[Home ] [Archive]   [ فارسی ]  
:: Main :: About :: Current Issue :: Archive :: Search :: Submit :: Contact ::
Main Menu
Home::
Journal Information::
Articles archive::
For Authors::
For Reviewers::
Registration::
Site Facilities::
Indexing::
Contact us::
::
Search in website

Advanced Search
..
Receive site information
Enter your Email in the following box to receive the site news and information.
..
Print ISSN
Print ISSN: 2476-3047
..
:: Search published articles ::
Showing 75 results for Type of Study: Review Article

, ,
Volume 9, Issue 2 (2-2021)
Abstract


Mrs Sofia Ahanj, Mrs Mahsa Rahmani, Mrs Zahra Sadeghigole, Mrs Veda Nobakht,
Volume 9, Issue 2 (2-2021)
Abstract

Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory.
There are various standards in the field of general ICT technical-security evaluation. The most important are ISO / IEC 15408, ISO / IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented.
Mr Mohammad Hossein Noorallahzadeh, Mr Ahmad Gholami, Mr Reza Alimoradi,
Volume 9, Issue 2 (2-2021)
Abstract

With the advent of cloud computing, data owners tend to submit their data to cloud servers and allow users to access data when needed. However, outsourcing sensitive data will lead to privacy issues. Encrypting data before outsourcing solves privacy issues, but in this case, we will lose the ability to search the data. Searchable encryption (SE) schemes have been proposed to achieve this feature of searching encrypted data without compromising privacy. This method will protect both the user's sensitive information and the ability to search for encrypted data. In this article, we review the various SE designs. In this review, we present the classification of SE designs: symmetric searchable encryption, public key searchable encryption, and search attribute-based encryption schemes, and then a detailed discussion of SE designs in terms of index structure. And provide search functionality. There is also a comparison of SE design analysis in terms of security, performance and security. In addition, we talked about the challenges, leading directions and applications of SE schemes.
Ali Samouti, Yaser Elmi Sola,
Volume 9, Issue 2 (2-2021)
Abstract

In recent decades, video surveillance systems have an increasing development that are used to prevent crime and manage facilities with rapid diffusion of  (CCTV)cameras to prevent crime and manage facilities. The video stored in the video surveillance system should be managed comfortably, but sometimes the movies are leaking out to unauthorized people or by unauthorized people, thus violating individual boundaries . CCTV cameras and video surveillance systems are needed today because of the increasing number of crimes, These cameras and video surveillance systems. but because of unsafe storage and data sharing methods, access to movies saved by unauthorized people is possible. The use of existing protocols and security techniques has already been defeated several times by the attackers. It requires an alternative system that should not only be highly secure but not changeable. Video stream generated by surveillance cameras play a crucial role in preventing crime in smart cities. CCTV cameras are necessary for a range of public applications in a smart city; they can become smart sensors that help ensure safety and safety. in this paper, we review the methods and articles presented in the context of blockchain application in visual surveillance systems and compare them.
Mohammad Dakhilalian, Masomeh Safkhani, Fatemeh Pirmoradian,
Volume 12, Issue 1 (9-2023)
Abstract

Providing all remote services requires mutual authentication of participating parties. The framework by which this authentication is done is called authentication protocols. In other words, cryptographic or cryptographic protocol is a distributed cryptographic algorithm that establishes interactions between at least two or more hosts with a specific purpose. In fact, these protocols have provided secure and insecure channels for communication between the parties participating in the protocol. Usually, secure channels are used for registration and insecure channels for mutual authentication. After registering on the server and verifying its identity by the server, the user can benefit from the services provided by the server. Many authentication protocols have been proposed in fields such as e-medical care, Internet of Things, cloud computing, etc. The privacy and anonymity of users in these plans is the biggest challenge in implementing a platform to benefit from remote services. Due to the fact that authentication of users takes place on the insecure platform of the Internet, it can be vulnerable to all existing Internet attacks. In general, there are two methods to analyze and prove the security of authentication protocols. Formal method and In-formal method. The In-formal method, which is based on intuitive arguments, analyst's creativity and mathematical concepts, tries to find errors and prove security. While the formal method, which is done both manually and automatically, has used a variety of mathematical logics and automatic security analysis tools. Manual method using mathematical models such as Real Or Random and mathematical logics such as BAN logic, GNY logic, etc., and automatic method using AVISPA, Scyther, ProVerif, TAMARIN, etc. tools. In fact, the methods of proving and analyzing the security of security protocols are divided into two general categories based on proof of theorem and model verification, and in this article, the details of each of these methods of proving security are explained. It should be noted that most of the security protocol verification tools are based on model verification. The methods based on model checking and then the methods based on proving the theorem are described.
 
Iman Mirzaali Mazandarani, Dr Nasour Bagheri, Dr Sadegh Sadeghi,
Volume 12, Issue 1 (9-2023)
Abstract

With the increasing and widespread application of deep learning and neural networks across various scientific domains and the notable successes achieved, deep neural networks were employed for differential cryptanalysis in 2019. This marked the initiation of growing interest in this research domain. While most existing works primarily focus on enhancing and deploying neural distinguishers, limited studies have delved into the intrinsic principles and learned characteristics of these neural distinguishers. In this study, our focus will be on analyzing block ciphers such as Speck, Simon, and Simeck using deep learning. We will explore and compare the factors and components that contribute to better performance. Additionally, by detailing attacks and comparing results, we aim to address the question of whether neural networks and deep learning can effectively serve as tools for block cipher cryptanalysis or not.
, ,
Volume 12, Issue 1 (9-2023)
Abstract

The development of information and communication technology has led to the increasing production of new products in this field. One of the critical products protect informational assets at various levels of security in this field is cryptographic module. The security of cryptographic modules for providing a practical degree of protection against attacks should be examined totally. Therefore, the security evaluation of a cryptographic module requires a strong awareness of the potential weaknesses that would become security flaws, and careful consideration of security during all aspects of the evaluation process. In this paper, we present a comprehensive picture of the security evaluation criteria of the cryptographic module in accordance with existing international standards (e.g. FIPS 140-2 ,3 and ISO 15408, PKCS#11) and we propose the model based on fuzzy-weighted linear combination for measuring the compliance of these criteria correctly. Also, the structure of any kind of evaluation requires considerable cost and spends amount time, which on the one hand depends on the policies and requirements of the country and on the other hand depends on the facilities and experts. Finally, introducing and providing solutions that help solve the challenges, so we present some challenges about security evaluation in our country actually confirms the importance of study and research in this area.
Dr Somayeh Dolatnezhad Samarin, Dr Morteza Amini,
Volume 12, Issue 1 (9-2023)
Abstract

In recent years, one of the main topics of interest in the security of outsource computations is checking the integrity of the results received from the outsourced computations. Outsourced computations can be run on data received from single or multiple data sources. There are a few methods proposed for system models with distributed data sources. The main solutions provided in this area to verify the correctness of the execution of any or some special functions such as linear, polynomial or aggregate functions are categorised to: (1) verifiable computations, (2) homomorphic authenticators, and (3) methods proposed for specific applications such as outsourced databases, wireless sensor networks and data stream management systems. In this paper, these methods, especially the methods proposed for outsourced computations in data stream management systems, have been reviewed and compared.
Mr. Nasser Zarbi, Dr Ali Zaeembashi, Dr Nasour Bagheri,
Volume 12, Issue 1 (9-2023)
Abstract

Leakage-resilient cryptography aims to design key exchange protocols to withstand leakage attacks. These protocols are examined using a leakage-resilient security model to determine whether they possess the claimed security properties. The security analysis focuses on how the leakage-resilient security model has evolved to meet increasing security requirements and cover a broader range of attacks. By studying and analyzing the presented security properties of these models, potential vulnerabilities in protocol design can be effectively addressed. This article delves into various leakage-resilient security models based on two models, CK and eCK, and provides examples of secure key exchange protocols defined within these models. Additionally, it explores the relationship between adversaries' capabilities in these models and different attack schemes in the real world. By offering insights into various leakage-resilient security models, leakage attacks, and the development of secure protocols, it contributes to advancing knowledge in this field.
Mrs. Narges Mokhtari, Mr. Amirhossein Safari, Dr Sadegh Sadeghi,
Volume 12, Issue 1 (9-2023)
Abstract

Biometric systems are an important technique for user identification in today's world, which have been welcomed due to their non-invasive nature and high resistance to forgery and fraud. Physiological and behavioral biomarkers are two main types of biometric identifiers. Behavioral identifiers, such as voice recognition, are based on human or even animal actions. Physiological biometrics, such as fingerprints and facial recognition, which have been used in our daily lives in the past years, are based on the physical characteristics of the human body. One of the various biometrics that have been investigated in studies in this field is the heart signal, which has been well used in authentication and identification systems due to its simple acquisition process compared to biomarkers such as the brain signal. In addition, there are valid databases on heart signal data, which the researchers of this issue refer to evaluate their systems. In this study, the analysis, analysis, and comparison of different authentication methods using heart signal biometrics have been studied. Also, in the following, the advantages and disadvantages of deep learning methods and models proposed in this field have been examined. In the final part, firstly, the implementation of the method presented in Fuster and Lopez's research is discussed, and then, to evaluate, we present the tests designed using the network created in this study, and after that, concluding based on the results.
Hadi Norouzi Cholcheh, Salman Niksefat,
Volume 12, Issue 2 (2-2024)
Abstract

Financial transactions in Bitcoin are stored in a distributed database called the block chain. All transactions are publicly available for all network nodes with the aim of transparency and the possibility of verifying the correctness. But this blockchain transparency feature, exploited by transaction analysis techniques, can lead to the violation of users’ privacy and the disclosure of their identities. Researchers have proposed various techniques such as transaction mixing or fair exchange with the aim of improving privacy in Bitcoin transactions. In this paper, we present a new mixing scheme that overcomes some of the weaknesses of previous schemes. Obviously, in the proposed scheme, users can mix different amounts of Bitcoin in each round of the protocol implementation, which leads to achieving the result in a shorter time and at a lower cost. Also, this scheme is more resistant to denial of service attacks by malicious users.
Dr Saeed Banaeian Far, Dr Maryam Rajabzadeh Asaar,
Volume 13, Issue 1 (8-2024)
Abstract

Data outsourcing to reliable centers for data maintenance, protection and accessibility is simple and low-cost and does not require physical infrastructure, hardware, software and human resources. However, real-world events and recent researches have shown that even reliable centers can abuse users' trust. For example, 1) make changes in the data they have, 2) delete them, or 3) make them temporarily/permanently unavailable. Data audit methods assure the data owners that the data recorded in the database is the same as the data sent by the user and reveals the changes made in it. But they only solve the first problem. In 2008, the introduction of a technology called blockchain, which had several attractive features such as transparency, immutability, and autonomy, caused the problems of many systems that needed the mentioned features to be solved. In this article, after reviewing and addressing several blockchain-based data auditing architectures and protocols, we review and analyze their general framework. Finally, we compare the reviewed works and specify some future horizons of this field.

Mr Arash Khalvan, Mr Amirhossein Zali, Dr Mahmoud Ahmadian Attari,
Volume 13, Issue 1 (8-2024)
Abstract

With the advent of computers and quantum algorithms, the security of current public key cryptography systems can face challenges. Breaking the current cryptographic structures would require multi-million qubit quantum computers, which have not yet been built; however, with significant advancements in quantum technology by leading companies in this field and the concern within the cryptography community, there has been a felt need to quickly provide countermeasures. In 2016, the National Institute of Standards and Technology (NIST) sought proposals from around the world to standardize post-quantum cryptographic schemes to address this issue. At that time, the McEliece code-based encryption system (and its equivalent Niederreiter system), despite being proven resistant to both classical and quantum algorithms, was not accepted due to its large public keys. Ultimately, the Classic McEliece, HQC, and BIKE encryption systems, which fall under code-based cryptography, advanced to the final stage of these competitions, and the winners of this cryptographic category will be announced by the end of 2024. This paper aims to review the developments made to optimize code-based structures and to examine the selected code-based cryptographic schemes and the latest status of Classic McEliece standardization.

Fatemeh Charlank Bakhtiari, Abbas Ghaemi Bafghi,
Volume 14, Issue 1 (9-2025)
Abstract

With the rapid development of digital technolo gies, the need for new solutions to protect privacy and data security has increased. One technology that has attracted much attention is blockchain, a distributed ledger known for its features like transparency, de centralization, and security, particularly regarding privacy. However, this technology can pose a threat to users’ privacy, especially concerning the origin, destination, and flow of cryptocurrency transactions. Therefore, anonymity in blockchain transactions and the protection of users’ privacy are key aspects of this technology. In this paper, we review the secu rity features of blockchain, which include integrity, transparency, traceability, honesty, anonymity, and immutability. Each feature plays a fundamental role in maintaining the security and integrity of blockchain-based systems. Also, the problems in pro tecting privacy in permissionless blockchains have been examined. For this purpose, a systematic re view of the existing articles and research in this field has been reviewed and categorized. A systematic literature review is an efficient research tool. It in cludes three main stages: planning, implementation, and reporting. In the planning phase, research ques tions are extracted and appropriate databases are selected for searching. In the implementation phase, data is extracted from various articles and publi cations, and in the reporting phase, the results are  presented in detail. Finally, this research method answers fundamental questions in various blockchain f ields, including privacy, anonymity, and threats. The four main research questions are: 1) What are the characteristics, advantages, and disadvantages of different types of blockchains? 2) What are the concepts of anonymity, pseudo-anonymity, privacy, and confidentiality, and how are privacy practices implemented? 3) What are the vulnerabilities and threats to privacy and anonymity? 4) What methods can address threats to privacy and anonymity? To carry out this research, a detailed plan was de veloped to search for and collect scientific articles and resources from reputable databases, including IEEE Xplore, ACM, ScienceDirect, Springer, and Google Scholar. The searches were conducted using keywords like ”blockchain,” ”privacy,” ”anonymity,” and ”se curity.” A review was conducted of articles published between 2018 and 2023. Based on the established in clusion and exclusion criteria, duplicate studies were eliminated, refining the final results. The initial stage of searching using the keyword ”Blockchain” in various databases identified numer ous articles from diverse fields such as the Internet of Things, healthcare, smart contracts, banking and f inance, and other fields. After reviewing the titles, keywords, and abstracts, it was determined that a sig nificant challenge in this field is ensuring the privacy and security of users’ identities in the blockchain. In the nextstage, thekeywords”Blockchain,””Privacy,” ”Anonymity,” and ”Security” were used to search and identify morearticles. The article filtering process was divided into three stages. In the first stage, the ini tial review of titles and keywords reduced the number  of articles from 1,233 to 947. In the second stage, af ter reviewing the abstracts, 404 relevant articles were identified. Finally, in the third stage, the full texts of the remaining articles were read, and the same num ber of articles was selected for more accurate infor mation extraction. The distribution of articles was analyzed in three ways: year of publication, source of publication, and topic. This survey indicates that the scientific com munity’s attention has fluctuated, increasing and then decreasing until 2019. IEEE and ScienceDirect have contributed the most to this topic, with 328 and 251 papers, respectively, while ACM has contributed the least. Figures 1, 2, and 3 demonstrate an increas ing use of blockchain technology across various fields, including cybersecurity, privacy, and anonymity. Answer to the first research question: Blockchains can be classified into three categories: public (permis sionless), private (permissioned), and consortium. Public chains like Bitcoin and Ethereum offer high transparency and decentralized security, enabling participation from everyone. The need for widespread consensus leads to decreased efficiency and increased energy consumption. In contrast, private chains allow access only to specific individuals or organizations and are suitable for corporate applications with high efficiency, faster processing, and greater control over data, but may lead to centralization and are vulner able to changes. Consortium chains blend elements of both public and private blockchains. They main tain a balance between transparency and privacy by being managed by a group of trusted organizations. Nonetheless, this management approach can compli cate processes because it necessitates coordination among the various network members. Answertothesecondresearchquestion:Anonymity, pseudo-anonymity, privacy, and confidentiality are key concepts in blockchain security. Anonymity refers to the concealment of users’ identities, while pseudo-anonymity refers to the use of pseudonymous addresses that still allow indirect identification of users. Privacy gives users control over their personal information and transactions, while confidentiality protects against unauthorized disclosure of that in formation. Although these concepts are related, they have distinct differences. Anonymity can improve user security but may also foster abuse, while privacy mainly focuses on the management of user data. To preserve privacy on the blockchain, methods such as one-time addresses (generating a new address for each transaction), group signatures (allowing an in dividual’s identity to remain hidden among a group of users), zero-knowledge proofs (which allow a claim to be verified without revealing information), and transaction mixers (which combine transaction data to prevent tracking) are used, each of which offers different levels of security and efficiency. The follow ing is a comparison of various privacy methods and their key features, including security level, efficiency, level of anonymity, and implementation challenges. Some methods, such as zero-knowledge proofs, are highly secure but computationally expensive, while methods such as one-time addresses are simpler but provide a lower level of anonymity. This table helps you decide which method is best for your needs. Answer to the third research question: Blockchain threats and vulnerabilities are categorized into nine main groups: application attacks, consensus attacks, cryptanalysis, double spending, identity privacy, net work attacks, smart contracts, mining attacks, and unclassified attacks, each of which threatens user se curity and privacy differently. Network attacks such as sibyl attacks, denial of service, and data inter ception are the most common threats that can ex pose user information and reduce network perfor mance. Consensus and cryptanalysis attacks can dis rupttransactionsecurityandputuserdataatrisk.On the other hand, double spending attacks and smart contract vulnerabilities (such as the DAO attack) mayleadtofinancialfraudandassettheft. Also, iden tity privacy attacks such as impersonation and wal let information leakage can reveal user identities. Ad dressing these threats necessitates the use of stronger cryptography, enhanced consensus mechanisms, and the application of privacy-preserving methods. Addi tionally, the focus of the scientific community high lights that network attacks are particularly critical due to their direct impact on the security and per formance of blockchain technology. To address the fourth research question, various security solutions have been evaluated to counter threats to the chain of custody, tailored to the specific type of attack. Self-organizing maps, access control layer encryption, and rigorous transaction validation are employed to combat application and consensus attacks. Network attacks and cryptanalysis can be mitigated through data encryption, traffic analysis, security protocols like BGPsec,andstrongdigitalsignatures. Toprevent double spending, techniques such as utilizing nonces in transactions and combining digital signatures are employed. Smart contracts are secured through dy namicrules, secure payment methods, and smart con tracts. Also, to prevent user identity extraction and general threats, techniques such as zero-knowledge proofs, zero-blocks, anonymity, and intrusion detec tion are implemented in the network, which plays an important role in maintaining user security and pri vacy. This study can be used as a research basis to identify open issues and create new research direc tions in the future. The statistical data presented in tables and graphs indicate the positive impact of  the blockchain on improving the performance of in formation systems and reducing costs. The findings of this study can guide the development of secure blockchain-based systems in the future and provide new directions for further research.
Dr. Marzieh Vahid Dastjerdi, Mr. Majid Rahimi,
Volume 14, Issue 1 (9-2025)
Abstract

The objective of this paper is to analyze and evaluate the behaviour of modular addition and subtraction in symmetric cipher attacks. Modular addition is one of the most widely used nonlinear operators in symmetric cryptographic algorithms. In ARX symmetric algorithms, only three operators are utilized: modular addition, rotation, and XOR. In ARX-like algorithms, modular subtraction or a substitution box is employed, in addition to the standard ARX operations. Since modular subtraction exhibits similar behaviour to modular addition, its behaviour against cryptanalytic attacks has not been explicitly studied in the literature. Therefore, this paper aims to provide a comprehensive overview of the behaviour of modular addition and subtraction in differential, linear, integral cryptanalysis based on division property, and rotational attacks, using both manual analysis and automated methods via MILP (Mixed-Integer Linear Programming). We demonstrate that there is no difference between modular addition and subtraction in differential, linear, and rotational cryptanalysis. However, in integral cryptanalysis based on the division property, these two operations behave differently.

Page 4 from 4     

دوفصل نامه علمی  منادی امنیت فضای تولید و تبادل اطلاعات( افتا) Biannual Journal Monadi for Cyberspace Security (AFTA)
Persian site map - English site map - Created in 0.08 seconds with 41 queries by YEKTAWEB 4714