فهرست مطالب

Information Security - Volume:9 Issue: 2, Jul 2017

International Journal of Information Security
Volume:9 Issue: 2, Jul 2017

  • تاریخ انتشار: 1396/06/12
  • تعداد عناوین: 7
|
  • M. R. Aref Pages 1-2
  • Sh. Khazaei, F. Moazami * Pages 3-12
    Guess-and-determine attack is one of the general attacks on stream ciphers. It is a common cryptanalysis tool for evaluating security of stream ciphers. The effectiveness of this attack is based on the number of unknown bits which will be guessed by the attacker to break the cryptosystem. In this work, we present a relation between the minimum numbers of the guessed bits and uniquely restricted matching of a graph. This leads us to see that finding the minimum number of the guessed bits is NP-complete. Although fixed parameter tractability of the problem in term of minimum number of the guessed bits remains an open question, we provide some related results. Moreover, we introduce some closely related graph concepts and problems including alternating cycle free matching, jump number and forcing number of a perfect matching.
    Keywords: Guess-and-determine Attack, Computational Complexity, NP-complete, Fixed Parameter Tractable, Uniquely Restricted Matching, Alternating Cycle Free Matching, Perfect Matching, Jump Number, Forcing Number
  • B. Mafakheri, T. Eghlidos *, H. Pilaram Pages 13-20
    In this paper, we propose a new framework for joint encryption encoding scheme based on polar codes, namely efficient and secure joint secret key encryption channel coding scheme. The issue of using new coding structure, i.e. polar codes in Rao-Nam (RN) like schemes is addressed. Cryptanalysis methods show that the proposed scheme has an acceptable level of security with a relatively smaller key size in comparison with the previous works. The results indicate that the scheme provides an efficient error performance and benefits from a higher code rate which can approach the channel capacity for large enough polar codes. The most important property of the proposed scheme is that if we increase the block length of the code, we can have a higher code rate and higher level of security without significant changes in the key size of the scheme. The resulting characteristics of the proposed scheme make it suitable for high-speed communications, such as deep space communication systems.
    Keywords: Code Based Cryptography, Rao-Nam Cryptosystem, Channel Coding, Polar Codes, Shannon Capacity
  • M. Safaei Pour, M. Salmasizadeh * Pages 21-32
    In this paper we propose a new method for applying hiding countermeasure against CPA attacks. This method is for software implementation, based on smoothing power consumption of the device. This method is evaluated on the SIMON scheme as a case study; however, it is not relying on any specific SIMON features. Our new method includes only AND equivalent and XOR equivalent operations since every cryptographic algorithm can be implemented with two basic operations, namely AND and XOR. Therefore, hamming weight and hamming distance take constant values at each moment of time. This can decrease data-dependency between processed values and consumed power. In order to practically evaluate the resulting implementation overheads and the resistance improvement against CPA, we implement the proposed coding scheme on SIMON, a lightweight block cipher, on a smart card with the ATmega163 microprocessor. We define resistance as the number of traces, which for less than that number; the correct key cannot be distinguished from all other hypothetical keys by its correlation coefficient in any moment of time. The results of this implementation show 350 times more immunity against correlation attacks.
    Keywords: Side Channel Attack, DPA, Software Countermeasure, Smoothing Power
  • H. Ghasemzadeh *, M. Tajik Khasss, H. Mehrara Pages 33-47
    Recently permutation multimedia ciphers were broken in a chosen-plaintext scenario. That attack models a very resourceful adversary which may not always be the case. To show insecurity of these ciphers, we present a cipher-text only attack on speech permutation ciphers. We show inherent redundancies of speech can pave the path for a successful cipher-text only attack. To that end, regularities of speech are extracted in time and frequency using short time Fourier transform. We show that spectrograms of cipher-texts are in fact scrambled puzzles. Then, different techniques including estimation, image processing, and graph theory are fused together in order to create and solve these puzzles. Conducted tests show that the proposed method achieves accuracy of 87.8% and intelligibility of 92.9%. These scores are 50.9% and 34.6%, respectively, higher than scores of previous method. Finally a novel method, based on moving spectrogram distance, is proposed that can give accurate estimation of segment length of the scrambler system.
    Keywords: Cryptanalysis, Cipher text only attack, Audio scrambling system, Multimedia encryption systems, Jigsaw puzzle, Spectrogram
  • M. Imani *, Gh. A. Montazer Pages 49-61
    The aim of phishing is tracing the user's s private information without their permission by designing a new website which mimics the trusted website. The specialists of information technology do not agree on a unique definition for the discriminative features that characterizes the phishing websites. Therefore, the number of reliable training samples in phishing detection problems is limited. Moreover, among the available training samples, there are abnormal samples that cause classification error. For instance, it is possible that there are phishing samples with similar features to legitimate ones and vice versa. A supervised feature extraction method, called weighted feature line embedding, is proposed in this paper to solve these problems. The proposed method virtually generates training samples by utilizing the feature line metric. Hence, it can solve the small sample size problem. Moreover, by assigning appropriate weights to each pair of feature points, it corrects the undesirable quality of abnormal samples. The features extracted by our method improve the performance of phishing website detection specially by using small training sets.
    Keywords: Phishing Detection, Feature Extraction, Feature Line, Virtual Training
  • J. Hajian Nezhad, M. Vafaei Jahan *, M. Tayarani-N, Z. Sadrnezhad Pages 63-83
    Recent improvements in web standards and technologies enable the attackers to hide and obfuscate infectious codes with new methods and thus escaping the security filters. In this paper, we study the application of machine learning techniques in detecting malicious web pages. In order to detect malicious web pages, we propose and analyze a novel set of features including HTML, JavaScript (jQuery library) and XSS attacks. The proposed features are evaluated on a data set that is gathered by a crawler from malicious web domains, IP and address black lists. For the purpose of evaluation, we use a number of machine learning algorithms. Experimental results show that using the proposed set of features, the C4.5-Tree algorithm offers the best performance with 97.61% accuracy, and F1-measure has 96.75% accuracy. We also rank the quality of the features. Experimental results suggest that nine of the proposed features are among the twenty best discriminative features.
    Keywords: Malicious web pages, Feature, Machine Learning, Content, Obfuscation, Attacker