Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
4
2
2012
07
01
Eigenvalues-based LSB steganalysis
97
106
EN
F.
Farhat
farhat@ee.sharif.edu
A.
Diyanat
diyanat@ee.sharif.edu
Sh.
Ghaemmaghami
ghaemmag@sharif.edu
M. R.
Aref
isecure@sharif.ir
10.22042/isecure.2013.4.2.1
So far, various components of image characteristics have been used for steganalysis, including the histogram characteristic function, adjacent colors distribution, and sample pair analysis. However, some certain steganography methods have been proposed that can thwart some analysis approaches through managing the embedding patterns. In this regard, the present paper is intended to introduce a new analytical method for detecting stego images, which is robust against some of the embedding patterns designed specifically to foil steganalysis attempts. The proposed approach is based on the analysis of the eigenvalues of the cover correlation matrix used for the purpose of the study. Image cloud partitioning, vertical correlation function computation, constellation of the correlated data, and eigenvalues examination are the major challenging stages of this analysis method. The proposed method uses the LSB plane of images in spatial domain, extendable to transform domain, to detect low embedding rates-a major concern in the area of the LSB steganography. The simulation results based on deviation detection and rate estimation methods indicated that the proposed approach outperforms some well-known LSB steganalysis methods, specifically at low embedding rates.
Correlation Matrix,Eigenvalues Analysis,Rate Estimation,Steganalysis,LSB Embedding
https://www.isecure-journal.com/article_39127.html
https://www.isecure-journal.com/article_39127_0e6ceec28eeafafee0a915f4ecbfa601.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
4
2
2012
07
01
Cryptanalysis of GSM encryption algorithm A5/1
107
114
EN
V.
Amin Ghafari
vahidaming@yahoo.com
A.
Vardasbi
vardasbi@alum.sharif.edu
J.
Mohajeri
mohajer@sharif.edu
10.22042/isecure.2013.4.2.2
The A5/1 algorithm is one of the most famous stream cipher algorithms used for over-the-air communication privacy in GSM. The purpose of this paper is to analyze several weaknesses of A5/1, including an improvement to an attack and investigation of the A5/1 state transition. Biham and Dunkelman proposed an attack on A5/1 with a time and data complexity of 2<sup>39.91</sup>and 2<sup>21.1</sup>, respectively. In this paper, we propose a method for identification and elimination of useless states from the pre-computed tables and a new approach to access the table in the online phase of the attack which reduces the time complexity to 2<sup>37.89</sup> and the required memory in half. Furthermore, we discuss another weakness of A5/1 by investigating its internal state transition and its key stream sequence period. Consequently, the internal states are divided into two classes, initially periodic and ultimately periodic. The presented model is verified using a variety of simulations which are consistent with the theoretical results.
A5/1,Precomputed Table,Useless States,Internal State Transition,Ultimately Periodic
https://www.isecure-journal.com/article_39128.html
https://www.isecure-journal.com/article_39128_2c8ec641762eacbc1981736701b8cc8e.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
4
2
2012
07
01
Improving security of double random phase encoding with chaos theory using fractal images
115
124
EN
M.
Taheri
tahery.motahareh.85@gmail.com
S.
Mozaffari
saeed_mozaffari@yahoo.com
10.22042/isecure.2013.4.2.3
This study presents a new method based on the combination of cryptography and information hiding methods. Firstly, the image is encoded by the Double Random Phase Encoding (DRPE) technique. The real and imaginary parts of the encoded image are subsequently embedded into an enlarged normalized host image. DRPE demands two random phase mask keys to decode the decrypted image at the destination. The two random phase masks are regenerated by the chaos theory using a fractal image. To enhance its security, instead of sending the second phase mask directly, the initial conditions and the parameter of the chaotic map and the fractal image are transferred to the authorized user through a secure channel. Experimental results reveal that the proposed method not only enjoys high security but also resists the commonplace attacks.
Double Random Phase Encoding (DRPE),Fractal Image Generation,Julia Set,Mandolrot Set,Chaos Theory,Two-Dimensional Coupled Logistic Map,Combination of Data Hiding and Cryptography
https://www.isecure-journal.com/article_39129.html
https://www.isecure-journal.com/article_39129_bb135b54690a5ae825d4e07ab628bc81.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
4
2
2012
07
01
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
125
136
EN
Z.
Zali
z.zali@ec.iut.ac.ir
M. R.
Hashemi
hashemim@cc.iut.ac.ir
H.
Saidi
hsaidi@cc.iut.ac.ir
10.22042/isecure.2013.4.2.4
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in practice. To provide a picture of the current intrusive activity on the network, we need a real-time alert correlation. Most causal methods can be deployed offline but not in real-time due to time and memory limitations. In the proposed method, the knowledge base of the attack patterns is represented in a graph model called the Causal Relations Graph. In the offline mode, we construct Queue trees related to alerts' probable correlations. In the real-time mode, for each received alert, we can find its correlations with previously received alerts by performing a search only in the corresponding tree. Therefore, the processing time of each alert decreases significantly. In addition, the proposed method is immune to deliberately slowed attacks. To verify the proposed method, it was implemented and tested using DARPA2000 dataset. Experimental results show the correctness of the proposed alert correlation and its efficiency with respect to the running time.
Attack,Intrusion,Attack Scenario,Intrusion Detection System,IDS,Alert,Alert Correlation,Graph
https://www.isecure-journal.com/article_39130.html
https://www.isecure-journal.com/article_39130_e870cea966baf47739911ceffc77b63f.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
4
2
2012
07
01
Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
137
150
EN
E.
K.
Mabuto
nasbutos@yahoo.co.uk
H.
S.
Venter
hsventer@cs.up.ac.za
10.22042/isecure.2013.4.2.5
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphic design applications, and then analyzing the files associated with these applications. When analyzing digital forensic artifacts generated by an application, the specific focus is on determining whether the graphic design application was installed, whether the application was used, and determining whether an association can be made between the application’s actions and such a digital crime. This is accomplished by locating such information from the registry, log files and prefetch files. The file analysis involves analyzing files associated with these applications for file signatures and metadata. In the end it becomes possible to determine if a system has been used for creating counterfeit documents or not.
Digital Evidence,Digital Forensics,Digital Forensic Artifacts,Graphic Design Applications
https://www.isecure-journal.com/article_39131.html
https://www.isecure-journal.com/article_39131_7de093f8bbec6cfe3c8b6822a36253fc.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
4
2
2012
07
01
A confidence-aware interval-based trust model
151
165
EN
H.
Shakeri
hassan.shakeri@gmail.com
A.
Ghaemi Bafghi
ghaemib@um.ac.ir
10.22042/isecure.2013.4.2.6
It is a common and useful task in a web of trust to evaluate the trust value between two nodes using intermediate nodes. This technique is widely used when the source node has no experience of direct interaction with the target node, or the direct trust is not reliable enough by itself. If trust is used to support decision-making, it is important to have not only an accurate estimate of trust, but also a measure of confidence in the intermediate nodes as well as the final estimated value of trust. The present paper thus aims to introduce a novel framework for integrated representation of trust and confidence using intervals, which provides two operations of trust interval multiplication and summation. The former is used for computing propagated trust and confidence, whereas the latter provides a formula for aggregating different trust opinions. The properties of the two operations are investigated in details. This study also proposes a time-variant method that considers freshness, expertise level and two similarity measures in confidence estimation. The results indicate that this method is more accurate compared to the existing ones. In this regard, the results of experiments carried out on two well-known trust datasets are reported and analyzed, showing that the proposed method increases the accuracy of trust inference in comparison with the existing methods.
Trust,Confidence,Trust Interval,Trust Aggregation,Trust Propagation,Confidence Estimation
https://www.isecure-journal.com/article_39132.html
https://www.isecure-journal.com/article_39132_ccc78d4996b38ebf556705cf4736cb99.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
4
2
2012
07
19
Persian Abstract
167
172
EN
10.22042/isecure.2012.4.2.8
https://www.isecure-journal.com/article_45197.html
https://www.isecure-journal.com/article_45197_f2d3d5fc64c6f99134985bcb03af0654.pdf