Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection

Permanent URI for this collectionhttps://hdl.handle.net/11147/7148

Browse

Filters

2023 - 20245

Settings

Publication Index: search.filters.publicationIndex.WoSSubject: search.filters.subject.Security

Search Results

Now showing 1 - 5 of 5
  • Article
    Citation - WoS: 1
    Citation - Scopus: 2
    The Crucial Role of Personal Values on Well-Being and Resilience in the Software Industry
    (Ieee Computer Soc, 2024) Yurum, Ozan Rasit; Ozcan-Top, Ozden
    Personal values play a pivotal role in shaping individuals' behaviors and decisions. This research aims to determine how alignment with personal values in both professional and personal life influences an individual's resilience and well-being in the software industry.
  • Article
    Citation - WoS: 1
    Citation - Scopus: 2
    New Security Proofs and Complexity Records for Advanced Encryption Standard
    (IEEE-Inst Electrical Electronics Engineers Inc, 2023) Kara, Orhun
    Common block ciphers like AES specified by the NIST or KASUMI (A5/3) of GSM are extensively utilized by billions of individuals globally to protect their privacy and maintain confidentiality in daily communications. However, these ciphers lack comprehensive security proofs against the vast majority of known attacks. Currently, security proofs are limited to differential and linear attacks for both AES and KASUMI. For instance, the consensus on the security of AES is not based on formal mathematical proofs but on intensive cryptanalysis over its reduced rounds spanning several decades. In this work, we introduce new security proofs for AES against another attack method: impossible differential (ID) attacks. We classify ID attacks as reciprocal and nonreciprocal ID attacks. We show that sharp and generic lower bounds can be imposed on the data complexities of reciprocal ID attacks on substitution permutation networks. We prove that the minimum data required for a reciprocal ID attack on AES using a conventional ID characteristic is 2(66) chosen plaintexts whereas a nonreciprocal ID attack involves at least 2(88) computational steps. We mount a nonreciprocal ID attack on 6-round AES for 192-bit and 2(56)-bit keys, which requires only 2(18) chosen plaintexts and outperforms the data complexity of any attack. Given its marginal time complexity, this attack does not pose a substantial threat to the security of AES. However, we have made enhancements to the integral attack on 6-round AES, thereby surpassing the longstanding record for the most efficient attack after a period of 23 years.
  • Conference Object
    Kurt saldırıları için sentetik irislerde örnek seçilimi
    (IEEE, 2023) Akdeniz, Eyüp Kaan; Erdoğmuş, Nesli
    In this study, samples with higher potential to succeed in wolf attacks are picked among synthetically generated iris images, and the composed subset is shown to pose a more significant threat toward an iris recognition system backed by a Presentation Attack Detection (PAD) module with respect to randomly selected samples. Iris images generated by Deep Convolutional Generative Adversarial Networks (DCGAN) are firstly filtered by rejection sampling on PAD score distribution of real iris image PAD scores. Next, the probability of zero success in all attack attempts is calculated for each synthetic iris image, using real iris images in the training set, and match and non-match score distributions are calculated on those. Synthetic images with the lowest probabilities of zero success are included in the final set. Our hypothesis that this set would be more successful in wolf attacks is tested by comparing its spoofing performances with randomly selected sample sets.
  • Article
    Citation - WoS: 3
    Citation - Scopus: 4
    Scalable Rfid Authentication Protocol Based on Physically Unclonable Functions
    (Elsevier, 2023) Kurt, Işıl; Alagöz, Fatih; Akgün, Mete
    Radio Frequency Identification (RFID) technology is commonly used for tracking and identifying objects. However, this technology poses serious security and privacy concerns for individuals carrying the tags. To address these issues, various security protocols have been proposed. Unfortunately, many of these solutions suffer from scalability problems, requiring the back-end server to work linearly in the number of tags for a single tag identification. Some protocols offer O(1) or O(log n) identification complexity but are still susceptible to serious attacks. Few protocols consider attacks on the reader-side. Our proposed RFID authentication protocol eliminates the need for a search in the back-end and leverages Physically Unclonable Functions (PUFs) to securely store tag secrets, making it resistant to tag corruption attacks. It provides constant-time identification without sacrificing privacy and offers log2 n times better identification performance than the state-of-the-art protocol. It ensures destructive privacy for tag holders in the event of reader corruption without any conditions. Furthermore, it enables offline readers to maintain destructive privacy in case of corruption.
  • Article
    Citation - WoS: 16
    Citation - Scopus: 25
    A Privacy-Preserving Scheme for Smart Grid Using Trusted Execution Environment
    (IEEE, 2023) Akgün, Mete; Üstündağ Soykan, Elif; Soykan, Gürkan
    The increasing transformation from the legacy power grid to the smart grid brings new opportunities and challenges to power system operations. Bidirectional communications between home-area devices and the distribution system empower smart grid functionalities. More granular energy consumption data flows through the grid and enables better smart grid applications. This may also lead to privacy violations since the data can be used to infer the consumer's residential behavior, so-called power signature. Energy utilities mostly aggregate the data, especially if the data is shared with stakeholders for the management of market operations. Although this is a privacy-friendly approach, recent works show that this does not fully protect privacy. On the other hand, some applications, like nonintrusive load monitoring, require disaggregated data. Hence, the challenging problem is to find an efficient way to facilitate smart grid operations without sacrificing privacy. In this paper, we propose a privacy-preserving scheme that leverages consumer privacy without reducing accuracy for smart grid applications like load monitoring. In the proposed scheme, we use a trusted execution environment (TEE) to protect the privacy of the data collected from smart appliances (SAs). The scheme allows customer-oriented smart grid applications as the scheme does not use regular aggregation methods but instead uses customer-oriented aggregation to provide privacy. Hence the accuracy loss stemming from disaggregation is prevented. Our scheme protects the transferred consumption data all the way from SAs to Utility so that possible false data injection attacks on the smart meter that aims to deceive the energy request from the grid are also prevented. We conduct security and game-based privacy analysis under the threat model and provide performance analysis of our implementation. Our results demonstrate that the proposed method overperforms other privacy methods in terms of communication and computation cost. The execution time of aggregation for 10,000 customers, each has 20 SAs is approximately 1 second. The decryption operations performed on the TEE have a linear complexity e.g., 172800 operations take around 1 second while 1728000 operations take around 10 seconds. These results can scale up using cloud or hyper-scalers for real-world applications as our scheme performs offline aggregation.