Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
8
2
2016
07
01
ASIC design protection against reverse engineering during the fabrication process using automatic netlist obfuscation design flow
93
104
EN
Sh.
Zamanzadeh
Computer Science and Engineering Department, Shahid Beheshti University, Tehran, Iran
s.zamanzadeh@gmail.com
A.
Jahanian
Computer Science and Engineering Department, Shahid Beheshti University, Tehran, Iran
jahanian@sbu.ac.ir
10.22042/isecure.2016.8.2.1
Fab-less business model in semiconductor industry has led to serious concerns about trustworthy hardware. In untrusted foundries and manufacturing companies, submitted layout may be analyzed and reverse engineered to steal the information of a design or insert malicious Trojans. Understanding the netlist topology is the ultimate goal of the reverse engineering process. In this paper, we propose a netlist encryption mechanism to hide the interconnect topology inside an IC. Moreover, new special standard cells (Wire Scrambling cells) are designed to play the role of netlist encryption. Furthermore, a design ow is proposed to insert the WS-cells inside the netlist with the aim of maximum obfuscation and minimum overhead. It is worth noting that this mechanism is fully automated with no need to detail information of the functionality and structure of the design. Our proposed mechanism is implemented in an academic physical design framework (EduCAD). Experimental results show that reverse engineering can be hindered considerably in cost of negligible overheads by 23% in area, 3.25% in delay and 14.5% in total wire length. Reverse engineering is evaluated by brute-force attack, and the learned information is 0% and the Hamming distance is approximately 50%.
Hardware Security,Netlist Encryption,Obfuscation,Reverse Engineering,IP Piracy
https://www.isecure-journal.com/article_41774.html
https://www.isecure-journal.com/article_41774_9902499bb408af9e524e1807fe52f119.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
8
2
2016
07
01
Traceability improvements of a new RFID protocol based on EPC C1 G2
105
114
EN
S.
Sajjadi Ghaemmaghami
Department of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran
A.
Haghbin
Department of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran
haghbin@srbiau.ac.ir
M.
Mirmohseni
Department of Electrical Engineering, Sharif University of Technology, Tehran, Iran
mirmohseni@sharif.edu
10.22042/isecure.2016.8.2.2
Radio Frequency Identification (RFID) applications have spread all over the world. In order to provide their security and privacy, researchers proposed different kinds of protocols. In this paper, we analyze the privacy of a new protocol, proposed by Yu-Jehn in 2015 which is based on Electronic Product Code Class1 Generation 2 (EPC C1 G2) standard. By applying the Ouafi_Phan privacy model, we show that the Yu-Jehn protocol is vulnerable to secret parameter reveal attack, traceability attacks, forward traceability attack and it also does not provide the privacy of RFID users. To enhance the privacy of the analyzed protocol, an improved version of the protocol is proposed which eliminates the existing weaknesses of Yu-Jehn protocol.
RFID Authentication Protocols,Privacy,Traceability Attack,Forward Traceability Attack,Ouafi-Phan Privacy Model
https://www.isecure-journal.com/article_41780.html
https://www.isecure-journal.com/article_41780_492aa0b0ad466b133e330f0524e13422.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
8
2
2016
07
01
A novel key management scheme for heterogeneous sensor networks based on the position of nodes
115
130
EN
T. Y.
Rezapour
Department of Computer Engineering, University of Guilan, Rasht, Iran
Department of Information Technology, Ports and Maritime Organization, Tehran, Iran
rezapour.ty@gmail.com
R.
Ebrahimi Atani
0000-0001-9180-8707
Department of Computer Engineering, University of Guilan, Rasht, Iran
reza.ebrahimi.atani@gmail.com
M. S.
Abolghasemi
Department of Computer Engineering, University of Guilan, Rasht, Iran
10.22042/isecure.2016.8.2.3
Wireless sensor networks (WSNs) have many applications in the areas of commercial, military and environmental requirements. Regarding the deployment of low cost sensor nodes with restricted energy resources, these networks face a lot of security challenges. A basic approach for preparing a secure wireless communication in WSNs, is to propose an efficient cryptographic key management protocol between sensor nodes to achieve maximum security with minimum cost. The main motivation of this paper is to apply the position of the sensor nodes as part of their identity for key management in heterogeneous sensor networks. In the proposed scheme, the position of sensor nodes is considered as a part of their identity and it is used for authentication and dedicating key to all network links. Comparing the proposed technique with other schemes shows that it has a higher level of scalability, security, and reliability with less memory complexity.
WSN,Position Based Cryptography,Key Management,Heterogeneous Sensor Networks
https://www.isecure-journal.com/article_41782.html
https://www.isecure-journal.com/article_41782_d59f9813597cec2817e69fe8413cd15e.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
8
2
2016
07
01
Optimum decoder for multiplicative spread spectrum image watermarking with Laplacian modeling
131
139
EN
N.
Zarmehi
Electrical Engineering Department, Sharif University of Technology, Tehran, Iran
Advanced Communications Research Institute, Sharif University of Technology, Tehran, Iran
zarmehi_n@ee.sharif.edu
M. R.
Aref
Electrical Engineering Department, Sharif University of Technology, Tehran, Iran
Information Systems and Security Lab. (ISSL), Electrical Engineering Department, Sharif University of Technology, Tehran,
Iran
isecure@sharif.ir
10.22042/isecure.2016.8.2.4
This paper investigates the multiplicative spread spectrum watermarking method for the image. The information bit is spreaded into middle-frequency Discrete Cosine Transform (DCT) coefficients of each block of an image using a generated pseudo-random sequence. Unlike the conventional signal modeling, we suppose that both signal and noise are distributed with Laplacian distribution, because the sample loss of digital media can be better modeled with this distribution than the Gaussian one. We derive the optimum decoder for the proposed embedding method thanks to the maximum likelihood decoding scheme. We also analyze our watermarking system in the presence of noise and provide analytical evaluations and several simulations. The results show that it has the suitable performance and transparency required for watermarking applications.
Laplacian Distribution,Maximum Likelihood Decoding,Spread Spectrum Method,watermarking
https://www.isecure-journal.com/article_41784.html
https://www.isecure-journal.com/article_41784_e65647f01817dde23e04aa793f8aafae.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
8
2
2016
07
01
Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
141
153
EN
A.
Sedaghatbaf
School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
M.
Abdollahi Azgomi
0000-0002-9605-8412
School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
azgomi@gmail.com
10.22042/isecure.2016.8.2.5
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient knowledge. This inaccuracy is ignored in most of the existing evaluation methods. The aim of this paper is to explicitly consider parameter uncertainty in the software security evaluation process. In particular, we use the Dempster-Shafer theory of evidence to formulate the uncertainties in input parameters and determine their effects on output measures. In the proposed method, security attacks are expressed using UML diagrams (i.e., misuse case and mal-activity diagrams) and security parameters are specified using the SecAM profile. UML/SecAM models are then transformed into attack trees, which allow quantifying the probability of security breaches. The applicability of the method is validated by a case study on an online marketing system.
Software architecture,Security Evaluation,Uncertainty Quantification,Evidence Theory
https://www.isecure-journal.com/article_41785.html
https://www.isecure-journal.com/article_41785_9252fa03f3ddb3eb5211906fd97cc164.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
8
2
2016
07
01
A note on the security of two improved RFID protocols
155
160
EN
M.
Safkhani
Computer Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran
safkhani@srttu.edu
N.
Bagheri
Electrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, Iran
nbagheri@srttu.edu
10.22042/isecure.2016.8.2.6
Recently, Baghery <em>et al.</em> [1, 2] presented some attacks on two RFID protocols, namely Yoon and Jung et al. protocols, and proposed the improved version of them. However, in this note, we show that the improved version of the Jung <em>et al.</em> protocol suffers from desynchronization attack and the improved version of the Yoon's protocol suffers from secret disclosure attack. The success probability of the desynchronization attack against the improved version of the Jung <em>et al.</em> protocol is (1-2<sup>-2n</sup>)<sup>2</sup>, where <em>n</em> is length of the protocol parameters. The attack can be accomplished with just three runs of the protocol. The success probability of the secret disclosure attack against the improved version of the Yoon's protocol is almost 1, while the complexity is just two runs of the protocol and doing 2<sup>16</sup> off-line evaluations of PRNG function.
RFID,Authentication Protocol,Desynchronization Attack,Secret Disclosure Attack
https://www.isecure-journal.com/article_41789.html
https://www.isecure-journal.com/article_41789_7cc45db72fbc5747ea37dc132ef43b7f.pdf
Iranian Society of Cryptology
The ISC International Journal of Information Security
2008-2045
2008-3076
8
2
2016
07
27
Persian Abstract
161
166
EN
10.22042/isecure.2016.8.2.8
No abstract
https://www.isecure-journal.com/article_45391.html
https://www.isecure-journal.com/article_45391_6b3e2d5b44b9089605105f1d37839783.pdf