The ISC International Journal of Information Security

Abstract Steganography is the ability to hide secret information in a cover-media such as sound, pictures and text. A new approach is proposed to hide a secret into Arabic text cover media using "Kashida", an Arabic extension character. The proposed approach is an attempt to maximize the use of "Kashida" to hide more information in Arabic text cover-media. To approach this, some algorithms have been designed and implemented in a system, called MSCUKAT (Maximizing Steganography Capacity Using "Kashida" in Arabic Text). The improvements of this attempt include increasing the capacity of cover media to hide more secret information, reducing the file size increase after hiding the secret and enhancing the security of the encoded cover media. This proposed work has been tested outperforming previous work showing promising results.

Abstract In information security, ignorance is not bliss. It is always stated that hiding the protocols (let the other be ignorant about it) does not increase the security of organizations. However, there are cases that ignorance creates protocols. In this paper, we propose distributed contingency logic, a proper extension of contingency (ignorance) logic. Intuitively, a formula is distributed contingent in a group of agent if and only if it does not follow from the knowledge of all individual agents put together. We formalize secret sharing scheme (a security property that is built upon ignorance of all agents), and a man in the middle attack to a weak protocol in our logic. We also illustrate a condition where disclose a secret may hide another one forever. Finally we prove the main theorems of every logic, soundness and completeness. We also prove that distributed contingency logic is more expressive than classical contingency logic and epistemic logic.

Abstract This study presents a new method based on the combination of cryptography and information hiding methods. Firstly, the image is encoded by the Double Random Phase Encoding (DRPE) technique. The real and imaginary parts of the encoded image are subsequently embedded into an enlarged normalized host image. DRPE demands two random phase mask keys to decode the decrypted image at the destination. The two random phase masks are regenerated by the chaos theory using a fractal image. To enhance its security, instead of sending the second phase mask directly, the initial conditions and the parameter of the chaotic map and the fractal image are transferred to the authorized user through a secure channel. Experimental results reveal that the proposed method not only enjoys high security but also resists the commonplace attacks.

Abstract GGH class of public-key cryptosystems relies on computational problems based on the closest vector problem (CVP) in lattices for their security. The subject of lattice based cryptography is very active and there have recently been new ideas that revolutionized the field. We present EEH, a GGH-Like public key cryptosystem based on the Eisenstein integers Z [ζ₃] where ζ3 is a primitive cube root of unity. EEH applies representations of polynomials to the GGH encryption scheme and we discuss its key size and parameters selection. We also provide theoretical and experimental data to compare the security and efficiency of EEH to GGH with comparable parameter sets and show that EEH is an improvement over GGH in terms of security and efficiency.

Abstract Wireless sensor networks (WSNs) have many applications in the areas of commercial, military and environmental requirements. Regarding the deployment of low cost sensor nodes with restricted energy resources, these networks face a lot of security challenges. A basic approach for preparing a secure wireless communication in WSNs, is to propose an efficient cryptographic key management protocol between sensor nodes to achieve maximum security with minimum cost. The main motivation of this paper is to apply the position of the sensor nodes as part of their identity for key management in heterogeneous sensor networks. In the proposed scheme, the position of sensor nodes is considered as a part of their identity and it is used for authentication and dedicating key to all network links. Comparing the proposed technique with other schemes shows that it has a higher level of scalability, security, and reliability with less memory complexity.

Abstract In this paper we propose a new method for applying hiding countermeasure against CPA attacks. This method is for software implementation, based on smoothing power consumption of the device. This method is evaluated on the SIMON scheme as a case study; however, it is not relying on any specific SIMON features. Our new method includes only AND equivalent and XOR equivalent operations since every cryptographic algorithm can be implemented with two basic operations, namely AND and XOR. Therefore, hamming weight and hamming distance take constant values at each moment of time. This can decrease data-dependency between processed values and consumed power. In order to practically evaluate the resulting implementation overheads and the resistance improvement against CPA, we implement the proposed coding scheme on SIMON, a lightweight block cipher, on a smart card with the ATmega163 microprocessor. We define resistance as the number of traces, which for less than that number; the correct key cannot be distinguished from all other hypothetical keys by its correlation coefficient in any moment of time. The results of this implementation show 350 times more immunity against correlation attacks.

Abstract In this paper, we propose a new method of differential fault analysis of SHA-3 which is based on the differential relations of the algorithm. Employing those differential relations in the fault analysis of SHA-3 gives new features to the proposed attacks, e.g., the high probability of fault detection and the possibility of re-checking initial faults and the possibility to recover internal state with 22-53 faults.

We also present two improvements for the above attack which are using differential relations in reverse direction to improve that attack results and using the algebraic relations of the algorithm to provide a second way to recover the internal state of SHA-3. Consequently, we show that with 5-8 faults on average, SHA-3's internal state can be fully recovered.
X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X

Abstract Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to provide proper environment for executing the app in an emulator. Monkey is the most popular event generator for Android apps in general, and is used in dynamic analysis of Android malware as well. Monkey provides high code coverage and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events, and because of random behavior in generating UI events, it may lose dropping the connectivity of the test environment during the analysis process. Moreover, it provides no defense against malware evasion techniques. In this paper, we try to enhance Monkey by reducing its limitations while preserving its advantages. The proposed approach has been implemented as an extended version of Monkey, named Curious-Monkey. Curious-Monkey provides facilities for handling system events, handling evasion techniques, and keeping the test environment's connectivity up during the analysis process. We conducted many experiments to evaluate the effectiveness of the proposed tool regarding two important criteria in dynamic malware analysis: the ability to trigger malicious payloads and the code coverage. In the evaluation process, we used the Evadroid benchmark and the AMD malware dataset. Moreover, we compared Curious-Monkey with Monkey and Ares tools. The results show that the Curious-Monkey provides better results in case of triggering malicious payloads, as well as better code coverage.

Abstract The wireless communication with delivering variety of services to users is growing rapidly in recent years. The third generation of cellular networks (3G), and local wireless networks (WLAN) are the two widely used technologies in wireless networks. 3G networks have the capability of covering a vast area; while, WLAN networks provide higher transmission rates with less coverage. Since the two networks have complementary properties, some attempts are made for their integration which could lead to an advantageous heterogeneous network. In such a heterogeneous network, provision of services like authentication, billing and quality of service are essential. In this article, a new mutual authentication protocol, namely, Non-Reputation Billing Protocol (NRBP) is proposed based on extensible authentication protocols. This authentication scheme provides a non-repudiation property for the billing problem. The proposed scheme is analyzed based on different security features and computation overhead. In comparison with previous approaches, this protocol contains all the considered security parameters. Moreover, the computation overhead of this protocol is less than other schemes.

Abstract Nowadays, the growth of virtual environments such as virtual organizations, social networks, and ubiquitous computing, has led to the adoption of trust concept. One of the methods of making trust in such environments is to use a long-term relationship with a trusted partner. The main problem of this kind of trust, which is based on personal experiences, is its limited domain. Moreover, both parties of such trust relationship will face big problems of collecting data and forming reasonable and reliable beliefs. Considering the concept of "group" in modeling trust is a way to overcome the above mentioned problems. Since, group-based trust is more suited with the nature of trust in new virtual environments. In this paper, a new trust model called "GTrust" is proposed in which trust is considered as a collective and shared feature of all group members. Therefore, group membership is used as the judgment criteria regarding a person's expected behavior and how he can be a trustee. GTrust is based on Metagraphs which are graphical data structures for representing a collection of directed set-to-set mappings. We show that by using GTrust, large trust spaces between unknown individuals can be shaped effectively. The proposed model not only offers a better description of human sense of trust when considering communities, but also provides the setting for evaluating the trust of individuals whom we do not know, and therefore provides an extended evaluation domain.

Abstract This paper analyses the security and efficiency of some notable privacy preserving data aggregation schemes, SP2DAS, 3PDA, and EPPA. For SP2DAS and 3PDA schemes, We show that despite the designers’ claims, there are efficient forgery attacks on the signature scheme used. We present a
selective forgery attack on the signature scheme of SP2DAS in the key-only attack model and a selective forgery attack on the 3PDA’s signature scheme in the known-message attack model,
requiring only two pairs of message-signature. These attacks enable the attacker to inject any arbitrary faulty data into the data aggregated by the network, without being detected, which is a serious threat to the performance of the whole network.
We also present an improved version of the broadcast encryption scheme used in EPPA scheme, in which the decryption key is half, the decryption complexity is half, and the ciphertext size is 3=4 of the original one. The semantic security of the proposed scheme is proved under the same assumption as the original scheme.

Abstract This article presents new methods and tools used in the field of text analysis to identify fake news in the media. The problem with the research is that, as a rule, to identify fakes, a training dataset is required, on which thematic fakes were tested. This is not always feasible and requires additional resources. To solve this problem, a comprehensive research methodology has been developed that covers most detection tools, even in the absence of an established database containing reliable and fake news. The study includes a combination of various algorithms combined into a single analytical structure, presented in the work in the form of pseudocode. The authors introduce the concept of an "emotional fake model" similar to individual emotions included in a broader emotional spectrum. The essence of the model is to evaluate fakes based on the structure of definitions of emotions formed in fakes, which differ from the original signals due to different weight coefficients. The innovation involves a two—stage identification of fakes - initially clusters of messages from the text corpus are identified, and then, based on text analysis tools, their linguistic features and emotional differences are revealed (based on a set of emotions POMS). In the context of creating fake news using neural networks, emotional coloring plays a crucial role, providing a permanent foundation that can serve as a cornerstone for identification.

Abstract In Ciphertext-Policy Attribute-Based Encryption (CP-ABE) schemes, an access structure is sent with each ciphertext to specify the intended recipients. This design can reveal sensitive information about the encrypted data and its recipients. Moreover, it may introduce new security concerns regarding user privacy. Policy-hiding CP-ABE schemes have been proposed to address this challenge and protect user privacy. In this paper, we present the cryptanalysis of two policy-hiding CP-ABE schemes. For the first scheme, we demonstrate that it leaks attribute value information through the ciphertext. An adversary can exploit this flaw to perform an offline dictionary attack, revealing the attribute values used in the access structure, and thereby exposing the entire access structure. For the second scheme, we show that its security is compromised due to the improper establishment of the decryption key component utilized in the attribute matching phase. Data users can exploit the secret key components used in the attribute matching phase to decrypt any ciphertext, regardless of their attribute set.

Abstract In the last two decades bilinear pairings have found many applications in cryptography. Meanwhile identity-based cryptosystems based on bilinear pairings have received particular attention. The IEEE, IETF, and ISO organizations have been working on standardization of pairing-based cryptographic schemes. The Boneh-Franklin identity-based encryption and Sakai-Kasahara identity-based signature are the most well-known identity-based schemes that have been standardized. So far, various schemes have been proposed to reduce the computational overhead of pairing operations. All these schemes are trying to outsource pairing operations in a secure manner. But besides pairing operations, there are other basic and costly operations in pairing-based cryptography and identity-based schemes, including scalar multiplication on elliptic curves. In this research, we outsource the Boneh-Franklin encryption in a more secure and efficient (in terms of computational and communication complexity) way than existing schemes. Also we outsource the BLMQ signature (based on Sakai-Kasahara) scheme for the first time. The proposed schemes are secure in the OMTUP model. Also, unlike previous schemes, we considered communication channels insecure. Moreover, compared with the trivial solution which outsources every single operation (such as pairing, scalar multiplication and modular exponentiation) as a separate subroutine, our schemes offer less complexity by seamlessly outsourcing the whole encryption scheme for the first time.

Abstract Selecting optimal cybersecurity countermeasures requires integration with mission-critical objectives beyond technical risk minimization. This paper presents a mission-centric framework for countermeasure selection in cybersecurity situation awareness systems by extending the RiskMAP methodology with agent-based and discrete-event simulation. The framework employs a multi-criteria decision-making approach based on the Confidentiality, Integrity, and Availability (CIA) triad, weighing mission objectives and mapping vulnerabilities and threats using MITRE ATT&CK and D3FEND taxonomies. Candidate countermeasures are evaluated considering risk reduction, implementation cost, operational impact, and mission alignment. We demonstrate the approach through a case study on a critical infrastructure organization’s network modeled in AnyLogic. Results show improved alignment between security posture and organizational priorities while maintaining effective risk reduction, outperforming traditional methods. This framework enables quantitative visualization and optimization of security investments relative to mission continuity. All simulation models, data, and scripts are openly available to support reproducibility.

Abstract Medical images show a great interest since it is needed in various medical applications. In order to decrease the size of medical images which are needed to be transmitted in a faster way; Region of Interest (ROI) and hybrid lossless compression techniques are applied on medical images to be compressed without losing important data. In this paper, a proposed model will be presented and assessed based on size of the image, the Peak Signal to Noise Ratio (PSNR),and the time that is required to compress and reconstruct the original image.
The major objective of the proposed model is to minimize the size of image and the transmission time. Moreover, improving the PSNR is a critical challenge.The results of the proposed model illustrate that applying hybrid lossless
techniques on the ROI of medical images reduces size by 39% and gives better results in terms of the compression ratio and PSNR.

Abstract Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive computing environments. To this aim, we propose a context-aware mandatory access control model (CAMAC) capable of dynamic adaptation of access control policies to context, and of handling context-sensitive class association, in addition to preservation of confidentiality and integrity as specified in traditional mandatory access control models. In order to prevent any ambiguity, a formal specification of the model and its elements such as context predicates, context types, level update rules, and operations is required. High expressiveness of the model allows specification of the traditional mandatory access control models such as BLP, Biba, Dion, and Chinese Wall. The model can also be considered as an information flow control model with context-sensitive association of security classes.

Abstract Nowadays, users of information systems have inclination to use a central server to decrease data transferring and maintenance costs. Since such a system is not so trustworthy, users' data usually upkeeps encrypted. However, encryption is not a nostrum for security problems and cannot guarantee the data security. In other words, there are some techniques that can endanger security of encrypted data. Majority of existing methods for encrypted data management have some critical defects such as cryptanalysis attacks, encryption/decryption overhead, and inefficient data storing and retrieval. In this paper, at first we propose a prototype model of private key based search on encrypted data. Then we try to improve it significantly to meet security requirements. Our main goal is to offer a practical method of querying arbitrary words on encrypted data using a minimal trust model. Moreover, we present a model for balancing between performance and security based on user's requirements. In comparison with other methods, query response time is improved and the probability of statistical deductions is reduced.

Abstract A non-malleable code is a variant of an encoding scheme which is resilient to tampering attacks. The main idea behind non-malleable coding is that the adversary should not be able to obtain any valuable information about the message. Non-malleable codes are used in tamper-resilient cryptography and protecting memories against tampering attacks. Many different types of non-malleability have already been formalized and defined in current literature, among which continuous non-malleability is the setup in which the messages are protected against adversaries who may issue polynomially many tampering queries. The first continuous non-malleable encoding scheme has been proposed by Faust et al. (FMNV) in 2014. In this article, we propose a new proof of continuous non-malleability of the FMNV scheme. The new proof will give rise to an improved and more efficient version of this scheme. Also, the new proof shows that one may achieve continuous non-malleability of the same security by using a leakage resilient storage scheme with fewer bits for the leakage bound. This shows that the new scheme is more efficient and practical for tamper-resilient applications.

Abstract Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in detecting new attacks. To tackle this problem, various methods of machine learning have been presented in recent years. Since malicious web requests have more delicate distinction than normal requests, these methods have failed to exhibit a good accuracy in new attack detection. This paper presents a new method for web attack detection using seq2seq networks using attention. The results show that this method could predict the possible responses and use the difference from the real responses of the server to model the normal traffic. Thereby, it could use the similarity measure to discriminate between normal and anomalous traffic. The highest accuracy of this method versus similar methods shows that the use of attention mechanism can cope with the challenge of studying long web requests to a great extent.

Abstract In this paper we present a new finite field-based public key cryptosystem(NETRU) which is a non-commutative variant of CTRU. The original CTRU is defined by the ring of polynomials in one variable over a finite field F2. This system works in the ring R = F2[x]=hxN 􀀀 1i and is already broken by some attacks such as linear algebra attack. We extend this system over finite fields Zp, where p is a prime (or prime power) and it operates over the non-commutative ring M = Mk(Zp)[T; x]=hXn 􀀀 Ikki, where M is a matrix ring of k by k matrices of polynomials in R = Zp[T; x]=hxn 􀀀1i. In the proposed NETRU, the encryption and decryption computations are non-commutative and hence the system is secure against linear algebra attack as lattice-based attacks. NETRU is designed based on the CTRU core and exhibits high levels of security with two-sided matrix multiplication.

Abstract Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able to access the required resources based on their contexts. These and other similar complexities necessitate dynamic and context-aware access control models for such environments. In other words, an efficient access control model for pervasive computing environments should be aware of context information. Changes in context information imply some changes in the users' authorities. Accordingly, an access control model for a pervasive computing environment should control all accesses of unknown users to the resources based upon the participating context information, i.e., contexts of the users, resources and the environment. In this paper, a new context-aware access control model is proposed for pervasive computing environments. Contexts are classified into long-term contexts (which do not change during a session) and short-term contexts (which their steady-state period is less than an average time of a session). The model assigns roles to a user dynamically at the beginning of their sessions considering the long-term contexts. However, during a session the active permission set of the assigned roles are determined based on the short-term context conditions. Formal specification of the proposed model as well as the proposed architecture are presented in this paper. Furthermore, by presenting a real case study, it is shown that the model is applicable, decidable, and dynamic. Expressiveness and complexity of the model is also evaluated.

Abstract In this study, a novel approach which uses combination of steganography and cryptography for hiding information into digital images as host media is proposed. In the process, secret data is first encrypted using the mono-alphabetic substitution cipher method and then the encrypted secret data is embedded inside an image using an algorithm which combines the random patterns based on Space Filling Curves (SFC) and the optimal pair-wise LSB matching method. We employ a modified Imperialist Competitive Algorithm by Genetic Algorithm operations, namely Discrete Imperialist Competitive Algorithm (DICA), to perform the optimal pair-wise LSB matching method and find the suboptimum adjustment list. The performance of the proposed method is compared with other methods with respect to Peak Signal to Noise Ratio (PSNR). The PSNR value of the proposed method is higher than the state-of-the-art methods by almost 4dB to 5dB.

Abstract Nowadays there are different kinds of attacks on Field Programmable Gate Array (FPGA). As FPGAs are used in many different applications, its security becomes an important concern, especially in Internet of Things (IoT) applications. Hardware Trojan Horse (HTH) insertion is one of the major security threats that can be implemented in unused space of the FPGA. This unused space is unavoidable to meet the place and route requirements. In this paper, we introduce an efficient method to fill this space and thus to leave no free space for inserting HTHs. Using a shift register in combination with gate-chain is the best way of filling unused space, which incurs a no increase in power consumption of the main design. Experimental results of implementing a set of IWLS benchmarks on Xilinx Virtex devices show that the proposed prevention and detection scheme imposes a no power overhead with no degradation to performance and critical path delay of the main design

Abstract Image watermarking refers to the process of embedding an authentication message, called watermark, into the host image to uniquely identify the ownership. In this paper a novel, intelligent, scalable, robust wavelet-based watermarking approach is proposed. The proposed approach employs a genetic algorithm to find nearly optimal positions to insert watermark. The embedding positions coded as chromosomes and GA operators (e.g. selection, crossover, mutation and elitism), are used to find the nearly optimal embedding positions. A fitness function, which includes both factors related to transparency and robustness, is used to assess and compare chromosomes. The watermarked test images do not show any perceptual degradation. This approach supports scalable watermark detection and provides robustness against progressive wavelet image compression. The experimental results very efficiently prove the robustness of the approach against progressive wavelet image coding even at very low bit-rates and some other attacks. This approach is a good candidate for providing efficient authentication for secure and progressive image transmission applications especially over heterogeneous networks, such as the Internet.