[Home ] [Archive]   [ فارسی ]  
:: Main :: About :: Current Issue :: Archive :: Search :: Submit :: Contact ::
Main Menu
Home::
Journal Information::
Articles archive::
For Authors::
For Reviewers::
Registration::
Site Facilities::
Indexing::
Contact us::
::
Search in website

Advanced Search
..
Receive site information
Enter your Email in the following box to receive the site news and information.
..
Print ISSN
Print ISSN: 2476-3047
..
:: Search published articles ::
Showing 78 results for Type of Study: Research Article

Sajjad Maleki Lonbar, Akram Beigi, Nasour Bagheri,
Volume 12, Issue 2 (2-2024)
Abstract

In the world of digital communication, authentication is an important concern and the need for a safe and secure system increases the necessity of designing authentication systems. To perform authentication, biometric-based approaches are of great interest due to the property of being alive and resistant to forgery. In this study, an authentication system based on heart signal is designed. Due to the process of receiving heart signals, their data usually has a lot of noise. In order to prepare the data, in the proposed system, the heart signals are first cleaned and then transferred to the frequency domain for feature extraction. Also, they are converted into an image by applying the Wigner-Ville distribution, so that each image contains the signal information of each person’s heart and is unique. In the proposed authentication system, these images are used for training and evaluation in a deep convolutional neural network. The output of this system provides the possibility of people’s identification. The data of this study are taken from the NSRDB and MITDB databases, and significant results have been obtained compared to previous studies.
Vajiheh Sabeti, Mahdiyeh Samiei,
Volume 12, Issue 2 (2-2024)
Abstract

Steganalysis is the art of detecting the existence of hidden data. Recent research has revealed that convolutional neural networks (CNNs) can detect data through automatic feature extraction. Several studies investigated the performance of existing models using a limited number of spatial steganography methods. This study aims to propose a CNN and comprehensively investigate its efficiency in detecting different spatial methods. The proposed model comprises three modules: preprocessing, convolutional (five blocks), and classifier (three fully connected layers). The test results for the least-significant-bit (LSB) and pixel-value differencing (PVD) based methods indicate that the proposed method can detect data of even concise length with high
accuracy and a low error. The proposed method also detects complexity-based LSB-M (CBL) as an adaptive approach. Lower embedding rates make this success even more impressive. Manual feature extraction has much lower success rates due to low variations of statistical features at low embedding rates than the proposed model.
Javad Alizadeh, Seyyed Hadi Noorani Asl,
Volume 12, Issue 2 (2-2024)
Abstract

The Internet of Drones (IoD) refers to the use of unmanned aerial vehicles (UAVs) connected to the Internet. This concept is a specific application of IoT. The IoD may offer opportunities, but it also poses security vulnerabilities. It is necessary to use authentication and key agreement protocols in drone communications to prevent these vulnerabilities. In 2020, Alladi et al presented an authentication and key agreement protocol based on physical unclonable functions called SecAutUAV. They analyzed the security of their scheme through both formal and informal methods. In this paper, we demonstrate the vulnerability of the SecAuthUAV protocol to a key recovery attack. An adversary can obtain a session key between a drone and a ground station by intercepting and analyzing the session data. In addition, we present a secret value recovery attack with complexity , which is lower than the complexity of brute force attacks. An adversary could spoof and track the drone by using these values. In order to improve the security and efficiency of SecAuthUAV, we present a new version and compare it to the original. We utilize both the informal method and formal-based ProVerif to analyze the
security of the latest protocol. To compare the efficiency of the new protocol and SecAuthUAV, we counted their number of operators and functions. The new protocol is more secure and efficient than SecAutUAV.
Seyed Hossein Tahami, Hamid Mala,
Volume 12, Issue 2 (2-2024)
Abstract

In a verifiable database scheme (VDB), a client with limited storage resources securely outsources its very large and dynamic database to an untrusted server such that any attempt to tamper with the data, or even any unintentional changes to the data, can be detected by the client with high probability. The latest work in this area has tried to add the secure search feature of single keyword and multiple keywords. In this paper, we intend to add a range query to the features of this database. The scheme presented in this article provides the requirements of a secure search, namely the completeness of the search result, the proof of the empty search result, the lack of additional information leakage and the freshness of the search results, as well as the database with public verifiability. In the proposed scheme, the computational complexity of the client is not changed significantly compared with the previous scheme, but the computational and storage complexity of the server has increased which is justifiable by its rich resources.
Reza Rashidian, Raziyeh Salarifard , Ali Jahanian,
Volume 12, Issue 2 (2-2024)
Abstract

The adoption of post-quantum encryption algorithms to replace older asymmetric algorithms is of paramount importance. Diverse categories of post-quantum encryption, including lattice-based and code-based cryptography, are currently in the final stages of NIST's standardization competition, with the aim of providing security against quantum computers. Among the lattice-based key encapsulation mechanisms (KEM) garnering attention in this competition, the NTRU Prime algorithm stands out. The primary challenge in implementing such algorithms revolves around executing resource-intensive polynomial multiplications within a ring structure. Leveraging the Number Theoretic Transform (NTT) allows us to achieve polynomial multiplication with near-linear efficiency (O (n log n)). To enhance hardware efficiency, butterfly structures are frequently employed in NTT multipliers. Our research centers on comparing our approach with the best multiplication implementations utilized in NTRU Prime on FPGA up to the present version. This involves the redesign and modification of data preprocessing methods and storage structures, resulting in an increase in frequency and a reduction in the utilization of LUT resources.
 
Parsa Rajabi, Dr. Seyed Mohammad Razavizadeh, Dr. Mohammad Hesam Tadayon,
Volume 13, Issue 1 (8-2024)
Abstract

Authentication plays a pivotal role in ensuring communication security. Cryptographic methods are frequently employed to fulfill this purpose. These methods, implemented at upper network layers, encounter challenges including complexity, power consumption, and overhead. Particularly for users with limited computational power, these methods encounter challenges. A novel solution to overcome these challenges is physical layer authentication (PLA), which involves utilizing physical layer features to embed a tag in the transmitted signal for authentication, leveraging various channel characteristics such as position, velocity, noise, etc. In this paper, a review of previous research is provided, highlighting the differences between physical layer and upper-layer authentication. Furthermore, existing categorizations for PLA and a novel classification based on covertness levels are provided. Moreover, possible attacks and corresponding countermeasures are investigated, followed by suggestions for future research in this area.
Nasrin Taaj, Amir Mansour Yadegari, Abouzar Arabsorkhi, Reza Kalantari,
Volume 13, Issue 1 (8-2024)
Abstract

The development of the country's infrastructure as an independent, safe and stable infrastructure is one of the strategic priorities of the country, the realization of which, in addition to the technological requirements in the field of information and communication technology, laying the foundation for the establishment, development and supply of various services and content of the country's cyber space, requires the provision of secure communications. And the vital infrastructure of the country is also stable.
Based on the conceptual model contained in the resolution of the 66th meeting of the Supreme Council of Cyberspace, the communication and information infrastructure of the country consists of a series of main modules, whose risk analysis is in line with the reversibility in accidents, protection against threats, monitoring and intelligent response from the basic needs of communication access. It is safe and secure. Due to the space limitations of this article, the author intends to explain how to achieve multi-sample risk analysis from these basic modules and then based on the results, how to exploit the emerging knowledge in the form of a diagram to identify the type of threat and its source and extract Explain the mentioned preventive requirements.
Ghodsieh Karimi , Morteza Adeli, Mohammad Ali Hadavi,
Volume 13, Issue 2 (12-2024)
Abstract

With the increasing use of RFID tags, there is a need for specific protocols to communicate with these tags. Among these protocols, the ownership transfer stands out as it ensures the security and privacy of objects for the new owner after a change of ownership. Recently, a lightweight object ownership transfer protocol has been proposed for RFID networks. This protocol utilizes a lightweight linear function for security. The designers of the protocol claim that it is secure against known attacks while also being lightweight. In this paper, we identify vulnerabilities in the function used in this protocol and demonstrate that it is susceptible to the secret disclosure attack. We show that with at most 4 × L executions of the protocol (where L is the key length), one can obtain the necessary information from intercepted data to execute the attack and subsequently recover the shared keys used in the protocol.

Seyed Hesam Odin Hashemi, Mohammad Hassan Majidi,
Volume 13, Issue 2 (12-2024)
Abstract

With the ever-increasing growth of the Internet and the expansion of imaging tools, digital images are a huge part of the information we work with. This information often contains sensitive data that requires protection. This paper presents a chaotic image encryption method that effectively safeguards the information contained within digital images. The IEPS encryption system is an image encryption scheme based on a Piecewise linear chaotic map (PWLCM) and the SHA-512 hashing function. This design incorporates two operations: permutation and substitution of image pixels. In the permutation stage, the PWLCM map is employed, and the features of the SHA-512 are utilized to substitute the pixels. The experimental results demonstrate that the PWLCM encryption algorithm successfully encrypts the information within the image and exhibits robust performance against various analyses, including the entropy, histogram, key sensitivity criterion, and resistance to differential attacks.

Mahnaz Noroozi, Atiye Sadeghi ,
Volume 13, Issue 2 (12-2024)
Abstract


Abouzar Arabsorkhi, Tala Tafazoli,
Volume 13, Issue 2 (12-2024)
Abstract

One of the most important issues in information technology era is data protection; If this issue is not considered, confidence and usability and extension of information and communication technology will be threatened. In this way, politiceans and decision makers in organizations, industry and governments want to regulate the information and communication era. This regularization is performed based on decision making considerations and variables, while forgetting them may rise challenges and cause crisis. In management sciences they are called strategic issues. Current research identifies, defines, and analyzes strategic issues that different goverments, use them to reinfornce information governance structures like maintenance and governance of data and information security. These strategic issues are in the range of national documents, reference standards and documentation related to general data protection regulations (GDPR). In this research, we investigate documents and references related to data protection regulations using content analysis, to identify strategic issues.

Farnoosh Karimi, Behrouz Tork Ladani, Behrouz Shahgholi Ghahfarokhi,
Volume 13, Issue 2 (12-2024)
Abstract

As the intensity of global cybersecurity threats continues to rise, the need for training security professionals has gained greater significance. Educational programs, complemented by laboratories and the execution of cybersecurity exercises, play a fundamental role in enhancing both offensive and defensive capabilities. The execution of such exercises is particularly crucial in operational networks, where testing cyberattacks may not be feasible. Cyber ranges offer an appropriate platform for conducting these exercises. A primary challenge in cybersecurity education is aligning training programs with the diverse skill levels of learners. Adaptive learning, powered by artificial intelligence and recommendation systems, can provide an effective solution for delivering personalized instruction. This study focuses on the KYPO Cyber Range to examine the potential of substituting or augmenting the role of the instructor with an AI-based recommendation agent. The objective of this research is to minimize human intervention and improve the efficiency of the training process. To this end, data collected from the KYPO Cyber Range, developed by Masaryk University, has been utilized, and various machine learning models have been applied to automate and optimize the training process. The results of this research indicate that the integration of artificial intelligence can enhance the performance of educational systems and reduce evaluation time.

Fateme Pishdad, Reza Ebrahimi Atani,
Volume 13, Issue 2 (12-2024)
Abstract

With the advancement and development of Internet of Things (IoT) applications, the need for securing infrastructure in this domain has gained particular importance due to the limitations of computational and storage resources. Botnets are among IoT security challenges in which, by infecting computational nodes of this technology, they are capble of turning the network into a collection of compromised machines under the control of attackers. This paper proposes an anomaly detection system based on ensemble learning to prevent and identify IoT botnet attacks at the initial scanning stage and DDoS attacks. This system uses feature selection and optimal hyperparameter tuning for each classifier to increase model accuracy and prevent overfitting. The data used in this paper is taken from the BoT-IoT dataset, which covers activities related to different stages of the botnet lifecycle. For feature selection and classification, two ensemble learning algorithms, LightGBM and Random Forest, are used, and hyperparameter optimization is performed using the TPE method. Results demonstrated that the LightGBM algorithm achieved an error rate of 0.98% and an accuracy of 99.02%, while the Random Forest algorithm exhibited an error rate of 0.01% and an accuracy of 99.99%, indicating highly satisfactory performance in attack detection. The proposed models, with increased training and prediction time, have offered significantly higher accuracy compared to previous models.

Fatemeh Gholami Sabzevar, Masoumeh Safkhani,
Volume 13, Issue 2 (12-2024)
Abstract

Privacy preservation in healthcare monitoring systems has always been a concern for both patients and doctors. To address this issue, many protocols have been designed. In this article, we examine the proposed scheme by Nasr Esfahani and colleagues, evaluating it from a security perspective. Their proposed scheme uses a three-layer hierarchical template chain to store and maintain critical medical information of patients in a centralized and secure manner. Additionally, by using Zero-Knowledge Proof (ZKP) and ring signature methods, they demonstrate that their scheme protects medical data against both internal and external attacks. According to potential scenarios, the Nasr Esfahani et al. protocol has shown good performance against many attacks, such as storage attacks and replay attacks, but it is vulnerable to integrity violation attacks. The success probability of the attacks presented in this article is one, and the complexity is only a single execution of the protocol.

Arian Arabnouri, Soheil Eissazadeh, Alireza Shafieinejad,
Volume 13, Issue 2 (12-2024)
Abstract

Auditable log is a common approach for monitoring system performance, forensic investigations, and event analysis. Regarding the crucial role of logs in identification of attackers, adversaries often attempt to tamper with these files to hide their traces. As a result, ensuring the secure storage of logs is critical. Blockchain technology, with its immutability feature, provides an ideal solution for secure storing of logs. However, the scalability limitations of existing public blockchains have made blockchain-based solutions impractical. To address this challenge, this paper proposes an approach where logs are categorized into time-based intervals, and a chain of linked entries using Message Authentication Codes (MAC) for each type of log. In addition to MAC, a counter is assigned to each class of log to enable detection of any deletion, insertion, repetition, or even reordering of log records, as the logical chain would be disrupted. At the end of each interval, known as checkpoint, newly verified log is appended to the blockchain. This approach not only ensures the security of logs but also enhances system efficiency by reducing the amount of data stored on the blockchain through batch processing. Our implementation demonstrates that the proposed system offers improved efficiency, requiring fewer computations compared to other methods.
 

Keivan Khoormehr, Javad Alizadeh, Mohsen Jahanbani,
Volume 13, Issue 2 (12-2024)
Abstract

Side-channel attacks, particularly power analysis attacks, pose a significant threat to the security of block cipher applications in hardware. These attacks can be executed using three primary methods: Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Correlation Power Analysis (CPA). This paper examines the vulnerability of the SPEEDY block cipher to such power analysis attacks. In the first section, we demonstrate that the non-linear layer of the SPEEDY block cipher is susceptible to information leakage when subjected to power analysis attacks. By implementing the cipher in hardware and utilizing 1000 input samples, we establish that key-recovery attacks are feasible. The second section focuses on countermeasures to enhance the security of the SPEEDY block cipher against power analysis attacks. We propose a secure implementation method that employs Domain-Oriented Masking (DOM). Using the SILVER tool and the T-test method, we show that the secured version of the SPEEDY block cipher effectively mitigates the vulnerabilities and information leakages present in the original version when exposed to power analysis attacks.

M.s Amin Chahardoli, Dr Abouzar Arabsorkhi,
Volume 14, Issue 1 (9-2025)
Abstract

In today’s modern world, with the emergence of technological advancements, cybersecurity has become one of the most critical issues. Every day, millions of data items are exchanged across the internet, exposing organizations and individuals to threats such as cyber intrusions, unauthorized access to information, and more. In this dynamic environment, Threat Intelligence has emerged as a prominent and effective tool to combat these threats—without overlooking necessary sensitivities. This modern approach enables organizations to analyze threat intelligence data meticulously, respond proactively to cyberattacks, and ensure the desired level of information security.
Given the increasing trend of cyberattacks, governments and organizations worldwide are pursuing strategies to strengthen institutional capacities for threat intelligence. In this article, through a comparative study of frameworks, standards, platforms, and coalitions (as key tools for enhancing cybersecurity and preventing attacks), the researcher provides a detailed analytical examination of these tools and their role in reinforcing cybersecurity systems. By focusing on the structural strengths and implementation components of threat intelligence in organizations—and leveraging the experiences of governments and international coalitions—this research aims to illustrate the essential role of these components in the production, dissemination, and utilization of threat intelligence. It also highlights the importance of effectively integrating these solutions into an organization’s information security cycle.
Achieving threat intelligence through frameworks, standards, platforms, and related coalitions requires attention to diverse requirements and actions. Based on the findings of this research, decision-makers and stakeholders can anticipate and operationalize necessary measures to implement threat intelligence approaches at an organizational level. Furthermore, adopting these frameworks, standards, platforms, and coalitions not only helps organizations utilize threat intelligence more effectively but also plays a critical role in decision-making and countering cyberattacks.
Frameworks, standards, platforms, and coalitions supporting threat intelligence development represent the most vital components, tools, and approaches used in the collection, analysis, and application of threat intelligence. These tools and standards have advanced significantly over time to assist organizations in effectively combating cyber threats. They enable organizations to better produce, disseminate, and implement threat intelligence strategies to address diverse attacks and threats.
This article is based on an extensive and in-depth study of major international frameworks for implementing and developing threat intelligence, as well as adopting standards and structures aligned with organizational needs—including principles, processes, responsibilities, and roles—within the threat intelligence lifecycle. By analyzing published best practices and insights from this research, practical recommendations are provided to organizations for managing threat intelligence. The production, dissemination, analysis, and application of threat intelligence are critically important for organizations due to the following reasons:
• Threat Identification and Prediction: Threat intelligence helps organizations identify and analyze patterns and trends in cyberattacks. This information guides organizations in predicting future attack types and planning appropriate countermeasures.
• Enhancing Incident Response: By leveraging threat intelligence, organizations can respond swiftly and effectively to cyberattacks. This minimizes potential damages and reduces the costs associated with attacks.
• Strengthening Cybersecurity: Organizations can implement necessary improvements to their systems and networks using threat intelligence, thereby better protecting their resources. These measures include researching and developing security technologies, enforcing efficient security policies, and enhancing employee awareness and trainin.
The development and implementation of frameworks, standards, platforms, and coalitions not only empower organizations to leverage threat intelligence more effectively but are also pivotal in strategic decision-making and countering cyberattacks. In the pervasive world of information technology, threat intelligence serves as a vital and undeniable tool in addressing organizations’ security challenges. The use of threat intelligence in cybersecurity management—encompassing concepts such as threat identification, data-driven security decision-making, protection of sensitive information, defensive strategies, early detection and rapid response, and risk prediction and mitigation—emerges as a key factor in elevating security standards. By emphasizing the importance of these issues and the unparalleled role of threat intelligence in preventing and countering cyber threats, organizations are encouraged to leverage this powerful tool in the realm of cybersecurity.
Based on the outlined considerations, the primary research question of this study is:
• What are the functional roles of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations? Addressing this main question requires answering the following sub-questions:
• What are the constituent components and elements of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations?
• What are the factors influencing the selection and implementation of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations?
• What are the criteria influencing the selection and implementation of frameworks, standards, platforms, and alliances supporting threat intelligence in organizations?
• What is the status of these influential criteria concerning each selected framework, standard, platform, or alliance supporting threat intelligence in organizations?
• How will the evaluation and assessment of selected frameworks, standards, platforms, and alliances supporting threat intelligence be conducted based on these criteria?
Mrs Vahideh Ghanooni Shishavan, Doctor Shaban Elahi, Doctor Sadegh Dorri Nogoorani, Doctor Ali Yazdian Varjani,
Volume 14, Issue 1 (9-2025)
Abstract


The issuance of electronic invoices in the tax system, although a new topic, has not yet been able to fully provide an optimized tax system. Some of the challenges in the tax system include transaction data forgery, the complexity of the invoicing process, and the risks associated with storing data in centralized databases. Blockchain technology, with features such as transparency, resistance to tampering, and decentralization, can be a suitable solution. Ensuring the privacy and security of tax data and maintaining a balance between transparency and confidentiality in tax systems is of utmost importance. In this paper, a tax system model has been proposed base on a permissioned private blockchain. In this type of blockchain, only validating nodes have access to the information, and data access is restricted. This approach prevents the exposure of confidential information. Our proposed model consists of several processing nodes that are part of the blockchain network. These nodes are responsible for validating transactions and verifying information. In this model, various organizations, including the tax. All rights reserved. administration, banks, and other entities, connect to the blockchain network via nodes, but the network is not organizationally part of any single entity. Each organization interacts with the network through its own specific processing nodes. The model includes six layers, explained as follows: 1) Network Layer: This layer consists of processing nodes that represent various organizations (e.g., the tax administration, banks, tax payers, chambers of commerce, and official accountants). These nodes are responsible for validating transactions and maintaining the distributed ledger. The network generally includes organizations, processing nodes, and users. 2) Protocol Layer: This layer manages transaction processes, consensus, and data storage. Here, sales transactions are recorded, and the global state is maintained in the distributed ledger. Consensus in this model is achieved through the Raft algorithm, which is resistant to potential failures. 3) Privacy Layer: Private data is isolated and stored in different channels to prevent unauthorized access. For each transaction, data related to goods and services, exemptions, and liabilities are stored in private datasets. These data are only accessible by authorized processing nodes. 4) Governance Layer: This layer is responsible for managing electronic certificates and network security. Security is ensured through a certificate authority, public and private keys, and access control mechanisms. Additionally, identity management and member access control within the network are handled in this layer. 5) Integration Layer: This layer uses tools like gRPC and Oracles to communicate with external systems. Events are recorded and sent to other network members, and the necessary data for completing transactions is supplied through Oracles. 6) Application Layer: This layer consists of applications that provide a user interface for interacting with the blockchain. These applications connect to smart contracts and other blockchain components through a Software Development Kit (SDK). The model has been evaluated from four perspectives: (1) Qualitative Evaluation: Experts in various fields have reviewed the model. (2) Technical perspective: the model ensures data security through consensus protocols and digital certificates. It also offers better scalability due to the use of a private blockchain. (3) Organizational Perspective: The model is compatible with traditional systems and can be easily implemented on existing infrastructures. (4) Environmental Perspective: Some challenges, such as coordination with tax laws and processes, require attention. From a security perspective, three main aspects have been examined: (1) Confidentiality: This is ensured by storing data in the private blockchain, identity verification through digital certificates, and appropriate access control. (2) Data Integrity: This is guaranteed through the consensus protocol and the recording of transactions via smart contracts. (3) Availability: This is maintained by designing a distributed network that is resilient to node failures. Regarding the efficiency of the proposed model, it is suitable for large-scale and national implementations. The system continuously records transactions and, compared to traditional systems, places less strain on the infrastructure. Tests have shown that the Raft consensus protocol has low latency and good performance. Our comparison with previous systems that use public or centralized blockchains shows that our proposed model has more advantages. The most significant benefits are its transparency, security, and scalability. In comparison to other models, this system has successfully addressed challenges related to data forgery and the complexity of the invoicing process.


Page 4 from 4     

دوفصل نامه علمی  منادی امنیت فضای تولید و تبادل اطلاعات( افتا) Biannual Journal Monadi for Cyberspace Security (AFTA)
Persian site map - English site map - Created in 0.07 seconds with 44 queries by YEKTAWEB 4714