|
|
|
 |
Search published articles |
 |
|
Showing 75 results for Type of Study: Review Article
Dr Mahmood Deypir, Mozhgan Ghasabi,
Volume 5, Issue 1 (9-2016)
Abstract
Recently, software defined networks have been introduced for innovation and flexibility in computer networks. They are widely used in infrastructure networks and data centers. Using these networks has advantages such as scalability, efficient bandwidth usage, reducing control traffic, better traffic engineering and etc., which are mainly due to their programmability. There are also some security challenges that often arise from the same property. Software defined networks reliability compared to traditional network reduces due to these challenges. Therefore, if software defined networks are not design based on a security architecture, they will be vulnerable against known cyber-attacks such as DDoS, spoofing, information disclosure and etc. In this paper, software defined network security challenges and corresponding solutions are reviewed. Moreover, some applications of software defined networks for security including network traffic separation, network flow access control, and secure routing are mentioned. In order to do security testing and evaluation of relevant security solutions we have explained how these networks are simulated.
Mr Saeid Rezaei, Mr Mohammad Ali Doostari, Mr Majid Bayat,
Volume 5, Issue 1 (9-2016)
Abstract
Cloud environment are known as a revolution in IT industry in the recent decade and many organizations have used this service for data processing and data storage. Despite of fast growing and numerous advantages, some organizations still do not use this service due to security problems and privacy issues related to storing sensitive data on the untrusted cloud servers. Access control management utilizing encryption techniques is one of the most common methods to solve these kinds of problems. Attribute based encryption is a new cryptographic model which uses descriptive attributes and access structures for managing access control. This article discusses the most recent methods of access control in cloud environment using attribute based encryption. We classify these protocols with respect of efficiently and security features. Finally, all the strengths and weaknesses points of reviewed articles are discussed and a comprehensive security and practical comparison is presented.
Seyedeh Zeinab Mohammadi, Dr Nima Jafari Navimipour,
Volume 5, Issue 1 (9-2016)
Abstract
Dr Masoumeh Safkhani, Mr Mohamadamin Arghavani,
Volume 5, Issue 2 (3-2017)
Abstract
In recent years the security of SHA-3 [1] is one of the most interesting topics in the field of cryptography. Cryptography uses Hash functions in different ways. Thus the security of Hash functions against different attacks is of vital importance. Several attacks and many analysis have been applied to SHA-3 till now but none of them could break it theoretically or practically. Keccak relies on a Sponge architecture.
In this paper, we focus on differential fault analysis attack and we review the latest attacks on SHA-3. Specifically, we describe cube attack, differential fault analysis and also describe zero-sum distinguisher attack and pre -image attack by using linear structures.
[1] Secure Hash Algorithm 3(SHA-3)
Mr. Mehdi Sadeghpour, Dr. Reza Ebrahimi Atani,
Volume 5, Issue 2 (3-2017)
Abstract
Data collection and storage has facilitated by the growth in electronic services, and has led to recording vast amounts of personal information in public and private organizations' databases. These records often include sensitive personal information (such as income and diseases) and must be covered from others access. But in some cases, mining the data and extraction of knowledge from these valuable sources, creates the need for sharing them with other organizations. This would bring security challenges in users' privacy. “Privacy preserving data publishing” is a solution to ensure secrecy of sensitive information in a data set, after publishing it in a hostile environment. This process aimed to hide sensitive information and keep published data suitable for knowledge discovery techniques. Grouping data set records is a broad approach to data anonymization. This technique prevents access to sensitive attributes of a specific record by eliminating the distinction between a number of data set records. In this paper an overview of privacy preserving Data Publishing Techniques will be presented.
Mohammad Reza Goharei,
Volume 5, Issue 2 (3-2017)
Abstract
In this paper, one of the most important challenges in energy smart grids – Denial of service for critical time messages – is addressed. In order to explain and solve this issue, we have described different communication structures for conveyed messages in energy smart grids, various proposed communication technologies, different types of jammings, and variety of conveyed messages in grid. Also, depending on communication technology and jamming in use, different situations of jamming is explored. To describe jamming problem, Gambler’s ruin problem solving theory is used. To eliminate this vulnerability, the least rate of invalid messages is calculated for the worst situation. TACT technic in he least camouflage traffic load in grids is used to match this problem to real world.
Shadi Azizi, Maede Ashouri-Talouki, Hamid Mala,
Volume 5, Issue 2 (3-2017)
Abstract
Location-based services (LBSs) provide appropriate information based on users’ locations. These services can be invoked by an individual user or a group of users. Using these services requires users to reveal their locations; thus, providing uses’ location privacy during the use of these services is an important issue. There are many works to protect users’ location privacy. In this paper, we have reviewed the related works to provide the location privacy for a group of users during the use of LBSs. We have classified them into two categories: the first category consists of the solutions that protect an individual user location privacy through group formation, while the second category contains the specific solutions to provide group location privacy. We have then analyzed and compared the performance and security properties of the related works, and have identified the open issues and future works in this field.
Zahra Zolfaghari, Nasour Bagheri,
Volume 6, Issue 1 (9-2017)
Abstract
In this article, we introduce Time Memory Trade Off attack and a method for finding near collisions in a hash function. By considering hash computations, it is easy to compute a lower bound for the complexity of near-collision algorithms, and to construct matching algorithm. However, this algorithm needs a lot of memory, and uses memory accesses. Recently, some algorithms have been proposed that do not require this amount of memory. They need more hash evaluation, but this attack is actually more practical. These algorithms can be divided in two main group: the first group is based on truncation and the second group is based on covering codes. In this paper, we consider the first group that is based on truncation. For practical implementation, it can be assumed that some memory is available, Leurent [10] showed that it is possible to reduce the complexity significantly by using this memory. In the next step, Sasaki et al. [9] proposed improvement of most popular Time Memory Trade off for K-tree algorithm by using multi-collision based on Helman’s table. As a result, they obtained new trade off curve that for k=4 the tradeoff curve will be . In this article, at the first the methods of TMTO, and then the method of finding near-collision by using TMTO are explained.
, ,
Volume 6, Issue 1 (9-2017)
Abstract
Due to the increasing use of smartphones among different groups of users in society as well as various capabilities that mobile devices provide for users, ensuring the security of smartphones is very important. Distribution markets of apps compromises the security of smartphones. Appstores play an important role in ensuring the security of smartphones and, if security requirements will be followed then they can protect users against malware developers. For this purpose, it is essential to identify security risks for this part of the app ecosystems. In this document, security risks raised in the app ecosystem in the field of app distribution markets have been explained.
Engineer Nasrin Taj Neyshabouri, Engineer Shaghayegh Naderi, Engineer Mahsa Omidvar Sarkandi, Engineer Hassan Koushkaki,
Volume 6, Issue 1 (9-2017)
Abstract
validation among Users, Stockholders, and delivering important and various services with high availability are part of import dimensions of local search engines. This paper provided a comprehensive research result on Combination of security control tools with main components of local search engines, like crawler, ranker, Indexer and security requirements Consideration in all phases of software development life cycle. We organize the existing research works on securing local search engines based on combination of security standards relevant to software development life cycle of systems with key components of local search engines to help developers, software project managers for implementing security controls and requirements properly.
Shadi Azizi, Maede Ashouri Talouki, Hamid Mala,
Volume 6, Issue 1 (9-2017)
Abstract
Doing a joint and secure computation on private inputs (Secure Multiparty Computation) is an interesting problem in the field of information security. The Millionaire problem is the first SMC problem in which two millionaires wish to know who is richer without disclosing their wealth. Then many problems have been defined in the field of secure multiparty computation. In this paper, the problem of secure multiparty summation is considered where a group of users wants to jointly and securely compute the summation value of their private inputs. We have reviewed and compared the related works in this filed; we have also identified the open issues and future works.
, , , ,
Volume 6, Issue 1 (9-2017)
Abstract
Nowadays, with burgeoning of computer networks and content on the internet, the demand is high for watching and searching contents like videos, music, files and documents and search engines, one of the factors that responds to the demands of the users and give them help to reach their goals faster. Also, the search engines, which have many advantages in the mistake design and configured components crawler, indexer and ranking, is malfunction that leads to the disclosure of confidential information users and websites, providing irrelevant and pollution results and non-secure search engines architecture. Therefore, considering the security problems and prospects components in the architecture of search engines, including local search engines is essential. The main parts that should guarantee their security in the architecture of local search engines is inclusion of the crawler (crawl policies, design factors, code injection attacks, crawler availability, crawler database), the indexer (search module, indexer database, indexing mechanisms, design factors) and the ranking (ranking policy, negative Search Engine Optimization (SEO)). The main topics of this article at first the threats and vulnerabilities main components in local search engines are studied, then requirements and security policies is provided for the three major components that leads to local search engines with secure architecture.
, ,
Volume 6, Issue 1 (9-2017)
Abstract
The use of Wireless Sensors Networks (WSNs) is rapidly growing in the areas of research, application, operation, and commerce. These kind of networks are used for monitoring a desired region of an environment. So, many abilities of these networks, by considering their lower cost, have caused them to be applicable in various areas. WSNs are designed in scale of hundreds to thousands nodes, wherein this great scale is technologically the most challenging issue. One of the most basic and challenging problem is the coverage issue. Security is another important issue. Coverage is the most paramount goal of creating and implementing of WSNs, because coverage is directly related to the degree of quality, method, and durability of the WSNs for recognizing the parameters and defined aims of the regions, and the implementation cost. In this paper, the methods of improving the security of public places (by increasing the coverage of the regions based on the sensors networks) have been investigated. The results indicate that by choosing an appropriate and optimum coverage, it is possible not only to cover the entire region by utilizing the minimum number of sensors, but also it is possible to increase the security of the monitored places of the network by lesser nodes.
Sajad Rezaee Adaryani, Seyed Mahdi Sajjadieh, Ali Zaghyan,
Volume 6, Issue 2 (3-2018)
Abstract
Not only election is one of the significant issues in democratic societies, but also it can be used in commercial association such as stock market and it has a noteworthy feature to determine the board of the directors. According to progresses in cryptographic topics and asymmetric encryption systems, tremendous attempts have been made in the design of protocols for electronic elections. However, all of the designed protocols have either high complexity or weaknesses in security features. Since the majority of electronic election schemes are dependent on a number of honest persons, they are practically difficult. In addition, in most of them, voters will play a key role in producing ballot. If someone imposes compulsory, privacy will be lost or the voter will be able to provide a receipt to show the content of his vote, and this in turn, vote-buying and immoral issues will be appeared.
In this paper after, evaluating the security features of an electronic election scheme, an election protocol based on homomorphic encryption, will be expressed, and the difference between the receipt protocol and receipt-free protocol will be examined.
Engineer Mahsa Omidvar Sarkandi, Engineer Nasrin Taj Neyshabouri, Engineer Hassan Koushkaki, Phd Shaghayegh Naderi,
Volume 6, Issue 2 (3-2018)
Abstract
Abstarct- The local search engine systems is one of the indicators of IT industry development in all countries. The safety of these systems arises according to its specific position, with providing users to access to right information in the least possible time. The most effective measures to secure this type of application are assessment and risk management in the early stage of software security. It consists of a set of steps that will help a software team in the applications management during the development process. In order to reduce the risk of this type of systems responce to risk approach is selected. The main objective of this article is assessment and risk management based on information collected from designed questionnaire. As well as to identify important risks, security controls and NIST methodology are used and the results of calculations of the risk level are provided on the basis of known fields.
Mohsen Jahanbani, Nasour Bagheri, Zeinolabedin Norozi,
Volume 6, Issue 2 (3-2018)
Abstract
Devices such as wireless sensor networks and RFIDs have limited memory, power and energy. They have security requirements so that the usual implementation of cryptographic algorithms is not appropriate for them and leads to high consumption of resources. One solution is designing new lightweight algorithms that have a lower security level than standard algorithms. The second solution is implementing standard algorithms such as AES block cipher as a lightweight algorithm. In this type of implementation, some techniques such as resource sharing, S-box implementation with combinational circuits, mapping computations finite fields from one base to another base and on the fly computation are used. In this paper, the most important lightweight implementations of AES are evaluated. The criteria considered for this evaluation include gate count, the number of clocks required for an encryption/decryption operation, throughput, power, energy and the combination of themes. Studies show that we can use standard encryption algorithms in applications with limited area between 2000-3000 GE and a small amount of energy, for example a few PJ. Some of these successes are achieved due to advancements in CMOS circuit technology and some others are the result of designing suitable hardware architecture, exact scheduling of cryptographic operations and efficient use of resources.
Ms Maryam Taebi, Dr. Ali Bohlooli, Dr. Marjan Kaedi,
Volume 6, Issue 2 (3-2018)
Abstract
In Website Fingerprinting (WFP) Attacks, clients’ destination webpages are identified using traffic analysis techniques, without any need to decrypt traffic contents. Typically, clients make use of the privacy enhancing technologies (e.g., VPNs, proxies, and anonymity networks) to browse webpages. These technologies allow clients to hide traffic contents and their real destinations. To perform an attack, features are extracted from the input packet sequence. Next, the data is pre-processed and finally, client’s real destination is revealed by means of a machine learning algorithm. Various studies have utilized statistical methods or classification approaches to infer the client’s visited webpages. In this paper, a comprehensive overview of WFP techniques is performed, in which previous studies are categorized based on the features they use for webpages identification. This is a new approach for categorizing previous works on WFP attacks and to the best of our knowledge, this viewpoint has not been applied so far.
Mohammed Mohsen Amiri, Morteza Moammer, Mousa Mohammadnia, Masoud Asgari Mehr,
Volume 7, Issue 1 (9-2018)
Abstract
With growing expanding usage of computer systems in safety-critical applications, the use of safety and reliability improvements in early design and production phases has become important. Because the bug occurrence or incidence of failure in these critical systems not only costs a lot to make the manufacturer imposes but can humans and property as well as the environment. In this article the four raised the standard C++ programming called the MISRA C++، JSF AV C++، HI C++،ESCR C++ is Has been examined. That will be able to benchmark safety in the codes posted in code, design stage. Hence in this article, initially the amount of overlap of these standards in order to find the most comprehensive assessment standard & Continue to the extent of the richness of the standards of the six for reliability, maintenance, readability, testability, performance and safety test Has been paid. At the end of the tools that the ability to checkout these standards during production are examined.
Dr. Hadi Soleimany, Mr. Mohammad Reaza Sadeghi,
Volume 7, Issue 1 (9-2018)
Abstract
Block cipher attacks have found new aspects, due to the advancement of the technology and the development of the software and hardware tools. In many cases, the attackers try to use the weaknesses of the block ciphers implementation, instead of the theoretical cryptanalyses. Increasing the attacker’s accessibility to the details of the block ciphers implementation will increase the chance of success of his attacks. Hence, it is important to design secure block cipher schemes, those are unbreakable whether the attackers have access to the details of the implementation or not. In this paper, first we will introduce the different models of the block ciphers implementation, then we will explain the fundamental concepts of the white-box cryptography, and why it is useful. Later we will discuss several white-box schemes.
Miss Aniseh Najafi, Dr Majid Bayat, Dr Hamid Haj Seyyed Javadi,
Volume 7, Issue 1 (9-2018)
Abstract
The growth of data production in the world brings with it capacities and requirements. On the one hand, the storage of generated data provides the possibility of reuse and analysis on the data that leads to the production of data science. On the other hand, large amounts of data require storage space and the ability to search over them. Cloud computing is a technological and operational model that addresses the storage and computing limitations of data storage and utilization. As well as searchable encryption as a cloud-based, highly used, technique, in addition to maintaining data security, it can search over them. In this paper, the searchable encryption methods and the limitations and capabilities of each one are examined. At the end, there are some explanations on how to use searchable encryption in medical data.
|
|
