Deep learning is gaining more and more lots of attractions and better performance in implementing the Intrusion Detection System (IDS), especially for feature learning. This paper presents the state-of-the-art advances and challenges in IDS using deep learning models, which have been achieved the big performance enhancements in the field of computer vision, natural language processing, and image/audio processing than the traditional methods. After providing a systematic and methodical description of the latest developments in deep learning from the points of the deployed architectures and techniques, we suggest the pros-and-cons of all the deep learning-based IDS, and discuss the importance of deep learning models as feature learning approach. For this, the author has suggested the concept of the Deep-Feature Extraction and Selection (D-FES). By combining the stacked feature extraction and the weighted feature selection for D-FES, our experiment was verified to get the best performance of detection rate, 99.918% and false alarm rate, 0.012% to detect the impersonation attacks in Wi-Fi network which can be achieved better than the previous publications. Summary and further challenges are suggested as a concluding remark.

S(ubstitution)-boxes are quite important components of modern symmetric cryptosystems. S-boxes bring nonlinearity to cryptosystems and strengthen their cryptographic security. An S-box satisfies the strict avalanche criterion (SAC), if and only if for any single input bit of the S-box, the inversion of it changes each output bit with probability one half. This paper presents some interesting properties of S-boxes and proposes an efficient and systematic means of generating arbitrary input size bijective S-boxes satisfying SAC.

By using Password-based Authenticated Key Exchange (PAKE), a server can authenticate a user who has only the same password shared with the server in advance and establish a session key with the user simultaneously. However, in the real applications, we may have a situation where a user needs to share a session key with server A, but the authentication needs to be done by a different server B that shares the password with the user. Further, to achieve higher security on the server side, it may be required to make PAKE tolerant of a server breach by having multiple authentication servers. To deal with such a situation, Abdalla et al. proposed a variant of PAKE called Gateway Threshold PAKE (GTPAKE) where a gateway corresponds to the aforementioned server A being an on-line service provider and also a potential adversary that may try to guess the passwords. However, the schemes of Abdalla et al. turned out to be vulnerable to Undetectable On-line Dictionary Attack (UDonDA). In this paper, we propose the first GTPAKE provably secure against UDonDA, and in the security analysis, we prove that our GTPAKE is secure even if an adversary breaks into parts of multiple authentication servers.

Recent Location Based Services (LBS) extend not only information services such as car navigation services, but supporting various applications such as augmented reality and emergency services in ubiquitous computing environments. However location based services in the ubiquitous computing environment bring several security issues such as location privacy and forgery. While the privacy of the location based service is considered as the important security issue, security against location forgery is less considered. In this paper, we propose improved Han et al.'s protocol [1] that provides more lightweight computation. Our proposed model also improves the credibility of LBS by deploying multiple location sensing technologies.

IGE mode used in Telegram's customized protocol has not been fully investigated in terms of post-quantum security. In this letter, we show that IGE mode is IND-qCPA insecure by Simon's algorithm, assuming that the underlying block cipher is a standard-secure pseudorandom function (sPRF). Under a stronger assumption that the block cipher is a quantum-secure pseudorandom function (qPRF), IND-qCPA security of IGE mode is proved using one-way to hiding lemma.

A RFID group scanning protocol enables a RFID reader to produce a proof of co-existence of multiple RFID tags. This type of protocol is also referred to as yoking-proof, grouping-proof and co-existence proof. In this letter, we show that all of the previous group scanning protocols are vulnerable to relay attack.

Attacks against computer networks are evolving rapidly. Conventional intrusion detection system based on pattern matching and static signatures have a significant limitation since the signature database should be updated frequently. The unsupervised learning algorithm can overcome this limitation. Ant Clustering Algorithm (ACA) is a popular unsupervised learning algorithm to classify data into different categories. However, ACA needs to be complemented with other algorithms for the classification process. In this paper, we present a fuzzy anomaly detection system that works in two phases. In the first phase, the training phase, we propose ACA to determine clusters. In the second phase, the classification phase, we exploit a fuzzy approach by the combination of two distance-based methods to detect anomalies in new monitored data. We validate our hybrid approach using the KDD Cup'99 dataset. The results indicate that, compared to several traditional and new techniques, the proposed hybrid approach achieves higher detection rate and lower false positive rate.

In this paper, we establish our child safety system model related to the addressing contradictory issue of wireless sensor networks caused by the mutual authentication and privacy protection of an end-user. Based on the system model, we propose the novel location-aware and privacy-preserving approach for providing child safety over wireless sensor networks. Although we illustrate our protocol over the sensor networks, the proposed protocol can be operated by various wireless networks (e.g., WiFi and UWB) which can support RSSI (Received Signal Strength Indication). Compared to a few previous works, the proposed approach can show the potential of enhancing accuracy with location information, preserve the privacy of an end-user, and provide the capability of controlling the child safety service to an end-user.

The VoIP-based Internet Phonesystem is now seen as one of the killer applications in the high speed and broadband internet environment. Given the wide-spread use of the Internet Phone, it is necessary to provide security services for guaranteeing users' privacy. However, providing security service in Internet Phone has the possibility of incurring additional overheads such as call setup delay time. In this paper, we present a one-way key agreement model based on VoIP in order to reduce call setup time as well as protecting user privacy. The proposed approach decreases the delay time of the call setup in comparison with the previous models because our model enables the key generation in caller side without waiting the response from the receiver.

This letter points out some flaws in the previous works on UKS (unknown key-share) attacks. We show that Blake-Wilson and Menezes' revised STS-MAC (Station-to-Station Message Authentication Code) protocol, which was proposed to prevent UKS attack, is still vulnerable to a new UKS attack. Also, Hirose and Yoshida's key agreement protocol presented at PKC'98 is shown to be insecure against public key substitution UKS attacks. Finally, we discuss countermeasures for such UKS attacks.

In 1999, Araki et al. proposed a convertible limited verifier signature scheme. In this letter, we propose a universal forgery attack on their scheme. We show that any one can forge a valid signature of a user UA on an arbitrary message.

Outsourcing to a cloud storage brings forth new challenges for the efficient utilization of computing resources as well as simultaneously maintaining privacy and security for the outsourced data. Data deduplication refers to a technique that eliminates redundant data on the storage and the network, and is considered to be one of the most-promising technologies that offers efficient resource utilization in the cloud computing. In terms of data security, however, deduplication obstructs applying encryption on the outsourced data and even causes a side channel through which information can be leaked. Achieving both efficient resource utilization and data security still remains open. This paper addresses this challenging issue and proposes a novel solution that enables data deduplication while also providing the required data security and privacy. We achieve this goal by constructing and utilizing equality predicate encryption schemes which allow to know only equivalence relations between encrypted data. We also utilize a hybrid approach for data deduplication to prevent information leakage due to the side channel. The performance and security analyses indicate that the proposed scheme is efficient to securely manage the outsourced data in the cloud computing.

Pairing based cryptography has been researched intensively due to its beneficial properties. In 2005, Wu et al. [3] proposed an identity-based key agreement for peer group communication from pairings. In this letter, we propose attacks on their scheme, by which the group fails to agree upon a common communication key.