The ISC International Journal of Information Security

Abstract From the Editor-in-Chief

Abstract An Optimistic Fair Exchange (OFE) protocol is a good way for two parties to exchange their digital items in a fair way such that at the end of the protocol execution, both of them receive their items or none of them receive anything. In an OFE protocol there is a semi-trusted third party, named arbitrator, which involves in the protocol if it is necessary. But there is a security problem when arbitrator acts dishonestly and colludes with the verifier, that is, the arbitrator can complete the transaction without getting signer's agreement. Huang et al. in 2011 addressed this issue by formalizing the accountability property. However, Huang et al.'s scheme is secure in the random oracle model which is not available in the real world. We present the first generic accountable OFE protocol that is secure in the standard model by using traceable ring signatures (TRSs) as our primitive. We prove the security of our protocol under the chosen-key model and multi-user setting.

Abstract In this paper, we propose an effective microaggregation algorithm to produce a more useful protected data for publishing. Microaggregation is mapped to a clustering problem with known minimum and maximum group size constraints. In this scheme, the goal is to cluster n records into groups of at least k and at most 2k_1 records, such that the sum of the within-group squared error (SSE) is minimized. We propose a local search algorithm which iteratively satisfies the constraints of the optimal solution of the problem. The algorithm solves the problem in O (n²) time. Experimental results on real and synthetic data sets with different distributions demonstrate the effectiveness of the method in producing useful protected data sets.

Abstract A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex environment with the huge number of users and resources, traditional access control models cannot satisfy VOs security requirements. Most of the current proposals are basically based on the attributes of users and resources. In this paper, we suggest using a combination of the semantic based access control (SBAC) model, and the attribute based access control (ABAC) model with the shared ontology of subjects' attributes in VOs. In this model, each participating organization makes its access control decisions according to an enhanced model of the ABAC model. However, access decision in the VO is made in more abstract level through an enhanced model of the SBAC model. Using the ontology of users and resources in this model facilitates access control in large scale VOs with numerous organizations. By the combination of SBAC and ABAC, we attain their benefits and eliminate their shortcomings. In order to show the applicability of the proposed model, an access control system, based on the proposed model, has been implemented in Java using available APIs, including Sun's XACML API, Jena, Pellet, and Protégé.

Abstract In this study, a novel approach which uses combination of steganography and cryptography for hiding information into digital images as host media is proposed. In the process, secret data is first encrypted using the mono-alphabetic substitution cipher method and then the encrypted secret data is embedded inside an image using an algorithm which combines the random patterns based on Space Filling Curves (SFC) and the optimal pair-wise LSB matching method. We employ a modified Imperialist Competitive Algorithm by Genetic Algorithm operations, namely Discrete Imperialist Competitive Algorithm (DICA), to perform the optimal pair-wise LSB matching method and find the suboptimum adjustment list. The performance of the proposed method is compared with other methods with respect to Peak Signal to Noise Ratio (PSNR). The PSNR value of the proposed method is higher than the state-of-the-art methods by almost 4dB to 5dB.

Abstract An important issue in P2P networks is the existence of malicious nodes that decreases the performance of such networks. Reputation system in which nodes are ranked based on their behavior, is one of the proposed solutions to detect and isolate malicious (low ranked) nodes. Gossip Trust is an interesting previously proposed algorithm for reputation aggregation in P2P networks based on the concept of gossip. Despite its important contribution, this algorithm has deficiencies especially with high number of nodes that leads to high execution time and low accuracy in the results. In this paper, a grouped Gossip based Reputation Aggregation (GGRA) algorithm is proposed. In GGRA, Gossip Trust is executed in each group between group members and between groups instead of executing in the whole network. Due to the reduction in the number of nodes and using strongly connected graph instead of a weakly one, gossip algorithm in GGRA is executed quickly. With grouping, not only reputation aggregation is expected to be more scalable, but also because of the decrement in the number of errors of the gossiped communication, the results get more accurate. The evaluation of the proposed algorithm and its comparison with Gossip Trust confirms the expected results.

Abstract Nowadays, bulk of the designers prefer to outsource some parts of their design and fabrication process to the third-part companies due to the reliability problems, manufacturing cost and time-to-market limitations. In this situation, there are a lot of opportunities for malicious alterations by the off-shore companies. In this paper, we proposed a new placement algorithm that hinders the hardware Trojan insertion or simplifies the detection process in existence of Trojans. Experimental results show that the proposed placement improves the Trojan detectability of the attempted benchmarks against Trojan insertion more than 20% in reasonable cost in delay and wire length.

Abstract