发布求助
文献互助 智能选刊 最新文献

ISC Int. J. Inf. Secur.最新文献

筛选
英文 中文
One-Shot Achievable Secrecy Rate Regions for Quantum Interference Wiretap Channel 量子干涉窃听信道的一次性可实现保密率区域
ISC Int. J. Inf. Secur. Pub Date : 2023-01-09 DOI: 10.22042/isecure.2022.14.3.8
Hadi Aghaee, Bahareh Akhbari
{"title":"One-Shot Achievable Secrecy Rate Regions for Quantum Interference Wiretap Channel","authors":"Hadi Aghaee, Bahareh Akhbari","doi":"10.22042/isecure.2022.14.3.8","DOIUrl":"https://doi.org/10.22042/isecure.2022.14.3.8","url":null,"abstract":"—In this paper, we want to derive achievable secrecy rate regions for quantum interference channel with classical inputs under one-shot setting. The main idea to this end is to use the combination of superposition and rate splitting for encoding scheme and constructing a decoding scheme based on simultaneous decoding.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"150 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122827232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Quantum Multiple Access Wiretap Channel: On the One-Shot Achievable Secrecy Rate Regions 量子多址窃听信道:一次可实现保密率区域
ISC Int. J. Inf. Secur. Pub Date : 2023-01-06 DOI: 10.48550/arXiv.2301.02479
Hadi Aghaee, Bahareh Akhbari
{"title":"Quantum Multiple Access Wiretap Channel: On the One-Shot Achievable Secrecy Rate Regions","authors":"Hadi Aghaee, Bahareh Akhbari","doi":"10.48550/arXiv.2301.02479","DOIUrl":"https://doi.org/10.48550/arXiv.2301.02479","url":null,"abstract":"In this paper, we want to investigate classical-quantum multiple access wiretap channels (CQ-MA-WTC) under one-shot setting. In this regard, we analyze the CQ-MA-WTC using simultaneous position-based decoder for reliable decoding and using a newly introduced technique in order to decode securely. Also, for the sake of comparison, we analyze the CQ-MA-WTC using Sen's one-shot joint typicality lemma for reliable decoding. The simultaneous position-based decoder tends to a multiple hypothesis testing problem. Also, using convex splitting to analyze the privacy criteria in a simultaneous scenario becomes problematic. To overcome both problems, we first introduce a new channel that can be considered as a dual to the CQ-MA-WTC. This channel is called a point-to-point quantum wiretap channel with multiple messages (PP-QWTC). In the following, as a strategy to solve the problem, we also investigate and analyze quantum broadcast channels (QBCs) under the one-shot setting.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132799021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System Android权限系统漏洞检测的形式化方法研究
ISC Int. J. Inf. Secur. Pub Date : 2022-08-23 DOI: 10.48550/arXiv.2208.11062
Amirhosein Sayyadabdi, B. T. Ladani, B. Zamani
{"title":"Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System","authors":"Amirhosein Sayyadabdi, B. T. Ladani, B. Zamani","doi":"10.48550/arXiv.2208.11062","DOIUrl":"https://doi.org/10.48550/arXiv.2208.11062","url":null,"abstract":"— Android is a widely used operating system that employs a permission-based access control model. The Android Permissions System (APS) is responsible for mediating application resource requests. APS is a critical component of the Android security mechanism; hence, a failure in the design of APS can potentially lead to vulnerabilities that grant unauthorized access to resources by malicious applications. In this paper, we present a formal approach for modeling and verifying the security properties of APS. We demonstrate the usability of the proposed approach by showcasing the detection of a well-known vulnerability found in Android’s custom permissions.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131212158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks 面向事件聚合,减少APT攻击IKC阶段的日志事件量
ISC Int. J. Inf. Secur. Pub Date : 2021-09-29 DOI: 10.22042/isecure.2023.319798.730
Ali Ahmadian Ramaki, A. G. Bafghi, Abbas Rasoolzadegan Barforoush
{"title":"Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks","authors":"Ali Ahmadian Ramaki, A. G. Bafghi, Abbas Rasoolzadegan Barforoush","doi":"10.22042/isecure.2023.319798.730","DOIUrl":"https://doi.org/10.22042/isecure.2023.319798.730","url":null,"abstract":"Nowadays, targeted attacks like Advanced Persistent Threats (APTs) has become one of the major concern of many enterprise networks. As a common approach to counter these attacks, security staff deploy a variety of security and non-security sensors at different lines of defense (Network, Host, and Application) to track the attacker's behaviors during their kill chain. However, one of the drawbacks of this approach is the huge amount of events raised by heterogeneous security and non-security sensors which makes it difficult to analyze logged events for later processing i.e. event correlation for timely detection of APT attacks. Till now, some research papers have been published on event aggregation for reducing the volume of logged low-level events. However, most research works have been provided a method to aggregate the events of a single-type and homogeneous event source i.e. NIDS. In addition, their main focus is only on the degree to which the event volume is reduced, while the amount of security information lost during the event aggregation process is also very important. In this paper, we propose a three-phase event aggregation method to reduce the volume of logged heterogeneous events during APT attacks considering the lowest rate of loss of security information. To this aim, at first, low-level events of the sensors are clustered into some similar event groups and then, after filtering noisy event clusters, the remained clusters are summarized based on an Attribute-Oriented Induction (AOI) method in a controllable manner to reduce the unimportant or duplicated events. The method has been evaluated on the three publicly available datasets: SotM34, Bryant, and LANL. The experimental results show that the method is efficient enough in event aggregation and can reduce events volume up to 99.7% with an acceptable level of information loss ratio (ILR).","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130987466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Business-Layer Session Puzzling Racer: Dynamic Security Testing Against Session Puzzling Race Conditions in Business Layer 业务层会话谜题竞赛:业务层会话谜题竞赛条件下的动态安全测试
ISC Int. J. Inf. Secur. Pub Date : 2021-09-06 DOI: 10.22042/ISECURE.2021.272808.637
M. Alidoosti, A. Nowroozi, A. Nickabadi
{"title":"Business-Layer Session Puzzling Racer: Dynamic Security Testing Against Session Puzzling Race Conditions in Business Layer","authors":"M. Alidoosti, A. Nowroozi, A. Nickabadi","doi":"10.22042/ISECURE.2021.272808.637","DOIUrl":"https://doi.org/10.22042/ISECURE.2021.272808.637","url":null,"abstract":"Parallel execution of multiple threads of a web application will result in server-side races if the web application is not synchronized correctly. Server-side race is susceptible to flaws in the relation between the server and the database. Detecting the race condition in the web applications depends on the business logic of the application. No logic-aware approach has been presented to deal with race conditions. Furthermore, most existing approaches either result in DoS or are not applicable with false positive. In this study, the session puzzling race conditions existing in a web application are classified and described. In addition, we present Business-Layer Session Puzzling Racer, a black-box approach for dynamic application security testing, to detect the business-layer vulnerability of the application against session puzzling race conditions. Experiments on well-known and widely used web applications showed that Business-Layer Session Puzzling Racer is able to detect the business layer vulnerabilities of these applications against race conditions. In addition, the amount of traffic generated to identify the vulnerabilities has been improved by about 94.38% by identifying the business layer of the application. Thus, Business-Layer Session Puzzling Racer does not result in DoS.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131888179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly 基于JavaScript和WebAssembly的定时侧信道攻击及对策研究
ISC Int. J. Inf. Secur. Pub Date : 2021-09-06 DOI: 10.22042/ISECURE.2021.263565.599
Mohammad Erfan Mazaheri, Siavash Bayat Sarmadi, Farhad Taheri Ardakani
{"title":"A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly","authors":"Mohammad Erfan Mazaheri, Siavash Bayat Sarmadi, Farhad Taheri Ardakani","doi":"10.22042/ISECURE.2021.263565.599","DOIUrl":"https://doi.org/10.22042/ISECURE.2021.263565.599","url":null,"abstract":"Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116136195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A New Variant of the Winternitz One Time Signature Based on Graded Encoding Schemes 基于分级编码方案的Winternitz一次性签名新变体
ISC Int. J. Inf. Secur. Pub Date : 2021-09-06 DOI: 10.22042/ISECURE.2021.272908.639
Hossein Oraei, M. H. Dehkordi
{"title":"A New Variant of the Winternitz One Time Signature Based on Graded Encoding Schemes","authors":"Hossein Oraei, M. H. Dehkordi","doi":"10.22042/ISECURE.2021.272908.639","DOIUrl":"https://doi.org/10.22042/ISECURE.2021.272908.639","url":null,"abstract":"Digital signature schemes are used to guarantee for non-repudiation and authenticity of any kind of data like documents, messages or software. The Winternitz one-time signature (WOTS) scheme, which can be described using a certain number of so-called “function chains”, plays an important role in the design of both stateless and stateful many-time signature schemes. The main idea of WOTS scheme is the use of a limited number of function chains, all of which begin at some random values. This work introduces WOTS-GES, a new WOTS type signature scheme in which the need for computing all of the intermediate values of the chains is eliminated. More precisely, to compute each algorithm of the proposed scheme, we only need to calculate one intermediate value. This significantly reduces the number of required operations needed to calculate the algorithms of WOTS-GES. To achieve this results, we have used the concept of “leveled” multilinear maps which is alsoreferred to as graded encoding schemes. We expect these results to increase the efficiency of Winternitz based digital signature schemes.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126417782","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Time Randomization-Based Countermeasure Against the Template Side-Channel Attack 基于时间随机化的模板侧信道攻击对策
ISC Int. J. Inf. Secur. Pub Date : 2021-09-06 DOI: 10.22042/ISECURE.2021.262658.592
Farshideh Kordi, Hamed Hosseintalaee, A. Jahanian
{"title":"A Time Randomization-Based Countermeasure Against the Template Side-Channel Attack","authors":"Farshideh Kordi, Hamed Hosseintalaee, A. Jahanian","doi":"10.22042/ISECURE.2021.262658.592","DOIUrl":"https://doi.org/10.22042/ISECURE.2021.262658.592","url":null,"abstract":"The template attack is one of the most efficient attacks for exploiting the secret key. Template-based attack extracts a model forthe behavior of side channel information from a device which is similar to the target device and then uses this model to retrievethe correct key on the target victim device. Until now, many researchers have focused on improving the performance of templateattacks ,but recently, a few countermeasures have been proposed to protect the design against these attacks. On the other hand,researches show that regular countermeasures against these attacks are costly. Randomized shuffling in the time domain is knownas a cost-effective countermeasure against side-channel attacks that are widely used. In this article, we implemented an actualtemplate attack and proposed an efficient countermeasure against it.We focus on the time shifting method against template attack.The results show that template attack is very susceptible to this method. The performance of attack on an AES algorithm isconsiderably reduced with this method. We reported the analysis results of our countermeasure. The performance of the attackcan be determined according to various criteria. One of these criteria is the success rate of the attack. According to these results,template attack will be hardened significantly after the proposed protection such that the grade of the key recovery increases from1 with 350K traces in unprotected design to 2100 with 700K traces in the protected circuit. This security improvement gains in thecost of about 7% delay overhead.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115354143","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SANT: Static Analysis of Native Threads for Security Vetting of Android Applications 用于Android应用程序安全审查的本机线程的静态分析
ISC Int. J. Inf. Secur. Pub Date : 2021-09-05 DOI: 10.22042/ISECURE.2021.247906.572
Seyed Behnam Andarzian, B. T. Ladani
{"title":"SANT: Static Analysis of Native Threads for Security Vetting of Android Applications","authors":"Seyed Behnam Andarzian, B. T. Ladani","doi":"10.22042/ISECURE.2021.247906.572","DOIUrl":"https://doi.org/10.22042/ISECURE.2021.247906.572","url":null,"abstract":"Most of the current research on static analysis of Android applications for security vetting either work on Java source code or the Dalvik bytecode. Nevertheless, Android allows developers to use C or C++ code in their programs that is compiled into various binary architectures. Moreover, Java and the native code components (C or C++) can collaborate with each other using Java Native Interface. Recent research shows that native codes are frequently used in both benign and malicious Android applications. Most of the present Android static analysis tools avert considering native codes in their analysis and applied trivial models for their data-flow analysis. As we know only the open source JN-SAF tool has tried to solve this issue statically. However, there are still challenges like libC functions and multi-threading in native codes that we want to address in this work. We presented SANT as an extension of JN-SAF for supporting Static Analysis of Native Threads. We considered modeling libC functions in our data-flow analysis to have a more precise analysis when dealing with security vetting of native codes. We also used control flow and data dependence graphs in SANT to handle multiple concurrent threads and find implicit data-flow between them. Our experiments show that the conducted improvements outperforms JN-SAF in real-world benchmark applications.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128201994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Efficient Pairing-Free Identity-Based Certificateless Signcryption 一种高效的基于无配对身份的无证书签名
ISC Int. J. Inf. Secur. Pub Date : 2021-08-28 DOI: 10.22042/ISECURE.2021.261788.587
Saeed Banaeian Far, Maryam Assar
{"title":"An Efficient Pairing-Free Identity-Based Certificateless Signcryption","authors":"Saeed Banaeian Far, Maryam Assar","doi":"10.22042/ISECURE.2021.261788.587","DOIUrl":"https://doi.org/10.22042/ISECURE.2021.261788.587","url":null,"abstract":"A certificateless (CL) signcryption scheme is a cryptographic primitive that provides user authentication and message confidentiality at the same time. CL signcryption schemes (as a type of certificateless encryption scheme) have solved problems concerning malicious server presentation, and the server who issues users' partial private keys and certificates cannot obtain users' signing keys. Therefore, the CL signcryption scheme is an excellent choice for protecting users' signing keys and providing user authentication and message confidentiality. Moreover, signcryption schemes have lower computational costs than signature and encryption schemes. The present study presents a short and efficient CL signcryption scheme based on the hyperelliptic curve (HC). Applying HC as the calculation base for designing the presented CL signcryption scheme reduces key-length from 160 bits to 80. The presented CL signcryption scheme is shorter than other recently-proposed ones with regard to communication overhead with its less than one-third shorter length compared to the shortest of the others. Moreover, it is more efficient than other recently-proposed CL signcryption schemes in the user-side computational cost, including the textit{key generation} and textit{user key generation} phases that have been halved in total. Finally, the security of the presented CL signcryption scheme was analyzed in the random oracle (RO) model based on the hardness of the point factorization problem (PFP) on HC.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125145502","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信