ijcisjournal

PENETRATION TESTING IN AGILE SOFTWARE DEVELOPMENT PROJECTS Martin Tomanek and Tomas Klima Department of Systems Analysis, University of Economics, Prague, Czech Republic ABSTRACT   In this research paper the authors propose how the agile software development framework Scrum can be enriched by considering the penetration tests and related security requirements during the software development lifecycle. Authors apply in this paper the knowledge and expertise from their previous work focused on development of the new information system penetration tests methodology PETA with focus on using COBIT 4.1 as the framework for management of these tests, and on previous work focused on tailoring the project management framework PRINCE2 with Scrum. The security managers may benefit from the iterative software development approach and penetration tests automation. The developers and users will better understand the importance of the penetration tests and they will learn how t...

MULTIMODAL BIOMETRIC AUTHENTICATION: SECURED ENCRYPTION OF IRIS USING FINGERPRINT ID Sheena S 1 and Sheena Mathew 2 1,2 Department of Computer Science & Engineering, School of Engineering, Cochin University of Science & Technology, Kochi, India ABSTRACT Securing data storage using biometrics is the current trend. Different physiological as well as behavioral biometrics like face, fingerprint, iris, Gait, voice etc.. is used in providing security to the data. The proposed work explains about the biometric encryption technology which will securely generate a digital key using two biometric modalities. Iris is encrypted using Fingerprint ID of 32-bit as the key in this work. For encryption Blowfish algorithm is used and the encrypted template is stored in the database and one is given to the user. During the authentication time user input the template and the fingerprint. This template is then decrypted and verified with the original template taken from the d...

A NEW ERA OF CRYPTOGRAPHY: QUANTUM CRYPTOGRAPHY  Sandeepak Bhandari  Aleksandras Stulginskis University, India  ABSTRACT  Security is the first priority in today digital world for secure communication between sender and receiver. Various Cryptography techniques are developed time to time for secure communication. Quantum Cryptography is one of the latest and advanced cryptography technique, it is different from all other cryptography technique and more secure. It based on the Quantum of physics since its name which make it more secure from all other cryptography and UN breakable. In this paper about quantum cryptography i.e working, limitation and advantages discussed.  KEYWORDS  Photon, Polarization filter, Advantage and Limitation of Quantum Cryptography.  SOURCE URL https://wireilla.com/papers/ijcis/V6N4/6416ijcis03.pdf MORE DETAILS https://wireilla.com/ijcis/index.html

ALGEBRAIC DEGREE ESTIMATION OF BLOCK CIPHERS USING RANDOMIZED ALGORITHM; UPPER-BOUND INTEGRAL DISTINGUISHER.  Haruhisa Kosuge and Hidema Tanaka  National Defense Academy of Japan, Yokosuka, Japan  ABSTRACT Integral attack is a powerful method to recover the secret key of block cipher by exploiting a characteristic that a set of outputs after several rounds encryption has ( integral distinguisher). Recently, Todo proposed a new algorithm to construct integral distinguisher with division property. However, the existence of integral distinguisher which holds in additional rounds can not be denied by the algorithm. On the contrary, we take an approach to obtain the number of rounds which integral distinguisher does not hold ( upper-bound integral distinguisher). The approach is based on algebraic degree estimation. We execute a random search for a term which has a degree equals the number of all inputted variables. We propose an algorithm and apply it to PRE...

NEW ALGORITHM FOR WIRELESS NETWORK COMMUNICATION SECURITY Sirwan Ahmed 1 and Majeed Nader 2   1 Department of CNS/ATM, Sulaimaniyah International Airport, Sulaimani, Iraq 2 Department of Electrical and Computer Engineering, Wayne State University, Detroit, USA ABSTRACT This paper evaluates the security of wireless communication network based on the fuzzy logic in Mat lab. A new algorithm is proposed and evaluated which is the hybrid algorithm. We highlight the valuable assets in designing of wireless network communication system based on network simulator (NS2), which is crucial to protect security of the systems. Block cipher algorithms are evaluated by using fuzzy logics and a hybrid algorithm is proposed. Both algorithms are evaluated in term of the security level. Logic (AND) is used in the rules of modelling and Mamdani Style is used for the evaluations KEYWORDS   NS2, TCL, C++, Stream Cipher, Block cipher, Fuzzy logic. SOURCE URL ...

RANDOMIZATION-BASED BLOCK CIPHER WITH KEY-MAPPED S-BOX SELECTION Krishna Prasad Nandeti 1 , Dr. Anshuman Singh 2 and Dr. Mahmoud Yousef 3   1 Graduate Assistant, University of Central Missouri, Warrensburg, USA 2 Asst. Professor of Computer Science, University of Central Missouri, Warrensburg, USA 3 Professor of Computer Science, University of Central Missouri, Warrensburg, USA ABSTRACT This paper proposes a new system of Substitution-Permutation network along with Randomization Expansion of 240 bits of input data. System uses 16 S-Boxes which are selected randomly based on the subkey values throughout 64 rounds of substitution steps. 64 sub-keys are generated during the SubstitutionPermutation process. The middletext is transposed based on decimal value of the sub-key generated during the each round. A CBC mode is the best associated with this system. KEYWORDS   Middletext, Randomization, SP-network, S-Box, CBC SOURCE URL https://wireilla...

HARDWARE TROJAN IDENTIFICATION AND DETECTION  Samer Moein1 , Fayez Gebali1 , T. Aaron Gulliver1 , And Abdulrahman Alkandari2  1Department of Electrical and Computer Engineering, University of Victoria, Victoria, BC, Canada 2Department of Computer Science, Public Authority for Applied Education and Training, Kuwait City, Kuwait  ABSTRACT  The majority of techniques developed to detect hardware trojans are based on specific attributes. Further, the ad hoc approaches employed to design methods for trojan detection are largely ineffective. Hardware trojans have a number of attributes which can be used to systematically develop detection techniques. Based on this concept, a detailed examination of current trojan detection techniques and the characteristics of existing hardware trojans is presented. This is used to develop a new approach to hardware trojan identification and classification. This identification can be used to compare trojan risk or sev...

PRIVACY PRESERVING USER AUTHENTICATION SCHEME BASED ON SMART CARD Beaton Kapito 1 , Patrick Ali 1 , Levis Eneya 1 and Hyunsung Kim 1,2   1 Mathematical Sciences Department, University of Malawi, Chancellor College, Zomba, Malawi  2 Department of Cyber Security, Kyungil University, Kyungbuk, Korea ABSTRACT One of the most commonly used user authentication mechanisms is two factor authentication based on smart card and password. The core feature of the scheme is to enforce that the user must have the smart card and know the password in order to gain access to server. Recently, Liu et al. proposed a smart card based password authentication scheme and argued that it is secure against insider attack, replay attack and man in the middle attack and provides perfect forward secrecy. In this paper, we show security weaknesses in Liu et al.’s scheme focused on off-line password guessing attack and masquerading attack and it does not provide perfect forward secr...

HARDWARE ATTACK MITIGATION TECHNIQUES ANALYSIS               Samer Moein 1 , T. Aaron Gulliver 1 , Fayez Gebali 1 and Abdulrahman Alkandari 2 1 Electrical and Computer Engineering, University of Victoria, BC, Canada   2 Department of Computer, Public Authority for Applied Education and Training, Kuwait City, Kuwait ABSTRACT The goal of a hardware attack is to physically access a digital system to obtain secret information or modify the system behavior. These attacks can be classified as covert or overt based on the awareness of the attack. Each hardware attack has capabilities as well as objectives. Some employ hardware trojans, which are inserted during, manufacture, while others monitor system emissions. Once a hardware attack has been identified, mitigation techniques should be employed to protect the system. There are now a wide variety of techniques, which can be used against hardware ...

A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATA Abiodun O. Odedoyin 1 , Helen O. Odukoya 2 and Ayodeji O. Oluwatope 3  1 Information Technology and Communications Unit, Obafemi Awolowo University, IleIfe, Nigeria.  2,3 Department of Computer Science and Engineering, Obafemi Awolowo University, Ile-Ife, Nigeria.  ABSTRACT  Modern cryptography targeted towards providing data confidentiality still pose some limitations. The security of public-key cryptography is based on unproven assumptions associated with the hardness complicatedness of certain mathematical problems. However, public-key cryptography is not unconditionally secure: there is no proof that the problems on which it is based are intractable or even that their complexity is not polynomial. Therefore, public-key cryptography is not immune to unexpectedly strong computational power or better cryptanalysis techniques. The strength of modern cryptography is being weakened a...