Your search keyword '"symmetric encryption"' showing total 33 results

1. Multilevel Identification Friend or Foe of Objects and Analysis of the Applicability of Post-Quantum Cryptographic Algorithms for Information Security

Author

M. Ogurtsov, V. Korolyov, and A. Khodzinsky

Subjects

Identification friend or foe, 021103 operations research, business.industry, Computer science, asymmetric cryptography, 0211 other engineering and technologies, General Engineering, Cryptography, 02 engineering and technology, Information security, Computer security, computer.software_genre, 01 natural sciences, post-quantum cryptography, quantum computer, identification friend or foe, 0103 physical sciences, symmetric encryption, Q300-390, 010306 general physics, business, Cybernetics, computer, Quantum

Abstract

Introduction. Widespread use of unmanned aerial vehicles in the civilian and military spheres requires the development of new algorithms for identification friend or foe of targets, as used in the Armed Forces of Ukraine (AFU) devices of the "Parol" system are designed to service approximately 110 objects military equipment. AFU automation systems allow the use of additional sources of information about various objects from civil or special data transmission networks, which can be the basis for building a networked multi-level system of state recognition. Predictions of the development of quantum computers foresee the possibility of breaking modern algorithms for information security in polynomial time in the next 5-10 years, which requires the development and implementation of new encryption algorithms and revision of modern parameters. The purpose of the article is to develop a new algorithm for state recognition of objects, which can be scaled to process the required number of manned and unmanned aerial vehicles. Potential threats to classical cryptographic protection algorithms for data networks, which will result in the execution of algorithms such as Grover and Shore on quantum computers, were also discussed. Results. The article proposes a new multilevel algorithm of state recognition based on modern cryptographic methods of information protection, which allows to perform reliable automated identification of objects, scale systems using data on potential targets from other sources through secure special networks. Grover's search algorithm does not give a strong increase in key search performance for symmetric encryption algorithms, so there is no need to increase the key lengths for this type of information security algorithms. Post-quantum asymmetric encryption algorithms require additional study and comprehensive testing of information security or increasing the key lengths of cryptographic algorithms, which corresponds to the number of qubits, i.e. more than twice. The most promising is the family of asymmetric post-quantum cryptographic algorithms based on supersingular isogenic elliptic curves. Conclusions. The developed algorithm of identification friend or foe of objects is more secure compared to existing algorithms and is focused on the use of modern on-board computers and programmable radio modems. Shore's algorithm and the like will be a significant threat to modern asymmetric cryptography algorithms when the number of qubits of quantum computers exceeds the number of bits in public keys more than twice. Keywords: identification friend or foe, symmetric encryption, asymmetric cryptography, quantum computer, post-quantum cryptography.

Published

2020

2. A Lightweight Privacy-Preserving Communication Protocol for Heterogeneous IoT Environment

Author

Chunsheng Zhu, Lihua Yin, Chonghua Wang, Chao Li, Fuyang Fang, Zhihong Tian, and Xi Luo

Subjects

General Computer Science, business.industry, Computer science, 020208 electrical & electronic engineering, General Engineering, secure communication, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, key delegation, Internet of Things (IoT), Symmetric-key algorithm, Home automation, symmetric encryption, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, lightweight protocol, business, Communications protocol, lcsh:TK1-9971, Protocol (object-oriented programming), Computer network, Data transmission

Abstract

While Internet-of-Things (IoT) significantly facilitates the convenience of people's daily life, the lack of security practice raises the risk of privacy-sensitive user data leakage. Securing data transmission among IoT devices is therefore a critical capability of IoT environments such as Intelligent Connected Vehicles, Smart Home, Intelligent City and so forth. However, cryptographic communication scheme is challenged by the limited resource of low-cost IoT devices, even negligible extra CPU usage of battery-powered sensors would result in dramatical decrease of the battery life. In this paper, to minimize the resource consumption, we propose a communication protocol involving only the symmetric key-based scheme, which provides ultra-lightweight yet effective encryptions to protect the data transmissions. Symmetric keys generated in this protocol are delegated based on a chaotic system, i.e., Logistic Map, to resist against the key reset and device capture attacks. We semantically model such protocol and analyze the security properties. Moreover, the resource consumption is also evaluated to guarantee runtime efficacy.

Published

2020

3. On the Security of Symmetric Encryption Against Mass Surveillance

Author

Da-Zhi Sun and Yi Mu

Subjects

Scheme (programming language), General Computer Science, Cover (telecommunications), Computer science, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Encryption, Computer security, computer.software_genre, 01 natural sciences, key recovery, decryptability, ComputingMethodologies_SYMBOLICANDALGEBRAICMANIPULATION, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, undetectability/detectability, Mass surveillance, computer.programming_language, business.industry, Substitution (logic), General Engineering, Symmetric-key algorithm, 010201 computation theory & mathematics, symmetric encryption, 020201 artificial intelligence & image processing, algorithm substitution attack, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, computer

Abstract

For mass surveillance, the algorithm substitution attacks (ASAs) are serious security threats to the symmetric encryption schemes. At CRYPTO 2014, Bellare, Paterson, and Rogaway (BPR) formally developed the security notions of decryptability, undetectability, and surveillance and presented a unique ciphertext symmetric encryption scheme against all possible ASAs. At FSE 2015, Degabriele, Farshim, and Poettering (DFP) relaxed the correctness of decryptability and presented an input-triggered ASA, which meets the BPR security definitions but violates the security of the BPR unique ciphertext scheme. Hence, DFP refined the security notions of detectability and subversion resistance to remove their ASA from the BPR unique ciphertext scheme. At CCS 2015, Bellare, Jaeger, and Kane (BJK) also developed the security notion of key recovery to make the input-triggered ASA infeasible. We investigate ASAs on the symmetric encryption scheme. Our contribution is twofold. (1) We propose a new trigger ASA against the symmetric encryption scheme . Our proposed ASA cannot be captured by the BJK security definitions. Comparatively, the DFP security definitions can detect our proposed ASA. In the view of ASAs, this result demonstrates that the DFP security definitions are not identical to the BJK security definitions. (2) We improve the DFP definition of subversion resistance . DFP proved that the BPR unique ciphertext scheme defeats the input-triggered ASA under their subversion resistance definition. However, we show that the BPR unique ciphertext scheme fails to meet the DFP subversion resistance definition due to our proposed ASA. Therefore, an improved definition on subversion resistance is proposed to cover all existing trigger ASAs. We prove that the BPR unique ciphertext scheme is secure under our improved definition. Therefore, we believe that our improved definition is more suitable to evaluate the ASA security of the symmetric encryption scheme.

Published

2020

4. SafeCity: Toward Safe and Secured Data Management Design for IoT-Enabled Smart City Planning

Author

Muhammad Usman Tariq, Hui Zhang, Varun G. Menon, Muhammad Ali Babar, Mian Ahmad Jan, and Xingwang Li

Subjects

General Computer Science, Computer science, Data management, Internet of Things, Data security, Context (language use), 02 engineering and technology, Computer security, computer.software_genre, data management design, Smart city, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Layer (object-oriented design), data analytics, business.industry, Payload, General Engineering, 020206 networking & telecommunications, data mining, Symmetric-key algorithm, smart city, symmetric encryption, 020201 artificial intelligence & image processing, The Internet, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971

Abstract

The interaction among different Internet of Things (IoT) sensors and devices become massive and insecure over the Internet as we probe to smart cities. These heterogeneous devices produce an enormous amount of data that is vulnerable to various malicious threats. The generated data need to be processed and analyzed in a secure fashion to make smart decisions. The smart urban planning is becoming a reality through the mass information generated by the Internet of Things (IoT). This paper exhibits a novel architecture, SafeCity, that limelight the ecosystem of smart cities consists of cameras, sensors, and other real-world physical devices. SafeCity is a three-layer architecture, i.e., a data security layer, a data computational layer, and a decision-making layer. At the first layer, payload-based symmetric encryption is used to secure the data from intruders by exchanging only the authentic data among the physical devices. The second layer is used for the computation of secured data. Finally, the third layer extracts visions from data. The secured exchange of data is ensured by using Raspberry Pi boards while the computation of data is tested on trustworthy datasets, using the Hadoop platform. The assessments disclose that SafeCity presents precious insights into a secured smart city in the context of sensors based IoT environment.

Published

2020

5. DESSE: A Dynamic Efficient Forward Searchable Encryption Scheme

Author

Zhang Jianbiao, Xu Wanshan, and Yilin Yuan

Subjects

dynamic, Correctness, General Computer Science, business.industry, Computer science, General Engineering, Cloud computing, Encryption, efficient, Public-key cryptography, Data retrieval, Symmetric-key algorithm, forward privacy, symmetric encryption, SSE, Overhead (computing), General Materials Science, lcsh:Electrical engineering. Electronics. Nuclear engineering, State (computer science), business, lcsh:TK1-9971, Computer network

Abstract

Under the cloud computing environment, Searchable Symmetric Encryption (SSE) is an effective method to solve the problem of encrypted data retrieval, and helps to protect the users' privacy. Recent researches show that some attacks may bring great security threats to SSE, and forward privacy can effectively prevent these attacks, so forward privacy is very necessary for SSE scheme. Most of the existing forward privacy SSE schemes fall into two types: ORAM-based and Bost-based. The former is simple, but it has large communication overhead and low dynamic update efficiency. The latter is better than the former, but it is based on asymmetric encryption primitives. Based on symmetric encryption primitives, we propose a dynamic efficient forward privacy scheme DESSE in this paper. DESSE uses pseudo-random permutation to realize forward privacy, and uses delete list to identify the final state of the same file added and deleted repeatedly, so as to realize the dynamic update of data. The method proposed in this paper is simple and flexible in structure, takes up less additional space, and can significantly improve the efficiency of updating. At the same time, it can achieve real-time updating of data. The correctness of our proposed scheme is tested using the Enron email data set in the end.

Published

2020

6. A Puzzle-Based Data Sharing Approach with Cheating Prevention Using QR Code

Author

Hsin-Liang Chen, Josh Jia-Ching Ying, Hsien-Chu Wu, and Chwei-Shyong Tsai

Subjects

Physics and Astronomy (miscellaneous), puzzle-based secret sharing scheme, Computer science, business.industry, information security, General Mathematics, Information security, QR code, Computer security, computer.software_genre, Encryption, Data sharing, Digital signature, Symmetric-key algorithm, Chemistry (miscellaneous), digital signature, Information hiding, Computer Science (miscellaneous), Code (cryptography), symmetric encryption, QA1-939, Error detection and correction, business, computer, Mathematics

Abstract

The information technique has developed rapidly. The technique of QR codes is widely applied in our daily life, and the mechanism is suitable to share data. A QR code uses symmetric encryption to store and retrieve data efficiently. However, the security issues of QR codes are seldom discussed by the wider community. Moreover, if the sender wishes only the authorized participant to attain the private data which are shared, the data must be encrypted. Furthermore, we do not know who should be censured when problems arise. In view of this, to maintain the integrity and the confidentiality of information security, this paper proposed a new puzzle-based data sharing scheme to share the private information safely. Firstly, we generated the digital signature of the information, then applied the random grids algorithm to obtain the shares. Then, we disarrayed the shares which contain the information and the digital signature with a puzzle-based encoding method. Afterwards, we concealed them into the cover QR codes. With the QR code mechanism of error correction, the marked QR code remain meaningful. Finally, we could send marked QR codes via transmission. The receiver could use XOR operation to obtain the private information after solving the puzzles and verify whether it was tampered with by the digital signature. The proposed system can recover the lossless data and protect them from being divulged. To deal with the potential hazard of transmission in a public environment, there are more and more studies on data hiding and image authentication.

Published

2021

7. Algorithm Substitution Attacks: State Reset Detection and Asymmetric Modifications

Author

Douglas Stebila and Philip Hodges

Subjects

Scheme (programming language), Computer engineering. Computer hardware, business.industry, Computer science, Applied Mathematics, Substitution (logic), Cryptography, State Reset, Symmetric Encryption, Kleptography, Computer Science Applications, TK7885-7895, Computational Mathematics, Symmetric-key algorithm, Stateful firewall, ComputingMethodologies_SYMBOLICANDALGEBRAICMANIPULATION, Algorithm Substitution Attack, Key (cryptography), State (computer science), business, computer, Reset (computing), Algorithm, Software, computer.programming_language

Abstract

In this paper, we study algorithm substitution attacks (ASAs), where an algorithm in a cryptographic scheme is substituted for a subverted version. First, we formalize and study the use of state resets to detect ASAs, and show that many published stateful ASAs are detectable with simple practical methods relying on state resets. Second, we introduce two asymmetric ASAs on symmetric encryption, which are undetectable or unexploitable even by an adversary who knows the embedded subversion key. We also generalize this result, allowing for any symmetric ASA (on any cryptographic scheme) satisfying certain properties to be transformed into an asymmetric ASA. Our work demonstrates the broad application of the techniques first introduced by Bellare, Paterson, and Rogaway (Crypto 2014) and Bellare, Jaeger, and Kane (CCS 2015) and reinforces the need for precise definitions surrounding detectability of stateful ASAs.

Published

2021

8. Increasing network reliability by securing SDN communication with QKD

Author

Alberto Gatto, Paolo Comi, Fabrizio Bianchi, Rafa J. Vicente, Paolo Martelli, Vicente Martin, Marco Brunero, Juan P. Brito, and Ruben B. Mendez

Subjects

Computer science, business.industry, QKD, Reliability (computer networking), Physical layer, Quantum key distribution, Encryption, secure communications, SDN, Symmetric-key algorithm, Secure communication, symmetric encryption, Single point of failure, Software-defined networking, business, Computer network

Abstract

Modern communication networks can be flexibly shaped and controlled using Software Defined Networking (SDN) paradigm. However, besides unprecedented functional benefits, this solution exploits an architectural single point of failure. Securing the communication among SDN functional element is therefore a critical requirement for improving the network reliability. A novel approach to secure communications is provided by Quantum Key Distribution (QKD) that is a physical layer technology capable to securely deliver symmetric encryption keys leveraging on quantum physic properties. Our research demonstrates how to provide unconditionally secure communication at SDN level dramatically improving the reliability of the communication network itself.

Published

2021

9. MOE: Multiplication Operated Encryption with Trojan Resilience

Author

Sebastian Faust, Gregor Leander, François-Xavier Standaert, Léo Perrin, Virginie Lallemand, Olivier Bronchain, UCL Crypto Group, Université Catholique de Louvain = Catholic University of Louvain (UCL), Technische Universität Darmstadt - Technical University of Darmstadt (TU Darmstadt), Cryptology, arithmetic : algebraic methods for better algorithms (CARAMBA), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Algorithms, Computation, Image and Geometry (LORIA - ALGO), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), Horst Görtz Institute for IT-security, Ruhr-Universität Bochum [Bochum], Cryptologie symétrique, cryptologie fondée sur les codes et information quantique (COSMIQ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), François-Xavier Standaert is a senior research associate of the Belgian Fund for Scientific Research (FNRS-F.R.S.). This work has been funded in parts by the ERC project 724725 (acronym SWORD). Sebastian Faust was partly funded by the German Research Foundation (DFG) through the Emmy Noether Program FA 1320/1-1. This work was initiated while Virginie Lallemand was with the Horst Görtz Institute for IT Security at the Ruhr-Universität Bochum and was funded by the DFG through LE 3372/4-1. Gregor Leander’s work is partially funded by the DFG, under Germany’s Excellence Strategy -EXC 2092 CASA - 390781972., European Project: 724725,SWORD(2017), Technische Universität Darmstadt (TU Darmstadt), UCL - SST/ICTM - Institute of Information and Communication Technologies, Electronics and Applied Mathematics, Department of Algorithms, Computation, Image and Geometry (LORIA - ALGO), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Inria Nancy - Grand Est, and Institut National de Recherche en Informatique et en Automatique (Inria)

Subjects

lcsh:Computer engineering. Computer hardware, Computer science, business.industry, Applied Mathematics, Modular multiplication, lcsh:TK7885-7895, Computer security, computer.software_genre, Encryption, Computer Science Applications, Computational Mathematics, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Trojan, Multiplication, business, Resilience (network), Trojan-resilience, computer, Symmetric encryption, Software

Abstract

International audience; In order to lower costs, the fabrication of Integrated Circuits (ICs) is increasingly delegated to offshore contract foundries, making them exposed to malicious modifications, known as hardware Trojans. Recent works have demonstrated that a strong form of Trojan-resilience can be obtained from untrusted chips by exploiting secret sharing and Multi-Party Computation (MPC), yet with significant cost overheads. In this paper, we study the possibility of building a symmetric cipher enabling similar guarantees in a more efficient manner. To reach this goal, we exploit a simple round structure mixing a modular multiplication and a multiplication with a binary matrix. Besides being motivated as a new block cipher design for Trojan resilience, our research also exposes the cryptographic properties of the modular multiplication, which is of independent interest.

Published

2021

10. Towards Efficient LPN-Based Symmetric Encryption

Author

Dario Korolija, Thomas Locher, Serge Vaudenay, and Sonia Bogos

Subjects

Scheme (programming language), lpn, Computer science, business.industry, Distributed computing, Exclusive or, Construct (python library), Encryption, fpga implementation, Symmetric-key algorithm, symmetric encryption, Noise (video), learning parity with noise, business, computer, Computer Science::Cryptography and Security, computer.programming_language

Abstract

Due to the rapidly growing number of devices that need to communicate securely, there is still significant interest in the development of efficient encryption schemes. It is important to maintain a portfolio of different constructions in order to enable a quick transition if a novel attack breaks a construction currently in use. A promising approach is to construct encryption schemes based on the learning parity with noise (LPN) problem as these schemes can typically be implemented fairly efficiently using mainly "exclusive or" (XOR) operations. Most LPN-based schemes in the literature are asymmetric, and there is no practical evaluation of any LPN-based symmetric encryption scheme. In this paper, we propose a novel LPN-based symmetric encryption scheme that is more efficient than related schemes. Apart from analyzing our scheme theoretically, we provide the first practical evaluation of a symmetric LPN-based scheme, including a study of its performance in terms of attainable throughput depending on the selected parameters. As the encryption scheme lends itself to an implementation in hardware, we further evaluate it on a low-end SoC FPGA. The measurement results attest that our encryption scheme achieves high performance rates in terms of throughput on such hardware, providing evidence that symmetric encryption schemes based on hard learning problems may be constructed that can compete with state-of-the-art encryption schemes.

Published

2021

11. Perfectly Secure Shannon Cipher Construction Based on the Matrix Power Function

Author

Kȩstutis Lukšys, Ausrys Kilciauskas, Eligijus Sakalauskas, Lina Dindienė, and MDPI AG (Basel, Switzerland)

Subjects

Discrete mathematics, Physics and Astronomy (miscellaneous), perfect security, business.industry, Computer science, General Mathematics, lcsh:Mathematics, block cipher, Function (mathematics), Encryption, lcsh:QA1-939, Matrix (mathematics), Shannon cipher, Cipher, Symmetric-key algorithm, Chemistry (miscellaneous), Computer Science (miscellaneous), symmetric encryption, Computer Science::Programming Languages, Completeness (statistics), business, Block cipher, Block (data storage), Computer Science::Cryptography and Security

Abstract

A Shannon cipher can be used as a building block for the block cipher construction if it is considered as one data block cipher. It has been proved that a Shannon cipher based on a matrix power function (MPF) is perfectly secure. This property was obtained by the special selection of algebraic structures to define the MPF. In an earlier paper we demonstrated, that certain MPF can be treated as a conjectured one-way function. This property is important since finding the inverse of a one-way function is related to an N P -complete problem. The obtained results of perfect security on a theoretical level coincide with the N P -completeness notion due to the well known Yao theorem. The proposed cipher does not need multiple rounds for the encryption of one data block and hence can be effectively parallelized since operations with matrices allow this effective parallelization.

Published

2020

12. Symmetric Key Encryption Based on Rotation-Translation Equation

Author

Borislav Stoyanov and Gyurhan Nedzhibov

Subjects

Physics and Astronomy (miscellaneous), Computer science, Iterative method, rotation–translation formula, General Mathematics, Data_MISCELLANEOUS, 02 engineering and technology, Encryption, 01 natural sciences, Public-key cryptography, 0103 physical sciences, Convergence (routing), Computer Science::Multimedia, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), 010301 acoustics, Stream cipher, Block cipher, Computer Science::Cryptography and Security, business.industry, lcsh:Mathematics, nonlinear equations, iterative methods, symmetric encryption, lcsh:QA1-939, Symmetric-key algorithm, Chemistry (miscellaneous), Key (cryptography), 020201 artificial intelligence & image processing, business, Algorithm

Abstract

In this paper, an improved encryption algorithm based on numerical methods and rotation–translation equation is proposed. We develop the new encryption-decryption algorithm by using the concept of symmetric key instead of public key. Symmetric key algorithms use the same key for both encryption and decryption. Most symmetric key encryption algorithms use either block ciphers or stream ciphers. Our goal in this work is to improve an existing encryption algorithm by using a faster convergent iterative method, providing secure convergence of the corresponding numerical scheme, and improved security by a using rotation–translation formula.

Published

2020

13. A fundamental flaw in the ++AE authenticated encryption mode

Author

Ed Dawson, Hassan Musallam Ahmed Qahur Al Mahri, Kenneth Koon-Ho Wong, Harry Bartlett, and Leonie Simpson

Subjects

Block cipher mode of operation, Authenticated encryption, Computer science, 68p25, Data_CODINGANDINFORMATIONTHEORY, 0102 computer and information sciences, 02 engineering and technology, caesar, 01 natural sciences, Most significant bit, QA1-939, 0202 electrical engineering, electronic engineering, information engineering, Hardware_ARITHMETICANDLOGICSTRUCTURES, 94a60, Block cipher, Authentication, forgery attack, business.industry, Applied Mathematics, block cipher, Plaintext, ++ae, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Computational Mathematics, Symmetric-key algorithm, 010201 computation theory & mathematics, symmetric encryption, Key (cryptography), 020201 artificial intelligence & image processing, authenticated encryption, business, Algorithm, Mathematics

Abstract

In this article, we analyse a block cipher mode of operation for authenticated encryption known as ++AE (plus-plus-AE). We show that this mode has a fundamental flaw: the scheme does not verify the most significant bit of any block in the plaintext message. This flaw can be exploited by choosing a plaintext message and then constructing multiple forged messages in which the most significant bit of certain blocks is flipped. All of these plaintext messages will generate the same authentication tag. This forgery attack is deterministic and guaranteed to pass the ++AE integrity check. The success of the attack is independent of the underlying block cipher, key or public message number. We outline the mathematical proofs for the flaw in the ++AE algorithm. We conclude that ++AE is insecure as an authenticated encryption mode of operation.

Published

2018

14. Encryption by Heart (EbH)—Using ECG for time-invariant symmetric key generation

Author

L. Gonzlez-Manzano, Pedro Peris-Lopez, Jos M. de Fuentes, and Carmen Camara

Subjects

Scheme (programming language), Time-invariant keys, DEVICES, Theoretical computer science, Biometrics, Computer Networks and Communications, Computer science, 02 engineering and technology, Encryption, computer.software_genre, DESIGN, 0202 electrical engineering, electronic engineering, information engineering, ALGORITHM, Symmetric encryption, MOBILE, computer.programming_language, ta113, Informática, Key generation, Authentication, ECG, business.industry, SCHEME, 020206 networking & telecommunications, BIOMETRICS, Symmetric Encryption, Symmetric-key algorithm, Hardware and Architecture, Feature (computer vision), COMPRESSION, 020201 artificial intelligence & image processing, Data mining, business, computer, Software, AUTHENTICATION, ENVIRONMENTS

Abstract

Wearable devices are a part of Internet-of-Things (IoT) that may offer valuable data of their porting user. This paper explores the use of ElectroCardioGram (ECG) records to encrypt user data. Previous attempts have shown that ECG can be taken as a basis for key generation. However, these approaches do not consider time-invariant keys. This feature enables using these so-created keys for symmetrically encrypting data (e.g. smartphone pictures), enabling their decryption using the key derived from the current ECG readings. This paper addresses this challenge by proposing EbH, a mechanism for persistent key generation based on ECG. EbH produces seeds from which encryption keys are generated. Experimental results over 24 h for 199 users show that EbH, under certain settings, can produce permanent seeds (thus time-invariant keys) computed on-the-fly and different for each user up to 95.97% of users produce unique keys. In addition, EbH can be tuned to produce seeds of different length (up to 300 bits) and with variable min-entropy (up to 93.51). All this supports the workability of EbH in a real setting. (C) 2017 Elsevier B.V. All rights reserved. Funding: This work was supported by the MINECO grants TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and TIN2016-79095-C2-2-R (SMOG-DEV); by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), which is co-funded by European Funds (FEDER); and by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain (J. M. de Fuentes and L. Gonzalez-Manzano grants). Data used for this research was provided by the Telemetric and ECG Warehouse (THEW) of University of Rochester, NY.

Published

2017

15. Practical homomorphic encryption over the integers for secure computation in the cloud

Author

James Dyer, Martin Dyer, and Jie Xu

Subjects

021110 strategic, defence & security studies, Homomorphic secret sharing, Theoretical computer science, Computer Networks and Communications, business.industry, Computer science, Secure computation in the cloud, 0211 other engineering and technologies, Homomorphic encryption, Cryptography, Computing on encrypted data, 02 engineering and technology, Symmetric Encryption, Multiple encryption, Symmetric-key algorithm, Probabilistic encryption, Secure two-party computation, Ciphertext, Safety, Risk, Reliability and Quality, business, Homomorphic Encryption, Software, Information Systems, Computer Science::Cryptography and Security

Abstract

We present novel homomorphic encryption schemes for integer arithmetic, intended primarily for use in secure single-party computation in the cloud. These schemes are capable of securely computing arbitrary degree polynomials homomorphically. In practice, ciphertext size and running times limit the polynomial degree, but this appears sufficient for most practical applications. We present four schemes, with increasing levels of security, but increasing computational overhead. Two of the schemes provide strong security for high-entropy data. The remaining two schemes provide strong security regardless of this assumption. These four algorithms form the first two levels of a hierarchy of schemes, and we also present the general cases of each scheme. We further elaborate how a fully homomorphic system can be constructed from one of our general cases. In addition, we present a variant based upon Chinese Remainder Theorem secret sharing. We detail extensive evaluation of the first four algorithms of our hierarchy by computing low-degree polynomials. The timings of these computations are extremely favourable by comparison with even the best of existing methods and dramatically outperform many well-publicised schemes. The results clearly demonstrate the practical applicability of our schemes.

Published

2019

16. Subverting Decryption in AEAD

Author

Marcel Armour and Bertram Poettering

Subjects

Scheme (programming language), 0303 health sciences, Class (computer programming), Correctness, business.industry, Computer science, Substitution (logic), Adversary, Symmetric Encryption, Computer security, computer.software_genre, Encryption, Algorithm Substitution Attacks, Mass Surveillance, 03 medical and health sciences, 0302 clinical medicine, Symmetric-key algorithm, Privacy, 030220 oncology & carcinogenesis, business, computer, Implementation, 030304 developmental biology, computer.programming_language

Abstract

This work introduces a new class of Algorithm Substitution Attack (ASA) on Symmetric Encryption Schemes. ASAs were introduced by Bellare, Paterson and Rogaway in light of revelations concerning mass surveillance. An ASA replaces an encryption scheme with a subverted version that aims to reveal information to an adversary engaged in mass surveillance, while remaining undetected by users. Previous work posited that a particular class of AEAD scheme (satisfying certain correctness and uniqueness properties) is resilient against subversion. Many if not all real-world constructions – such as GCM, CCM and OCB – are members of this class. Our results stand in opposition to those prior results. We present a potent ASA that generically applies to any AEAD scheme, is undetectable in all previous frameworks and which achieves successful exfiltration of user keys. We give even more efficient non-generic attacks against a selection of AEAD implementations that are most used in practice. In contrast to prior work, our new class of attack targets the decryption algorithm rather than encryption. We argue that this attack represents an attractive opportunity for a mass surveillance adversary. Our work serves to refine the ASA model and contributes to a series of papers that raises awareness and understanding about what is possible with ASAs.

Published

2019

17. Universal Optimality of Apollonian Cell Encoders

Author

Thomas Given-Wilson, Axel Legay, Fabrizio Biondi, CentraleSupélec, Threat Analysis and Mitigation for Information Security (TAMIS), Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-LANGAGE ET GÉNIE LOGICIEL (IRISA-D4), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Université de Bretagne Sud (UBS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Rennes (ENS Rennes)-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-CentraleSupélec-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Bretagne Sud (UBS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-École normale supérieure - Rennes (ENS Rennes)-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes 1 (UR1), Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes 1 (UR1), and Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique)

Subjects

0301 basic medicine, Theoretical computer science, Constructive proof, Computer science, 0102 computer and information sciences, Reuse, Encryption, 01 natural sciences, Apollonian, 03 medical and health sciences, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Entropy (information theory), Cryptosystem, business.industry, max-equivocation, 16. Peace & justice, Information-theoretic security, 030104 developmental biology, unconditional security, Symmetric-key algorithm, 010201 computation theory & mathematics, private-key cryptography, symmetric encryption, perfect secrecy, business, entropy, Encoder

Abstract

Preserving privacy of private communication against an attacker is a fundamental concern of computer science security. Unconditional encryption considers the case where an attacker has unlimited computational power, hence no complexity result can be relied upon for encryption. Optimality criteria are defined for the best possible encryption over a general collection of entropy measures. This paper introduces Apollonian cell encoders, a class of shared-key cryptosystems that are proven to be universally optimal. In addition to the highest possible security for the message, Apollonian cell encoders prove to have perfect secrecy on their key allowing unlimited key reuse. Conditions for the existence of Apollonian cell encoders are presented, as well as a constructive proof. Further, a compact representation of Apollonian cell encoders is presented, allowing for practical implementation.

Published

2018

18. A Note on Keys and Keystreams of Chacha20 for Multi-key Channels

Author

Adam Czubak, Marcin Szymanek, and Andrzej Jasiński

Subjects

Cybersecurity, business.industry, Computer science, Keystream, Boundary (topology), Stream cipher, 020206 networking & telecommunications, 02 engineering and technology, RC4, Symmetric-key algorithm, Chacha20, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Symmetric encryption, Algorithm

Abstract

In this paper we analyze the keystreams generated by the Chacha20 stream cipher. We also compare these to the ones generated by its predecessor, the RC4 stream cipher. Due to the proposed multi-key channels in the upcoming TLS 1.3 standard we analyze the behavior of the keystream in the boundary case where there is a single bit difference between two keys used for the initiation of the stream cipher algorithms. The goal is to check whether a single bit change in the key has any predictable influence on the bits of the keystream output.

Published

2018

19. Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Author

Young-Hwa Cho, Young Keun Lee, Suntae Kim, Aamir Shahzad, Malrey Lee, Naixue Xiong, and Jae-Young Choi

Subjects

Physics and Astronomy (miscellaneous), Computer science, business.industry, General Mathematics, asymmetric encryption, lcsh:Mathematics, Covert channel, Cryptography, Computer security model, Computer security, computer.software_genre, lcsh:QA1-939, cryptography buffer, hashing, Public-key cryptography, Information sensitivity, Security service, Chemistry (miscellaneous), Computer Science (miscellaneous), symmetric encryption, business, Protocol (object-oriented programming), computer, Modbus, Computer network

Abstract

Information technology (IT) security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods.

Published

2015

20. Cryptanalysis of chosen symmetric homomorphic schemes

Author

Serge Vaudenay and Damian Vizár

Subjects

Homomorphic secret sharing, Theoretical computer science, business.industry, key-recovery, General Mathematics, Symmetric cryptography, Homomorphic encryption, law.invention, Cryptanalysis, Symmetric-key algorithm, Probabilistic encryption, law, Known-plaintext attack, symmetric encryption, 40-bit encryption, 56-bit encryption, business, Computer Science::Cryptography and Security, Mathematics

Abstract

Since Gentry’s breakthrough result was introduced in the year 2009, the homomorphic encryption has become a very popular topic. The main contribution of Gentry’s thesis [5] was, that it has proven, that it actually is possible to design a fully homomorphic encryption scheme. However ground-breaking Gentry’s result was, the designs, that employ the bootstrapping technique suffer from terrible performance both in key generation and homomorphic evaluation of circuits. Some authors tried to design schemes, that could evaluate homomorphic circuits of arbitrarily many inputs without need of bootstrapping. This paper introduces the notion of symmetric homomorphic encryption, and analyses the security of four such proposals, published in three different papers ([2], [7], [10]). Our result is a known plaintext key-recovery attack on every one of these schemes.

Published

2015

21. Efficient Key Management and Cipher Text Generation Using BCD Coded Parity Bits

Author

Rahul Ranjan, Debabala Swain, and Bijay Paikaray

Subjects

BCD Coded Parity checker, Blowfish, business.industry, Computer science, Sign function, Symmetric Encryption, Symmetric-key algorithm, Cipher, Ciphertext, General Earth and Planetary Sciences, Execution time, Key management, business, Algorithm, Bitwise operation, General Environmental Science, Parity bit

Abstract

In this paper we have presented a new symmetric encryption technique where a BCD converter, a four bit parity checker along with a sign function is used to generate the key sequence. In the next subsequent steps the input text and the key sequence are combined using the bitwise OR gate and NOT gate to produce the cipher text easily. The similar kinds of operations are performed in reverse succession to extract the original text from the cipher. Finally, by evaluating the obtained results against the AEC, DEC and BLOWFISH algorithms the competence of the proposed algorithm can be approximated.

Published

2015

22. Security and key management in IoT-based wireless sensor networks: An authentication protocol using symmetric key

Author

Shahid Mehmood, Anwar Ghani, Khwaja Mansoor, Malik Najmus Saqib, Shehzad Ashraf Chaudhry, and Arif Ur Rahman

Subjects

IoT, Computer Networks and Communications, Computer science, EFFICIENT, authentication protocol, Electrical and Electronic Engineering, INTERNET, Key management, MUTUAL AUTHENTICATION, USER AUTHENTICATION, AGREEMENT SCHEME, User authentication, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, key agreement, Mutual authentication, WSN, Symmetric-key algorithm, Authentication protocol, BODY AREA NETWORKS, symmetric encryption, The Internet, Internet of Things, business, Wireless sensor network, Computer network

Abstract

Wireless sensor networks (WSN) consist of hundreds of miniature sensor nodes to sense various events in the surrounding environment and report back to the base station. Sensor networks are at the base of internet of things (IoT) and smart computing applications where a function is performed as a result of sensed event or information. However, in resource-limited WSN authenticating a remote user is a vital security concern. Recently, researchers put forth various authentication protocols to address different security issues. Gope et al presented a protocol claiming resistance against known attacks. A thorough analysis of their protocol shows that it is vulnerable to user traceability, stolen verifier, and denial of service (DoS) attacks. In this article, an enhanced symmetric key-based authentication protocol for IoT-based WSN has been presented. The proposed protocol has the ability to counter user traceability, stolen verifier, and DoS attacks. Furthermore, the proposed protocol has been simulated and verified using Proverif and BAN logic. The proposed protocol has the same communication cost as the baseline protocol; however, in computation cost, it has 52.63% efficiency as compared with the baseline protocol.

Published

2019

23. Integrating Classical Preprocessing into an Optical Encryption Scheme

Author

Hai Pham, Adriana Suárez Corona, and Rainer Steinwandt

Subjects

Provable security, Authenticated encryption, Security analysis, Computer science, General Physics and Astronomy, lcsh:Astrophysics, 0102 computer and information sciences, 01 natural sciences, Article, 010309 optics, lcsh:QB460-466, 0103 physical sciences, provable security, lcsh:Science, optical channel, Computer Science::Cryptography and Security, business.industry, All-or-nothing transform, Cryptographic protocol, lcsh:QC1-999, all-or-nothing transform, Quantum cryptography, Computer engineering, Symmetric-key algorithm, 010201 computation theory & mathematics, symmetric encryption, lcsh:Q, business, lcsh:Physics, Communication channel

Abstract

Traditionally, cryptographic protocols rely on mathematical assumptions and results to establish security guarantees. Quantum cryptography has demonstrated how physical properties of a communication channel can be leveraged in the design of cryptographic protocols, too. Our starting point is the AlphaEta protocol, which was designed to exploit properties of coherent states of light to transmit data securely over an optical channel. AlphaEta aims to draw security from the uncertainty of any measurement of the transmitted coherent states due to intrinsic quantum noise. We present a technique to combine AlphaEta with classical preprocessing, taking into account error-correction for the optical channel. This enables us to establish strong provable security guarantees. In addition, the type of hybrid encryption we suggest, enables trade-offs between invoking a(n inexpensive) classical communication channel and a (more complex to implement) optical channel, without jeopardizing security. Our design can easily incorporate fast state-of-the-art authenticated encryption, but in this case the security analysis requires heuristic reasoning.

Published

2019

24. A Secure and Efficient Lightweight Symmetric Encryption Scheme for Transfer of Text Files between Embedded IoT Devices

Author

Sreeja Rajesh, Varghese Paul, Mohammad Reza Khosravi, and Varun G. Menon

Subjects

Scheme (programming language), Physics and Astronomy (miscellaneous), Computer science, General Mathematics, 02 engineering and technology, Encryption, encryption time, Software, key confusions, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Wireless, Avalanche effect, computer.programming_language, business.industry, lcsh:Mathematics, 020207 software engineering, tiny encryption algorithm, NTSA, lcsh:QA1-939, Symmetric-key algorithm, efficiency, Chemistry (miscellaneous), Tiny Encryption Algorithm, symmetric encryption, Key (cryptography), 020201 artificial intelligence & image processing, avalanche effect, business, computer, Computer network

Abstract

Recent advancements in wireless technology have created an exponential rise in the number of connected devices leading to the internet of things (IoT) revolution. Large amounts of data are captured, processed and transmitted through the network by these embedded devices. Security of the transmitted data is a major area of concern in IoT networks. Numerous encryption algorithms have been proposed in these years to ensure security of transmitted data through the IoT network. Tiny encryption algorithm (TEA) is the most attractive among all, with its lower memory utilization and ease of implementation on both hardware and software scales. But one of the major issues of TEA and its numerous developed versions is the usage of the same key through all rounds of encryption, which yields a reduced security evident from the avalanche effect of the algorithm. Also, the encryption and decryption time for text is high, leading to lower efficiency in IoT networks with embedded devices. This paper proposes a novel tiny symmetric encryption algorithm (NTSA) which provides enhanced security for the transfer of text files through the IoT network by introducing additional key confusions dynamically for each round of encryption. Experiments are carried out to analyze the avalanche effect, encryption and decryption time of NTSA in an IoT network including embedded devices. The results show that the proposed NTSA algorithm is much more secure and efficient compared to state-of-the-art existing encryption algorithms.

Published

2019

25. ase-PoW: a proof of ownership mechanism for cloud deduplication in hierarchical environments

Author

Lorena González-Manzano, Kim-Kwang Raymond Choo, and José María de Fuentes

Subjects

Informática, business.industry, Computer science, 020206 networking & telecommunications, Access control, Cloud computing, Hardware_PERFORMANCEANDRELIABILITY, 02 engineering and technology, Privilege (computing), Computer security, computer.software_genre, Proof of ownership, Symmetric Encryption, Upload, Symmetric-key algorithm, Server, 0202 electrical engineering, electronic engineering, information engineering, Data deduplication, 020201 artificial intelligence & image processing, business, computer, Cloud storage, Deduplication technique, Access-control, Computer network

Abstract

Proof-of-Ownership (PoW) can be an efective deduplication technique to reduce storage requirements, by providing cloud storage servers the capability to guarantee that clients only upload and download files that they are in possession of. In this paper, we propose an attribute symmetric encryption PoW scheme (ase-PoW) for hierarchical environments such as corporations, in which (1) the external cloud service provider is honest-but-curious and (2) there is a exible access control in place to ensure only users with the right privilege can access sensitive files. This is, to the best of our knowledge, the first such scheme and it is built upon the ce-PoW scheme of Gonzalez-Manzano and Orfila (2015). Ase-PoW outperforms ce-PoW in that it does not suffer from content-guessing attacks, it reduces client storage needs and computational workload. This work was partially supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and the CAM grant S2013/ICE-3095 CIBERDINE-CM (CIBERDINE: Cybersecurity, Data, and Risks) funded by Madrid Autonomous Community and co-funded by European funds. L. Gonzalez and J. M. de Fuentes were also supported by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain.

Published

2016

26. Attainable Unconditional Security for Shared-Key Cryptosystems

Author

Fabrizio Biondi, Thomas Given-Wilson, Axel Legay, Threat Analysis and Mitigation for Information Security (TAMIS), Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-LANGAGE ET GÉNIE LOGICIEL (IRISA-D4), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), CentraleSupélec-Télécom Bretagne-Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Rennes (ENS Rennes)-Université de Bretagne Sud (UBS)-Centre National de la Recherche Scientifique (CNRS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-CentraleSupélec-Télécom Bretagne-Université de Rennes 1 (UR1), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-École normale supérieure - Rennes (ENS Rennes)-Université de Bretagne Sud (UBS)-Centre National de la Recherche Scientifique (CNRS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS), LANGAGE ET GÉNIE LOGICIEL (IRISA-D4), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria), Efficient STAtistical methods in SYstems of systems (ESTASYS), Microsoft Research - Inria Joint Centre (MSR - INRIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Microsoft Research Laboratory Cambridge-Microsoft Corporation [Redmond, Wash.], Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes 1 (UR1), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Inria Rennes – Bretagne Atlantique, and Biondi, Fabrizio

Subjects

Information Systems and Management, Theoretical computer science, Computer science, Equivocation, Cryptography, 02 engineering and technology, Encryption, Theoretical Computer Science, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Artificial Intelligence, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Entropy (information theory), Cryptosystem, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR], Mathematics, business.industry, max-equivocation, 020206 networking & telecommunications, Information-theoretic security, Computer Science Applications, unconditional security, Symmetric-key algorithm, Control and Systems Engineering, [INFO.INFO-IT]Computer Science [cs]/Information Theory [cs.IT], private-key cryptography, symmetric encryption, 020201 artificial intelligence & image processing, perfect secrecy, Attribute-based encryption, Semantic security, business, entropy, Software

Abstract

International audience; Preserving the privacy of private communication is a fundamental concern of computing addressed by encryption. Information-theoretic reasoning models unconditional security where the strength of the results does not depend on computational hardness or unproven results. Usually the information leaked about the message by the ciphertext is used to measure the privacy of a communication , with perfect secrecy when the leakage is 0. However this is hard to achieve in practice. An alternative measure is the equivocation, intuitively the average number of message/key pairs that could have produced a given cipher-text. We show a theoretical bound on equivocation called max-equivocation and show that this generalizes perfect secrecy when achievable, and provides an alternative measure when perfect secrecy is not achievable. We derive bounds for max-equivocation for symmetric encoder functions and show that max-equivocation is achievable when the entropy of the ciphertext is minimized. We show that max-equivocation easily accounts for key re-use scenarios, and that large keys relative to the message perform very poorly under equivocation. We study encoders under this new perspective, deriving results on their achievable maximal equivocation and showing that some popular approaches such as Latin squares are not optimal. We show how unicity attacks can be naturally modeled, and how relaxing encoder symmetry improves equivocation. We present some algorithms for generating encryption functions that are practical and achieve 90 − 95% of the theoretical best, improving with larger message spaces.

Published

2016

27. Fast hierarchical key management scheme with transitory master key for wireless sensor networks

Author

Maurizio Rebaudengo, Renato Ferrero, Bartolomeo Montrucchio, and Filippo Gandino

Subjects

Key establishment, Information Systems and Management, Computer science, Computer Networks and Communications, Distributed computing, Key distribution, 02 engineering and technology, Encryption, Key management, Security association, wireless sensor network (WSN), transitory master key (MK), 0202 electrical engineering, electronic engineering, information engineering, Key encapsulation, Security level, Authentication, business.industry, 020206 networking & telecommunications, Adversary, Computer Science Applications, Key distribution in wireless sensor networks, Symmetric-key algorithm, Hardware and Architecture, Signal Processing, 40-bit encryption, symmetric encryption, 020201 artificial intelligence & image processing, Attribute-based encryption, Information Systems, Computer Vision and Pattern Recognition, business, Cryptographic key types, Computer network

Abstract

Symmetric encryption is the most widely adopted security solution for wireless sensor networks. The main open issue in this context is represented by the establishment of symmetric keys. Although many key management schemes have been proposed in order to guarantee a high security level, a solution without weaknesses does not yet exist. An important class of key management schemes is based on a transitory master key (MK). In this approach, a global secret is used during the initialization phase to generate pair-wise keys, and it is deleted during the working phase. However, if an adversary compromises a node before the deletion of the MK, the security of the whole network is compromised. In this paper, a new key negotiation routine is proposed. The new routine is integrated with a well-known key computation mechanism based on a transitory master secret. The goal of the proposed approach is to reduce the time required for the initialization phase, thus reducing the probability that the master secret is compromised. This goal is achieved by splitting the initialization phase in hierarchical subphases with an increasing level of security. An experimental analysis demonstrates that the proposed scheme provides a significant reduction in the time required before deleting the transitory secret material, thus increasing the overall security level. Moreover, the proposed scheme allows to add new nodes after the first deployment with a suited routine able to complete the key establishment in the same time as for the initial deployment.

Published

2016

28. Symmetric Encryption Relying on Chaotic Henon System for Secure Hardware-Friendly Wireless Communication of Implantable Medical Systems

Author

Xiaojiang Du, Mohsen Guizani, Taha Belkhouja, Amr Mohamed, and Abdulla Al-Ali

Subjects

Scheme (programming language), Control and Optimization, Computer Networks and Communications, Computer science, pseudo-random keys, Reliability (computer networking), Wireless communication, Cryptography, 02 engineering and technology, Encryption, Computer security, computer.software_genre, lcsh:Technology, 0202 electrical engineering, electronic engineering, information engineering, Wireless, Electronics, Implantable Medical Devices, symmetric encryption, chaotic systems, wireless communication, Symmetric encryption, Instrumentation, Key exchange, computer.programming_language, lcsh:T, business.industry, 020208 electrical & electronic engineering, Chaotic systems, 020206 networking & telecommunications, Symmetric-key algorithm, Pseudo-random keys, business, computer

Abstract

Healthcare remote devices are recognized as a promising technology for treating health related issues. Among them are the wireless Implantable Medical Devices (IMDs): These electronic devices are manufactured to treat, monitor, support or replace defected vital organs while being implanted in the human body. Thus, they play a critical role in healing and even saving lives. Current IMDs research trends concentrate on their medical reliability. However, deploying wireless technology in such applications without considering security measures may offer adversaries an easy way to compromise them. With the aim to secure these devices, we explore a new scheme that creates symmetric encryption keys to encrypt the wireless communication portion. We will rely on chaotic systems to obtain a synchronized Pseudo-Random key. The latter will be generated separately in the system in such a way that avoids a wireless key exchange, thus protecting patients from the key theft. Once the key is defined, a simple encryption system that we propose in this paper will be used. We analyze the performance of this system from a cryptographic point of view to ensure that it offers a better safety and protection for patients. 2018 by the authors. Acknowledgments: This publication was made possible by NPRP grant #8-408-2-172 from the Qatar National Research Fund (a member of Qatar Foundation). The statements made herein are solely the responsibility of the authors. Scopus

Published

2018

29. Design of a key exchange protocol between SIM card and service provider

Author

Busra Ozdenizci, Vedat Coskun, Kerem Ok, Cem Cevikbas, Işık Üniversitesi, Fen Edebiyat Fakültesi, Enformasyon Teknolojileri Bölümü, Işık University, Faculty of Arts and Sciences, Department of Information Technologies, Ok, Kerem, Coşkun, Vedat, and Özdenizci Köse, Büşra

Subjects

Computer science, Key exchange protocols, Telecommunications service, Transportation, Telecommunication services, Encryption, Cellular network, law.invention, Upload, SIM card, End-to-end encryption, Collaborative Work, law, Key exchange protocol, Smart card, Symmetric encryption, Key exchange, Subscriber identity module, business.industry, Current capability, Service provider, Mobile telecommunication systems, Cryptography, business, Computer network

Abstract

Current capabilities of smart cards, Smartphones, and cellular network provoke companies to provide vast amount of services to the mobile users. Some of those services require end-to-end encryption between a Service Provider and a SIM card. Keyed SIM cards already contain the required structure for secure key generation and upload, whereas un-keyed SIM cards do not have the required capability for this. In this paper, we provide a key exchange protocol, which creates a symmetric key by the collaborative work of SIM card and the Service Provider server. After a successful protocol run, SIM card and Service Provider can perform end-to-end data encryption. Publisher's Version

Published

2015

30. Two-Round Password-Only Authenticated Key Exchange in the Three-Party Setting

Author

Kim-Kwang Raymond Choo, Dongho Won, Junghyun Nam, Juryon Paik, Sangchul Han, Nam, Junghyun, Choo, Kim-Kwang Raymond, Sangchul, Han, Paik, Juryon, and Won, Dongho

Subjects

TheoryofComputation_MISCELLANEOUS, Physics and Astronomy (miscellaneous), Computer science, General Mathematics, communication round, Oakley protocol, dictionary attack, Computer security, computer.software_genre, Key authentication, Computer Science (miscellaneous), Key-agreement protocol, Password, Cryptographic primitive, business.industry, lcsh:Mathematics, three-party key exchange, Cryptographic protocol, lcsh:QA1-939, implicit key authentication, Authenticated Key Exchange, password-only authenticated key exchange (PAKE), Chemistry (miscellaneous), Authentication protocol, symmetric encryption, business, computer, Computer network

Abstract

We present the first provably-secure three-party password-only authenticated key exchange (PAKE) protocol that can run in only two communication rounds. Our protocol is generic in the sense that it can be constructed from any two-party PAKE protocol. The protocol is proven secure in a variant of the widely-accepted model of Bellare, Pointcheval and Rogaway (2000) without any idealized assumptions on the cryptographic primitives used. We also investigate the security of the two-round, three-party PAKE protocol of Wang, Hu and Li (2010) and demonstrate that this protocol cannot achieve implicit key authentication in the presence of an active adversary. Refereed/Peer-reviewed

Published

2015

31. Leakage-Resilient Symmetric Encryption via Re-keying

Author

Pierre-Alain Fouque, Michel Abdalla, Sonia Belaïd, Laboratoire d'informatique de l'école normale supérieure (LIENS), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Université de Rennes (UR), Institut Universitaire de France (IUF), Ministère de l'Education nationale, de l’Enseignement supérieur et de la Recherche (M.E.N.E.S.R.), Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Thales Communications [Colombes], THALES, Guido Bertoni and Jean-Sébastien Coron, European Project: 288349,EC:FP7:ICT,FP7-ICT-2011-EU-Brazil,SECFUNET(2011), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt, Université Paris sciences et lettres (PSL), THALES [France], EMbedded SEcurity and Cryptography (EMSEC), SYSTÈMES LARGE ÉCHELLE (IRISA-D1), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-Télécom Bretagne-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS), IACR, ANR-10-SEGI-0015,PRINCE(2010), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), CentraleSupélec-Télécom Bretagne-Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Rennes (ENS Rennes)-Université de Bretagne Sud (UBS)-Centre National de la Recherche Scientifique (CNRS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-CentraleSupélec-Télécom Bretagne-Université de Rennes 1 (UR1), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA), Département d'informatique de l'École normale supérieure (DI-ENS), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Theoretical computer science, 0102 computer and information sciences, 02 engineering and technology, Encryption, computer.software_genre, 01 natural sciences, re-keying, Multiple encryption, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 0202 electrical engineering, electronic engineering, information engineering, leakage-resilience, synchro-nization, Mathematics, business.industry, Deterministic encryption, 010201 computation theory & mathematics, Probabilistic encryption, 56-bit encryption, 40-bit encryption, symmetric encryption, 020201 artificial intelligence & image processing, Attribute-based encryption, On-the-fly encryption, business, synchronization, computer

Abstract

International audience; In the paper, we study whether it is possible to construct an efficient leakage-resilient symmetric scheme using the AES block cipher. We aim at bridging the gap between the theoretical leakage-resilient symmetric primitives used to build encryption schemes and the prac-tical schemes that do not have any security proof against side-channel adversaries. Our goal is to construct an as efficient as possible leakage-resilient encryption scheme, but we do not want to change the crypto-graphic schemes already implemented. The basic idea consists in adding a leakage-resilient re-keying scheme on top of the encryption scheme and has been already suggested by Kocher to thwart differential power analy-sis techniques. Indeed, in such analysis, the adversary queries the encryp-tion box and from the knowledge of the plaintext/ciphertext, she can per-form a divide-and-conquer key recovery attack. The method consisting in changing the key for each or after a small number of encryption with the same key is known as re-keying. It prevents DPA adversaries but not SPA attacks which uses one single leakage trace. Here, we prove that using a leakage-resilient re-keying scheme on top of a secure encryption scheme in the standard model, leads to a leakage-resilient encryption scheme. The main advantage of the AES block cipher is that its implementations are generally heuristically-secure against SPA adversaries. This assump-tion is used in many concrete instantiations of leakage-resilient symmet-ric primitives. Consequently, if we use it and change the key for each new message block, the adversary will not be able to recover any key if the re-keying scheme is leakage-resilient. There is mainly two different techniques for re-keying scheme, either parallel or sequential, but if we want to avoid the adversary having access to many inputs/outputs, only the sequential method is possible. However, the main drawback of the latter technique is that in case of de-synchronization, many useless com-putations are required. In our re-keying scheme, we use ideas from the skip-list data structure to efficiently recover a specific key. Full version of the paper published in the proceedings of CHES 2013.

Published

2013

32. A Secure Data Encryption Method by Employing a Feedback Encryption Mechanism and Three-Dimensional Operation

Author

Cheng-Ru Dai, Fang-Yie Leu, Yi-Li Huang, Tunghai University [Taichung], Gerald Quirchmayr, Josef Basl, Ilsun You, Lida Xu, Edgar Weippl, TC 5, TC 8, WG 8.4, and WG 8.9

Subjects

AES, Feedback Encryption, Computer science, business.industry, threedimensional computing, [SHS.INFO]Humanities and Social Sciences/Library and information sciences, computer.software_genre, Encryption, Computer security, DES, dynamic feedback keys, Multiple encryption, Filesystem-level encryption, Probabilistic encryption, 40-bit encryption, 56-bit encryption, symmetric encryption, [INFO]Computer Science [cs], Attribute-based encryption, On-the-fly encryption, business, computer

Abstract

Part 2: Workshop; International audience; Currently, electronic documents are commonly exchanged between/among government offices in many countries. When a government office would like to transmit a high-security-level-electronic document to another office, the sending end officer needs to encrypt it so as to protect the document from being known to hackers. AES and DES have been commonly and widely invoked to protect documents in recent years. However, the two algorithms have so far faced the threats of Brute-Force cracks. To avoid the threats, in this study, we proposed a new data encryption approach, called the Secure Data Encryption Method (SeDEM for short), in which plaintext and system keys are encrypted by using a sequential-logic style encryption approach which further employs a three-dimensional operation and a feedback encryption mechanism to effectively protect encrypted data from brute-force and cryptanalysis attacks. The feedback encryption mechanism is a feedback process in which each of its calculation iteration generates three internally-used dynamic feedback keys for the next calculation iteration. The purpose is to effectively improve the security level and unpredictability of generated ciphertext. The three-dimensional operation is employed to further increase the computational complexity of the encryption technique so as to enhance the security level of the ciphertext, and difficulty of cracking the keys.

Published

2012

33. A Novel Idea on Multimedia Encryption Using Hybrid Crypto Approach

Author

R. R. Sedamkar, Sridhar C. Iyer, and Shiwani Gupta

Subjects

Key Wrap, Plaintext-aware encryption, Computer science, Data security, Cryptography, 02 engineering and technology, computer.software_genre, Encryption, Computer security, Disk encryption hardware, Watermarking attack, Public-key cryptography, Asymmetric Encryption, 030507 speech-language pathology & audiology, 03 medical and health sciences, Multiple encryption, Brute-force attack, Filesystem-level encryption, 0202 electrical engineering, electronic engineering, information engineering, Hybrid cryptosystem, ECC, Key encapsulation, General Environmental Science, 020203 distributed computing, business.industry, Client-side encryption, Symmetric Encryption, Multimedia Encryption, Disk encryption theory, Deterministic encryption, Symmetric-key algorithm, Cipher, Disk encryption, Discrete logarithm, Probabilistic encryption, Hybrid Encryption, 56-bit encryption, 40-bit encryption, General Earth and Planetary Sciences, Keyfile, Link encryption, Attribute-based encryption, On-the-fly encryption, 0305 other medical science, business, computer

Abstract

Data security is of utmost importance in today's world. Especially when the data is travelling through an insecure communication network. There are symmetric key encryption techniques which use only one key for both encryption and decryption of the data. They are simple in design but can be easily cracked using brute force attacks. The entire security of such a cipher could be compromised if the attacker anyhow gets access to the keys. On the other hand, there are asymmetric key based algorithms which use a pair of keys, one for encryption, and the other for decryption, whose security is higher as compared to the symmetric ones but lack in time efficiency. It is also difficult to manage such a huge base of key-pairs efficiently and safely. This paper mainly focusses on the implementation of a system capable of encryption and decryption of multimedia data (Text, Images, Videos, Audio etc.) using a hybrid model based on the amalgamation of symmetric encryption techniques such as AES and asymmetric techniques such as ECC. ECC is based on the toughness of the discrete logarithm problem (DLP), whose public key is short, network bandwidth is little and ability to resist to attack is strong which makes it really difficult to guess the keys. Even if the attacker gets access to any of the keys, he or she won’t be in a position to decipher it in a relatively finite amount of man-years.