فصلنامه پدافند الکترونیکی و سایبری
سال هشتم شماره 1 (پیاپی 29، بهار 1399)

Fuzzing is a dynamic software testing technique. In this technique with repeated generation and injection of malformed test data to the software under test (SUT), we are looking for the possible errors and vulnerabilities. Files are significant inputs to most real-world applications. Many of test data which are generated for fuzzing such programs are rejected by the parser because they are not in the acceptable format and this results in a low code coverage in the process of fuzz testing. Using the grammatical structure of input files to generate test data leads to increase code coverage. However, often, the grammar extraction is performed manually, which is a time consuming, costly and error-prone task. In this paper, a new method, based on deep neural language models (NLMs), is proposed for automatically learning the file structure and then generating and fuzzing test data. Our experiments demonstrate that the data produced by this method leads to an increase in the code coverage compared to previous test data generation methods. For MuPDF software, which accepts the PDF complex file format as an input, we have more than 1.30 to 12 percent improvement in code coverage than both the intelligence and random methods.

Anomaly detection is an important issue in a wide range of applications, such as security, health and intrusion detection in social networks. Most of the developed methods only use graph structural or content information to detect anomalies. Due to the integrated structure of many networks, such as social networks, applying these methods faces limitations and this has led to the development of hybrid methods. In this paper, a proposed hybrid method for anomaly detection is presented based on community detection in graph and feature selection which exploits anomalies as incompatible members in communities and uses an algorithm based on the detection and combination of similar communities. The experimental results of the proposed method on two datasets with real anomalies demonstrate its capability in the detection of anomalous nodes which is comparable to the latest scientific methods.

A key component of intelligent transportation systems is the so-called Vehicular Ad-hoc Network (VANET). These networks refer to a set of smart vehicles which provide communication services on the road using wireless technologies. In addition to enhancing road safety, VANETs can contribute to vehicle and driver’s security. Therefore, the research in this area is heavily centered around important security and privacy issues, in particular authentication of the messages exchanged while reducing communication overhead. In order to provide a solution to this problem, Zhong et al. recently proposed an efficient privacy-preserving authentication scheme for VANETs based on certificateless aggregate signatures. In their scheme, the length of the aggregated signature is fixed and does not depend on the number of input signatures. The goal of our paper is to show that the scheme of Zhong et al. fails to provide the required authentication for VANETs. We prove that it is easily possible to forge the signature of a vehicle on an arbitrary message after observing only one pair of (message, signature) signed by the target vehicle. We further propose an improvement over Zhong et al.’s scheme that overcomes the mentioned drawback and therefore provides the required authenticity in VANETs.

Nowadays, smart systems are being widely used in combats because there exist a lot of applications for these systems which usually depend on sensors. Matching sensors to weapons and threats or in short sensor-weapon/threat assignment is a major challenge in modern wars and is classified as a complex resource assignment optimization problem. Consequently, the result of modern wars highly depends on effective usage of sensors and weapons. In this paper, the sensor-weapon/threat assignments and their scheduling problem have been formulated. The object of this model is maximizing the destruction of threats in a given time horizon subject to operational constraints. This model has been solved using CPLEX. Furthermore, a metaheuristic algorithm based on GRASP is developed. Finally, using a set of randomly generated test instances, the results of all developed solution approaches are reported and compared.

One of the major weaknesses of steganography algorithms in detection, is the lack of proper estimation of the data on the recipient side. The appropriate detection in the steganography algorithm is directly related to the tradeoff between the three parameters of transparency, resistance and capacity. The proposed algorithm uses a proper tradeoff between these three parameters. Due to this issue, in this article the inclusion of information in the intermediate frequency coefficients of the wavelet by the Spread Spectrum method has been used in order to maintain transparency. The reduction of resistance is prevented by obtaining the appropriate amplification coefficient parameter for embedding of information. Proper measurement of is also assessed by the error bit rate. Setting the proper capacity in a cover and the full coverage of secret data embedding are the two suggested steps related to the capacity parameter. In the first step, the proper capacity means the proper tradeoff between the capacity parameter and the transparency parameter, i.e. the steganography has the proper values ​​of the SSIM and PSNR parameters. The use of low entropy covers leads to low capacity but also high resistance. In this case, the error bit rate is also reduced, which means getting close to the appropriate value of and the appropriate resistance. In the second step, the use of video frames of Windows Media Video is proposed for full coverage of secret data embedding. Since there may be a massive amount of secret data and a single cover may not be sufficient, a cover bank is required. As creating an image bank with close statistical properties may be difficult and time consuming, the video frames of Windows Media Video have been used.

With the increasing rate of cyber-attacks, creating security for cyberspace has become more important and crucial. Therefore computers, computer networks and all current systems connected to the Internet are always at risk of cyber-attacks. In this paper, a novel technique based on alteration technique of attack is proposed by providing a new classification in the methods of obfuscation. In this method, by replacing the attacks that have similar characteristics in the attack strategies the attacker causes an increase in wrong classification and thus reduces the dependence between attack steps. Therefore, by increasing the length of the attack, network security managers cannot easily distinguish cyber-attacks. The proposed model was assessed based on the Bayesian algorithm. The results of the research and implementation of the model indicate that the accuracy of classification (in terms of log) by intrusion detection systems for the best case of clean attacks in the sequel of attack, is -0.02 and for obfuscation attacks at the action level is -0.19. For obfuscate attacks with the alternative technique it becomes -3 and for the insertion technique it decreases to -6.74. In the proposed model, as in the obfuscation-based insertion technique, the corresponding attack method has been used. Due to the difference in the type of ambiguity model, different results are obtained, and the combination of these two obfuscating techniques in cyber-attacks can bring better results to the attacker in deceiving the intrusion detection systems and creating uncertainties in the sequence of observed attacks.

Direction finding of acoustic sources has special importance in military and industrial applications. Lots of algorithms are proposed for solving this problem but, as the complicated conditions of environment enter the problem, a common method with arbitrary precision does not exist for all situations. One of these cases is finding the direction of acoustic sources in multi reflection media such as shallow waters. In this case, many virtual sources are born which are copies of independent sources and are neither detectable nor removable. When the number of these reflections are more than the number of array sensors, the assumptions of customary direction-finding methods are not satisfied and therefore these methods are no longer applicable. In this case, we are facing a problem that the number of signal sources are more than the number of sensors. An important idea for handling this multipath phenomenon, is to increase the degree of freedom of the sonar array which can be solved based on the sparse arrays. Actually, employing the MRA array, will increase the number of real array sensors virtually so that the problem will return to the ordinary conditions. In this idea, the array manifold matrix is modified to be proportional to the sparse non-uniform array. Simulations confirm the function of the proposed algorithm in the presence of correlated sources that have low error and high angular resolution so that, by 6 real array sensors, this algorithm could find the direction of 12 sources whether independent or correlated. This algorithm is very close to CRLB limit and is better than all compared methods.

With the growth of information technology, network security is one of the major issues and a great challenge. Intrusion detection systems, are the main component of a secure network that detect the attacks which are not detected by firewalls. These systems have a huge load of data to analyze. Investigations show that many features are unhelpful or ineffective, so removing some of these redundant features from the feature set is a solution to reduce the amount of data and thus increase the speed of the detection system.  To improve the performance of the intrusion detection system it is essential to understand the optimal property set for all kinds of attacks. This research, in addition to presenting a method for intrusion detection based on combining neural networks, also introduces a method for extracting optimal features of the KDD CUP 99 dataset which is a standard dataset for testing computer networks intrusion detection methods.

With the development of electronic information technology, electronic medical records (EMRs) are considered a common way to store the patients’ data in hospitals. This information is recorded and stored in the databases of various hospitals and medical institutions, so patients do not have any control over their medical information. Due to the fact that medical information is one of the important assets of the people and the health system, there are serious concerns about the security and privacy of medical data and how to access this information. One of the most important challenges in e-Health is the storage and access control of medical data. In this paper, we propose a novel, secure and efficient model named SBA-PHR which is based on blocking technology and attribute-based encryption to share and store medical data in such a way as to maintain the user's privacy and fine grain access control. In SBA-PHR we have improved the revocation phase in ABE by using private blockchain. We prove the security of our proposed scheme in the formal model and its proper functioning based on BAN logic and establish its user data confidentiality, patient anonymity and privacy. Moreover, the computational and storage complexity of our proposed scheme demonstrates its efficiency and scalability.

An important category of the side-channel attacks takes advantage of the fact that cache leads to temporal changes in the execution of encryption algorithms and thus information leakage. Although side-channel attacks based on high cache memory are among the most widely used side-channel attacks, they have been less studied than other side-channel attacks. Accordingly, extensive research has been conducted by the cryptographic community in the area of ​​side-channel attacks based on cache memory.The focus of research has mainly been on the security of encryption algorithms implemented by Intel and Pentium processors, which due to the different cache structure of different processors, cannot be extended to other commonly used processors such as ARM. In response to this challenge, new research is focusing on cache-based side-channel attacks on various mobile processors and other applications including ARM processors. The different cache structure and lack of support for some of the commands needed to execute cache attacks have made it difficult to execute these attacks on ARM processors. In this paper, we first investigate the cache-timing attack using a collision event on one of the ARM processors. In this attack, the attacker only needs to measure the timing of the encryption, and unlike the access-driven attacks, the attacker does not need access to the victim's cache. We also implemented the attack using an industrial automation board called Raspberrypi3, which runs the router operating system, the results of which show the accuracy of the attack.

Adaptive steganography methods using an adaptive criterion, sequentially or randomly, hide a message in an image. The aim of security is to reduce the probability of detecting the existence of a message. In this article, first by using game theory it is illustrated that adaptive steganography algorithms with a simulation along with a quasi-random process, named as combinatorial image steganography algorithms have higher security compared to the pure adaptive steganography algorithms. Then, this matter is shown practically by designing patterns based on entropy and the  operator for 5000 natural images. The comparison of two designed algorithms, using SRM which is one of the most famous steganography algorithms, shows about 1.5% security superiority of the combinatory method compared to the purely adaptive method.

Wireless body area networks (WBANs) include many tiny sensor nodes which are planted in or around a patient’s body. These sensor nodes can collect biomedical data from the patient and transmit these valuable data to a data sink or a personal digital assistant. Later, health care service providers can get access to these data through authorization. The biomedical data are usually personal and private. Consequently, data confidentiality and user privacy are of primary concerns for WBAN. One of the most important factors for providing security in e-healthcare networks, is authentication protocols which allow both parties to authenticate each other. Recently, regarding this issue, Challa et al.[1] presented an efficient elliptic curve based provably secure three-factor key agreement and authentication protocol for wireless healthcare sensor networks. In this paper, firstly we identify some security flaws of the Challa et al.’s scheme such as privileged-insider attacks, lack of forward secrecy and user traceability. Then, we present a three-factor authentication scheme for (WBANs) and evaluate the security properties of our scheme formally via “ProVerif”. Presented security analysis and comparisons show that the proposed scheme is an efficient secure authentication scheme for WBANs.