International Journal of Information Security
Volume:13 Issue: 2, Jul 2021

The advent of cloud computing in the healthcare system makes accuracy and speed increased, costs reduced, and health services widely used. However, system users are always seriously concerned about the security of outsourced data. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising way to ensure the security of and facilitate access control over outsourced data. However, conventional CP-ABE schemes have security flaws such as lack of attribute privacy and resistance to the keywords guessing attacks as well as the disability to multi-keyword searches. To meet such shortcomings, we present a scheme supporting multi-keyword search and fine-grained access control, simultaneously. The proposed scheme is resistant to the offline keywords guessing attack. Privacy-preserving in the access structure is another feature of the proposed scheme. The security analysis indicates that our scheme is selectively secure in the standard model. Finally, the performance evaluation of the proposed scheme shows the efficiency is reasonable despite the added functionalities.

Side-channel analysis methods can reveal the secret information of digital electronic systems by analyzing the dependency between the power consumption of implemented cryptographic algorithms and the secret data. Recent studies show that it is possible to gather information about power consumption from FPGAs without any physical access. High flexibilities of modern FPGAs cause that they are used for cloud accelerator in Platform as a Service (PaaS) system; however, new serious vulnerabilities emerged for these platforms. Although there are some reports about how switching activities from one region of FPGA affect other regions, details of this technique are not analyzed. In this paper, we analyzed the strength of this kind of attack and examined the impact of geometrical and electrical parameters of the victim/attacker modules on the efficiency of this attack. We utilized a Zynq-based Xilinx platform as the device under attack. Experimental results and analyses show that the distance between the victim module and the sensor modules is not the only effective parameter on the quality of attack; the influence of the relational location of victim/attacker modules could be more considerable on the quality of attack.

The Blockwise-Korkine-Zolotarev (BKZ) algorithm has the main role in most lattice-based attacks, so the total cost and output quality of this algorithm should be computed exactly and used in parameter selection of lattice-based cryptographic primitives. Since the exact manner of BKZ for higher block sizes cannot be studied by practical running, simulation of BKZ is needed. In this paper, we introduce all necessary building-blocks of designing BKZ-simulation so much exactly. The main superiority of these building-blocks is that, either these components provably returned to their counterparts in BKZ algorithm, or proved/verified by long-studied heuristics or facts in lattice theory. Also, independency of these components makes them easy to use in design of any form of BKZ-simulation or any specific tester related to BKZ algorithm. More precisely, this paper includes following contributions: introducing a sampling method for norm of enumeration solution; introducing an exact definition of optimal enumeration radii; use of GSO coefficients besides the GSO norms as input/output parameters; design of a precise sampling methods for coefficient vectors related to enumeration solution; design of a proved process of updating GSO norm/coefficient together with a proved process of LLL reduction; defining so exact estimation of success probability and enumeration cost for GNR-pruning; introducing a mapping technique for GNR-pruned bounding function to avoid some wrong results in former studies and complexities in design of simulation.

File fragments’ type classification in the absence of header and file system information, is a major building block in various solutions devoted to file carving, memory analysis and network forensics. Over the past decades, a substantial amount of effort has been put into developing methods to classify file fragments. Meanwhile, there has been little innovation on the basics of approaches given into file and fragment type classification. In this research, by mapping each fragment as an 8-bit grayscale image, a method of texture analysis has been used in place of a classifier. Essentially, we show how to construct a vocabulary of visual words with the Bag-of-Visual-Words method. Using the n-gram technique, the feature vector is comprised of visual words occurrence. On the classification of 31 file types over 31000 fragments, our approach reached a maximum overall accuracy of 74.9% in classifying 512 byte fragments and 87.3% in classifying 4096 byte fragments.

Nowadays, from one hand multimedia authentication techniques are widely used to achieve trustworthiness, on the other hand, due to the rapid growth of image processing software technologies, having a secure method to protect the copyright of these data seems fairly essential. Multipurpose watermarking emerged in order to simultaneously accomplish multimedia authentication and copyright protection. In this paper, we propose a multipurpose watermarking method which achieves perfect security, the ability to detect tampered areas of the watermarked image as well as a lower BER rate, at the cost of reducing capacity by half. This watermarking scheme is blind in the sense that on the receiver side, neither the original host image nor the embedded watermark is needed for ownership watermark extraction or tamper detection. Experimental results show that our method is able to reconstruct extracted tampered watermarks even after various attacks such as JPEG compression, average filtering, gamma correction, median filtering, speckle noise, JPEG compression, sharpening, Wiener filter, and median filtering. Comparisons are provided with other multipurpose watermarking methods which primarily aim at simultaneous goals of copyright protection and authentication. We also show the superiority of our proposed method to three watermarking methods attaining these objectives on a one-goal-at-a-time basis.

Automatic detection of access control violations in software applications is a challenging problem. Insecure Direct Object Reference (IDOR) is among top-ranked vulnerabilities, which violates access control policies and cannot be yet detected by automated vulnerability scanners. While such tools may detect the absence of access control by static or dynamic testing, they cannot verify if it is properly functioning when it is present. When a tool detects requesting access to an object, it is not aware of access control policies to infer whether the request is permitted. This completely depends on the access control logic and there is no automatic way to fully and precisely capture it from software behavior. Taking this challenge into consideration, this article proposes a black-box method to detect IDOR vulnerabilities in web applications without knowing access control logic. To this purpose, we first, gather information from the web application by a semi-automatic crawling process. Then, we tricksily manipulate legal requests to create effective attacks on the web application. Finally, we analyze received responses to check whether the requests are vulnerable to IDOR. The detection process in the analysis phase is supported by our set theory based formal modeling of such vulnerabilities. The proposed method has been implemented as an IDOR detection tool (IDOT) and evaluated on a couple of vulnerable web applications. Evaluation results show that the method can effectively detect IDOR vulnerabilities provided that enough information is gathered in the crawling phase.

Dynamic analysis is a prominent approach in analyzing the behavior of Android apps. To perform dynamic analysis, we need an event generator to provide proper environment for executing the app in an emulator. Monkey is the most popular event generator for Android apps in general, and is used in dynamic analysis of Android malware as well. Monkey provides high code coverage and yet high speed in generating events. However, in the case of malware analysis, Monkey suffers from several limitations. It only considers UI events but no system events, and because of random behavior in generating UI events, it may lose dropping the connectivity of the test environment during the analysis process. Moreover, it provides no defense against malware evasion techniques. In this paper, we try to enhance Monkey by reducing its limitations while preserving its advantages. The proposed approach has been implemented as an extended version of Monkey, named Curious-Monkey. Curious-Monkey provides facilities for handling system events, handling evasion techniques, and keeping the test environment's connectivity up during the analysis process. We conducted many experiments to evaluate the effectiveness of the proposed tool regarding two important criteria in dynamic malware analysis: the ability to trigger malicious payloads and the code coverage. In the evaluation process, we used the Evadroid benchmark and the AMD malware dataset. Moreover, we compared Curious-Monkey with Monkey and Ares tools. The results show that the Curious-Monkey provides better results in case of triggering malicious payloads, as well as better code coverage.

There are many different ways of securing FPGAs to prevent successful reverse engineering. One of the common forms is obfuscation methods. In this paper, we proposed an approach based on obfuscation to prevent FPGAs from successful reverse engineering and, as a result, Hardware Trojan Horses (HTHs) insertion. Our obfuscation method is using ConFiGurable Look Up Tables (CFGLUTs). We suggest to insert CFGLUTs randomly or based on some optional parameters in the design. In this way, some parts of the design are on a secure memory, which contains the bitstream of the CFGLUTs so that the attacker does not have any access to it. We program the CFGLUTs in run-time to complete the bitstream of the FPGA and functionality of the design. If an attacker can reverse engineer the bitstream of the FPGA, he cannot detect the design because some part of it is composed of CFGLUTs, which their bitstream is on a secure memory. The first article uses CFGLUTs for securing FPGAs against HTHs insertion, which are results of reverse engineering. Our methods do not have any power and hardware overhead but 32 clock cycles time overhead.