|
|
|
 |
Search published articles |
 |
|
Showing 12 results for Protocol
, ,
Volume 3, Issue 1 (9-2014)
Abstract
A set of technologies, that use radio waves for identifying people or objects, is called radio frequency identification system or RFID. RFID performance depends on tag and reader devices which use radio waves to communicate to each other. In some applications of RFID systems, the proof of concurrent presence for a number of objects or persons together in a given time is crucial. Grouping proof protocols are designed to address these needs, in fact grouping proof shows that two or more tags are evaluated by a reader simultaneously. This proof must be verified by the corresponding verifier. In this article this type of protocols are introduced and analyzed. At the first, the idea of designing a grouping proof is presented and then related protocols and their security analysis are presented. Finally, a comparison between protocols is provided.
, ,
Volume 4, Issue 1 (9-2015)
Abstract
The next generation of heterogeneous wireless access network technologies are include such as wireless networks (WiFi and WiMax) and cellular networks (such as WCDMA and HSPA and 4G). One of the major issues in heterogeneous wireless network design, support for mobile users is vertically integrated handover. handover process between different wireless technology, called vertical handover. The wireless technology of different features, services, pricing, and offer different regional coverage. Vertical handover can be combined with the benefits of mobile networks to obtain user satisfaction and improve efficiency, can be used. So concepts and review the measures taken are necessary. The main purpose of this article we discribe the basic concepts related to handover, classification, algorithms, protocols, and features favorable factors in handover for Next Generation Networks.
Mr Mohammad Mehdi Ahmadian, Dr Mehdi Shajari,
Volume 7, Issue 2 (3-2019)
Abstract
Industrial control systems (ICSs) which are used in critical infrastructure and other industries mostly use various communication protocols. Most of these communication protocols have various cyber security challenges and weakness that give the attackers the opportunity to gain to their malicious intentions. In this paper, we assess IEC 60870-5-104 protocols from security perspective which is used in the ICSs as telemetry communication. According to achievement of these goals, we have analyzed the IEC 60870-5-104 design phase carefully and used experimental test bed to identify the security threats and vulnerabilities and characterize the technical attacks. Finally we review the design of hardening mechanisms and their challenges.
Mohammad Pishdar, Younes Seifi, Mozafar Bag-Mohammadi,
Volume 9, Issue 1 (8-2020)
Abstract
RPL (Routing Protocol for Low Power and Lossy Networks) has been designed for low power networks with high packet loss. Generally, devices with low processing power and limited memory are used in this type of network. IoT (Internet of Things) is a typical example of low power lossy networks. In this technology, objects are interconnected through a network consisted of low-power circuits. Example IoT applications are smart energy grid, smart home, connected car, intelligent transport systems, and smart cities. IoT is different from many similar technologies due to the existence of low power electronic circuits and limited connectivity. Information security is one of the main IoT concerns. The emergence of new types of security vulnerabilities in IoT devices and the escalation of their damages through numerous IoT applications is considered a major deployment drawback for RPL. In this paper, major cyberattacks against RPL, as well as related security solutions are addressed. Then, these solutions are classified and their weaknesses and strengths are investigated. Finally, it discusses the state-of-the-art status of information security in RPL.
Reza Khatouni, Mohammad Ghasemi Gol,
Volume 11, Issue 1 (9-2022)
Abstract
Today, establishing a reliable communication path between devices in low power and lossy networks (LLNs) has become a big challenge. Routing protocol for low power and lossy networks (RPL) is used as a standard routing protocol in LLN networks. The RPL protocol, located at the network layer, uses the objective function to select the optimal path. Due to the fact that various attacks may be created in the routing process, hence the need to pay attention to reliable and trusted routing has become one of the most important and up-to-date research issues. For this reason, in this research, a reliable routing method based on RPL for the Internet of Things is presented. The advantages of the proposed method compared to other methods are that, on the one hand, the rate of lost packets has decreased, and on the other hand, the stability of a node is higher in relation to rank changes. Finally, Cooja simulator has been used to evaluate the proposed method.
Amir Allahdadi Ghiyasabadi , Javad Alizadeh,
Volume 11, Issue 1 (9-2022)
Abstract
With the development of new information and communication technologies such as developments related to Internet of Things applications, the importance of information and maintaining its security is more and more considered. Key agreement and authentication protocols play an important role in ensuring information security. One of the important components used in many applications of the Internet of Things is wireless sensor networks, whose security is ensured by using appropriate protocols of these networks. In 2020, Sikarwar and Das presented a key agreement protocol with authentication for wireless sensor networks and claimed that this protocol is secure against well-known attacks such as feedback attacks, password discovery, and man-in-the-middle attacks. In this paper, it is shown that the Sikarvar and DOS protocol is not secure and an attacker can easily obtain this key. In addition, it is shown that the protocol cannot be secure against password discovery and spoofing attacks.
Ali Khazaei, Hossein Homaei , Monireh Houshmand ,
Volume 11, Issue 2 (3-2023)
Abstract
Quantum dialogue is a type of quantum communication in which users can simultaneously send messages to each other. The earliest instances of quantum dialogue protocols faced security problems such as information leakage and were vulnerable to intercept and resend attacks. Therefore, several protocols have been presented that try to solve these defects. Despite these improvements, the quantum dialogue still faces some challenges. Currently, the limited number of participants and the impossibility of expanding users during the conversation are among the most important challenges of this kind of protocol. In this research, we have designed a multi-user quantum dialogue protocol that solves the mentioned challenges. The proposed protocol is a generalized type of quantum dialogue in which users can communicate simultaneously. The number of participating users is not limited and can be changed dynamically (i.e. without the need to restart the protocol). It means that, during the execution of the protocol, a user can leave the conversation, or a new user can join it. Communication between users is established through a central semi-trusted server. The investigations show that the proposed protocol does not have information leakage. In other words, no unauthorized entity (not even the intermediate server) can access the raw data exchanged between users.
Mr. Nasser Zarbi, Dr Ali Zaeembashi, Dr Nasour Bagheri,
Volume 12, Issue 1 (9-2023)
Abstract
Leakage-resilient cryptography aims to design key exchange protocols to withstand leakage attacks. These protocols are examined using a leakage-resilient security model to determine whether they possess the claimed security properties. The security analysis focuses on how the leakage-resilient security model has evolved to meet increasing security requirements and cover a broader range of attacks. By studying and analyzing the presented security properties of these models, potential vulnerabilities in protocol design can be effectively addressed. This article delves into various leakage-resilient security models based on two models, CK and eCK, and provides examples of secure key exchange protocols defined within these models. Additionally, it explores the relationship between adversaries' capabilities in these models and different attack schemes in the real world. By offering insights into various leakage-resilient security models, leakage attacks, and the development of secure protocols, it contributes to advancing knowledge in this field.
Mohammad Dakhilalian, Masomeh Safkhani, Fatemeh Pirmoradian,
Volume 12, Issue 1 (9-2023)
Abstract
Providing all remote services requires mutual authentication of participating parties. The framework by which this authentication is done is called authentication protocols. In other words, cryptographic or cryptographic protocol is a distributed cryptographic algorithm that establishes interactions between at least two or more hosts with a specific purpose. In fact, these protocols have provided secure and insecure channels for communication between the parties participating in the protocol. Usually, secure channels are used for registration and insecure channels for mutual authentication. After registering on the server and verifying its identity by the server, the user can benefit from the services provided by the server. Many authentication protocols have been proposed in fields such as e-medical care, Internet of Things, cloud computing, etc. The privacy and anonymity of users in these plans is the biggest challenge in implementing a platform to benefit from remote services. Due to the fact that authentication of users takes place on the insecure platform of the Internet, it can be vulnerable to all existing Internet attacks. In general, there are two methods to analyze and prove the security of authentication protocols. Formal method and In-formal method. The In-formal method, which is based on intuitive arguments, analyst's creativity and mathematical concepts, tries to find errors and prove security. While the formal method, which is done both manually and automatically, has used a variety of mathematical logics and automatic security analysis tools. Manual method using mathematical models such as Real Or Random and mathematical logics such as BAN logic, GNY logic, etc., and automatic method using AVISPA, Scyther, ProVerif, TAMARIN, etc. tools. In fact, the methods of proving and analyzing the security of security protocols are divided into two general categories based on proof of theorem and model verification, and in this article, the details of each of these methods of proving security are explained. It should be noted that most of the security protocol verification tools are based on model verification. The methods based on model checking and then the methods based on proving the theorem are described.
Javad Alizadeh, Seyyed Hadi Noorani Asl,
Volume 12, Issue 2 (2-2024)
Abstract
The Internet of Drones (IoD) refers to the use of unmanned aerial vehicles (UAVs) connected to the Internet. This concept is a specific application of IoT. The IoD may offer opportunities, but it also poses security vulnerabilities. It is necessary to use authentication and key agreement protocols in drone communications to prevent these vulnerabilities. In 2020, Alladi et al presented an authentication and key agreement protocol based on physical unclonable functions called SecAutUAV. They analyzed the security of their scheme through both formal and informal methods. In this paper, we demonstrate the vulnerability of the SecAuthUAV protocol to a key recovery attack. An adversary can obtain a session key between a drone and a ground station by intercepting and analyzing the session data. In addition, we present a secret value recovery attack with complexity  , which is lower than the complexity of brute force attacks. An adversary could spoof and track the drone by using these values. In order to improve the security and efficiency of SecAuthUAV, we present a new version and compare it to the original. We utilize both the informal method and formal-based ProVerif to analyze the
security of the latest protocol. To compare the efficiency of the new protocol and SecAuthUAV, we counted their number of operators and functions. The new protocol is more secure and efficient than SecAutUAV.
Dr Saeed Banaeian Far, Dr Maryam Rajabzadeh Asaar,
Volume 13, Issue 1 (8-2024)
Abstract
Data outsourcing to reliable centers for data maintenance, protection and accessibility is simple and low-cost and does not require physical infrastructure, hardware, software and human resources. However, real-world events and recent researches have shown that even reliable centers can abuse users' trust. For example, 1) make changes in the data they have, 2) delete them, or 3) make them temporarily/permanently unavailable. Data audit methods assure the data owners that the data recorded in the database is the same as the data sent by the user and reveals the changes made in it. But they only solve the first problem. In 2008, the introduction of a technology called blockchain, which had several attractive features such as transparency, immutability, and autonomy, caused the problems of many systems that needed the mentioned features to be solved. In this article, after reviewing and addressing several blockchain-based data auditing architectures and protocols, we review and analyze their general framework. Finally, we compare the reviewed works and specify some future horizons of this field.
Ghodsieh Karimi , Morteza Adeli, Mohammad Ali Hadavi,
Volume 13, Issue 2 (12-2024)
Abstract
With the increasing use of RFID tags, there is a need for specific protocols to communicate with these tags. Among these protocols, the ownership transfer stands out as it ensures the security and privacy of objects for the new owner after a change of ownership. Recently, a lightweight object ownership transfer protocol has been proposed for RFID networks. This protocol utilizes a lightweight linear function for security. The designers of the protocol claim that it is secure against known attacks while also being lightweight. In this paper, we identify vulnerabilities in the function used in this protocol and demonstrate that it is susceptible to the secret disclosure attack. We show that with at most 4 × L executions of the protocol (where L is the key length), one can obtain the necessary information from intercepted data to execute the attack and subsequently recover the shared keys used in the protocol.
|
|
