THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY
Year:2017 | Volume:9 | Issue:1 |Papers Count:7

Welcome to the first issue of the ninth volume of the journal. In this issue, we publish six regular papers as well as a single page per paper incorporating the translation of the title and abstract in Persian, to be used by Persian indexing centers. …

Certificateless public key cryptography (CL-PKC) is a useful method in order to solve the problems of traditional public key infrastructure (i.e., large amount of computation, storage and communication costs for managing certificates) and ID-based public key cryptography (i.e., key escrow problem), simultaneously. A signcryption scheme is an important primitive in cryptographic protocols which provides the goals of signing and encrypting, simultaneously. In 2010, Liuet al.presented the first certificateless signcryption (CLSC) scheme in the standard model, but their scheme is vulnerable against di erent attacks presented in the literature, till now. In this paper, we improve their scheme and propose a new CLSC scheme, which is semantically secure against adaptive chosen ciphertext attack under the (S2; 5) -BDHE-Set assumption and existentially unforgeable against adaptive chosen message attack under the 3-CDHE assumption in the standard model. Our scheme is more efficient than all other secure CLSC schemes in the standard model proposed up to now.

Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. The architectural simulation for execution time, power usage and temperature on benchmarks shows that these parameters disclose meaningful and distinguishable behaviours in case of attack.

Communication security of wireless sensor networks is achieved using cryptographic keys assigned to the nodes. Due to resource constraints in such networks, random key pre-distribution schemes are of high interest. Although in most of these schemes no location information is considered, there are scenarios that location information can be obtained by nodes after their deployment. In this paper, we propose a novel probabilistic key pre-distribution scheme, for large-scale wireless sensor networks which utilizes location information in order to improve the performance of random key pre-distribution substantially. In order to apply the location information of the nodes in key distribution process, we partition the network into some regions and use graph coloring techniques to efficiently assign the random keys. The proposed scheme has a superior scalability by supporting larger number of nodes and also increasing the probability of existence of a shared exclusive key among the nearby nodes, i.e., the probability of having an isolated node is significantly reduced in comparison with the existing random key pre-distribution schemes. Our simulation results verify these terms.

A non-malleable code is a variant of an encoding scheme which is resilient to tampering attacks. The main idea behind non-malleable coding is that the adversary should not be able to obtain any valuable information about the message. Non-malleable codes are used in tamper-resilient cryptography and protecting memories against tampering attacks. Many di erent types of non-malleability have already been formalized and defined in current literature, among which continuous non-malleability is the setup in which the messages are protected against adversaries who may issue polynomially many tampering queries. The first continuous non-malleable encoding scheme has been proposed by Faustet al. (FMNV) in 2014. In this article, we propose a new proof ofcontinuous non-malleability of the FMNV scheme. The new proof will give rise to an improved andmore efficient version of this scheme.Also, the new proof shows that one may achieve continuous non-malleability of the same security by using aleakage resilient storage scheme with fewer bits for the leakage bound. This shows that the new scheme is more efficient and practical for tamper-resilient applications.

Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that di er in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common behaviour of code reuse attacks, which is the construction of a gadget chain. Therefore, the implication of a gadget and the minimum size of an attack chain are a matter of controversy. Conservative or relaxed thresholds may cause false positive and false negative alarms, respectively.The main contribution of this paper is to provide a tricky aspect of code reuse techniques, called tiny code reuse attacks (Tiny-CRA) that demonstrates the ine ectiveness of the threshold based detection methods. We show that with bare minimum assumptions, Tiny-CRA can reduce the size of a gadget chain in shuch a way that no distinction can be detected between normal behaviour of a program and a code-reuse execution. To do so, we exhibit our Tiny-CRA primitives and introduce a useful gadget set available in \libc. We demonstrate the e ectiveness of our approach by implementing nine di erent shell-codes and exploiting real-world bu er overow vulnerability in HT Editor 2.0.20.

One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more reliable. Although several researches are conducted for automated testing of the specification of access control policies at the design phase, there is not enough research on testing their implementation. In addition, since access control is amongst non-functional requirements of the system, it is not easy to test them along with other requirements of the system by usual methods. To address this challenge, in this paper, we propose an automated method for testing the implementation of access control in a system. This method, as a model based technique, is able to extract test cases for evaluating the access control policies of the system under test. To generate test cases automatically, a combination of behavior model of the system and the specification of access control policies are used. The experimental results show that the proposed approach is able to find the failures and cover most of the code that is related to access control policies.