|
|
|
 |
Search published articles |
 |
|
Showing 6 results for Ability
Sonia Naderi, Doctor Mohammadreza Javan,
Volume 3, Issue 2 (3-2015)
Abstract
In this paper, a cooperative scheme for secure device to device (D2D) communications underlaying cellular networks is proposed. In our scheme, the cellular base station (BS) wants to transmit its information to a cellular user (CU). Meanwhile, two devices want to communicate directly using the same spectrum used by cellular network with the help of some decode-and-forward (DF) relay nodes. In addition, there exists a malicious user which wants to eavesdrop on information transmission of D2D pair. The transmit power of the transmitter of the D2D pair (TD2D) and the relays is limited such that the outage performance of cellular network is satisfied. We study the performance of the proposed scheme, which is measured based on the outage probability, and obtain the closed form expression for the outage probability for the optimal relay selection scheme. Finally, the performance of the proposed scheme is evaluated using simulations.
Mr Mohammad Mehdi Ahmadian, Dr Mehdi Shajari,
Volume 7, Issue 2 (3-2019)
Abstract
Industrial control systems (ICSs) which are used in critical infrastructure and other industries mostly use various communication protocols. Most of these communication protocols have various cyber security challenges and weakness that give the attackers the opportunity to gain to their malicious intentions. In this paper, we assess IEC 60870-5-104 protocols from security perspective which is used in the ICSs as telemetry communication. According to achievement of these goals, we have analyzed the IEC 60870-5-104 design phase carefully and used experimental test bed to identify the security threats and vulnerabilities and characterize the technical attacks. Finally we review the design of hardening mechanisms and their challenges.
Fatemeh Khormizi, Bijan Alizadeh,
Volume 11, Issue 1 (9-2022)
Abstract
Hardware Trojan is a hardware security threat that attempts to insert in the circuit and modifies the hardware stealthy. Trojan detection and design-for-trust are the main defensive strategies against hardware Trojan. The target of Trojan detection is to verify hardware Trojan and in design-for-security, the security techniques are presented for facilitating detection or preventing hardware Trojan insertion. In this work, we introduce a capacitor-based timing hardware Trojan (THT) model and then discuss how to analyze the vulnerability of gate-level circuits against such THT model. For THT that violates timing constraints in the circuit, the susceptible nets are recognized. Susceptible nets to THT are vulnerable nets in path-delay analysis and logic testing detection approaches and they are not detectable easily. The experimental results show that the number of vulnerable nets to the capacitor-based THT model is small enough so that a design-for-trust approach can be proposed.
Sara Moqimi , Mohammad Ali Hadavi,
Volume 11, Issue 2 (3-2023)
Abstract
How to exploit vulnerabilities and their damage potentials are mainly affected by the capability of attackers. The more powerful the attacker, the greater risk of threats and vulnerabilities. Therefore, the security analysis of a web application and choosing risk mitigation countermeasures depend on the ability of the attackers threaten the application. Focusing on SQL injection attacks, this paper is aimed at modeling the attacker’s capability to be further used for appropriate security evaluation and choosing cost-effective security controls. We model the attacker’s capability with the triple ⟨Type, Technique, Entry_Point⟩. The value in each component of the triple is obtained from the payloads through which the attacker tries to exploit the injection vulnerabilities. The Type represents the injection type, including a known set of injection attack types namely, Error_based, Union_based, Boolean_based_Blind and etc. The Technique represents the techniques, which are used by the attacker during the attack, e.g. using Special Character, using UNION, using Complex Query, using Encoding and etc. Finally, the Entry_Point represents the set of known injection entry points including GET/POST method, Http_Variables, Frequenc_based_Primary_Application and etc. This model is used for leveling and comparing the attacker’s capabilities as well as for leveling the security of a web application with respect to the level of the attacker who is able to compromise the web application. The results of the experimental evaluation show that the proposed model can be used to determine the attacker’s capability level. The model can be simply extended to adopt other security vulnerabilities attacks.
Ahmad Rahdari, Mohammad Hesam Tadayon,
Volume 12, Issue 2 (2-2024)
Abstract
Cyber security education in Iran is not aligned with global standards and approaches, and three factors, the educational sector, training applicants and stakeholders, and companies do not have proper knowledge of the required specializations and work roles. Different specializations in cyber security work fields in Iran do not match the international standard puzzles and this has created security holes in the country's cyber ecosystem. People working in cyberspace need a combination of domain-specific knowledge, skills, abilities, and other expertise to be as reliable and resilient as the technologies they work with.
At the international level, several frameworks have been designed and implemented for the training and employment of cybersecurity professionals. The most important of which are the US National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, the European Cybersecurity Skills Framework (ECSF), and the Australian Signals Directorate (ASD) Cyber Skills Framework. In this paper, each of these frameworks is briefly introduced and their key features, including purpose, structure, and components, are reviewed and analyzed. In addition, their effectiveness in handling global organizations' challenges in creating and developing cybersecurity expert human resources is evaluated and analyzed critically. This review highlights the strengths and weaknesses of each framework, shows the propinquity of one of the frameworks to Iran's educational and labor markets, and provides recommendations for designing a national framework for training and employing cybersecurity professionals, which can be a great lesson for the country to ensure that the necessary measures are taken as soon as possible by those in charge.
Dr Saeed Banaeian Far, Dr Maryam Rajabzadeh Asaar,
Volume 13, Issue 1 (8-2024)
Abstract
Data outsourcing to reliable centers for data maintenance, protection and accessibility is simple and low-cost and does not require physical infrastructure, hardware, software and human resources. However, real-world events and recent researches have shown that even reliable centers can abuse users' trust. For example, 1) make changes in the data they have, 2) delete them, or 3) make them temporarily/permanently unavailable. Data audit methods assure the data owners that the data recorded in the database is the same as the data sent by the user and reveals the changes made in it. But they only solve the first problem. In 2008, the introduction of a technology called blockchain, which had several attractive features such as transparency, immutability, and autonomy, caused the problems of many systems that needed the mentioned features to be solved. In this article, after reviewing and addressing several blockchain-based data auditing architectures and protocols, we review and analyze their general framework. Finally, we compare the reviewed works and specify some future horizons of this field.
|
|
