Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767345
A. Haghighat, M. Kargar, Mohammad Sadeq Dousti, R. Jalili
Chevallier-Mames et al, proved that in a specific condition (such as the lack of untappable channels and trusted-third parties), the universal verifiability and privacy-preserving properties of e-voting protocols are incompatible (WOTE'06 and TTE'10). In this paper, we first show a flaw in their proof. Then, we prove that even with more assumptions, such as the existence of TTPs and untappable channels between the authorities, an e-voting protocol is unable to preserve privacy, regardless of verifiability. Finally, we demonstrate that preserving privacy in e-voting protocols requires the provision of at least one of the following assumptions: limited computational power of adversary, existence of an untappable/anonymous channel between voters and the authorities, or physical assumptions.
{"title":"Minimal assumptions to achieve privacy in e-voting protocols","authors":"A. Haghighat, M. Kargar, Mohammad Sadeq Dousti, R. Jalili","doi":"10.1109/ISCISC.2013.6767345","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767345","url":null,"abstract":"Chevallier-Mames et al, proved that in a specific condition (such as the lack of untappable channels and trusted-third parties), the universal verifiability and privacy-preserving properties of e-voting protocols are incompatible (WOTE'06 and TTE'10). In this paper, we first show a flaw in their proof. Then, we prove that even with more assumptions, such as the existence of TTPs and untappable channels between the authorities, an e-voting protocol is unable to preserve privacy, regardless of verifiability. Finally, we demonstrate that preserving privacy in e-voting protocols requires the provision of at least one of the following assumptions: limited computational power of adversary, existence of an untappable/anonymous channel between voters and the authorities, or physical assumptions.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130874322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767343
Rahim Toluee, M. R. Asaar, M. Salmasizadeh
In current ring signature schemes, there is no distinguishing about the ranks of members of the ring. This paper proposes a ring signature scheme which considers the members' rank values. We show our scheme is anonymous against full key exposure attack and unforgeable with respect to insider corruption in the standard model with the computational Diffie Hellman (CDH) and Subgroup Hiding (SGH) assumptions in bilinear groups.
{"title":"A new ring signature scheme","authors":"Rahim Toluee, M. R. Asaar, M. Salmasizadeh","doi":"10.1109/ISCISC.2013.6767343","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767343","url":null,"abstract":"In current ring signature schemes, there is no distinguishing about the ranks of members of the ring. This paper proposes a ring signature scheme which considers the members' rank values. We show our scheme is anonymous against full key exposure attack and unforgeable with respect to insider corruption in the standard model with the computational Diffie Hellman (CDH) and Subgroup Hiding (SGH) assumptions in bilinear groups.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131586314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767337
A. Azarian, M. Abadi
Internet worms pose major security threats for networks and users. This is due to their ability of self-spreading and self-replicating. In this paper, we introduce a new type of Internet worms, called Non-Overlapping Camouflaging worm (NOC-worm). It is an intelligent worm that makes a trade-off between stealth and propagation speed on the Internet. NOC-worm is different from traditional worms, because it controls its overall scan rate and avoids redundant scanning of the same hosts. Various scanning methods have different impacts on worm propagation models. An accurate propagation model helps us to comprehensively study how a worm spreads under various conditions which are computationally too heavy for simulation. Standard worm propagation models, such as SI and SIR, consider random scanning. Therefore, they cannot accurately model the inherent characteristics of NOC-worm appropriately. Hence, we extend SIR to model the NOC-worm's propagation behavior and analyze its characteristics. Our results show that NOC-worm can achieve a better trade-off between stealth and propagation speed on the Internet in comparison to other stealthy worms.
{"title":"On the trade-off between stealth and propagation speed of Internet worms","authors":"A. Azarian, M. Abadi","doi":"10.1109/ISCISC.2013.6767337","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767337","url":null,"abstract":"Internet worms pose major security threats for networks and users. This is due to their ability of self-spreading and self-replicating. In this paper, we introduce a new type of Internet worms, called Non-Overlapping Camouflaging worm (NOC-worm). It is an intelligent worm that makes a trade-off between stealth and propagation speed on the Internet. NOC-worm is different from traditional worms, because it controls its overall scan rate and avoids redundant scanning of the same hosts. Various scanning methods have different impacts on worm propagation models. An accurate propagation model helps us to comprehensively study how a worm spreads under various conditions which are computationally too heavy for simulation. Standard worm propagation models, such as SI and SIR, consider random scanning. Therefore, they cannot accurately model the inherent characteristics of NOC-worm appropriately. Hence, we extend SIR to model the NOC-worm's propagation behavior and analyze its characteristics. Our results show that NOC-worm can achieve a better trade-off between stealth and propagation speed on the Internet in comparison to other stealthy worms.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115779559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767338
D. Malekian, M. Hashemi
As e-commerce continues to grow, so does the opportunity for perpetrating online fraud. As a result many researches have been conducted to make online transactions possible in a risk free environment by proposing different fraud detection methods. Concept drift is an inherent feature in many data streams such as electronic financial transactions. Hence, many fraud detection techniques have tried to detect and preferably manage concept drift. In this paper, a new concept drift management framework has been proposed. In this framework a temporary profile has been introduced in order to retain new concepts in the incoming data stream independently from historical profile. When the historical profile reaches a different decision from the temporary profile this is an indication that most probably a concept drift has occurred. In this case, a window based method is applied as a strategy for managing concept drift. The ability to adapt normal profiles systematically makes this concept drift management framework applicable to any profile based fraud detection method. Simulation results indicate that the proposed scheme is able to reduce the false positives (FPs) of a typical fraud detection method to 4.3% on average in the presence of a wide variety of concept drifts in the incoming transactions. This is an average of 85.7% reduction in FPs for this fraud detection technique.
{"title":"An adaptive profile based fraud detection framework for handling concept drift","authors":"D. Malekian, M. Hashemi","doi":"10.1109/ISCISC.2013.6767338","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767338","url":null,"abstract":"As e-commerce continues to grow, so does the opportunity for perpetrating online fraud. As a result many researches have been conducted to make online transactions possible in a risk free environment by proposing different fraud detection methods. Concept drift is an inherent feature in many data streams such as electronic financial transactions. Hence, many fraud detection techniques have tried to detect and preferably manage concept drift. In this paper, a new concept drift management framework has been proposed. In this framework a temporary profile has been introduced in order to retain new concepts in the incoming data stream independently from historical profile. When the historical profile reaches a different decision from the temporary profile this is an indication that most probably a concept drift has occurred. In this case, a window based method is applied as a strategy for managing concept drift. The ability to adapt normal profiles systematically makes this concept drift management framework applicable to any profile based fraud detection method. Simulation results indicate that the proposed scheme is able to reduce the false positives (FPs) of a typical fraud detection method to 4.3% on average in the presence of a wide variety of concept drifts in the incoming transactions. This is an average of 85.7% reduction in FPs for this fraud detection technique.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124030888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767356
Z. Hakimi, K. Faez, M. Barati
Due to increasing number of network attacks, it is highly crucial to equip networks with an intrusion detection system (IDS). These systems must be able to deal with today's high speed and large scale networks. In this paper we propose a distributed IDS that performs both data capturing and data analyzing in a distributed fashion. This distributed mechanism enables our system to effectively operate within large scale and high traffic rate networks. We developed a grouping mechanism which divides computers in the network into subsets of computers with a leader and a few members. Subsequently, using a data sharing mechanism we were able to detect distributed attacks. Our data sharing mechanism added an overhead on the network traffic which is negligible compared to the overall network traffic. We simulated our method in NS2 simulation environment. Then we compared our proposed system with a centralized IDS in terms of detection rate, memory usage and packet loss rate. Results showed that our system's performance was better despite of some extra load imposed by distribution of data processing.
{"title":"An efficient architecture for distributed intrusion detection system","authors":"Z. Hakimi, K. Faez, M. Barati","doi":"10.1109/ISCISC.2013.6767356","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767356","url":null,"abstract":"Due to increasing number of network attacks, it is highly crucial to equip networks with an intrusion detection system (IDS). These systems must be able to deal with today's high speed and large scale networks. In this paper we propose a distributed IDS that performs both data capturing and data analyzing in a distributed fashion. This distributed mechanism enables our system to effectively operate within large scale and high traffic rate networks. We developed a grouping mechanism which divides computers in the network into subsets of computers with a leader and a few members. Subsequently, using a data sharing mechanism we were able to detect distributed attacks. Our data sharing mechanism added an overhead on the network traffic which is negligible compared to the overall network traffic. We simulated our method in NS2 simulation environment. Then we compared our proposed system with a centralized IDS in terms of detection rate, memory usage and packet loss rate. Results showed that our system's performance was better despite of some extra load imposed by distribution of data processing.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124056356","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767335
Mohammad-Reza Zare-Mirakabad, F. Kaveh-Yazdy, Mohammad Tahmasebi
Time series data, such as ECG, can be shared publicly for data mining applications and researches. This data similar to different kind of data types could be illegally exploited by an adversary to reveal identity of an individual. To prevent re-identification, many k-anonymization methods are introduced. Predictive models use probabilities of Ngrams of time series to predict future values. In this paper we propose an algorithm for k-anonymization of Ngram models of time series. It hides rare Ngrams of the time series between all other Ngrams that their frequencies are guaranteed to be at least k. Utilizing proposed algorithm on the real time series shows its effectivity by maximum information loss 2%.
{"title":"Privacy preservation by k-anonymizing Ngrams of time series","authors":"Mohammad-Reza Zare-Mirakabad, F. Kaveh-Yazdy, Mohammad Tahmasebi","doi":"10.1109/ISCISC.2013.6767335","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767335","url":null,"abstract":"Time series data, such as ECG, can be shared publicly for data mining applications and researches. This data similar to different kind of data types could be illegally exploited by an adversary to reveal identity of an individual. To prevent re-identification, many k-anonymization methods are introduced. Predictive models use probabilities of Ngrams of time series to predict future values. In this paper we propose an algorithm for k-anonymization of Ngram models of time series. It hides rare Ngrams of the time series between all other Ngrams that their frequencies are guaranteed to be at least k. Utilizing proposed algorithm on the real time series shows its effectivity by maximum information loss 2%.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125576830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767339
H. Yajam, Ali Mahmoodi, J. Mohajeri, M. Salmasizadeh
One of the most important systems for providing anonymous communication is the Mix nets which should provide correctness and privacy as security requirements against active adversaries. In 2009, Zhong proposed a new mix net scheme which uses identity-based cryptographic techniques and proved that it has “correctness” and “privacy” properties in the semi-honest model. Since the semi-honest model is a very strong assumption for practical application, we show that if a user or the last mix server is corrupted, Zhong scheme does not provide privacy against an active adversary.
{"title":"Security analysis of an identity-based mix net","authors":"H. Yajam, Ali Mahmoodi, J. Mohajeri, M. Salmasizadeh","doi":"10.1109/ISCISC.2013.6767339","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767339","url":null,"abstract":"One of the most important systems for providing anonymous communication is the Mix nets which should provide correctness and privacy as security requirements against active adversaries. In 2009, Zhong proposed a new mix net scheme which uses identity-based cryptographic techniques and proved that it has “correctness” and “privacy” properties in the semi-honest model. Since the semi-honest model is a very strong assumption for practical application, we show that if a user or the last mix server is corrupted, Zhong scheme does not provide privacy against an active adversary.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133817353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767349
S. Najdi, A. Ebrahimi
In this paper, two new fingerprinting techniques based on approximating octave frequency bands using multi-resolution analysis of Discrete Wavelet Transform (DWT) are presented. In first technique, energy difference at several frequency bands is used for deriving feature vector. In the second technique another feature vector including mean, Zero Crossing Rate (ZCR), normalized first moment and flatness of coefficients of each frequency band is computed. By modelling these vectors, two different fingerprint blocks are obtained. The robustness and discrimination power of proposed techniques are evaluated and compared to those of traditional PRH algorithm for audio fingerprinting.
{"title":"Audio fingerprinting based on multi-resolution analysis of Discrete Wavelet Transform","authors":"S. Najdi, A. Ebrahimi","doi":"10.1109/ISCISC.2013.6767349","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767349","url":null,"abstract":"In this paper, two new fingerprinting techniques based on approximating octave frequency bands using multi-resolution analysis of Discrete Wavelet Transform (DWT) are presented. In first technique, energy difference at several frequency bands is used for deriving feature vector. In the second technique another feature vector including mean, Zero Crossing Rate (ZCR), normalized first moment and flatness of coefficients of each frequency band is computed. By modelling these vectors, two different fingerprint blocks are obtained. The robustness and discrimination power of proposed techniques are evaluated and compared to those of traditional PRH algorithm for audio fingerprinting.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123057551","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767348
Shahla Mardani, H. Shahriari
Today, companies have turned to use fraud detection methods to reduce their financial losses that have been arisen in this way. Thus, Process aware information systems are vulnerable to insider frauds. Flexibility in these systems gives the opportunity for fraudsters to commit illegal activities. Strict security controls on these systems at runtime reduces their flexibility. Moreover, the frequent changes in these systems make inefficient the ordinary fraud detection methods and it remains as a challenge for organizations. In this paper, we propose a new fraud detection method that uses both statistical information about system's log and process model mined from it to detect fraudulent instances. Our method reduces false positive rate and supports loop, parallel and selection structures in processes. The experimental results show effectiveness of the approach as it represents value of more than 0.8 for F-measure.
{"title":"A new method for occupational fraud detection in process aware information systems","authors":"Shahla Mardani, H. Shahriari","doi":"10.1109/ISCISC.2013.6767348","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767348","url":null,"abstract":"Today, companies have turned to use fraud detection methods to reduce their financial losses that have been arisen in this way. Thus, Process aware information systems are vulnerable to insider frauds. Flexibility in these systems gives the opportunity for fraudsters to commit illegal activities. Strict security controls on these systems at runtime reduces their flexibility. Moreover, the frequent changes in these systems make inefficient the ordinary fraud detection methods and it remains as a challenge for organizations. In this paper, we propose a new fraud detection method that uses both statistical information about system's log and process model mined from it to detect fraudulent instances. Our method reduces false positive rate and supports loop, parallel and selection structures in processes. The experimental results show effectiveness of the approach as it represents value of more than 0.8 for F-measure.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121117255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-08-01DOI: 10.1109/ISCISC.2013.6767347
Mahsa Afsharizadeh, Majid Mohammadi
The prediction error expansion technique is one of the reversible watermarking techniques. The sorting technique exploits the correlation between neighboring pixels for optimizing embedding order hence sorting is a fundamental step to enhance the embedding capacity and visual quality. In this paper a new sorting technique is designed to improve the hiding capacity and visual quality. Using of prediction expansion, histogram shifting and our new sorting technique produces superior results than several methods. We use a new measure for sorting the cells and we show that using only local variance values for sorting is ineffective in some cases. By using the new measure we can solve this problem and lead to more efficient sorting procedure. Experimental results show the efficiency of our proposed sorting procedure.
{"title":"A reversible watermarking prediction based scheme using a new sorting technique","authors":"Mahsa Afsharizadeh, Majid Mohammadi","doi":"10.1109/ISCISC.2013.6767347","DOIUrl":"https://doi.org/10.1109/ISCISC.2013.6767347","url":null,"abstract":"The prediction error expansion technique is one of the reversible watermarking techniques. The sorting technique exploits the correlation between neighboring pixels for optimizing embedding order hence sorting is a fundamental step to enhance the embedding capacity and visual quality. In this paper a new sorting technique is designed to improve the hiding capacity and visual quality. Using of prediction expansion, histogram shifting and our new sorting technique produces superior results than several methods. We use a new measure for sorting the cells and we show that using only local variance values for sorting is ineffective in some cases. By using the new measure we can solve this problem and lead to more efficient sorting procedure. Experimental results show the efficiency of our proposed sorting procedure.","PeriodicalId":265985,"journal":{"name":"2013 10th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2013-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131807168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}