rely on cloud to perform computationally intensive operations such as searching, data mining, and multimedia processing. In this paper, we propose a new framework called MobiCloud. addition providing traditional computation services, MobiCloud also enhances operation ad hoc network itself by treating devices service nodes. The will communication addressing trust management, secure routing, risk...

In a mobile cloud computing system, lightweight wireless communication devices extend services into the sensing domain. A common secure data service is to inquiry from devices. The can be collected multiple requesters, which may drain out power of quickly. Thus, an efficient access control model desired. To this end, we present comprehensive security framework for computing. Our solution focuses on following two research directions: First, novel Privacy Preserving Cipher Policy...

Mobile cloud computing is a promising technique that shifts the data and service modules from individual devices to geographically distributed architecture. A general mobile system comprised of multiple domains, each domain manages portion resources, such as Central Processing Unit, memory storage, etc. How efficiently manage resources across domains critical for providing continuous services. In this paper, we propose decision making interdomain transfer balance computation loads among...

In mobile cloud computing, devices can rely on computing and information storage resource to perform computationally intensive operations such as searching, data mining, multimedia processing. addition providing traditional computation services, also enhances the operation of ad hoc network by treating service nodes, e.g., sensing services. The sensed information, location coordinates, health related should be processed stored in a secure fashion protect user's privacy cloud. To this end, we...

<?Pub Dtl=""?> Hands-on experiments are essential for computer network security education. Existing laboratory solutions usually require significant effort to build, configure, and maintain often do not support reconfigurability, flexibility, scalability. This paper presents a cloud-based virtual education platform called V-Lab that provides contained experimental environment hands-on using virtualization technologies (such as Xen or KVM Cloud Platform) OpenFlow switches. The system can be...

Security has been one of the top concerns in clouds. It is challenging to construct a secure networking environment clouds because cloud usually hybrid system containing both physical and virtually overlaid networks. Intrusion Detection Systems (IDS) Prevention (IPS) have widely deployed manipulate security, with latter providing additional prevention capabilities. This paper investigates into an OpenFlow Snort based IPS called "SnortFlow", which it enables detect intrusions deploy...

Ciphertext Policy Attribute-Based Encryption (CP-ABE) enforces expressive data access policies and each policy consists of a number attributes. Most existing CP-ABE schemes incur very large ciphertext size, which increases linearly with respect to the attributes in policy. Recently, Herranz <etal xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"/> proposed construction constant ciphertext. However, do not consider recipients' anonymity are exposed...

Mobile devices are rapidly becoming the major service participants nowadays. However, traditional client-server based mobile models not able to meet increasing demands from users in terms of services diversity, user experience, security and privacy, so on. Cloud computing enables offload complex operations applications, which infeasible on alone. In this article, we provide a comprehensive study lay out existing cloud key achievements, present new user-centric model advance research.

Information Centric Networking (ICN) is a new network architecture that aims to overcome the weakness of existing IPbased networking architecture. Instead establishing connection between communicating hosts, ICN focuses on content, i.e., data, transmitted in network. Content copies can be cached at different locations. The content out its owner's control once it published. Thus, enforcing access policies distributed crucial ICN. Attribute-Based Encryption (ABE) feasible approach enforce such...

Access control is one of the most important security mechanisms in cloud computing.Attribute-based access provides a flexible approach that allows data owners to integrate policies within encrypted data.However, little work has been done explore temporal attributes specifying and enforcing owner's policy user's privileges cloud-based environments.In this paper, we present an efficient encryption scheme for services with help cryptographic integer comparisons proxy-based re-encryption...

Existing CP-ABE schemes incur very large ciphertext size, which increases linearly with respect to the number of attributes in access policy. Large prevents from being adopted communication constrained environments. In this paper, we proposed a new construction CP-ABE, named Constant-size (denoted as CCP-ABE) that significantly reduces constant size for an AND gate policy any given attributes. Each CCP-ABE requires only elements on bilinear group.

The Internet of Things (IoT) has connected an incredible diversity devices in novel ways, which enabled exciting new services and opportunities. Unfortunately, IoT systems also present several important challenges to developers. This paper proposes a vision for how we may build the future by reconceiving IoT's fundamental unit construction not as "thing", but rather widely finely distributed "microservice" already familiar web service engineering circles. Since are quite different from more...

Software-Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the decoupling of logic from forwarding functions. The ease programmability makes SDN great platform implementation various initiatives involve application deployment, security solutions, and decentralized management in multi-tenant data center environment. Although this can introduce many applications different areas leads to impact on several aspects, remains an open question needs...

Security has been considered as one of the top concerns in clouds. Intrusion Detection and Prevention Systems (IDPS) have widely deployed to enhance cloud security. Using Software-Defined Networking (SDN) approaches system security clouds recently presented [1], [2]. However, none existing works established a comprehensive IPS solution reconfigure networking environment on-the-fly counter malicious attacks. In this paper, we present an SDN-based called SDNIPS that is full lifecycle including...

The ease of programmability in Software-Defined Networking (SDN) makes it a great platform implementation various initiatives that involve application deployment, dynamic topology changes, and decentralized network management multi-tenant data center environment. However, implementing security solutions such an environment is fraught with policy conflicts consistency issues the hardness this problem being affected by distribution scheme for SDN controllers. In paper we present Brew, analysis...

This paper addresses how to construct an RBAC-compatible secure cloud storage service with a user-friendly and easy-to-manage attribute-based access control (ABAC) mechanism. Similar role hierarchies in RBAC, attribute (considered as partial ordering relations) are introduced into encryption (ABE) order define seniority relation among all values of attribute, whereby user holding senior acquires permissions his/her juniors. Based on these notations, we present new ABE scheme called (ABE-AH)...