Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
6
2
2014
07
01
A risk model for cloud processes
99
123
EN
E.
Damiani
ernesto.damiani@unimi.it
S.
Cimato
stelvio.cimato@unimi.it
G.
Gianini
gabriele.gianini@unimi.it
10.22042/isecure.2015.6.2.2
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' <em>severity</em>, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification of "typical" threats and attack vectors. Also, the dynamic, multi-party nature of cloud-based processes makes severity assessment very dependent on the particular set of stakeholders involved in each process execution. In this paper, we tackle these problems by presenting a novel, <em>process-oriented</em> quantitative risk assessment methodology aimed at disclosure risks on cloud computing platforms. Key advantages of our methodology include (i) a fully quantitative and iterative approach, which enables stakeholders to compare alternative versions of cloud-based processes (e.g., with and without security controls) (ii) non-frequency-based probability estimates, which allow analyzing threats for which a detailed history is not available (iii) support for quick visual comparisons of risk profiles of alternative processes even when impact cannot be exactly quantified.
cloud computing,Value of Information,Risk Assessment,Secure Computation
https://www.isecure-journal.com/article_39155.html
https://www.isecure-journal.com/article_39155_18fdfeefba9699c84e274e1218517744.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
6
2
2014
07
01
Artemia: a family of provably secure authenticated encryption schemes
125
139
EN
J.
Alizadeh
alizadja@gmail.com
M. R.
Aref
isecure@sharif.ir
N.
Bagheri
0000-0002-6818-5342
na.bagheri@gmail.com
10.22042/isecure.2015.6.2.3
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the inverse of the permutation in the decryption function, which causes the resource efficiency. Artemia permutations have an efficient and a simple structure and are provably secure against the differential and linear cryptanalysis. In the permutations, MDS recursive layers are used that can be easily implemented in both software and hardware.
Privacy,Authentication,Provable Security,Authenticated Encryption,Artemia
https://www.isecure-journal.com/article_39156.html
https://www.isecure-journal.com/article_39156_9b0f4b96ed0d5dc9ffdc6e7362e77712.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
6
2
2014
07
01
An efficient non-repudiation billing protocol in heterogeneous 3G-WLAN networks
141
153
EN
A.
fanian
a.fanian@cc.iut.ac.ir
F.
Alamifar
alamifar@ec.iut.ac.ir
M.
Berenjkoub
brnjkb@cc.iut.ac.ir
10.22042/isecure.2015.6.2.4
The wireless communication with delivering variety of services to users is growing rapidly in recent years. The third generation of cellular networks (3G), and local wireless networks (WLAN) are the two widely used technologies in wireless networks. 3G networks have the capability of covering a vast area; while, WLAN networks provide higher transmission rates with less coverage. Since the two networks have complementary properties, some attempts are made for their integration which could lead to an advantageous heterogeneous network. In such a heterogeneous network, provision of services like authentication, billing and quality of service are essential. In this article, a new mutual authentication protocol, namely, Non-Reputation Billing Protocol (NRBP) is proposed based on extensible authentication protocols. This authentication scheme provides a non-repudiation property for the billing problem. The proposed scheme is analyzed based on different security features and computation overhead. In comparison with previous approaches, this protocol contains all the considered security parameters. Moreover, the computation overhead of this protocol is less than other schemes.
WLAN,Cellular Network,Heterogeneous Network,Authentication and Non-repudiation
https://www.isecure-journal.com/article_39157.html
https://www.isecure-journal.com/article_39157_44118f2b7f8344294b6c4ad50142f3ce.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
6
2
2014
07
01
A hybrid approach for database intrusion detection at transaction and inter-transaction levels
155
167
EN
M.
Doroudian
doroodian@aut.ac.ir
H. R.
Shahriari
shahriari@aut.ac.ir
10.22042/isecure.2015.6.2.5
Nowadays, information plays an important role in organizations. Sensitive information is often stored in databases. Traditional mechanisms such as encryption, access control, and authentication cannot provide a high level of confidence. Therefore, the existence of Intrusion Detection Systems in databases is necessary. In this paper, we propose an intrusion detection system for detecting attacks in both database transaction level and inter-transaction level (user task level). For this purpose, we propose a detection method at transaction level, which is based on describing the expected transactions within the database applications. Then at inter-transaction level, we propose a detection method that is based on anomaly detection and uses data mining to find dependency and sequence rules. The main advantage of this system, in comparison with the previous database intrusion detection systems, is that it can detect malicious behaviors in both transaction and inter-transaction levels. Also, it gains advantages of a hybrid method, including specification-based detection and anomaly detection, to minimize both false positive and false negative alarms. In order to evaluate the accuracy of the proposed system, some experiments have been done. The experiment results demonstrate that the true positive rate (<em>recall</em> metric) is higher than 80%, and the false positive rate is lower than 10% per different data sets and choosing appropriate ranges for support and confidence thresholds. The experimental evaluation results show high accuracy and effectiveness of the proposed system.
Intrusion Detection,Database Security,State machine,Inter-Transaction Dependency,Inter-Transaction Sequence
https://www.isecure-journal.com/article_39158.html
https://www.isecure-journal.com/article_39158_f18c739d9aaeae6cc3ee1d085e4c204c.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
6
2
2014
07
01
An extended feature set for blind image steganalysis in contourlet domain
169
181
EN
E.
Shakeri
shakeri@ee.sharif.edu
Sh.
Ghaemmaghami
ghaemmag@sharif.edu
10.22042/isecure.2014.6.2.6
The aim of image steganalysis is to detect the presence of hidden messages in stego images. We propose a blind image steganalysis method in Contourlet domain and then show that the embedding process changes statistics of Contourlet coefficients. The suspicious image is transformed into Contourlet space, and then the statistics of Contourlet subbands coefficients are extracted as features. We use absolute Zernike moments and characteristic function moments of Contourlet subbands coefficients of the image to distinguish between the stego and non-stego images. Absolute Zernike moments are used to examine the randomness in the test image and characteristic function moments of Contourlet coefficients is used to form our feature set that can catch the changes made to the histogram of Contourlet coefficients. These features are fed to a nonlinear SVM classifier with an RBF kernel to distinguish between cover and stego images. We show that the embedding process distorts statistics of Contourlet coefficients, leading to detection of stego images. Experimental results confirm that the proposed features are highly sensitive to the change made by the embedding process. These results also reveal advantage of the proposed method over its counterpart steganalyzers, in cases of five popular JPEG steganography techniques.
Blind Steganalysis,Contourlet Transform,Zernike Moments,Characteristic Function Moments,statistical analysis
https://www.isecure-journal.com/article_39159.html
https://www.isecure-journal.com/article_39159_6ccbde77608f72bfef5ea4fb1d6f063c.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
6
2
2014
07
01
A two-phase wormhole attack detection scheme in MANETs
183
191
EN
Sh.
Shamaei
shamaei@ce.sharif.edu
A.
Movaghar
movaghar@sharif.edu
10.22042/isecure.2015.6.2.7
Mobile ad-hoc networks (MANETs) have no fixed infrastructure, so all network operations such as routing and packet forwarding are done by the nodes themselves. However, almost all common existing routing protocols basically focus on performance measures regardless of security issues. Since these protocols consider all nodes to be trustworthy, they are prone to serious security threats. Wormhole attack is a kind of such threats against routing processes which is particularly a challenging problem to detect and prevent in MANETs. In this paper, a two-phase detection scheme is proposed to detect and prevent wormhole attacks. First phase checks whether a wormhole tunnel exists on the selected path or not. If there is such a tunnel, the second phase is applied to confirm the existence of the wormhole attack, and locate a malicious node. The proposed detection scheme can appropriately detect all types of this kind of attacks such as in-band and out-of-band ones in different modes such as hidden or exposed, without any need of special hardware or time synchronization. In order to evaluate the performance of the proposed scheme, some various scenarios are simulated in the NS-2 simulator, and different measures are assessed. The results obtained from simulating the proposed scheme and other benchmarks indicate that in most criteria considered in this paper, the proposed scheme outperforms the proposed methods in prior works.
Mobile ad-hoc Networks,Wormhole Detection Scheme,Wormhole Attack,Wormhole Tunnel
https://www.isecure-journal.com/article_39160.html
https://www.isecure-journal.com/article_39160_9c5a04eeec4d7ae4d57d176d22d005a6.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
6
2
2014
07
27
Persian Abstract
193
198
EN
https://www.isecure-journal.com/article_45226.html
https://www.isecure-journal.com/article_45226_2bf42113d64b2440935753f0d5290220.pdf