Tracking of Malicious Attacks on Data Online: A Systematic Review

  • Abdulkadir Onivehu Isah Federal University of Technology Minna
  • John Kolo Alhassan Federal University of Technology, Minna
  • Idris Ismaila Federal University of Technology, Minna
  • Olawale Surajudeen Adebayo
Keywords: Encryption, Network, Vulnerabilities, Attack, Countermeasures, Security.

Abstract

Tracking of computer network system attacks is a proactive measure to protect against attacks on data, that are basically encrypted for confidential security reasons, while in transit on the computer information channel. Cyber security threat continues to increase in direct proportion to the rate at which internet based services are deployed. In this systematic review, 53 research papers from reputable publishers were downloaded out of which 41 papers that are closely related to tracking of malicious attackers on encrypted data online were review under the consideration of attacks on encrypted data, and tracking malicious attacks; with respect to proposed technique, problem addressed, comparison to existing methodology, parameters used, major findings and then limitations and future knowledge. The authors then deduce the classification of four varying types of attacks (Keyword Guessing Attack, Selective opening attacks, Leakage-Abuse Attacks, and Key Reinstallation Attacks) from the review, to narrow down research into the future countermeasures for these attacks. 11 research papers actual discuss countermeasures for these classification types, with Keyword Guessing Attack being the focus of 6 research work, Selective Opening Attacks have 3 papers trying to solve vulnerabilities permitting such attacks, 2 papers aimed research solutions at Leakage-Abuse Attacks, and Key Reinstallation Attacks, has mention but none of the papers reviewed proffer mitigation techniques. The remaining 30 papers concentrated discussions on general attacks on encrypted data. Inclining future research attention to the four kinds of attacks against encrypted data will improve attack detection contrary to the commonly post-mortem approach.

References

[1]. Bansal, C., et al., Keys to the cloud: formal analysis and concrete attacks on encrypted web storage. International Conference on Principles of Security and Trust 2013. (pp. 126-146). Springer, Berlin, Heidelberg.
[2]. Khan, S., et al., Network forensics: Review, Taxonomy, and open challenges. Journal of Network and Computer Applications, 2016. 100(66), 214-235.
[3]. Chaturvedi, S., and R. Sharma, Securing text & image password using the combinations of persuasive cued click points with improved advanced encryption standard. Procedia Computer Science, 2015. 45, 418-427.
[4]. Diro, A., and N. Chilamkurti, Leveraging LSTM Networks for Attack Detection in Fog-to-Things Communications. IEEE Communications Magazine, 2018. 56(9), 124-130.
[5]. Garcia, D. F., Performance evaluation of Advanced Encryption Standard (AES) International Conference on Mathematics and Computers in Sciences and in Industry (MCSI), 2015. pp. 247-252. IEEE.
[6]. Liu, Q., Z., Xu, and Y. Yuan, High throughput and secure advanced encryption standard on field programmable gate array with fine pipelining and enhanced key expansion. IET Computers & Digital Techniques, 2015. 9(3), 175-184.
[7]. Liu, X., et al., Cyber attacks against the economic operations of power systems: A fast solution. IEEE Transactions on Smart Grid, 2016. 8(2), 1023-1025
[8]. Jiang, P., et al., Private keyword-search for database systems against insider attacks. Journal of Computer Science and Technology, 2017. 32(3), 599-617.
[9]. Isah, A. O., et al., Enhancing AES with Time-Bound and Feedback Artificial Agent Algorithms for Security and Tracking of Multimedia Data on Transition. International Journal of Cyber-Security and Digital Forensics, 2017. 6(4), 162-179.
[10]. Huang, Q., and H. Li, An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks. Information Sciences, 2017. 403, 1-14.
[11]. Boneh, D., X. Boyen, and H. Shacham, Short group signatures. In Annual International Cryptology Conference, 2004. (pp. 41-55). Springer, Berlin, Heidelberg.
[12]. Vanhoef, M., and F. Piessens, Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 2017. (pp. 1313-1328). ACM.
[13]. Huang, Z., et al., Insight of the protection for data security under selective opening attacks. Information Sciences, 2017. 412, 223-241.
[14]. Fehr, S., et al., Encryption schemes secure against chosen-ciphertext selective opening attacks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2010. pp. 381-402. Springer, Berlin, Heidelberg.
[15]. Grubbs, P., et al., Leakage-abuse attacks against order-revealing encryption. In 2017 IEEE Symposium on Security and Privacy (SP), 2017. (pp. 655-672). IEEE.
[16]. Grubbs, P., et al., Breaking web applications built on top of encrypted data. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016. pp. 1353-1364. ACM.
[17]. Kellaris, G., et al., Generic attacks on secure outsourced databases. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016. pp. 1329-1340. ACM.
[18]. Pouliot, D., and C. V. Wright, The shadow nemesis: Inference attacks on efficiently deployable, efficiently searchable encryption. In Proceedings of ACM SIGSAC conference on computer and communications security, 2016. (pp. 1341-1352). ACM.
[19]. Ahmed, A. A., A. S. Sadiq, and M. F. Zolkipli, Traceback model for identifying sources of distributed attacks in real time. Security and Communication Networks, 2016. 9(13), 2173-2185.
[20]. Scaife, N., et al., Cryptolock (and drop it): stopping ransomware attacks on user data. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), 2016. pp. 303-312. IEEE.
[21]. Yakubu, J., et al., Security challenges in fog-computing environment: a systematic appraisal of current developments. Journal of Reliable Intelligent Environments, 2019. 1-25.
[22]. Pakniat, N., Public key encryption with keyword search and keyword guessing attack: a survey. Proceedings of the 13th International Iranian, 2016. 155, 1-4.
[23]. Andola, N., et al., Improved secure server-designated public key encryption with keyword search. In 2017 Conference on Information and Communication Technology (CICT), 2017. pp. 1-6. IEEE.
[24]. Cui, H., et al., Efficient and expressive keyword search over encrypted data in cloud. IEEE Transactions on Dependable and Secure Computing, 2016. 15(3), 409-422.
[25]. Lewko, A., A. Sahai, and B. Waters, Revocation systems with very small private keys. In 2010 IEEE Symposium on Security and Privacy, 2010. pp. 273-285. IEEE.
[26]. Sun, L., et al., Secure searchable public key encryption against insider keyword guessing attacks from indistinguishability obfuscation. Science China Information Sciences, 2018. 61(3), 038106-1.
[27]. Wu, Y., et al., An efficient searchable encryption against keyword guessing attacks for sharable electronic medical records in cloud-based system. Journal of medical systems, 2016. 40(12), 258.
[28]. Ma, M., et al., Certificateless searchable public key encryption scheme for mobile healthcare system. Computers & Electrical Engineering, 2018. 65, 413-424.
[29]. Wu, T. Y., et al., Security analysis and enhancement of a certificateless searchable public key encryption scheme for IIoT environments. IEEE Access, 2019. 7, 49232-49239.
[30]. Rompay, V. C., R. Molva, and M. ├ľnen, A leakage-abuse attack against multi-user searchable encryption. Proceedings on Privacy Enhancing Technologies, 2017. 3, 168-178.
[31]. Bost, R., and P. A. Fouque, Thwarting Leakage Abuse Attacks against Searchable Encryption-A Formal Approach and Applications to Database Padding. IACR Cryptology ePrint Archive, 2017. 1060.
[32]. Giraud, M., Anzala-Yamajako, A., Bernard, O., & Lafourcade, P. (2017). Practical passive leakage-abuse attacks against symmetric searchable encryption. In 14th International Conference on Security and Cryptography SECRYPT 2017. SCITEPRESS-Science and Technology Publications.
[33]. Cash, D., et al., Leakage-abuse attacks against searchable encryption. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, 2015. pp. 668-679. ACM.
[34]. Huang, Z., et al., Simulation-based selective opening security for receivers under chosen-ciphertext attacks. Designs, Codes and Cryptography, 2018. 87(6), 1345-1371.
[35]. Hofheinz, D., V. Rao, and D. Wichs, Standard security does not imply indistinguishability under selective opening. In Theory of Cryptography Conference, 2016. pp. 121-145. Springer, Berlin, Heidelberg.
Published
2020-09-18
How to Cite
Isah, A. O., Alhassan, J. K., Ismaila, I., & Adebayo, O. S. (2020). Tracking of Malicious Attacks on Data Online: A Systematic Review. Transactions on Networks and Communications, 8(4), 31-44. https://doi.org/10.14738/tnc.84.9463