Biblio

We propose a construction of an attribute-based authentication scheme (ABAuth). Our ABAuth is a challenge-and-response protocol which uses an attribute-based key-encapsulation mechanisum (ABKEM). The ABKEM is basically the one proposed by Ostrovsky-Sahai-Waters (ACM-CCS 2007), but in contrast to the original ABKEM our ABKEM is based on an asymmetric bilinear map for better computational efficiency. We also give a proof of one-way-CCA security of ABKEM in the asymmetric case, which leads to concurrent man-in-the-middle security of ABAuth. We note that the selective security is often enough for the case of authentication in contrast to the case of encryption. Then we evaluate our ABAuth by implementation as well as by discussion. We use the TEPLA library TEPLA for the asymmetric bilinear map that is Type-3 pairing on the BN curve.

On each cryptocurrency transaction, a high-level security is needed to protect user data as well as data on the transaction. At this stage, it takes the appropriate algorithm in securing transactions with more efficient processing time. The Elliptic Curve Cryptography (ECC) is one of the cryptography algorithms which has high-level security, and ECC is often compared with the Rivest, Shamir, and Adleman (RSA) algorithm because it has a security level that is almost the same but has some differences that make ECC is superior compared to the RSA algorithm, so that the ECC algorithm can optimize cryptocurrency security in the transaction process. The purpose of this study is to simulate the bitcoin transactions using cryptography algorithms. This study uses the ECC algorithm as the algorithm ECDH and ECDSA key exchange as the algorithm for signing and verifying. The comparison results of ECC and RSA processing time is 1:25, so the ECC is more efficient. The total processing time of ECC is 0,006 seconds and RSA is 0,152 seconds. The researcher succeeded to implement the ECC algorithm as securing algorithms in mining process of 3 scenarios, normal, failed, and fake bitcoin transactions.

Named Data Networking (NDN) is a new network architecture that has been projected as the future of internet architecture. Unlike the traditional internet approach which currently relies on client-server communication models to communicate each other, NDN relies on data as an entity. Hence the users only need the content and applications based on data naming, as there is no IP addresses needed. NDN is different than TCP/IP technology as NDN signs the data with Digital Signature to secure each data authenticity. Regarding huge number of uses on IP-based network, and the minimum number of NDN-based network implementation, the NDN-IP gateway are needed to map and forward the data from IP-based network to NDN-based network, and vice versa. These gateways are called Custom-Router Gateway in this study. The Custom-Router Gateway requires a new mechanism in conducting Digital Signature so that authenticity the data can be verified when it passes through the NDN-IP Custom-Router Gateway. This study propose a method to process the Digital Signature for the packet flows from IP-based network through NDN-based network. Future studies are needed to determine the impact of Digital Signature processing on the performance in forwarding the data from IP-based to NDN-based network and vice versa.

Today, Smartphone is a necessary device for people connected to the Internet world. But user privacy and security are still playing important roles in the usage of mobile devices. The user was asked to enter related characters, numbers or drawing a simple graphic on the touch screen as passwords for unlocking the screensaver. Although it could provide the user with a simple and convenient security authentication mechanism, the process is hard to protect against the privacy information leakage under the strict security policy. Nowadays, various keypad lock screen Apps usually provides different type of schemes in unlocking the mobile device screen, such as simple-customized pattern, swipe-to-unlock with a static image and so on. But the vulnerability could provide a chance to hijacker to find out the leakage of graphic pattern information that influences in user information privacy and security.This paper proposes a new graphic pattern authentication mechanism to enhance the strength of that in the keypad lock screen Apps. It integrates random digital graphics and handwriting graphic input track recognition technologies to provide better and more diverse privacy protection and reduce the risk of vulnerability. The proposed mechanism is based on two factor identification scheme. First of all, it randomly changes digital graphic position based on unique passwords every time to increase the difficulty of the stealer's recording. Second, the input track of handwriting graphics is another identification factor for enhancing the complex strength of user authentication as well.

The objective of the work is to provide security to the medical images by embedding medical data (EPR-Electronic Patient Record) along with the image to reduce the bandwidth during communication. Reversible watermarking and Digital Signature itself will provide high security. This application mainly used in tele-surgery (Medical Expert to Medical Expert Communication). Only the authorized medical experts can explore the patients' image because of Kerberos. The proposed work is mainly to restrict the unauthorized access to get the patients'data. So medical image authentication may be achieved without biometric recognition such as finger prints and eye stamps etc. The EPR itself contains the patients' entire history, so after the extraction process Medical expert can able to identify the patient and also the disease information. In future we can embed the EPR inside the medical image after it got encrypted to achieve more security. To increase the authentication, Medical Expert biometric information can be embedded inside the image in the future. Experiments were conducted using more than 500 (512 × 512) image archives in various modalities from the NIH (National Institute of Health) and Aycan sample digital images downloaded from the internet and tests are conducted. Almost in all images with greater than 15000 bits embedding size and got PSNR of 60.4 dB to 78.9 dB with low distortion in received image because of compression, not because of watermarking and average NPCR (Number of Pixels Change Rate) is 98.9 %.

A strong designated verifier signature (SDVS) scheme only permits an intended verifier to validate the signature by employing his/her private key. Meanwhile, for the sake of signer anonymity, the designated verifier is also able to generate a computationally indistinguishable transcript, which prevents the designated verifier from arbitrarily transferring his conviction to any third party. To extend the applications of conventional SDVS schemes, in this paper, we propose a group-oriented strong designated verifier signature (GO-SDVS) scheme from bilinear pairings. In particular, our scheme allows a group of signers to cooperatively generate a signature for a designated verifier. A significant property of our mechanism is constant-size signatures, i.e., the signature length remains constant when the number of involved signers increases. We also prove that the proposed GO-SDVS scheme is secure against adaptive chosen-message attacks in the random oracle model and fulfills the essential properties of signer ambiguity and non-transferability.

Security of transient fault secured IP cores against piracy, false claim of ownership can be achieved during high level synthesis, especially when handling DSP or multimedia cores. Though watermarking that involves implanting a vendor defined signature onto the design can be useful, however research has shown its limitations such as less designer control, high overhead due to extreme dependency on signature size, combination and encoding rule. This paper proposes an alternative paradigm called `hardware steganography' where hidden additional designer's constraints are implanted in a fault secured IP core using entropy thresholding. In proposed hardware steganography, concealed information in the form of additional edges having a specific entropy value is embedded in the colored interval graph (CIG). This is a signature free approach and ensures high designer control (more robustness and stronger proof of authorship) as well as lower overhead than watermarking schemes used for DSP based IP cores.

Searchable encryption technology can guarantee the confidentiality of cloud data and the searchability of ciphertext data, which has a very broad application prospect in cloud storage environments. However, most existing searchable encryption schemes have problems, such as excessive computational overhead and low security. In order to solve these problems, a lightweight searchable encryption scheme based on certificateless cryptosystem is proposed. The user's final private key consists of partial private key and secret value, which effectively solves the certificate management problem of the traditional cryptosystem and the key escrow problem of identity-based cryptosystem. At the same time, the introduction of third-party manager has significantly reduced the burden in the cloud server and achieved lightweight multi-user ciphertext retrieval. In addition, the data owner stores the file index in the third-party manager, while the file ciphertext is stored in the cloud server. This ensures that the file index is not known by the cloud server. The analysis results show that the scheme satisfies trapdoor indistinguishability and can resist keyword guessing attacks. Compared with similar certificateless encryption schemes, it has higher computational performance in key generation, keyword encryption, trapdoor generation and keyword search.

The design process of smart Consumer Electronics (CE) devices heavily relies on reusable Intellectual Property (IP) cores of Digital Signal Processor (DSP) and Multimedia Processor (MP). On the other hand, due to strict competition and rivalry between IP vendors, the problem of ownership conflict and IP piracy is surging. Therefore, to design a secured smart CE device, protection of DSP/MP IP core is essential. Embedding a robust IP owner's signature can protect an IP core from ownership abuse and forgery. This paper presents a covert signature embedding process for DSP/MP IP core at Register-transfer level (RTL). The secret marks of the signature are distributed over the entire design such that it provides higher robustness. For example for 8th order FIR filter, it incurs only between 6% and 3% area overhead for maximum and minimum size signature respectively compared to the non-signature FIR RTL design but with significantly enhanced security.

In recent times, online services are playing a crucial role in our day-to-day life applications. Inspite of their advantage, it also have certain security challenges in the communication network. Security aspects consists of authentication of users, confidentiality of data/information as well as integrity of data. In order to achieve all these parameters, the sensitive information must be digitally signed by the original sender and later verified by the intended recipient. Therefore, research on digital signatures should be further developed to improve the data security and authenticity of the transferred data. In this paper, a secured digital signature algorithm is designed. The design of secure digital signature uses the concept of hybridization of secure hash code, DNA encryption/decryption technique and elgamal encryption/decryption techniques. The use of SHA algorithm generates a secure hash code and hybridization of encryption algorithm reduces the computational complexity and this research method is then compared with existing PlayGamal algorithm with respect to encryption/decryption time complexity.

The center-piece of this work is a software measurement physical unclonable function (PUF). It measures processor chip ALU silicon biometrics in a manner similar to all PUFs. Additionally, it composes the silicon measurement with the data-dependent delay of a particular program instruction in a way that is difficult to decompose through a mathematical model. This approach ensures that each software instruction is measured if computed. The SW-PUF measurements bind the execution of software to a specific processor with a corresponding certificate. This makes the SW-PUF a promising candidate for applications requiring Trusted Computing. For instance, it could measure the integrity of an execution path by generating a signature that is unique to the specific program execution path and the processor chip. We present an area and energy-efficient scheme based on the SW-PUF to provide a more robust root of trust for measurement than the existing trusted platform module (TPM). To explore the feasibility of the proposed design, the SW-PUF has been implemented in HSPICE using 45 nm technology and evaluated on the FPGA platform.

Direct Anonymous Attestation (DAA) is a cryptographic scheme that provides Trusted Platform Module TPM-backed anonymous credentials. We develop Tamarin modelling of the ECC-based version of the protocol as it is standardised and provide the first mechanised analysis of this standard. Our analysis confirms that the scheme is secure when all TPMs are assumed honest, but reveals a break in the protocol's expected authentication and secrecy properties for all TPMs even if only one is compromised. We propose and formally verify a minimal fix to the standard. In addition to developing the first formal analysis of ECC-DAA, the paper contributes to the growing body of work demonstrating the use of formal tools in supporting standardisation processes for cryptographic protocols.

Software Defined Networking (SDN) has emerged as a revolutionary paradigm to manage cloud infrastructure. SDN lacks scalable trust setup and verification mechanism between Data Plane-Control Plane elements, Control Plane elements, and Control Plane-Application Plane. Trust management schemes like Public Key Infrastructure (PKI) used currently in SDN are slow for trust establishment in a larger cloud environment. We propose a distributed trust mechanism - TRUFL to establish and verify trust in SDN. The distributed framework utilizes parallelism in trust management, in effect faster transfer rates and reduced latency compared to centralized trust management. The TRUFL framework scales well with the number of OpenFlow rules when compared to existing research works.

Access authentication is a key technology to identify the legitimacy of mobile users when accessing the space-ground integrated networks (SGIN). A hierarchical identity-based signature over lattice (L-HIBS) based mobile access authentication mechanism is proposed to settle the insufficiencies of existing access authentication methods in SGIN such as high computational complexity, large authentication delay and no-resistance to quantum attack. Firstly, the idea of hierarchical identity-based cryptography is introduced according to hierarchical distribution of nodes in SGIN, and a hierarchical access authentication architecture is built. Secondly, a new L-HIBS scheme is constructed based on the Small Integer Solution (SIS) problem to support the hierarchical identity-based cryptography. Thirdly, a mobile access authentication protocol that supports bidirectional authentication and shared session key exchange is designed with the aforementioned L-HIBS scheme. Results of theoretical analysis and simulation experiments suggest that the L-HIBS scheme possesses strong unforgeability of selecting identity and adaptive selection messages under the standard security model, and the authentication protocol has smaller computational overhead and shorter private keys and shorter signature compared to given baseline protocols.

One of the basic behavioural biometric methods is keystroke element. Being less expensive and not requiring any extra bit of equipment is the main advantage of keystroke element. The primary concentration of this paper is to give an inevitable review of behavioural biometrics strategies, measurements and different methodologies and difficulties and future bearings specially of keystroke analysis and mouse dynamics. Keystrokes elements frameworks utilize insights, e.g. time between keystrokes, word decisions, word mixes, general speed of writing and so on. Mouse Dynamics is termed as the course of actions captured from the moving mouse by an individual when interacting with a GUI. These are representative factors which may be called mouse dynamics signature of an individual, and may be used for verification of identity of an individual. In this paper, we compare the authentication system based on keystroke dynamics and mouse dynamics.

A database is an organized collection of data. Though a number of techniques, such as encryption and electronic signatures, are currently available for the protection of data when transmitted across sites. Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. In this paper, we create 6 types of method for more secure ways to store and retrieve database information that is both convenient and efficient. Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide policies for information security within the database. There are many cryptography techniques available among them, ECC is one of the most powerful techniques. A user wants to the data stores or request, the user needs to authenticate. When a user who is authenticated, he will get key from a key generator and then he must be data encrypt or decrypt within the database. Every keys store in a key generator and retrieve from the key generator. We use 256 bits of AES encryption for rows level encryption, columns level encryption, and elements level encryption for the database. Next two method is encrypted AES 256 bits random key by using 521 bits of ECC encryption and signature for rows level encryption and column level encryption. Last method is most secure method in this paper, which method is element level encryption with AES and ECC encryption for confidentiality and ECC signature use for every element within the database for integrity. As well as encrypting data at rest, it's also important to ensure confidential data are encrypted in motion over our network to protect against database signature security. The advantages of elements level are difficult for attack because the attacker gets a key that is lose only one element. The disadvantages need to thousands or millions of keys to manage.

Signature-based Intrusion Detection Systems (IDS) are a key component in the cybersecurity defense strategy for any network being monitored. In order to improve the efficiency of the intrusion detection system and the corresponding mitigation action, it is important to address the problem of false alarms. In this paper, we present a comparative analysis of two approaches that consider the false alarm minimization and alarm correlation techniques. The output of this analysis provides us the elements to propose a parallelizable strategy designed to achieve better results in terms of precision, recall and alarm load reduction in the prioritization of alarms. We use Prelude SIEM as the event normalizer in order to process security events from heterogeneous sensors and to correlate them. The alarms are verified using the dynamic network context information collected from the vulnerability analysis, and they are prioritized using the HP Arsight priority formula. The results show an important reduction in the volume of alerts, together with a high precision in the identification of false alarms.

Although Vehicle Named Data Network (VNDN) possess the communication benefits of Named Data Network and Vehicle Opportunity Network, it also introduces some new privacy problems, including the identity security of Data Requesters and Data Providers. Data providers in VNDN need to sign data packets directly, which will leak the identity information of the providers, while the vicinity malicious nodes can access the sensitive information of Data Requesters by analyzing the relationship between Data Requesters and the data names in Interest Packages that are sent directly in plaintext. In order to solve the above privacy problems, this paper presents an identity privacy protection strategy for Data Requesters and Data Providers in VNDN. A ring signature scheme is used to hide the correlation between the signature and the data provider and the anonymous proxy idea is used to protect the real identity of the data requester in the proposed strategy. Security Analysis and experiments in the ONE-based VNDN platform indicate that the proposed strategy is effective and practical.

Vehicle ad-hoc network (VANET) is the main driving force to alleviate traffic congestion and accelerate the construction of intelligent transportation. However, the rapid growth of the number of vehicles makes the construction of the safety system of the vehicle network facing multiple tests. This paper proposes an identity-based aggregate signature scheme to protect the privacy of vehicle identity, receive messages in time and authenticate quickly in VANET. The scheme uses aggregate signature algorithm to aggregate the signatures of multiple users into one signature, and joins the idea of batch authentication to complete the authentication of multiple vehicular units, thereby improving the verification efficiency. In addition, the pseudoidentity of vehicles is used to achieve the purpose of vehicle anonymity and privacy protection. Finally, the secure storage of message signatures is effectively realized by using reliable cloud storage technology. Compared with similar schemes, this paper improves authentication efficiency while ensuring security, and has lower storage overhead.

the more (IoT) scales up with promises, the more security issues raise to the surface and must be tackled down. IoT is very vulnerable against DoS attacks. In this paper, we propose a hybrid design of signature-based IDS and anomaly-based IDS. The proposed hybrid design intends to enhance the intrusion detection and prevention systems (IDPS) to detect any DoS attack at early stages by classifying the network packets based on user behavior. Simulation results prove successful detection of DoS attack at earlier stages.

In the modern day and age, credential based authentication systems no longer provide the level of security that many organisations and their services require. The level of trust in passwords has plummeted in recent years, with waves of cyber attacks predicated on compromised and stolen credentials. This method of authentication is also heavily reliant on the individual user's choice of password. There is the potential to build levels of security on top of credential based authentication systems, using a risk based approach, which preserves the seamless authentication experience for the end user. One method of adding this security to a risk based authentication framework, is keystroke dynamics. Monitoring the behaviour of the users and how they type, produces a type of digital signature which is unique to that individual. Learning this behaviour allows dynamic flags to be applied to anomalous typing patterns that are produced by attackers using stolen credentials, as a potential risk of fraud. Methods from statistics and machine learning have been explored to try and implement such solutions. This paper will look at an Autoencoder model for learning the keystroke dynamics of specific users. The results from this paper show an improvement over the traditional tried and tested statistical approaches with an Equal Error Rate of 6.51%, with the additional benefits of relatively low training times and less reliance on feature engineering.

Malware is one of the threats to information security that continues to increase. In 2014 nearly six million new malware was recorded. The highest number of malware is in Trojan Horse malware while in Adware malware is the most significantly increased malware. Security system devices such as antivirus, firewall, and IDS signature-based are considered to fail to detect malware. This happens because of the very fast spread of computer malware and the increasing number of signatures. Besides signature-based security systems it is difficult to identify new methods, viruses or worms used by attackers. One other alternative in detecting malware is to use honeypot with machine learning. Honeypot can be used as a trap for packages that are suspected while machine learning can detect malware by classifying classes. Decision Tree and Support Vector Machine (SVM) are used as classification algorithms. In this paper, we propose architectural design as a solution to detect malware. We presented the architectural proposal and explained the experimental method to be used.

Open-source honeypots are a vital component in the protection of networks and the observation of trends in the threat landscape. Their open nature also enables adversaries to identify the characteristics of these honeypots in order to detect and avoid them. In this study, we investigate the prevalence of 14 open- source honeypots running more or less default configurations, making them easily detectable by attackers. We deploy 20 simple signatures and test them for false positives against servers for domains in the Alexa top 10,000, official FTP mirrors, mail servers in real operation, and real IoT devices running telnet. We find no matches, suggesting good accuracy. We then measure the Internet-wide prevalence of default open-source honeypots by matching the signatures with Censys scan data and our own scans. We discovered 19,208 honeypots across 637 Autonomous Systems that are trivially easy to identify. Concentrations are found in research networks, but also in enterprise, cloud and hosting networks. While some of these honeypots probably have no operational relevance, e.g., they are student projects, this explanation does not fit the wider population. One cluster of honeypots was confirmed to belong to a well-known security center and was in use for ongoing attack monitoring. Concentrations in an another cluster appear to be the result of government incentives. We contacted 11 honeypot operators and received response from 4 operators, suggesting the problem of lack of network hygiene. Finally, we find that some honeypots are actively abused by attackers for hosting malicious binaries. We notified the owners of the detected honeypots via their network operators and provided recommendations for customization to avoid simple signature-based detection. We also shared our results with the honeypot developers.

Information security has developed rapidly over the recent years with a key being the emergence of social media. To standardize this discipline, security of an individual becomes an urgent concern. In 2019, it is estimated that there will be over 2.5 billion social media users around the globe. Unfortunately, anonymous identity has become a major concern for the security advisors. Due to the technological advancements, the phishers are able to access the confidential information. To resolve these issues numerous solutions have been proposed, such as biometric identification, facial and audio recognition etc prior access to any highly secure forum on the web. Generating digital signatures is the recent trend being incorporated in the field of digital security. We have designed an algorithm that after generating 68 point facial landmark, converts the image to a highly compressed and secure digital signature. The proposed algorithm generates a unique signature for an individual which when stored in the user account information database will limit the creation of fake or multiple accounts. At the same time the algorithm reduces the database storage overhead as it stores the facial identity of an individual in the form of a compressed textual signature rather than the traditional method where the image file was being stored, occupying lesser amount of space and making it more efficient in terms of searching, fetching and manipulation. A unique new analysis of the features produced at intermediate layers has been applied. Here, we opt to use the normal and two opposites' angular measures of the triangle as the invariance. It simply acts as the real-time optimized encryption procedure to achieve the reliable security goals explained in detail in the later sections.

Strong designated verifier signature scheme is a concept in which a user (signer) can issue a digital signature for a special receiver; i.e. signature is produced in such way that only intended verifier can check the validity of produced signature. Of course, this type of signature scheme should be such that no third party is able to validate the signature. In other words, the related designated verifier cannot assign the issued signature to another third party. This article proposes a new ID-based strong designated verifier signature scheme which has provable security in the ROM (Random Oracle Model) and BDH assumption. The proposed scheme satisfies the all security requirements of an ID-based strong designated verifier signature scheme. In addition, we propose some usage scenarios for the proposed schemes in different applications in the Internet of Things and Cloud Computing era.