Springer Science and Business Media LLC

A great advantage of oriental clinic is its ability to dispense with high-tech medical appliances and identify symptoms of diseases by simply analyzing pulse waves of patients. If the technology of remote controlled electronic needle can be utilized, it can be applied anywhere anytime by a web-based system and the data of pulse and tongue diagnosis can be sent to doctors and patients, for example, wounded soldiers in a remote place can get treatment. For the purpose of developing such a technology, the present paper presents intelligent electronic needles that can be used regardless of time and place by applying fuzzy logic inference to the data of pulse and tongue diagnosis.

DDoS (distributed denial of service) attack is one of the most effective cyber-attack on the Internet. Many researchers focus on DDoS countermeasures. Many countermeasures of DDoS have been developed. However, there is no perfect solution for DDoS because DDoS attacks use normal requests which are hardly detected. DDoS attacks typically exhaust bandwidth, processing capacity, or memory of a targeted machine, service or network. Despite countless efforts in against DDoS attacks in the past decade, DDoS attacks are still a serious threat to the Internet environment. In this research, DNS cyber shelter is proposed. DNS cyber shelter is sort of DMZ (DE military Zone) which is separated by inside networks. DNS cyber shelter monitors or analyzes every outside requests for possible malicious behaviors or threats. Therefore, DNS cyber shelter will be able to detect and defense DDoS attack effectively.

Exfiltration of private data from mobile devices is a potential security threat. Previous research concerning such threats has generally focused on techniques that are only valid over short distances (e.g., NFC, Bluetooth, electromagnetic emanations) or fail to be entirely covert. In this research, we develop and analyze an exfiltration attack that has no distance limitation and is completely covert. Specifically, we take advantage of vulnerabilities in Android that enable us to covertly record and exfiltrate a voice call. This paper presents a successful implementation of our attack, which records a call (both uplink and downlink voice streams), and subsequently transmits the recorded voice over an inaudible call. No visual or audio indication is given to the victim during the record or replay phases of the attack. We provide a detailed exposition of our attack, and we briefly consider the challenge of providing strong counter measures to such attacks.

Today, mobile Botnets are well known in the IT security field. Whenever we talk about Botnets on mobile phones, we mostly deal with denial of service attacks (Kifayat and Wilson http://www.cms.livjm.ac.uk/pgnet2012/Proceedings/Papers/1569607737.pdf , 2012). This is due to the fact that we refer to classical Botnets on computers. But mobile phones are “mobiles” by definition. Indeed, they offer a lot of information not present on personal computers. They have a lot of sensors which are interesting for attackers. Most of the time, we used to think that targeted attacks have a single target. But with mobile phones, targeting a group of people does make sense. Coupled with data collected by the Sat Nav, we could so be able to localize with a certain probability meeting points in a criminal organization. By this way of attacking, we can deduce lots of things by cross-checking information obtained on devices. Thereby, this paper will aim to show the potential offered by such attacks. Firstly, this paper will focus on localization data. Furthermore, an implementation of an Android botnet and its server side part will be presented for illustrative purposes. Besides, the major part of the source code used will be included step by step in this paper. This paper aims to be technical because the author does not want to show any theory without trying some practicals tests with real and technical constraints.

Các điện thoại thông minh chạy hệ điều hành Android đang ngày càng trở nên phổ biến do tính hiệu quả về chi phí và nhiều ứng dụng khác nhau. Những điện thoại thông minh này cung cấp trải nghiệm đầy đủ của một thiết bị máy tính cho người dùng của mình, và thường được sử dụng như một máy tính cá nhân. Do hệ điều hành Android là phần mềm mã nguồn mở, nhiều nhà phát triển đã đóng góp vào việc phát triển nó nhằm làm cho giao diện trở nên hấp dẫn hơn và tinh chỉnh hiệu suất. Để thu hút sự chú ý hơn, nhiều phiên bản hoàn thiện hơn đã được cung cấp cho khách hàng, và phản hồi của họ sẽ giúp làm cho nó trở nên mạnh mẽ và thân thiện với người dùng hơn. Tuy nhiên, điều này đã thu hút nhiều lập trình viên mã độc nhằm giành quyền truy cập ẩn danh vào dữ liệu riêng tư của người dùng. Hơn nữa, phần mềm độc hại dẫn đến tăng mức tiêu thụ tài nguyên. Để ngăn chặn điều này, nhiều kỹ thuật hiện đang được sử dụng bao gồm phát hiện dựa trên phân tích tĩnh và phát hiện dựa trên phân tích động. Nhưng, do sự phát triển trong kỹ thuật viết mã độc cho Android, một số kỹ thuật này đang gặp khó khăn. Do đó, cần có một phương pháp phát hiện phần mềm độc hại trên Android hiệu quả, cho đó các nghiên cứu thực nghiệm đã được thực hiện trong công trình hiện tại, sử dụng các đặc điểm tĩnh của ứng dụng Android như Quyền tiêu chuẩn với các cuộc gọi Giao diện lập trình ứng dụng (API), Quyền không tiêu chuẩn với các cuộc gọi API, và các cuộc gọi API với Quyền chuẩn và không chuẩn. Để lựa chọn các đặc điểm nổi bật, các Kỹ thuật Lựa chọn Đặc điểm (FSTs) như BI-Normal Separation (BNS), Thông tin Tương hỗ (MI), Điểm Tương quan (RS), và Kullback-Leibler (KL) đã được áp dụng và hiệu quả của chúng được đo bằng cách sử dụng bộ phân loại Machine vector hỗ trợ tuyến tính (L-SVM). Đã quan sát thấy rằng bộ phân loại này đạt được độ chính xác phát hiện phần mềm độc hại trên Android là 99,6% cho các đặc điểm kết hợp như được đề xuất bởi FST BI-Normal Separation.

Comprehensive adoption of distributed ledger technology and blockchain in enterprises might disrupt financial and other sectors. At the same time, there are some barriers to rolling out the technology in practice. One of the significant issues concerns information security and privacy in the blockchain. Some methods for private transactions such as mixed networks, ring signatures, and off-chain protocols address certain data privacy issues, but do not provide the blockchain characteristics such as decentralized storing systems and immutability verification of private data. This article examines zero-knowledge proof (ZKP) methods for corporate blockchain networks. The article reviews existing methods for private transactions, observes the implementation of ZKP methods, and discusses performance and scalability issues.

This work is about wireless communications technologies embedded in portable devices, namely Wi-Fi, Bluetooth and GSM. Focusing on Wi-Fi, we study the privacy issues and potential missuses that can affect the owners of wireless-enabled portable devices. Wi-Fi enable-devices periodically broadcast in plain-text their unique identifier along with other sensitive information. As a consequence, their owners are vulnerable to a range of privacy breaches such as the tracking of their movement and inference of private information (Cunche et al. in Pervasive Mobile Comput, 2013; Greenstein in Proceedings of the 11th USENIX workshop on hot topics in operating systems, pp 10:1–10:6. USENIX Association, Berkeley, 2007). As serious as those information leakage can be, linking a device with an individual and its real world identity is not a straightforward task. Focusing on this problem, we present a set of attacks that allow an attacker to link a Wi-Fi device to its owner identity. We present two methods that, given an individual of interest, allow identifying the MAC address of its Wi-Fi enabled portable device. Those methods do not require a physical access to the device and can be performed remotely, reducing the risks of being noticed. Finally we present scenarios in which the knowledge of an individual MAC address could be used for mischief.

The development of cryptocurrency has led to an increase in a type of malware called ransomware. Ransomware is a family of malware that uses malicious techniques to prevent users from accessing their systems or data. Ransomware threatens all industries, from health and hospitals to banks, training centers, and manufacturers of goods. Therefore, early ransomware detection is critical. Most researchers try to identify ransomware by examining the behavior of the software at runtime. Therefore, these approaches are costly and require resources to run every software. In this paper, ransomware detection is conducted without running the software and without any special pre-processing, only using the headers of the executable file. In the proposed approach, a graph is created using the headers of executable files (specifically portable executable files) and then the graph is mapped in an eigenspace using the “Power Iteration” method. This mapping converts an executable file to a feature vector, which is eventually used to train a Random Forest classifier. Acceptable computational complexity in large datasets compared to previous methods and high detection rates are the main advantages of the proposed method.

Since integrity of data on cloud cannot be assured, several clients and users hesitate to upload their crucial data to the cloud, which eventually hinders cloud storage development. One of the biggest challenges with respect to cloud security is to ensure data confidentiality and one of the solutions to this issue can be by restricting unauthorized access to user data stored on cloud. In due course of time much research has been proposed using cryptographic techniques along with access control model(s) to deal with security issues pertaining to untrusted cloud environments. This work illustrates Role-Based access control policies over user data and permits the owner of the data to store it in an encrypted pattern to the cloud, thereby, allowing only permissible roles to access the data. Hence, the proposed work is an amalgamation of Role-Based Encryption (RBE) scheme using Identity and Broadcast based Encryption scheme to ensure data integrity in public clouds. In this paper we discuss the usage of several algorithmic modules that demonstrates how roles are governed by the membership rights, user revocation, encryption and decryption processes. Finally, the proposed model is compared with its peers on the basis of encryption and decryption time.