E-Mail Alert

Add your e-mail address to receive forthcoming issues of this journal:

Journal Browser

Journal Browser

Special Issue "Applied Cryptography and Security Concerns based on Symmetry for the Future Cyber World"

Quicklinks

A special issue of Symmetry (ISSN 2073-8994).

Deadline for manuscript submissions: closed (28 February 2015)

Special Issue Editors

Guest Editor
Prof. Dr. Young-Sik Jeong

Department of Multimedia Engineering, Dongguk University, Seoul, Korea
Website | E-Mail
Interests: Cloud computing, Ubiquitous computing, Internet of Things and M2M, Cyber physical system , Ubiquitous intelligent systems, Smart appliances
Guest Editor
Prof. Dr. Laurence T. Yang

Department of Computer Science, St. Francis Xavier University, Antigonish, NS, B2G 2W5, Canada
Website | E-Mail
Interests: applied cryptography and security; ubiquiitous computing; parallel and distributed systems and intelligent systems
Guest Editor
Prof. Dr. Stefanos Gritzalis

Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Samos, GR-83200, Greece
Website | E-Mail
Fax: +30 22730 82234
Interests: asymetric-key infrastructure; computer networks and security, and cloud computing security and privacy

Special Issue Information

Dear Colleagues,

Recent advances of symmetry theory on the Future Cyber World (FCW) have posed great challenges to information technology. Together with these trends, advanced applied cryptography and security have become a growing issue as well as an indispensable research topic for the future of computing and communications. For applied cryptography and advanced security services, many researchers and developers would like to apply symmetry theories and technologies, that is, the rules of a formal system as a mathematical pattern of self-similarity such as reflectional, rotational, translational, point reflection and other involutive isometrics, and so on. The detailed discussion of the research issues of applied cryptography and advanced security concerns based on symmetric and asymmetric key cryptography covers, amongst others: confidentiality, integrity, and availability, including the various areas of applications. In particular, these topics will be the most comprehensive field focused on the important aspects of advanced models, technologies, applications and services for FCW.

This special issue aims to provide an advanced theory and application for researchers and practitioners to contribute with original research and review articles that present the state-of-the-art research outcomes, practical results, latest findings and future evolutions of mathematics in applied cryptosystems and security concerns based on symmetry for FCW.  Original and research articles are solicited in all aspects, including: theoretical studies, practical applications, new techniques and experimental prototypes. All submitted papers will be peer-reviewed and selected on the basis of both their quality and their relevance to the theme of this special issue.

Potential topics include, but are not limited to:

  • Applied cryptosystem based on symmetry for FCW
  • Advanced symmetric key cryptosystem
  • Advanced asymmetric key cryptosystem
  • Symmetry in security services for FCW
  • Symmetry in security applications for FCW
  • Symmetry in network and embedded system security
  • Methods for improving efficiency or accuracy in security for FCW
  • Cryptography algorithms in smart devices for FCW
  • Secure and trusted service framework and architectures for FCW
  • Computational models of secure communication mechanisms for FCW
  • Privacy-enhancing technology for FCW
  • Access control for FCW
  • Security protocols for FCW
  • Other symmetry issues in applied cryptography and security concerns for FCW

Prof. Dr. Young-Sik Jeong
Prof. Dr. Laurence T. Yang
Prof. Dr. Stefanos Gritzalis
Guest Editors

Submission

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. Papers will be published continuously (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are refereed through a peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Symmetry is an international peer-reviewed Open Access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 800 CHF (Swiss Francs).


Keywords

  • applied cryptosystem
  • symmetric key
  • asymmetric key
  • symmetry in security

Published Papers (10 papers)

View options order results:
result details:
Displaying articles 1-10
Export citation of selected articles as:

Research

Jump to: Other

Open AccessArticle Design of IP Camera Access Control Protocol by Utilizing Hierarchical Group Key
Symmetry 2015, 7(3), 1567-1586; doi:10.3390/sym7031567
Received: 26 March 2015 / Revised: 29 July 2015 / Accepted: 20 August 2015 / Published: 27 August 2015
Cited by 2 | PDF Full-text (1056 KB) | HTML Full-text | XML Full-text
Abstract
Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network
[...] Read more.
Unlike CCTV, security video surveillance devices, which we have generally known about, IP cameras which are connected to a network either with or without wire, provide monitoring services through a built-in web-server. Due to the fact that IP cameras can use a network such as the Internet, multiple IP cameras can be installed at a long distance and each IP camera can utilize the function of a web server individually. Even though IP cameras have this kind of advantage, it has difficulties in access control management and weakness in user certification, too. Particularly, because the market of IP cameras did not begin to be realized a long while ago, systems which are systematized from the perspective of security have not been built up yet. Additionally, it contains severe weaknesses in terms of access authority to the IP camera web server, certification of users, and certification of IP cameras which are newly installed within a network, etc. This research grouped IP cameras hierarchically to manage them systematically, and provided access control and data confidentiality between groups by utilizing group keys. In addition, IP cameras and users are certified by using PKI-based certification, and weak points of security such as confidentiality and integrity, etc., are improved by encrypting passwords. Thus, this research presents specific protocols of the entire process and proved through experiments that this method can be actually applied. Full article
Open AccessArticle Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information
Symmetry 2015, 7(3), 1176-1210; doi:10.3390/sym7031176
Received: 28 February 2015 / Revised: 8 June 2015 / Accepted: 18 June 2015 / Published: 2 July 2015
Cited by 5 | PDF Full-text (939 KB) | HTML Full-text | XML Full-text
Abstract
Information technology (IT) security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are
[...] Read more.
Information technology (IT) security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods. Full article
Open AccessArticle Design of a Distributed Personal Information Access Control Scheme for Secure Integrated Payment in NFC
Symmetry 2015, 7(2), 935-948; doi:10.3390/sym7020935
Received: 16 January 2015 / Revised: 20 April 2015 / Accepted: 27 May 2015 / Published: 2 June 2015
Cited by 2 | PDF Full-text (523 KB) | HTML Full-text | XML Full-text
Abstract
At the center of core technologies for a future cyber world, such as Internet of Things (IoT) or big data, is a context-rich system that offers services by using situational information. The field where context-rich systems were first introduced is near-field communication (NFC)-based
[...] Read more.
At the center of core technologies for a future cyber world, such as Internet of Things (IoT) or big data, is a context-rich system that offers services by using situational information. The field where context-rich systems were first introduced is near-field communication (NFC)-based electronic payments. Near-field Communication (NFC) integrated payment services collect the payment information of the credit card and the location information to generate patterns in the user’s consumption or movement through big data technology. Based on such pattern information, tailored services, such as advertisement, are offered to users. However, there is difficulty in controlling access to personal information, as there is a collaborative relationship focused on the trusted service manager (TSM) that is close knit to shared personal information. Moreover, in the case of Hadoop, among the many big data analytical technologies, it offers access control functions, but not a way to authorize the processing of personal information, making it impossible to grant authority between service providers to process information. As such, this paper proposes a key generation and distribution method, as well as a secure communication protocol. The analysis has shown that the efficiency was greater for security and performance compared to relation works. Full article
Open AccessArticle The Digital Fingerprinting Analysis Concerning Google Calendar under Ubiquitous Mobile Computing Era
Symmetry 2015, 7(2), 383-394; doi:10.3390/sym7020383
Received: 28 December 2014 / Revised: 23 March 2015 / Accepted: 8 April 2015 / Published: 17 April 2015
Cited by 1 | PDF Full-text (14637 KB) | HTML Full-text | XML Full-text
Abstract
Internet Communication Technologies (ICTs) are making progress day by day, driven by the relentless need to utilize them for everything from leisure to business. This inevitable trend has dramatically changed contemporary digital behavior in all aspects. Undoubtedly, digital fingerprints will be at some
[...] Read more.
Internet Communication Technologies (ICTs) are making progress day by day, driven by the relentless need to utilize them for everything from leisure to business. This inevitable trend has dramatically changed contemporary digital behavior in all aspects. Undoubtedly, digital fingerprints will be at some point unwarily left on crime scenes creating digital information security incidents. On the other hand, corporates in the private sector or governments are on the edge of being exploited in terms of confidential digital information leakages. Some digital fingerprinting is volatile by its nature. Alternatively, once the power of computing devices is no longer sustainable, these digital traces could disappear forever. Due to the pervasive usage of Google Calendar and Safari browser among network communities, digital fingerprinting could be disclosed if forensics is carried out in a sound manner, which could be admitted in a court of law as probative evidences concerning certain cybercrime incidents. Full article
Figures

Open AccessArticle Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting
Symmetry 2015, 7(1), 105-124; doi:10.3390/sym7010105
Received: 1 November 2014 / Revised: 18 December 2014 / Accepted: 16 January 2015 / Published: 27 January 2015
Cited by 3 | PDF Full-text (357 KB) | HTML Full-text | XML Full-text
Abstract
We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in
[...] Read more.
We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary. Full article
Open AccessArticle A Study on Electronic-Money Technology Using Near Field Communication
Symmetry 2015, 7(1), 1-14; doi:10.3390/sym7010001
Received: 11 August 2014 / Accepted: 4 December 2014 / Published: 26 December 2014
Cited by 3 | PDF Full-text (616 KB) | HTML Full-text | XML Full-text
Abstract
Recently, due to the introduction of NFC (Near Field Communication), it has become possible to make easy electronic payments. Therefore, a secure communication method is necessary in these environments. NFC can be said to be relatively safe compared to other communication methods, because
[...] Read more.
Recently, due to the introduction of NFC (Near Field Communication), it has become possible to make easy electronic payments. Therefore, a secure communication method is necessary in these environments. NFC can be said to be relatively safe compared to other communication methods, because it carries out communications within 10 cm. However, it has made possible the risk of impersonation attacks by a disguised reader, leaving user information on the reader. In order to solve these problems, in this paper, we propose an authentication scheme that can reduce the weight of computation by using only a hash function and XOR (eXclusive OR) operation algorithms. This paper also shows that our method is safe, since it leaves no information with the other party. Full article
Figures

Open AccessArticle Privacy-Enhancing Security Protocol in LTE Initial Attack
Symmetry 2014, 6(4), 1011-1025; doi:10.3390/sym6041011
Received: 14 August 2014 / Revised: 24 October 2014 / Accepted: 1 December 2014 / Published: 12 December 2014
Cited by 5 | PDF Full-text (1133 KB) | HTML Full-text | XML Full-text
Abstract
Long-Term Evolution (LTE) is a fourth-generation mobile communication technology implemented throughout the world. It is the communication means of smartphones that send and receive all of the private date of individuals. M2M, IOT, etc., are the base technologies of mobile communication that will
[...] Read more.
Long-Term Evolution (LTE) is a fourth-generation mobile communication technology implemented throughout the world. It is the communication means of smartphones that send and receive all of the private date of individuals. M2M, IOT, etc., are the base technologies of mobile communication that will be used in the future cyber world. However, identification parameters, such as International Mobile Subscriber Identity (IMSI), Radio Network Temporary Identities (RNTI), etc., in the initial attach section for accessing the LTE network are presented with the vulnerability of being exposed as clear text. Such vulnerability does not end in a mere identification parameter, but can lead to a secondary attack using the identification parameter, such as replication of the smartphone, illegal use of the mobile communication network, etc. This paper proposes a security protocol to safely transmit identification parameters in different cases of the initial attach. The proposed security protocol solves the exposed vulnerability by encrypting the parameters in transmission. Using an OPNET simulator, it is shown that the average rate of delay and processing ratio are efficient in comparison to the existing process. Full article
Open AccessArticle MLDS: Multi-Layer Defense System for Preventing Advanced Persistent Threats
Symmetry 2014, 6(4), 997-1010; doi:10.3390/sym6040997
Received: 1 October 2014 / Revised: 24 November 2014 / Accepted: 24 November 2014 / Published: 3 December 2014
Cited by 3 | PDF Full-text (737 KB) | HTML Full-text | XML Full-text
Abstract
Here we report on the issue of Advanced Persistent Threats (APT), which use malware for the purpose of leaking the data of large corporations and government agencies. APT attacks target systems continuously by utilizing intelligent and complex technologies. To overthrow the elaborate security
[...] Read more.
Here we report on the issue of Advanced Persistent Threats (APT), which use malware for the purpose of leaking the data of large corporations and government agencies. APT attacks target systems continuously by utilizing intelligent and complex technologies. To overthrow the elaborate security network of target systems, it conducts an attack after undergoing a pre-reconnaissance phase. An APT attack causes financial loss, information leakage, etc. They can easily bypass the antivirus system of a target system. In this paper, we propose a Multi-Layer Defense System (MLDS) that can defend against APT. This system applies a reinforced defense system by collecting and analyzing log information and various information from devices, by installing the agent on the network appliance, server and end-user. It also discusses how to detect an APT attack when one cannot block the initial intrusion while continuing to conduct other activities. Thus, this system is able to minimize the possibility of initial intrusion and damages of the system by promptly responding through rapid detection of an attack when the target system is attacked. Full article
Open AccessArticle Design of a Secure System Considering Quality of Service
Symmetry 2014, 6(4), 938-953; doi:10.3390/sym6040938
Received: 14 August 2014 / Revised: 5 November 2014 / Accepted: 7 November 2014 / Published: 13 November 2014
Cited by 1 | PDF Full-text (786 KB) | HTML Full-text | XML Full-text
Abstract
Improvements in networking technologies have provided users with useful information services. Such information services may bring convenience and efficiency, but might be accompanied by vulnerabilities to a variety of attacks. Therefore, a variety of research to enhance the security of the systems and
[...] Read more.
Improvements in networking technologies have provided users with useful information services. Such information services may bring convenience and efficiency, but might be accompanied by vulnerabilities to a variety of attacks. Therefore, a variety of research to enhance the security of the systems and get the services at the same time has been carried out. Especially, research on intrusion-tolerant systems (ITSs) has been conducted in order to survive against every intrusion, rather than to detect and prevent them. In this paper, an ITS based on effective resource conversion (ERC) is presented to achieve the goal of intrusion-tolerance. Instead of using the fixed number of virtual machines (VMs) to process requests and recover as in conventional approaches, the ITS based on ERC can transform the assigned resources depending on the system status. This scheme is proved to maintain a certain level of quality of service (QoS) and quality of security service (QoSS) in threatening environments. The performance of ERC is compared with previous studies on ITS by CSIM 20, and it is verified that the proposed scheme is more effective in retaining a specific level of QoS and QoSS. Full article

Other

Jump to: Research

Open AccessTechnical Note Study on User Authority Management for Safe Data Protection in Cloud Computing Environments
Symmetry 2015, 7(1), 269-283; doi:10.3390/sym7010269
Received: 15 January 2015 / Revised: 26 February 2015 / Accepted: 10 March 2015 / Published: 19 March 2015
Cited by 3 | PDF Full-text (832 KB) | HTML Full-text | XML Full-text
Abstract
In cloud computing environments, user data are encrypted using numerous distributed servers before storing such data. Global Internet service companies, such as Google and Yahoo, recognized the importance of Internet service platforms and conducted self-research and development to create and utilize large cluster-based
[...] Read more.
In cloud computing environments, user data are encrypted using numerous distributed servers before storing such data. Global Internet service companies, such as Google and Yahoo, recognized the importance of Internet service platforms and conducted self-research and development to create and utilize large cluster-based cloud computing platform technology based on low-priced commercial nodes. As diverse data services become possible in distributed computing environments, high-capacity distributed management is emerging as a major issue. Meanwhile, because of the diverse forms of using high-capacity data, security vulnerability and privacy invasion by malicious attackers or internal users can occur. As such, when various sensitive data are stored in cloud servers and used from there, the problem of data spill might occur because of external attackers or the poor management of internal users. Data can be managed through encryption to prevent such problems. However, existing simple encryption methods involve problems associated with the management of access to data stored in cloud environments. Therefore, in the present paper, a technique for data access management by user authority, based on Attribute-Based Encryption (ABE) and secret distribution techniques, is proposed. Full article

Journal Contact

MDPI AG
Symmetry Editorial Office
St. Alban-Anlage 66, 4052 Basel, Switzerland
symmetry@mdpi.com
Tel. +41 61 683 77 34
Fax: +41 61 302 89 18
Editorial Board
Contact Details Submit to Symmetry
Back to Top