|
|
 |
Search published articles |
 |
|
Showing 75 results for Type of Study: Review Article
Dr Amin Pazhouhesh, Mrs Afsaneh Zamani, Volume 7, Issue 1 (9-2018)
Abstract
The purpose of the present article is studying continuation of the cycle of cybercrime and providing strategies for its prevention management. Cybercrime is a range that one side relies on technology and the other side, relies on interpersonal relationships. The aim of the present study, functional and in terms of type, quality and according to the method of data collection, library and study based on internal and external online resources. Paper reviews the literature and concludes the interval between supply technology and related crime and criminal laws do not fit and often the possibility of transferring experience to the field of cybercrime is not possible. However, due to the widespread nature of the phenomenon, appropriate, dynamic and agile legal framework is an urgent need for investigation and prosecution. This research has some preventive strategies such as threat assessment and strategic analyzes, development of cooperation between national, regional and international levels, and to increase awareness and educate points.
, , Volume 7, Issue 1 (9-2018)
Abstract
The widespread use of information and communication technology in industrial control systems has exposed many cyber attacks to these systems. The first step in providing security solutions is to recognize the threats and vulnerabilities of a system at first. Therefore, in this work, after providing a general overview of the SCADA security, we provide a survey on actual cyber attacks from 2000 up to now. To be able to assess the risk of these attacks, we perform profiling them based on the target systems of the attack, the geographical area of it, the method used in the attack and its impact. This profiling provides a clear view of the most important security incidents in SCADA systems and could be useful in the defining suitable strategies for preventing and defending against the major SCADA security attacks.
Javad Moradi, Majid Ghayoori Sales, Volume 7, Issue 2 (3-2019)
Abstract
Data is one of the most valuable assets in today's world and is used in the everyday life of every person and organization. This data stores in a database in order to restore and maintain its efficiently. Since there is a database that can be exploited by SQL injection attacks, internal threats, and unknown threats, there are always concerns about the loss or alteration of data by unauthorized people. To overcome these concerns, there are several security layers between the user and the data in the network layer, host, and database. For instance, security mechanisms, including firewall, data encryption, intrusion detection systems, etc., are used to prevent infiltration. Database Intrusion Detection System uses a variety of data mining techniques to detect abnormalities and detect malicious and intrusive activities. In this paper, a category of intrusion detection techniques is presented first in the database, and a review of the general algorithms for intrusion detection in databases is demonstrated. Since signature-based methods are elder and less complex and less diverse, the main focus of this paper is on behavioral methods.
Mrs Afsaneh Zamani, Dr Amin Pazhouhesh, Volume 7, Issue 2 (3-2019)
Abstract
This paper tries to investigate the question of how virtual cybercrimes fall within the realm of criminal law and what their principles and conditions of criminalization are. Despite the large number of Internet users in virtual worlds, such as "Second Life", there has been limited literature and research especially on the extent and scope of the issue, the identity of the perpetrators and victims, as well as the consequences of cybercrimes. The present study is an applied and qualitative research and according to data collection, it is a library research (meta-analysis secondary studies) on the basis of internal and external online resources. The article provides necessary and sufficient conditions to include virtual cybercrime in a subset of criminal law by using philosophical ontology as well as philosophy of law. It is concluded that necessary condition for virtual-cyber acts as a crime to be placed under law to obtain a Meta-Virtual outcome. The sufficient condition is that the outcome of this entity, justifies interference with the freedom of citizens to use the criminal law on the basis of a principle limiting freedom of Feinberg.
Mr Mohammad Mehdi Ahmadian, Dr Mehdi Shajari, Volume 7, Issue 2 (3-2019)
Abstract
Industrial control systems (ICSs) which are used in critical infrastructure and other industries mostly use various communication protocols. Most of these communication protocols have various cyber security challenges and weakness that give the attackers the opportunity to gain to their malicious intentions. In this paper, we assess IEC 60870-5-104 protocols from security perspective which is used in the ICSs as telemetry communication. According to achievement of these goals, we have analyzed the IEC 60870-5-104 design phase carefully and used experimental test bed to identify the security threats and vulnerabilities and characterize the technical attacks. Finally we review the design of hardening mechanisms and their challenges.
Hadi Soleimany, Farokh Lagha Moazemi, Volume 7, Issue 2 (3-2019)
Abstract
Due to the fast development in information and communication technology, new challenging problems appear in the security. So, it is important and vital that the scientific society of our country focuses on research and studies these problems and by providing new proposal try to respond to these critical needs of our country. Hence, our aim in this paper is to study and highlight one of the important problems of applied cryptography that appear recently in cryptography society but in our country, there is not much research about it. In this paper, we investigate a special and applied category of a backdoor in cryptography systems which is named Kleptography. In this paper, in addition to the investigation of the kleptographic attack, we study its application. Our purpose in this paper is to shed some new light on the kleptographic attack by studying new concepts that recently have appeared about it.
Mozhgan Ghasabi, Dr Mahmood Deypir, Volume 7, Issue 2 (3-2019)
Abstract
In recent years, Vehicular Ad Hoc Networks (VANETs) have emerged as one of the most active areas in the field of technology to provide a wide range of services, including road safety, passenger's safety, amusement facilities for passengers and emergency facilities. Due to the lack of flexibility, complexity and high dynamic network topology, the development and management of current Vehicular Ad Hoc Networks faces many challenges. To simplify network management of the current networks, the architecture of the software defined networks is introduced, which this architecture reduces the complexity of the networks by decoupled the control plane from the data plane. Software defined networks with flexibility and programmable capabilities can help the performance and management requirements for VANETs. In this paper, we focus on the possibility of using software defined networks in a Vehicular ad hoc network environment. First the architecture of VANET based on software defined networks and its operational mode is examined, then the benefits and services which are described by this architecture are presented. Finally, some of the potential challenges in the architecture of Software defined vehicular ad hoc networks are expressed.
, Volume 8, Issue 1 (9-2019)
Abstract
The formation and development of the World Wide Web has played a key role in the emergence of new criminals and crimes. The increasing dependence of countries on the Internet and the rapid development of new technologies have also added to the vulnerability. However, despite many advances in the material field, human societies have not been well served by the legal and cybercrime. This has led to a controversial challenge in criminologist research over the past two decades And become a growing concern for public policy; Therefore, it is necessary to take into account all the necessary aspects in order to properly understand and prevent these crimes. In this article, we intend to explain the concept, characteristics and challenges of cybercrime, and to take preventive measures and to tackle them.
, , Volume 8, Issue 1 (9-2019)
Abstract
Semiconductor metal oxide technology complements a popular and pervasive approach in the design of electronic and digital circuits, but in this technology, reduction at the sub-micron level is simply not feasible; therefore, quantum-dot cellular automata nanotechnology as a new way to design digital circuits and reduce power consumption was introduced. At the nanoscale, quantum-dot cellular automata cells represent a novel way of performing calculations by transmitting information through quantum cell interactions. Small dimensions, high speed, low power consumption, and low latency are the main features of this technology. Designing high-security circuits in nano-scale quantum-dot cellular automata technology is important for designers, considering the intercellular communication, low power consumption, and optimal power consumption. Therefore, this paper first describes the quantum-dot cellular automata at the nano level and then quantum cells, then important structures in this technology, timing and important points in the quantum-dot cellular automata circuit have been discussed and reviewed. In the field of security, such as cryptographic circuits, interconnections have been made at the nanotechnology of quantum-dot cellular automata technology. Finally, their structures, circuits, and performance are analyzed. The results showed that by applying some methods such as Feynman gate reversible logic, Fredkin circuit reversible key and decoding encoding process, the safety and reliability of nano-communications based on quantum-dot cellular automata technology can be increased.
, , , Volume 8, Issue 1 (9-2019)
Abstract
Designing a wide range of encryption algorithms using the sponge structure is reduced only by designing a transform or permutation. Designer specifies a transformation or permutation and then form a hash function, stream cipher, authenticated encryption algorithm and pseudo random number generator. Also, exploiting one single transformation or permutation simplifies the implementation of derived algorithms and gives other advantages such as provable security and better understanding of security of designs. This paper provides a quick introduction to design the sponge structure and explains some cryptographic applications and security requirements.
Engineer Jamileh Bahri, Doctor Hamidreza Shayeghbrojeni, Volume 8, Issue 1 (9-2019)
Abstract
Blockchain technology is a decentralized data structure based on a chain to the ledger of interconnected data blocks. Blockchain stores new blocks in the ledger without having to rely on intermediaries in a competitive or voting mechanism. Due to the chain structure or graph between each block and its previous block, it is impossible to modify blockchain data. Blockchain architecture provides trust in a peer-to-peer network through nodes on the network according to different consensus algorithms. In this article, we intend to describe the mechanism of each consensus-based, voting-based, and distant-oriented graph consensus algorithm.
Fariba Sadeghi, Amir Jalaly Bidgoly, Volume 8, Issue 1 (9-2019)
Abstract
Rumors, are unverified and often erroneous news that are widely propagated at the community level, discrediting or falsely increasing the trust of nodes in a network to an entity or subject. With the rise social networks in recent years, despite their positive uses, propagating rumors have become easier and more common. Rumors are a class of security challenges on social media, since a malicious node can easily disparage or isolate its goals by spreading a rumor. Therefore, rumors detection is an important challenge in soft security mechanisms such as trust and reputation. Researchers have come up with different methods for modeling, detecting and preventing rumors. In this study, rumor detection methods in social networks will be reviewed. First, we will briefly review the features used in previous research, then we will examine the approaches used and introduce the most commonly used Dataset. Finally, the challenges that exist for the future research in exploring social media to identify and resolve rumors are presented.
Sara Zarei , Hadi Soleimany, Volume 8, Issue 2 (2-2020)
Abstract
One of the usual ways to find sensitive data or secret parameters of cryptographic devices is to use their physical leakages. Power analysis is one of the attacks which lay in such a model. In comparison with other types of side-channels, power analysis is so efficient and has a high success rate. So it is important to provide a countermeasure against it. Different types of countermeasures use different methods and can be applied at different levels. Masking is an effective one which provides provable security in algorithm level. however even masked algorithms are sometimes suspected to leak kind of information in a condition that implemented in hardware leads to power analysis attacks. Threshold implementation is a way to secure hardware implementations against such probable challenges. In this paper, first we will introduce the different attack models in block ciphers, then we will concentrate on the gray-box model and explain the concepts of power analysis attacks and fundamentals of masking countermeasure. Later we will discuss the challenges of masking method in hardware implementations and introduce threshold implementation and its different aspects.
Amirhossein Pourshams, Mohammad Reza Hasani Ahangar, Mahmoud Saleh Esfahani, Volume 8, Issue 2 (2-2020)
Abstract
Increased broadband data rate for end users and the cost of resource provisioning to an agreed SLA in telecom service providers, are forcing operators in order to adhere to employment Virtual Network Functions (VNF) in an NFV solution. The newly 5G mobile telecom technology is also based on NFV and Software Define Network (SDN) which inherit opportunities and threats of such constructs. Thus a thorough understanding of security challenges and their solutions are required to reduce security concerns while developing new services. In this article, cloud computing, NFV and its VNFs from a security perspective is explained. Then, their security challenges with respect to cloud computing infrastructure and current solutions are discussed in a comparative scenario based way. Finally, proper security solutions for each scenario are proposed.
Javad Alizadeh, Mohsen Seddighi, Hadi Soleimany, Volume 8, Issue 2 (2-2020)
Abstract
Advances in information and communication technologies lead to use of some new devices such as smart phones. The new devices provide more advantages for the adversaries hence with respect to them, one can define with-box cryptography. In this new model of cryptography, designers try to hide the key using as a kind of implementation. The Differential Computation Analysis (DCA) is a side channel attack on the with-box cryptography. The mentioned method influenced all with-box cryptography schemes when it was introduced. This attack is based on the software implementation of cryptography algorithms and is similar to the differential power analysis (DPA). In this paper, we introduce the principles of the DCA and also describe how one can use this attack to find the key of a with-box cryptography scheme.
Akram Khalesi, Mohammad Ali Orumiehchiha, Volume 9, Issue 1 (8-2020)
Abstract
Sponge structure is a structure widely used in the design of cryptographic algorithms that reduces the design of the algorithms to the design of a permutation or pseudo-random function. The development of sponge-based algorithms and the selection of designs based on this structure in SHA3 and CAESAR competitions increase the need to examine its security against various types of attacks. In the previous article, we defined and examined the features of this structure, and in this article, with the focus on the security of sponge structures, we study general analysis methods on this structure and examine their complexities. Considering the complexities introduced for the general attacks, it is necessary to achieve a certain level of security, and therefore this article, both in terms of design and cryptanalysis of sponge-based algorithms plays important role. It is suggested that the article "Sponge structure; introduction and applications" published in this journal be reviewed before reading this article.
Masoud Mohammadalipour, Saeed Shokrollahi, Volume 9, Issue 1 (8-2020)
Abstract
Most networks without fixed infrastructure are based on cloud computing face various challenges. In recent years, different methods have been used to distribute software defined network to address these challenges. This technology, while having many capabilities, faces some vulnerabilities in the face of some common threats and destructive factors such as distributed Denial of Service. A review of various studies shows that in order to eliminate vulnerabilities, we need to combine appropriate defense solutions with the distributed Software Defined Network structure. Therefore, in this study, a general classification of the types of defense solutions against the above attack is presented. Then, while classifying the intrusion detection solutions into two threshold and non-threshold categories, we examined some practical examples of the above solutions. We conclude that the threshold of intrusion detection method exacerbates the vulnerability, and we are required to use non-threshold defense solutions with flat distributed software defined network architecture.
Mohammad Pishdar, Younes Seifi, Mozafar Bag-Mohammadi, Volume 9, Issue 1 (8-2020)
Abstract
RPL (Routing Protocol for Low Power and Lossy Networks) has been designed for low power networks with high packet loss. Generally, devices with low processing power and limited memory are used in this type of network. IoT (Internet of Things) is a typical example of low power lossy networks. In this technology, objects are interconnected through a network consisted of low-power circuits. Example IoT applications are smart energy grid, smart home, connected car, intelligent transport systems, and smart cities. IoT is different from many similar technologies due to the existence of low power electronic circuits and limited connectivity. Information security is one of the main IoT concerns. The emergence of new types of security vulnerabilities in IoT devices and the escalation of their damages through numerous IoT applications is considered a major deployment drawback for RPL. In this paper, major cyberattacks against RPL, as well as related security solutions are addressed. Then, these solutions are classified and their weaknesses and strengths are investigated. Finally, it discusses the state-of-the-art status of information security in RPL.
Marjan Bahrololum, Zahra Ferdosi, Volume 9, Issue 1 (8-2020)
Abstract
Today, cryptocurrencies in global payment systems have been proposed as a way to become independent of traditional banking and to get out of the control of banks and monetary policies of governments and reduce fraud in banking transactions and counterfeit them. In this paper, we create a comprehensive picture which includes the challenges of this field, and we analyze the results with a case study in both a quantitative and qualitative approach.
According on the characteristics the challenges in this picture are divided to three levels: technological, environmental, and governmental characteristics. Also, according to the results obtained from the use of cryptocurrencies in different countries, we able to identify most of the national cryptocurrency challenges for Iran.
Hamidreza Mohammadi, Volume 9, Issue 1 (8-2020)
Abstract
Wireless network technology made it possible to communicate easily using the electromagnetic waves leading to removing the biggest barrier in portable communications. As these networks use the air as the communication medium which leads to face with more vulnerabilities. Wireless networks play a vital role in our life in a way that all devices ranging from local modems to organizational equipment are utilizing the most common coding approaches to exchange data on the network. As such, if a person could enter this network, he would be able to attack against the users connected to network. In this essay, the penetrating methods in wi-fi wireless network applying the WEP and WPA WPA2 coding protocols would be investigated which are playing the most important role in local and organizational wireless communication. However, the WPA3 is suggested in order to eliminate all the security problems, yet not all the communication instruments in Iran are equipped with this coding system. On the other side, the WEP protocol is the first mostly used to be attacked followed by the first and second versions of WPA.
|
|