|
|
 |
Search published articles |
 |
|
Showing 4 results for Ban
Dr Majid Fani, Dr Mohammadamin Torabi, Dr Matineh Moghaddam, Volume 9, Issue 2 (2-2021)
Abstract
Not all phishing attacks are always done in the form of website forgery and telephone phishing. Emails and messages that appear to be sent by the bank and receive information from the user can also be a phishing attack. Feature selection and sample selection are two very important issues in the data processing stage in detecting malicious emails. In particular, identifying spam without data reduction will not be nearly as accurate in the results. Most articles and research have focused on one of these issues, and there are few articles that have worked in combination to detect malicious emails. Therefore, the purpose of the present study is to provide a method to reduce the data in identifying emails by selecting features and samples simultaneously. In the proposed method in this paper, the forbidden search algorithm and the genetic algorithm are used in combination and simultaneously. For the suitability of this method, the evaluation vector machine evaluation function was used. The results showed that the detection rate of spam and e-mails in LineSpam and UCI datasets was 97.28, which was the highest possible value compared to other algorithms proposed in previous studies.
Saba Marandi, Farrokhlagha Moazzami, Volume 11, Issue 2 (3-2023)
Abstract
In medical fields, a wearable body area sensors network is a network of sensors placed inside human bodies or on their skin. These multi-functional sensors provide all patients and medical personnel with optimized and comfortable services. The patient’s physiological information transferred in this network is very sensitive and confidential; Therefore, transmitting through an insecure channel requires high anonymity, un-traceability, and privacy-preserving of personal data. Furthermore, the wearable body area network is a small part of the Internet of Things (IoT) community, and as the devices are resource-constraint, lightweight protocols are needed to guarantee the information’s authenticity, confidentiality, and integrity. Hence, a large number of schemes were proposed by different researchers to improve the reliability of the protocols. Recently Ankur Gupta and his colleagues proposed a lightweight mutual authentication and key agreement protocol and proved its security against well-known attacks. In this paper, we will demonstrate that their proposed protocol is vulnerable to the sensor node impersonation attack and does not provide the necessary security for communicating data; Then, we will offer a new solution to overcome this problem.
Mohammad Dakhilalian, Masomeh Safkhani, Fatemeh Pirmoradian, Volume 12, Issue 1 (9-2023)
Abstract
Providing all remote services requires mutual authentication of participating parties. The framework by which this authentication is done is called authentication protocols. In other words, cryptographic or cryptographic protocol is a distributed cryptographic algorithm that establishes interactions between at least two or more hosts with a specific purpose. In fact, these protocols have provided secure and insecure channels for communication between the parties participating in the protocol. Usually, secure channels are used for registration and insecure channels for mutual authentication. After registering on the server and verifying its identity by the server, the user can benefit from the services provided by the server. Many authentication protocols have been proposed in fields such as e-medical care, Internet of Things, cloud computing, etc. The privacy and anonymity of users in these plans is the biggest challenge in implementing a platform to benefit from remote services. Due to the fact that authentication of users takes place on the insecure platform of the Internet, it can be vulnerable to all existing Internet attacks. In general, there are two methods to analyze and prove the security of authentication protocols. Formal method and In-formal method. The In-formal method, which is based on intuitive arguments, analyst's creativity and mathematical concepts, tries to find errors and prove security. While the formal method, which is done both manually and automatically, has used a variety of mathematical logics and automatic security analysis tools. Manual method using mathematical models such as Real Or Random and mathematical logics such as BAN logic, GNY logic, etc., and automatic method using AVISPA, Scyther, ProVerif, TAMARIN, etc. tools. In fact, the methods of proving and analyzing the security of security protocols are divided into two general categories based on proof of theorem and model verification, and in this article, the details of each of these methods of proving security are explained. It should be noted that most of the security protocol verification tools are based on model verification. The methods based on model checking and then the methods based on proving the theorem are described.
Zahra Jafari, Sahar Palimi, Mohamadamin Sabaei, Rahman Hajian, Hossein Erfani, Volume 12, Issue 2 (2-2024)
Abstract
In the Internet of Things (IoT) environment, security and privacy are paramount concerns for critical applications. The LoRa protocol efficiently enables long-range communication for resource-constrained end devices in LoRaWAN networks. To foster technology adoption and user trust, safeguarding the data collected by end devices is essential. Authentication and key agreement protocols play a pivotal role in achieving this goal. Here, we introduce a novel scheme for authentication and key exchange in LoRaWAN, enabling mutual authentication among participants. This scheme empowers users/end devices and network servers to establish secure end-to-end session keys without unconditional trust. We assess the scheme's security informally and provide formal verification using AVISPA tools and the BAN logic. Furthermore, we compare it to existing authentication schemes, demonstrating its efficiency in terms of computational and communication overhead.
|
|