|
|
|
 |
Search published articles |
 |
|
, ,
Volume 8, Issue 1 (9-2019)
Abstract
Semiconductor metal oxide technology complements a popular and pervasive approach in the design of electronic and digital circuits, but in this technology, reduction at the sub-micron level is simply not feasible; therefore, quantum-dot cellular automata nanotechnology as a new way to design digital circuits and reduce power consumption was introduced. At the nanoscale, quantum-dot cellular automata cells represent a novel way of performing calculations by transmitting information through quantum cell interactions. Small dimensions, high speed, low power consumption, and low latency are the main features of this technology. Designing high-security circuits in nano-scale quantum-dot cellular automata technology is important for designers, considering the intercellular communication, low power consumption, and optimal power consumption. Therefore, this paper first describes the quantum-dot cellular automata at the nano level and then quantum cells, then important structures in this technology, timing and important points in the quantum-dot cellular automata circuit have been discussed and reviewed. In the field of security, such as cryptographic circuits, interconnections have been made at the nanotechnology of quantum-dot cellular automata technology. Finally, their structures, circuits, and performance are analyzed. The results showed that by applying some methods such as Feynman gate reversible logic, Fredkin circuit reversible key and decoding encoding process, the safety and reliability of nano-communications based on quantum-dot cellular automata technology can be increased.
,
Volume 8, Issue 1 (9-2019)
Abstract
The formation and development of the World Wide Web has played a key role in the emergence of new criminals and crimes. The increasing dependence of countries on the Internet and the rapid development of new technologies have also added to the vulnerability. However, despite many advances in the material field, human societies have not been well served by the legal and cybercrime. This has led to a controversial challenge in criminologist research over the past two decades And become a growing concern for public policy; Therefore, it is necessary to take into account all the necessary aspects in order to properly understand and prevent these crimes. In this article, we intend to explain the concept, characteristics and challenges of cybercrime, and to take preventive measures and to tackle them.
, , ,
Volume 8, Issue 1 (9-2019)
Abstract
Designing a wide range of encryption algorithms using the sponge structure is reduced only by designing a transform or permutation. Designer specifies a transformation or permutation and then form a hash function, stream cipher, authenticated encryption algorithm and pseudo random number generator. Also, exploiting one single transformation or permutation simplifies the implementation of derived algorithms and gives other advantages such as provable security and better understanding of security of designs. This paper provides a quick introduction to design the sponge structure and explains some cryptographic applications and security requirements.
Engineer Jamileh Bahri, Doctor Hamidreza Shayeghbrojeni,
Volume 8, Issue 1 (9-2019)
Abstract
Blockchain technology is a decentralized data structure based on a chain to the ledger of interconnected data blocks. Blockchain stores new blocks in the ledger without having to rely on intermediaries in a competitive or voting mechanism. Due to the chain structure or graph between each block and its previous block, it is impossible to modify blockchain data. Blockchain architecture provides trust in a peer-to-peer network through nodes on the network according to different consensus algorithms. In this article, we intend to describe the mechanism of each consensus-based, voting-based, and distant-oriented graph consensus algorithm.
Fariba Sadeghi, Amir Jalaly Bidgoly,
Volume 8, Issue 1 (9-2019)
Abstract
Rumors, are unverified and often erroneous news that are widely propagated at the community level, discrediting or falsely increasing the trust of nodes in a network to an entity or subject. With the rise social networks in recent years, despite their positive uses, propagating rumors have become easier and more common. Rumors are a class of security challenges on social media, since a malicious node can easily disparage or isolate its goals by spreading a rumor. Therefore, rumors detection is an important challenge in soft security mechanisms such as trust and reputation. Researchers have come up with different methods for modeling, detecting and preventing rumors. In this study, rumor detection methods in social networks will be reviewed. First, we will briefly review the features used in previous research, then we will examine the approaches used and introduce the most commonly used Dataset. Finally, the challenges that exist for the future research in exploring social media to identify and resolve rumors are presented.
Atefeh Mortazavi, Dr Farhad Soleimanian Gharehchopogh,
Volume 8, Issue 1 (9-2019)
Abstract
Emails are one of the fastest economic communications. Increasing email users has caused the increase of spam in recent years. As we know, spam not only damages user’s profits, time-consuming and bandwidth, but also has become as a risk to efficiency, reliability, and security of a network. Spam developers are always trying to find ways to escape the existing filters, therefore new filters to detect spams need to be developed. Most of these filters take advantage of a combination of several methods, such as black or white lists, using keywords, rule-based filters, machine learning methods and so on, to identify spams more accurately. many approaches about email spam detection exhausted up to now. In this paper, we propose a new approach for spam detection based on Particle Swarm Optimization Algorithm and K-Nearest Neighbor optimization, and we measure performance based on Accuracy, Precision, Recall, And f-measure. The results show that the proposed approach has a better performance than other models and the basic algorithms.
Mohammad Darvishi, Majid Ghayoori,
Volume 8, Issue 2 (2-2020)
Abstract
Intrusion detection systems are responsible for diagnosing and detecting any unauthorized use of the system, exploitation or destruction, which is able to prevent cyber-attacks using the network package analysis. one of the major challenges in the use of these tools is lack of educational patterns of attacks on the part of the engine analysis; engine failure that caused the complete training, the result is in production of high volumes of false warnings. On the other hand, the high level of intrusion detection training time will cause a significant delay in the training system. Therefore, in the analysis section of the intrusion detection system, we need to use an algorithm that shows significant performance with the least educational data, hidden Markov model is one of these successful algorithms in this field.
This Research also is trying to provide a misuse based intrusion detection solution with the focus of the evolutionary Hidden Markov model, the EHMM, which is designed to overcome the challenges posed. The most important part of hidden Markov model is to adjust the values of the parameters, the more adjusted values, optimal values would be more effective. The hidden Markov model is more likely to predict the probability of future values. Therefore, it has been trying to end the mail based on the causative analysis of NSL data sets-KDD using evolutionary programming algorithm for hidden Markov model for the optimal parameters and sort of teach it. Then, using it, the types of attacks in the dataset were identified. To evaluate the success rate in improving the accuracy percentage EHMM proposal intrusion detection, MATLAB System simulation environment has been implemented. The results of the investigation show fitted, EHMM plan, the percentage of the average is 87% of intrusion detection (if hidden Markov model is used normal) to over 92% (in the case of the hidden Markov model using evolutionary) increases. Also after training the training data in both methods based on conventional and evolutionary Markov model, the time of the target system for a training data set is approximately two hundred thousand record from low average of 489 minutes to more than 400 minutes has been dropped in the proposed method. This outcome achievement and making it operational on intrusion detection for the native system, can cause a defensive improvement which can be fitted in front of the other country for hostile cyber.
Sara Zarei , Hadi Soleimany,
Volume 8, Issue 2 (2-2020)
Abstract
One of the usual ways to find sensitive data or secret parameters of cryptographic devices is to use their physical leakages. Power analysis is one of the attacks which lay in such a model. In comparison with other types of side-channels, power analysis is so efficient and has a high success rate. So it is important to provide a countermeasure against it. Different types of countermeasures use different methods and can be applied at different levels. Masking is an effective one which provides provable security in algorithm level. however even masked algorithms are sometimes suspected to leak kind of information in a condition that implemented in hardware leads to power analysis attacks. Threshold implementation is a way to secure hardware implementations against such probable challenges. In this paper, first we will introduce the different attack models in block ciphers, then we will concentrate on the gray-box model and explain the concepts of power analysis attacks and fundamentals of masking countermeasure. Later we will discuss the challenges of masking method in hardware implementations and introduce threshold implementation and its different aspects.
Seyed Ata S. Jafari, Mohammadhadi Alaeiyan, Aeed Parsa,
Volume 8, Issue 2 (2-2020)
Abstract
There is no doubt that malicious programs are one of the permanent threats to computer systems. Malicious programs distract the normal process of computer systems to apply their roguish purposes. Meanwhile, there is also a type of malware known as the ransomware that limits victims to access their computer system either by encrypting the victim's files or by locking the system. Despite other malicious families, ransomware families explicitly warn victims against its existence on the computer system. Although ransomwares are serious problems with computers, they can be detected with restricted footprints on victims’ computers. In this research, we provide a ransomware monitoring system which requires special environments to extract the malware filesystem's activities. A set of features based on filesystem's activities is extracted to classify ransomware families with an accuracy 98% by applying machine learning technique.
Amirhossein Pourshams, Mohammad Reza Hasani Ahangar, Mahmoud Saleh Esfahani,
Volume 8, Issue 2 (2-2020)
Abstract
Increased broadband data rate for end users and the cost of resource provisioning to an agreed SLA in telecom service providers, are forcing operators in order to adhere to employment Virtual Network Functions (VNF) in an NFV solution. The newly 5G mobile telecom technology is also based on NFV and Software Define Network (SDN) which inherit opportunities and threats of such constructs. Thus a thorough understanding of security challenges and their solutions are required to reduce security concerns while developing new services. In this article, cloud computing, NFV and its VNFs from a security perspective is explained. Then, their security challenges with respect to cloud computing infrastructure and current solutions are discussed in a comparative scenario based way. Finally, proper security solutions for each scenario are proposed.
Javad Alizadeh, Mohsen Seddighi, Hadi Soleimany,
Volume 8, Issue 2 (2-2020)
Abstract
Advances in information and communication technologies lead to use of some new devices such as smart phones. The new devices provide more advantages for the adversaries hence with respect to them, one can define with-box cryptography. In this new model of cryptography, designers try to hide the key using as a kind of implementation. The Differential Computation Analysis (DCA) is a side channel attack on the with-box cryptography. The mentioned method influenced all with-box cryptography schemes when it was introduced. This attack is based on the software implementation of cryptography algorithms and is similar to the differential power analysis (DPA). In this paper, we introduce the principles of the DCA and also describe how one can use this attack to find the key of a with-box cryptography scheme.
Mr Mohamad Jari, Miss Fariba Nazari,
Volume 8, Issue 2 (2-2020)
Abstract
The purpose of this study is to identify and prioritize the effective technical and technical stress factors of information security by IT experts identified in Aghajari oil and gas Exploitation Company. The statistical population of the study consisted of 100 ICT managers and experts in Aghajari Oil and Gas Co. which directly related to the security of information in the company, 80 of them were selected as samples. In this research, the first questionnaire was designed with the aim of identifying the factors and half-openness. The second questionnaire was designed with the aim of screening the identified factors as closed and based on Likert's five-choice spectrum. Finally, a third questionnaire was designed with the aim of determining the weights and rank of each one of the factors and in a pair comparison. The necessary analysis was carried out through the software SSS, Excel, ExpressChevis and MATLAB. The results of the research led to the identification of two main factors (occupational stressors and technical stressful factors influencing information security by IT experts in Aghajari oil and gas Exploitation Company) and 14 sub factors and then their rank were determined.
Farhad Soleimanian Gharehchopogh, Mohammad Sakhidek Hovshin,
Volume 9, Issue 1 (8-2020)
Abstract
Unfortunately, among internet services, users are faced with several unwanted messages that are not even related to their interests and scope, and they contain advertising or even malicious content. Spam email contains a huge collection of infected and malicious advertising emails that harms data destroying and stealing personal information for malicious purposes. In most cases, spam emails contain malware that is usually sent to users in the form of scripts or attachments, and the user infects the computer with malware by downloading and executing the attached file. In this paper, a new model for detecting spam e-mail is proposed based on the hybrid of the Harmony Search Algorithm (HAS) with the Magnetic Optimization Algorithm (MOA). The proposed model is used to select the effective features and then the classification is performed using the K Nearest Neighbor's (KNN) algorithm. In the proposed model, using the MOA was found the best features for the HSA, and the harmony matrix is formed based on them. Then the HSA changes based on the update and rate of step-change in each step of the harmony vectors so that the best vector is selected as the vector of characteristics among them. The results show that the accuracy of the proposed model on the Spam base dataset with 200 iterations is 94.17% and also the accuracy of the diagnostic model of the proposed model is more than other models.
Akram Khalesi, Mohammad Ali Orumiehchiha,
Volume 9, Issue 1 (8-2020)
Abstract
Sponge structure is a structure widely used in the design of cryptographic algorithms that reduces the design of the algorithms to the design of a permutation or pseudo-random function. The development of sponge-based algorithms and the selection of designs based on this structure in SHA3 and CAESAR competitions increase the need to examine its security against various types of attacks. In the previous article, we defined and examined the features of this structure, and in this article, with the focus on the security of sponge structures, we study general analysis methods on this structure and examine their complexities. Considering the complexities introduced for the general attacks, it is necessary to achieve a certain level of security, and therefore this article, both in terms of design and cryptanalysis of sponge-based algorithms plays important role. It is suggested that the article "Sponge structure; introduction and applications" published in this journal be reviewed before reading this article.
Masoud Mohammadalipour, Saeed Shokrollahi,
Volume 9, Issue 1 (8-2020)
Abstract
Most networks without fixed infrastructure are based on cloud computing face various challenges. In recent years, different methods have been used to distribute software defined network to address these challenges. This technology, while having many capabilities, faces some vulnerabilities in the face of some common threats and destructive factors such as distributed Denial of Service. A review of various studies shows that in order to eliminate vulnerabilities, we need to combine appropriate defense solutions with the distributed Software Defined Network structure. Therefore, in this study, a general classification of the types of defense solutions against the above attack is presented. Then, while classifying the intrusion detection solutions into two threshold and non-threshold categories, we examined some practical examples of the above solutions. We conclude that the threshold of intrusion detection method exacerbates the vulnerability, and we are required to use non-threshold defense solutions with flat distributed software defined network architecture.
Mohammad Pishdar, Younes Seifi, Mozafar Bag-Mohammadi,
Volume 9, Issue 1 (8-2020)
Abstract
RPL (Routing Protocol for Low Power and Lossy Networks) has been designed for low power networks with high packet loss. Generally, devices with low processing power and limited memory are used in this type of network. IoT (Internet of Things) is a typical example of low power lossy networks. In this technology, objects are interconnected through a network consisted of low-power circuits. Example IoT applications are smart energy grid, smart home, connected car, intelligent transport systems, and smart cities. IoT is different from many similar technologies due to the existence of low power electronic circuits and limited connectivity. Information security is one of the main IoT concerns. The emergence of new types of security vulnerabilities in IoT devices and the escalation of their damages through numerous IoT applications is considered a major deployment drawback for RPL. In this paper, major cyberattacks against RPL, as well as related security solutions are addressed. Then, these solutions are classified and their weaknesses and strengths are investigated. Finally, it discusses the state-of-the-art status of information security in RPL.
Marjan Bahrololum, Zahra Ferdosi,
Volume 9, Issue 1 (8-2020)
Abstract
Today, cryptocurrencies in global payment systems have been proposed as a way to become independent of traditional banking and to get out of the control of banks and monetary policies of governments and reduce fraud in banking transactions and counterfeit them. In this paper, we create a comprehensive picture which includes the challenges of this field, and we analyze the results with a case study in both a quantitative and qualitative approach.
According on the characteristics the challenges in this picture are divided to three levels: technological, environmental, and governmental characteristics. Also, according to the results obtained from the use of cryptocurrencies in different countries, we able to identify most of the national cryptocurrency challenges for Iran.
Hamidreza Mohammadi,
Volume 9, Issue 1 (8-2020)
Abstract
Wireless network technology made it possible to communicate easily using the electromagnetic waves leading to removing the biggest barrier in portable communications. As these networks use the air as the communication medium which leads to face with more vulnerabilities. Wireless networks play a vital role in our life in a way that all devices ranging from local modems to organizational equipment are utilizing the most common coding approaches to exchange data on the network. As such, if a person could enter this network, he would be able to attack against the users connected to network. In this essay, the penetrating methods in wi-fi wireless network applying the WEP and WPA WPA2 coding protocols would be investigated which are playing the most important role in local and organizational wireless communication. However, the WPA3 is suggested in order to eliminate all the security problems, yet not all the communication instruments in Iran are equipped with this coding system. On the other side, the WEP protocol is the first mostly used to be attacked followed by the first and second versions of WPA.
Mrs Sofia Ahanj, Mrs Mahsa Rahmani, Mrs Zahra Sadeghigole, Mrs Veda Nobakht,
Volume 9, Issue 2 (2-2021)
Abstract
Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory.
There are various standards in the field of general ICT technical-security evaluation. The most important are ISO / IEC 15408, ISO / IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented.
Mr Mohammad Hossein Noorallahzadeh, Mr Ahmad Gholami, Mr Reza Alimoradi,
Volume 9, Issue 2 (2-2021)
Abstract
With the advent of cloud computing, data owners tend to submit their data to cloud servers and allow users to access data when needed. However, outsourcing sensitive data will lead to privacy issues. Encrypting data before outsourcing solves privacy issues, but in this case, we will lose the ability to search the data. Searchable encryption (SE) schemes have been proposed to achieve this feature of searching encrypted data without compromising privacy. This method will protect both the user's sensitive information and the ability to search for encrypted data. In this article, we review the various SE designs. In this review, we present the classification of SE designs: symmetric searchable encryption, public key searchable encryption, and search attribute-based encryption schemes, and then a detailed discussion of SE designs in terms of index structure. And provide search functionality. There is also a comparison of SE design analysis in terms of security, performance and security. In addition, we talked about the challenges, leading directions and applications of SE schemes.
|
|
