---

  The purpose of this paper is twofold: Study of the mathematical background on lattice theory and its applications to cryptography. In the latter area, lattice theory has played a crucial role in the definition of new cryptosystems, in the study of cryptographic primitives and in cryptanalysis. Lattice-based public-key cryptosystems relies on computational hard problems based on the shortest vector problem (SVP) and the closest vector problem (CVP) in lattices for their security. In this paper, we present a short introduction to lattice theory and its hard problems and also we study the most important lattice-based public-key cryptosystems and digital signature together with their security analysis and some applied examples.

---

  The Cloud computing is a low-cost high performance model of computing services in response to the needs of users of Information Technology. Current security and privacy challenges in cloud environment have led to distaste some users and organizations to apply cloud instead of traditional infrastructures. Although many prevention efforts and acts are performed in current network architectures, detection and tracing of the attacker is necessary after the event is occurred. But current architecture of cloud computing does not satisfy the cloud forensics needs. Therefore, in this field the cloud forensic investigation have many different challenges. Regarding the low cost and high performance services of cloud computing, for the sake of security issues it can never be ignored. So far several solutions have been proposed regardingcloud’s security issues based on dynamic and elastic nature of cloud computing and legal issues. The main goal of this survey is to classify and and explore the cloud forensics issues and challenges.

---

A set of technologies, that use radio waves for identifying people or objects, is called radio frequency identification system or RFID. RFID performance depends on tag and reader devices which use radio waves to communicate to each other. In some applications of RFID systems, the proof of concurrent presence for a number of objects or persons together in a given time is crucial. Grouping proof protocols are designed to address these needs, in fact grouping proof shows that two or more tags are evaluated by a reader simultaneously. This proof must be verified by the corresponding verifier. In this article this type of protocols are introduced and analyzed. At the first, the idea of designing a grouping proof is presented and then related protocols and their security analysis are presented. Finally, a comparison between protocols is provided.

---

With the increase in attacks, the different mechanisms in different layers of defense are applied in order to detect and prevent attacks. In this case we are encountered with massive amounts of alerts with low level and scattered information. Alert correlation is one of the solutions that are used to combine alerts and create a high level view of under controlled network security situations, and a lot of researches have been done in this field. In this paper, we describe the OSSIM and introduce its features. In addition with a combined approach to the alert correlation problem, a new categorization is done on the scientific researches and with respect to these researches, we described the process of alert correlation in the OSSIM and established a correspondence between components of the OSSIM and one of the researches. In most researches the focus is on the alerts correlation of intrusion detection systems, we have shown in this paper that the other resources are effective in multi-stage attacks correlation.

---

  In recent years, electronic payments has grown rapidly among internet activities so nowadays has attracted many customers due to its speed, efficiency, cost reduction and ease of access. Credit cards can be considered as one of the most widely used tools for electronic payments transactions . Purpose of this research is the identification and extraction feature of fraudulent transaction followed by correct classification of them into two categories of legal and fraud, using support vector machine algorithm and cross-validation. The results of ths method to show improvement in fraud detection so that false negative reduction has 77%, cost 88% and detection rate increased by 11%.

---

---

---

---

Organizations should use from enterprise security architectures to secure their information assets. ‎Security patterns are a good way to build and test new security mechanisms. Enterprise security pattern ‎as an instance of model-driven architecture offers a solution to recurring information systems security ‎problems. In this paper, we present a model-driven enterprise security pattern called Secure SaaS., which ‎the organizations could apply to protect their information assets when using SaaS. On the other hand ‎Cloud Computing is a approach for the efficient use of computational resources. cloud delivers ‎computing as a service. However, security concerns prevent many individuals and organizations from ‎using clouds. Second section of this paper focuses on the Security problem of Platform-as-a-Service ‎‎(PaaS) clouds including access control, privacy and service continuity while protecting both the service ‎provider and the user. Security problems of PaaS clouds are explored and classified. Countermeasures ‎are proposed and discussed. ‎

---

In this paper, a cooperative scheme for secure device to device (D2D) communications underlaying cellular networks is proposed. In our scheme, the cellular base station (BS) wants to transmit its information to a cellular user (CU). Meanwhile, two devices want to communicate directly using the same spectrum used by cellular network with the help of some decode-and-forward (DF) relay nodes. In addition, there exists a malicious user which wants to eavesdrop on information transmission of D2D pair. The transmit power of the transmitter of the D2D pair (TD2D) and the relays is limited such that the outage performance of cellular network is satisfied. We study the performance of the proposed scheme, which is measured based on the outage probability, and obtain the closed form expression for the outage probability for the optimal relay selection scheme. Finally, the performance of the proposed scheme is evaluated using simulations.

---

Trust and reputation are known social concepts which have an important role in human society. Nowadays, these concepts are also employed in computer science as computational trust and reputation systems (TRSs) that are able to compute the trustworthiness rank of entities based on a collection of experiments and recommendations. Since it is expected that a dishonest entity has a lower trust, the trust values can help the entities to detect and isolate the malicious or selfish entities. TRSs have been applied in many modern computer systems, and also are the most important tool in soft security as the next generation of security mechanisms. Despite the importance and applications of these systems, they are vulnerable to some kind of attack in which the attacker deceives the system using a sequence of misleading behavior. These attacks enable the attacker to manipulate the computation of trust values in his favor. A vulnerable system not only can’t help detecting the malicious entities, but also may be used by them to empower their attack. Hence, robustness evaluation is a critical step before using TRSs. Simulation and formal verification are two main approaches for robustness evaluation of TRSs. Despite the wide usage of simulation in evaluation of TRSs, it is an approximation method that can be used to validate the behavior of the system just for some particular computation paths. In contrast, formal verification based methods provide guarantees for the validation of the whole computation paths of the given system, thus not only their results are exact and provable but also may be used to find whole possible attacks against a given system. Considering the advantages of verification based methods, there is a narrow but progressing trend for proposing such methods in recent years. In this paper, both formal and simulation based methods for robustness evaluation of TRSs are reviewed and compared with each other.

---

Withe the growth rate of smartphones, we are daily witness malwares which sits on them confidential information such as financial information and transactions, mobile banking, contact information and even steal SMS messages. One of the major damage that malware can cause the formation of mobile cellular botnets. According to statistics published in 2014, F-secure site on mobile malware threats every 5 botnet threat is one of them. The term botnet refers to a group of mobile smartphones to remotely influenced by the Director of the bot command and control channel for the control activities. In this paper, the new plans provided by mobile botnets from three points of distribution, channel botnet command and control and topology will be reviewed and ways to deal with this threat are briefly presented.

---

In the past decade with distribution software such as browsers, online stores, Internet banking, electronic mail systems and the Internet, to carry out reverse engineering attacks, illegal use of illegal software or reproduce it is.A new attack techniques have failed and this creates competition between the attackers and software developers. So far, many techniques based architecture, hardware and software for this semester has been introduced to protect each aspect of the application process. In this paper, we introduce a variety of threats to software and then try to categorize and review of techniques to protect our software.

---

Users of wireless sensor networks face difficulties like key distribution. Also there is a large number of keys saved in them. Thus, they tended to use public key cryptography for identification and key agreement. On the other hand, certificate-based public key cryptography makes use of public key infrastructure (PKI). Clearly implementing PKI requires a large amount of memory computations and communications which are impassible for sensor networks. To solve this problem we can use identity based cryptography (IBC). In this type of cryptography, user’s public identities like their IP or email addresses are used as their public key as a result, there will be no need for PKI. After introduction of pairing based cryptography, this type of cryptography was applicable used. In this paper, we will take a look at how to use pairings on wireless sensor networks.

---

The next generation of heterogeneous wireless access network technologies are  include such as wireless networks (WiFi and WiMax) and cellular networks (such as WCDMA and HSPA and 4G). One of the major issues in heterogeneous wireless network design, support for mobile users is vertically integrated handover. handover process between different wireless technology, called vertical handover. The wireless technology of different features, services, pricing, and offer different regional coverage. Vertical handover can be combined with the benefits of mobile networks to obtain user satisfaction and improve efficiency, can be used. So concepts and review the measures taken are necessary. The main purpose of this article we discribe the basic concepts related to handover, classification, algorithms, protocols, and features favorable factors in handover for Next Generation Networks.

---

In public key cryptography, systems based on integer factorization problem are increasing replaced by systems based on discrete logarithm problem (DLP). In fact, Elliptic curve cryptography(ECC) makes the key size much smaller than similar RSA systems do that is why ECC became very popular among cryptography system designers. The designers always need to get to a cryptography system with the smallest key size the highest security. Thus they tend to use hyper elliptic curve in cryptography. In this paper, we will study how to use this type of curves in cryptography.

Also, this study takes a look at these curves’ resistance against algorithms of solving the discrete logarithm problem. Energy consumed for implementation of the scalar multiplication in hyper elliptic curves of the genus g<5 will be analyzed too.

 

---

The fourth-generation Telecommunication communication system is base on LTE technology . LTE Evolved High-Speed ​​Packet Access networks (HSPA) and to achieve higher data rates, greater compatibility with heterogeneous networks and more uniform network architecture is presented. LTE version of the standard release 8, 3GPP is. One of the goals of LTE and wireless systems is providing integrated handover and fast from one cell (source cell) to another cell (target cell) . The process defined in Version 8 supports LTE handover mobility are provided, but not suitable for all modes of mobility and even compared to 2nd and 3rd generation systems, may be user dissatisfaction. This paper, first we defined LTE network architecture and its Vulnerabe. Then handover related concepts in LTE network and recent actions in this area have been investigated.

---

With emerging of the Internet, the way we communicate with each other has fundamentally revolutionized. The second development wave of the Internet is not about people, but will be about smart connected devices. Although more than a decade passes from the proposing of "Internet of Things" concept, the deployment of this concept has been done slowly for various reasons such as lack of required technologies development and security challenges. We must spend more time to understand the security challenges and available solutions, when we speak about smarter environments and technologies such as IoT. In this paper, we attempt to analysis existent threats and vulnerabilities in the area of security and privacy of Internet of Things using a systematic approach, while presenting a survey of the solutions proposed in the literature. Finally, research opportunities of this area will be discussed.

---

Standards in the field of IT security, due to the youthfulness of this area, it is relatively new, but the long history of standard processes, leading to a mature and efficient development of standards in this area. Several researches have been done in the field of information security that shows the breadth and complexity of information security, as well as, several standards has been developed in this field. Ignoring the information security is as open embrace risky on a variety of issues that may be faced in doing anything with it. Information security plays an important role in protecting the assets of the organization. As regards that no formula cannot guarantee complete security, however, need to a series of criteria and standards to achieve the appropriate level of information security resources to be used effectively and the best way to adopt security. Each of them has covered a specific aspect of security, and sometimes a set of standards to cover only one aspect of security. The adoption of information security standards, it must first be emphasized to match the original standard and note that proportionality is localized or they may create problems. The present research introduces the world deal with information security standards. It will be discussed that how to change views of information security in detail, and introduced a variety of tools and solutions.

---

Authenticated Encryption is a block cipher mode of operation which simultaneously provides confidentiality, integrity, and authenticity assurances on the data transmition. In this regard in 2014 CAESAR competition started which aims at finding authenticated encryption schemes that offer advantages over AES-GCM and are suitable for widespread adoption. This paper provides an easy-to-grasp overview over functional aspects, security parameters, and robustness offerings of the CAESAR candidates, clustered by their underlying designs (block-cipher-, stream-cipher-, permutation-/sponge-, compression-function-based, dedicated) and compares encryption/decryption speed of all CAESAR candidates implemented on three processors of three different architectures  AMD64, armeabi and  mipso32.