International Journal of Information Security
Volume:9 Issue: 1, Jan 2017

Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i. e. large amount of computation, storage and communication cost for managing certificates) and ID-based public key cryptography (i. e. key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which provides the goals of signing and encryption, simultaneously. In 2010, Liu et al. presented the first certificateless signcryption (CLSC) scheme in the standard model, but their scheme is vulnerable against different attacks presented in the literature, till now. In this paper, we will improve their scheme and propose a new CLSC scheme which is semantically secure against adaptive chosen ciphertext attack under the (S_2,5)- BDHE-Set assumption and existentially unforgeable against adaptive chosen message attack under the 3-CDHE assumption in the standard model. Our scheme is more efficient than all other secure CLSC schemes in the standard model proposed up to now.

Embedded systems are becoming a suggestive target for Code Injection attacks in recent years. Software protection mechanisms in general computers are not usually applicable in embedded systems as they come with limited resources like memory and processor. In this paper we investigate side channel characteristics of embedded systems and their usability in code injection attack detection. The architectural simulation for execution time, power usage and temperature on benchmarks shows that these parameters would disclose meaningful and distinguishable behavior in case of attack.

Communication security of wireless sensor networks is achieved using cryptographic keys assigned to the nodes. Due to resource constraints in such networks, random key pre-distribution schemes are of high interest. Although in most of these schemes no location information is considered, there are scenarios that location information can be obtained by nodes after their deployment. In this paper, we propose a novel probabilistic key pre-distribution scheme, for large-scale wireless sensor networks which utilizes location information in order to improve the performance of random key pre-distribution substantially. In order to apply the location information of the nodes in key distribution process, we partition the network into some regions and use graph coloring techniques to eciently assign the random keys. The proposed scheme has a superior scalability by supporting larger number of nodes and also increasing the probability of existence of a shared exclusive key among the nearby nodes, i.e., the probability of having an isolated node is signi cantly reduced in comparison with the existing random key pre-distribution schemes. Our simulation results verify these terms.

A non-malleable code is a variant of an encoding scheme which is resilient to tampering attacks. The main idea behind nonmalleable coding is that the adversary should not be able to obtain any valuable information about the message. Non-malleable codes are used in tamper-resilient cryptography and protecting memories against tampering attacks. Many different types of nonmalleability have already been formalized and defined in current literature, among which continuous non-malleability is the setup in which the messages are protected against adversaries who may issue polynomially many tampering queries. The first continuous non-malleable encoding scheme has been proposed by Faust et. al. (FMNV) in 2014. In this article, we propose a new proof of continuous non-malleability of the FMNV scheme, while the new proof will also give rise to an improved and more efficient version of this scheme. The new proof also shows that one may achieve continuous nonmalleability of the same security by using a leakage resilient storage scheme with (about (k 1)(log(q) − 2)) fewer bits for the leakage bound (where k is the output size of the collision resistant hash function and q is the maximum number of tampering queries). This shows that the new scheme is more efficient and practical for tamper resilient applications.

Code reuse attacks such as return oriented programming and jump oriented programming become the most popular exploitation methods among attackers. A large number of practical and non-practical defenses have been proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among them is to consider the common behavior of code reuse attacks, which is the construction of a gadget chain. Therefore, the implication of a gadget and the minimum size of an attack chain are a matter of controversy. Conservative or relaxed thresholds may cause false positive and false negative alarms respectively.
The main contribution of this paper is to provide a tricky aspect of code reuse techniques, called tiny code reuse attacks (Tiny-CRA) that demonstrates the ineffectiveness of the threshold based detection methods. We show that with bare minimum assumptions, Tiny-CRA can reduce the size of a gadget chain, so that, no distinction can be detected between normal behavior of a program and a code-reuse execution. To do so, we exhibit our Tiny-CRA primitives and introduce a useful gadget set available in libc. We demonstrate the effectiveness of our approach by implementing nine different shell-codes and exploiting a real-world buffer overflow vulnerability in HT Editor 2.0.20.

One of the main requirements for providing software security is the enforcement of access control policies, which is sometimes referred to as the heart of security. The main purpose of access control policies is to protect resources of the system against unauthorized accesses. Any error in the implementation of access control policies may lead to undesirable outcomes. Hence, we should ensure that these policies are properly implemented. For testing the implementation of access control policies, it is desired to use automated methods. In fact, these methods are faster and more reliable solutions for assessment of the software systems. Although several researches are conducted for automated testing of the specification of access control policies at the design phase, there is not enough research on testing their implementation. In addition, since access control is amongst non-functional requirements of the system, it is not easy to test them along with other requirements of the system by usual methods. To address this challenge, in this paper, we propose an automated method for testing the implementation of access control in a system. This method, as a model based technique, is able to extract test cases for evaluating the access control policies of the system under test. To generate test cases automatically, a combination of behavior model of the system and the specification of access control policies that is written in XACML, are used. The experimental results show that the proposed approach is able to kill the mutants and cover most of the code that is related to access control policies.