|
|
|
 |
Search published articles |
 |
|
Showing 30 results for Ali
Dr Reza Alimoradi,
Volume 4, Issue 2 (3-2016)
Abstract
In public key cryptography, systems based on integer factorization problem are increasing replaced by systems based on discrete logarithm problem (DLP). In fact, Elliptic curve cryptography(ECC) makes the key size much smaller than similar RSA systems do that is why ECC became very popular among cryptography system designers. The designers always need to get to a cryptography system with the smallest key size the highest security. Thus they tend to use hyper elliptic curve in cryptography. In this paper, we will study how to use this type of curves in cryptography.
Also, this study takes a look at these curves’ resistance against algorithms of solving the discrete logarithm problem. Energy consumed for implementation of the scalar multiplication in hyper elliptic curves of the genus g<5 will be analyzed too.
Mr Saeid Rezaei, Mr Mohammad Ali Doostari, Mr Majid Bayat,
Volume 5, Issue 1 (9-2016)
Abstract
Cloud environment are known as a revolution in IT industry in the recent decade and many organizations have used this service for data processing and data storage. Despite of fast growing and numerous advantages, some organizations still do not use this service due to security problems and privacy issues related to storing sensitive data on the untrusted cloud servers. Access control management utilizing encryption techniques is one of the most common methods to solve these kinds of problems. Attribute based encryption is a new cryptographic model which uses descriptive attributes and access structures for managing access control. This article discusses the most recent methods of access control in cloud environment using attribute based encryption. We classify these protocols with respect of efficiently and security features. Finally, all the strengths and weaknesses points of reviewed articles are discussed and a comprehensive security and practical comparison is presented.
Ali Hadipour, Dr Seyed Mahdi Sajadieh, Raheleh Moradafifi,
Volume 5, Issue 1 (9-2016)
Abstract
The stream ciphers are set of symmetric cipher algorithms that receive the secret message as a sequence of bits and process encrypted operation using complex function according to key, IV and XOR combination of a sequence of bits. One of the goals in the design of stream ciphers is to get minimum great period using one of the primary T-functions. Also using jump index in designing LFSRs lead to complexity of stream ciphers based on LFSR analysis. In this paper, tried with using of T-functions concepts and jump index, a novel method presented for primary functions design with great period.
Dr Mansoor Fateh, Samira Rajabloo, Elahe Alipour,
Volume 5, Issue 2 (3-2017)
Abstract
In this paper, the image steganography based on LSB and pixel classification is reviewed. Then, the method for steganography information in image is presented. This method based on LSB. Our purpose of this paper is to minimize the changes in cover image. At the first, the pixels of the image are selected to hiding the message; second complemented message will be hidden in LSB of selected pixels. In this paper, to solve some problems LSB method and minimize the changes, pixels categorized based on values of bits of second, third, fourth. In each category, ratio of changed pixels to unchanged pixels is calculated. If the ratio is greater than one, the LSB of that category are reversed and those changes reach at least. Mean Square Error and Peak Signal to Noise Ratio are two criterions to evaluate stego-image quality. PSNR and MSE of proposed method in comparison with simple LSB method, are respectively growth rate 0.13 percent and reduction rate 0.19 percent.
Sajad Rezaee Adaryani, Seyed Mahdi Sajjadieh, Ali Zaghyan,
Volume 6, Issue 2 (3-2018)
Abstract
Not only election is one of the significant issues in democratic societies, but also it can be used in commercial association such as stock market and it has a noteworthy feature to determine the board of the directors. According to progresses in cryptographic topics and asymmetric encryption systems, tremendous attempts have been made in the design of protocols for electronic elections. However, all of the designed protocols have either high complexity or weaknesses in security features. Since the majority of electronic election schemes are dependent on a number of honest persons, they are practically difficult. In addition, in most of them, voters will play a key role in producing ballot. If someone imposes compulsory, privacy will be lost or the voter will be able to provide a receipt to show the content of his vote, and this in turn, vote-buying and immoral issues will be appeared.
In this paper after, evaluating the security features of an electronic election scheme, an election protocol based on homomorphic encryption, will be expressed, and the difference between the receipt protocol and receipt-free protocol will be examined.
Kamaleddin Ghezavati, Alireza Nowroozi,
Volume 6, Issue 2 (3-2018)
Abstract
Online social networks (OSNs) is one of the most popular medium for communicating, sharing, and publishing a considerable amount of information. OSN popularity often faces the challenge of dealing with unwanted messages and hidden malicious purposes in it. Based on recent studies, social network users can easily expose their confidential details with others. Misuse of this information can cause damage in virtual and real world. In this paper, main categories attacks are given on social network online security and privacy in four categories classic, modern, hybrid and children special attacks and ways that can be used to protect against different types of attacks used OSN users is the social network operators, security companies, and researchers are provided. Finally, eight ways to prevent these threats is presented.
Ms Maryam Taebi, Dr. Ali Bohlooli, Dr. Marjan Kaedi,
Volume 6, Issue 2 (3-2018)
Abstract
In Website Fingerprinting (WFP) Attacks, clients’ destination webpages are identified using traffic analysis techniques, without any need to decrypt traffic contents. Typically, clients make use of the privacy enhancing technologies (e.g., VPNs, proxies, and anonymity networks) to browse webpages. These technologies allow clients to hide traffic contents and their real destinations. To perform an attack, features are extracted from the input packet sequence. Next, the data is pre-processed and finally, client’s real destination is revealed by means of a machine learning algorithm. Various studies have utilized statistical methods or classification approaches to infer the client’s visited webpages. In this paper, a comprehensive overview of WFP techniques is performed, in which previous studies are categorized based on the features they use for webpages identification. This is a new approach for categorizing previous works on WFP attacks and to the best of our knowledge, this viewpoint has not been applied so far.
Hadi Golbaghi, Mojtaba Vahidi Asl, Alireza Khalilian,
Volume 7, Issue 1 (9-2018)
Abstract
Malware writers leverage several techniques for thwarting the detection method of antimalware software. An effective technique is applying obfuscation techniques to make metamorphic malware. Metamorphism modifies the code structure in a way that while retaining the behavior, the pattern and structure of the code is changed. Recently, researchers have proposed a new method for metamorphic malware detection that works based on static analysis of malware code. However, some obfuscation techniques exist that when applied, the efficacy of static analyzes is adversely affected. To overcome this issue, in this paper, we apply a dynamic analysis in addition to static analysis. The new method elicits some information from both static and dynamic analyzes, combines them, and uses the resultant information to learn a classifier. The obtained classifier is then used to detect a new instance of an existing family of metamorphic malwares. In fact, the combination of both static and dynamic information is intended to address the weaknesses of each individual analysis and leads to an overall better effectiveness. In order to evaluate the proposed method, experiments on 450 files including benign files and 5 families of metamorphic malwares, namely MPCGEN, G2, VLC, NGVCK, and MWOR, have been conducted. The experiments were performed in three cases: static analysis, dynamic analysis, and the combination of both. The results of comparison among three cases show that metamorphic malware detection is not reached to 100 percent precision via either static or dynamic analysis individually. However, using the combination of both static and dynamic information could have consistently led to detection with 100 percent precision, which have been measured using ROC metric.
Javad Alizadeh, Mohsen Seddighi, Hadi Soleimany,
Volume 8, Issue 2 (2-2020)
Abstract
Advances in information and communication technologies lead to use of some new devices such as smart phones. The new devices provide more advantages for the adversaries hence with respect to them, one can define with-box cryptography. In this new model of cryptography, designers try to hide the key using as a kind of implementation. The Differential Computation Analysis (DCA) is a side channel attack on the with-box cryptography. The mentioned method influenced all with-box cryptography schemes when it was introduced. This attack is based on the software implementation of cryptography algorithms and is similar to the differential power analysis (DPA). In this paper, we introduce the principles of the DCA and also describe how one can use this attack to find the key of a with-box cryptography scheme.
Akram Khalesi, Mohammad Ali Orumiehchiha,
Volume 9, Issue 1 (8-2020)
Abstract
Sponge structure is a structure widely used in the design of cryptographic algorithms that reduces the design of the algorithms to the design of a permutation or pseudo-random function. The development of sponge-based algorithms and the selection of designs based on this structure in SHA3 and CAESAR competitions increase the need to examine its security against various types of attacks. In the previous article, we defined and examined the features of this structure, and in this article, with the focus on the security of sponge structures, we study general analysis methods on this structure and examine their complexities. Considering the complexities introduced for the general attacks, it is necessary to achieve a certain level of security, and therefore this article, both in terms of design and cryptanalysis of sponge-based algorithms plays important role. It is suggested that the article "Sponge structure; introduction and applications" published in this journal be reviewed before reading this article.
Masoud Mohammadalipour, Saeed Shokrollahi,
Volume 9, Issue 1 (8-2020)
Abstract
Most networks without fixed infrastructure are based on cloud computing face various challenges. In recent years, different methods have been used to distribute software defined network to address these challenges. This technology, while having many capabilities, faces some vulnerabilities in the face of some common threats and destructive factors such as distributed Denial of Service. A review of various studies shows that in order to eliminate vulnerabilities, we need to combine appropriate defense solutions with the distributed Software Defined Network structure. Therefore, in this study, a general classification of the types of defense solutions against the above attack is presented. Then, while classifying the intrusion detection solutions into two threshold and non-threshold categories, we examined some practical examples of the above solutions. We conclude that the threshold of intrusion detection method exacerbates the vulnerability, and we are required to use non-threshold defense solutions with flat distributed software defined network architecture.
Mr Mohammad Hossein Noorallahzadeh, Mr Ahmad Gholami, Mr Reza Alimoradi,
Volume 9, Issue 2 (2-2021)
Abstract
With the advent of cloud computing, data owners tend to submit their data to cloud servers and allow users to access data when needed. However, outsourcing sensitive data will lead to privacy issues. Encrypting data before outsourcing solves privacy issues, but in this case, we will lose the ability to search the data. Searchable encryption (SE) schemes have been proposed to achieve this feature of searching encrypted data without compromising privacy. This method will protect both the user's sensitive information and the ability to search for encrypted data. In this article, we review the various SE designs. In this review, we present the classification of SE designs: symmetric searchable encryption, public key searchable encryption, and search attribute-based encryption schemes, and then a detailed discussion of SE designs in terms of index structure. And provide search functionality. There is also a comparison of SE design analysis in terms of security, performance and security. In addition, we talked about the challenges, leading directions and applications of SE schemes.
Ali Samouti, Yaser Elmi Sola,
Volume 9, Issue 2 (2-2021)
Abstract
In recent decades, video surveillance systems have an increasing development that are used to prevent crime and manage facilities with rapid diffusion of (CCTV)cameras to prevent crime and manage facilities. The video stored in the video surveillance system should be managed comfortably, but sometimes the movies are leaking out to unauthorized people or by unauthorized people, thus violating individual boundaries . CCTV cameras and video surveillance systems are needed today because of the increasing number of crimes, These cameras and video surveillance systems. but because of unsafe storage and data sharing methods, access to movies saved by unauthorized people is possible. The use of existing protocols and security techniques has already been defeated several times by the attackers. It requires an alternative system that should not only be highly secure but not changeable. Video stream generated by surveillance cameras play a crucial role in preventing crime in smart cities. CCTV cameras are necessary for a range of public applications in a smart city; they can become smart sensors that help ensure safety and safety. in this paper, we review the methods and articles presented in the context of blockchain application in visual surveillance systems and compare them.
Fatemeh Khormizi, Bijan Alizadeh,
Volume 11, Issue 1 (9-2022)
Abstract
Hardware Trojan is a hardware security threat that attempts to insert in the circuit and modifies the hardware stealthy. Trojan detection and design-for-trust are the main defensive strategies against hardware Trojan. The target of Trojan detection is to verify hardware Trojan and in design-for-security, the security techniques are presented for facilitating detection or preventing hardware Trojan insertion. In this work, we introduce a capacitor-based timing hardware Trojan (THT) model and then discuss how to analyze the vulnerability of gate-level circuits against such THT model. For THT that violates timing constraints in the circuit, the susceptible nets are recognized. Susceptible nets to THT are vulnerable nets in path-delay analysis and logic testing detection approaches and they are not detectable easily. The experimental results show that the number of vulnerable nets to the capacitor-based THT model is small enough so that a design-for-trust approach can be proposed.
Amir Allahdadi Ghiyasabadi , Javad Alizadeh,
Volume 11, Issue 1 (9-2022)
Abstract
With the development of new information and communication technologies such as developments related to Internet of Things applications, the importance of information and maintaining its security is more and more considered. Key agreement and authentication protocols play an important role in ensuring information security. One of the important components used in many applications of the Internet of Things is wireless sensor networks, whose security is ensured by using appropriate protocols of these networks. In 2020, Sikarwar and Das presented a key agreement protocol with authentication for wireless sensor networks and claimed that this protocol is secure against well-known attacks such as feedback attacks, password discovery, and man-in-the-middle attacks. In this paper, it is shown that the Sikarvar and DOS protocol is not secure and an attacker can easily obtain this key. In addition, it is shown that the protocol cannot be secure against password discovery and spoofing attacks.
Ali Khazaei, Hossein Homaei , Monireh Houshmand ,
Volume 11, Issue 2 (3-2023)
Abstract
Quantum dialogue is a type of quantum communication in which users can simultaneously send messages to each other. The earliest instances of quantum dialogue protocols faced security problems such as information leakage and were vulnerable to intercept and resend attacks. Therefore, several protocols have been presented that try to solve these defects. Despite these improvements, the quantum dialogue still faces some challenges. Currently, the limited number of participants and the impossibility of expanding users during the conversation are among the most important challenges of this kind of protocol. In this research, we have designed a multi-user quantum dialogue protocol that solves the mentioned challenges. The proposed protocol is a generalized type of quantum dialogue in which users can communicate simultaneously. The number of participating users is not limited and can be changed dynamically (i.e. without the need to restart the protocol). It means that, during the execution of the protocol, a user can leave the conversation, or a new user can join it. Communication between users is established through a central semi-trusted server. The investigations show that the proposed protocol does not have information leakage. In other words, no unauthorized entity (not even the intermediate server) can access the raw data exchanged between users.
Ali Nazari, Babak Sadeghiyan,
Volume 11, Issue 2 (3-2023)
Abstract
Under the coverage of legitimate commerce, criminals money-launder their illicit incomes through the payment gateways provided by Payment Service Providers (PSP). In order to do money-laundering forensics in transactions of PSP companies, a new method was proposed by Hojati et al which is done through detecting deviations from class behavior based on peer group analysis (PGA) method. Our experiments showed that using the proposed method for money laundering detection leads to a false positive rate of about 13%. In this paper, we improved the proposed method and reduced the false positive rate to less than 1%. To achieve this, we analyzed the amount of financial transactions of sellers along with the number of visitors to their websites in PGA. Based on the number of visitors, we estimated the volume of transactions for each seller. If the volume of sales was much higher than expected, we considered it abnormal. We achieved a higher detection accuracy by using a restricted Boltzmann machine to separate out-of-class transactions. We also reduced rate of false negative alarms by the help of CBR method. Our proposed system detects money laundering online using a four-week sliding window. The experimental results confirmed the detection accuracy of 99% for our proposed system.
Alireza Hediehloo, Javad Mohajery, Mohammadreza Aref,
Volume 11, Issue 2 (3-2023)
Abstract
Consensus protocols are used to establish coordination between network nodes and increase the resistance of distributed systems against errors. In this paper, a new synchronous consensus protocol is introduced. The proposed protocol is an improved version of Abraham protocol in which we have used aggregate signature to reduce the communication load. In the Abraham protocol, communication load and calculation load of the protocol are of the order O(n3ss) and O(n3), respectively, while in the proposed protocol, communication load and calculation load are of the order O(ma n2 log kt) and O(ma n2), respectively, where n is the number of network nodes, ss is the size of a digital signature, kt is the maximum number of protocol iterations, and ma is a security parameter that can be much smaller than n. Therefore, in networks with a large number of nodes, the reduction of communication load and computing load will be noticeable. Also, in this protocol, we need at least n = 2f + 1 nodes to resist f Byzantine node, and the consensus process is done correctly with a probability of at least  .
Sara Moqimi , Mohammad Ali Hadavi,
Volume 11, Issue 2 (3-2023)
Abstract
How to exploit vulnerabilities and their damage potentials are mainly affected by the capability of attackers. The more powerful the attacker, the greater risk of threats and vulnerabilities. Therefore, the security analysis of a web application and choosing risk mitigation countermeasures depend on the ability of the attackers threaten the application. Focusing on SQL injection attacks, this paper is aimed at modeling the attacker’s capability to be further used for appropriate security evaluation and choosing cost-effective security controls. We model the attacker’s capability with the triple ⟨Type, Technique, Entry_Point⟩. The value in each component of the triple is obtained from the payloads through which the attacker tries to exploit the injection vulnerabilities. The Type represents the injection type, including a known set of injection attack types namely, Error_based, Union_based, Boolean_based_Blind and etc. The Technique represents the techniques, which are used by the attacker during the attack, e.g. using Special Character, using UNION, using Complex Query, using Encoding and etc. Finally, the Entry_Point represents the set of known injection entry points including GET/POST method, Http_Variables, Frequenc_based_Primary_Application and etc. This model is used for leveling and comparing the attacker’s capabilities as well as for leveling the security of a web application with respect to the level of the attacker who is able to compromise the web application. The results of the experimental evaluation show that the proposed model can be used to determine the attacker’s capability level. The model can be simply extended to adopt other security vulnerabilities attacks.
Amin Hosseingholizadeh, Farhad Rahmati, Mohammad Ali,
Volume 12, Issue 1 (9-2023)
Abstract
With the emergence of new phenomena in the telecommunications and information technology fields, such as cloud computing and smart networks, we are witnessing new challenges in these areas. One of the most significant challenges is the privacy of outsourced data. Due to the limited processing power of new intelligent devices such as tablets and mobile phones, outsourcing computations to these platforms has gained more attention from users. In addition to data privacy, the security of algorithms used in online software is also of great importance. Therefore, software providers may be concerned about the disclosure of their algorithms after outsourcing them to cloud environments. Existing homomorphic encryption systems can provide privacy for data that needs to be processed online. However, the concurrent privacy of algorithms in these systems has not been addressed. To address this, we introduce a simultaneous homomorphic encryption of data and function called SHDF. This system can homomorphically encrypt all algorithms used in the software and the data to be processed on them, enabling necessary computations to be performed on an insecure server. Furthermore, we show that the proposed system is provably secure. Our implementation results indicate that it is usable in cloud environments with the desired efficiency.
|
|
