Biblio

The reconfiguration of FPGAs includes downloading the bit-stream file which contains the new design on the FPGA. The option to reconfigure FPGAs dynamically opens up the threat of stealing the Intellectual Property (IP) of the design. Since the configuration is usually stored in external memory, this can be easily tapped and read out by an eaves-dropper. This work presents a low cost solution in order to secure the reconfiguration of FPGAs. The proposed solution is based on an efficient-compact hardware implementation for AEGIS which is considered one of the candidates to the competition of CAESAR. The proposed architecture depends on using 1/4 AES-round for reducing the consumed area. We evaluated the presented design using 90 and 65 nm technologies. Our comparison to existing AES-based schemes reveals that the proposed design is better in terms of the hardware performance (Thr./mm2).

We propose a simple and efficient searchable symmetric encryption scheme based on a Bitmap index that evaluates Boolean queries. Our scheme provides a practical solution in settings where communications and computations are very constrained as it offers a suitable trade-off between privacy and performance.

The main objective of this paper is to present a more secured and computationally efficient procedure of encrypting and decrypting images using the enigma algorithm in comparison to the existing methods. Available literature on image encryptions and descriptions are not highly secured in every case.To achieve more secured image processing for highly advanced technologies, a proposed algorithm can be the process used in enigma machine for image encryption and decryption. Enigma machine is piece of spook hardware that was used frequently during the World War II by the Germans. This paper describes the detailed algorithm along with proper demonstration of several essential components present in an enigma machine that is required for image security. Each pixel in a colorful picture can be represented by RGB (Red, Green, Blue) value. The range of RGB values is 0 to 255 that states the red, green and blue intensity of a particular picture.These RGB values are accessed one by one and changed into another by various steps and hence it is not possible to track the original RGB value. In order to retrieve the original image, the receiver needs to know the setting of the enigma. To compare the decrypted image with the original one,these two images are subtracted and their results are also discussed in this paper.

Due to greater network capacity and faster data speed, fifth generation (5G) technology is expected to provide a huge improvement in Internet of Things (IoTs) applications, Augmented & Virtual Reality (AR/VR) technologies, and Machine Type Communications (MTC). Consumer will be able to send/receive high quality multimedia data. For the protection of sensitive multimedia data, a large number of encryption algorithms are available, however, these encryption schemes does not provide light-weight encryption solution for real-time application requirements. This paper proposes a new multi-chaos computational efficient encryption for digital images. In the proposed scheme, plaintext image is transformed using Lifting Wavelet Transform (LWT) and only one-fourth part of the transformed image is encrypted using light-weight Chebyshev and Intertwining maps. Both chaotic maps were chaotically coupled for the confusion and diffusion processes which further enhances the image security. Encryption/decryption speed and other security measures such as correlation coefficient, entropy, Number of Pixels Change Rate (NPCR), contrast, energy, homogeneity confirm the superiority of the proposed light-weight encryption scheme.

Large scale biomedical research projects involve analysis of huge amount of genomic data which is owned by different data owners. The collection and storing of genomic data is sometimes beyond the capability of a sole organization. Genomic data sharing is a feasible solution to overcome this problem. These scenarios can be generalized into the problem of aggregating data distributed among multiple databases and owned by different data owners. However, we should guarantee that an adversary cannot learn anything about the data or the individual contribution of each party towards the final output of the computation. In this paper, we propose a practical solution for secure sharing and computation of genomic data. We adopt the Paillier cryptosystem and the order preserving encryption to securely execute the count query and the ranked query. Experimental results demonstrate that the computation time is realistic enough to make our system adoptable in the real world.

In this paper we presents the notion of key-rotatable and security-updatable homomorphic encryption (KR-SU-HE) scheme, which is a class of public-key homomorphic encryption in which the keys and the security of any ciphertext can be rotated and updated while still keeping the underlying plaintext intact and unrevealed. We formalise syntax and security notions for KR-SU-HE schemes and then build a concrete scheme based on the Learning With Errors assumption. We then perform testing implementation to show that our proposed scheme is efficiently practical.

Searchable symmetric encryption (SSE) enables a client to store a database on an untrusted server while supporting keyword search in a secure manner. Despite the rapidly increasing interest in SSE technology, experiments indicate that the performance of the known schemes scales badly to large databases. Somewhat surprisingly, this is not due to their usage of cryptographic tools, but rather due to their poor locality (where locality is defined as the number of non-contiguous memory locations the server accesses with each query). The only known schemes that do not suffer from poor locality suffer either from an impractical space overhead or from an impractical read efficiency (where read efficiency is defined as the ratio between the number of bits the server reads with each query and the actual size of the answer). We construct the first SSE schemes that simultaneously enjoy optimal locality, optimal space overhead, and nearly-optimal read efficiency. Specifically, for a database of size N, under the modest assumption that no keyword appears in more than N1 − 1/loglogN documents, we construct a scheme with read efficiency Õ(loglogN). This essentially matches the lower bound of Cash and Tessaro (EUROCRYPT ’14) showing that any SSE scheme must be sub-optimal in either its locality, its space overhead, or its read efficiency. In addition, even without making any assumptions on the structure of the database, we construct a scheme with read efficiency Õ(logN). Our schemes are obtained via a two-dimensional generalization of the classic balanced allocations (“balls and bins”) problem that we put forward. We construct nearly-optimal two-dimensional balanced allocation schemes, and then combine their algorithmic structure with subtle cryptographic techniques.

Searchable symmetric encryption (SSE) enables a client to store a database on an untrusted server while supporting keyword search in a secure manner. Despite the rapidly increasing interest in SSE technology, experiments indicate that the performance of the known schemes scales badly to large databases. Somewhat surprisingly, this is not due to their usage of cryptographic tools, but rather due to their poor locality (where locality is defined as the number of non-contiguous memory locations the server accesses with each query). The only known schemes that do not suffer from poor locality suffer either from an impractical space overhead or from an impractical read efficiency (where read efficiency is defined as the ratio between the number of bits the server reads with each query and the actual size of the answer). We construct the first SSE schemes that simultaneously enjoy optimal locality, optimal space overhead, and nearly-optimal read efficiency. Specifically, for a database of size N, under the modest assumption that no keyword appears in more than N1 − 1/loglogN documents, we construct a scheme with read efficiency Õ(loglogN). This essentially matches the lower bound of Cash and Tessaro (EUROCRYPT ’14) showing that any SSE scheme must be sub-optimal in either its locality, its space overhead, or its read efficiency. In addition, even without making any assumptions on the structure of the database, we construct a scheme with read efficiency Õ(logN). Our schemes are obtained via a two-dimensional generalization of the classic balanced allocations (“balls and bins”) problem that we put forward. We construct nearly-optimal two-dimensional balanced allocation schemes, and then combine their algorithmic structure with subtle cryptographic techniques.

Cryptography is a powerful means of delivering information in a secure manner. Over the years, many image encryption algorithms have been proposed based on the chaotic system to protect the digital image against cryptography attacks. In chaotic encryption, it jumbles the image to vary the framework of the image. This makes it difficult for the attacker to retrieve the original image. This paper introduces an efficient image encryption algorithm incorporating the genetic algorithm, bit plane slicing and bit plane rotation of the digital image. The digital image is sliced into eight planes and each plane is well rotated to give a fully encrypted image after the application of the Genetic Algorithm on each pixel of the image. This makes it less prone to attacks. For decryption, we perform the operations in the reverse order. The performance of this algorithm is measured using various similarity measures like Structural Similarity Index Measure (SSIM). The results exhibit that the proposed scheme provides a stronger level of encryption and an enhanced security level.

In last few years, Proxy Re-Encryption has been used for forwarding the encrypted message to the user, these users are the one who has not been a part of encryption. In the past several scheme were developed in order to provide the efficient and secure proxy re-encryption. However, these methodology mainly focused on features like maximum key privacy, minimal trust proxy and others. In such cases the efficiency and security was mainly ignored. Hence, in order to provide the efficient and secure proxy re-encryption, we proposed an algorithm named as MLBC (Modified Lattice Based Cryptography) is proposed. Our method is based on the PKE (Public Key Encryption) and it provides more efficiency when compared to the other cryptography technique. Later in order to evaluate the algorithm simulation is done based on several parameter such as encryption time, proxy key generation time, Re-encryption time and Total computation time. Later, it is compared with the existing algorithm and the plotted graph clearly shows that our algorithm outperforms the existing algorithm.

Today, there are several applications which allow us to share images over the internet. All these images must be stored in a secure manner and should be accessible only to the intended recipients. Hence it is of utmost importance to develop efficient and fast algorithms for encryption of images. This paper uses chaotic generators to generate random sequences which can be used as keys for image encryption. These sequences are seemingly random and have statistical properties. This makes them resistant to analysis and correlation attacks. However, these sequences have fixed cycle lengths. This restricts the number of sequences that can be used as keys. This paper utilises neural networks as a source of perturbation in a chaotic generator and uses its output to encrypt an image. The robustness of the encryption algorithm can be verified using NPCR, UACI, correlation coefficient analysis and information entropy analysis.

This paper presents a new algorithm for image encryption by extending the Knight's Tour Problem (KTP). The idea behind the proposed algorithm is to generate a Knight Tour (KT) matrix (m,n) and then divide the image according to the size of knight tour matrix into several sub matrices. Finally, apply n-neighborhood addition modulo encryption algorithm according to the solution of KT matrix over each m × n partition of the image. The proposed algorithm provides image encryption without using the cover images. Results obtained from experiments have shown that the proposed algorithm is efficient, simple and does not disclose any information from encrypted image.

Cloud Computing is the most promising paradigm in recent times. It offers a cost-efficient service to individual and industries. However, outsourcing sensitive data to entrusted Cloud servers presents a brake to Cloud migration. Consequently, improving the security of data access is the most critical task. As an efficient cryptographic technique, Ciphertext Policy Attribute Based Encryption(CP-ABE) develops and implements fine-grained, flexible and scalable access control model. However, existing CP-ABE based approaches suffer from some limitations namely revocation, data owner overhead and computational cost. In this paper, we propose a sliced revocable solution resolving the aforementioned issues abbreviated RS-CPABE. We applied splitting algorithm. We execute symmetric encryption with Advanced Encryption Standard (AES)in large data size and asymmetric encryption with CP-ABE in constant key length. We re-encrypt in case of revocation one single slice. To prove the proposed model, we expose security and performance evaluation.

With the evolution of the communication technology, fast and efficient tools for secure exchanged data are highly required. Through this research work, we introduce a simplified and fast chaos-based scheme for multimedia data encryption and in particular for color image encryption application. The new algorithm is based on an extracted four-dimension (4-D) discrete time map. The proposed 4-D chaos system includes seven (07) nonlinear terms and four (04) controllers to generate a robust chaos that can satisfy the encryption requirements. The performance of this image encryption algorithm are analyzed with the help of four important factors which are key space, correlation, complexity and running time. Results of the security analysis compared to some of similar proposals, show that our encryption scheme is more effective in terms of key stream cipher space, correlation, complexity and running time.

This paper presents the encryption of advanced pictures dependent on turmoil hypothesis. Two principal forms are incorporated into this method those are pixel rearranging and pixel substitution. Disorder hypothesis is a part of science concentrating on the conduct of dynamical frameworks that are profoundly touchy to beginning conditions. A little change influences the framework to carry on totally unique, little changes in the beginning position of a disorganized framework have a major effect inevitably. A key of 128-piece length is created utilizing mayhem hypothesis, and decoding should be possible by utilizing a similar key. The bit-XOR activity is executed between the unique picture and disorder succession x is known as pixel substitution. Pixel rearranging contains push savvy rearranging and section astute rearranging gives extra security to pictures. The proposed strategy for encryption gives greater security to pictures.

A randomly-selective encryption (RSE) algorithm is proposed for HEVC video bitstream in this paper. It is a pioneer algorithm with high efficiency and security. The encryption process is completely independent of video compression process. A randomly-selective sequence (RSS) based on the RC4 algorithm is designed to determine the extraction position in the video bitstream. The extracted bytes are encrypted by AES-CTR to obtain the encrypted video. Based on the high efficiency video coding (HEV C) bitstream, the simulation and analysis results show that the proposed RSE algorithm has low time complexity and high security, which is a promising tool for video cryptographic applications.

Cloud computing undoubtedly is the most unparalleled technique in rapidly developing industries. Protecting sensitive files stored in the clouds from being accessed by malicious attackers is essential to the success of the clouds. In proxy re-encryption schemes, users delegate their encrypted files to other users by using re-encryption keys, which elegantly transfers the users' burden to the cloud servers. Moreover, one can adopt conditional proxy re-encryption schemes to employ their access control policy on the files to be shared. However, we recognize that the size of re-encryption keys will grow linearly with the number of the condition values, which may be impractical in low computational devices. In this paper, we combine a key-aggregate approach and a proxy re-encryption scheme into a key-aggregate proxy re-encryption scheme. It is worth mentioning that the proposed scheme is the first key-aggregate proxy re-encryption scheme. As a side note, the size of re-encryption keys is constant.

Security of cloud storage and sharing is concerned for years since a semi-trusted party, Cloud Server Provider (CSP), has access to user data on cloud server that may leak users' private data without constraint. Intuitively, an efficient solution of protecting cloud data is to encrypt it before uploading to the cloud server. However, a new requirement, data sharing, makes it difficult to manage secret keys among data owners and target users. Therefore conditional proxy broadcast re-encryption technology (CPBRE) is proposed in recent years to provide data encryption and sharing approaches for cloud environment. It enables a data owner to upload encrypted data to the cloud server and a third party proxy can re-encrypted cloud data under certain condition to a new ciphertext so that target users can decrypt re-encrypted data using their own private key. But few CPBRE schemes are applicable for a dynamic cloud environment. In this paper, we propose a new dynamic conditional proxy broadcast reencryption scheme that can be dynamic in system user setting and target user group. The initialization phase does not require a fixed system user setup so that users can join or leave the system in any time. And data owner can dynamically change the group of user he wants to share data with. We also provide security analysis which proves our scheme to be secure against CSP, and performance analysis shows that our scheme exceeds other schemes in terms of functionality and resource cost.

Cloud storage backends such as Amazon S3 are a potential storage solution to enterprises. However, to couple enterprises with these backends, at least two problems must be solved: first, how to make these semi-trusted backends as secure as on-premises storage; and second, how to selectively retrieve files as easy as on-premises storage. A security proxy can address both the problems by building a local index from keywords in files before encrypting and uploading files to these backends. But, if the local index is built in plaintext, file content is still vulnerable to local malicious staff. Searchable Encryption (SE) can get rid of this vulnerability by making index into ciphertext; however, its known constructions often require modifications to index database, and, to support wildcard queries, they are not efficient at all. In this paper, we present a security proxy that, based on our wildcard SE construction, can securely and efficiently couple enterprises with these backends. In particular, since our SE construction can work directly with existing database systems, it incurs only a little overhead, and when needed, permits the security proxy to run with constantly small storage footprint by readily out-sourcing all built indices to existing cloud databases.

Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext – and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts. We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension. We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project:https://github.com/RUB-NDS/SECRET/

We present attacks that use only the volume of responses to range queries to reconstruct databases. Our focus is on practical attacks that work for large-scale databases with many values and records, without requiring assumptions on the data or query distributions. Our work improves on the previous state-of-the-art due to Kellaris et al. (CCS 2016) in all of these dimensions. Our main attack targets reconstruction of database counts and involves a novel graph-theoretic approach. It generally succeeds when R , the number of records, exceeds \$N2/2\$, where N is the number of possible values in the database. For a uniform query distribution, we show that it requires volume leakage from only O(N2 łog N) queries (cf. O(N4łog N) in prior work). We present two ancillary attacks. The first identifies the value of a new item added to a database using the volume leakage from fresh queries, in the setting where the adversary knows or has previously recovered the database counts. The second shows how to efficiently recover the ranges involved in queries in an online fashion, given an auxiliary distribution describing the database. Our attacks are all backed with mathematical analyses and extensive simulations using real data.

Electronic control units (ECU) have been widely used in modern resource-constrained automotive systems, com-municating through the controller area network (CAN) bus. However, they are still facing man-in-the-middle attacks in CAN bus due to the absence of a more effective authenti-cation/encryption mechanism. In this paper, to defend against the attacks more effectively, we propose a unified lightweight authenticated encryption that integrates recent prevalent cryp-tography standardization Isap and Ascon.First, we reuse the common permutation block of ISAP and Asconto support authenticated encryption and encryption/decryption. Second, we provide a flexible and independent switch between authenticated encryption and encryption/decryption to support specific application requirements. Third, we adopt standard CAESAR hardware API as the interface standard to support compatibility between different interfaces or platforms. Experimental results show that our proposed unified lightweight authenticated encryption can reduce 26.09% area consumption on Xilinx Artix-7 FPGA board compared with the state-of-the-arts. In addition, the encryption overhead of the proposed design for transferring one CAN data frame is \textbackslashmathbf10.75 \textbackslashmu s using Asconand \textbackslashmathbf72.25 \textbackslashmu s using ISAP at the frequency of 4 MHz on embedded devices.

Multi-authority attribute-based encryption (MA-ABE) is a promising technique to achieve fine-grained access control over encrypted data in cross domain applications. However, the dynamic change of users' access privilege brings security problems, and the heavy encryption computational cost is issue for resource-constrained users in IoT. Moreover, the invalid or illegal ciphertext will waste system resources. We propose a large universe MA-CP-ABE scheme with revocation and online/offline encryption. In our scheme, an efficient revocation mechanism is designed to change users' access privilege timely. Most of the encryption operations have been executed in the user's initialization phase by adding reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Moreover, the scheme supports ciphertext verification and only valid ciphertext can be stored and transmitted. The proposed scheme is proven statically secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable for resource constrained users in edge computing for IoT.

The natural redundancy in video data due to its spatio-temporal correlation of neighbouring pixels require highly complex encryption process to successfully cipher the data. Conventional encryption methods are based on lengthy keys and higher number of rounds which are inefficient for low powered, small battery operated devices. Motivated by the success of lightweight encryption methods specially designed for IoT environment, herein an efficient method for video encryption is proposed. The proposed technique is based on a recently proposed encryption algorithm named Secure IoT (SIT), which utilizes P and Q functions of the KHAZAD cipher to achieve high encryption at low computation cost. Extensive simulations are performed to evaluate the efficacy of the proposed method and results are compared with Secure Force (SF-64) cipher. Under all conditions the proposed method achieved significantly improved results.

Cloud computing is a fast growing field that provides the user with resources like software, infrastructure and virtual hardware processing power. The steady rise of cloud computing in recent times allowed large companies and even individual users to move towards working with cloud storage systems. However, the risks of leakage of uploaded data in the cloud storage and the questions about the privacy of such systems are becoming a huge problem. Security incidents occur frequently everywhere around the world. Sometimes, data leak may occur at the server side by hackers for their own profit. Data being shared must be encrypted before outsourcing it to the cloud storage. Existing encryption/decryption systems utilize large computational power and have troubles managing the files. This paper introduces a file system that is a more efficient, virtual, with encryption/decryption scheme using parallel encryption. To make encryption and decryption of files easier, Parallel encryption is used in place of serial encryption which is integrated with Identity-Based Encryption in the file system. The proposed file system aims to secure files, reduce the chances of file stored in cloud storage getting leaked thus providing better security. The proposed file system, OutFS+, is more robust and secure than its predecessor, OutFS. Cloud outsourcing takes place faster and the files can be downloaded to the OutFS+ instance on the other side. Moreover, OutFS+ is secure since it is a virtual layer on the operating system and can be unmounted whenever the user wants to.