نشریه منادی امنیت فضای تولید و تبادل اطلاعات (افتا)
سال ششم شماره 2 (پیاپی 11، بهار و تابستان 1396)

Devices such as wireless sensor networks and RFIDs have limited memory, power and energy. They have security requirements so that the usual implementation of cryptographic algorithms is not appropriate for them and leads to high consumption of resources. One solution is designing new lightweight algorithms that have a lower security level than standard algorithms. The second solution is implementing standard algorithms such as AES block cipher as a lightweight algorithm. In this type of implementation, some techniques such as resource sharing, S-box implementation with combinational circuits, mapping computations finite fields from one base to another base and on the fly computation are used. In this paper, the most important lightweight implementations of AES are evaluated. The criteria considered for this evaluation include gate count, the number of clocks required for an encryption/decryption operation, throughput, power, energy and the combination of themes. Studies show that we can use standard encryption algorithms in applications with limited area between 2000-3000 GE and a small amount of energy, for example a few PJ. Some of these successes are achieved due to advancements in CMOS circuit technology and some others are the result of designing suitable hardware architecture, exact scheduling of cryptographic operations and efficient use of resources.

Not only election is one of the significant issues in democratic societies, but also it can be used in commercial association such as stock market and it has a noteworthy feature to determine the board of the directors. According to progresses in cryptographic topics and asymmetric encryption systems, tremendous attempts have been made in the design of protocols for electronic elections. However, all of the designed protocols have either high complexity or weaknesses in security features. Since the majority of electronic election schemes are dependent on a number of honest persons, they are practically difficult. In addition, in most of them, voters will play a key role in producing ballot. If someone imposes compulsory, privacy will be lost or the voter will be able to provide a receipt to show the content of his vote, and this in turn, vote-buying and immoral issues will be appeared.
In this paper after, evaluating the security features of an electronic election scheme, an election protocol based on homomorphic encryption, will be expressed, and the difference between the receipt protocol and receipt-free protocol will be examined.

Wireless Sensor Networks (WSNs) gather the environmental information via some sensor nodes and send them after some simple processing functions if necessary. These nodes are constrained devices in terms of memory, processing capability, radio range, and energy. Due to the unattended deployment of sensor nodes and the nature of wireless communications, these networks are vulnerable to several attacks. Among these, the Sybil Attack is a serious threat in which a malicious node creates multiple fake identities in order to mislead the other sensor nodes. In this case, the malicious node can attract lots of traffic and disrupt routing protocols. In this paper, we present a confidence-aware trust model considering Time Factor to detect such attacks. In this model, we use the indirect trust, gained from the neighbor's recommendations, in order to detect the indirect Sybil attacks, in which a legal node is not directly associated with the Sybil node. The Algorithm has been implemented using MATLAB. The simulation results demonstrate significant preference of the proposed method in terms of detection accuracy and false alarm rates. The average rate of detection and false detection of the proposed model are 93% and 0.26%.

In Website Fingerprinting (WFP) Attacks, clients’ destination webpages are identified using traffic analysis techniques, without any need to decrypt traffic contents. Typically, clients make use of the privacy enhancing technologies (e.g., VPNs, proxies, and anonymity networks) to browse webpages. These technologies allow clients to hide traffic contents and their real destinations. To perform an attack, features are extracted from the input packet sequence. Next, the data is pre-processed and finally, client’s real destination is revealed by means of a machine learning algorithm. Various studies have utilized statistical methods or classification approaches to infer the client’s visited webpages. In this paper, a comprehensive overview of WFP techniques is performed, in which previous studies are categorized based on the features they use for webpages identification. This is a new approach for categorizing previous works on WFP attacks and to the best of our knowledge, this viewpoint has not been applied so far.

The local search engine systems is one of the indicators of IT industry development in all countries. The safety of these systems arises according to its specific position, with providing users to access to right information in the least possible time. The most effective measures to secure this type of application are assessment and risk management in the early stage of software security. It consists of a set of steps that will help a software team in the applications management during the development process. In order to reduce the risk of this type of systems responce to risk approach is selected. The main objective of this article is assessment and risk management based on information collected from designed questionnaire. As well as to identify important risks, security controls and NIST methodology are used and the results of calculations of the risk level are provided on the basis of known fields.

Online social networks (OSNs) is one of the most popular medium for communicating, sharing, and publishing a considerable amount of information. OSN popularity often faces the challenge of dealing with unwanted messages and hidden malicious purposes in it. Based on recent studies, social network users can easily expose their confidential details with others. Misuse of this information can cause damage in virtual and real world. In this paper, main categories attacks are given on social network online security and privacy in four categories classic, modern, hybrid and children special attacks and ways that can be used to protect against different types of attacks used OSN users is the social network operators, security companies, and researchers are provided. Finally, eight ways to prevent these threats is presented.