نشریه منادی امنیت فضای تولید و تبادل اطلاعات (افتا)
سال نهم شماره 1 (پیاپی 17، بهار و تابستان 1399)

Most networks without fixed infrastructure are based on cloud computing face various challenges. In recent years, different methods have been used to distribute software defined network to address these challenges. This technology, while having many capabilities, faces some vulnerabilities in the face of some common threats and destructive factors such as distributed Denial of Service. A review of various studies shows that in order to eliminate vulnerabilities, we need to combine appropriate defense solutions with the distributed Software Defined Network structure. Therefore, in this study, a general classification of the types of defense solutions against the above attack is presented. Then, while classifying the intrusion detection solutions into two threshold and non-threshold categories, we examined some practical examples of the above solutions. We conclude that the threshold of intrusion detection method exacerbates the vulnerability, and we are required to use non-threshold defense solutions with flat distributed software defined network architecture.

RPL (Routing Protocol for Low Power and Lossy Networks) has been designed for low power networks with high packet loss. Generally, devices with low processing power and limited memory are used in this type of network. IoT (Internet of Things) is a typical example of low power lossy networks. In this technology, objects are interconnected through a network consisted of low-power circuits. Example IoT applications are smart energy grid, smart home, connected car, intelligent transport systems, and smart cities. IoT is different from many similar technologies due to the existence of low power electronic circuits and limited connectivity. Information security is one of the main IoT concerns. The emergence of new types of security vulnerabilities in IoT devices and the escalation of their damages through numerous IoT applications is considered a major deployment drawback for RPL. In this paper, major cyberattacks against RPL, as well as related security solutions are addressed. Then, these solutions are classified and their weaknesses and strengths are investigated. Finally, it discusses the state-of-the-art status of information security in RPL.

Wireless network technology made it possible to communicate easily using the electromagnetic waves leading to removing the biggest barrier in portable communications. As these networks use the air as the communication medium which leads to face with more vulnerabilities. Wireless networks play a vital role in our life in a way that all devices ranging from local modems to organizational equipment are utilizing the most common coding approaches to exchange data on the network. As such, if a person could enter this network, he would be able to attack against the users connected to network. In this essay, the penetrating methods in wi-fi wireless network applying the WEP and WPA WPA2 coding protocols would be investigated which are playing the most important role in local and organizational wireless communication. However, the WPA3 is suggested in order to eliminate all the security problems, yet not all the communication instruments in Iran are equipped with this coding system. On the other side, the WEP protocol is the first mostly used to be attacked followed by the first and second versions of WPA.

Unfortunately, among internet services, users are faced with several unwanted messages that are not even related to their interests and scope, and they contain advertising or even malicious content. Spam email contains a huge collection of infected and malicious advertising emails that harms data destroying and stealing personal information for malicious purposes. In most cases, spam emails contain malware that is usually sent to users in the form of scripts or attachments, and the user infects the computer with malware by downloading and executing the attached file. In this paper, a new model for detecting spam e-mail is proposed based on the hybrid of the Harmony Search Algorithm (HAS) with the Magnetic Optimization Algorithm (MOA). The proposed model is used to select the effective features and then the classification is performed using the K Nearest Neighborchr('39')s (KNN) algorithm. In the proposed model, using the MOA was found the best features for the HSA, and the harmony matrix is formed based on them. Then the HSA changes based on the update and rate of step-change in each step of the harmony vectors so that the best vector is selected as the vector of characteristics among them. The results show that the accuracy of the proposed model on the Spam base dataset with 200 iterations is 94.17% and also the accuracy of the diagnostic model of the proposed model is more than other models.

Sponge structure is a structure widely used in the design of cryptographic algorithms that reduces the design of the algorithms to the design of a permutation or pseudo-random function. The development of sponge-based algorithms and the selection of designs based on this structure in SHA3 and CAESAR competitions increase the need to examine its security against various types of attacks. In the previous article, we defined and examined the features of this structure, and in this article, with the focus on the security of sponge structures, we study general analysis methods on this structure and examine their complexities. Considering the complexities introduced for the general attacks, it is necessary to achieve a certain level of security, and therefore this article, both in terms of design and cryptanalysis of sponge-based algorithms plays important role. It is suggested that the article "Sponge structure; introduction and applications" published in this journal be reviewed before reading this article.

Today, cryptocurrencies in global payment systems have been proposed as a way to become independent of traditional banking and to get out of the control of banks and monetary policies of governments and reduce fraud in banking transactions and counterfeit them. In this paper, we create a comprehensive picture which includes the challenges of this field, and we analyze the results with a case study in both a quantitative and qualitative approach. According on the characteristics the challenges in this picture are divided to three levels: technological, environmental, and governmental characteristics. Also, according to the results obtained from the use of cryptocurrencies in different countries, we able to identify most of the national cryptocurrency challenges for Iran.