International Journal of Information Security
Volume:7 Issue: 1, Jan 2015

An Optimistic fair exchange (OFE) protocol is a good way for two parties to exchange their digital items in a fair way such that at the end of the protocol execution, both of them receive their items or none of them receives anything. In an OFE protocol there is a semi-trusted third party who named by arbitrator and involve in the protocol if needed. But there is a security problem in OFE protocols If the arbitrator is dishonest and colludes with the verifier that is the arbitrator can complete the transaction without getting signer’s agreement. Huang et al. in 2011 adressed this issue by formalising the accountability property which indicates that the arbitrator must be responsible for his actions. However, Huang et al.''s scheme is secure in the random oracle model. We present the the first accountable OFE protocol in the standard model more efficiently. We prove the security of our protocol under the chosen-key model and multi-user setting in the standard model.

In this paper, we propose an effective microaggregation algorithm to produce a more useful protected data for publishing. Microaggregation is mapped to a clustering problem with known minimum and maximum group size constraints. In this scheme, the goal is to cluster records into groups of at least and at most records, such that the sum of the within-group squared error () is minimized. We propose a local search algorithm which iteratively satisfies the constraints of the optimal solution of the problem. The algorithm solves the problem in time. Experimental results on real and synthetic data sets with different distributions demonstrate the effectiveness of the method in producing more useful data sets for the same levels of privacy requirements.

Nowadays, bulk of the designers prefer to outsource some parts of their design and fabrication process to the third-part companies because of the reliability problems, manufacturing cost and time-to-market limitations. In this situation, there are a lot of opportunities for malicious alterations by the off-shore companies. In this paper, we proposed a new placement algorithm that hinders the hardware Trojan insertion or simplifies the detection process in existence of Trojans. Experimental results show that the proposed placement improves the Trojan detectability of attempted benchmarks against Trojan insertion more than 20% in reasonable cost in delay and wirelength.

Virtual Organization (VO) is a concept which aims to provide inter organizational associations. A VO consists of some real organizations with common interests that are aiming to reach some common goals by sharing their resources with each other. Providing security mechanisms and especially a suitable access control mechanism is a necessary requirement in VOs. Since VO is a complex environment with the huge number of users and resources, traditional access control models cannot satisfy VOs security requirements. Most of the current proposals are basically based on the attributes of users and resources. In this paper, we suggest to use a combination of the semantic based access control model (SBAC) and the attribute based access control model (ABAC) in VOs. Each participating organization makes its access control decisions according to the ABAC model. However access decision in the VO is made in more abstract level through the SBAC model. Using the ontology of users and resources in this model facilitates access control in large scale VOs with numerous organizations. By the combination of SBAC and ABAC, we attain their benefits and eliminate their shortcomings. In order to show the applicability of the proposed model, an access control system, based on the proposed model, has been implemented in Java using available APIs, including sun''s XACML API, Jena, Pellet, and protégé.

In this study, a novel approach which uses the both of steganography and cryptography notions for hiding information into digital images as host media, is proposed. In the process, secret data is first encrypted using the mono-alphabetic substitution cipher method and then the encrypted secret data is embedded inside an image using an algorithm which combines the random patterns based on Space Filling Curves (SFC) and the optimal pair-wise LSB matching method. For this purpose, we combined Imperialist Competitive Algorithm (ICA) and Genetic Algorithm (GA) to make the new optimization algorithm, namely Discrete Imperialist Competitive Algorithm (DICA). Then we used DICA to perform the optimal pair-wise LSB matching method and find the suboptimum adjustment list. The performance of the proposed method is demonstrated by computing the Mean Square Error (MSE) and Peak Signal to Noise Ratio (PSNR) then is compared the results with other methods. Experimental values show that the steganography methods based on LSB matching is better than the LSB replacement methods. The PSNR value of the proposed method is also higher than the state-of-the-art methods by almost 4 dB to 5dB.

An important issue in P2P networks is the existence of malicious nodes that decreases the performance of such networks. Reputation system in which nodes are ranked based on their behaviour, is one of the proposed solutions to detect and isolate malicious (low ranked) nodes. GossipTrust is an interesting previously proposed algorithm for reputation aggregation in P2P networks based on the concept of gossip. Despite its important contribution, this algorithm has deficiencies especially with high number of nodes that leads to high execution time and low accuracy in the results. In this paper, a grouped Gossip based Reputation Aggregation (GGRA) algorithm is proposed. In GGRA, GossipTrust is executed in each group between group members and between groups instead of executing in the whole network. Due to the reduction in the number of nodes and using strongly connected graph instead of a weakly one, gossip algorithm in GGRA is executed quickly. With grouping, not only reputation aggregation is expected to be more scalable, but also because of the decrement in the number of errors of the gossiped communication, the results get more accurate. The evaluation of the proposed algorithm and its comparison with GossipTrust confirms the expected results.