Sharif Digital Repository

Data outsourcing is an approach to delegate the burden of data management to external servers. In spite of its clear advantages, data outsourcing requires security assurances including data confidentiality, query result correctness, and access control enforcement. Research proposals have identified solutions with disparate assumptions for different security requirements. It is a real obstacle towards having an integrated solution through the combination of existing approaches. The practicality of data outsourcing to the cloud is seriously affected by this challenge. In this thesis, a unified view based on secret sharing is proposed to simultaneously achieve confidentiality, correctness, and... 

Existing Intrusion Detection Systems (IDSs) are not designed to deal with all categories of processing environments. This thesis focuses on IDSs for the Grid computing environment, and concentrates on feature selection and performance. An existing framework, Globus, is used as the basis for the consideration and development of the research issue in Grid computing. The system is based on two engine designs: (a) Signature and (b) Support Vector Machine; SVM has been selected for pattern discovery in traffic analysis. We found that the performance of the system greatly depends on the efficiency of the underlying framework and the number of Intrusion Detection System instances. We demonstrate... 

When organizations prefer to outsource their data, security protection of data will be more important. Using cryptography in addition to access control techniques is a natural way for saving confidentiality of data against untrusted server. However, encryption and decryption of data result in database performance degradation. In such a situation all the information stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an unwilling tradeoff between the security and performance is normally forced. The appropriate approaches to increase the performance are methods to deal directly with the encrypted data without firstly... 

Data outsourcing is considered as a promising approach in today computing and connected world. This approach enables organizations to outsource their data to anexternal third party server which is responsible for storing and propagation of outsourced data. Although data outsourcing offers many benefits, especially for those organizations with limited resources and increaseing data volume, but this approach in security aspects like providing confidentiality and privacy about curious external third party or other threats, is faced by serious challenges. In the recent decade many approaches for solving or at least decreasing the potential threats over providing confidentiality of outsourced... 

Electronic voting refers to voting methods that is done using electronic devices or via the Internet or Web. Helios and Civitas protocols are among the recent protocols introduced in this field. Importance and high sensitivity of electronic voting protocols has led researchers to pay high attention about their security analysis. In recent years, different approaches have been used to inspect and analyze electronic voting protocols. In many of such approaches, analysis had been done in a very abstract environment and without considering the operational requirements.The purpose of this thesis is to evaluate the security features of electronic voting protocols, considering their operational and... 

Today many communications take place over asynchronous insecure networks which do not provide any guarantee of security (as Internet); hence there is a must in authenticating party or parties with which we are going to interact. In many cases, more than two parties (entities) are going to interact, resulting in need of group authentication. Since authentication is inseparable from key exchange, we are going to introduce a new authenticated group key exchange protocol in this thesis which benefits from all known features for such a protocol in the literature such as contributiveness and deniability. To overcome the problem of concurrency, we use a framework dedicated to security in concurrent... 

End-to-end electronic voting protocols for electronic voting systems are used to hold a secure election with the two features of anonymity and verifiability. Verifiable mixnets are a fundamental element of electronic voting systems, which can keep the voters anonymous by mixing their votes, and provide a verifiability mechanism to prove their performance correctness. As the design of electronic voting protocols is error-prone, researchers consider the use of mathematics-based and systematic methods for their analysis. Therefore, based on formal methods and the process algebra approach, several studies have been conducted to analyze these systems, but none have properly analyzed verifiable... 

This thesis is related to applying survey of scientific inventory control methods in Khoramshahr Oil Extraction Company (KHOEC). KHOEC is the producer of edible oils in I.R of Iran and is a subset of E.T.K.A holding organization. The inventory costs of high consuming items are studied and optimized based on the optimal ordering policy (r, Q). First, the company raw materials are identified and classified based on ABC analysis method. For developing the new method of inventory control, the demand for each item is predicted, and the probability distribution of demand during the lead time is determined. Then according to this information and the desired service level of management, order point... 

One of the security issues in database outsourcing scenario is the correctness of the query results. Correctness verification includes integrity, completeness and freshness of the results. Most of the proposed approaches for correctness verification impose high overhead on the components of the scenario which prevents the scenario to implemented in practical applications. In this thesis, we have proposed a probabilistic approach which imposes acceptable overhead for correctness verification of returned results of service provider. The approach uses the previous behavior of the service provider to calculate a trust value toward it which is used to adjust the imposed overhead. In other words,... 

Inventory control has been always considered important due to its prominent role in managing and better application of resources in the field of operational systems. Ordering system or review stock policy in supply chain management can be mentioned as one of the inventory control study fields of management. A lot of researches have been done in investigating ordering system in supply chain under certainty conditions; however, since the real world is full of uncertainties, parameters such as demand cannot be predicted exactly and we encounter with ambiguity. In this case, using crisp (exact) values can cause to decide wrongly (a wrong decision). On the other hand, due to absence of sufficient... 

In this paper, we consider a three-echelon supply chain consisting of a producer, a distributor and a retailer. Generally each echelon tends to minimize his own inventory costs. On the other hand, competitive environment of business market, force companies to develop strategic alliances. In order to boost their partnership, separated echelons must integrate their policies, so that the total cost of the system be minimized. The model, extends the research of Wang et al.(2011) by changing the No shortage assumption into backlog shortage model.
This study assumes different deterioration rates among different echelons, and deterioration rates are time-sensitive, which is very helpful in... 

While data outsourcing provides some benefits, it suffers from new privacy and security concerns, mainly about the confidentiality and integrity of the stored sensitive data, as well as enforcing access control policies. Current solutions to these aims are not comprehensive and consider only one aspect of security requirements. A secure DBMS architecture is introduced that simultaneously considers confidentiality, integrity and access control enforcement requirements. The transparency of security functions from data owner, service providers, and applications facilitates the operationality of the solution.Additionally, a new indexing technique for character encrypted data is proposed that... 

One important aspect of privacy, is confidentiality. A common solution to preserve the confidentiality in network communications is ”Virtual Pri- vate Network”. VPNs todays are expected to be more secure and support higher throughput for their new applications, such as Inter-Cloud VPN and Virtual Private Cloud. block cipher is an important security com- ponent employed in most VPNs.On the other hand, most block ciphers have mathematical weaknesses in their structures, so the ttacker can use these weaknesses to break them faster than brute-force attacks. This thesis proposes a new method named ”Chaos-based Selective Key (CSK) Cryptosystem”, for increasing the security of block ciphers in a much... 

While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high... 

This thesis presents a location- inventory model for dual-channel supply chains .Dual-channel supply chains have two channels for sale the traditional in-store (retail) channel and the online (retail) channel.The model assigns online demands to the capacitated stores currently serving in-store demands. Keeping the delivery network of the in-store demands unchanged, the model aims at minimizing the summation of transportation cost, inventory cost, and fixed handling cost in the system while assigning the online demands. We assume that at the beginning of each period a distribution center which just distributes products to the stores, follows an order-up-to policy which increases the total... 

One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes three challenges; 1) the average number of keys needed to access authorized resources, 2) efficient update of policies, and 3) confidentiality of data owner’s access control policies. Most of the existing proposed solutions address only one of these challenges, while they impose high overhead on both the data owner and users. Such an overhead prevents the model to be implemented in practical applications. In this thesis, we propose an approach to address all the aforementioned challenges with acceptable overhead. In this approach, which is based on selective... 

As mobile networks have been expanded, the importance of subscribers' information security has become more and more evident. Despite mitigating known vulnerabilities of older mobile networks in newer generations, there are still some security flaws that can be exploited. In particular, as a common scenario, attackers can exploit "Use 2G mobile network if 3G/4G is unavailable" setting in order to force a subscriber to downgrade his/her mobile network to 2G; hence becoming vulnerable to known 2G attacks. Mobile networks have a heterogeneous and distributed architecture which make intrusion detection systems incapable of covering the entire network. In this dissertation, alongside with the... 

One of the biggest challenges in online communication is privacy of individuals. Although anonymous communication (AC) protocols has been the subject of several security and anonymity analyses recently, there are still few frameworks for analyzing such complex systems (e.g. Tor) and their anonymity properties in a unified manner. In this study, an overview of anonymity features and techniques will be discussed by examining various protocols that provide undetectable network communication. Afterwards, the Tor network is described more precisely. Furthermore, the literature of formal methods is briefly reviewed, and the Universal Composable (UC) framework for the analysis of cryptography... 

In recent two decades, different anonymous communication systems has been proposed. These systems are interested by journalists, bank employees, military forces, and human rights advocates. Tor is one of the most popular anonymous communication systems. Tor uses onion routing for privacy preserving. Re-cently, many attacks has been introduced against the anonymity of Tor users.In these attacks entry and exit nodes are compromised. One of these malicious nodes, makes the attack on the intented flow and the other one recognizes the flow. All these attacks admit their vulnerability against dummy messages. They state that, because of dynamics of onion’s keys, any dummy injection will dis-turb... 

Different data sources are creating a huge amount of data at increasing speeds that require real-time processing. Such data is called “Big data stream". Although, mining and analysis this type of data is so useful for companies, but it also may cause many privacy breaches. The principle issues for big data stream’ anonymization are real time processing and information loss. There are some works that are proposed for data streams, but they have some drawbacks such as inefficient anonymization of big data stream and also not consider time expiration of tuples that lead to increase the information loss and cost of the data publishing. In this thesis, in order to speed up the ability of big data...