|
|
 |
Search published articles |
 |
|
Showing 31 results for Ali
Iman Mirzaali Mazandarani, Dr Nasour Bagheri, Dr Sadegh Sadeghi, Volume 12, Issue 1 (9-2023)
Abstract
With the increasing and widespread application of deep learning and neural networks across various scientific domains and the notable successes achieved, deep neural networks were employed for differential cryptanalysis in 2019. This marked the initiation of growing interest in this research domain. While most existing works primarily focus on enhancing and deploying neural distinguishers, limited studies have delved into the intrinsic principles and learned characteristics of these neural distinguishers. In this study, our focus will be on analyzing block ciphers such as Speck, Simon, and Simeck using deep learning. We will explore and compare the factors and components that contribute to better performance. Additionally, by detailing attacks and comparing results, we aim to address the question of whether neural networks and deep learning can effectively serve as tools for block cipher cryptanalysis or not.
Mr. Nasser Zarbi, Dr Ali Zaeembashi, Dr Nasour Bagheri, Volume 12, Issue 1 (9-2023)
Abstract
Leakage-resilient cryptography aims to design key exchange protocols to withstand leakage attacks. These protocols are examined using a leakage-resilient security model to determine whether they possess the claimed security properties. The security analysis focuses on how the leakage-resilient security model has evolved to meet increasing security requirements and cover a broader range of attacks. By studying and analyzing the presented security properties of these models, potential vulnerabilities in protocol design can be effectively addressed. This article delves into various leakage-resilient security models based on two models, CK and eCK, and provides examples of secure key exchange protocols defined within these models. Additionally, it explores the relationship between adversaries' capabilities in these models and different attack schemes in the real world. By offering insights into various leakage-resilient security models, leakage attacks, and the development of secure protocols, it contributes to advancing knowledge in this field.
Mohammad Dakhilalian, Masomeh Safkhani, Fatemeh Pirmoradian, Volume 12, Issue 1 (9-2023)
Abstract
Providing all remote services requires mutual authentication of participating parties. The framework by which this authentication is done is called authentication protocols. In other words, cryptographic or cryptographic protocol is a distributed cryptographic algorithm that establishes interactions between at least two or more hosts with a specific purpose. In fact, these protocols have provided secure and insecure channels for communication between the parties participating in the protocol. Usually, secure channels are used for registration and insecure channels for mutual authentication. After registering on the server and verifying its identity by the server, the user can benefit from the services provided by the server. Many authentication protocols have been proposed in fields such as e-medical care, Internet of Things, cloud computing, etc. The privacy and anonymity of users in these plans is the biggest challenge in implementing a platform to benefit from remote services. Due to the fact that authentication of users takes place on the insecure platform of the Internet, it can be vulnerable to all existing Internet attacks. In general, there are two methods to analyze and prove the security of authentication protocols. Formal method and In-formal method. The In-formal method, which is based on intuitive arguments, analyst's creativity and mathematical concepts, tries to find errors and prove security. While the formal method, which is done both manually and automatically, has used a variety of mathematical logics and automatic security analysis tools. Manual method using mathematical models such as Real Or Random and mathematical logics such as BAN logic, GNY logic, etc., and automatic method using AVISPA, Scyther, ProVerif, TAMARIN, etc. tools. In fact, the methods of proving and analyzing the security of security protocols are divided into two general categories based on proof of theorem and model verification, and in this article, the details of each of these methods of proving security are explained. It should be noted that most of the security protocol verification tools are based on model verification. The methods based on model checking and then the methods based on proving the theorem are described.
Zahra Jafari, Sahar Palimi, Mohamadamin Sabaei, Rahman Hajian, Hossein Erfani, Volume 12, Issue 2 (2-2024)
Abstract
In the Internet of Things (IoT) environment, security and privacy are paramount concerns for critical applications. The LoRa protocol efficiently enables long-range communication for resource-constrained end devices in LoRaWAN networks. To foster technology adoption and user trust, safeguarding the data collected by end devices is essential. Authentication and key agreement protocols play a pivotal role in achieving this goal. Here, we introduce a novel scheme for authentication and key exchange in LoRaWAN, enabling mutual authentication among participants. This scheme empowers users/end devices and network servers to establish secure end-to-end session keys without unconditional trust. We assess the scheme's security informally and provide formal verification using AVISPA tools and the BAN logic. Furthermore, we compare it to existing authentication schemes, demonstrating its efficiency in terms of computational and communication overhead.
Javad Alizadeh, Seyyed Hadi Noorani Asl, Volume 12, Issue 2 (2-2024)
Abstract
The Internet of Drones (IoD) refers to the use of unmanned aerial vehicles (UAVs) connected to the Internet. This concept is a specific application of IoT. The IoD may offer opportunities, but it also poses security vulnerabilities. It is necessary to use authentication and key agreement protocols in drone communications to prevent these vulnerabilities. In 2020, Alladi et al presented an authentication and key agreement protocol based on physical unclonable functions called SecAutUAV. They analyzed the security of their scheme through both formal and informal methods. In this paper, we demonstrate the vulnerability of the SecAuthUAV protocol to a key recovery attack. An adversary can obtain a session key between a drone and a ground station by intercepting and analyzing the session data. In addition, we present a secret value recovery attack with complexity  , which is lower than the complexity of brute force attacks. An adversary could spoof and track the drone by using these values. In order to improve the security and efficiency of SecAuthUAV, we present a new version and compare it to the original. We utilize both the informal method and formal-based ProVerif to analyze the
security of the latest protocol. To compare the efficiency of the new protocol and SecAuthUAV, we counted their number of operators and functions. The new protocol is more secure and efficient than SecAutUAV.
Reza Rashidian, Raziyeh Salarifard , Ali Jahanian, Volume 12, Issue 2 (2-2024)
Abstract
The adoption of post-quantum encryption algorithms to replace older asymmetric algorithms is of paramount importance. Diverse categories of post-quantum encryption, including lattice-based and code-based cryptography, are currently in the final stages of NIST's standardization competition, with the aim of providing security against quantum computers. Among the lattice-based key encapsulation mechanisms (KEM) garnering attention in this competition, the NTRU Prime algorithm stands out. The primary challenge in implementing such algorithms revolves around executing resource-intensive polynomial multiplications within a ring structure. Leveraging the Number Theoretic Transform (NTT) allows us to achieve polynomial multiplication with near-linear efficiency (O (n log n)). To enhance hardware efficiency, butterfly structures are frequently employed in NTT multipliers. Our research centers on comparing our approach with the best multiplication implementations utilized in NTRU Prime on FPGA up to the present version. This involves the redesign and modification of data preprocessing methods and storage structures, resulting in an increase in frequency and a reduction in the utilization of LUT resources.
Mr Arash Khalvan, Mr Amirhossein Zali, Dr Mahmoud Ahmadian Attari, Volume 13, Issue 1 (8-2024)
Abstract
With the advent of computers and quantum algorithms, the security of current public key cryptography systems can face challenges. Breaking the current cryptographic structures would require multi-million qubit quantum computers, which have not yet been built; however, with significant advancements in quantum technology by leading companies in this field and the concern within the cryptography community, there has been a felt need to quickly provide countermeasures. In 2016, the National Institute of Standards and Technology (NIST) sought proposals from around the world to standardize post-quantum cryptographic schemes to address this issue. At that time, the McEliece code-based encryption system (and its equivalent Niederreiter system), despite being proven resistant to both classical and quantum algorithms, was not accepted due to its large public keys. Ultimately, the Classic McEliece, HQC, and BIKE encryption systems, which fall under code-based cryptography, advanced to the final stage of these competitions, and the winners of this cryptographic category will be announced by the end of 2024. This paper aims to review the developments made to optimize code-based structures and to examine the selected code-based cryptographic schemes and the latest status of Classic McEliece standardization.
Ghodsieh Karimi , Morteza Adeli, Mohammad Ali Hadavi, Volume 13, Issue 2 (12-2024)
Abstract
With the increasing use of RFID tags, there is a need for specific protocols to communicate with these tags. Among these protocols, the ownership transfer stands out as it ensures the security and privacy of objects for the new owner after a change of ownership. Recently, a lightweight object ownership transfer protocol has been proposed for RFID networks. This protocol utilizes a lightweight linear function for security. The designers of the protocol claim that it is secure against known attacks while also being lightweight. In this paper, we identify vulnerabilities in the function used in this protocol and demonstrate that it is susceptible to the secret disclosure attack. We show that with at most 4 × L executions of the protocol (where L is the key length), one can obtain the necessary information from intercepted data to execute the attack and subsequently recover the shared keys used in the protocol.
Arian Arabnouri, Soheil Eissazadeh, Alireza Shafieinejad, Volume 13, Issue 2 (12-2024)
Abstract
Auditable log is a common approach for monitoring system performance, forensic investigations, and event analysis. Regarding the crucial role of logs in identification of attackers, adversaries often attempt to tamper with these files to hide their traces. As a result, ensuring the secure storage of logs is critical. Blockchain technology, with its immutability feature, provides an ideal solution for secure storing of logs. However, the scalability limitations of existing public blockchains have made blockchain-based solutions impractical. To address this challenge, this paper proposes an approach where logs are categorized into time-based intervals, and a chain of linked entries using Message Authentication Codes (MAC) for each type of log. In addition to MAC, a counter is assigned to each class of log to enable detection of any deletion, insertion, repetition, or even reordering of log records, as the logical chain would be disrupted. At the end of each interval, known as checkpoint, newly verified log is appended to the blockchain. This approach not only ensures the security of logs but also enhances system efficiency by reducing the amount of data stored on the blockchain through batch processing. Our implementation demonstrates that the proposed system offers improved efficiency, requiring fewer computations compared to other methods.
Keivan Khoormehr, Javad Alizadeh, Mohsen Jahanbani, Volume 13, Issue 2 (12-2024)
Abstract
Side-channel attacks, particularly power analysis attacks, pose a significant threat to the security of block cipher applications in hardware. These attacks can be executed using three primary methods: Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Correlation Power Analysis (CPA). This paper examines the vulnerability of the SPEEDY block cipher to such power analysis attacks. In the first section, we demonstrate that the non-linear layer of the SPEEDY block cipher is susceptible to information leakage when subjected to power analysis attacks. By implementing the cipher in hardware and utilizing 1000 input samples, we establish that key-recovery attacks are feasible. The second section focuses on countermeasures to enhance the security of the SPEEDY block cipher against power analysis attacks. We propose a secure implementation method that employs Domain-Oriented Masking (DOM). Using the SILVER tool and the T-test method, we show that the secured version of the SPEEDY block cipher effectively mitigates the vulnerabilities and information leakages present in the original version when exposed to power analysis attacks.
Mrs Vahideh Ghanooni Shishavan, Doctor Shaban Elahi, Doctor Sadegh Dorri Nogoorani, Doctor Ali Yazdian Varjani, Volume 14, Issue 1 (9-2025)
Abstract
The issuance of electronic invoices in the tax system, although a new topic, has not yet been able to fully provide an optimized tax system. Some of the challenges in the tax system include transaction data forgery, the complexity of the invoicing process, and the risks associated with storing data in centralized databases. Blockchain technology, with features such as transparency, resistance to tampering, and decentralization, can be a suitable solution. Ensuring the privacy and security of tax data and maintaining a balance between transparency and confidentiality in tax systems is of utmost importance. In this paper, a tax system model has been proposed base on a permissioned private blockchain. In this type of blockchain, only validating nodes have access to the information, and data access is restricted. This approach prevents the exposure of confidential information. Our proposed model consists of several processing nodes that are part of the blockchain network. These nodes are responsible for validating transactions and verifying information. In this model, various organizations, including the tax. All rights reserved. administration, banks, and other entities, connect to the blockchain network via nodes, but the network is not organizationally part of any single entity. Each organization interacts with the network through its own specific processing nodes. The model includes six layers, explained as follows: 1) Network Layer: This layer consists of processing nodes that represent various organizations (e.g., the tax administration, banks, tax payers, chambers of commerce, and official accountants). These nodes are responsible for validating transactions and maintaining the distributed ledger. The network generally includes organizations, processing nodes, and users. 2) Protocol Layer: This layer manages transaction processes, consensus, and data storage. Here, sales transactions are recorded, and the global state is maintained in the distributed ledger. Consensus in this model is achieved through the Raft algorithm, which is resistant to potential failures. 3) Privacy Layer: Private data is isolated and stored in different channels to prevent unauthorized access. For each transaction, data related to goods and services, exemptions, and liabilities are stored in private datasets. These data are only accessible by authorized processing nodes. 4) Governance Layer: This layer is responsible for managing electronic certificates and network security. Security is ensured through a certificate authority, public and private keys, and access control mechanisms. Additionally, identity management and member access control within the network are handled in this layer. 5) Integration Layer: This layer uses tools like gRPC and Oracles to communicate with external systems. Events are recorded and sent to other network members, and the necessary data for completing transactions is supplied through Oracles. 6) Application Layer: This layer consists of applications that provide a user interface for interacting with the blockchain. These applications connect to smart contracts and other blockchain components through a Software Development Kit (SDK). The model has been evaluated from four perspectives: (1) Qualitative Evaluation: Experts in various fields have reviewed the model. (2) Technical perspective: the model ensures data security through consensus protocols and digital certificates. It also offers better scalability due to the use of a private blockchain. (3) Organizational Perspective: The model is compatible with traditional systems and can be easily implemented on existing infrastructures. (4) Environmental Perspective: Some challenges, such as coordination with tax laws and processes, require attention. From a security perspective, three main aspects have been examined: (1) Confidentiality: This is ensured by storing data in the private blockchain, identity verification through digital certificates, and appropriate access control. (2) Data Integrity: This is guaranteed through the consensus protocol and the recording of transactions via smart contracts. (3) Availability: This is maintained by designing a distributed network that is resilient to node failures. Regarding the efficiency of the proposed model, it is suitable for large-scale and national implementations. The system continuously records transactions and, compared to traditional systems, places less strain on the infrastructure. Tests have shown that the Raft consensus protocol has low latency and good performance. Our comparison with previous systems that use public or centralized blockchains shows that our proposed model has more advantages. The most significant benefits are its transparency, security, and scalability. In comparison to other models, this system has successfully addressed challenges related to data forgery and the complexity of the invoicing process.
|
|