Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20458220160701ASIC design protection against reverse engineering during the fabrication process using automatic netlist obfuscation design flow931044177410.22042/isecure.2016.8.2.1ENSh. ZamanzadehComputer Science and Engineering Department, Shahid Beheshti University, Tehran, IranA. JahanianComputer Science and Engineering Department, Shahid Beheshti University, Tehran, IranJournal Article20151120Fab-less business model in semiconductor industry has led to serious concerns about trustworthy hardware. In untrusted foundries and manufacturing companies, submitted layout may be analyzed and reverse engineered to steal the information of a design or insert malicious Trojans. Understanding the netlist topology is the ultimate goal of the reverse engineering process. In this paper, we propose a netlist encryption mechanism to hide the interconnect topology inside an IC. Moreover, new special standard cells (Wire Scrambling cells) are designed to play the role of netlist encryption. Furthermore, a design ow is proposed to insert the WS-cells inside the netlist with the aim of maximum obfuscation and minimum overhead. It is worth noting that this mechanism is fully automated with no need to detail information of the functionality and structure of the design. Our proposed mechanism is implemented in an academic physical design framework (EduCAD). Experimental results show that reverse engineering can be hindered considerably in cost of negligible overheads by 23% in area, 3.25% in delay and 14.5% in total wire length. Reverse engineering is evaluated by brute-force attack, and the learned information is 0% and the Hamming distance is approximately 50%.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20458220160701Traceability improvements of a new RFID protocol based on EPC C1 G21051144178010.22042/isecure.2016.8.2.2ENS. Sajjadi GhaemmaghamiDepartment of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, IranA. HaghbinDepartment of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, IranM. MirmohseniDepartment of Electrical Engineering, Sharif University of Technology, Tehran, IranJournal Article20160111Radio Frequency Identification (RFID) applications have spread all over the world. In order to provide their security and privacy, researchers proposed different kinds of protocols. In this paper, we analyze the privacy of a new protocol, proposed by Yu-Jehn in 2015 which is based on Electronic Product Code Class1 Generation 2 (EPC C1 G2) standard. By applying the Ouafi_Phan privacy model, we show that the Yu-Jehn protocol is vulnerable to secret parameter reveal attack, traceability attacks, forward traceability attack and it also does not provide the privacy of RFID users. To enhance the privacy of the analyzed protocol, an improved version of the protocol is proposed which eliminates the existing weaknesses of Yu-Jehn protocol.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20458220160701A novel key management scheme for heterogeneous sensor networks based on the position of nodes1151304178210.22042/isecure.2016.8.2.3ENT. Y. RezapourDepartment of Computer Engineering, University of Guilan, Rasht, Iran
Department of Information Technology, Ports and Maritime Organization, Tehran, IranR. Ebrahimi AtaniDepartment of Computer Engineering, University of Guilan, Rasht, Iran0000-0001-9180-8707M. S. AbolghasemiDepartment of Computer Engineering, University of Guilan, Rasht, IranJournal Article20140423Wireless sensor networks (WSNs) have many applications in the areas of commercial, military and environmental requirements. Regarding the deployment of low cost sensor nodes with restricted energy resources, these networks face a lot of security challenges. A basic approach for preparing a secure wireless communication in WSNs, is to propose an efficient cryptographic key management protocol between sensor nodes to achieve maximum security with minimum cost. The main motivation of this paper is to apply the position of the sensor nodes as part of their identity for key management in heterogeneous sensor networks. In the proposed scheme, the position of sensor nodes is considered as a part of their identity and it is used for authentication and dedicating key to all network links. Comparing the proposed technique with other schemes shows that it has a higher level of scalability, security, and reliability with less memory complexity.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20458220160701Optimum decoder for multiplicative spread spectrum image watermarking with Laplacian modeling1311394178410.22042/isecure.2016.8.2.4ENN. ZarmehiElectrical Engineering Department, Sharif University of Technology, Tehran, Iran
Advanced Communications Research Institute, Sharif University of Technology, Tehran, IranM. R. ArefElectrical Engineering Department, Sharif University of Technology, Tehran, Iran
Information Systems and Security Lab. (ISSL), Electrical Engineering Department, Sharif University of Technology, Tehran,
IranJournal Article20160303This paper investigates the multiplicative spread spectrum watermarking method for the image. The information bit is spreaded into middle-frequency Discrete Cosine Transform (DCT) coefficients of each block of an image using a generated pseudo-random sequence. Unlike the conventional signal modeling, we suppose that both signal and noise are distributed with Laplacian distribution, because the sample loss of digital media can be better modeled with this distribution than the Gaussian one. We derive the optimum decoder for the proposed embedding method thanks to the maximum likelihood decoding scheme. We also analyze our watermarking system in the presence of noise and provide analytical evaluations and several simulations. The results show that it has the suitable performance and transparency required for watermarking applications.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20458220160701Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory1411534178510.22042/isecure.2016.8.2.5ENA. SedaghatbafSchool of Computer Engineering, Iran University of Science and Technology, Tehran, IranM. Abdollahi AzgomiSchool of Computer Engineering, Iran University of Science and Technology, Tehran, Iran0000-0002-9605-8412Journal Article20160202Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient knowledge. This inaccuracy is ignored in most of the existing evaluation methods. The aim of this paper is to explicitly consider parameter uncertainty in the software security evaluation process. In particular, we use the Dempster-Shafer theory of evidence to formulate the uncertainties in input parameters and determine their effects on output measures. In the proposed method, security attacks are expressed using UML diagrams (i.e., misuse case and mal-activity diagrams) and security parameters are specified using the SecAM profile. UML/SecAM models are then transformed into attack trees, which allow quantifying the probability of security breaches. The applicability of the method is validated by a case study on an online marketing system.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20458220160701A note on the security of two improved RFID protocols1551604178910.22042/isecure.2016.8.2.6ENM. SafkhaniComputer Engineering Department, Shahid Rajaee Teacher Training University, Tehran, IranN. BagheriElectrical Engineering Department, Shahid Rajaee Teacher Training University, Tehran, IranJournal Article20160317Recently, Baghery <em>et al.</em> [1, 2] presented some attacks on two RFID protocols, namely Yoon and Jung et al. protocols, and proposed the improved version of them. However, in this note, we show that the improved version of the Jung <em>et al.</em> protocol suffers from desynchronization attack and the improved version of the Yoon's protocol suffers from secret disclosure attack. The success probability of the desynchronization attack against the improved version of the Jung <em>et al.</em> protocol is (1-2<sup>-2n</sup>)<sup>2</sup>, where <em>n</em> is length of the protocol parameters. The attack can be accomplished with just three runs of the protocol. The success probability of the secret disclosure attack against the improved version of the Yoon's protocol is almost 1, while the complexity is just two runs of the protocol and doing 2<sup>16</sup> off-line evaluations of PRNG function.Iranian Society of CryptologyThe ISC International Journal of Information Security2008-20458220160727Persian Abstract1611664539110.22042/isecure.2016.8.2.8ENJournal Article20160727No abstract