Sharif Digital Repository

When organizations prefer to outsource their data, security protection of data will be more important. Using cryptography in addition to access control techniques is a natural way for saving confidentiality of data against untrusted server. However, encryption and decryption of data result in database performance degradation. In such a situation all the information stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an unwilling tradeoff between the security and performance is normally forced. The appropriate approaches to increase the performance are methods to deal directly with the encrypted data without firstly... 

Using database encryption to protect data in some situations where access control is not soleley enough is inevitable. Database encryption provides an additional layer of protecton to conventional access control techniques. It prevents unauthorized users, including intruders breaking into a network, from viewing the sensitive data. As a result data remains protected even in the event that database is successfully attacked or stolen. However, encryption and decryption of data result in database performance degradation. In the situation where all the information is stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an... 

Existing Intrusion Detection Systems (IDSs) are not designed to deal with all categories of processing environments. This thesis focuses on IDSs for the Grid computing environment, and concentrates on feature selection and performance. An existing framework, Globus, is used as the basis for the consideration and development of the research issue in Grid computing. The system is based on two engine designs: (a) Signature and (b) Support Vector Machine; SVM has been selected for pattern discovery in traffic analysis. We found that the performance of the system greatly depends on the efficiency of the underlying framework and the number of Intrusion Detection System instances. We demonstrate... 

While intrusion detection systems (IDSs) are widely used, large number of alerts as well as high rate of false positive events make such a security mechanism insufficient. Accordingly, a track of recent security research, focused on alert correlation. This thesis proposes a Hidden Markov Model (HMM) based correlation method of intrusion alerts which have been fired from different IDS sensors across an enterprise. We used HMM to predict the next attack class of the intruder that is also known as plan recognition. Our method has two advantages. Firstly, it does not require any usage or modeling of network topology, system vulnerabilities, and system configurations. Secondly, as we perform high... 

Today many communications take place over asynchronous insecure networks which do not provide any guarantee of security (as Internet); hence there is a must in authenticating party or parties with which we are going to interact. In many cases, more than two parties (entities) are going to interact, resulting in need of group authentication. Since authentication is inseparable from key exchange, we are going to introduce a new authenticated group key exchange protocol in this thesis which benefits from all known features for such a protocol in the literature such as contributiveness and deniability. To overcome the problem of concurrency, we use a framework dedicated to security in concurrent... 

Data outsourcing is considered as a promising approach in today computing and connected world. This approach enables organizations to outsource their data to anexternal third party server which is responsible for storing and propagation of outsourced data. Although data outsourcing offers many benefits, especially for those organizations with limited resources and increaseing data volume, but this approach in security aspects like providing confidentiality and privacy about curious external third party or other threats, is faced by serious challenges. In the recent decade many approaches for solving or at least decreasing the potential threats over providing confidentiality of outsourced... 

Electronic voting refers to voting methods that is done using electronic devices or via the Internet or Web. Helios and Civitas protocols are among the recent protocols introduced in this field. Importance and high sensitivity of electronic voting protocols has led researchers to pay high attention about their security analysis. In recent years, different approaches have been used to inspect and analyze electronic voting protocols. In many of such approaches, analysis had been done in a very abstract environment and without considering the operational requirements.The purpose of this thesis is to evaluate the security features of electronic voting protocols, considering their operational and... 

End-to-end electronic voting protocols for electronic voting systems are used to hold a secure election with the two features of anonymity and verifiability. Verifiable mixnets are a fundamental element of electronic voting systems, which can keep the voters anonymous by mixing their votes, and provide a verifiability mechanism to prove their performance correctness. As the design of electronic voting protocols is error-prone, researchers consider the use of mathematics-based and systematic methods for their analysis. Therefore, based on formal methods and the process algebra approach, several studies have been conducted to analyze these systems, but none have properly analyzed verifiable... 

One of the security issues in database outsourcing scenario is the correctness of the query results. Correctness verification includes integrity, completeness and freshness of the results. Most of the proposed approaches for correctness verification impose high overhead on the components of the scenario which prevents the scenario to implemented in practical applications. In this thesis, we have proposed a probabilistic approach which imposes acceptable overhead for correctness verification of returned results of service provider. The approach uses the previous behavior of the service provider to calculate a trust value toward it which is used to adjust the imposed overhead. In other words,... 

While data outsourcing provides some benefits, it suffers from new privacy and security concerns, mainly about the confidentiality and integrity of the stored sensitive data, as well as enforcing access control policies. Current solutions to these aims are not comprehensive and consider only one aspect of security requirements. A secure DBMS architecture is introduced that simultaneously considers confidentiality, integrity and access control enforcement requirements. The transparency of security functions from data owner, service providers, and applications facilitates the operationality of the solution.Additionally, a new indexing technique for character encrypted data is proposed that... 

One important aspect of privacy, is confidentiality. A common solution to preserve the confidentiality in network communications is ”Virtual Pri- vate Network”. VPNs todays are expected to be more secure and support higher throughput for their new applications, such as Inter-Cloud VPN and Virtual Private Cloud. block cipher is an important security com- ponent employed in most VPNs.On the other hand, most block ciphers have mathematical weaknesses in their structures, so the ttacker can use these weaknesses to break them faster than brute-force attacks. This thesis proposes a new method named ”Chaos-based Selective Key (CSK) Cryptosystem”, for increasing the security of block ciphers in a much... 

One of the security issues in data outsourcing scenario is the enforcement of data owner’s access control policies. This includes three challenges; 1) the average number of keys needed to access authorized resources, 2) efficient update of policies, and 3) confidentiality of data owner’s access control policies. Most of the existing proposed solutions address only one of these challenges, while they impose high overhead on both the data owner and users. Such an overhead prevents the model to be implemented in practical applications. In this thesis, we propose an approach to address all the aforementioned challenges with acceptable overhead. In this approach, which is based on selective... 

In recent two decades, different anonymous communication systems has been proposed. These systems are interested by journalists, bank employees, military forces, and human rights advocates. Tor is one of the most popular anonymous communication systems. Tor uses onion routing for privacy preserving. Re-cently, many attacks has been introduced against the anonymity of Tor users.In these attacks entry and exit nodes are compromised. One of these malicious nodes, makes the attack on the intented flow and the other one recognizes the flow. All these attacks admit their vulnerability against dummy messages. They state that, because of dynamics of onion’s keys, any dummy injection will dis-turb... 

Mobile localization development, is the reason for appearance of location-based services (LBS). Be sure of not disclosing the user personal information is the main challenge in LBS. Many different concepts and approaches for the protection of location privacy have been described in the literature which change the query of user to server. These approaches falling roughly into two main categories: centralized and distributed (user-centric). Centralized category includes approaches like “changing query pattern” using encryption on user device, or using an “anonymizer trusted third party”. In such approaches threat of an untrustworthy LBS server is addressed by the introduction of a new... 

Different data sources are creating a huge amount of data at increasing speeds that require real-time processing. Such data is called “Big data stream". Although, mining and analysis this type of data is so useful for companies, but it also may cause many privacy breaches. The principle issues for big data stream’ anonymization are real time processing and information loss. There are some works that are proposed for data streams, but they have some drawbacks such as inefficient anonymization of big data stream and also not consider time expiration of tuples that lead to increase the information loss and cost of the data publishing. In this thesis, in order to speed up the ability of big data... 

As mobile networks have been expanded, the importance of subscribers' information security has become more and more evident. Despite mitigating known vulnerabilities of older mobile networks in newer generations, there are still some security flaws that can be exploited. In particular, as a common scenario, attackers can exploit "Use 2G mobile network if 3G/4G is unavailable" setting in order to force a subscriber to downgrade his/her mobile network to 2G; hence becoming vulnerable to known 2G attacks. Mobile networks have a heterogeneous and distributed architecture which make intrusion detection systems incapable of covering the entire network. In this dissertation, alongside with the... 

A traffic classifier maps each input stream into a pre-defined traffic class. If the traffic is encrypted using a protocol, such as SSL, or is protected using an encrypted tunnel, it's content would be hidden from the classifier, in which case the common traffic classification methods will be ineffective. Although common security mechanisms which provide information confidentiality to user can't hide all properties of messages, including length and time. Some of the newly presented methods of traffic classification utilize these properties and can actually classify messages without accessing their content. We will study such methods and their limitations in this thesis. Of all the encrypted... 

As cloud computing becomes a ubiquitous technology, data outsourcing, which means delegating storage and retrieval of the data to an extraneous service provider, becomes more popular. One of the main issues in data outsourcing is preserving data confidentiality and privacy. A common solution to this problem is encrypting the data before outsourcing, but this approach prevents the service provider from doing computations on the data. A trivial solution is to transfer all of the data to the client-side and decrypt it before doing the computations, but this solution imposes a large overhead on the client-side and contradicts the philosophy of outsourcing. Till now, so many encryption schemes... 

In recent years, internet traffic is experiencing an explosive growth. High performance networking in large scale computer networks creates several security challenges. Exploiting Deep Packet Inspection (DPI) is regarded as a big challenge especially for massive data when number of concurrent connections grows. Using simple security based on network layer data can easily avaded by attackers and also can not detect more sophisticated attacks like DDoS. In this paper we proposed a new grammar model named bidirectional asynchronous counting grammar and it’s automata. With this grammar model we can define policies based on extracted fields in both request and response flows. Using new model of...