TOC: IJISP Special Issue on Cryptography

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The contents of the latest issue of:

International Journal of Information Security and Privacy (IJISP)

Official Publication of the Information Resources Management Association

Volume 3, Issue 3, July-September 2009

Published: Quarterly in Print and Electronically

ISSN: 1930-1650 EISSN: 1930-1669

Published by IGI Publishing, Hershey-New York, USA

www.igi-global.com/ijisp

 

Editor-in-Chief: Hamid Nemati, University of North Carolina at Greensboro, USA

 

Special Issue: Cryptography

 

GUEST EDITORIAL PREFACE

 

Cryptographical Issues in Information Security and Privacy

 

Li Yang, The University of Tennessee at Chattanooga, USA

 

The amount of information presented in the digital form and spread over the world is now very large, and this information requires protection against malicious intrusion, eavesdrops, substitution, falsification, and so on. Cryptography provides the most efficient services for defending against these threats and holds great promise as the technology to provide security in cyberspace, especially when security becomes one of top concerns for business worldwide. Cryptography studies methods of information encryption and provides us with information security. This special issue contains six very impressive articles covering a wide range of topics in cryptography that investigate cryptographic requirements in emerging areas and adapt cryptographic solutions to the emerging areas. The authors focus on these real-world constraints and requirements and discuss how cryptography is applied in various emerging application areas.

 

To read the guest editorial preface, please consult this issue of IJISP in your library.

 

PAPER ONE

 

Security and Privacy Issues in Secure E-Mail Standards and Services

 

Lei Chen, Sam Houston State University, USA

Wen-Chen Hu, University of North Dakota, USA

Ming Yang, Jacksonville State University, USA

Lei Zhang, Frostburg State University, USA

 

Secure e-mail standards, such as pretty good privacy (PGP) and secure / multipurpose Internet mail extension (S/MIME), apply cryptographic algorithms to provide secure and private e-mail services over the public Internet. In this article, the authors review a number of cryptographic ciphers, trust and certificate systems, and key management systems and infrastructures widely used in secure e-mail standards and services. The authors then focus on the discussion of several essential security and privacy issues, such as cryptographic cipher selection and operation sequences in both PGP and S/MIME. This article provides readers a comprehensive impression of the security and privacy in the current secure e-mail services.

 

To obtain a copy of the entire article, click on the link below.

http://www.infosci-on-demand.com/content/details.asp?ID=35263

 

PAPER TWO

 

Applied Cryptography for Security and Privacy in Wireless Sensor Networks

 

Dulal C. Kar, Texas A&M University-Corpus Christi, USA

Hung L. Ngo, Texas A&M University-Corpus Christi, USA

Geetha Sanapala, Texas A&M University-Corpus Christi, USA

 

It is challenging to secure a wireless sensor network (WSN) because its inexpensive, tiny sensor nodes do not have the necessary processing capability, memory capacity, and battery life to take advantage of the existing security solutions for traditional networks. Existing security solutions for wireless sensor networks are mostly based on symmetric key cryptography with the assumption that sensor nodes are embedded with secret, temporary startup keys before deployment thus avoiding any use of computationally demanding public key algorithms altogether; however, symmetric key cryptography alone cannot satisfactorily provide all security needs for wireless sensor networks. This article summarizes, discusses, and evaluates recent symmetric key-based results reported in literature on sensor network security protocols, such as for key establishment, random key pre-distribution, data confidentiality, data integrity, and broadcast authentication, as well as exposes limitations and issues related to those solutions for WSNs. The authors present significant advancements in public key cryptography for WSNs with promising results from elliptic curve cryptography and identity-based encryption as well as their limitations for WSNs.

 

To obtain a copy of the entire article, click on the link below.

http://www.infosci-on-demand.com/content/details.asp?ID=35264

 

PAPER THREE

 

Cryptographic and Steganographic Approaches to Ensure Multimedia Information Security and Privacy

 

Ming Yang, Jacksonville State University, USA

Monica Trifas, Jacksonville State University, USA

Guillermo Francia III, Jacksonville State University, USA

Lei Chen, Sam Houston State University, USA

 

Information security and privacy have traditionally been ensured with data encryption techniques. Generic data encryption standards, such as DES, RSA, AES, are not very efficient in the encryption of multimedia contents due to the large volume. In order to address this issue, the authors develop different image/video encryption methodologies. Joint compression-encryption is a very promising direction for image/video encryption. Nowadays, researchers start to utilize information hiding techniques to enhance the security level of data encryption methodologies. In terms of the amount of data to be embedded, information hiding methodologies can be classified into low bitrate and high bitrate algorithms. In terms of the domain for embedding, the methodologies can be classified into spatial domain and transform domain algorithms. The authors review different categories of information hiding methodologies, as well as data embedding and watermarking strategies for digital video contents. In addition, the authors present a joint cryptograph-steganography methodology, which combines both encryption and information hiding techniques to ensure patient information security and privacy in medical images.

 

To obtain a copy of the entire article, click on the link below.

http://www.infosci-on-demand.com/content/details.asp?ID=35265

 

PAPER FOUR

 

Cloak and Dagger: Man-In-The-Middle and Other Insidious Attacks

 

Ramakrishna Thurimella, University of Denver, USA

William Mitchell, University of Denver, USA

 

One of the most devastating forms of attack on a computer is when the victim doesn’t even know an attack occurred. The authors explore various forms of man in the middle (MITM) attacks, including ARP spoofing, fake SSL certificates, and bypassing SSL. This article introduces and analyzes two key pieces of crimeware: rootkits and botnets. In addition, the authors suggest general strategies to protect against such attacks.

 

To obtain a copy of the entire article, click on the link below.

http://www.infosci-on-demand.com/content/details.asp?ID=35266

 

PAPER FIVE

 

Fair Electronic Exchange Based on Fingerprint Biometrics

 

Harkeerat Bedi, University of Tennessee at Chattanooga, USA

Li Yang, University of Tennessee at Chattanooga, USA

 

Fair exchange between two parties can be defined as an instance of exchange such that either both parties obtain what they expected or neither one does. Protocols that facilitate such transactions are known as “fair exchange protocols”. In this article, the authors analyze one such protocol by Micali that demonstrates fair contract signing, where two parties exchange their commitments over an already negotiated contract. This article demonstrates the possibilities for party cheating by obtaining the other party’s commitment and not offers theirs. A revised version of this protocol by Bao provides superior fairness by handling the above mentioned weakness but fails to handle the possibility of a replay attack. The authors address their protocol improving upon Bao’s protocol and demonstrate a software implementation of our system.

 

To obtain a copy of the entire article, click on the link below.

http://www.infosci-on-demand.com/content/details.asp?ID=35267

 

PAPER SIX

 

Secure and Private Service Discovery in Pervasive Computing Environments

 

Feng Zhu, University of Alabama in Huntsville, USA

Wei Zhu, Intergraph Co, USA

 

In pervasive computing environments, service discovery is an essential step for computing devices to properly discover, configure, and communicate with each other. In this article, the authors introduce a user-centric service discovery model, called PrudentExposure, which automates authentication processes. Traditional authentication approaches requires much users’ involvement. PrudentExposure encodes hundreds of authentication messages in a novel code word form. Moreover, this article discusses how a progressive and probabilistic model can protect both users’ and service providers’ privacy.

To obtain a copy of the entire article, click on the link below.

http://www.infosci-on-demand.com/content/details.asp?ID=35268

 

For full copies of the above articles, check for this issue of the International Journal of Information Security and Privacy (IJISP) in your institution's library.  This journal is also included in the IGI Global aggregated " InfoSci-Journals" database:  www.infosci-journals.com.

 

CALL FOR PAPERS

 

Mission of IJISP:

 

The overall mission of the International Journal of Information Security and Privacy (IJISP) is to create and foster a forum where research in the theory and practice of information security and privacy is advanced. This journal strives to serve a diverse readership by publishing articles in a range of topics in information security and privacy that would appeal to a broad cross-sectional and multi disciplinary readership ranging from the academic and professional research communities to industry practitioners. IJISP seeks to publish a balanced mix of high quality theoretical or empirical research articles, case studies, book reviews, tutorials, editorials as well as pedagogical and curricular issues surrounding information security and privacy.

Coverage of IJISP:

 

The International Journal of Information Security and Privacy (IJISP) publishes a full spectrum of high quality papers dealing with a wide range of issues, ranging from technical, regulatory, organizational, managerial, cultural, ethical, and human aspects of information security and privacy. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, and infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.

 

In addition to the topics mentioned above, other topics of interest to the journal include (but are not limited to) the following:

 

·         Agents and mobile communication systems

·         Authentication and authorization of users, systems, and applications

·         Businesses models and systems with security and privacy requirements and management

·         Case studies in security and privacy

·         Civil rights and liberties

·         Computer worms and viruses

·         Consumer and business practices and trends

·         Cryptographic techniques and protocols

·         Database issues in privacy protection

·         Developing enterprise management of security and privacy policies and infrastructures

·         Development of formal models and definitions

·         Distributed, forward, and proactive policies and procedures

·         Distributed marketplaces, auctions, and gaming

·         Economic impact analysis

·         Electronic commerce, banking, and payment protocols

·         Encryption, authentication, and access control

·         Enhancements for Storage Area Networks

·         E-services, e-voting, and e-government

·         File and file system security and privacy

·         Firewall technologies, policies, and trends

·         Global issues

·         Hacking and corruptions

·         Hacking, cyber-terrorism, and intrusion detection

·         Heterogeneous and large-scale environments

·         Identity and privacy confidentiality

·         Legal, regulatory, and compliance issues

·         Malicious codes and attacks against networks

·         Multiparty communications, co-operations, and computations

·         Networks and security protocols

·         Peer-to-Peer computing

·         Preserving and enhancing technologies and initiatives

·         Relationships and trade-offs between security and privacy

·         Security and privacy techniques, management, and protocols

·         Tools, techniques, methods, and frameworks

·         Trends and new developments

·         Trust architectures and underlying infrastructures

·         World Wide Web authentication and authorization

 

Interested authors should consult the journal's manuscript submission guidelines at www.igi-global.com/ijisp. 

 

All inquiries and submissions should be sent to:

Editor-in-Chief: Dr. Hamid Nemati at Hamid_Nemati@uncg.edu