فهرست مطالب

International Journal of Information Security
Volume:1 Issue: 1, Jan 2009

  • تاریخ انتشار: 1388/03/04
  • تعداد عناوین: 6
|
  • Mohammad Reza Aref, Rasool Jalili Pages 1-2
  • Ali Fanian, Mehdi Berenjkoub, T. Aaron Gulliver Pages 3-15
    The widespread use of wireless cellular networks has made security an ever increasing concern. GSM is the most popular wireless cellular standard, but security is an issue. The most critical weakness in the GSM protocol is the use of one-way entity authentication, i.e., only the mobile station is authenticated by the network. This creates many security problems including vulnerability against man-in-the-middle attacks. Several solutions have been proposed to establish mutual entity authentication. However, none provide a flaw-free bilateral authentication protocol. In this paper, we show that a recently proposed solution is vulnerable to "type attack". Then, we propose a novel mutual entity authentication using the TESLA protocol. The proposed solution not only provides secure bilateral authentication, but also decreases the call setup time and the required connection bandwidth. An important feature of the proposed protocol is that it is compatible with the GSM standard.
    Keywords: GSM, Entity Authentication, Bilateral Authentication, Unilateral Authentication, Man, in, the, Middle Attack, TESLA Protocol
  • Vajiheh Sabeti, Shadrokh Samavi, Mojtaba Mahdavi, Shahram Shirani Pages 17-26
    In this paper a steganalysis method is proposed for pixel value differencing method. This steganographic method, which has been immune against conventional attacks, performs the embedding in the difference of the values of pixel pairs. Therefore, the histogram of the differences of an embedded image is different as compared with a cover image. A number of characteristics are identified in the difference histogram that show meaningful alterations when an image is embedded. Five distinct multilayer perceptrons neural networks are trained to detect different levels of embedding. Every image is fed in to all networks and a voting system categorizes the image as stego or cover. The implementation results indicate an 88.6% success in correct categorization of the test images.
    Keywords: Steganography, Steganalysis, Pixel, Value Differencing, Neural Net, Perceptrons
  • Hoi Ting Poon, Ali Miri Pages 27-34
    The Fuzzy Vault scheme is an encryption scheme, which can tolerate errors in the keys. This leads to the possibility of enhancing the security in environments where these errors can be common, such as biometrics storage systems. Although several researchers have provided implementations, we find that the scheme is vulnerable to attacks when not properly used. This paper describes an attack on the Fuzzy Vault scheme where the attacker is assumed to have access to multiple vaults locked by the same key and where a non-maximal vault size is used. The attack effectively reduces the vault size by identifying and removing chaff points. As the vault size decreases, the rate at which chaff points are identified increases exponentially. Several possible defences against the attack are also discussed.
    Keywords: Biometric Encryption, Fuzzy Vault, Vulnerability
  • Jafar Haadi Pages 35-54
    Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive computing environments. To this aim, we propose a context-aware mandatory access control model (CAMAC) capable of dynamic adaptation of access control policies to context, and of handling context-sensitive class association, in addition to preservation of confidentiality and integrity as specified in traditional mandatory access control models. In order to prevent any ambiguity, a formal specification of the model and its elements such as context predicates, context types, level update rules, and operations is required. High expressiveness of the model allows specification of the traditional mandatory access control models such as BLP, Biba, Dion, and Chinese Wall. The model can also be considered as an information flow control model with context-sensitive association of security classes.
    Keywords: Mandatory Access Control, Multilevel Security, Authorization, Context Awareness, Information Flow Control
  • Rasool Ramezanian Pages 55-67
    Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and that an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authentication for parallel multiple sessions execution. To model the authentication, two main notions called 1. agent's scope and 2.agent's recognizability are introduced which consider the difference of ability of agents due to their different roles in the protocol and different access to keys and secrets.
    Keywords: Authentication, Process Algebra, Parallel Sessions, Security