Biblio

In sensor-enabled Internet of Things (IoT), nodes are deployed in an open and remote environment, therefore, are vulnerable to a variety of attacks. Recently, trust-based schemes have played a pivotal role in addressing nodes' misbehavior attacks in IoT. However, the existing trust-based schemes apply network wide dissemination of the control packets that consume excessive energy in the quest of trust evaluation, which ultimately weakens the network lifetime. In this context, this paper presents an energy efficient trust evaluation (EETE) scheme that makes use of hierarchical trust evaluation model to alleviate the malicious effects of illegitimate sensor nodes and restricts network wide dissemination of trust requests to reduce the energy consumption in clustered-sensor enabled IoT. The proposed EETE scheme incorporates three dilemma game models to reduce additional needless transmissions while balancing the trust throughout the network. Specially: 1) a cluster formation game that promotes the nodes to be cluster head (CH) or cluster member to avoid the extraneous cluster; 2) an optimal cluster formation dilemma game to affirm the minimum number of trust recommendations for maintaining the balance of the trust in a cluster; and 3) an activity-based trust dilemma game to compute the Nash equilibrium that represents the best strategy for a CH to launch its anomaly detection technique which helps in mitigation of malicious activity. Simulation results show that the proposed EETE scheme outperforms the current trust evaluation schemes in terms of detection rate, energy efficiency and trust evaluation time for clustered-sensor enabled IoT.

Dependence of the individuals on the Internet for performing the several actions require secure data communication. Thus, the reliable data communication improves the confidentiality. As, enhanced security leads to reliable and faster communication. To improve the reliability and confidentiality, there is dire need of fully secured authentication method. There are several methods of password protections were introduced to protect the confidentiality and reliability. Most of the existing methods are based on alphanumeric approaches, but few methods provide the dual authentication process. In this paper, we introduce improved graphical password authentication using Twofish Encryption and Visual Cryptography (TEVC) method. Our proposed TEVC is unpredictably organized as predicting the correct graphical password and arranging its particles in the proper order is harder as compared to traditional alphanumeric password system. TEVC is tested by using JAVA platform. Based on the testing results, we confirm that proposed TEVC provides secure authentication. TEVC encryption algorithm detected as more prudent and possessing lower time complexity as compared to other known existing algorithms message code confirmation and fingerprint scan with password.

Users can directly access and share information from portable devices such as a smartphone or an Internet of Things (IoT) device. However, to prevent them from becoming victims to launch cyber attacks, they must allow selective sharing based on roles of the users such as with the Ciphertext-Policy Attribute Encryption (CP-ABE) scheme. However, to match the resource constraints, the scheme must be efficient for storage. It must also protect the device from malicious users as well as allow uninterrupted access to valid users. This paper presents the CCA secure PROxy-based Scalable Revocation for Constant Cipher-text (C-PROSRCC) scheme, which provides scalable revocation for a constant ciphertext length CP-ABE scheme. The scheme has a constant number of pairings and computations. It can also revoke any number of users and does not require re-encryption or redistribution of keys. We have successfully implemented the C-PROSRCC scheme. The qualitative and quantitative comparison with related schemes indicates that C-PROSRCC performs better with acceptable overheads. C-PROSRCC is Chosen Ciphertext Attack (CCA) secure. We also present a case study to demonstrate the use of C-PROSRCC for mobile-based selective sharing of a family car.

Ciphertext Policy Attribute Based Encryption techniques provide fine grained access control to securely share the data in the organizations where access rights of users vary according to their roles. We have noticed that various key delegation mechanisms are provided for CP-ABE schemes but no key delegation mechanism exists for CP-ABE with hidden access policy. In practical, users' identity may be revealed from access policy in the organizations and unlimited further delegations may results in unauthorized data access. For maintaining the users' anonymity, the access structure should be hidden and every user must be restricted for specified further delegations. In this work, we have presented a flexible secure key delegation mechanism for CP-ABE with hidden access structure. The proposed scheme enhances the capability of existing CP-ABE schemes by supporting flexible delegation, attribute revocation and user revocation with negligible enhancement in computational cost.

In order to solve the problems of the existing speech content authentication algorithm, such as single format, ununiversal algorithm, low security, low accuracy of tamper detection and location in small-scale, a multi-format speech perception hashing based on time-frequency parameter fusion of energy zero ratio and frequency band bariance is proposed. Firstly, the algorithm preprocesses the processed speech signal and calculates the short-time logarithmic energy, zero-crossing rate and frequency band variance of each speech fragment. Then calculate the energy to zero ratio of each frame, perform time- frequency parameter fusion on time-frequency features by mean filtering, and the time-frequency parameters are constructed by difference hashing method. Finally, the hash sequence is scrambled with equal length by logistic chaotic map, so as to improve the security of the hash sequence in the transmission process. Experiments show that the proposed algorithm is robustness, discrimination and key dependent.

Internet of Things (IoT) and cloud computing are promising technologies that change the way people communicate and live. As the data collected through IoT devices often involve users' private information and the cloud is not completely trusted, users' private data are usually encrypted before being uploaded to cloud for security purposes. Searchable encryption, allowing users to search over the encrypted data, extends data flexibility on the premise of security. In this paper, to achieve the accurate and efficient ciphertext searching, we present an efficient multi-keyword ranked searchable encryption scheme supporting ciphertext-policy attribute-based encryption (CP-ABE) test (MRSET). For efficiency, numeric hierarchy supporting ranked search is introduced to reduce the dimensions of vectors and matrices. For practicality, CP-ABE is improved to support access right test, so that only documents that the user can decrypt are returned. The security analysis shows that our proposed scheme is secure, and the experimental result demonstrates that our scheme is efficient.

In this paper, we propose a new method for optimizing the deployment of security solutions within an IoT network. Our approach uses dominating sets and centrality metrics to propose an IoT security framework where security functions are optimally deployed among devices. An example of such a solution is presented based on EndToEnd like encryption. The results reveal overall increased security within the network with minimal impact on the traffic.

The recent malware outbreaks have shown that the existing end-point security solutions are not robust enough to secure the systems from getting compromised. The techniques, like code obfuscation along with one or more zero-days, are used by malware developers for evading the security systems. These malwares are used for large-scale attacks involving Advanced Persistent Threats(APT), Botnets, Cryptojacking, etc. Cryptojacking poses a severe threat to various organizations and individuals. We are summarising multiple methods available for the detection of malware.

Cyber-physical systems (CPS) are state-of-the-art communication environments that offer various applications with distinct requirements. However, security in CPS is a nonnegotiable concept, since without a proper security mechanism the applications of CPS may risk human lives, the privacy of individuals, and system operations. In this paper, we focus on PHY-layer security approaches in CPS to prevent passive eavesdropping attacks, and we propose an integration of physical layer operations to enhance security. Thanks to the McEliece cryptosystem, error injection is firstly applied to information bits, which are encoded with the forward error correction (FEC) schemes. Golay and Hamming codes are selected as FEC schemes to satisfy power and computational efficiency. Then obtained codewords are transmitted across reliable intermediate relays to the legitimate receiver. As a performance metric, the decoding frame error rate of the eavesdropper is analytically obtained for the fragmentary existence of significant noise between relays and Eve. The simulation results validate the analytical calculations, and the obtained results show that the number of low-quality channels and the selected FEC scheme affects the performance of the proposed model.

Due to globalization of Integrated Circuit (IC) design flow, Intellectual Property (IP) cores have increasingly become susceptible to various hardware threats such as Trojan insertion, piracy, overbuilding etc. An IP core can be secured against these threats using functional obfuscation based security mechanism. This paper presents a functional obfuscation of digital signal processing (DSP) core for consumer electronics systems using a novel IP core locking block (ILB) logic that leverages the structure of flip-flops and combinational circuits. These ILBs perform the locking of the functionality of a DSP design and actuate the correct functionality only on application of a valid key sequence. In existing approaches so far, executing exhaustive trials are sufficient to extract the valid keys from an obfuscated design. However, proposed work is capable of hindering the extraction of valid keys even on exhaustive trials, unless successfully applied in the first attempt only. In other words, the proposed work drastically reduces the probability of obtaining valid key of a functionally obfuscated design in exhaustive trials. Experimental results indicate that the proposed approach achieves higher security and lower design overhead than previous works.

In recent years the use of security gateways (SG) located within the electrical grid distribution network has become pervasive. SGs in substations and renewable distributed energy resource aggregators (DERAs) protect power distribution control devices from cyber and cyber-physical attacks. When encrypted communications within a DER network is used, TCP/IP packet inspection is restricted to packet header behavioral analysis which in most cases only allows the SG to perform anomaly detection of blocks of time-series data (event windows). Packet header anomaly detection calculates the probability of the presence of a threat within an event window, but fails in such cases where the unreadable encrypted payload contains the attack content. The SG system log (syslog) is a time-series record of behavioral patterns of network users and processes accessing and transferring data through the SG network interfaces. Threatening behavioral pattern in the syslog are measurable using both anomaly detection and graph theory. In this paper it will be shown that it is possible to efficiently detect the presence of and classify a potential threat within an SG syslog using light-weight anomaly detection and graph theory.

In this research project, we are interested by finding solutions to the problem of image analysis and processing in the encrypted domain. For security reasons, more and more digital data are transferred or stored in the encrypted domain. However, during the transmission or the archiving of encrypted images, it is often necessary to analyze or process them, without knowing the original content or the secret key used during the encryption phase. We propose to work on this problem, by associating theoretical aspects with numerous applications. Our main contributions concern: data hiding in encrypted images, correction of noisy encrypted images, recompression of crypto-compressed images and secret image sharing.

As the number of Internet users increases, their usage also diversifies, and it is important to prevent Identity on the Internet (Digital Identity) from being violated. Unauthorized authentication is one of the methods to infringe Digital Identity. Multi-factor authentication has been proposed as a method for preventing unauthorized authentication. However, the cryptographic authenticator required for multi-factor authentication is expensive both financially and UX-wise for the user. In this paper, we design, implement and evaluate multi-factor authentication using My Number Card provided by public personal identification service and WebUSB, which is being standardized.

This paper proposes a double-layer message security scheme that is implemented in two stages. First, the secret data is encrypted using the AES algorithm with a 256-bit key. Second, least significant bit (LSB) embedding is carried out, by hiding the secret message into an image of an information matrix. A number of performance evaluation metrics are discussed and computed for the proposed scheme. The obtained results are compared to other schemes in literature and show the superiority of the proposed scheme.

A new quantum secret sharing protocol based on the ping-pong protocol of quantum secure direct communication is proposed. The pairs of entangled qutrits are used in protocol, which allows an increase in the information capacity compared with protocols based on entangled qubits. The detection of channel eavesdropping used in the protocol is being implemented in random moments of time, thereby it is possible do not use the significant amount of quantum memory. The security of the proposed protocol to attacks is considered. A method for additional amplification of the security to an eavesdropping attack in communication channels for the developed protocol is proposed.

The problems of random numbers application to the information security of data, communication lines, computer units and automated driving systems are considered. The possibilities for making up quantum generators of random numbers and existing solutions for acquiring of sufficiently random sequences are analyzed. The authors found out the method for the creation of quantum generators on the basis of semiconductor electronic components. The electron-quantum generator based on electrons tunneling is experimentally demonstrated. It is shown that it is able to create random sequences of high security level and satisfying known NIST statistical tests (P-Value\textbackslashtextgreater0.9). The generator created can be used for formation of both closed and open cryptographic keys in computer systems and other platforms and has great potential for realization of random walks and probabilistic computing on the basis of neural nets and other IT problems.

Ciphertext storage can effectively solve the security problems in cloud storage, among which the ciphertext policy attribute-based encryption (CP-ABE) is more suitable for ciphertext access control in cloud storage environment for it can achieve one-to-many ciphertext sharing. The existing attribute encryption scheme CP-ABE has problems with revocation such as coarse granularity, untimeliness, and low efficiency, which cannot meet the demands of cloud storage. This paper proposes an RCP-ABE scheme that supports real-time revocable fine-grained attributes for the existing attribute revocable scheme, the scheme of this paper adopts the version control technology to realize the instant revocation of the attributes. In the key update mechanism, the subset coverage technology is used to update the key, which reduces the workload of the authority. The experimental analysis shows that RCP-ABE is more efficient than other schemes.

Most Web sites rely on resources hosted by third parties such as CDNs. Third parties may be compromised or coerced into misbehaving, e.g. delivering a malicious script or stylesheet. Unexpected changes to resources hosted by third parties can be detected with the Subresource Integrity (SRI) mechanism. The focus of SRI is on scripts and stylesheets. Web fonts cannot be secured with that mechanism under all circumstances. The first contribution of this paper is to evaluates the potential for attacks using malicious fonts. With an instrumented browser we find that (1) more than 95% of the top 50,000 Web sites of the Tranco top list rely on resources hosted by third parties and that (2) only a small fraction employs SRI. Moreover, we find that more than 60% of the sites in our sample use fonts hosted by third parties, most of which are being served by Google. The second contribution of the paper is a proof of concept of a malicious font as well as a tool for automatically generating such a font, which targets security-conscious users who are used to verifying cryptographic fingerprints. Software vendors publish such fingerprints along with their software packages to allow users to verify their integrity. Due to incomplete SRI support for Web fonts, a third party could force a browser to load our malicious font. The font targets a particular cryptographic fingerprint and renders it as a desired different fingerprint. This allows attackers to fool users into believing that they download a genuine software package although they are actually downloading a maliciously modified version. Finally, we propose countermeasures that could be deployed to protect the integrity of Web fonts.

Digital signal processing (DSP) and multimedia based reusable Intellectual property (IP) cores form key components of system-on-chips used in consumer electronic devices. They represent years of valuable investment and hence need protection against prevalent threats such as IP cloning and fraudulent claim of ownership. This paper presents a novel crypto digital signature approach which incorporates multiple security modules such as encryption, hashing and encoding for protection of digital signature processing cores. The proposed approach achieves higher robustness (and reliability), in terms of lower probability of coincidence, at lower design cost than existing watermarking approaches for IP cores. The proposed approach achieves stronger proof of authorship (on average by 39.7%) as well as requires lesser storage hardware compared to a recent similar work.

As data security has become the major concern in modern storage systems with low-cost multi-level-cell (MLC) flash memories, it is not trivial to realize data sanitization in such a system. Even though some existing works employ the encryption or the built-in erase to achieve this requirement, they still suffer the risk of being deciphered or the issue of performance degradation. In contrast to the existing work, a fast sanitization scheme is proposed to provide the highest degree of security for data sanitization; that is, every old version of data could be immediately sanitized with zero live-data-copy overhead once the new version of data is created/written. In particular, this scheme further considers the reliability issue of MLC flash memories; the proposed scheme includes a one-shot sanitization design to minimize the disturbance during data sanitization. The feasibility and the capability of the proposed scheme were evaluated through extensive experiments based on real flash chips. The results demonstrate that this scheme can achieve the data sanitization with zero live-data-copy, where performance overhead is less than 1%.

Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.

Cloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user's private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.

One critical challenge of today's cloud services is how to provide an effective search service while preserving user privacy. In this paper, we propose a wildcard-based multi-keyword fuzzy search (WMFS) scheme over the encrypted data, which tolerates keyword misspellings by exploiting the indecomposable property of primes. Compared with existing secure fuzzy search schemes, our WMFS scheme has the following merits: 1) Efficiency. It eliminates the requirement of a predefined dictionary and thus supports updates efficiently. 2) High accuracy. It eliminates the false positive and false negative introduced by specific data structures and thus allows the user to retrieve files as accurate as possible. 3) Flexibility. It gives the user great flexibility to specify different search patterns including keyword and substring matching. Extensive experiments on a real data set demonstrate the effectiveness and efficiency of our scheme.

The adoption of Internet of Things (IoT) technology is increasing at a fast rate. With improving software technologies and growing security threats, there is always a need to upgrade the firmware in the IoT devices. Digital signatures are an integral part of digital communication to cope with the threat of these devices being exploited by attackers to run malicious commands, codes or patches on them. Digital Signatures measure the authenticity of the transmitted data as well as are a source of record keeping (repudiation). This study proposes the adoption of Lamport signature scheme, which is quantum resistant, for authentication of data transmission and its feasibility in IoT devices.

Wireless communications have encountered a considerable improvement and have integrated human life through various applications, mainly by the widespread of mobile ad hoc and sensor networks. A fundamental characteristic of wireless communications are in their broadcast nature, which allows accessibility of information without placing restrictions on a user's location. However, accessibility also makes wireless communications vulnerable to eavesdropping. To enhance the security of network communication, we propose a separate key generation server which is responsible for key generation using complex random algorithm. The key will remain in database in encrypted format. To prevent brute force attack, we propose various group key generation algorithms in which every group will have separate group key to verify group member's identity. The group key will be verified with the session information before decryption, so that our system will prevent attack if any attacker knows the group key. To increase the security of the system, we propose three level encryption securities: Client side encryption using AES, Server side encryption using AES, and Artificial noise generation and addition. By using this our system is free from brute force attack as we are using three level message security and complex Random key generation algorithms.