انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Key Discovery and Forgery Attack on a Key Agreement Protocol with Authentication for Wireless Sensor Network 1 9 FA Amir Allahdadi Ghiyasabadi Fat’h Science and Technology Center, Faculty and Research Institute of Computer Engineering and Cyber Power, Imam Hossein (AS) University, Tehran, Iran Javad Alizadeh Fat’h Science and Technology Center, Faculty and Research Institute of Computer Engineering and Cyber Power, Imam Hossein (AS) University, Tehran, Iran With the development of new information and communication technologies such as developments related to Internet of Things applications, the importance of information and maintaining its security is more and more considered. Key agreement and authentication protocols play an important role in ensuring information security. One of the important components used in many applications of the Internet of Things is wireless sensor networks, whose security is ensured by using appropriate protocols of these networks. In 2020, Sikarwar and Das presented a key agreement protocol with authentication for wireless sensor networks and claimed that this protocol is secure against well-known attacks such as feedback attacks, password discovery, and man-in-the-middle attacks. In this paper, it is shown that the Sikarvar and DOS protocol is not secure and an attacker can easily obtain this key. In addition, it is shown that the protocol cannot be secure against password discovery and spoofing attacks.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Unmanned Cyber Security Requirements in sub-Transmission Substation 10 17 FA Azam Mozafari Niroo Research Institute (NRI), Tehran, Iran Leila Zafari Niroo Research Institute (NRI), Tehran, Iran Negin Hamian Niroo Research Institute (NRI), Tehran, Iran As an economic and technical point of view, operation of without operator or unmanned substations is of interest to power industry managers, so it is an opportunity to investigate cyber security carefully at this time. In this article, while studying the importance of SCADA (Supervisory Control and Data Acquisition) centers cyber security, the cyber security requirements of two types of DCS (Distribution Control System) and traditional substations and the communication of these types of substations and the corresponding SCADA center were examined. In this article, based on the documents and standards of industrial cyber security and power industry, the security requirements of substations and their communications with the relevant centers were extracted, and these requirements were prioritized based on knowledge of the industry and the importance of existing departments and processes. In addition, due to the non-implementation of security requirements in high power substations, it was emphasized to pay attention to the cyber security considerations of this area, such as preparing security risk management documents, paying attention to personnel training and receiving security approvals.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Vulnerability Analysis of Digital Circuits against Capacitor-based Timing Hardware Trojan 18 25 FA Fatemeh Khormizi School of Electrical and Computer Engineering, College of Engineering, University of Tehran, 14395-515, Tehran, Iran Bijan Alizadeh School of Electrical and Computer Engineering, College of Engineering, University of Tehran, 14395-515, Tehran, Iran Hardware Trojan is a hardware security threat that attempts to insert in the circuit and modifies the hardware stealthy. Trojan detection and design-for-trust are the main defensive strategies against hardware Trojan. The target of Trojan detection is to verify hardware Trojan and in design-for-security, the security techniques are presented for facilitating detection or preventing hardware Trojan insertion. In this work, we introduce a capacitor-based timing hardware Trojan (THT) model and then discuss how to analyze the vulnerability of gate-level circuits against such THT model. For THT that violates timing constraints in the circuit, the susceptible nets are recognized. Susceptible nets to THT are vulnerable nets in path-delay analysis and logic testing detection approaches and they are not detectable easily. The experimental results show that the number of vulnerable nets to the capacitor-based THT model is small enough so that a design-for-trust approach can be proposed.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Lightweight and Secure Authentication Key Agreement Protocol for Smart Grid 26 36 FA Seyed Hamid Baghestani Cyberspace Research Institute, University of Shahid Beheshti (SBU), Tehran, Iran Farokhlagha Moazami Cyberspace Research Institute, University of Shahid Beheshti (SBU), Tehran, Iran The conventional electricity infrastructure relies on the usage of fossil fuels, which harms the environment greatly. A smart grid is an infrastructure that enables the integration of renewable resources with the distribution system, as well as the potential of establishing a two-way flow of energy and data between network management and subscribers in order to optimize energy use. However, this data flow may be misused by attackers to disrupt security and causes power network imbalances.Therefore, it is necessary to exploit different security protocols to exchange data in this platform. One of these security protocols is the authenticated key agreement protocol, which allows the parties to authenticate each other and share a key to encrypt data. Recently Zhang et al. proposed a lightweight key authentication protocol based on hash functions. In this paper, we examine their protocol and show that vulnerable to denial of service (DOS) attack and also is not optimized to implement on smart grid. Then we present a lightweight and secure authentication protocol based on hash functions.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Masking Midori64 against Correlation Power Analysis Attack 37 47 FA Hamid Ghanbari Faculty of Computer and Cyber security, Imam Hossein University (AS), Tehran, Iran Behrooz Khadem Faculty of Computer and Cyber security, Imam Hossein University (AS), Tehran, Iran Mohammad Jadidi Faculty of Computer and Cyber security, Imam Hossein University (AS), Tehran, Iran The use of lightweight and light weight block ciphers in the Internet of Things is inevitable. Recently, Midori64 has received a lot of attention among other lightweight ciphers due to its very low power consumption. Midori64 security has been threatened by various attacks, including side channel attacks. One of the types of side channel attacks is correlation power analysis, in which an attacker can discover the encryption key by using the power leak of the cryptographic chip while the algorithm is running, data being processed and operations being executed. Masking against power analysis attacks is known as one of the most effective methods of cryptographic algorithms. The purpose of the mask is to disrupt the relationship between power consumption and ongoing operations. In this paper, an implemented version of the Midori64 code on an Atmega32 AVR micro-controller is attacked by correlation power analysis, and an encryption key with 300 blocks of plain text is discovered. After masking the Midori64 with the Boolean masking method, the attack was performed again, and the experimental results showed that the Boolean masking method could prevent key discovery.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Management of Electronic Health Records with Preservation of Privacy using the Blockchain Technology 48 58 FA Mahsa Rezaei Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran Sadegh Dorri Nogoorani Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran The development and use of electronic health records (EHR) have had remarkable impacts on human life, such as improvements in the quality of medical care, better research results, and enhancements in treatment methods. Despite these improvements, availability, security and privacy concerns have remained to be very important in this field. In this article, we propose a decentralized and distributed system for electronic health records management with the help of the blockchain technology and its potential benefits. In this system, patient information is stored in the cloud. Also, the real owner of the electronic records is the patient, and with the help of smart contracts and encryption, he/she controls how to access his/her health information. In the proposed solution, the problem of sharing and storing the patients’ keys has been solved with the help of smart contracts. In addition, we proposed solutions to special cases which are raised by transferring the control of the records to the patients such as permissions for underage patients, in emergency situations, and after the death of the patient. Comparison of the related works shows that the proposed system has solved the problems of competing systems while maintaining a high level of privacy.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 A Tool for Detecting Man in the Browser (MitB) Attacks using Dynamic Analysis of Web Pages 59 66 FA Majid Iranpour Mobarakeh Model Based Security Analysis (MBSA) Research Group, Faculty of Computer Engineering, University of Isfahan, Isfahan, Iran Behrouz Tork Ladani Model Based Security Analysis (MBSA) Research Group, Faculty of Computer Engineering, University of Isfahan, Isfahan, Iran Detection of browser attacks is considered a serious challenge in today’s web applications. Man in the Browser (MitB) attack is an important type of these attacks that can lead to changes in web page contents, interference in network traffic, session hijacking, and user information theft by using Trojans. In this paper, an efficient tool for real-time detection of MitB attacks through dynamic analysis of web pages based on the description of attack patterns is presented. The advantage of the proposed tool is that it is not limited to identifying one or more specific attacks and the identification method code is not embedded in the tool, but the patterns of different attacks are specified separately. In order to evaluate the presented tool, two vulnerable web services provided by OWASP, which have a wide range of known vulnerabilities, were used along with the BeEF penetration test framework, and a set of MitB attacks were practically implemented and evaluated by the tool. The same tests were performed using three other similar tools and compared with the developed tool. In addition to the superiority of the presented tool in terms of the independence of attack descriptions from the tool itself, the results show that the accuracy and readability of its diagnosis are better than similar tools.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 A High-Speed Systolic Field Multiplication for Edwards 25519 Curve 67 74 FA Muhammad Rasoul Akhoundi Zardeyni Faculty of Computer Science and Engineering, Shahid Beheshti University, Tehran, Iran Raziyeh Salarifard Faculty of Computer Science and Engineering, Shahid Beheshti University, Tehran, Iran Elliptic curve cryptography (ECC) provides the same security with shorter key lengths in comparison with other asymmetric cryptography algorithms. One of the safest curves recently considered is the Edwards25519, which is standardized by NIST. The most expensive operation in the ECC is point multiplication, which uses field multiplication many times. In this paper, a high-speed field multiplication for Edwards25519 is proposed. The improvements are mostly the result of the development of a novel semi-systolic field multiplier which employs four steps of Karatsuba-Ofman multiplication with fewer additions/subtractions in comparison with the original ones. The proposed multiplier has four register layers in its architecture. Then, this architecture, while taking advantage of the systolic architecture (a low CPD), has a low latency. In comparison with the best previous work, the proposed field multiplication has a 28% improvement in speed. Moreover, the point multiplication which exploits the proposed field multiplication has a 50% improvement in time in comparison with the best previous work.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Providing an RPL-based Reliable Routing Method in the Internet of Things 75 82 FA Reza Khatouni Department of Computer Engineering, Birjand University, Birjand, Iran Mohammad Ghasemi Gol Department of Computer Engineering, Birjand University, Birjand, Iran Today, establishing a reliable communication path between devices in low power and lossy networks (LLNs) has become a big challenge. Routing protocol for low power and lossy networks (RPL) is used as a standard routing protocol in LLN networks. The RPL protocol, located at the network layer, uses the objective function to select the optimal path. Due to the fact that various attacks may be created in the routing process, hence the need to pay attention to reliable and trusted routing has become one of the most important and up-to-date research issues. For this reason, in this research, a reliable routing method based on RPL for the Internet of Things is presented. The advantages of the proposed method compared to other methods are that, on the one hand, the rate of lost packets has decreased, and on the other hand, the stability of a node is higher in relation to rank changes. Finally, Cooja simulator has been used to evaluate the proposed method.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 Inventing a Method to Save the Fog Node from Attacks 83 93 FA Seyed Omid Azarkasb Software Engineering Faculty, K.N. Toosi University of Technology, Tehran, Iran Seyed Hossein Khasteh Software Engineering Faculty, K.N. Toosi University of Technology, Tehran, Iran Saeed Sedighian Kashi Software Engineering Faculty, K.N. Toosi University of Technology, Tehran, Iran Fog is a cloud that closes to the ground. The components of fog and cloud complement each other. These components provide mutually beneficial interdependent services for communication, processing, control, and storage across the network. Attacking the fog nodes are as important as attacking the cloud. Since the fog node has more limited resources, it is more targeted by intruders. In addition, fog nodes are more attractive to attackers because they have less computing power and are located closer to the attacker than the cloud. But the key point is that access to limited resources makes it easier to save the fog node because the fog does not have the complexities of the cloud, and it is easy to run an intrusion detection system on it. In this article, focusing on the resource limitation in the fog node, we will invent a method to save the fog node. In the proposed method, the support vector machines (SVMs) technique is used. Among the advantages of using the support vector machine, we can mention not being trapped in local optima, solving the over fitting problem, and ease of working with high-dimensional data. Based on the research, support vector machine is the most widely used machine learning method for Internet of Things security articles in the literature. In this article, in order to conduct tests, according to published global statistics, the most important category of web attacks, i.e. SQL injection attacks, is considered. The average detection accuracy is obtained and the results of the evaluations indicate the acceptable efficiency of the proposed method.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 An Overview of Security Standards in the Field of ICT in order to Determining the Appropriate Methodology for the Security Evaluation of Equipment Related to Information and Communication Technology in the Power Industry 94 102 FA Sofia Ahanj Niroo Research Institute, Tehran, Iran Mahsa Rahmani Niroo Research Institute, Tehran, Iran Vida Nobakht Niroo Research Institute, Tehran, Iran Zahra Sadeghigol Niroo Research Institute, Tehran, Iran Providing security in the electricity industry, as one of the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory. There are various standards in the field of general ICT technical-security evaluation. The most important are ISO/IEC 15408, ISO/IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented.

انجمن رمز ایران Biannual Journal Monadi for Cyberspace Security (AFTA) 2476-3047 11 1 2022 9 1 103 114 FA