mohammadreza aref

Distributed Denial of Service (DDoS) attacks threaten server and network availability with minimal resources. These attacks mimic legitimate traffic, evading Intrusion Detection Systems (IDS) and Intrusion Prevention Systems(IPS). The primary challenge in countering DDoS attacks is achieving early detection as close to their origin. In addition, the persistence of malicious traffic hidden within legitimate traffic remains a common challenge for various mitigation techniques. This paper introduces a modular approach for identifying and mitigating DDoS attacks in both online and offline settings, using deep learning and rule-based techniques. We train the IDS with VGG16, GoogLeNet, Support Vector Machines (SVM), and Random Forest (RF) and evaluate them using the CICDDoS2019 dataset. Our experiments show a detection accuracy of 99.87% offline and 99.67% online. Our methodology outperforms state-of-the-art approaches in offline detection, particularly with VGG16 and GoogLeNet. In our online setup, the mitigation module successfully addresses all attacks detected by our anti-DDoS solution.

Given the rapid evolution of emerging technologies, such as the Internet of Things (IoT), there is a growing interest in lightweight block ciphers. This paper focuses on the security assessment of SAND-128, a newly proposed lightweight block cipher based on SIMON, recognized for its reliance on S-box-based security evaluation approaches. By employing Xiang’s MILP-aided method for integral distinguisher search, this study utilizes a MILP optimizer to identify a 16-round integral characteristic for SAND-128 with nine balanced bits. Furthermore, by extending the distinguisher to 17 rounds utilizing a novel idea without an increase in data complexity, we propose a comprehensive 20-round integral attack on SAND-128, including the key recovery step. This attack leverages the partial sums technique, resulting in a time complexity of 2119, memory complexity of 276 bytes, and data complexity of 2127. This cryptanalysis is, to the best of our knowledge, the best integral attack on reduced-round SAND-128 presented thus far.

Adaptive data analysis (ADA) involves a dynamic interaction between an analyst and a dataset owner, where the analyst submits queries sequentially, adapting them based on previous answers. This process can become adversarial, as the analyst may attempt to overfit by targeting non-generalizable patterns in the data. To counteract this, the dataset owner introduces randomization techniques, such as adding noise to the responses. This noise not only helps prevent overfitting, but also enhances data privacy. However, it must be carefully calibrated to ensure that the statistical reliability of the responses is not compromised. In this paper, we extend the ADA problem to the context of distributed datasets. Specifically, we consider a scenario where a potentially adversarial analyst interacts with multiple distributed responders through adaptive queries. We assume the responses are subject to noise, introduced by the channel connecting the responders and the analyst. We demonstrate how this noise can be opportunistically leveraged through a federated mechanism to enhance the generalizability of ADA, thereby increasing the number of query-response interactions between the analyst and the responders. We illustrate that the careful tuning of the transmission amplitude based on the theoretically achievable bounds can significantly impact the number of accurately answerable queries.

In a federated learning system, the objective is to train a global model over distributed datasets without centralizing all data on a single unit. This is accomplished by training a local model on the dataset of each data owner and then aggregating these local models to preserve the datasets’ privacy. To incentivize clients to actively engage in the learning process, fairness-aware federated learning techniques can be employed. One such approach involves quantifying the contribution of locally trained models in training the global model by Shapley value (SV) using an additional dataset and rewarding them according to their contributions. However, the calculation of the Shapley value presents a significant challenge due to its high computational complexity. To tackle this issue, our research presents a contribution-based federated learning method that efficiently computes the contribution of each locally trained model by distributing the additional dataset among processing nodes in a private manner and calculating the Shapley value over them.

As the Industrial Internet of Things (IIoT) faces increasing cyber threats, the need for effective and practical intrusion detection systems (IDS) becomes paramount. One of the key challenges in designing IDS is ensuring the online detection and identification (localization) of potential attacks in real-time. Our research addresses this challenge by developing a lightweight online intrusion detection framework tailored explicitly for water distribution systems. Our proposed framework aims to balance real-time detection/identification and maintaining accuracy criteria. Immediate alarm triggering for every anomaly detected can lead to a high false positive rate while waiting for attack confirmation can cause harmful delays. To overcome these limitations, we present a novel approach that achieves real-time detection while maintaining a low false positive rate (below 5%), making it highly applicable in real-world scenarios. We train and test our system using BATADAL datasets, demonstrating its superior performance compared to other mechanisms. Additionally, we introduce a PCA-based Concealment Detection Statistical Outlier (PCACD-SO) identification approach that enables the real-time identification of compromised sensors, actuators, or connections during an attack. The results validate the effectiveness of our lightweight online intrusion detection framework, showcasing its ability to detect cyber attacks in real-time while maintaining a low false positive rate. Furthermore, our proposed PCACD-SO identification approach enhances the system’s capability to identify and isolate compromised components swiftly, enabling prompt response and mitigation.

Attribute-based encryption (ABE) is one of the recommended tools to secure real systems like the Internet of Things (IoT). Almost all the ABE schemes utilize bilinear map operations, known as pairings. The challenge with these schemes is that performing pairings results in high computation costs and IoT devices are typically resource-constrained, so, efficient pairing-free ABE schemes have been proposed to solve this issue. These schemes utilize classical cryptographic operations instead of heavy bilinear pairings. Recently, two pairing-free ciphertext-policy attribute-based encryption schemes have been proposed (by Das et al. and Sowjanya et al.). According to their claims, their schemes are secure against collusion attacks and provide indistinguishability in a selective-set security model. The first scheme also has been claimed to be secure against forgery attacks. In this paper, we show that the first scheme is vulnerable to ciphertext-only, collusion between four or more data users with specific features, and forgery attacks. We also show that the second scheme is vulnerable to a key recovery attack, which can lead to a collusion attack. So, even though they are highly efficient, they have some security vulnerabilities that can violate the claims of the authors.

SFN is a lightweight block cipher designed to be compact in hardware and efficient in software for constrained environment such as the Internet of Things (IoT) edge devices.Compared to the conventional block ciphers it uses both the SP network structure and Feistel network structure to encrypt.The SFN supports key lengths of 96 bits and its block length is 64 bits and includes 32 rounds. In this paper, we propose a deterministic related key distinguisher for 31 rounds of the SFN. we are able to use the proposed related key distinguisher to attack the SFN in the known-plaintext scenario with the time complexity of $2^{60.58}$ encryptions. The data and memory complexity of those attacks are negligible. In addition, we will extend it to a practical chosen-plaintext-ciphertext key recovery attack on full SFN (32 rounds) with the complexity of $2^{20}$. We also experimentally verified this attack.Also, in the single key mode, we present a meet in the middle attack against the full rounds block cipher for which the time complexity is $2^{80}$ the SFN calculations and the memory complexity is $2^{35.6}$ bytes. The data complexity of this attack is only two known plaintext and their corresponding ciphertext.

Joint encryption encoding schemes have been released to fulfill both reliability and security desires in a single step. Using Low Density Parity-Check (LDPC) codes in joint encryption encoding schemes, as an alternative to classical linear codes, would shorten the key size as well as improving error correction capability. In this article, a joint encryption encoding scheme using Quasi-Cyclic Low Density Parity-Check (QC-LDPC) codes based on finite geometry is presented. It is observed that our proposed scheme not only outperforms its predecessors in key size and transmission rate, but also remains secure against all known cryptanalyses of code-based secret key cryptosystems. In this paper, we have proposed an idea to make QC-LDPC based cryptosystems secure against reaction attacks. It is subsequently shown that our scheme benefits from low computational complexity. By taking the advantage of QC-LDPC codes based on finite geometry, the key size of our scheme is very close to its target security level. In addition, using the proposed scheme, a wide range of desirable transmission rates are achievable. This variety of codes makes our cryptosystem suitable for a number of different communication and cryptographic standards such as wireless personal area networks (WPAN) and digital video broadcasting (DVB).

To enhance the accuracy of learning models‎, ‎it becomes imperative to train them on more extensive datasets‎. ‎Unfortunately‎, ‎access to such data is often restricted because data providers are hesitant to share their data due to privacy concerns‎. ‎Hence‎, ‎it is critical to develop obfuscation techniques that empower data providers to transform their datasets into new ones that ensure the desired level of privacy‎. ‎In this paper‎, ‎we present an approach where data providers utilize a neural network based on the autoencoder architecture to safeguard the sensitive components of their data while preserving the utility of the remaining parts‎. ‎More specifically‎, ‎within the autoencoder framework and after the encoding process‎, ‎a classifier is used to extract the private feature from the dataset‎. ‎This feature is then decorrelated from the other remaining features and subsequently subjected to noise‎. ‎The proposed method is flexible‎, ‎allowing data providers to adjust their desired level of privacy by changing the noise level‎. ‎Additionally‎, ‎our approach demonstrates superior performance in achieving the desired trade-off between utility and privacy compared to similar methods‎, ‎all while maintaining a simpler structure‎.‎‎

Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area.However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices.Additionally, access policies should be able to be updated efficiently by data owners, and in some circumstances, hidden access policies are necessary to preserve the privacy of clients and data.In this paper, we propose a ciphertext-policy attribute-based access control scheme that, for the first time, simultaneously provides online/offline encryption, hidden access policy, and access policy update.In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly.Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties.Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider.In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key.Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations.The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie–Hellman (DBDH) and Decision Linear (D-Linear) assumptions.Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.

Industrial control systems are widely used in industrial sectors and critical infrastructures to monitor and control industrial processes. Recently, the security of industrial control systems has attracted a lot of attention, because these systems are now increasingly interacting with the Internet. Classic systems are suffering from many security problems and with the expansionof Internet connectivity, they are now exposed to new types of threats and cyber-attacks. Addressing this, intrusion detection technology is one of the most important security solutions that is used in industrial control systems to identifypotential attacks and malicious activities. In this paper, we propose Stacked Autoencoder-Deep Neural Network (SAE-DNN), as a semi-supervised Intrusion Detection System (IDS) with appropriate performance and applicability on a wide range of Cyber-Physical Systems (CPSs). The proposed approach comprises a stacked autoencoder, a deep learning-based feature extractor, helping us with a low dimension and low noise representation of data. In addition, our system includes a deep neural network (DNN)-based classifier, which is used to detect anomalies with a high detection rate and low false positive rate in a real-time process. The SAE-DNN’s performance is evaluated on the WADI dataset, which is a real testbed for a water distribution system. The results indicate the superior performance of our approach over existing supervised and unsupervised methods while using a few percentages of labeled data.

Large-scale data collection is challenging in alternative centralized learning as privacy concerns or prohibitive policies may rise. As a solution, Federated Learning (FL) is proposed wherein data owners, called participants, can train a common model collaboratively while their privacy is preserved. However, recent attacks, namely Membership Inference Attacks (MIA) or Poisoning Attacks (PA), can threaten the privacy and performance in FL systems. This paper develops an innovative Adversarial-Resilient Privacy-preserving Scheme (ARPS) for FL to cope with preceding threats using differential privacy and cryptography. Our experiments display that ARPS can establish a private model with high accuracy out performing state-of-the-art approaches. To the best of our knowledge, this work is the only scheme providing privacy protection beyond any output models in conjunction with Byzantine resiliency without sacrificing accuracy and efficiency.

Conventional Bit-based Division Property (CBDP), as a generalization of integral property, has been a powerful tool for integral cryptanalysis of many block ciphers. Exploiting a Mixed Integral Linear Programming (MILP) optimizer, an alternative approach to searching integral distinguishers was proposed, which has overcome the bottleneck of the cipher block length. The MILP-aided method starts by modeling CBDP propagation by a system of linear inequalities. Then by choosing an appropriate objective function, the problem of searching distinguisher transforms into an MILP problem. As an application of this technique, we focused on a newly proposed lightweight block cipher SAND. SAND is a family of two AND-RX block ciphers SAND-64 and SAND-128, which was designed to overcome the difficulty regarding securityevaluation. For SAND-64, we found a 12-round distinguisher with 23 balanced bits and a data complexity of 263, with the superiority of a higher number of balanced bits than the designers’ one. Furthermore, we applied an integral attack on a 15 and 16-round SAND-64, including the key recovery step which resulted in time complexity of 2105 and 2109.91 and memory complexity of 252 and 285 bytes, respectively.

Nowadays, achieving desirable and stable security in networks with national and organizational scope and even in sensitive information systems, should be based on a systematic and comprehensive method and should be done step by step. Cryptography is the most important mechanism for securing information. a cryptographic system consists of three main components: cryptographic algorithms, cryptographic keys, and security protocols, which are mainly based on cryptographic algorithms. In designing a cryptographic algorithm, all the necessary components of information security must be considered in a model of excellence in technical, organizational, procedural and human aspects. To meet these needs, we must first extract the effective components in the design and implementation of cryptographic algorithms based on a model and then determine the impact of the components. In this paper, we use cybernetic methodology to prepare a   metamodel.The cryptographic cybernetics metamodel has four components: " strategy / policy ", "main process", "support process" and "control process". The "main process" has four stages and also, the "suport process" includes 13 components of hardware and software. The interactions of these two processes shape its structure, leading to a complex graph. To prioritize suport components for resource allocation and cryptography strategy, it is necessary to rank these components in the designed metamodel. To overcome this complexity in order to rank the support components, we use the ELECTRE III method, which is a multi-criteria decision-making method. The results show that the components with high priority for the development of the cryptographic system are: Research and Development, Human Resources, Management, Organizational, Information and Communication Technology, Rrules and Regulations and standards. These results are consistent with reports published by the ITU in 2015, 2017 and 2018.

Consensus protocols are used to establish coordination between network nodes and increase the resistance of distributed systems against errors. In this paper, a new synchronous consensus protocol is introduced. The proposed protocol is an improved version of Abraham protocol in which we have used aggregate signature to reduce the communication load. In the Abraham protocol, communication load and calculation load of the protocol are of the order O(n3ss) and O(n3), respectively, while in the proposed protocol, communication load and calculation load are of the order O(ma n2 log kt) and O(ma n2), respectively, where n is the number of network nodes, ss is the size of a digital signature, kt is the maximum number of protocol iterations, and ma is a security parameter that can be much smaller than n. Therefore, in networks with a large number of nodes, the reduction of communication load and computing load will be noticeable. Also, in this protocol, we need at least n = 2f + 1 nodes to resist f Byzantine node, and the consensus process is done correctly with a probability of at least .

In this article, the authors try to discuss the status of political legitimacy in the Islamic Republic of Iran in the light of the emergence and expansion of the block chain technology as a social technology. First, it will be argued that the crisis of the government's efficiency is at the center of the legitimacy crisis of the Islamic Republic of Iran in the current situation, and the block chain is something more than anything else which can challenge or increase the legitimacy of the government in Iran. The authors try to discuss the possible positive and negative effects of the block chain on government efficiency in three areas: bureaucratic efficiency, economic efficiency, and social efficiency. Then, according to the current trends and approaches in Iran towards this emerging technology, two continuity scenarios and a change scenario will be designed. The final conclusion of the article is that the results of the emergence and expansion of this technology  for political legitimacy in the Islamic Republic of Iran are not determined and inevitable, but depend on the institutional contexts, strategic choices and prevailing governance methods and patterns.

Since their introduction, cognitive radio networks, as a new solution to the problem of spectrum scarcity, have received great attention from the research society. An important field in database driven cognitive radio network studies is pivoted on their security issues. A critical issue in this context is user's location privacy, which is potentially under serious threat. The query process by secondary users from the database is one of the points where the problem rises. In this paper, we propose a Privacy Preserving Query Process (PPQP), accordingly. PPQP is a cryptography-based protocol, which takes advantage of properties of some well-known cryptosystems. This method lets secondary users deal in the process of spectrum query without sacrificing their location information. Analytical assessment of PPQP's privacy preservation capability shows that it preserves location privacy for secondary users against different adversaries, with very high probability. Relatively low communicational cost is a significant property of our novel protocol.

Blockchain technology has been one of the most emerging and one of the most politically challenging new information-communication technologies. The structure of the Blockchain is such that it can at least theoretically overshadow some of the functions and capabilities of governments and, as a result, challenge their legitimacy. This technology has features that can become a factor of legitimacy or at least reduce the crisis of legitimacy of states by further empowering governments or assisting in the processes of strengthening democratic representation. In this article, we try to discuss the possible effects of this technology on the legitimacy of modern governments in the four areas of governance, political trust, efficiency, and democracy, by separating the two main approaches to the relationship between politics and the chain of forms (techno-politics: the chain of forms)

Deep understanding of molecular biology has allowed emergence of new technologies like DNA decryption.  On the other hand, advancements of molecular biology have made manipulation of genetic systems simpler than ever; this promises extraordinary progress in biological, medical and biotechnological applications.  This is not an unrealistic goal since genes which are regulated by gene regulatory networks (GRNs) are the core governors of life processes at the molecular level. In fact, manipulation of GRNs would be the ultimate strategy for optimal purposeful control of cell’s life.  GRNs are in charge of regulating the amounts of all the inter-cellular as well as intra-cellular molecular species produced all the time in all living organisms.  Manipulation of a GRN requires comprehensive knowledge about nodes and interconnections.  This paper deals with both aspects in networks having more than fifty nodes.  In the first part of the paper, restrictions of probabilistic models in modeling node behavior are discussed, i.e.: 1) unfeasibility of reliably predicting the next state of GRN based on its current state, 2) impossibility of modelling logical relations among genes, and 3) scarcity of biological data needed for model identification.  These findings which are supported by arguments from probability theory suggest that probabilistic models should not be used for analysis and prediction of node behavior in GRNs.  Next part of the paper focuses on models of GRN structure.  It is shown that the use of multi-tree models for structure for GRN poses severe limitations on network behavior, i.e. 1) increase in signal entropy while passing through the network, 2) decrease in signal bandwidth while passing through the network, and 3) lack of feedback as a key element for oscillatory and/or autonomous behavior (a requirement for any biological network).  To demonstrate that, these restrictions are consequences of model selection, we use information theoretic arguments.  At the last and the most important part of the paper we look into the gene perturbation experiments from a network-theoretic perspective to show that multi-perturbation experiments are not as informative as assumed so far.  A generally accepted belief among researches states that multi-perturbation experiments are more informative than single-perturbation ones, i.e., multiple simultaneously applied perturbations provide more information than a single perturbation.  It is shown that single-perturbation experiments are optimal for identification of network structure, provided the ultimate goal is to discover correct subnet structures.

Economics is at the core of the development of every technology, including cryptography, and the digital economy is one of the drivers of the development of cryptographic science and technology. The purpose of this article is to help improve the security of information and communication in the country because the science and technology of cryptography is at the heart of information and communication security in cyberspace that cannot be achieved by any import.The main issue in this area is the lack of a well-designed and strategic model for the development of cryptographic science and technology in the I.R.Iran, what the dimensions, components and indicators are, and how to provide the appropriate conditions for achieving the 1404 vision. In this article, we have dealt only with one of the important dimensions of the strategic model of the development of cryptographic science and technology in the country. Together with the conceptual model of the research was drawn and based on this, the model of achieving optimal status in the field of digital economy was determined. Using Structural Equation Modeling (PLS), two questionnaires were provided and handed them in. There are three kindes of study such as measuring, structural and overall model (GOF) and how this model is fit or otherwise. According to the four-step PDCA Deming loop, the strategic model for the development of cryptographic science and technology in the I.R.Iran, designed and presented.

In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respectively. We show that the security bounds for some variants of its hash and AEAD are less than the designers' claims. For example, the designers' security claim of preimage attack for a hash function when the rate is 128 bits and the capacity is $256$ bits, is 2^{256}, however, we show that the security of preimage for this parameter set is 2^{128}. Also, the designer claimed security of confidentiality for an AEAD, when the rate is 8 bits and the capacity is 224 bits, is 2^{116}, however, we show the security of confidentiality for it is 2^{112$. We also investigate the structure of the permutation used in InGAGE and present an attack to recover the key for reduced rounds of a variant of InGAGE. In an instance of AEAD of InGAGE, when the rate is 8 bits and the capacity is 224 bits, we recover the key when the number of the composition of the main permutation with itself, i.e., r_{1}, is less than 8. We also show that CiliPadi is vulnerable to the length extension attack by presenting concrete examples of forged messages.

Security is a critical and vital task in wireless sensor networks (WSNs), therefore different key management systems have been proposed, many of which are based on symmetric primitives. Such systems are very energy efficient, but they lack some other desirable characteristics. On the other hand, systems based on public key cryptography (PKC) have those desirable characteristics, but they consume more energy. Recently based on authenticated messages from base station (BS) a new PKC–based key agreement protocol was proposed. We show this method is susceptible to a form of denial of service (DOS) attack where resources of network can be exhausted with bogus messages. Then, we propose two different improvements to solve this vulnerability. Simulation results show that these new protocols retain desirable characteristics of the basic method but solve its deficiencies.

Over the past years, technological leaps and consecutive innovations in production processes have led to immense and unprecedented changes in the global industrial vista. In this midst, we are witness to the nascence of new concepts such as “industry 4.0,” which have become the topic of increasing focus by researchers. In the present study, existing research work on the models and assessment readiness criteria for the adoption of industry 4.0 are overviewed. The new industrial paradigm resulting from the integration of  technologies that are based on physical cyber systems and digital transformation will radically change both the industry and the economy. Against this significant backdrop, the fundamental industry 4.0 readiness criteria have been identified and a suitable process framework for the readiness assessment of the country’s firms and enterprises is put to the fore. At the outset, all major scientific databases, i.e., Springer, Emerald, Sage, and Science Direct, including 40 scientific papers on readiness assessment and indicators of firms’ maturity level for the adoption of industry 4.0, were considered. Out of these articles, 16 were selected and subsequent to their comparative review, the resulting criteria for the assessment of the readiness and maturity of firms were extracted with a view to their suitability for Iranian firms and industrial parks. To this end a combination of methodologies such as expert panels, the DEMATEL method, and the Interpretive Structural Modeling (ISM) approach were used to develop the process model, which subsequent to preliminary validation, was detailed in terms of criteria content and applicability to operational environments.

GOST block cipher designed in the 1970s and published in 1989 as the Soviet and Russian standard GOST 28147-89. In order to enhance the security of GOST block cipher after proposing various attacks on it, designers published a modified version of GOST, namely GOST2, in 2015 which has a new key schedule and explicit choice for S-boxes. In this paper, by using three exactly identical portions of GOST2 and fixed point idea, more enhanced fixed point attacks for filtration of wrong keys are presented. More precisely, the focus of the new attacks is on reducing memory complexity while keeping other complexities unchanged as well. The results show a significant reduction in the memory complexity of the attacks, while the time complexity slightly increased in comparison to the previous fixed point attacks. To the best of our knowledge, the lowest memory complexity for an attack on full-round GOST2 block cipher is provided here.