发布求助
文献互助 智能选刊 最新文献

2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)最新文献

筛选
英文 中文
Software Security Analysis Based on the Principle of Defense-in-Depth 基于纵深防御原理的软件安全分析
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546953
A. Jalali, M. A. Hadavi
{"title":"Software Security Analysis Based on the Principle of Defense-in-Depth","authors":"A. Jalali, M. A. Hadavi","doi":"10.1109/ISCISC.2018.8546953","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546953","url":null,"abstract":"Defense in depth is a well-known secure design principle. Although the software security community acknowledge the importance of such a principle in developing secure systems, it has not been investigated enough to be the basis of security analysis of software systems. In this paper we analyze software security with respect to the defense-in-depth principle. We propose a model for security analysis in which the defense-in depth is quantitatively measured. The measurement capability lets developers choose security countermeasures in such a way that not only the security risks decrease but also the amount of defense-in-depth increases. We experimentally evaluate our model using a case study. The results show that adding security countermeasures to reduce security risks has different effects on security with respect to the defense-in-depth, and implementing a security countermeasure, while reducing the total risk, does not necessarily lead to an improved amount of the defense-in-depth.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131077344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
BLProM: Business-Layer Process Miner of the Web Application Web应用程序的业务层流程挖掘器
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546899
M. Alidoosti, A. Nowroozi
{"title":"BLProM: Business-Layer Process Miner of the Web Application","authors":"M. Alidoosti, A. Nowroozi","doi":"10.1109/ISCISC.2018.8546899","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546899","url":null,"abstract":"Web application vulnerability scanners cannot detect business logic vulnerabilities (vulnerabilities related to logic) because they are not able to understand business logic of the web application. In order to identify business logic of the web application, this paper presents BLProM, the black box approach that identifies business processes of the web application. Detecting business processes of the web applications can be used in dynamic security testing to determine business logic vulnerabilities in the web applications. BLProM first extracts navigation graph of the web application then identifies business processes from the navigation graph. The evaluation conducted on three well-known open source web applications shows that BLProM is able to detect business logic processes. Experimental results show that BLProM improves web application scanning because it clusters web application pages and prevent scanning similar pages. The proposed approach is compared to OWASP ZAP, an open source web scanner. We show that BLProM improves web application scanning about % 96.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115629792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Phase Jamming Attack: A Practical Attack on Physical layer-Based Key Derivation 相位干扰攻击:一种基于物理层的密钥派生的实用攻击
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546920
Seyed Morteza Mirhoseini Nejad, Ali Rahmanpour, S. M. Razavizadeh
{"title":"Phase Jamming Attack: A Practical Attack on Physical layer-Based Key Derivation","authors":"Seyed Morteza Mirhoseini Nejad, Ali Rahmanpour, S. M. Razavizadeh","doi":"10.1109/ISCISC.2018.8546920","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546920","url":null,"abstract":"Key derivation from the physical layer features of the communication channels is a promising approach which can help the key management and security enhancement in communication networks. In this paper, we consider a key generation technique that quantizes the received signal phase to obtain the secret keys. We then study the effect of a jamming attack on this system. The jammer is an active attacker that tries to make a disturbance in the key derivation procedure and changes the phase of the received signal by transmitting an adversary signal. We evaluate the effect of jamming on the security performance of the system and show the ways to improve this performance. Our numerical results show that more phase quantization regions limit the probability of successful attacks.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115855634","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
BotcoinTrap: Detection of Bitcoin Miner Botnet Using Host Based Approach BotcoinTrap:使用基于主机的方法检测比特币矿工僵尸网络
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546867
A. Zareh
{"title":"BotcoinTrap: Detection of Bitcoin Miner Botnet Using Host Based Approach","authors":"A. Zareh","doi":"10.1109/ISCISC.2018.8546867","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546867","url":null,"abstract":"Bitcoin is one of the most successful cryptocurrencies. Many people invest money on creating new Bitcoins because of Bitcoin's market increase. They actually buy hardware and power to participate in Bitcoin mining. The market value of Bitcoin has also absorbed cybercriminals. They steal the process cycles from victims' machines and use them in mining activities by malware programs. There have been several security reports about these types of malicious activities. Although there are methods to detect botnets, to the best of our knowledge, none of non-commercial and published papers present detection method for these types. In this paper, we present Botcointrap, a novel approach to identify Bitcoin miner botnets (called Botcoin) based on dynamic analysis of executable binary files. This method benefits from a parameter value that all Botcoins must use across their computations and detect them in the lowest level of execution; therefore, our method can be used to overcome weaknesses of many other approaches. Our evaluation shows that the proposed approach efficiently identifies all simulated Botcoins.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"416 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127798287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
ISCISC 2018 Subject Index Page ISCISC 2018主题索引页
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/iscisc.2018.8546970
{"title":"ISCISC 2018 Subject Index Page","authors":"","doi":"10.1109/iscisc.2018.8546970","DOIUrl":"https://doi.org/10.1109/iscisc.2018.8546970","url":null,"abstract":"","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128914970","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ISCISC 2018 Index ISCISC 2018索引
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/iscisc.2018.8546910
{"title":"ISCISC 2018 Index","authors":"","doi":"10.1109/iscisc.2018.8546910","DOIUrl":"https://doi.org/10.1109/iscisc.2018.8546910","url":null,"abstract":"","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133603207","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Tampering Detection and Restoration of Compressed Video 压缩视频的篡改检测与恢复
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546848
Bardia Azizian, S. Ghaemmaghami
{"title":"Tampering Detection and Restoration of Compressed Video","authors":"Bardia Azizian, S. Ghaemmaghami","doi":"10.1109/ISCISC.2018.8546848","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546848","url":null,"abstract":"This paper presents a method to detect tampering of video data and then restore an approximate version of its original contents in compressed H.264/AVC domain using watermarking. In the proposed scheme, a low resolution image from a number of video frames in certain time slots are embedded into the DCT coefficients of the other parts of the video which are adequately far from the reference frames. For detecting temporal/spatial tampering, the index of each frame/macroblock is embedded into itself as an authentication code. If a malicious tampering is detected at the authentication phase, the information used for restoration is extracted to recover the original contents in the altered areas. The extracted images are post-processed to enhance the image quality that could have been affected by channel errors or attacks. Our method provides appropriate transparency and robustness despite large volume of the payload to be handled. The results show that the BER of the watermark signal for recompression attack is about 4.5% on average under QP=24. The main achievement of the proposed watermarking system is the restoration of tampered areas, in addition to high accuracy in detecting malicious tampering in H.264/AVC domain.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117321163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Compressed Video Watermarking for Authentication and Reconstruction of the Audio Part 用于音频部分认证和重构的压缩视频水印
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546897
Zahra Esmaeilbeig, S. Ghaemmaghami
{"title":"Compressed Video Watermarking for Authentication and Reconstruction of the Audio Part","authors":"Zahra Esmaeilbeig, S. Ghaemmaghami","doi":"10.1109/ISCISC.2018.8546897","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546897","url":null,"abstract":"This paper is concerned with designing a digital video watermarking system capable of authenticating and reconstructing the audio part of the video after possible attacks. As recompression is the most common attack on videos, we attempt to improve robustness of one of the recently presented and successful compressed video water-marking schemes against recompression. A comprehensive set of experiments are conducted to show that our watermarking scheme is robust against recompression attack and enables reconstruction of audio part with an acceptable quality based on PESQ score. To the best of our knowledge, this is the first work that uses the visual part of a video as a watermarking cover signal for tampering detection and reconstruction of the audio part. We specifically address videos with important audio content, e.g., news, reports, etc.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121790369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A Novel Approach for Detecting DGA-based Ransomwares 一种基于dga的勒索软件检测新方法
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546941
S. Salehi, H. Shahriari, M. Ahmadian, Ladan Tazik
{"title":"A Novel Approach for Detecting DGA-based Ransomwares","authors":"S. Salehi, H. Shahriari, M. Ahmadian, Ladan Tazik","doi":"10.1109/ISCISC.2018.8546941","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546941","url":null,"abstract":"Nowadays, hybrid cryptosystem ransomware, as well as botnets, utilize domain-generation algorithms to communicate with the command and control (C&C) server to exchange public key and perform their malicious actions. We present an approach for detecting domain-generationalgorithm-based ransomware for the first time. By running instances of this type of ransomware in a test environment, we analyze their behavior, especially in the DNS traffic segment, which leads us to derive several behavioral characteristics. Among these features, we can point to ”random and gibberish characters” in the requested domains; But using this feature is not easy as it can yield a lot of false positives. Our new and innovative approach to solving this challenge is to measure “Frequency of Different Domains Generation” and “Repetition of Same Domains in a Time Interval”. With the help of these criteria, we show that our method is more effective. The proposed approach can be used to detect botnets and other DGA-based malwares. Moreover, our approach detects ransomwares in their early phase of activity (i.e., before encrypting user data). Ultimately, we propose these features as a framework for identifying these ransomwares with high detection accuracy and low false positives rate.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132499873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
A Practical and Secure Lattice-based Scheme for Full-Duplex Gaussian One-Way Relay Channels 一种实用且安全的全双工高斯单向中继信道的栅格方案
2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC) Pub Date : 2018-08-01 DOI: 10.1109/ISCISC.2018.8546937
Hassan Khodaiemehr, T. Eghlidos
{"title":"A Practical and Secure Lattice-based Scheme for Full-Duplex Gaussian One-Way Relay Channels","authors":"Hassan Khodaiemehr, T. Eghlidos","doi":"10.1109/ISCISC.2018.8546937","DOIUrl":"https://doi.org/10.1109/ISCISC.2018.8546937","url":null,"abstract":"Unidirectional or one-way relaying, where two wireless nodes, each of which would like to create an in- formation flow from one node to the other one via a single decode-and-forward (DF) relay, has been an active area of recent research. We consider an additional secrecy constraint for protection against an honest but curious relay. Indeed, while the relay should decode the source message, it should be fully ignorant of the message content. We provide a secure lattice coding strategy based on quasi-cyclic low-density parity check (QC-LDPC) lattice codes for unidirectional Gaussian relay channels. QC-LDPC lattice codes are carved from infinite QC- LDPC lattices using a shaping algorithm. Due to the existence of low-overhead encoding and decoding algorithms, these lattice codes can be implemented practically in high dimensions. Our proposed scheme combines a Rao-Nam like encryption with a new DF relaying scheme for QC-LDPC lattice codes. Some chosen-plaintext attacks and recent attacks on the Rao- Nam like schemes are considered over the proposed scheme. Due to its low overhead encryption-decryption algorithms, the proposed scheme can be employed efficiently in high information rates. According to our simulation results, the proposed relaying scheme outperforms its counterparts in terms of error performance, efficiency and security.","PeriodicalId":318403,"journal":{"name":"2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","volume":"15 12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127646910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信