Sharif Digital Repository

With the growth of semantic-aware environments, such as semantic web, new security requirements are imposed in access control procedures. An access control model for semantic web should take the semantic relationships (in three scopes of subject, object and action) into account in its access decisions. Considering the advantages of logic based models and description logic foundation of semantic web, we use the description logic as a basis to propose access control models in this environment. On the other hand, in some applications, such as e-banking environments, policy definition with the constraint(s) based on previous users’ accesses might be crucial. To consider this aspect, in this... 

Using database encryption to protect data in some situations where access control is not soleley enough is inevitable. Database encryption provides an additional layer of protecton to conventional access control techniques. It prevents unauthorized users, including intruders breaking into a network, from viewing the sensitive data. As a result data remains protected even in the event that database is successfully attacked or stolen. However, encryption and decryption of data result in database performance degradation. In the situation where all the information is stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an... 

Existing Intrusion Detection Systems (IDSs) are not designed to deal with all categories of processing environments. This thesis focuses on IDSs for the Grid computing environment, and concentrates on feature selection and performance. An existing framework, Globus, is used as the basis for the consideration and development of the research issue in Grid computing. The system is based on two engine designs: (a) Signature and (b) Support Vector Machine; SVM has been selected for pattern discovery in traffic analysis. We found that the performance of the system greatly depends on the efficiency of the underlying framework and the number of Intrusion Detection System instances. We demonstrate... 

With fast improvements of technology in advances in electronic voting systems, has been very effective in substantially reducing the disadvantages of traditional elections and thus enhancing the legitimacy of those being elective. These systems, to be effective,
ought to be designed based on several security factors such as eligibility, correctness, voters' privacy, verifiability and receipt-freeness. One of the most important issues in this concept is ensuring the satisfaction of these properties. Using an incomplete and vulnerable system may cause negative consequences. Therefore, it is necessary to evaluate the system before implementation. Using formal methods for verification of... 

Today many communications take place over asynchronous insecure networks which do not provide any guarantee of security (as Internet); hence there is a must in authenticating party or parties with which we are going to interact. In many cases, more than two parties (entities) are going to interact, resulting in need of group authentication. Since authentication is inseparable from key exchange, we are going to introduce a new authenticated group key exchange protocol in this thesis which benefits from all known features for such a protocol in the literature such as contributiveness and deniability. To overcome the problem of concurrency, we use a framework dedicated to security in concurrent... 

Security protocols are mostly verified using tools based on model checking approach. These tools are automatic but they can be used for verifying protocols with low complexity and limited number of participants. The other approach that can be used in these cases is theorem proving. Inductive method is a theorem proving approach which is based on induction in mathematics. Inductive method has been applied for verifying several classical and real-world protocols.
The basic concepts in this method are event and trace. Using the concept of event, the network traffic can be modeled through various events occurring in the network. Atrace is a list of events and model a history of the network.... 

In this thesis, we present a new identification protocol which is based on lattice problems. Lattice-based cryptographic algorithms are, in general, faster than those based on number theory. Moreover, instead of algorithms based on number theory problems, such as Factoring and Discrete Logarithm, lattice-based ones are resistant against quantum computers. In addition, lattice problems have worst-case/average-case hardness relation; so become suitable choices for cryptographic purposes. However, there are few lattice-based identification protocols which are efficient. The protocol introduced in this thesis, is statistical zero-knowledge which means no verifier, even computationally unbounded... 

Recent violation of security properties of e-voting protocols not using provable security, indicates the importance of provable security. In this thesis, we use the provable security approach to analyze security properties of e-voting protocols.In addition to presenting an efficient and provably secure protocol, the minimal assumptions to achieve privacyin e-voting protocols are analyzed. The firstcon-tribution of this thesis is presenting an efficient and provably secure coercion-resistant protocol, which is a variant of the JCJ e-voting protocol (Juels et al.,2010). It decreases the total number of JCJ’s operations fromO(n2) to O(n). The second contribution of this thesis is proving the... 

While data outsourcing provides some benefits, it suffers from new privacy and security concerns, mainly about the confidentiality and integrity of the stored sensitive data, as well as enforcing access control policies. Current solutions to these aims are not comprehensive and consider only one aspect of security requirements. A secure DBMS architecture is introduced that simultaneously considers confidentiality, integrity and access control enforcement requirements. The transparency of security functions from data owner, service providers, and applications facilitates the operationality of the solution.Additionally, a new indexing technique for character encrypted data is proposed that... 

One important aspect of privacy, is confidentiality. A common solution to preserve the confidentiality in network communications is ”Virtual Pri- vate Network”. VPNs todays are expected to be more secure and support higher throughput for their new applications, such as Inter-Cloud VPN and Virtual Private Cloud. block cipher is an important security com- ponent employed in most VPNs.On the other hand, most block ciphers have mathematical weaknesses in their structures, so the ttacker can use these weaknesses to break them faster than brute-force attacks. This thesis proposes a new method named ”Chaos-based Selective Key (CSK) Cryptosystem”, for increasing the security of block ciphers in a much... 

One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes three challenges; 1) the average number of keys needed to access authorized resources, 2) efficient update of policies, and 3) confidentiality of data owner’s access control policies. Most of the existing proposed solutions address only one of these challenges, while they impose high overhead on both the data owner and users. Such an overhead prevents the model to be implemented in practical applications. In this thesis, we propose an approach to address all the aforementioned challenges with acceptable overhead. In this approach, which is based on selective... 

Identification protocols facilitates two participants A and B to identify themselves to each other. Beside identification, A and B can exchange a secret value along with the identification process as the key exchange identification protocol.A secure key exchange identification protocol hould utilize perfect forward secrecy (PFS) property. PFS means if an attacker could compromise an entity in future and gain its long-term key, he cannot succeed to extract previous session keys. So, he will be unable to decrypt previous messages and they will remain secure. Because of the low power and storage of light devices, updating secret shared keys is a solution to reach PFS in such protocols. A major... 

Operational models of (security) protocols, on the one hand, are readable and conveniently match their implementations (at a certain abstraction level). Epistemic models,on the other hand, are appropriate for specifying knowledge-related properties such as anonymity or secrecy. We propose a unified framework for formal specification and verification of both epistemic and behavioral aspects of security protocols. The framework provides explicit support for cryptographic constructs, which are among the most essential ingredients of security protocols. The main practical motivation for this work came from the domain of e-voting protocols. Hence, we investigate the applicability of the framework... 

Recently, many organizations outsource their data on an external server to rescue the trouble of data maintenance. But, data owners do not trust in the external server to enforce defined access control policies. In recent years, many researches was dedicated to cryptographic access control on outsourced data, in order to solve this problem. We introduce a method based on Attribute-based Encryption to enforce access control on outsourced data. In this method we consider policy updating and administrative access control. As a result The owner is not only able to change access control policies on outsourced data but also to define administrative rights (grant/revoke) for some admin users. Our... 

Nowadays, user accounts on websites such as Google, Facebook, and Yahoo are their key to login into other websites and on the Internet. Thus, there is no need for authentication in each website and each user can access his/her other accounts just by logging in Google or Facebook. In background, single sign-on protocols such as OpenID and OAuth are being used. Since single sign-on accounts are very critical and sensitive, they are always under attack of cyber intruders. One of the most important threats is phishing in which one of the seeming trustful components could be attacker.This thesis demonstrates that OpenID providers may not be worthwhile and trustful as they are able to have... 

In recent years, there has been a trend toward outsourcing data to the cloud provider. These companies must tackle the data security challenges. Generally these parties are assumed to be honest but curious. In past years, the research communities have been investigating different solution to ensure confidentiality.
In addition to data confidentiality access and pattern confidentiality is a high-priority issue in some cases so. potential adversary should be unable to drive information from the observed access pattern to the outsourced data. Despite the fact that there are more investigation in the field of data confidentiality, concern over data security are the rise in outsourcing data,... 

In recent two decades, different anonymous communication systems has been proposed. These systems are interested by journalists, bank employees, military forces, and human rights advocates. Tor is one of the most popular anonymous communication systems. Tor uses onion routing for privacy preserving. Re-cently, many attacks has been introduced against the anonymity of Tor users.In these attacks entry and exit nodes are compromised. One of these malicious nodes, makes the attack on the intented flow and the other one recognizes the flow. All these attacks admit their vulnerability against dummy messages. They state that, because of dynamics of onion’s keys, any dummy injection will dis-turb... 

Different data sources are creating a huge amount of data at increasing speeds that require real-time processing. Such data is called “Big data stream". Although, mining and analysis this type of data is so useful for companies, but it also may cause many privacy breaches. The principle issues for big data stream’ anonymization are real time processing and information loss. There are some works that are proposed for data streams, but they have some drawbacks such as inefficient anonymization of big data stream and also not consider time expiration of tuples that lead to increase the information loss and cost of the data publishing. In this thesis, in order to speed up the ability of big data... 

Mobile localization development, is the reason for appearance of location-based services (LBS). Be sure of not disclosing the user personal information is the main challenge in LBS. Many different concepts and approaches for the protection of location privacy have been described in the literature which change the query of user to server. These approaches falling roughly into two main categories: centralized and distributed (user-centric). Centralized category includes approaches like “changing query pattern” using encryption on user device, or using an “anonymizer trusted third party”. In such approaches threat of an untrustworthy LBS server is addressed by the introduction of a new...