Biblio

This paper analyzes the formalizations of information-theoretic security for the fundamental primitives in cryptography: symmetric-key encryption and key agreement. Revisiting the previous results, we can formalize information-theoretic security using different methods, by extending Shannon's perfect secrecy, by information-theoretic analogues of indistinguishability and semantic security, and by the frameworks for composability of protocols. We show the relationships among the security formalizations and obtain the following results. First, in the case of encryption, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy or a variant of information-theoretic indistinguishability is the strongest notion. Second, in the case of key agreement, there are significant gaps among the formalizations, and a certain type of relaxed perfect secrecy is the strongest notion. In particular, in both encryption and key agreement, the formalization of composable security is not stronger than any other formalizations. Furthermore, as an application of the relationships in encryption and key agreement, we simultaneously derive a family of lower bounds on the size of secret keys and security quantities required under the above formalizations, which also implies the importance and usefulness of the relationships.

The main objective of the Third Generation Partnership Project (3GPP) is to fulfill the increasing security demands of IoT-based applications with the evolution of Fifth Generation (5G) mobile telecommunication technology. In June 2018, the 3GPP has published the study report of the handover architecture and security functions of in 5G communication network. In this paper, we discuss the 5G handover key mechanism with its key hierarchy. In addition, the inter-gNB handover authentication mechanism in 5G communication network is analyzed and identify the security vulnerabilities such as false base-station attack, de-synchronization attack, key compromise, etc. In addition, the handover mechanism suffers from authentication complexity due to high signaling overhead. To overcome these problems, we recommend some countermeasures as pre-authentication of communication entities, delegation of authentication and predistribution of secret keys. This is first work in the 5G handover security analysis. We anticipate that the above security issues and key resilience problem can be avoided from the proposed solutions.

Digital microfluidic biochips (DMFBs) have become popular in the healthcare industry recently because of its lowcost, high-throughput, and portability. Users can execute the experiments on biochips with high resolution, and the biochips market therefore grows significantly. However, malicious attackers exploit Intellectual Property (IP) piracy and Trojan attacks to gain illegal profits. The conventional approaches present defense mechanisms that target either IP piracy or Trojan attacks. In practical, DMFBs may suffer from the threat of being attacked by these two attacks at the same time. This paper presents a comprehensive security system to protect DMFBs from IP piracy and Trojan attacks. We propose an authentication mechanism to protect IP and detect errors caused by Trojans with CCD cameras. By our security system, we could generate secret keys for authentication and determine whether the bioassay is under the IP piracy and Trojan attacks. Experimental results demonstrate the efficacy of our security system without overhead of the bioassay completion time.

The revelations of Snowden show that hardware and software of devices may corrupt users' machine to compromise the security in various ways. To address this concern, Mironov and Stephen-Davidowitz introduce the Cryptographic Reverse Firewall (CRF) concept that is able to resist the ex-filtration of secret information for some compromised machine (Eurocrypt 2015). There are some applications of CRF deployed in many cryptosystems, but less studied and deployed in Attribute-Based Encryption (ABE) field, which attracts a wide range of attention and is employed in real-world scenarios (i.e., data sharing in cloud). In this work, we focus how to give a CRF security protection for a multi-authority ABE scheme and hence propose a multi-authority key-policy ABE scheme with CRF (acronym, MA-KP-ABE-CRF), which supports attribute distribution and non-monotonic access structure. To achieve this, beginning with revisiting a MA-KP-ABE with non-trivial combining non-monotonic formula, we then give the randomness of ciphertexts and secret keys with reverse firewall and give formal security analysis. Finally, we give a simulation on our MA-KP-ABE-CRF system based on Charm library whose the experimental results demonstrate practical efficiency.

This paper investigates the problem of generating two secret keys (SKs) simultaneously over a five-terminal system with terminals labelled as 1, 2, 3, 4 and 5. Each of terminal 2 and terminal 3 wishes to generate an SK with terminal 1 over a public channel wiretapped by a passive eavesdropper. Terminal 4 and terminal 5 respectively act as a trusted helper and an untrusted helper to assist the SK generation. All the terminals observe correlated source sequences from discrete memoryless sources (DMS) and can exchange information over a public channel with no rate constraint that the eavesdropper has access to. Based on the considered model, key capacity region is fully characterized and a source coding scheme that can achieve the capacity region is provided. Furthermore, expression for key leakage rate is obtained to analyze the security performance of the two generated keys.

This paper provides a proof of concept for using SRAM based Physically Unclonable Functions (PUFs) to generate private keys for IoT devices. PUFs are utilized, as there is inadequate protection for secret keys stored in the memory of the IoT devices. We utilize a custom-made Arduino mega shield to extract the fingerprint from SRAM chip on demand. We utilize the concepts of ternary states to exclude the cells which are easily prone to flip, allowing us to extract stable bits from the fingerprint of the SRAM. Using the custom-made software for our SRAM device, we can control the error rate of the PUF to achieve an adjustable memory-based PUF for key generation. We utilize several fuzzy extractor techniques based on using different error correction coding methods to generate secret keys from the SRAM PUF, and study the trade-off between the false authentication rate and false rejection rate of the PUF.

Reconfigurable Scan Networks (RSNs) are a powerful tool for testing and maintenance of embedded systems, since they allow for flexible access to on-chip instrumentation such as built-in self-test and debug modules. RSNs, however, can be also exploited by malicious users as a side-channel in order to gain information about sensitive data or intellectual property and to recover secret keys. Hence, implementing appropriate counter-measures to secure the access to and data integrity of embedded instrumentation is of high importance. In this paper we present a novel hardware and software combined approach to ensure data privacy in IEEE Std 1687 (IJTAG) RSNs. To do so, both a secure IJTAG compliant plug-and-play instrument wrapper and a versatile software toolchain are introduced. The wrapper demonstrates the necessary architectural adaptations required when using a lightweight stream cipher, whereas the software toolchain provides a seamless integration of the testing workflow with stream cipher. The applicability of the method is demonstrated by an FPGA-based implementation. We report on the performance of the developed instrument wrapper, which is empirically shown to have only a small impact on the workflow in terms of hardware overhead, operational costs and test time overhead.

In autonomous driving, security issues from robotic and automotive applications are converging toward each other. A novel approach for deriving secret keys using a lightweight cipher in the firmware of low-end control units is introduced. By evaluating the method on a typical low-end automotive platform, we demonstrate the reusability of the cipher for message authentication. The proposed solution counteracts a known security issue in the robotics and automotive domain.

Key derivation from the physical layer features of the communication channels is a promising approach which can help the key management and security enhancement in communication networks. In this paper, we consider a key generation technique that quantizes the received signal phase to obtain the secret keys. We then study the effect of a jamming attack on this system. The jammer is an active attacker that tries to make a disturbance in the key derivation procedure and changes the phase of the received signal by transmitting an adversary signal. We evaluate the effect of jamming on the security performance of the system and show the ways to improve this performance. Our numerical results show that more phase quantization regions limit the probability of successful attacks.

The use of quantum mechanical signals in communication opens up the opportunity to build new communication systems that accomplishes tasks that communication with classical signals structures cannot achieve. Prominent examples are Quantum Key Distribution Protocols, which allows the generation of secret keys without computational assumptions of adversaries. Over the past decade, protocols have been developed that achieve tasks that can also be accomplished with classical signals, but the quantum version of the protocol either uses less resources, or leaks less information between the involved parties. The gap between quantum and classical can be exponential in the input size of the problems. Examples are the comparison of data, the scheduling of appointments and others. Until recently, it was thought that these protocols are of mere conceptual value, but that the quantum advantage could not be realized. We changed that by developing quantum optical versions of these abstract protocols that can run with simple laser pulses, beam-splitters and detectors. [1-3] By now the first protocols have been successfully implemented [4], showing that a quantum advantage can be realized. The next step is to find and realize protocols that have a high practical value.

Drones are increasingly being used as mobile data collectors for various monitoring services. However, since they may move around in unattended hostile areas with valuable data, they can be the targets of malicious physical/cyber attacks. These attacks may aim at stealing privacy-sensitive data, including secret keys, and eavesdropping on communications between the drones and the ground station. To detect tampered drones, a code attestation technique is required. However, since attestation itself does not guarantee that the data in the drones' memory are not leaked, data collected by the drones must be protected and secret keys for secure communications must not be leaked. In this paper, we present a solution integrating techniques for software-based attestation, data encryption and secret key protection. We propose an attestation technique that fills up free memory spaces with data repositories. Data repositories consist of pseudo-random numbers that are also used to encrypt collected data. We also propose a group attestation scheme to efficiently verify the software integrity of multiple drones. Finally, to prevent secret keys from being leaked, we utilize a technique that converts short secret keys into large look-up tables. This technique prevents attackers from abusing free space in the data memory by filling up the space with the look-up tables. To evaluate the integrated solution, we implemented it on AR.Drone and Raspberry Pi.

While the Internet of Things (IoT) is embraced as important tools for efficiency and productivity, it is becoming an increasingly attractive target for cybercriminals. This work represents the first endeavor to develop practical Puncturable Attribute Based Encryption schemes that are light-weight and applicable in IoTs. In the proposed scheme, the attribute-based encryption is adopted for fine grained access control. The secret keys are puncturable to revoke the decryption capability for selected messages, recipients, or time periods, thus protecting selected important messages even if the current key is compromised. In contrast to conventional forward encryption, a distinguishing merit of the proposed approach is that the recipients can update their keys by themselves without key re-issuing from the key distributor. It does not require frequent communications between IoT devices and the key distribution center, neither does it need deleting components to expunge existing keys to produce a new key. Moreover, we devise a novel approach which efficiently integrates attribute-based key and punctured keys such that the key size is roughly the same as that of the original attribute-based encryption. We prove the correctness of the proposed scheme and its security under the Decisional Bilinear Diffie-Hellman (DBDH) assumption. We also implement the proposed scheme on Raspberry Pi and observe that the computation efficiency of the proposed approach is comparable to the original attribute-based encryption. Both encryption and decryption can be completed within tens of milliseconds.

In this paper, a practical quantum public-key encryption model is proposed by studying the recent quantum public-key encryption. This proposed model makes explicit stipulations on the generation, distribution, authentication, and usage of the secret keys, thus forms a black-box operation. Meanwhile, this proposed model encapsulates the process of encryption and decryption for the users, and forms a blackbox client-side. In our models, each module is independent and can be replaced arbitrarily without affecting the proposed model. Therefore, this model has a good guiding significance for the design and development of the quantum public key encryption schemes.

SoCs implementing security modules should be both testable and secure. Oversights in a design's test structure could expose internal modules creating security vulnerabilities during test. In this paper, for the first time, we propose a novel automated security vulnerability analysis framework to identify violations of confidentiality, integrity, and availability policies caused by test structures and designer oversights during SoC integration. Results demonstrate existing information leakage vulnerabilities in implementations of various encryption algorithms and secure microprocessors. These can be exploited to obtain secret keys, control finite state machines, or gain unauthorized access to memory read/write functions.