|
|
|
 |
Search published articles |
 |
|
Showing 3 results for Security Analysis
Mr. Afshin Rashidi, Dr. Reza Ebrahimi Atani, Mr. Hamid Nasiri,
Volume 4, Issue 1 (9-2015)
Abstract
In the past decade with distribution software such as browsers, online stores, Internet banking, electronic mail systems and the Internet, to carry out reverse engineering attacks, illegal use of illegal software or reproduce it is.A new attack techniques have failed and this creates competition between the attackers and software developers. So far, many techniques based architecture, hardware and software for this semester has been introduced to protect each aspect of the application process. In this paper, we introduce a variety of threats to software and then try to categorize and review of techniques to protect our software.
Mohammad Dakhilalian, Masomeh Safkhani, Fatemeh Pirmoradian,
Volume 12, Issue 1 (9-2023)
Abstract
Providing all remote services requires mutual authentication of participating parties. The framework by which this authentication is done is called authentication protocols. In other words, cryptographic or cryptographic protocol is a distributed cryptographic algorithm that establishes interactions between at least two or more hosts with a specific purpose. In fact, these protocols have provided secure and insecure channels for communication between the parties participating in the protocol. Usually, secure channels are used for registration and insecure channels for mutual authentication. After registering on the server and verifying its identity by the server, the user can benefit from the services provided by the server. Many authentication protocols have been proposed in fields such as e-medical care, Internet of Things, cloud computing, etc. The privacy and anonymity of users in these plans is the biggest challenge in implementing a platform to benefit from remote services. Due to the fact that authentication of users takes place on the insecure platform of the Internet, it can be vulnerable to all existing Internet attacks. In general, there are two methods to analyze and prove the security of authentication protocols. Formal method and In-formal method. The In-formal method, which is based on intuitive arguments, analyst's creativity and mathematical concepts, tries to find errors and prove security. While the formal method, which is done both manually and automatically, has used a variety of mathematical logics and automatic security analysis tools. Manual method using mathematical models such as Real Or Random and mathematical logics such as BAN logic, GNY logic, etc., and automatic method using AVISPA, Scyther, ProVerif, TAMARIN, etc. tools. In fact, the methods of proving and analyzing the security of security protocols are divided into two general categories based on proof of theorem and model verification, and in this article, the details of each of these methods of proving security are explained. It should be noted that most of the security protocol verification tools are based on model verification. The methods based on model checking and then the methods based on proving the theorem are described.
Ghodsieh Karimi , Morteza Adeli, Mohammad Ali Hadavi,
Volume 13, Issue 2 (12-2024)
Abstract
With the increasing use of RFID tags, there is a need for specific protocols to communicate with these tags. Among these protocols, the ownership transfer stands out as it ensures the security and privacy of objects for the new owner after a change of ownership. Recently, a lightweight object ownership transfer protocol has been proposed for RFID networks. This protocol utilizes a lightweight linear function for security. The designers of the protocol claim that it is secure against known attacks while also being lightweight. In this paper, we identify vulnerabilities in the function used in this protocol and demonstrate that it is susceptible to the secret disclosure attack. We show that with at most 4 × L executions of the protocol (where L is the key length), one can obtain the necessary information from intercepted data to execute the attack and subsequently recover the shared keys used in the protocol.
|
|
