نشریه منادی امنیت فضای تولید و تبادل اطلاعات (افتا)
سال سیزدهم شماره 2 (پیاپی 26، پاییز و زمستان 1403)

With the increasing use of RFID tags, there is a need for specific protocols to communicate with these tags. Among these protocols, the ownership transfer stands out as it ensures the security and privacy of objects for the new owner after a change of ownership. Recently, a lightweight object ownership transfer protocol has been proposed for RFID networks. This protocol utilizes a lightweight linear function for security. The designers of the protocol claim that it is secure against known attacks while also being lightweight. In this paper, we identify vulnerabilities in the function used in this protocol and demonstrate that it is susceptible to the secret disclosure attack. We show that with at most 4 × L executions of the protocol (where L is the key length), one can obtain the necessary information from intercepted data to execute the attack and subsequently recover the shared keys used in the protocol.

One of the most important issues in information technology era is data protection; If this issue is not considered, confidence and usability and extension of information and communication technology will be threatened. In this way, politiceans and decision makers in organizations, industry and governments want to regulate the information and communication era. This regularization is performed based on decision making considerations and variables, while forgetting them may rise challenges and cause crisis. In management sciences they are called strategic issues. Current research identifies, defines, and analyzes strategic issues that different goverments, use them to reinfornce information governance structures like maintenance and governance of data and information security. These strategic issues are in the range of national documents, reference standards and documentation related to general data protection regulations (GDPR). In this research, we investigate documents and references related to data protection regulations using content analysis, to identify strategic issues.

With the ever-increasing growth of the Internet and the expansion of imaging tools, digital images are a huge part of the information we work with. This information often contains sensitive data that requires protection. This paper presents a chaotic image encryption method that effectively safeguards the information contained within digital images. The IEPS encryption system is an image encryption scheme based on a Piecewise linear chaotic map (PWLCM) and the SHA-512 hashing function. This design incorporates two operations: permutation and substitution of image pixels. In the permutation stage, the PWLCM map is employed, and the features of the SHA-512 are utilized to substitute the pixels. The experimental results demonstrate that the PWLCM encryption algorithm successfully encrypts the information within the image and exhibits robust performance against various analyses, including the entropy, histogram, key sensitivity criterion, and resistance to differential attacks.

As the intensity of global cybersecurity threats continues to rise, the need for training security professionals has gained greater significance. Educational programs, complemented by laboratories and the execution of cybersecurity exercises, play a fundamental role in enhancing both offensive and defensive capabilities. The execution of such exercises is particularly crucial in operational networks, where testing cyberattacks may not be feasible. Cyber ranges offer an appropriate platform for conducting these exercises. A primary challenge in cybersecurity education is aligning training programs with the diverse skill levels of learners. Adaptive learning, powered by artificial intelligence and recommendation systems, can provide an effective solution for delivering personalized instruction. This study focuses on the KYPO Cyber Range to examine the potential of substituting or augmenting the role of the instructor with an AI-based recommendation agent. The objective of this research is to minimize human intervention and improve the efficiency of the training process. To this end, data collected from the KYPO Cyber Range, developed by Masaryk University, has been utilized, and various machine learning models have been applied to automate and optimize the training process. The results of this research indicate that the integration of artificial intelligence can enhance the performance of educational systems and reduce evaluation time.

With the advancement and development of Internet of Things (IoT) applications, the need for securing infrastructure in this domain has gained particular importance due to the limitations of computational and storage resources. Botnets are among IoT security challenges in which, by infecting computational nodes of this technology, they are capble of turning the network into a collection of compromised machines under the control of attackers. This paper proposes an anomaly detection system based on ensemble learning to prevent and identify IoT botnet attacks at the initial scanning stage and DDoS attacks. This system uses feature selection and optimal hyperparameter tuning for each classifier to increase model accuracy and prevent overfitting. The data used in this paper is taken from the BoT-IoT dataset, which covers activities related to different stages of the botnet lifecycle. For feature selection and classification, two ensemble learning algorithms, LightGBM and Random Forest, are used, and hyperparameter optimization is performed using the TPE method. Results demonstrated that the LightGBM algorithm achieved an error rate of 0.98% and an accuracy of 99.02%, while the Random Forest algorithm exhibited an error rate of 0.01% and an accuracy of 99.99%, indicating highly satisfactory performance in attack detection. The proposed models, with increased training and prediction time, have offered significantly higher accuracy compared to previous models.

Privacy preservation in healthcare monitoring systems has always been a concern for both patients and doctors. To address this issue, many protocols have been designed. In this article, we examine the proposed scheme by Nasr Esfahani and colleagues, evaluating it from a security perspective. Their proposed scheme uses a three-layer hierarchical template chain to store and maintain critical medical information of patients in a centralized and secure manner. Additionally, by using Zero-Knowledge Proof (ZKP) and ring signature methods, they demonstrate that their scheme protects medical data against both internal and external attacks. According to potential scenarios, the Nasr Esfahani et al. protocol has shown good performance against many attacks, such as storage attacks and replay attacks, but it is vulnerable to integrity violation attacks. The success probability of the attacks presented in this article is one, and the complexity is only a single execution of the protocol.

Certificateless searchable encryption is a cryptographic concept that simultaneously preserves data confidentiality and enables search over encrypted texts. There exist many certificateless searchable encryption schemes in the literature; however, most of them are based on computationally inefficient bilinear pairing operations. Pairing-based cryptographic schemes are not suitable for resource-constrained devices and consequently, researchers are seeking to provide pairing-free cryptographic schemes to enhance efficiency. Recently, Senouci et al. proposed a pairing-free certificateless searchable encryption scheme and claimed that their scheme outperforms other existing schemes in terms of security features, computational costs, and communication costs. However, in this paper, we disprove Senouci et al.’s claims and show that their scheme suffers from several significant security issues. More specially, we first show that their scheme is not actually a certificateless scheme. In other words, we show that in their scheme, an adversary can impersonate any user and perform cryptographic operations that should only be executable by the actual user. Then, we prove that Senouci et al.’s scheme does not meet ciphertext and trapdoor indistinguishability which are the essential security requirements of a searchable encryption scheme.

Auditable log is a common approach for monitoring system performance, forensic investigations, and event analysis. Regarding the crucial role of logs in identification of attackers, adversaries often attempt to tamper with these files to hide their traces. As a result, ensuring the secure storage of logs is critical. Blockchain technology, with its immutability feature, provides an ideal solution for secure storing of logs. However, the scalability limitations of existing public blockchains have made blockchain-based solutions impractical. To address this challenge, this paper proposes an approach where logs are categorized into time-based intervals, and a chain of linked entries using Message Authentication Codes (MAC) for each type of log. In addition to MAC, a counter is assigned to each class of log to enable detection of any deletion, insertion, repetition, or even reordering of log records, as the logical chain would be disrupted. At the end of each interval, known as checkpoint, newly verified log is appended to the blockchain. This approach not only ensures the security of logs but also enhances system efficiency by reducing the amount of data stored on the blockchain through batch processing. Our implementation demonstrates that the proposed system offers improved efficiency, requiring fewer computations compared to other methods.

Side-channel attacks, particularly power analysis attacks, pose a significant threat to the security of block cipher applications in hardware. These attacks can be executed using three primary methods: Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Correlation Power Analysis (CPA). This paper examines the vulnerability of the SPEEDY block cipher to such power analysis attacks. In the first section, we demonstrate that the non-linear layer of the SPEEDY block cipher is susceptible to information leakage when subjected to power analysis attacks. By implementing the cipher in hardware and utilizing 1000 input samples, we establish that key-recovery attacks are feasible. The second section focuses on countermeasures to enhance the security of the SPEEDY block cipher against power analysis attacks. We propose a secure implementation method that employs Domain-Oriented Masking (DOM). Using the SILVER tool and the T-test method, we show that the secured version of the SPEEDY block cipher effectively mitigates the vulnerabilities and information leakages present in the original version when exposed to power analysis attacks.