@article { author = {Jalili, R.}, title = {Editorial}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {1-2}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2012.4.1.1}, abstract = {From the Editor-in-Chief}, keywords = {}, url = {https://www.isecure-journal.com/article_39192.html}, eprint = {https://www.isecure-journal.com/article_39192_43d38e4615c55e068ecdba34fb806ed6.pdf} } @article { author = {Hooshmand, R. and Eghlidos, T. and Aref, M. R.}, title = {Improving the Rao-Nam secret key cryptosystem using regular EDF-QC-LDPC codes}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {3-14}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.4.1.2}, abstract = {This paper proposes an efficient joint secret key encryption-channel coding cryptosystem, based on regular Extended Difference Family Quasi-Cyclic Low-Density Parity-Check codes. The key length of the proposed cryptosystem decreases up to 85 percent using a new efficient compression algorithm. Cryptanalytic methods show that the improved cryptosystem has a significant security advantage over Rao-Nam cryptosystem against chosen plaintext attacks, benefiting from an improvement on the structure of the Rao-Nam cryptosystem and proper choices of code parameters. Moreover, the proposed cryptosystem benefits from the highest code rate and a proper error performance.}, keywords = {Rao-Nam Secret Key Cryptosystem,Low-Density Parity-Check Codes,Difference Families}, url = {https://www.isecure-journal.com/article_39193.html}, eprint = {https://www.isecure-journal.com/article_39193_b08bafcf565cb27f2c3c7db68c1b6d37.pdf} } @article { author = {Vardasbi, A. and Salmasizadeh, M. and Mohajeri, J.}, title = {On the multi _ chi-square tests and their data complexity}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {15-24}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.4.1.3}, abstract = {Chi-square tests are generally used for distinguishing purposes; however when they are combined to simultaneously test several independent variables, extra notation is required. In this study, the chi-square statistics in some previous works is revealed to be computed half of its real value. Therefore, the notion of Multi _ Chi-square tests is formulated to avoid possible future confusions. In order to show the application of Multi _ Chi square tests, two new tests are introduced and applied to reduce round Trivium as a special case. These tests are modifications of the ANF monomial test, and when applied to Trivium with the same number of rounds, the data complexity of them is roughly 24 times smaller than that of former ANF monomial test. In a Multi _ Chi-square test the critical degrees of freedom is defined to be the minimum value of the degrees of freedom for which the test is successful at distinguishing the samples set from random. This study investigates the relation between this critical value and the chi-square statistic of a Multi _ Chi-square test. In the sequel, by exploiting this relation, a method to approximate the data complexity of a distinguishing Multi _ Chi-square test is introduced and shown to perform properly in the special case of reduced round Trivium.}, keywords = {Multi _ Chi-square Test,Distinguishing Attacks,Critical Degrees of Freedom,Trivium}, url = {https://www.isecure-journal.com/article_39194.html}, eprint = {https://www.isecure-journal.com/article_39194_7010289d1d62a8cf948b632a21caf77d.pdf} } @article { author = {Barani, F. and Abadi, M.}, title = {BeeID: intrusion detection in AODV-based MANETs using artificial Bee colony and negative selection algorithms}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {25-39}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.4.1.4}, abstract = {Mobile ad hoc networks (MANETs) are multi-hop wireless networks of mobile nodes constructed dynamically without the use of any fixed network infrastructure. Due to inherent characteristics of these networks, malicious nodes can easily disrupt the routing process. A traditional approach to detect such malicious network activities is to build a profile of the normal network traffic, and then identify an activity as suspicious if it deviates from this profile. As the topology of a MANET constantly changes over time, the simple use of a static profile is not efficient. In this paper, we present a dynamic hybrid approach based on the artificial bee colony (ABC) and negative selection (NS) algorithms, called BeeID, for intrusion detection in AODV-based MANETs. The approach consists of three phases: training, detection, and updating. In the training phase, a niching artificial bee colony algorithm, called NicheNABC, runs a negative selection algorithm multiple times to generate a set of mature negative detectors to cover the nonself space. In the detection phase, mature negative detectors are used to discriminate between normal and malicious network activities. In the updating phase, the set of mature negative detectors is updated by one of two methods of partial updating or total updating. We use the Monte Carlo integration to estimate the amount of the nonself space covered by negative detectors and to determine when the total updating should be done. We demonstrate the effectiveness of BeeID for detecting several types of routing attacks on AODV-based MANETs simulated using the NS2 simulator. The experimental results show that BeeID can achieve a better tradeoff between detection rate and false-alarm rate as compared to other dynamic approaches previously reported in the literature.}, keywords = {Mobile Ad Hoc Network,Routing Attack,Intrusion Detection,Artificial Bee Colony,Negative Selection,Monte Carlo Integration}, url = {https://www.isecure-journal.com/article_39195.html}, eprint = {https://www.isecure-journal.com/article_39195_95f63f947b0b28db0da9473424b97e0d.pdf} } @article { author = {Afzali, H. and Nemati, H. and Azmi, R.}, title = {Private Key based query on encrypted data}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {41-50}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.4.1.5}, abstract = {Nowadays, users of information systems have inclination to use a central server to decrease data transferring and maintenance costs. Since such a system is not so trustworthy, users' data usually upkeeps encrypted. However, encryption is not a nostrum for security problems and cannot guarantee the data security. In other words, there are some techniques that can endanger security of encrypted data. Majority of existing methods for encrypted data management have some critical defects such as cryptanalysis attacks, encryption/decryption overhead, and inefficient data storing and retrieval. In this paper, at first we propose a prototype model of private key based search on encrypted data. Then we try to improve it significantly to meet security requirements. Our main goal is to offer a practical method of querying arbitrary words on encrypted data using a minimal trust model. Moreover, we present a model for balancing between performance and security based on user's requirements. In comparison with other methods, query response time is improved and the probability of statistical deductions is reduced.}, keywords = {Encryption,Query on Encrypted Data,Private Key Search,Privacy Preserving}, url = {https://www.isecure-journal.com/article_39196.html}, eprint = {https://www.isecure-journal.com/article_39196_61b2f15899a4e04d03a426f7376dc881.pdf} } @article { author = {Yahyazadeh, M. and Abadi, M.}, title = {BotOnus: an online unsupervised method for Botnet detection}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {51-62}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.4.1.6}, abstract = {Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage of their lifecycle; moreover, they depend on a particular command and control (C&C) protocol. In this paper, we address these issues and propose an online unsupervised method, called BotOnus, for botnet detection that does not require a priori knowledge of botnets. It extracts a set of flow feature vectors from the network traffic at the end of each time period, and then groups them to some flow clusters by a novel online fixed-width clustering algorithm. Flow clusters that have at least two members, and their intra-cluster similarity is above a similarity threshold, are identified as suspicious botnet clusters, and all hosts in such clusters are identified as bot infected. We demonstrate the effectiveness of BotOnus to detect various botnets including HTTP-, IRC-, and P2P-based botnets using a testbed network. The results of experiments show that it can successfully detect various botnets with an average detection rate of 94.33% and an average false alarm rate of 3.74%.}, keywords = {Botnet Detection,Botnet Lifecycle,Command and Control Channel,Online Clustering}, url = {https://www.isecure-journal.com/article_39197.html}, eprint = {https://www.isecure-journal.com/article_39197_b58da52e9b262132143d1aea1da5354b.pdf} } @article { author = {Mehrnejad, M. and Ghaemi Bafghi, A. and Harati, A. and Toreini, E.}, title = {SEIMCHA: a new semantic image CAPTCHA using geometric transformations}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {63-76}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.4.1.7}, abstract = {As protection of web applications are getting more and more important every day, CAPTCHAs are facing booming attention both by users and designers. Nowadays, it is well accepted that using visual concepts enhance security and usability of CAPTCHAs. There exist few major different ideas for designing image CAPTCHAs. Some methods apply a set of modifications such as rotations to the original image saved in the data base, to make the CAPTCHA more secure. In this paper, two different approaches for designing image based CAPTCHAs are introduced. The first one _ which is called Tagging image CAPTCHA _ is based on pre-tagged images, using geometric transformations to increase security, and the second approach tries to enhance the first one by eliminating the use of tags and relying on semantic visual concepts. In fact, recognition of upright orientation is used as a visual cue. The usability of the proposed approaches is verified using human subjects. An estimation of security is also obtained by different kinds of attacks. Further studies are done on the proposed transformations and also on the properness of each original image for each approach. Results suggest a practical Semantic Image CAPTCHA which is usable and secure compared to its peers.}, keywords = {SEIMCHA,Semantic Image CAPTCHA,Geometric Transformation,Upright Orientation,Tagging Image CAPTCHA,Random Guessing}, url = {https://www.isecure-journal.com/article_39198.html}, eprint = {https://www.isecure-journal.com/article_39198_0b0277ffa00b92ab290f3131c71781ec.pdf} } @article { author = {Mohammadi, S. and Hakimi, A.}, title = {A Chaos-Based Video Watermarking Algorithm}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {77-86}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2015.4.1.8}, abstract = {The intriguing characteristics of chaotic maps have prompted researchers to use these sequences in watermarking systems to good effect. In this paper we aim to use a tent map to encrypt the binary logo to achieve a like-noise signal. This approach makes extraction of the watermark signal by potential attacker very hard. Embedding locations are selected based on certain principles. Experimental results demonstrate that our proposed watermarking method is highly superior to other techniques reported in literature and readily achieves the desired robustness and security level.}, keywords = {Chaotic Maps,robustness,Security,watermarking}, url = {https://www.isecure-journal.com/article_39199.html}, eprint = {https://www.isecure-journal.com/article_39199_02bb7006caec6dcef826c6d44007deb5.pdf} } @article { author = {}, title = {Persian Abstract}, journal = {The ISC International Journal of Information Security}, volume = {4}, number = {1}, pages = {87-93}, year = {2012}, publisher = {Iranian Society of Cryptology}, issn = {2008-2045}, eissn = {2008-3076}, doi = {10.22042/isecure.2012.4.1.9}, abstract = {}, keywords = {}, url = {https://www.isecure-journal.com/article_45393.html}, eprint = {https://www.isecure-journal.com/article_45393_a08fd8d1586cd83ab447215b997a29d0.pdf} }