The ISC International Journal of Information Security

Abstract While cloud computing is growing at a remarkable speed, privacy issues are far from being solved. One way to diminish privacy concerns is to store data on the cloud in encrypted form. However, encryption often hinders useful computation cloud services. A theoretical approach is to employ the so-called fully homomorphic encryption, yet the overhead is so high that it is not considered a viable solution for practical purposes. The next best thing is to craft special-purpose cryptosystems which support the set of operations required to be addressed by cloud services. In this paper, we put forward one such cryptosystem, which supports efficient search over structured data types, such as timestamps or network addresses, which are comprised of several segments with well-known values. The new cryptosystem, called SESOS, provides the ability to execute LIKE queries, along with the search for exact matches, as well as comparison.
In addition, the extended version, called XSESOS, allows for verifying the integrity of ciphertexts.
At its heart, SESOS combines any order-preserving encryption (OPE) scheme with a novel encryption scheme called Multi-map Perfectly Secure Cryptosystem(MuPS). We prove that MuPS is perfectly secure, and hence SESOS enjoys the same security properties of the underlying OPE scheme.
The overhead of executing equality and comparison operations is negligible. The performance of LIKE queries is significantly improved by up to 1370X and the performance of result decryption improved by 520X compared to existing solutions on a database with merely 100K records (the improvement is even more significant in larger databases).

Abstract In this paper a steganalysis method is proposed for pixel value differencing method. This steganographic method, which has been immune against conventional attacks, performs the embedding in the difference of the values of pixel pairs. Therefore, the histogram of the differences of an embedded image is di_erent as compared with a cover image. A number of characteristics are identified in the difference histogram that show meaningful alterations when an image is embedded. Five distinct multilayer perceptrons neural networks are trained to detect different levels of embedding. Every image is fed in to all networks and a voting system categorizes the image as stego or cover. The implementation results indicate an 88.6% success in correct categorization of the test images.

Abstract Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. The architectural simulation for execution time, power usage and temperature on benchmarks shows that these parameters disclose meaningful and distinguishable behaviours in case of attack.

Abstract An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wang et al. we present new differential and linear attacks on Zorro, both of which recover the full secret key with practical complexities. These attacks are based on very efficient distinguishers that have only two active S-Boxes per four rounds. The time complexities of our differential and linear attacks are 2^55.40 and 2^45.44 and the data complexity are 2^55.15 chosen plaintexts and 2^45.44 known plaintexts, respectively. The results clearly show that the block cipher Zorro does not have enough security against differential and linear attacks.

Abstract In network steganography methods based on packet length, the length of the packets is used as a carrier for exchanging secret messages. Existing methods in this area are vulnerable against detections due to abnormal network traffic behaviors. The main goal of this paper is to propose a method which has great resistance to network traffic detections. In the first proposed method, the sender embeds a bit of data in each pair that includes two non-identical packet lengths. In the current situation, if the first packet length of the pair is larger than the second one, it shows a ‘1’ bit and otherwise, it shows a ‘0’ bit. If the intended bit of the sender is in conflict with the current status, he/she will create the desired status by swapping the packet lengths. In this method, the paired packets can be selected freely, but in the second proposed method, the packets are divided into buckets and only packets within a single bucket can be paired together. In this case, the embedding method is similar to the previous one. The results show that the second method, despite having low embedding capacity, will be more secure in real traffic compared to the other methods. Since the packet lengths of UDP protocol are more random in comparison to TCP, the proposed methods have higher embedding capacity and they are more secure for UDP-based packets. However, these methods are only applicable to the protocols in which the packet length has not a constant value.

Abstract In this paper, we introduce a method of threshold secret sharing scheme (TSSS) in which secret reconstruction is based on Babai's nearest plane algorithm. In order to supply secure public channels for transmitting shares to parties, we need to ensure that there are no quantum threats to these channels. A solution to this problem can be utilization of lattice-based cryptosystems for these channels which requires designing lattice-based TSSSs. We investigate the effect of lattice dimension on the security and correctness of the proposed scheme. Moreover, we prove that for a fixed lattice dimension the proposed scheme is asymptotically correct. We also give a quantitative proof of security from information theoretic viewpoint.

Abstract Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks.

Abstract In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent security on the intractability of finding the shortest vector in a certain non-convolutional modular lattice, yet it is efficient and cost effective, contrary to cryptosystems such as RSA or ECC. The detailed specification of the proposed cryptosystem, including the underlying algebraic structure, key generation, encryption and decryption process and also the issues regarding key security, message security, and probability of successful decryption are explained. We will further show, based on the existing results for lattice-reduction algorithms, that the proposed cryptosystem with a dimension of 41 will have a security equal to NTRU-167.

Abstract ‎Hardware Trojans have emerged as a major concern for integrated circuits in recent years‎. ‎As a result‎, ‎detecting Trojans has become an important issue in critical applications‎, ‎such as finance and health‎. ‎The Trojan detection methods are mainly categorized into functional and side channel based ones‎. ‎To increase the capability of both mentioned detection methods‎, ‎one can increase the transition activity of the circuit‎. ‎This paper proposes a trusted platform for detecting Trojans in FPGA bitstreams‎. ‎The proposed methodology takes advantage of increased Trojan activation‎, ‎caused by transition aware partitioning of the circuit‎. ‎Meanwhile‎, ‎it benefits partial reconfiguration feature of FPGAs to reduce area overhead‎. ‎Experimental studies on the mapped version of s38417 ISCAS89 benchmark show that for the transition probability thresholds of 10^{-4} and 2*10^{-5}‎, ‎our method increases the ratio of the number of transitions (TCTCR) in the Trojan circuit by about 290.93% and 131.48%‎, ‎respectively‎, ‎compared to the unpartitioned circuit‎. ‎Similar experiments on s15850 for the transition probability thresholds of 10^{-4} and 2*10^{-5} show an increase of 290.26% and 203.11% in TCTCR‎, ‎respectively. Furthermore‎, ‎this method improves the functional Trojan detection capability due to a significant increase in the ratio of observing wrong results in primary outputs‎.

Abstract Online social media is integral to human life, facilitating messaging, information sharing, and confidential communication while preserving privacy. Platforms like Twitter, Instagram, and Facebook exemplify this phenomenon. However, users face challenges due to network anomalies, often stemming from malicious activities such as identity theft for financial gain or harm. This paper proposes a novel method using user similarity measures and the Generative Adversarial Network (GAN) algorithm to identify anomalies (fake nodes) in user accounts in a large-scale social network while handling imbalanced data issues. Despite the problem's complexity, the method achieves an AUC rate of 80\% in classifying and detecting fake accounts. Notably, the study builds on previous research, highlighting advancements and insights into the evolving landscape of anomaly detection in online social networks. The findings of this study contribute to ongoing advancements in fake account detection, offering a hopeful solution for securing online spaces against fraudulent activities and anomaly detection in social networks.

Abstract In this paper, a new broadcast encryption scheme is presented based on threshold secret sharing and secure multiparty computation. This scheme is maintained to be dynamic in that a broadcaster can broadcast a message to any of the dynamic groups of users in the system and it is also fair in the sense that no cheater is able to gain an unfair advantage over other users. Another important feature of our scheme is collusion resistance. Using secure multiparty computation, a traitor needs k cooperators in order to create a decryption machine. The broadcaster can choose the value of k as he decides to make a trade-off between communication complexity and collusion resistance. Comparison with other Broadcast Encryption schemes indicates enhanced performance and complexity on the part of the proposed scheme (in terms of message encryption and decryption, key storage requirements, and ciphertext size) relative to similar schemes. In addition, the scheme is modeled using applied pi calculus and its security is verified by means of an automated verification tool, i.e., ProVerif.

Abstract Steganography is a solution for covert communication and blockchain is a p2p network for data transmission, so the benefits of blockchain can be used in steganography. In this paper, we discuss the advantages of blockchain in steganography, which include the ability to embed hidden data without manual change in the original data, as well as the readiness of the blockchain platform for data transmission and storage. By reviewing the previous four steganography schemes in blockchain, we have examined their drawback and shown that most of them are non-practical schemes for steganography in blockchain. We have proposed two algorithms for steganography in blockchain, the first one is a high-capacity algorithm for the key and the steganography algorithm exchange and switching, and the second one is a medium-capacity algorithm for embedding hidden data. The proposed method is a general method for steganography in each blockchain, and we investigate how it can be implemented in two most popular blockchains, Bitcoin and Ethereum. Experimental result shows the efficiency and practicality of proposed method in terms of execution time, latency and steganography fee. Finally, we have explained the challenges of steganography in blockchain from the steganographers' and steganalyzers' point of view.

Abstract Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which extracts useful and high-level alerts, and helps to make timely decisions when a security breach occurs. In this paper, we propose an alert correlation system consisting of two major components; first, we introduce an Attack Scenario Extraction Algorithm (ASEA), which mines the stream of alerts for attack scenarios. The ASEA has a relatively good performance, both in speed and memory consumption. Contrary to previous approaches, the ASEA combines both prior knowledge as well as statistical relationships. Second, we propose a Hidden Markov Model (HMM)-based correlation method of intrusion alerts, fired from different IDS sensors across an enterprise. We use HMM to predict the next attack class of the intruder, also known as plan recognition. This component has two advantages: Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations; Secondly, as we perform high-level prediction, the model is more robust against over-fitting. In contrast, other published plan-recognition methods try to predict exactly the next attacker action. We applied our system to DARPA 2000 intrusion detection scenario dataset. The ASEA experiment shows that it can extract attack strategies efficiently. We evaluated our plan-recognition component both with supervised and unsupervised learning techniques using DARPA 2000 dataset. To the best of our knowledge, this is the first unsupervised method in attack plan recognition.

Abstract An essential requirement for providing secure services in wireless sensor networks is the ability to establish pairwise keys among sensors. Due to resource constraints on the sensors, the key establishment scheme should not create significant overhead. To date, several key establishment schemes have been proposed. Some of these have appropriate connectivity and resistance against key exposure, but the resources needed in the sensors are substantial. Others are appropriate from the resource consumption perspective, but have weak performance. This paper proposes a key establishment protocol based on symmetric polynomials. To improve performance, the protocol uses a new model to distribute polynomial shares to the sensors. A key feature of the proposed protocol is the trade-off between performance, security and resource consumption. Analysis shows that our solution has good performance compared to other approaches.

Abstract The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Initiation Protocol (SIP) is the widespread standard for establishing and ending VOIP communication sessions. Our tool generates an input sequence for a SIP phone which is designed to reveal security vulnerabilities in the SIP phone application. The input sequence includes SIP messages and external graphical user interface (GUI) events which might contribute to triggering vulnerability. The input sequence is generated to perform a random walk through the state space of the protocol. The generation of external GUI events is critical to testing a stateful protocol such as SIP because GUI interaction is required to explore a significant portion of the state space. We have used our security testing tool to identify a previously unknown vulnerability in an existing open source SIP phone.

Abstract A non-interactive (t,n)-publicly veriable secret sharing scheme (non-interactive (t,n)-PVSS scheme) is a (t,n)-secret sharing scheme in which anyone, not only the participants of the scheme, can verify the correctness of the produced shares without interacting with the dealer and participants. The (t,n)-PVSS schemes have found a lot of applications in cryptography because they are suitable for
real-life scenarios in which an external verifier is required to check the correctness of the produced shares without interacting with the dealer and participants. In this paper, we propose a non-interactive (t,n)-PVSS scheme using the non-homogeneous linear recursions (NHLRs), and prove its security with a formal method. We compare the computational complexity of our scheme with that of
Schoenmakers's scheme and show that our non-interactive (t,n)-PVSS scheme runs faster than Schoenmakers's scheme when n > 5 and n> t >(2n+9)/n. The communicational complexity of our scheme is almost equal to that of Schoenmakers's scheme.

Abstract Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round ID characteristic by utilizing a miss-in-the-middle-approach. We then present several cryptanalysis based upon the 4.5 rounds distinguisher against round-reduced Deoxys-BC-256 in both single-key and related-key settings. Our contributions include impossible differential attacks on up to 8-round Deoxys-BC-256 in the single-key model. Our attack reaches 9 rounds in the related-key related-tweak model which has a slightly higher data complexity than the best previous results obtained by a related-key related-tweak rectangle attack presented at FSE 2018, but requires a lower memory complexity with an equal time complexity.

Abstract This paper presents two efficient implementations of fast and pipelined bit-parallel polynomial basis multipliers over GF (2^m) by irreducible pentanomials and trinomials. The architecture of the first multiplier is based on a parallel and independent computation of powers of the polynomial variable. In the second structure only even powers of the polynomial variable are used. The parallel computation provides regular and low-cost structure with low critical path delay. In addition, the pipelining technique is applied to the proposed structures to shorten the critical path and to perform the computation in two clock cycles. The implementations of the proposed methods over the binary extension fields GF (2¹⁶³) and GF (2²³³) have been successfully verified and synthesized using Xilinx ISE 11 by Virtex-4, XC4VLX200 FPGA.

Abstract Radio Frequency Identification (RFID) applications have spread all over the world. In order to provide their security and privacy, researchers proposed different kinds of protocols. In this paper, we analyze the privacy of a new protocol, proposed by Yu-Jehn in 2015 which is based on Electronic Product Code Class1 Generation 2 (EPC C1 G2) standard. By applying the Ouafi_Phan privacy model, we show that the Yu-Jehn protocol is vulnerable to secret parameter reveal attack, traceability attacks, forward traceability attack and it also does not provide the privacy of RFID users. To enhance the privacy of the analyzed protocol, an improved version of the protocol is proposed which eliminates the existing weaknesses of Yu-Jehn protocol.

Abstract The A5/1 algorithm is one of the most famous stream cipher algorithms used for over-the-air communication privacy in GSM. The purpose of this paper is to analyze several weaknesses of A5/1, including an improvement to an attack and investigation of the A5/1 state transition. Biham and Dunkelman proposed an attack on A5/1 with a time and data complexity of 2^39.91and 2^21.1, respectively. In this paper, we propose a method for identification and elimination of useless states from the pre-computed tables and a new approach to access the table in the online phase of the attack which reduces the time complexity to 2^37.89 and the required memory in half. Furthermore, we discuss another weakness of A5/1 by investigating its internal state transition and its key stream sequence period. Consequently, the internal states are divided into two classes, initially periodic and ultimately periodic. The presented model is verified using a variety of simulations which are consistent with the theoretical results.

Abstract In this paper, we propose a new framework for joint encryption encoding scheme based on polar codes, namely efficient and secure joint secret key encryption channel coding scheme. The issue of using new coding structure, i.e. polar codes in Rao-Nam (RN) like schemes is addressed. Cryptanalysis methods show that the proposed scheme has an acceptable level of security with a relatively smaller key size in comparison with the previous works. The results indicate that the scheme provides an efficient error performance and benefits from a higher code rate which can approach the channel capacity for large enough polar codes. The most important property of the proposed scheme is that if we increase the block length of the code, we can have a higher code rate and higher level of security without significant changes in the key size of the scheme. The resulting characteristics of the proposed scheme make it suitable for high-speed communications, such as deep space communication systems.

Abstract Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Because of the complex design of smart grid systems, and utilizing
different new technologies, there are many opportunities for adversaries to attack the smart grid system that can result fatal problems for the customers. A privacy preserving authentication scheme is a critical element for secure development of smart grid. Recently, Mahmood et al. [1] proposed a lightweight message authentication scheme for smart grid communications and claimed that it satisfies the security requirements. Unfortunately, we found that Mahmood et al.'s scheme has some security vulnerabilities and it has not adequate security features to be utilized in smart grid. To address these drawbacks, we propose an efficient and secure lightweight privacy-preserving authentication scheme for a smart grid. Security of our scheme are evaluated, and the formal security analysis and verification are introduced via the broadly-accepted Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Finally, the security and efficiency comparisons are provided, which indicate the security and efficiency of the proposed scheme as compared to other existing related schemes.

Abstract < p>Automatic detection of access control violations in software applications is a challenging problem. Insecure Direct Object Reference (IDOR) is among top-ranked vulnerabilities, which violates access control policies and cannot be yet detected by automated vulnerability scanners. While such tools may detect the absence of access control by static or dynamic testing, they cannot verify if it is properly functioning when it is present. When a tool detects requesting access to an object, it is not aware of access control policies to infer whether the request is permitted. This completely depends on the access control logic and there is no automatic way to fully and precisely capture it from software behavior. Taking this challenge into consideration, this article proposes a black-box method to detect IDOR vulnerabilities in web applications without knowing access control logic. To this purpose, we first, gather information from the web application by a semi-automatic crawling process. Then, we tricksily manipulate legal requests to create effective attacks on the web application. Finally, we analyze received responses to check whether the requests are vulnerable to IDOR. The detection process in the analysis phase is supported by our set theory based formal modeling of such vulnerabilities. The proposed method has been implemented as an IDOR detection tool (IDOT) and evaluated on a couple of vulnerable web applications. Evaluation results show that the method can effectively detect IDOR vulnerabilities provided that enough information is gathered in the crawling phase.

Abstract Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the inverse of the permutation in the decryption function, which causes the resource efficiency. Artemia permutations have an efficient and a simple structure and are provably secure against the differential and linear cryptanalysis. In the permutations, MDS recursive layers are used that can be easily implemented in both software and hardware.

Abstract Impossible-differential cryptanalysis is one of the powerful methods utilized for evaluating the robustness of block ciphers; however, mCrypton is one of the block ciphers whose master key has not been recovered with this method in the single-key scenario. This paper first clarifies the branch number of the linear layer of mCrypton block ciphers with an observation. It has been shown that the branch number of the linear layer in mCrypton block cipher is four. Then, using this result, a 4-round impossible differential in a single-key scenario has been found. On the other hand, by exploiting the result of several observations, some vulnerabilities in the key-schedule algorithm were discovered and introduced. As a result, by exploiting the discovered vulnerabilities and 4-round property, impossible-differential cryptanalysis was successfully applied to seven rounds of mCrypton-64. To our knowledge, this is the first impossible differential cryptanalysis applied on mCrypton-64. In addition, this method requires 2^36.0 bytes of memory, 2^59.0 chosen plaintexts (with the corresponding ciphertexts), and 2^59.6 encryptions to recover the master key.