Journal of Computing and Security
Volume:5 Issue: 1, Winter and Spring 2018

In 2004, Hwang et al. proposed a group key exchange protocol for sharing a secure key in a group. Their protocol is an extension from the two party key exchange protocol to the group one. Recently, Jung-San Lee et al. noted that Hwang et al. group key exchange protocol has two security weaknesses. First, the forward secrecy is not confirmed in case that a new member joins the group and second, if a group member leaves the group, the backward secrecy is compromised. They proposed an improvement over this key exchange protocol in order to provide both forward and backward secrecy among group members. In this paper, we propose another improvement over Lee et al. key exchange, and we show that our key exchange protocol not only preservers both forward and backward secrecy, but also it is more efficient than their protocol when a member leaves the group. Finally, we give a formal analysis for the correctness of the proposed protocol via Scyther model checking tool.

Jarvis and Nevins presented ETRU in 2013 which has applausive performance with moderate key-sizes and conjectured resistance to quantum computers. ETRU, as an efficient NTRUEncrypt-like cryptosystem, is over the ring of Eisenstein integers that is faster with smaller keys for the same or better level of security than does NTRUEncrypt which is a desirable alternative to public-key cryptosystems based on factorisation and discrete logarithm problem. However, because of its construction, doubts have regularly arisen on its security. In this paper, we propose how to modify ETRU to make it provably secure, under our modified assumption of quantum hardness of standard worst-case lattice problems, restricted to extended ideal lattices related to some extensions of cyclotomic fields structures. We describe the structure of all generated polynomial rings of quotient over direct product of Dedekind domains Z and Z[ζ3], where ζ3 is complex cube root of unity. We give a detailed description to show that if the private key polynomials of the ETRU are selected from direct product of some Dedekind domains using discrete Gaussians, then the public key, which is their ratio, is statistically indistinguishable from uniform over its range. The security then proves for our main system from the already proven hardness of the R-SIS and R-LWE problems by their extensions.

Due to the increasing occurrence of unexpected events and the need for pre-crisis planning to reduce risks and losses, modeling emergency response environments (ERE) is needed more than ever. Modeling may lead to more careful planning for crisis-response operations, such as team formation, task assignment, and doing the task by teams. ERE-ML is a model-driven framework which allows a crisis manager to model an ERE, and to automatically generate the executable code of a multi-agent system (MAS) for that environment. However, the application generated by ERE-ML lacks the capability of supporting interactions among the agents and the organizations involved in the crisis management. In this paper, we propose ERE-ML 2.0 as an upgrade of the previous framework. The ERE-ML 2.0 framework supports the interactions by adding new features to the ERE-ML language, modifying the transformation code, and extending the platform. To evaluate the upgraded framework, the Plasco Tower Collapse incident is modeled, and then the model is transformed into the executable code of a MAS to visualize the run-time scenarios.

Software maintenance is an important phase of the software life cycle. An important task in this phase is to locate code fragments affected by user change requests. However, performing this task manually is costly and requires prior knowledge of the software structure. In previous studies, Latent Semantic Indexing (LSI) has been applied to map the user change queries to the relevant code segments automatically. However, due to the lack of domain knowledge embedded in the source code, LSI might be unable to perform this mapping accurately. In this paper, we have proposed a domain knowledge propagation method to obtain more relevant impact set for each change request. This method spreads the user interface originated domain knowledge to the program classes according to the program dependency graph. The proposed method has been applied to ArgoUML case-study which is an open-source project associated with its change requests. It was observed that applying the concept propagation resulted in 5% increase in the accuracy of the plain LSI method.

Certificateless cryptography can be considered as an intermediate solution to overcome the issues in traditional public key infrastructure (PKI) and identity-based public key cryptography (ID-PKC). There exist a vast number of certificateless signature (CLS) schemes in the literature; however, most of them are not efficient enough to be utilized in limited resources environments such as Internet of things (IoT) or Healthcare Wireless Sensor Networks (HWSN). Recently, two lightweight CLS schemes have been proposed by Karati et al. and Kumar et al. to be employed in IoT and HWSNs, respectively. While both schemes are claimed to be existentially unforgeable, in this paper, we show that both these signatures can easily be forged. More specifically, it is shown that 1) in Karati et al.'s scheme, a type 1 adversary, considered in certificateless cryptography, can generate a valid partial private key corresponding to any user of its choice and as a consequence, it can forge any users' signature on any message of its choice, and 2) in Kumar et al.'s scheme, both types of adversaries which are considered in certificateless cryptography are able to forge any signer's signature on an arbitrary message.