Sharif Digital Repository

Wireless communication networks such as cell phones are rapidly expanding and every day they attract more users. Information flow in these networks is basically through free space. Thus, theses networks are inherently subjected to eavesdropping. Cryptography based on the secure key is the well known traditional way of protecting information security in wireless networks. However, these cryptosystems are just computationally secure and have their vulnerabilities. Information theoretic security is a relatively new method which doesn’t rely on any preshared key or key infrastructure and uses inherent characteristics of the communication channel to provide robust and provable security.In this... 

Electronic voting is one of the applications of electronic systems, in which collection and tallying the votes are performed electronically. In electronic voting systems, cryptography is used to provide security requirements but defects of the cryptography have made the electronic voting protocol designers to use strong assumptions which are impractical or hard to implement.In this research, some of the strong assumptions in electronic voting protocols are studied and the soloution of solving them is given. First, the assumption of trusting to the tally authority in electronic voting protocols which are based on deniable authentications is considered and a new internet voting protocol based... 

A voting protocol was introduced by Popveniuc in 2006; it is receipt freeness, so appeared to be resistant against the bribed voter. In 2009 Clark using the bribed contract, and attacked to the voting protocol, in the elections by two candidates. He showed that this protocol is not resistant to the bribed voter. In this thesis, we use game theory and graph to extend the bribed contract for n candidates. Thus with the help of a graph, we show that this protocol with any number of candidates, is not resistant to the bribed voter, and we show that by increasing the number of candidates, the resistance of the protocol would be high and if the number of candidates is n, the success rate of this... 

In order to protect the proxy signers’ privacy, many anonymous proxy signature schemes have been proposed. As far as we know, there is no provable secure anonymous proxy signature scheme without random oracles. Because the provable security in the random oracle model has received a lot of criticism, in this thesis, the aim is proposing the first provable secure anonymous proxy signature in the standard model based on existing standard assumptions.It is shown in the standard model that, the proposal is anonymous against full key exposure and existential unforgeable with the computational Diffie Hellman (CDH) and Subgroup Hiding (SGH) assumptions in bilinear groups.To provide anonymity for proxy... 

In this thesis, intermediate-level cryptographic primitives of multi-proxy multi-signatures and proxy signatures with message recovery with different applications in multi-party protocols such as electronic voting are considered. To save bandwidth, improve efficiency and ensure the accuracy of design, four factors: employing identity-based settings, independency of signature size to the number of signers in multi-proxy multi-signature schemes, transmission of signatures without messages in proxy signature schemes and presenting provable security are vital. On
one hand, to take advantage of identity-based cryptosystems to improve efficiency, designing schemes without bilinear pairings is... 

Fair exchange of digital items through computer network is an important research topic of modern cryptography. Generallty, a fair exchange protocol is a way which helps two parties to exchange their digital items fairly, so that at the end of the protocol execution, both parties recieve their desirable items or none of them recieves anything. In a practical applications, fair exchange protocol is widely used in different but related fields like contract signing protocols,non-repudiation protocols,e-ayment system and certified e-mails. In a fair exchange protocol, a trusted third party (TTP) acts as an arbitrator between two parties. To reduce the traffic load of the arbitrator, the concept... 

Increasing use of World Wide Web and users tend to accompany in the electronic transaction has caused a fair exchange becomes very important and pervasive electronic transaction. These transactions have a lot of usage and benefits. In this study, the optimistic fair exchange has been studied. It is a special case of the fair exchange while having more advantages than the fair exchange. A situation considered that a signer could not sign a message by himself so he delegates his right in signing to a person as a proxy signer. In this study, a protocol of optimistic fair exchange for proxy signature is presented. So, the proxy signer can accompany in the optimistic fair exchange instead of the... 

For authenticity and confidentiality of data in design of smartcards, cryptographic algorithms are mainly used. These cryptographic algorithms are the base of secure communication, so they have been created to be resistant to theorical and mathematical analysis.
However, Implementation of these algorithms in electronic systems and devices such as smartcards lead to leak of information. This leaked information, known as side channel, can be utilized to reveal secret characteristics of system. Apparently, power consumption of device is most important side channel and gained a lot of attention from designers and attackers.
Hence, investigating methods of side channel attacks,... 

Security analysis of cryptographic systems against implementation attacks, including active and passive attacks, is an important issue due to the large number of such attacks in the real world. Since 2000’s, cryptographers have begun attempting to model active and passive attacks to implementation of cryptographic algorithms. At first, cryptographers modeled the attackers with ability to exploit leakaged information, leading to leakage-resilient cryptography. Afterwards, cryptographers modeled the attackers with ability to tamper with the cryptographic algorithms which led to tamper-resilient cryptography. Actually, the major proposed cryptographic primitive dealing with tampering is the... 

Design of anonymous authentication scheme is one of the most important challenges in Vehicular Ad hoc Networks (VANET). Most of the existing schemes have high computational and communication overhead and they do not meet security requirements. Recently, Azees et al. have introduced an Efficient Anonymous Authentication with Conditional Privacy-Preserving (EAAP) scheme for VANET and claimed that it is secure. We show that this protocol is vulnerable against replay attack, impersonation attack and message modification attack. Also, we show that the messages sent by a vehicle are linkable. Therefore, an adversary can easily track the vehicles. In addition, it is shown that vehicles face with... 

Social networks and the shared data in these networks are always considered as good opportunities in hands of the attackers. To evaluate the privacy risks in these networks and challenge the anonymization techniques, several de-anonymization attacks have been introduced so far. In this thesis, we propose a technique to improve the success rate of passive seed based de-anonymization attacks. Our proposed technique is simple and can be applied in combination with different types of de-anonymization attacks. We show that it can achieve high success rates with low number of seeds compared to similar attacks. Our technique can also be used for applying partial attacks on graphs which results in... 

The Internet of Things remains a matter of concern in the minds of the activists in the field after being raised. The structure of an IoT-based system, the components of an IoT-based system, the requirements and limitations of the Internet of Things are the most important parts of which no clear description of them has ever been presented. Structural modifiability, processing constraints, energy supply constraints, and most importantly the security of an IoT-based network are among the issues that have complicated the analysis of an IoT-based System. So providing a clear scheme and an open system for such networks can make it easier to make progress in this area. In this study, we first... 

Considering the advancement in cryptography technologies, data security in the computer networks has achieved to an acceptable level. But considering the structures and the protocols governing the data exchange in the computer networks, privacy of users and anonymity of transmitters is not preserved. Mix-nets are utilized to maintain anonymous data exchange in computer networks. Different types of Mix-net designs for various applications are proposed. Public verifiable Mix-nets are a group of Mix-nets that are used in designing cryptographic protocols such as electronic voting and payment. In this thesis, we have cryptanalysed structural weaknesses of the verifiable Mix-nets. The attacks on... 

In today's world in which a major part of information is digitalized and a large portion of the communication is done via computer networks, entities authentication while maintaining privacy is a concern with the growing importance and value. To meet this goal, during the past two decades, anonymous authentication protocols with different approaches for use in various applications has presented and developed. These protocols enable users to authenticate based on some of their properties, without revealing their own identities. Secret handshake protocols are considered as type of anonymous authentication protocols. This protocol has the unique feature of hiding users' affiliation to the... 

Among cryptography devices, resource constrained devices like sensors, RFID tags, smart cards and etc need a special class of cryptography algorithms. These devices have three limitations: memory, consumed power and computing power. Therefore, need a special class of cryptography algorithms that is lightweight cryptography. Lightweight cryptography systems have features and limitations that make them more vulnerable against attacks such as power analysis attacks. For this reason strengthening them against these attacks need more attention. So far, various countermeasure for secure implementation of different cryptography systems proposed. Most of them trying to decrease the correlation... 

In todays world, the importance of cloud computing is not deniable. Because, it provides an environment for accessing to a lot of useful applications in a convenient way with low cost. Cloud storage is one of such services which is provided by cloud computing. As the cloud providers are not fully trusted, it is necessary to encrypt the data before outsourcing, to preserve the privacy of stored information. To find a set of document which is related to some keywords, it is possible to designate cloud provider to search on behalf of entities. So, the encrypted data should be searchable and one solution which is suggested is searchable encryption. Related to this cryptographic primitive, there... 

Distinguishing Attacks are a class of attacks on stream ciphers, which evaluate the random peroperties of the keystream generated by a stream cipher. In fact in these attacks the cryptanalyst tries to determine whether a stream is generated by a specific cipher or it seems random. Most of the Distinguishing attacks use the linear cryptanalysis technique and are called Linear Distinguishing Attack. The focus of this thesis is on linear distinguishing attacks. After a survey on stream ciphers and their cryptanalysis methods, distinguishing attack is introduced in detail. Then a new successful linear distinguishing attack on a recently developed stream cipher, Shannon, is presented. This attack... 

Vehicle Ad-hoc Network (VANET) is a type of mobile Ad-hoc network (MANETs) which vehicles are mobile nodes of this network and it can be used for various applications such as secure data sharing between vehicles, sending road information to vehicles, traffic controlling and reducing road accidents, also primary types of these networks are implemented in some systems such as “Waze” and “Balad”. On the other hand, if the security requirments are not provide in these networks, attackers can use this network to cause disruptions in this network, including intentional accidents, so providing security requirements in these networks seems necessary. Data authentication and preserving privacy of the... 

Secure multi-party computation (MPC) enables a group of mutually distrustful parties to compute a joint and agreed upon function of their private inputs without disclosing anything but the corresponding output. One of the most important secure computation protocols is private set intersection (PSI). In PSI, often two or several parties wish to find the intersection of their sets without revealing other non-common elements. There exist some other variants of PSI protocol like PSI cardinality or threshold PSI which in the former only the cardinality of the intersection set is revealed and in the latter the intersection set is revealed if its cardinality is greater (less) than a certain value.... 

Cloud storage provides an accessible and cheap space for data storage. There is usually no trust between users and the Cloud. Consequently, to maintain confidentiality, outsourcing and storing sensitive data in an encrypted form is necessary. In applications where data sharing between several users is required, ciphertext-policy attribute-based encryption(CP-ABE) has been considered a promising solution, but the lack of efficiency and flexibility limits its usage in applications such as IoT. These problems are usually related to both the underlying structure and the required peripheral processes, such as key revocation. In this thesis, two schemes with the same basic structure and different...