JOURNAL OF ELECTRONIC AND CYBER DEFENCE
Year:2014 | Volume:2 | Issue:1 (5)|Papers Count:8

Impossible differential attack is considered as one of the most efficient attacks on block ciphers. The main idea of this attack is to find the differences with zero probability to eliminate the wrong keys and, as a result, to find the right one. Because of having good diffusion in comparison with Feistel algorithms, Piccolo has remained secure against the differential attacks. In this paper, using some structural weaknesses of the algorithm, a differential attack is executed on 9 rounds of it. The time, data and memory complexity of the attack are 266.4 for 9-rounds Piccolo-80 encryptions, 261 chosen plaintext and 257 bytes of memory, respectively.

Covert timing channels, as a growing threat of network security, provide the possibility of leaking confidential information to an attacker. Thus, detection and countering these channels are important as a defensive measure in computer networks. The attacker uses an appropriate encoding schema to modulate covert information on temporal features of network packet stream. Embedding covert information in net- work traffic, casuses changes in traffic statistical properties such as distribution, correlation and entropy, which can be used in detection of covert timing channels. In this paper, statistical methods are identified and analyzed to detect these channels, and two encoding schemas L-bit to N-packet and non-detectable are used to implementi covert timing channels and those are evaluated. The results show that by using Kolmogorov-Smirnov, Regularity, corrected Entropy and corrected Conditional Entropy tests, we are able to completely detect L-bit to N-packet channel, and the stealthiness of non-detectable timing channel can be proved in a practical evaluation as well.

In a designated verifier threshold proxy signature scheme, an original signer can delegate his\her signing power to proxy signers such that any or more out of proxy signers can sign messages on behalf of the original signer but or less of the proxy signers cannot generate a valid proxy signature. Of course, the signature is issued for a designated receiver and therefore only the designated receiver can validate the proxy signature. In this paper, we propose a new designated verifier threshold proxy signature scheme and also show that our proposed scheme has provable security in the standard model. The security of proposed scheme is based on the assumption.

In this paper, a novel method is proposed for signal detection and the active users enumeration in asynchronous direct sequence code division multiple access (DS/CDMA) in multipath fading channel based on information theory criteria. There are two main categories of information criteria which are widely used in blind source separation (BSS), Akaike Information Criterion (AIC) and Minimum Description Length (Mlil.) information theory criteria. We use both of them in the proposed algorithm. Our introduced method needs a simple omni-directional antenna which simplifies receiver's structure and reduces its costs. Also, this exploitation provides us with the ability to use our proposed algorithm in the coherent signal case. Numerical results confirm our claims and the efficiency of algorithm in detection and exact enumeration of active users in low SNRs and multipath environment.

Nowadays, the vulnerabilities of operating systems and commonly applied software have provided a major hole for intruders to attacks to the information technology infrastructures. In this way, attackers may take the control of computer systems. Researches in software area have struggled a lot to develop and operate security mechanisms, to be applied in software development lifecycle, to resist the increasing growth of vulnerabilities. This paper evaluates the measure of impact and effectiveness of these security mechanisms by reviewing and statistical analysis of the existent reports in global database vulnerabilities. According to our conducted surveys, it is clarified that despite of the growing development of security mechanisms, some of the vulnerabilities have grown up and some of them are about removal from the list of the proposed vulnerabilities. The valuable point of this survey is introducing the rate of using a software as a parameter for estimating the amount of damage caused by software vulnerabilities.

Recently, free space optical communication secure links have attracted much attentions, especially in military and defense applications; the channel of this links is atmosphere. Data are delivered on a beam of light in Fee space. The atmosphere interacts with light because of the atmosphere composition. This interaction reduces the channel stability and increases the BER. In this paper, the effects of mechanical vibrations on the BER are evaluated. Several beam steering methods are introduced and compared with each other. FSM beam steerer method, as the most efficient way in an autotracking system, are used and it is shown that applying this beam steerer, the system's fluctuations are highly reduced while BER are improved.

One of the goals of spoofing nowadays is to provide the GPS receiver a fake signal. This way, the receiver will produce misleading time and position problems. This paper proposes two new methods for detecting and cancelling spoofing in GPS receivers. These anti-spoofing methods use Kalman filter and recurrent neural network to mitigate spoofing effects on GPS receivers. These methods are also used as an adaptive reduction factor to overcome spoofing effects. The performance of proposed method is analyzed in presence of spoofing signals. Experimental results show that the average pseudo-range RMS error improvement is 45% and 65% for Kalman filter based method and recurrent neural networks based method, respectively.

One of the most critical attacks, threatening the security of databases is SQL injection attack which is mostly held through web applications. This paper proposes a new method to detect and prevent SQL injection attack. The method is based on combination of both static and dynamic approaches and semantic analysis of queries. Run time queries are matched with static list and semantic pattern and as a result the degree of attack factor existence will be checked. Ontology is used on creation of semantic patterns. According to tests which are gathered from different databases, this method acts efficiently and flexibly enough to discover new attacks. The suggested architecture, in contrast with the others, is designed in such a way that it does not have a great database dependency and by some changes it can be used for the other databases.