Sharif Digital Repository

We can notice that security problems of inappropriate integration of native and web technologies in hybrid mobile applications (apps) have been covered in the related state-of-the-art research. However, analyzing hybrid mobile apps' unique behaviors has been seldom addressed. In this paper, we explore the influence of native and web technologies integration in hybrid mobile apps on the generated profile of mobile applications. Specifically, we analyze the type of Security Sensitive APIs (SS-APIs) exposed to web content and identify the corresponding usage patterns by systematically tracking function-call-graphs of a large number of hybrid and native mobile apps. Our investigations indicate... 

Widespread growth in Android malware stimulates security researchers to propose different methods for analyzing and detecting malicious behaviors in applications. Nevertheless, current solutions are ill-suited to extract the fine-grained behavior of Android applications accurately and efficiently. In this paper, we propose ServiceMonitor, a lightweight host-based detection system that dynamically detects malicious applications directly on mobile devices. ServiceMonitor reconstructs the fine-grained behavior of applications based on their interaction with system services (i.e. SMS manager, camera, wifi networking, etc). ServiceMonitor monitors the way applications request system services in... 

Nowadays m-banking (mobile banking) is widely used in many banks. It has embarked upon supply of various services based on different systems and with the aid of various services such as the Short Message Service (SMS). However in developing countries such as Iran, m-banking is facing some challenges. One of these challenges is the issue of language of this system, because the main language of this system, in both side of bank system and customer mobile phone, is English. Also one of the main issues in m-banking services is the security of the systems. For solvin g the above problems, we proposed a method in this paper. By this method we send secure banking messages as well as Persian SMS for... 

A Wireless sensor network (WSN) is composed of numerous sensor nodes with both insecurely limited hardware and restricted communication capabilities. Thus WSNs suffer from some inherent weaknesses. Key management is an interesting subject in WSNs because it is the fundamental element for all security operations. A few key management models for heterogeneous sensor networks have been proposed in recent years. In this paper, we propose a new key management scheme based on elliptic curve cryptography and signcryption method for hierarchical heterogeneous WSNs. Our scheme as a secure infrastructure has superior sensor node mobility and network scalability. Furthermore, we propose both a periodic... 

Yeh et al. have recently proposed a mutual authentication protocol based on EPC Class-1 Gen.-2 standard. They claim their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we show that the proposed protocol does not have cited security features properly. A powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al.'s protocol does not assure the untraceabilitiy and backwarduntraceabilitiy attributes. We also will propose our revision to safeguard the Yeh et al.'s protocol against cited attacks  

Public key management scheme in mobile ad hoc networks (MANETs) is an inevitable solution to achieve different security services such as integrity, confidentiality, authentication and non reputation. Probabilistic asymmetric key pre-distribution (PAKP) is a self-organized and fully distributed approach. It resolves most of MANET's challenging concerns such as storage constraint, limited physical security and dynamic topology. In such a model, secure path between two nodes is composed of one or more random successive direct secure links where intermediate nodes can read, drop or modify packets. This way, intelligent selection of intermediate nodes on a secure path is vital to ensure security... 

MANET, which stands for Mobile Ad-hoc Network, is composed of a group of self-organized and wireless nodes that do not possess any predictable and fixed infrastructure. When nodes want to communicate with each other, they have to pass on their messages directly or indirectly. In case the destination node is out of the transmission range, the source node has to rely on intermediate nodes, which, in this case, is called indirect transmission. On the other hand, if the destination node is the neighboring node, there is no need to employ intermediate nodes, which, in this case, is called direct transmission. Over the past years, security issues in MANETs have received a great deal of attention... 

The notions of identity-based multi-proxy signature, proxy multi-signature and multi-proxy multi-signature have been proposed to facilitate public key certificate management of these kinds of signatures by merely employing signer's identities in place of the public keys and their certificates. In the literature, most identity-based multi-proxy signature, proxy multi-signature and multi-proxy multi-signature schemes are based on bilinear pairings. Without incorporating bilinear pairings, Tiwari and Padhye proposed an identity-based proxy multi-signature scheme in 2011. Subsequently, an identity-based multi-proxy multi-signature scheme was proposed by Tiwari et al. in 2012. First, we review... 

In this paper, we introduce and investigate a cellular underwater wireless optical code division multiple-access (OCDMA) network based on optical orthogonal codes (OOC). The structures, principles, and performance of the underwater wireless OCDMA network in various water types are presented. Since underwater wireless optical links are considered for high-bandwidth underwater communications at short ranges, we will place a set of optical base transceiver stations (OBTS) each in the center of a hexagonal cell to cover a larger underwater area. The OBTSs are connected via fiber optic to an optical network controller (ONC) which operates as the core of the network. An integral expression for...