|
|
|
 |
Search published articles |
 |
|
Showing 75 results for Type of Study: Review Article
Javad Alizadeh, Mohsen Seddighi, Hadi Soleimany,
Volume 8, Issue 2 (2-2020)
Abstract
Advances in information and communication technologies lead to use of some new devices such as smart phones. The new devices provide more advantages for the adversaries hence with respect to them, one can define with-box cryptography. In this new model of cryptography, designers try to hide the key using as a kind of implementation. The Differential Computation Analysis (DCA) is a side channel attack on the with-box cryptography. The mentioned method influenced all with-box cryptography schemes when it was introduced. This attack is based on the software implementation of cryptography algorithms and is similar to the differential power analysis (DPA). In this paper, we introduce the principles of the DCA and also describe how one can use this attack to find the key of a with-box cryptography scheme.
Akram Khalesi, Mohammad Ali Orumiehchiha,
Volume 9, Issue 1 (8-2020)
Abstract
Sponge structure is a structure widely used in the design of cryptographic algorithms that reduces the design of the algorithms to the design of a permutation or pseudo-random function. The development of sponge-based algorithms and the selection of designs based on this structure in SHA3 and CAESAR competitions increase the need to examine its security against various types of attacks. In the previous article, we defined and examined the features of this structure, and in this article, with the focus on the security of sponge structures, we study general analysis methods on this structure and examine their complexities. Considering the complexities introduced for the general attacks, it is necessary to achieve a certain level of security, and therefore this article, both in terms of design and cryptanalysis of sponge-based algorithms plays important role. It is suggested that the article "Sponge structure; introduction and applications" published in this journal be reviewed before reading this article.
Masoud Mohammadalipour, Saeed Shokrollahi,
Volume 9, Issue 1 (8-2020)
Abstract
Most networks without fixed infrastructure are based on cloud computing face various challenges. In recent years, different methods have been used to distribute software defined network to address these challenges. This technology, while having many capabilities, faces some vulnerabilities in the face of some common threats and destructive factors such as distributed Denial of Service. A review of various studies shows that in order to eliminate vulnerabilities, we need to combine appropriate defense solutions with the distributed Software Defined Network structure. Therefore, in this study, a general classification of the types of defense solutions against the above attack is presented. Then, while classifying the intrusion detection solutions into two threshold and non-threshold categories, we examined some practical examples of the above solutions. We conclude that the threshold of intrusion detection method exacerbates the vulnerability, and we are required to use non-threshold defense solutions with flat distributed software defined network architecture.
Mohammad Pishdar, Younes Seifi, Mozafar Bag-Mohammadi,
Volume 9, Issue 1 (8-2020)
Abstract
RPL (Routing Protocol for Low Power and Lossy Networks) has been designed for low power networks with high packet loss. Generally, devices with low processing power and limited memory are used in this type of network. IoT (Internet of Things) is a typical example of low power lossy networks. In this technology, objects are interconnected through a network consisted of low-power circuits. Example IoT applications are smart energy grid, smart home, connected car, intelligent transport systems, and smart cities. IoT is different from many similar technologies due to the existence of low power electronic circuits and limited connectivity. Information security is one of the main IoT concerns. The emergence of new types of security vulnerabilities in IoT devices and the escalation of their damages through numerous IoT applications is considered a major deployment drawback for RPL. In this paper, major cyberattacks against RPL, as well as related security solutions are addressed. Then, these solutions are classified and their weaknesses and strengths are investigated. Finally, it discusses the state-of-the-art status of information security in RPL.
Marjan Bahrololum, Zahra Ferdosi,
Volume 9, Issue 1 (8-2020)
Abstract
Today, cryptocurrencies in global payment systems have been proposed as a way to become independent of traditional banking and to get out of the control of banks and monetary policies of governments and reduce fraud in banking transactions and counterfeit them. In this paper, we create a comprehensive picture which includes the challenges of this field, and we analyze the results with a case study in both a quantitative and qualitative approach.
According on the characteristics the challenges in this picture are divided to three levels: technological, environmental, and governmental characteristics. Also, according to the results obtained from the use of cryptocurrencies in different countries, we able to identify most of the national cryptocurrency challenges for Iran.
Hamidreza Mohammadi,
Volume 9, Issue 1 (8-2020)
Abstract
Wireless network technology made it possible to communicate easily using the electromagnetic waves leading to removing the biggest barrier in portable communications. As these networks use the air as the communication medium which leads to face with more vulnerabilities. Wireless networks play a vital role in our life in a way that all devices ranging from local modems to organizational equipment are utilizing the most common coding approaches to exchange data on the network. As such, if a person could enter this network, he would be able to attack against the users connected to network. In this essay, the penetrating methods in wi-fi wireless network applying the WEP and WPA WPA2 coding protocols would be investigated which are playing the most important role in local and organizational wireless communication. However, the WPA3 is suggested in order to eliminate all the security problems, yet not all the communication instruments in Iran are equipped with this coding system. On the other side, the WEP protocol is the first mostly used to be attacked followed by the first and second versions of WPA.
, ,
Volume 9, Issue 2 (2-2021)
Abstract
Mrs Sofia Ahanj, Mrs Mahsa Rahmani, Mrs Zahra Sadeghigole, Mrs Veda Nobakht,
Volume 9, Issue 2 (2-2021)
Abstract
Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory.
There are various standards in the field of general ICT technical-security evaluation. The most important are ISO / IEC 15408, ISO / IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented.
Mr Mohammad Hossein Noorallahzadeh, Mr Ahmad Gholami, Mr Reza Alimoradi,
Volume 9, Issue 2 (2-2021)
Abstract
With the advent of cloud computing, data owners tend to submit their data to cloud servers and allow users to access data when needed. However, outsourcing sensitive data will lead to privacy issues. Encrypting data before outsourcing solves privacy issues, but in this case, we will lose the ability to search the data. Searchable encryption (SE) schemes have been proposed to achieve this feature of searching encrypted data without compromising privacy. This method will protect both the user's sensitive information and the ability to search for encrypted data. In this article, we review the various SE designs. In this review, we present the classification of SE designs: symmetric searchable encryption, public key searchable encryption, and search attribute-based encryption schemes, and then a detailed discussion of SE designs in terms of index structure. And provide search functionality. There is also a comparison of SE design analysis in terms of security, performance and security. In addition, we talked about the challenges, leading directions and applications of SE schemes.
Ali Samouti, Yaser Elmi Sola,
Volume 9, Issue 2 (2-2021)
Abstract
In recent decades, video surveillance systems have an increasing development that are used to prevent crime and manage facilities with rapid diffusion of (CCTV)cameras to prevent crime and manage facilities. The video stored in the video surveillance system should be managed comfortably, but sometimes the movies are leaking out to unauthorized people or by unauthorized people, thus violating individual boundaries . CCTV cameras and video surveillance systems are needed today because of the increasing number of crimes, These cameras and video surveillance systems. but because of unsafe storage and data sharing methods, access to movies saved by unauthorized people is possible. The use of existing protocols and security techniques has already been defeated several times by the attackers. It requires an alternative system that should not only be highly secure but not changeable. Video stream generated by surveillance cameras play a crucial role in preventing crime in smart cities. CCTV cameras are necessary for a range of public applications in a smart city; they can become smart sensors that help ensure safety and safety. in this paper, we review the methods and articles presented in the context of blockchain application in visual surveillance systems and compare them.
Mohammad Dakhilalian, Masomeh Safkhani, Fatemeh Pirmoradian,
Volume 12, Issue 1 (9-2023)
Abstract
Providing all remote services requires mutual authentication of participating parties. The framework by which this authentication is done is called authentication protocols. In other words, cryptographic or cryptographic protocol is a distributed cryptographic algorithm that establishes interactions between at least two or more hosts with a specific purpose. In fact, these protocols have provided secure and insecure channels for communication between the parties participating in the protocol. Usually, secure channels are used for registration and insecure channels for mutual authentication. After registering on the server and verifying its identity by the server, the user can benefit from the services provided by the server. Many authentication protocols have been proposed in fields such as e-medical care, Internet of Things, cloud computing, etc. The privacy and anonymity of users in these plans is the biggest challenge in implementing a platform to benefit from remote services. Due to the fact that authentication of users takes place on the insecure platform of the Internet, it can be vulnerable to all existing Internet attacks. In general, there are two methods to analyze and prove the security of authentication protocols. Formal method and In-formal method. The In-formal method, which is based on intuitive arguments, analyst's creativity and mathematical concepts, tries to find errors and prove security. While the formal method, which is done both manually and automatically, has used a variety of mathematical logics and automatic security analysis tools. Manual method using mathematical models such as Real Or Random and mathematical logics such as BAN logic, GNY logic, etc., and automatic method using AVISPA, Scyther, ProVerif, TAMARIN, etc. tools. In fact, the methods of proving and analyzing the security of security protocols are divided into two general categories based on proof of theorem and model verification, and in this article, the details of each of these methods of proving security are explained. It should be noted that most of the security protocol verification tools are based on model verification. The methods based on model checking and then the methods based on proving the theorem are described.
Iman Mirzaali Mazandarani, Dr Nasour Bagheri, Dr Sadegh Sadeghi,
Volume 12, Issue 1 (9-2023)
Abstract
With the increasing and widespread application of deep learning and neural networks across various scientific domains and the notable successes achieved, deep neural networks were employed for differential cryptanalysis in 2019. This marked the initiation of growing interest in this research domain. While most existing works primarily focus on enhancing and deploying neural distinguishers, limited studies have delved into the intrinsic principles and learned characteristics of these neural distinguishers. In this study, our focus will be on analyzing block ciphers such as Speck, Simon, and Simeck using deep learning. We will explore and compare the factors and components that contribute to better performance. Additionally, by detailing attacks and comparing results, we aim to address the question of whether neural networks and deep learning can effectively serve as tools for block cipher cryptanalysis or not.
, ,
Volume 12, Issue 1 (9-2023)
Abstract
The development of information and communication technology has led to the increasing production of new products in this field. One of the critical products protect informational assets at various levels of security in this field is cryptographic module. The security of cryptographic modules for providing a practical degree of protection against attacks should be examined totally. Therefore, the security evaluation of a cryptographic module requires a strong awareness of the potential weaknesses that would become security flaws, and careful consideration of security during all aspects of the evaluation process. In this paper, we present a comprehensive picture of the security evaluation criteria of the cryptographic module in accordance with existing international standards (e.g. FIPS 140-2 ,3 and ISO 15408, PKCS#11) and we propose the model based on fuzzy-weighted linear combination for measuring the compliance of these criteria correctly. Also, the structure of any kind of evaluation requires considerable cost and spends amount time, which on the one hand depends on the policies and requirements of the country and on the other hand depends on the facilities and experts. Finally, introducing and providing solutions that help solve the challenges, so we present some challenges about security evaluation in our country actually confirms the importance of study and research in this area.
Dr Somayeh Dolatnezhad Samarin, Dr Morteza Amini,
Volume 12, Issue 1 (9-2023)
Abstract
In recent years, one of the main topics of interest in the security of outsource computations is checking the integrity of the results received from the outsourced computations. Outsourced computations can be run on data received from single or multiple data sources. There are a few methods proposed for system models with distributed data sources. The main solutions provided in this area to verify the correctness of the execution of any or some special functions such as linear, polynomial or aggregate functions are categorised to: (1) verifiable computations, (2) homomorphic authenticators, and (3) methods proposed for specific applications such as outsourced databases, wireless sensor networks and data stream management systems. In this paper, these methods, especially the methods proposed for outsourced computations in data stream management systems, have been reviewed and compared.
Mr. Nasser Zarbi, Dr Ali Zaeembashi, Dr Nasour Bagheri,
Volume 12, Issue 1 (9-2023)
Abstract
Leakage-resilient cryptography aims to design key exchange protocols to withstand leakage attacks. These protocols are examined using a leakage-resilient security model to determine whether they possess the claimed security properties. The security analysis focuses on how the leakage-resilient security model has evolved to meet increasing security requirements and cover a broader range of attacks. By studying and analyzing the presented security properties of these models, potential vulnerabilities in protocol design can be effectively addressed. This article delves into various leakage-resilient security models based on two models, CK and eCK, and provides examples of secure key exchange protocols defined within these models. Additionally, it explores the relationship between adversaries' capabilities in these models and different attack schemes in the real world. By offering insights into various leakage-resilient security models, leakage attacks, and the development of secure protocols, it contributes to advancing knowledge in this field.
Mrs. Narges Mokhtari, Mr. Amirhossein Safari, Dr Sadegh Sadeghi,
Volume 12, Issue 1 (9-2023)
Abstract
Biometric systems are an important technique for user identification in today's world, which have been welcomed due to their non-invasive nature and high resistance to forgery and fraud. Physiological and behavioral biomarkers are two main types of biometric identifiers. Behavioral identifiers, such as voice recognition, are based on human or even animal actions. Physiological biometrics, such as fingerprints and facial recognition, which have been used in our daily lives in the past years, are based on the physical characteristics of the human body. One of the various biometrics that have been investigated in studies in this field is the heart signal, which has been well used in authentication and identification systems due to its simple acquisition process compared to biomarkers such as the brain signal. In addition, there are valid databases on heart signal data, which the researchers of this issue refer to evaluate their systems. In this study, the analysis, analysis, and comparison of different authentication methods using heart signal biometrics have been studied. Also, in the following, the advantages and disadvantages of deep learning methods and models proposed in this field have been examined. In the final part, firstly, the implementation of the method presented in Fuster and Lopez's research is discussed, and then, to evaluate, we present the tests designed using the network created in this study, and after that, concluding based on the results.
Hadi Norouzi Cholcheh, Salman Niksefat,
Volume 12, Issue 2 (2-2024)
Abstract
Financial transactions in Bitcoin are stored in a distributed database called the block chain. All transactions are publicly available for all network nodes with the aim of transparency and the possibility of verifying the correctness. But this blockchain transparency feature, exploited by transaction analysis techniques, can lead to the violation of users’ privacy and the disclosure of their identities. Researchers have proposed various techniques such as transaction mixing or fair exchange with the aim of improving privacy in Bitcoin transactions. In this paper, we present a new mixing scheme that overcomes some of the weaknesses of previous schemes. Obviously, in the proposed scheme, users can mix different amounts of Bitcoin in each round of the protocol implementation, which leads to achieving the result in a shorter time and at a lower cost. Also, this scheme is more resistant to denial of service attacks by malicious users.
Dr Saeed Banaeian Far, Dr Maryam Rajabzadeh Asaar,
Volume 13, Issue 1 (8-2024)
Abstract
Data outsourcing to reliable centers for data maintenance, protection and accessibility is simple and low-cost and does not require physical infrastructure, hardware, software and human resources. However, real-world events and recent researches have shown that even reliable centers can abuse users' trust. For example, 1) make changes in the data they have, 2) delete them, or 3) make them temporarily/permanently unavailable. Data audit methods assure the data owners that the data recorded in the database is the same as the data sent by the user and reveals the changes made in it. But they only solve the first problem. In 2008, the introduction of a technology called blockchain, which had several attractive features such as transparency, immutability, and autonomy, caused the problems of many systems that needed the mentioned features to be solved. In this article, after reviewing and addressing several blockchain-based data auditing architectures and protocols, we review and analyze their general framework. Finally, we compare the reviewed works and specify some future horizons of this field.
Mr Arash Khalvan, Mr Amirhossein Zali, Dr Mahmoud Ahmadian Attari,
Volume 13, Issue 1 (8-2024)
Abstract
With the advent of computers and quantum algorithms, the security of current public key cryptography systems can face challenges. Breaking the current cryptographic structures would require multi-million qubit quantum computers, which have not yet been built; however, with significant advancements in quantum technology by leading companies in this field and the concern within the cryptography community, there has been a felt need to quickly provide countermeasures. In 2016, the National Institute of Standards and Technology (NIST) sought proposals from around the world to standardize post-quantum cryptographic schemes to address this issue. At that time, the McEliece code-based encryption system (and its equivalent Niederreiter system), despite being proven resistant to both classical and quantum algorithms, was not accepted due to its large public keys. Ultimately, the Classic McEliece, HQC, and BIKE encryption systems, which fall under code-based cryptography, advanced to the final stage of these competitions, and the winners of this cryptographic category will be announced by the end of 2024. This paper aims to review the developments made to optimize code-based structures and to examine the selected code-based cryptographic schemes and the latest status of Classic McEliece standardization.
Fatemeh Charlank Bakhtiari, Abbas Ghaemi Bafghi,
Volume 14, Issue 1 (9-2025)
Abstract
With the rapid development of digital technolo gies, the need for new solutions to protect privacy and data security has increased. One technology that has attracted much attention is blockchain, a distributed ledger known for its features like transparency, de centralization, and security, particularly regarding privacy. However, this technology can pose a threat to users’ privacy, especially concerning the origin, destination, and flow of cryptocurrency transactions. Therefore, anonymity in blockchain transactions and the protection of users’ privacy are key aspects of this technology. In this paper, we review the secu rity features of blockchain, which include integrity, transparency, traceability, honesty, anonymity, and immutability. Each feature plays a fundamental role in maintaining the security and integrity of blockchain-based systems. Also, the problems in pro tecting privacy in permissionless blockchains have been examined. For this purpose, a systematic re view of the existing articles and research in this field has been reviewed and categorized. A systematic literature review is an efficient research tool. It in cludes three main stages: planning, implementation, and reporting. In the planning phase, research ques tions are extracted and appropriate databases are selected for searching. In the implementation phase, data is extracted from various articles and publi cations, and in the reporting phase, the results are presented in detail. Finally, this research method answers fundamental questions in various blockchain f ields, including privacy, anonymity, and threats. The four main research questions are: 1) What are the characteristics, advantages, and disadvantages of different types of blockchains? 2) What are the concepts of anonymity, pseudo-anonymity, privacy, and confidentiality, and how are privacy practices implemented? 3) What are the vulnerabilities and threats to privacy and anonymity? 4) What methods can address threats to privacy and anonymity? To carry out this research, a detailed plan was de veloped to search for and collect scientific articles and resources from reputable databases, including IEEE Xplore, ACM, ScienceDirect, Springer, and Google Scholar. The searches were conducted using keywords like ”blockchain,” ”privacy,” ”anonymity,” and ”se curity.” A review was conducted of articles published between 2018 and 2023. Based on the established in clusion and exclusion criteria, duplicate studies were eliminated, refining the final results. The initial stage of searching using the keyword ”Blockchain” in various databases identified numer ous articles from diverse fields such as the Internet of Things, healthcare, smart contracts, banking and f inance, and other fields. After reviewing the titles, keywords, and abstracts, it was determined that a sig nificant challenge in this field is ensuring the privacy and security of users’ identities in the blockchain. In the nextstage, thekeywords”Blockchain,””Privacy,” ”Anonymity,” and ”Security” were used to search and identify morearticles. The article filtering process was divided into three stages. In the first stage, the ini tial review of titles and keywords reduced the number of articles from 1,233 to 947. In the second stage, af ter reviewing the abstracts, 404 relevant articles were identified. Finally, in the third stage, the full texts of the remaining articles were read, and the same num ber of articles was selected for more accurate infor mation extraction. The distribution of articles was analyzed in three ways: year of publication, source of publication, and topic. This survey indicates that the scientific com munity’s attention has fluctuated, increasing and then decreasing until 2019. IEEE and ScienceDirect have contributed the most to this topic, with 328 and 251 papers, respectively, while ACM has contributed the least. Figures 1, 2, and 3 demonstrate an increas ing use of blockchain technology across various fields, including cybersecurity, privacy, and anonymity. Answer to the first research question: Blockchains can be classified into three categories: public (permis sionless), private (permissioned), and consortium. Public chains like Bitcoin and Ethereum offer high transparency and decentralized security, enabling participation from everyone. The need for widespread consensus leads to decreased efficiency and increased energy consumption. In contrast, private chains allow access only to specific individuals or organizations and are suitable for corporate applications with high efficiency, faster processing, and greater control over data, but may lead to centralization and are vulner able to changes. Consortium chains blend elements of both public and private blockchains. They main tain a balance between transparency and privacy by being managed by a group of trusted organizations. Nonetheless, this management approach can compli cate processes because it necessitates coordination among the various network members. Answertothesecondresearchquestion:Anonymity, pseudo-anonymity, privacy, and confidentiality are key concepts in blockchain security. Anonymity refers to the concealment of users’ identities, while pseudo-anonymity refers to the use of pseudonymous addresses that still allow indirect identification of users. Privacy gives users control over their personal information and transactions, while confidentiality protects against unauthorized disclosure of that in formation. Although these concepts are related, they have distinct differences. Anonymity can improve user security but may also foster abuse, while privacy mainly focuses on the management of user data. To preserve privacy on the blockchain, methods such as one-time addresses (generating a new address for each transaction), group signatures (allowing an in dividual’s identity to remain hidden among a group of users), zero-knowledge proofs (which allow a claim to be verified without revealing information), and transaction mixers (which combine transaction data to prevent tracking) are used, each of which offers different levels of security and efficiency. The follow ing is a comparison of various privacy methods and their key features, including security level, efficiency, level of anonymity, and implementation challenges. Some methods, such as zero-knowledge proofs, are highly secure but computationally expensive, while methods such as one-time addresses are simpler but provide a lower level of anonymity. This table helps you decide which method is best for your needs. Answer to the third research question: Blockchain threats and vulnerabilities are categorized into nine main groups: application attacks, consensus attacks, cryptanalysis, double spending, identity privacy, net work attacks, smart contracts, mining attacks, and unclassified attacks, each of which threatens user se curity and privacy differently. Network attacks such as sibyl attacks, denial of service, and data inter ception are the most common threats that can ex pose user information and reduce network perfor mance. Consensus and cryptanalysis attacks can dis rupttransactionsecurityandputuserdataatrisk.On the other hand, double spending attacks and smart contract vulnerabilities (such as the DAO attack) mayleadtofinancialfraudandassettheft. Also, iden tity privacy attacks such as impersonation and wal let information leakage can reveal user identities. Ad dressing these threats necessitates the use of stronger cryptography, enhanced consensus mechanisms, and the application of privacy-preserving methods. Addi tionally, the focus of the scientific community high lights that network attacks are particularly critical due to their direct impact on the security and per formance of blockchain technology. To address the fourth research question, various security solutions have been evaluated to counter threats to the chain of custody, tailored to the specific type of attack. Self-organizing maps, access control layer encryption, and rigorous transaction validation are employed to combat application and consensus attacks. Network attacks and cryptanalysis can be mitigated through data encryption, traffic analysis, security protocols like BGPsec,andstrongdigitalsignatures. Toprevent double spending, techniques such as utilizing nonces in transactions and combining digital signatures are employed. Smart contracts are secured through dy namicrules, secure payment methods, and smart con tracts. Also, to prevent user identity extraction and general threats, techniques such as zero-knowledge proofs, zero-blocks, anonymity, and intrusion detec tion are implemented in the network, which plays an important role in maintaining user security and pri vacy. This study can be used as a research basis to identify open issues and create new research direc tions in the future. The statistical data presented in tables and graphs indicate the positive impact of the blockchain on improving the performance of in formation systems and reducing costs. The findings of this study can guide the development of secure blockchain-based systems in the future and provide new directions for further research.
|
|
