THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY
Year:2013 | Volume:5 | Issue:1 |Papers Count:7

Welcome to the first issue of the fifth volume of ISeCure. In this issue, we publish six papers, with a single page per paper including the translation of the title and the abstract in Persian, for the utilization of Persian indexing centers...

This paper investigates digital data hiding schemes. The concept of information hiding will be explained at first, and its traits, requirements, and applications will be described subsequently. In order to design a digital data hiding system, one should first become familiar with the concepts and criteria of information hiding. Having knowledge about the host signal, which may be audio, image, or video and the final receiver, which is Human Auditory System (HAS) or Human Visual System (HVS), is also beneficial. For the speech/audio case, HAS will be briefly reviewed to find out how to make the most of its weaknesses for embedding as much data as possible. The same discussion also holds for the image watermarking. Although several audio and image data hiding schemes have been proposed so far, they can be divided into a few categories. Hence, conventional schemes along with their recently published extensions are introduced. Besides, a general comparison is made among these methods leading researchers/designers to choose the appropriate schemes based on their applications. Regarding the old scenario of the prisoner-warden and the evil intention of the warden to eavesdrop and/or destroy the data that Alice sends to Bob, there are both intentional and unintentional attacks to digital information hiding systems, which have the same effect based on our definition. These attacks can also be considered for testing the performance or benchmarking, of the watermarking algorithm. They are also known as steganalysis methods which will be discussed at the end of the paper.

In this paper, a new broadcast encryption scheme is presented based on threshold secret sharing and secure multiparty computation. This scheme is maintained to be dynamic in that a broadcaster can broadcast a message to any of the dynamic groups of users in the system and it is also fair in the sense that no cheater is able to gain an unfair advantage over other users. Another important feature of our scheme is collusion resistance. Using secure multiparty computation, a traitor needsk cooperators in order to create a decryption machine. The broadcaster can choose the value of k as he decides to make a trade-o between communication complexity and collusion resistance. Comparison with other Broadcast Encryption schemes indicates enhanced performance and complexity on the part of the proposed scheme (in terms of message encryption and decryption, key storage requirements, and ciphertext size) relative to similar schemes. In addition, the scheme is modeled using applied pi calculus and its security is verified by means of an automated verification tool, i.e., ProVerif.

Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is generated by a trusted Private Key Generator (PKG). However, it is unrealistic to assume that a single PKG will be responsible for issuing private keys to members of different organizations or a large-scale nation. Hence, it is needed to consider multiple PKG environments with different system parameters. In this paper, we propose an identity-based key agreement protocol among users of different networks with independent PKGs, which makes use of elliptic curves. We prove the security of the proposed protocol in the random oracle model and show that all security attributes are satisfied. We also demonstrate a comparison between our protocol and some related protocols in terms of the communication costs and the execution time. The results show that the execution time of our protocol is less than 10%, and its communication costs are about 50% of the competitor protocols.

To control the exponential growth of malware les, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware les. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In this paper, a dynamic approach is proposed in order to extract features from binaries. The run-time behavior of the binary les were found and recorded using a homemade tool that provides a controlled environment. The approach based on Dy VSoR assumes that the run-time behavior of each binary can be represented by the values of registers. A method to compute the similarity between two binaries based on the value sets of the registers is presented. Hence, the values are traced before and after invoked API calls in each binary and mapped to some vectors. To detect an unknown le, it is enough to compare it with dataset binaries by computing the distance between registers, content of this le and all binaries. This method could detect malicious samples with 96.1% accuracy and 4% false positive rate. The list of execution traces and the dataset are reachable at: http: //home.shirazu.ac.ir/ sami/malware.

The present paper is intended to present a robust multiplicative video watermarking scheme. In this regard, the video signal is segmented into 3-D blocks like cubes, and then, the 3-D wavelet transform is applied to each block. The low frequency components of the wavelet coefficients are then used for data embedding to make the process robust against both malicious and unintentional attacks. The hidden message is inserted through multiplying/dividing these coefficients by a constant parameter which controls the power of the watermark. The watermark extraction relies on a maximum likelihood-based procedure, observing the distribution of the watermarked coefficients. The performance of the proposed scheme has been verified via simulations and found to be superior to some of the well-known existing video watermarking methods.

The present paper is aimed at introducing a new algorithm for image encryption using chaotic tent maps and the desired key image. This algorithm consists of two parts, the first of which works in the frequency domain and the second, in the time domain. In the frequency domain, a desired key image is used, and a random number is generated, using the chaotic tent map, in order to change the phase of the plain image. This change in the frequency domain causes changes in the pixels value and shuffles the pixels location in the time domain. Finally, in the time domain, a pseudo random image is produced using a chaotic tent map, to be combined to the image generated through the first step, and thus the final encrypted image is created. A computer simulation is also utilized to evaluate the proposed algorithm and to compare its results to images encrypted by other methods. The criteria for these comparisons are chi-square test of histogram, correlation coefficients of pixels, NPCR (number of pixel change rate), UACI (unified average changing intensity), MSE (mean square error) and MAE (mean absolute error), key space, and sensitivity to initial condition. These comparisons reveal that the proposed chaotic image encryption method shows a higher performance, and is of more secure.