发布求助
文献互助 智能选刊 最新文献

2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)最新文献

筛选
英文 中文
Cryptanalysis and Improvement of a Pairing-Free Certificateless Signature Scheme 一种无配对无证书签名方案的密码分析与改进
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546984
Nasrollah Pakniat, Behnam Abasi Vanda
{"title":"Cryptanalysis and Improvement of a Pairing-Free Certificateless Signature Scheme","authors":"Nasrollah Pakniat, Behnam Abasi Vanda","doi":"10.1109/ISCISC.2018.8546984","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546984","url":null,"abstract":"Certificateless signature (CLS) schemes aim to eliminate the need of certificates in traditional public-key signature schemes and also to resolve the inherent keyescrow problem of identity-based signature schemes. There are a vast number of secure CLS schemes in the literature; however, the usage of map-to-point hash functions and bilinear pairings in their constructions makes them less efficient to be applicable in many real-world applications. Recently, Karati et al. proposed an elliptic curve based CLS scheme in which there exists neither any bilinear pairing nor any map-to-points hash function. The authors claimed that the proposed CLS scheme is existentially unforgeable against both types of adversaries considered in certificateless cryptography. However, in this paper, we show that this claim is wrong and a type-1 adversary of certificateless cryptography can forge the signature of any signer on any message of his choice in this scheme. We further slightly modify Karati et al.'s scheme in order to make it secure in the standard security model of a CLS scheme. Meanwhile, the proposed improved scheme preserves all the efficiency properties of Karati et al.'s scheme.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131555178","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Threat Extraction Method Based on UML Software Description 基于UML软件描述的威胁提取方法
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546868
Masoumeh Zeinali, M. A. Hadavi
{"title":"Threat Extraction Method Based on UML Software Description","authors":"Masoumeh Zeinali, M. A. Hadavi","doi":"10.1109/ISCISC.2018.8546868","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546868","url":null,"abstract":"Threat modeling is one of the best practices to secure software development. A primary challenge for using this practice is how to extract threats. Existing threat extraction methods to this purpose are mainly based on penetration tests or vulnerability databases. This imposes a non-automated timeconsuming process, which fully relies on the human knowledge and expertise. In this paper, a method is presented, which can extract the threats to a software system based on the existing description of the software behavior. We elaborately describe software behavior with sequence diagrams enriched by security relevant attributes. To enrich a sequence diagram, some attributes and their associated values are added to the diagram elements and the communication between them. We have also developed a threat knowledge base from reliable sources such as CWE and CAPEC lists. Every threat in the knowledge base is described according to its occurrence conditions in the software. To extract threats of a software system, the enriched sequence diagrams describing the software behavior are matched with the threat rules in our knowledge base using a simple inference process. Results in a set of potential threats for the software system. The proposed method is applied on a software application to extract its threats. Our case study indicates the effectiveness of the proposed method compared to other existing methods.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134190026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SMSBotHunter: A Novel Anomaly Detection Technique to Detect SMS Botnets SMSBotHunter:一种新的SMS僵尸网络异常检测技术
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546934
Farnood Faghihi, M. Abadi, Asghar Tajoddin
{"title":"SMSBotHunter: A Novel Anomaly Detection Technique to Detect SMS Botnets","authors":"Farnood Faghihi, M. Abadi, Asghar Tajoddin","doi":"10.1109/ISCISC.2018.8546934","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546934","url":null,"abstract":"Over the past few years, botnets have emerged as one of the most serious cybersecurity threats faced by individuals and organizations. After infecting millions of servers and workstations worldwide, botmasters have started to develop botnets for mobile devices. Mobile botnets use different mediums to communicate with their botmasters. Although significant research has been done to detect mobile botnets that use the Internet as their command and control (C&C) channel, little research has investigated SMS botnets per se. In order to fill this gap, in this paper, we first divide SMS botnets based on their characteristics into three families, namely, info stealer, SMS stealer, and SMS spammer. Then, we propose SMSBotHunter, a novel anomaly detection technique that detects SMS botnets using textual and behavioral features and one-class classification. We experimentally evaluate the detection performance of SMSBotHunter by simulating the behavior of human users and SMS botnets. The experimental results demonstrate that most of the SMS messages sent or received by info stealer and SMS spammer botnets can be detected using textual features exclusively. It is also revealed that behavioral features are crucial for the detection of SMS stealer botnets and will improve the overall detection performance.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123005134","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
An efficient user identification approach based on Netflow analysis 一种基于Netflow分析的高效用户识别方法
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546856
Atieh Bakhshandeh, Z. Eskandari
{"title":"An efficient user identification approach based on Netflow analysis","authors":"Atieh Bakhshandeh, Z. Eskandari","doi":"10.1109/ISCISC.2018.8546856","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546856","url":null,"abstract":"with the advent of new technologiesg such as cloud-based services, smart phones, tablets and etc. users’ connectivity to networks are inevitable. This will result in the generation of huge amount of traffic from the users’ activities. For forensic examiners, this traffic is a critical source of information. In network forensics, focusing only on the IP addresses will result to evidence which is not confident as the account might have been compromised. Thus, the associated user is of more interest for forensic scientists rather than the IP address. Moreover, with the wide range of devices that a user may use (smart phone, tablet, laptop, etc.) and also the wide use of DHCP, the IP address is not a suitable identifier to distinguish users. This paper, proposes a method for efficiently identifying users of a network based on their behavior using the netflow traffic (which does not contain payloads). We extract a feature set from the flows of the network and use a random forest model to classify users. We have achieved the precision of 0.94 in the detection of users. The results show that this method can be effectively used by forensic scientists as they do not need to examine the whole traffic and only the reduced netflow traffic would be enough for investigation.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129274978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A New Statistical Method for Wormhole Attack Detection in MANETs 一种新的manet虫洞攻击检测统计方法
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546943
H. As'adi, A. Keshavarz-Haddad, A. Jamshidi
{"title":"A New Statistical Method for Wormhole Attack Detection in MANETs","authors":"H. As'adi, A. Keshavarz-Haddad, A. Jamshidi","doi":"10.1109/ISCISC.2018.8546943","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546943","url":null,"abstract":"Mobile ad hoc networks (MANETs) are a set of mobile wireless nodes that can communicate without the need for an infrastructure. Features of MANETs have made them vulnerable to many security attacks including wormhole attack. In the past few years, different methods have been introduced for detecting, mitigating, and preventing wormhole attacks in MANETs. In this paper, we introduce a new decentralized scheme based on statistical metrics for detecting wormholes that employs “number of new neighbors” along with “number of neighbors” for each node as its parameters. The proposed scheme has considerably low detection delay and does not create any traffic overhead for routing protocols which include neighbor discovery mechanism. Also, it possesses reasonable processing power and memory usage. Our simulation results using NS3 simulator show that the proposed scheme performs well in terms of detection accuracy, false positive rate and mean detection delay.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116648220","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Modular Construction a Lattices from Cyclotomic Fields and their Applications in Information Security 基于环切场的格的模块化构造及其在信息安全中的应用
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546855
Hassan Khodaiemehr, D. Panario, Mohammad-Reza Sadeghi
{"title":"Modular Construction a Lattices from Cyclotomic Fields and their Applications in Information Security","authors":"Hassan Khodaiemehr, D. Panario, Mohammad-Reza Sadeghi","doi":"10.1109/ISCISC.2018.8546855","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546855","url":null,"abstract":"We present an overview of recent advances in the Area of information security using algebraic number fields. This overview indicates the importance of modular lattices in information security and in recently proposed methods for obtaining modular lattices using algebraic number fields. Obtaining Construction a unimodular lattices using cyclotomic number fields of prime orders have been addressed in the literature. Recently, a new lattice invariant called secrecy gain has been defined and it has been shown that it characterizes the confusion at the eavesdropper when using lattices in the Gaussian wiretap channels. There is a symmetry point, called weak secrecy gain, in the secrecy function of modular lattices. It is conjectured that the weak secrecy gain is the secrecy gain. It is known that d-modular lattices with high level d are more likely to have a large length for the shortest nonzero vector, which results in a higher weak secrecy gain. In search of such lattices, we prove that there is no modular lattices built using Construction A over cyclotomic fields of prime power order $p^{n}$, with $n > 1$. We also present a new framework based on Construction A lattices and cyclotomic number fields that gives a family of p-modular lattices with $pequiv 1 (mathrm {m}mathrm {o}mathrm {d}~4)$.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133178841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
ISCISC 2018 Cover Page ISCISC 2018封面
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/iscisc.2018.8546935
{"title":"ISCISC 2018 Cover Page","authors":"","doi":"10.1109/iscisc.2018.8546935","DOIUrl":"https://doi.org/10.1109/iscisc.2018.8546935","url":null,"abstract":"","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"124 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133433711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ISCISC 2018 Committees
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/iscisc.2018.8546916
{"title":"ISCISC 2018 Committees","authors":"","doi":"10.1109/iscisc.2018.8546916","DOIUrl":"https://doi.org/10.1109/iscisc.2018.8546916","url":null,"abstract":"","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114704642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Polynomials over ℤ2n and their applications in symmetric cryptography 素数上的多项式及其在对称密码学中的应用
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546901
S. M. Dehnavi, M. R. M. Shamsabad
{"title":"Polynomials over ℤ2n and their applications in symmetric cryptography","authors":"S. M. Dehnavi, M. R. M. Shamsabad","doi":"10.1109/ISCISC.2018.8546901","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546901","url":null,"abstract":"Components which are constructed via the application of basic instructions of modern processors are common in symmetric ciphers targeting software applications; among them are polynomials over $mathbb{Z}_{2^{n}}$, which fit n-bit processors. For instance, the AES finalist RC6 uses a quadratic polynomial over $mathbb{Z}_{2^{32}}$. In this paper, after some mathematical examination, we give the explicit formula for the inverse of RC6-like polynomials over $mathbb{Z}_{2^{n}}$ and propose some degree-one polynomials as well as some self-invertible (involutive) quadratic polynomials with better cryptographic properties, instead of them, for the use in modern software-oriented symmetric ciphers. Then, we provide a new nonlinear generator with provable period, which could be used in stream ciphers and pseudo-random number generators.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129843255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Detecting Privacy Leaks in Android Apps using Inter-Component Information Flow Control Analysis 使用组件间信息流控制分析检测Android应用中的隐私泄漏
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546876
Zohreh Bohluli, H. Shahriari
{"title":"Detecting Privacy Leaks in Android Apps using Inter-Component Information Flow Control Analysis","authors":"Zohreh Bohluli, H. Shahriari","doi":"10.1109/ISCISC.2018.8546876","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546876","url":null,"abstract":"Nowadays, smartphones are ubiquitous sources of private and confidential information. Among smartphones operating systems, Android has become the most popular one in recent years. Android applications have access to different information which stored on the device so, may lead to information leaks accidentally or maliciously. Leakages stem from explicit or implicit information flows between information sources and sinks. Finding explicit flows is fairly simple whereas, implicit flows utilize more complicated structures and are more difficult to discover, as a result. Most existing tools ignore implicit flows or only consider special structures that are similar to explicit form in nature such as if and switch structures. In this paper we propose IIFDroid, inter-component information flow control static analysis tool which aims to detect information leaks generated by explicit and various forms of implicit flows within an Android application. Furthermore, we present test cases in order to examine the effectiveness of IIFDroid against implicit flows caused by more sophisticated structures like throw, polymorphism and exception-prone instructions. The experimental results on DroidBench and the developed test cases show that IIFDroid outperforms existing tools IccTA and JoDroid with 94.8% precision and 96.4% recall.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"301 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120838694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信