发布求助
文献互助 智能选刊 最新文献

ISC Int. J. Inf. Secur.最新文献

筛选
英文 中文
An efficient certificateless signcryption scheme in the standard model 标准模型下的一种高效的无证书签名加密方案
ISC Int. J. Inf. Secur. Pub Date : 2017-01-31 DOI: 10.22042/ISECURE.2017.70117.368
Parvin Rastegari, Mehdi Berenjkoub
{"title":"An efficient certificateless signcryption scheme in the standard model","authors":"Parvin Rastegari, Mehdi Berenjkoub","doi":"10.22042/ISECURE.2017.70117.368","DOIUrl":"https://doi.org/10.22042/ISECURE.2017.70117.368","url":null,"abstract":"Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which provides the goals of signing and encrypting, simultaneously. In 2010, Liu et al. presented the first certificateless signcryption (CLSC) scheme in the standard model, but their scheme is vulnerable against different attacks presented in the literature, till now. In this paper, we improve their scheme and propose a new CLSC scheme, which is semantically secure against adaptive chosen ciphertext attack under the (Ѕ2, 5)-BDHE-Set assumption and existentially unforgeable against adaptive chosen message attack under the 3-CDHE assumption in the standard model. Our scheme is more efficient than all other secure CLSC schemes in the standard model proposed up to now.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114437619","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
An automatic test case generator for evaluating implementation of access control policies 用于评估访问控制策略实现的自动测试用例生成器
ISC Int. J. Inf. Secur. Pub Date : 2017-01-31 DOI: 10.22042/ISECURE.2017.0.0.3
Marzieh Safarzadeh, Mahboubeh Taghizadeh, B. Zamani, B. T. Ladani
{"title":"An automatic test case generator for evaluating implementation of access control policies","authors":"Marzieh Safarzadeh, Mahboubeh Taghizadeh, B. Zamani, B. T. Ladani","doi":"10.22042/ISECURE.2017.0.0.3","DOIUrl":"https://doi.org/10.22042/ISECURE.2017.0.0.3","url":null,"abstract":"One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more reliable. Although several researches are conducted for automated testing of the specification of access control policies at the design phase, there is not enough research on testing their implementation. In addition, since access control is amongst non-functional requirements of the system, it is not easy to test them along with other requirements of the system by usual methods. To address this challenge, in this paper, we propose an automated method for testing the implementation of access control in a system. This method, as a model based technique, is able to extract test cases for evaluating the access control policies of the system under test. To generate test cases automatically, a combination of behavior model of the system and the specification of access control policies are used. The experimental results show that the proposed approach is able to find the failures and cover most of the code that is related to access control policies.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115788758","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A new security proof for FMNV continuous non-malleable encoding scheme 一种新的FMNV连续不可延性编码方案的安全性证明
ISC Int. J. Inf. Secur. Pub Date : 2017-01-31 DOI: 10.22042/ISECURE.2017.74050.371
Amir S. Mortazavi, M. Salmasizadeh, A. Daneshgar
{"title":"A new security proof for FMNV continuous non-malleable encoding scheme","authors":"Amir S. Mortazavi, M. Salmasizadeh, A. Daneshgar","doi":"10.22042/ISECURE.2017.74050.371","DOIUrl":"https://doi.org/10.22042/ISECURE.2017.74050.371","url":null,"abstract":"A non-malleable code is a variant of an encoding scheme which is resilient to tampering attacks. The main idea behind non-malleable coding is that the adversary should not be able to obtain any valuable information about the message. Non-malleable codes are used in tamper-resilient cryptography and protecting memories against tampering attacks. Many different types of non-malleability have already been formalized and defined in current literature, among which continuous non-malleability is the setup in which the messages are protected against adversaries who may issue polynomially many tampering queries. The first continuous non-malleable encoding scheme has been proposed by Faust et al. (FMNV) in 2014. In this article, we propose a new proof of continuous non-malleability of the FMNV scheme. The new proof will give rise to an improved and more efficient version of this scheme. Also, the new proof shows that one may achieve continuous non-malleability of the same security by using a leakage resilient storage scheme with fewer bits for the leakage bound. This shows that the new scheme is more efficient and practical for tamper-resilient applications.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"270 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132833070","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Dwarf Frankenstein is still in your memory: tiny code reuse attacks 矮人弗兰肯斯坦仍然在你的记忆中:微小的代码重用攻击
ISC Int. J. Inf. Secur. Pub Date : 2017-01-30 DOI: 10.22042/ISECURE.2017.0.0.4
AliAkbar Sadeghi, Farzane Aminmansour, H. Shahriari
{"title":"Dwarf Frankenstein is still in your memory: tiny code reuse attacks","authors":"AliAkbar Sadeghi, Farzane Aminmansour, H. Shahriari","doi":"10.22042/ISECURE.2017.0.0.4","DOIUrl":"https://doi.org/10.22042/ISECURE.2017.0.0.4","url":null,"abstract":"Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common behaviour of code reuse attacks, which is the construction of a gadget chain. Therefore, the implication of a gadget and the minimum size of an attack chain are a matter of controversy. Conservative or relaxed thresholds may cause false positive and false negative alarms, respectively. The main contribution of this paper is to provide a tricky aspect of code reuse techniques, called tiny code reuse attacks (Tiny-CRA) that demonstrates the ineffectiveness of the threshold based detection methods. We show that with bare minimum assumptions, Tiny-CRA can reduce the size of a gadget chain in shuch a way that no distinction can be detected between normal behavior of a program and a code-reuse execution. To do so, we exhibit our Tiny-CRA primitives and introduce a useful gadget set available in libc. We demonstrate the effectiveness of our approach by implementing nine different shell-codes and exploiting real-world buffer overflow vulnerability in HT Editor 2.0.20.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"201 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115534611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Side channel parameter characteristics of code injection attacks 码注入攻击的侧信道参数特征
ISC Int. J. Inf. Secur. Pub Date : 2017-01-29 DOI: 10.22042/isecure.2017.0.0.5
Ehsan Aerabi, M. Kaykha, M. Fazeli, A. Patooghy, A. Akbari
{"title":"Side channel parameter characteristics of code injection attacks","authors":"Ehsan Aerabi, M. Kaykha, M. Fazeli, A. Patooghy, A. Akbari","doi":"10.22042/isecure.2017.0.0.5","DOIUrl":"https://doi.org/10.22042/isecure.2017.0.0.5","url":null,"abstract":"Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. The architectural simulation for execution time, power usage and temperature on benchmarks shows that these parameters disclose meaningful and distinguishable behaviours in case of attack.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122730436","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
LPKP: location-based probabilistic key pre-distribution scheme for large-scale wireless sensor networks using graph coloring LPKP:基于位置的大规模无线传感器网络的概率密钥预分配方案
ISC Int. J. Inf. Secur. Pub Date : 2017-01-22 DOI: 10.22042/ISECURE.2017.0.0.1
A. Ahadipour, A. Keshavarz-Haddad
{"title":"LPKP: location-based probabilistic key pre-distribution scheme for large-scale wireless sensor networks using graph coloring","authors":"A. Ahadipour, A. Keshavarz-Haddad","doi":"10.22042/ISECURE.2017.0.0.1","DOIUrl":"https://doi.org/10.22042/ISECURE.2017.0.0.1","url":null,"abstract":"Communication security of wireless sensor networks is achieved using cryptographic keys assigned to the nodes. Due to resource constraints in such networks, random key pre-distribution schemes are of high interest. Although in most of these schemes no location information is considered, there are scenarios that location information can be obtained by nodes after their deployment. In this paper, we propose a novel probabilistic key pre-distribution scheme, for large-scale wireless sensor networks which utilizes location information in order to improve the performance of random key pre-distribution substantially. In order to apply the location information of the nodes in key distribution process, we partition the network into some regions and use graph coloring techniques to efficiently assign the random keys. The proposed scheme has a superior scalability by supporting larger number of nodes and also increasing the probability of existence of a shared exclusive key among the nearby nodes, i.e., the probability of having an isolated node is significantly reduced in comparison with the existing random key pre-distribution schemes. Our simulation results verify these terms.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-01-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128619268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving 简要介绍安全协议形式化验证的两种方法:模型检查和定理证明
ISC Int. J. Inf. Secur. Pub Date : 2016-07-02 DOI: 10.22042/ISECURE.2016.8.1.1
Mohsen Pourpouneh, Rasoul Ramezanian
{"title":"A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving","authors":"Mohsen Pourpouneh, Rasoul Ramezanian","doi":"10.22042/ISECURE.2016.8.1.1","DOIUrl":"https://doi.org/10.22042/ISECURE.2016.8.1.1","url":null,"abstract":"In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all deferent behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this approach and then we model and verify some famous security protocols using Scyther . Theorem proving is based on deriving the desired goals from assumption of protocols via a deduction system. We define a deduction system named Simple Logic for Authentication to formally define the notion of authenticated communication based on the structure of the messages, and then we several famous protocols using our proposed deduction system and compare it with the verification results of Scyther model checking.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122217459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A novel key management scheme for heterogeneous sensor networks based on the position of nodes 一种基于节点位置的异构传感器网络密钥管理新方案
ISC Int. J. Inf. Secur. Pub Date : 2016-07-01 DOI: 10.22042/ISECURE.2016.8.2.3
Taha Yasin Rezapour, Reza Ebrahimi Atani, M. S. Abolghasemi
{"title":"A novel key management scheme for heterogeneous sensor networks based on the position of nodes","authors":"Taha Yasin Rezapour, Reza Ebrahimi Atani, M. S. Abolghasemi","doi":"10.22042/ISECURE.2016.8.2.3","DOIUrl":"https://doi.org/10.22042/ISECURE.2016.8.2.3","url":null,"abstract":"Wireless sensor networks (WSNs) have many applications in the areas of commercial, military and environmental requirements. Regarding the deployment of low cost sensor nodes with restricted energy resources, these networks face a lot of security challenges. A basic approach for preparing a secure wireless communication in WSNs, is to propose an efficient cryptographic key management protocol between sensor nodes to achieve maximum security with minimum cost. The main motivation of this paper is to apply the position of the sensor nodes as part of their identity for key management in heterogeneous sensor networks. In the proposed scheme, the position of sensor nodes is considered as a part of their identity and it is used for authentication and dedicating key to all network links. Comparing the proposed technique with other schemes shows that it has a higher level of scalability, security, and reliability with less memory complexity. © 2016 ISC. All rights reserved.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"497 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115327886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A note on the security of two improved RFID protocols 关于两个改进的RFID协议的安全性的说明
ISC Int. J. Inf. Secur. Pub Date : 2016-07-01 DOI: 10.22042/ISECURE.2016.8.2.6
M. Safkhani, N. Bagheri
{"title":"A note on the security of two improved RFID protocols","authors":"M. Safkhani, N. Bagheri","doi":"10.22042/ISECURE.2016.8.2.6","DOIUrl":"https://doi.org/10.22042/ISECURE.2016.8.2.6","url":null,"abstract":"","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125426421","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory 软件安全定量评价:基于UML/SecAM和证据理论的方法
ISC Int. J. Inf. Secur. Pub Date : 2016-07-01 DOI: 10.22042/ISECURE.2016.8.2.5
Ali Sedaghatbaf, M. A. Azgomi
{"title":"Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory","authors":"Ali Sedaghatbaf, M. A. Azgomi","doi":"10.22042/ISECURE.2016.8.2.5","DOIUrl":"https://doi.org/10.22042/ISECURE.2016.8.2.5","url":null,"abstract":"","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"85 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131716036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信