|
|
|
 |
Search published articles |
 |
|
, ,
Volume 6, Issue 1 (9-2017)
Abstract
Due to the increasing use of smartphones among different groups of users in society as well as various capabilities that mobile devices provide for users, ensuring the security of smartphones is very important. Distribution markets of apps compromises the security of smartphones. Appstores play an important role in ensuring the security of smartphones and, if security requirements will be followed then they can protect users against malware developers. For this purpose, it is essential to identify security risks for this part of the app ecosystems. In this document, security risks raised in the app ecosystem in the field of app distribution markets have been explained.
Shadi Azizi, Maede Ashouri Talouki, Hamid Mala,
Volume 6, Issue 1 (9-2017)
Abstract
Doing a joint and secure computation on private inputs (Secure Multiparty Computation) is an interesting problem in the field of information security. The Millionaire problem is the first SMC problem in which two millionaires wish to know who is richer without disclosing their wealth. Then many problems have been defined in the field of secure multiparty computation. In this paper, the problem of secure multiparty summation is considered where a group of users wants to jointly and securely compute the summation value of their private inputs. We have reviewed and compared the related works in this filed; we have also identified the open issues and future works.
Sajad Rezaee Adaryani, Seyed Mahdi Sajjadieh, Ali Zaghyan,
Volume 6, Issue 2 (3-2018)
Abstract
Not only election is one of the significant issues in democratic societies, but also it can be used in commercial association such as stock market and it has a noteworthy feature to determine the board of the directors. According to progresses in cryptographic topics and asymmetric encryption systems, tremendous attempts have been made in the design of protocols for electronic elections. However, all of the designed protocols have either high complexity or weaknesses in security features. Since the majority of electronic election schemes are dependent on a number of honest persons, they are practically difficult. In addition, in most of them, voters will play a key role in producing ballot. If someone imposes compulsory, privacy will be lost or the voter will be able to provide a receipt to show the content of his vote, and this in turn, vote-buying and immoral issues will be appeared.
In this paper after, evaluating the security features of an electronic election scheme, an election protocol based on homomorphic encryption, will be expressed, and the difference between the receipt protocol and receipt-free protocol will be examined.
Kamaleddin Ghezavati, Alireza Nowroozi,
Volume 6, Issue 2 (3-2018)
Abstract
Online social networks (OSNs) is one of the most popular medium for communicating, sharing, and publishing a considerable amount of information. OSN popularity often faces the challenge of dealing with unwanted messages and hidden malicious purposes in it. Based on recent studies, social network users can easily expose their confidential details with others. Misuse of this information can cause damage in virtual and real world. In this paper, main categories attacks are given on social network online security and privacy in four categories classic, modern, hybrid and children special attacks and ways that can be used to protect against different types of attacks used OSN users is the social network operators, security companies, and researchers are provided. Finally, eight ways to prevent these threats is presented.
Engineer Mahsa Omidvar Sarkandi, Engineer Nasrin Taj Neyshabouri, Engineer Hassan Koushkaki, Phd Shaghayegh Naderi,
Volume 6, Issue 2 (3-2018)
Abstract
Abstarct- The local search engine systems is one of the indicators of IT industry development in all countries. The safety of these systems arises according to its specific position, with providing users to access to right information in the least possible time. The most effective measures to secure this type of application are assessment and risk management in the early stage of software security. It consists of a set of steps that will help a software team in the applications management during the development process. In order to reduce the risk of this type of systems responce to risk approach is selected. The main objective of this article is assessment and risk management based on information collected from designed questionnaire. As well as to identify important risks, security controls and NIST methodology are used and the results of calculations of the risk level are provided on the basis of known fields.
Mohsen Jahanbani, Nasour Bagheri, Zeinolabedin Norozi,
Volume 6, Issue 2 (3-2018)
Abstract
Devices such as wireless sensor networks and RFIDs have limited memory, power and energy. They have security requirements so that the usual implementation of cryptographic algorithms is not appropriate for them and leads to high consumption of resources. One solution is designing new lightweight algorithms that have a lower security level than standard algorithms. The second solution is implementing standard algorithms such as AES block cipher as a lightweight algorithm. In this type of implementation, some techniques such as resource sharing, S-box implementation with combinational circuits, mapping computations finite fields from one base to another base and on the fly computation are used. In this paper, the most important lightweight implementations of AES are evaluated. The criteria considered for this evaluation include gate count, the number of clocks required for an encryption/decryption operation, throughput, power, energy and the combination of themes. Studies show that we can use standard encryption algorithms in applications with limited area between 2000-3000 GE and a small amount of energy, for example a few PJ. Some of these successes are achieved due to advancements in CMOS circuit technology and some others are the result of designing suitable hardware architecture, exact scheduling of cryptographic operations and efficient use of resources.
Sayed Mohammad Tabatabaei Parsa, Hassan Shakeri,
Volume 6, Issue 2 (3-2018)
Abstract
Wireless Sensor Networks (WSNs) gather the environmental information via some sensor nodes and send them after some simple processing functions if necessary. These nodes are constrained devices in terms of memory, processing capability, radio range, and energy. Due to the unattended deployment of sensor nodes and the nature of wireless communications, these networks are vulnerable to several attacks. Among these, the Sybil Attack is a serious threat in which a malicious node creates multiple fake identities in order to mislead the other sensor nodes. In this case, the malicious node can attract lots of traffic and disrupt routing protocols. In this paper, we present a confidence-aware trust model considering Time Factor to detect such attacks. In this model, we use the indirect trust, gained from the neighbors' recommendations, in order to detect the indirect Sybil attacks, in which a legal node is not directly associated with the Sybil node. The Algorithm has been implemented using MATLAB. The simulation results demonstrate significant preference of the proposed method in terms of detection accuracy and false alarm rates. The average rate of detection and false detection of the proposed model are 93% and 0.26%.
Ms Maryam Taebi, Dr. Ali Bohlooli, Dr. Marjan Kaedi,
Volume 6, Issue 2 (3-2018)
Abstract
In Website Fingerprinting (WFP) Attacks, clients’ destination webpages are identified using traffic analysis techniques, without any need to decrypt traffic contents. Typically, clients make use of the privacy enhancing technologies (e.g., VPNs, proxies, and anonymity networks) to browse webpages. These technologies allow clients to hide traffic contents and their real destinations. To perform an attack, features are extracted from the input packet sequence. Next, the data is pre-processed and finally, client’s real destination is revealed by means of a machine learning algorithm. Various studies have utilized statistical methods or classification approaches to infer the client’s visited webpages. In this paper, a comprehensive overview of WFP techniques is performed, in which previous studies are categorized based on the features they use for webpages identification. This is a new approach for categorizing previous works on WFP attacks and to the best of our knowledge, this viewpoint has not been applied so far.
Mohammed Mohsen Amiri, Morteza Moammer, Mousa Mohammadnia, Masoud Asgari Mehr,
Volume 7, Issue 1 (9-2018)
Abstract
With growing expanding usage of computer systems in safety-critical applications, the use of safety and reliability improvements in early design and production phases has become important. Because the bug occurrence or incidence of failure in these critical systems not only costs a lot to make the manufacturer imposes but can humans and property as well as the environment. In this article the four raised the standard C++ programming called the MISRA C++، JSF AV C++، HI C++،ESCR C++ is Has been examined. That will be able to benchmark safety in the codes posted in code, design stage. Hence in this article, initially the amount of overlap of these standards in order to find the most comprehensive assessment standard & Continue to the extent of the richness of the standards of the six for reliability, maintenance, readability, testability, performance and safety test Has been paid. At the end of the tools that the ability to checkout these standards during production are examined.
Hadi Golbaghi, Mojtaba Vahidi Asl, Alireza Khalilian,
Volume 7, Issue 1 (9-2018)
Abstract
Malware writers leverage several techniques for thwarting the detection method of antimalware software. An effective technique is applying obfuscation techniques to make metamorphic malware. Metamorphism modifies the code structure in a way that while retaining the behavior, the pattern and structure of the code is changed. Recently, researchers have proposed a new method for metamorphic malware detection that works based on static analysis of malware code. However, some obfuscation techniques exist that when applied, the efficacy of static analyzes is adversely affected. To overcome this issue, in this paper, we apply a dynamic analysis in addition to static analysis. The new method elicits some information from both static and dynamic analyzes, combines them, and uses the resultant information to learn a classifier. The obtained classifier is then used to detect a new instance of an existing family of metamorphic malwares. In fact, the combination of both static and dynamic information is intended to address the weaknesses of each individual analysis and leads to an overall better effectiveness. In order to evaluate the proposed method, experiments on 450 files including benign files and 5 families of metamorphic malwares, namely MPCGEN, G2, VLC, NGVCK, and MWOR, have been conducted. The experiments were performed in three cases: static analysis, dynamic analysis, and the combination of both. The results of comparison among three cases show that metamorphic malware detection is not reached to 100 percent precision via either static or dynamic analysis individually. However, using the combination of both static and dynamic information could have consistently led to detection with 100 percent precision, which have been measured using ROC metric.
Dr Amin Pazhouhesh, Mrs Afsaneh Zamani,
Volume 7, Issue 1 (9-2018)
Abstract
The purpose of the present article is studying continuation of the cycle of cybercrime and providing strategies for its prevention management. Cybercrime is a range that one side relies on technology and the other side, relies on interpersonal relationships. The aim of the present study, functional and in terms of type, quality and according to the method of data collection, library and study based on internal and external online resources. Paper reviews the literature and concludes the interval between supply technology and related crime and criminal laws do not fit and often the possibility of transferring experience to the field of cybercrime is not possible. However, due to the widespread nature of the phenomenon, appropriate, dynamic and agile legal framework is an urgent need for investigation and prosecution. This research has some preventive strategies such as threat assessment and strategic analyzes, development of cooperation between national, regional and international levels, and to increase awareness and educate points.
, ,
Volume 7, Issue 1 (9-2018)
Abstract
The widespread use of information and communication technology in industrial control systems has exposed many cyber attacks to these systems. The first step in providing security solutions is to recognize the threats and vulnerabilities of a system at first. Therefore, in this work, after providing a general overview of the SCADA security, we provide a survey on actual cyber attacks from 2000 up to now. To be able to assess the risk of these attacks, we perform profiling them based on the target systems of the attack, the geographical area of it, the method used in the attack and its impact. This profiling provides a clear view of the most important security incidents in SCADA systems and could be useful in the defining suitable strategies for preventing and defending against the major SCADA security attacks.
Dr. Hadi Soleimany, Mr. Mohammad Reaza Sadeghi,
Volume 7, Issue 1 (9-2018)
Abstract
Block cipher attacks have found new aspects, due to the advancement of the technology and the development of the software and hardware tools. In many cases, the attackers try to use the weaknesses of the block ciphers implementation, instead of the theoretical cryptanalyses. Increasing the attacker’s accessibility to the details of the block ciphers implementation will increase the chance of success of his attacks. Hence, it is important to design secure block cipher schemes, those are unbreakable whether the attackers have access to the details of the implementation or not. In this paper, first we will introduce the different models of the block ciphers implementation, then we will explain the fundamental concepts of the white-box cryptography, and why it is useful. Later we will discuss several white-box schemes.
Miss Aniseh Najafi, Dr Majid Bayat, Dr Hamid Haj Seyyed Javadi,
Volume 7, Issue 1 (9-2018)
Abstract
The growth of data production in the world brings with it capacities and requirements. On the one hand, the storage of generated data provides the possibility of reuse and analysis on the data that leads to the production of data science. On the other hand, large amounts of data require storage space and the ability to search over them. Cloud computing is a technological and operational model that addresses the storage and computing limitations of data storage and utilization. As well as searchable encryption as a cloud-based, highly used, technique, in addition to maintaining data security, it can search over them. In this paper, the searchable encryption methods and the limitations and capabilities of each one are examined. At the end, there are some explanations on how to use searchable encryption in medical data.
Mrs Afsaneh Zamani, Dr Amin Pazhouhesh,
Volume 7, Issue 2 (3-2019)
Abstract
This paper tries to investigate the question of how virtual cybercrimes fall within the realm of criminal law and what their principles and conditions of criminalization are. Despite the large number of Internet users in virtual worlds, such as "Second Life", there has been limited literature and research especially on the extent and scope of the issue, the identity of the perpetrators and victims, as well as the consequences of cybercrimes. The present study is an applied and qualitative research and according to data collection, it is a library research (meta-analysis secondary studies) on the basis of internal and external online resources. The article provides necessary and sufficient conditions to include virtual cybercrime in a subset of criminal law by using philosophical ontology as well as philosophy of law. It is concluded that necessary condition for virtual-cyber acts as a crime to be placed under law to obtain a Meta-Virtual outcome. The sufficient condition is that the outcome of this entity, justifies interference with the freedom of citizens to use the criminal law on the basis of a principle limiting freedom of Feinberg.
Meysam Moradi, Mahdi Abbasi,
Volume 7, Issue 2 (3-2019)
Abstract
For many years, cryptanalysis has been considered as an attractive topic in jeopardizing the security and resistance of an encryption algorithm. The SDES encryption algorithm is a symmetric cryptography algorithm that performs a cryptographic operation using a crypt key. In the world of encryption, there are many search algorithms to cryptanalysis. In these researches, brute force attack algorithm has been used as a complete search algorithm, genetic algorithm as an evolutionary intelligence algorithm, and standard particle swarm as an optimization a swarm intelligence as algorithm. Along with these algorithms, a genetic algorithm has been also introduced by adjusting and designing the parameters and design algorithms has been introduced to discover of crypt key. There are attempts to evaluate the performance of different algorithms for cryptanalysis of the SDES encryption algorithm.
Mr Mohammad Mehdi Ahmadian, Dr Mehdi Shajari,
Volume 7, Issue 2 (3-2019)
Abstract
Industrial control systems (ICSs) which are used in critical infrastructure and other industries mostly use various communication protocols. Most of these communication protocols have various cyber security challenges and weakness that give the attackers the opportunity to gain to their malicious intentions. In this paper, we assess IEC 60870-5-104 protocols from security perspective which is used in the ICSs as telemetry communication. According to achievement of these goals, we have analyzed the IEC 60870-5-104 design phase carefully and used experimental test bed to identify the security threats and vulnerabilities and characterize the technical attacks. Finally we review the design of hardening mechanisms and their challenges.
Javad Moradi, Majid Ghayoori Sales,
Volume 7, Issue 2 (3-2019)
Abstract
Data is one of the most valuable assets in today's world and is used in the everyday life of every person and organization. This data stores in a database in order to restore and maintain its efficiently. Since there is a database that can be exploited by SQL injection attacks, internal threats, and unknown threats, there are always concerns about the loss or alteration of data by unauthorized people. To overcome these concerns, there are several security layers between the user and the data in the network layer, host, and database. For instance, security mechanisms, including firewall, data encryption, intrusion detection systems, etc., are used to prevent infiltration. Database Intrusion Detection System uses a variety of data mining techniques to detect abnormalities and detect malicious and intrusive activities. In this paper, a category of intrusion detection techniques is presented first in the database, and a review of the general algorithms for intrusion detection in databases is demonstrated. Since signature-based methods are elder and less complex and less diverse, the main focus of this paper is on behavioral methods.
Hadi Soleimany, Farokh Lagha Moazemi,
Volume 7, Issue 2 (3-2019)
Abstract
Due to the fast development in information and communication technology, new challenging problems appear in the security. So, it is important and vital that the scientific society of our country focuses on research and studies these problems and by providing new proposal try to respond to these critical needs of our country. Hence, our aim in this paper is to study and highlight one of the important problems of applied cryptography that appear recently in cryptography society but in our country, there is not much research about it. In this paper, we investigate a special and applied category of a backdoor in cryptography systems which is named Kleptography. In this paper, in addition to the investigation of the kleptographic attack, we study its application. Our purpose in this paper is to shed some new light on the kleptographic attack by studying new concepts that recently have appeared about it.
Mozhgan Ghasabi, Dr Mahmood Deypir,
Volume 7, Issue 2 (3-2019)
Abstract
In recent years, Vehicular Ad Hoc Networks (VANETs) have emerged as one of the most active areas in the field of technology to provide a wide range of services, including road safety, passenger's safety, amusement facilities for passengers and emergency facilities. Due to the lack of flexibility, complexity and high dynamic network topology, the development and management of current Vehicular Ad Hoc Networks faces many challenges. To simplify network management of the current networks, the architecture of the software defined networks is introduced, which this architecture reduces the complexity of the networks by decoupled the control plane from the data plane. Software defined networks with flexibility and programmable capabilities can help the performance and management requirements for VANETs. In this paper, we focus on the possibility of using software defined networks in a Vehicular ad hoc network environment. First the architecture of VANET based on software defined networks and its operational mode is examined, then the benefits and services which are described by this architecture are presented. Finally, some of the potential challenges in the architecture of Software defined vehicular ad hoc networks are expressed.
|
|
