Biblio

Security and Controls with Data privacy in Internet of Things (IoT) devices is not only a present and future technology that is projected to connect a multitude of devices, but it is also a critical survival factor for IoT to thrive. As the quantity of communications increases, massive amounts of data are expected to be generated, posing a threat to both physical device and data security. In the Internet of Things architecture, small and low-powered devices are widespread. Due to their complexity, traditional encryption methods and algorithms are computationally expensive, requiring numerous rounds to encrypt and decode, squandering the limited energy available on devices. A simpler cryptographic method, on the other hand, may compromise the intended confidentiality and integrity. This study examines two lightweight encryption algorithms for Android devices: AES and RSA. On the other hand, the traditional AES approach generates preset encryption keys that the sender and receiver share. As a result, the key may be obtained quickly. In this paper, we present an improved AES approach for generating dynamic keys.

A grouping-proof protocol aims to generate an evidence that two or more RFID (Radio Frequency Identification) tags in a group are coexistent, which has been widely deployed in practical scenarios, such as healthcare, supply-chain management, and so on. However, existing grouping-proof protocols have many issues in security and efficiency, either incompatible with EPCglobal Class-1 Generation-2 (C1G2) standard, or vulnerable to different attacks. In this paper, we propose a lightweight grouping-proof protocol which only utilizes bitwise operations (AND, XOR) and 128-bit pseudorandom number generator (PRNG). 2-round interactions between the reader and the tags allow them to cooperate on fast authentication in parallel mode where the reader broadcasts its round messages rather than hang on for the prior tag and then fabricate apposite output for the next tag consecutively. Our design enables the reader to aggregate the first round proofs (to bind the membership of tags in the same group) generated by the tags to an authenticator of constant size (independent of the number of tags) that can then be used by the tags to generate the second round proofs (and that will be validated by the verifier). Formal security (i.e., PPT adversary cannot counterfeit valid grouping-proof that can be accepted by any verifier) of the proposed protocol relies on the hardness of the learning parity with noise (LPN) problem, which can resist against quantum computing attacks. Other appealing features (e.g., robustness, anonymity, etc.) are also inspected. Performance evaluation shows its applicability to C1G2 RFID.

The inference results of neural network accelerators often involve personal privacy or business secrets in intelligent systems. It is important for the safety of convolutional neural network (CNN) accelerator to prevent the key data and inference result from being leaked. The latest CNN models have started to combine with fully homomorphic encryption (FHE), ensuring the data security. However, the computational complexity, data storage overhead, inference time are significantly increased compared with the traditional neural network models. This paper proposed a lightweight FHE scheme on fully-connected layer for CNN hardware accelerator to achieve security inference, which not only protects the privacy of inference results, but also avoids excessive hardware overhead and great performance degradation. Compared with state-of-the-art works, this work reduces computational complexity by approximately 90% and decreases ciphertext size by 87%∼95%.

Lightweight cryptography concept has been a very hot topic for the last few years and considered as a new domain of encryption suitable for big data networks, small devices, phones, cards and embedded systems. These systems require low latency security and low power consuming [1]. An improved lightweight encryption algorithm ILEA is proposed in this paper. ILEA is based on PRINCE lightweight algorithm as his main core with two defacing balanced mixing layers added. ILEA presented in two programming languages: PYTHON, C++ with a comparative study with original PRINCE results and some of another lightweight algorithms.

Alongside the rapid expansion of Internet of Things (IoT), and network evolution (5G, 6G technologies), comes the need for security of higher level and less hardware demanding modules. New cryptographic systems are developed, in order to satisfy the special needs of security, that have emerged in modern applications. In this paper, a novel lightweight data streaming system, is proposed, which operates in alternative modes. Each one of them, performs efficiently as one of three in total, stream ciphering modules. The operation of the proposed system, is based on reconfigurable logic. It aims at a lower hardware utilization and good performance, at the same time. In addition, in order to have a fair and detailed comparison, a second one design is also integrated and introduced. This one proposes a conventional architecture, consisting of the same three stream ciphering modes, implemented on the same device, as separate operation modules. The FPGA synthesis results prove that the proposed reconfigurable design achieves to minimize the area resources, from 18% to 30%, compared to the conventional one, while maintaining high performance values, for the supported modes.

Lightweight ciphers are algorithms with low computational and spacial complexity. In the modern world of miniaturization, a lightweight cipher is used in constrained devices such as RFID tags, fire and security detectors, devices for wireless communications and other IoT devices. Stream ciphers are symmetric ciphers which encrypts the plain text bit stream with corresponding key stream to generate cipher text. Hence a stream cipher with low computational complexity and maximum security can be termed as a lightweight stream cipher. Many light weight stream ciphers are already existing. Each has its own vulnerabilities and spacial requirement. This paper has successfully developed, implemented, and analyzed a lightweight stream cipher - A4. Along with low computational cost, A4 also ensures paramount security and is less prone to the emerging cryptographic attacks.

In this paper, we present the enhancement of a lightweight key-policy attribute-based encryption (KP-ABE) scheme designed for the Internet of Things (IoT). The KP-ABE scheme was claimed to achieve ciphertext indistinguishability under chosen-plaintext attack in the selective-set model but we show that the KP-ABE scheme is insecure even in the weaker security notion, namely, one-way encryption under the same attack and model. In particular, we show that an attacker can decrypt a ciphertext which does not satisfy the policy imposed on his decryption key. Subsequently, we propose an efficient fix to the KP-ABE scheme as well as extending it to be a hierarchical KP-ABE (H-KP-ABE) scheme that can support role delegation in IoT applications. An example of applying our H-KP-ABE on an IoT-connected healthcare system is given to highlight the benefit of the delegation feature. Lastly, using the NIST curves secp192k1 and secp256k1, we benchmark the fixed (hierarchical) KP-ABE scheme on an Android phone and the result shows that the scheme is still the fastest in the literature.

Searchable encryption technology can guarantee the confidentiality of cloud data and the searchability of ciphertext data, which has a very broad application prospect in cloud storage environments. However, most existing searchable encryption schemes have problems, such as excessive computational overhead and low security. In order to solve these problems, a lightweight searchable encryption scheme based on certificateless cryptosystem is proposed. The user's final private key consists of partial private key and secret value, which effectively solves the certificate management problem of the traditional cryptosystem and the key escrow problem of identity-based cryptosystem. At the same time, the introduction of third-party manager has significantly reduced the burden in the cloud server and achieved lightweight multi-user ciphertext retrieval. In addition, the data owner stores the file index in the third-party manager, while the file ciphertext is stored in the cloud server. This ensures that the file index is not known by the cloud server. The analysis results show that the scheme satisfies trapdoor indistinguishability and can resist keyword guessing attacks. Compared with similar certificateless encryption schemes, it has higher computational performance in key generation, keyword encryption, trapdoor generation and keyword search.

Resource constrained devices such as sensors and RFIDs are utilized in many application areas to sense, store and transmit the sensitive data. This data must be encrypted to achieve confidentiality. The implementation of traditional public key encryption (PKE) techniques by these devices is always challenging as they possess very limited computational resources. Various encryption schemes based on identity-based encryption (IBE) and certificate-less public key encryption (CL-PKE) have been proposed to overcome limitations of PKI. However, many of these schemes involve the computationally expensive exponentiation and bilinear pairing operations on elliptic curve group to encrypt the messages. In this context, we propose a lightweight optimized CL-PKE scheme in which exponentiation and pairing operations are completely eliminated during encryption and only involves computation of cheaper addition and multiplication operations on elliptic curve. Implementation of the proposed scheme confirms its lightweight nature as compared to original CL-PKE scheme.

The number of malicious Android apps has been and continues to increase rapidly. These malware can damage or alter other files or settings, install additional applications, obfuscate their behaviors, propagate quickly, and so on. To identify and handle such malware, a security analyst can significantly benefit from identifying the family to which a malicious app belongs rather than only detecting if an app is malicious. To address these challenges, we present a novel machine learning-based Android malware detection and family-identification approach, RevealDroid, that operates without the need to perform complex program analyses or extract large sets of features. RevealDroid's selected features leverage categorized Android API usage, reflection-based features, and features from native binaries of apps. We assess RevealDroid for accuracy, efficiency, and obfuscation resilience using a large dataset consisting of more than 54,000 malicious and benign apps. Our experiments show that RevealDroid achieves an accuracy of 98% in detection of malware and an accuracy of 95% in determination of their families. We further demonstrate RevealDroid's superiority against state-of-the-art approaches. [URL of original paper: https://dl.acm.org/citation.cfm?id=3162625]

Provenance describes detailed information about the history of a piece of data, containing the relationships among elements such as users, processes, jobs, and workflows that contribute to the existence of data. Provenance is key to supporting many data management functionalities that are increasingly important in operations such as identifying data sources, parameters, or assumptions behind a given result; auditing data usage; or understanding details about how inputs are transformed into outputs. Despite its importance, however, provenance support is largely underdeveloped in highly parallel architectures and systems. One major challenge is the demanding requirements of providing provenance service in situ. The need to remain lightweight and to be always on often conflicts with the need to be transparent and offer an accurate catalog of details regarding the applications and systems. To tackle this challenge, we introduce a lightweight provenance service, called LPS, for high-performance computing (HPC) systems. LPS leverages a kernel instrument mechanism to achieve transparency and introduces representative execution and flexible granularity to capture comprehensive provenance with controllable overhead. Extensive evaluations and use cases have confirmed its efficiency and usability. We believe that LPS can be integrated into current and future HPC systems to support a variety of data management needs.

Mobile radio frequency identification (RFID) systems are being employed in many applications such as supply chain management. Since the communications between RFID-reader and server, RFID-tag and RFID-reader are all wireless, security and privacy attracts more attentions, reflected in the research on authentication protocols. But most of the existing authentications only care about the front end (reader to tag) and ignore the back end (reader to server), which could not satisfy the security demands in the mobile RFID systems. Moreover, the tags have to be grouped when the population is large enough, but the existing authentication protocols are inapplicable in this scenario. In this paper, we propose a mixed authentication protocol composed of hash-based authentication for readers and lightweight authentication for low-cost tags to fit the mobile RFID system with grouping tags. Analysis demonstrates that the proposed authentication protocol could efficiently counteract the impersonation attack, reply attack and tracking attack.