Biblio

In view of the common edge computing-based cloud-side collaborative environment summary existing search key and authentication key sharing caused by data information leakage, this paper proposes a cryptographic search based on public key searchable encryption in an edge computing environment method, this article uses the public key to search for the characteristics of the encryption algorithm, and allows users to manage the corresponding private key. In the process of retrieval and execution, the security of the system can be effectively ensured through the secret trapdoor. Through the comparison of theoretical algorithms, the searchable encryption scheme in the edge computing environment proposed in this paper can effectively reduce the computing overhead on the user side, and complete the over-complex computing process on the edge server or the central server, which can improve the overall efficiency of encrypted search.

To improve efficiency of stegosystem on blockchain and balance the time consumption of Encode and Decode operations, we propose a new blockchain-based steganography scheme, called Keys as Secret Messages (KASM), where a codebook of mappings between bitstrings and public keys can be pre-calculated by both sides with some secret parameters pre-negotiated before covert communication. By applying properties of elliptic curves and pseudorandom number generators, we realize key derivation of codebook item, and we construct the stegosystem with provable security under chosen hiddentext attack. By comparing KASM with Blockchain Covert Channel (BLOCCE) and testing on Bitcoin protocol, we conclude that our proposed stegosystem encodes hiddentexts faster than BLOCCE does and can decode stegotexts in highly acceptable time. The balanced time consumption of Encode and Decode operations of KASM make it applicable in the scene of duplex communication. At the same time, KASM does not leak sender’s private keys, so sender’s digital currencies can be protected.

Nowadays , cloud -based technology has been enlarged depends on the human necessities in the world. A lot of technologies is discovered that serve the people in different ways of cloud -based security and best resource allocation. Cloud-based technology is the essential factor to the resources like hardware, software for effective resource utilization . The securing applications enabled security mechanism enables the vital role for cloud -based web security through the secured password. The violation of data by the unauthorized access of users concerns many web developers and application owners . Web security enables the cloud-based password management system that illustrates the data storage and the web passwords access through the "Cloud framework". Web security, End-to-end passwords , and all the browser -based passwords could belong to the analysis of web security . The aim is to enhance system security. Thus, sensitive data are sustained with security and privacy . In this paper , the proposed Password Management via cloud-based web security gets to attain . An efficient Double Layer Password Encryption (DLPE ) algorithm to enable the secured password management system . Text -based passwords continue to be the most popular method of online user identification . They safeguard internet accounts with important assets against harmful attempts on passwords. The security of passwords is dependent on the development of strong passwords and keeping them from being stolen by intruders . The proposed DLPE algorithm perceived the double - layer encryption system as an effective security concern. When the data user accesses the user Login , the OTP generates via mail /SMS , and the original message is encrypted using public key generation. Then the text of data gets doubly encrypted through the cloud framework . The private key is used to decipher the cipher text . If the OTP gets matched , the text is to be decrypted over the text data . When double encryption happens , the detection of data flaws, malicious attacks , application hackers gets reduced and the strong password enabled double-layer encryption attained the secured data access without any malicious attackers . The data integrity , confidentiality enabled password management . The ability to manage a distributed systems policy like the Double Layer Password encryption technique enables password verification for the data used to highly secure the data or information.

Due to the computing capability limitation of the Internet of things devices in the perception layer, the traditional security solutions are difficult to be used directly. How to design a new lightweight, secure and reliable protocol suitable for the Internet of Things application environment, and realize the secure transmission of information among many sensing checkpoints is an urgent problem to be solved. In this paper, we propose a decentralized lightweight authentication key protocol based on the combination of public key and trusted computing technology, which is used to establish secure communication between nodes in the perception layer. The various attacks that the protocol may suffer are analyzed, and the formal analysis method is used to verify the security of the protocol. To verify the validity of the protocol, the computation and communication cost of the protocol are compared with the existing key protocols. And the results show that the protocol achieved the promised performance.

On the Internet, trust is difficult to obtain. With the rise of the possibility of obtaining gratis x509 certificates in an automated fashion, the use of TLS for establishing secure connections has significantly increased. However, other use cases, such as end-to-end encrypted messaging, do not yet have an easy method of managing trust in the public keys. This is particularly true for personal communication where two people want to securely exchange messages. While centralised solutions, such as Signal, exist, decentralised and federated protocols lack a way of conveniently and securely exchanging personal certificates. This paper presents a protocol and an implementation for certifying OpenPGP certificates. By offering multiple means of data transport protocols, it achieves robust and resilient certificate exchange between an attestee, the party whose key certificate is to be certified, and an attestor, the party who will express trust in the certificate once seen. The data can be transferred either via the Internet or via proximity-based technologies, i.e. Bluetooth or link-local networking. The former presents a challenge when the parties interested in exchanging certificates are not physically close, because an attacker may tamper with the connection. Our evaluation shows that a passive attacker learns nothing except the publicly visible metadata, e.g. the timings of the transfer while an active attacker can either have success with a very low probability or be detected by the user.

To break the data barrier of the information island and explore the value of data in the past few years, it has become a trend of uploading data to the cloud by data owners for data sharing. At the same time, they also hope that the uploaded data can still be controlled, which makes access control of cloud data become an intractable problem. As a famous cryptographic technology, ciphertext policy-based attribute encryption (CP-ABE) not only assures data confidentiality but implements fine-grained access control. However, the actual application of CP-ABE has its inherent challenge in attribute revocation. To address this challenge, we proposed an access control solution supporting attribute revocation in cloud computing. Unlike previous attribute revocation schemes, to solve the problem of excessive attribute revocation overhead, we use symmetric encryption technology to encrypt the plaintext data firstly, and then, encrypting the symmetric key by utilizing public-key encryption technology according to the access structure, so that only the key ciphertext is necessary to update when the attributes are revoked, which reduces the spending of ciphertext update to a great degree. The comparative analysis demonstrates that our solution is reasonably efficient and more secure to support attribute revocation and access control after data sharing.

Vehicular Ad Hoc Networks (VANETs) have the potential to improve road safety and reduce traffic congestion by enhancing sharing of messages about road conditions. Communication in VANETs depends upon a Public Key Infrastructure (PKI) that checks for message confidentiality, integrity, and authentication. One challenge that the PKI infrastructure does not eliminate is the possibility of malicious vehicles mounting a Distributed Denial of Service (DDoS) attack. We present a scheme that combines statistical modeling and machine learning techniques to detect and prevent blackhole attacks in a VANET environment.Simulation results demonstrate that on average, our model produces an Area Under The Curve (ROC) and Receiver Operating Characteristics (AUC) score of 96.78% which is much higher than a no skill ROC AUC score and only 3.22% away from an ideal ROC AUC score. Considering all the performance metrics, we show that the Support Vector Machine (SVM) and Gradient Boosting classifier are more accurate and perform consistently better under various circumstances. Both have an accuracy of over 98%, F1-scores of over 95%, and ROC AUC scores of over 97%. Our scheme is robust and accurate as evidenced by its ability to identify and prevent blackhole attacks. Moreover, the scheme is scalable in that addition of vehicles to the network does not compromise its accuracy and robustness.

Subscription permanent identifier has been concealed in the 5G systems by using the asymmetric encryption scheme as specified in standard 3GPP TS 33.501 to protect the subscriber privacy. The standardized scheme is however subject to the SUPI guess attack as the public key of the home network is publicly available. Moreover, it lacks the inherent mechanism to prevent SUCI replay attacks. In this paper, we propose three methods to enhance the security of the 3GPP scheme to thwart the SUPI guess attack and replay attack. One of these methods is suggested to be used to strengthen the security of the current subscriber protection scheme.

In some cases, the confidentiality of cryptographic algorithms used in digital communication is related to computational complexity mathematical problems, such as calculating the discrete logarithm, the knapsack problem, decomposing a composite number into prime divisors etc. This article describes the application of insolvability of factorization of a large composite number, and reviews previous work integer factorization using either the deterministic or the bio-inspired algorithms. This article focuses on the possibility of using bio-inspired methods to solve the problem of cryptanalysis of asymmetric encryption algorithms, which ones based on factorization of composite numbers. The purpose of this one is to reviewing previous work in integer factorization algorithms, developing a prototype of either the deterministic and the bio-inspired algorithm and the effectiveness of the developed algorithms and recommendations are made for future research paths.

The cipher-text homomorphism encryption algorithm (homomorphic encryption) are used for the cloud safe and to solve the integrity, availability and controllability of information. For homomorphic encryption, we, by Topsnut-gpw technique, design: degree-sequence homomorphisms and their inverses, degree-sequence homomorphic chain, graph-set homomorphism, colored degree-sequence matrices and every-zero Cds-matrix groups, degree-coinciding degree-sequence lattice, degree-joining degree-sequence lattice, as well as degree-sequence lattice homomorphism, since number-based strings made by Topsnut-gpws of topological coding are irreversible, and Topsnut-gpws can realize: one public-key corresponds two or more privatekeys, and more public-key correspond one or more private-keys for asymmetric encryption algorithm.

An emerging widely used technology cloud computing which a paddle of computing resources is available for the users. Through the internet-based the resources could be supplied to cloud consumers at their request but it is not directly active management by the user. This application-based software infrastructure can store data on remote serves, which can be accessed through the internet and a user who wants to access data stored in the cloud have to use an internet browser or cloud computing software. Data protection has become one of the significant issues in cloud computing when users must rely on their cloud providers for security purposes. In this article, a system that can embarrass the disclosure of the key for distributing a file that will assure security dispensing asymmetric key and sharing it among the cloud environment and user perform the integrity check themselves rather than using third-party services by using compression or hash function where the hash is created using a hash function and it was not mentioned in the previous paper. After the user receives the data every hash is compared with other hash values to check the differences of the data. The time-consumption of encryption and decryption of the data is calculated and compared with the previous paper and the experiment shows that our calculation took around 80% less time.

In an increasingly connected world where products are just a click away, there is a growing need for systems that seek to equip consumers with the necessary tools to identify misrepresented products. Sub-standard ingredients used in the production of sanitary towels can pose a serious health risk to the consumer. Informal retailers or Spaza-shops have been accused of selling counterfeit food products to unsuspecting consumers. In this paper, we propose a system that can be used by consumers to scan a quick response (QR) code printed on the product. Built into an android application, is a system that applies the RSA public key encryption algorithm to secure the data prior to encoding into the QR code. The proposed system is also responsible for updating location data of previous scans on a dedicated cloud database. Upon completion of a field test, having collected months of consumer data, counterfeit prediction can be improved. In addition, a timely warning can be sent to a customer and relevant authorities if a unique product batch number is scanned outside of an expected area.

Smart grid employs intelligent transmission and distribution networks for effective and reliable delivery of electricity. It uses fine-grained electrical measurements to attain optimized reliability and stability by sharing these measurements among different entities of energy management systems of the grid. There are many stakeholders like users, phasor measurement units (PMU), and other entities, with changing requirements involved in the sharing of the data. Therefore, data security plays a vital role in the correct functioning of a power grid network. In this paper, we propose an attribute-based encryption (ABE) for secure data sharing in Smart Grid architectures as ABE enables efficient and secure access control. Also, the access policy is obfuscated to preserve privacy. We use Linear Secret Sharing (LSS) Scheme for supporting any monotone access structures, thereby enhancing the expressiveness of access policies. Finally, we also analyze the security, access policy privacy and collusion resistance properties along with efficiency analysis of our cryptosystem.

The paper discusses a prototype of a database, which can be used for operation in a decentralized mode for an information system. In this project, the focus is on creation of a data structure model that provides flexibility of business processes. The research is based on the development of a model for decentralized access rights distribution by including users in groups where they are assigned similar roles using consensus of other group members. This paper summarizes the main technologies that were used to ensure information security of the decentralized storage, the mechanisms for fixing access rights to an object access (the minimum entity of the system), describes a process of the data access control at the role level and an algorithm for managing the consensus for applying changes.

System-on-Chip (SoC) supply chain is widely acknowledged as a major source of security vulnerabilities. Potentially malicious third-party IPs integrated on the same Network-on-Chip (NoC) with the trusted components can lead to security and trust concerns. While secure communication is a well studied problem in computer networks domain, it is not feasible to implement those solutions on resource-constrained SoCs. In this paper, we present a lightweight anonymous routing protocol for communication between IP cores in NoC based SoCs. Our method eliminates the major overhead associated with traditional anonymous routing protocols while ensuring that the desired security goals are met. Experimental results demonstrate that existing security solutions on NoC can introduce significant (1.5X) performance degradation, whereas our approach provides the same security features with minor (4%) impact on performance.

The Extended Triple Diffie-Hellman (X3DH) protocol has been used for years as the basis of secure communication establishment among parties (i.e, humans and devices) over the Internet. However, such a protocol has several limits. It is typically based on a single trust third-party server that represents a single point of failure (SPoF) being consequently exposed to well- known Distributed Denial of Service (DDOS) attacks. In order to address such a limit, several solutions have been proposed so far that are often cost expensive and difficult to be maintained. The objective of this paper is to propose a BlockChain-Based X3DH (BCB-X3DH) protocol that allows eliminating such a SPoF, also simplifying its maintenance. Specifically, it combines the well- known X3DH security mechanisms with the intrinsic features of data non-repudiation and immutability that are typical of Smart Contracts. Furthermore, different implementation approaches are discussed to suits both human-to-human and device-to-device scenarios. Experiments compared the performance of both X3DH and BCB-X3DH.

Vehicular ad hoc networks (VANETs) ensure improvement in road safety and traffic management by allowing the vehicles and infrastructure that are connected to them to exchange safety messages. Due to the open wireless communication channels, security and privacy issues are a major concern in VANETs. A typical attack consists of a malicious third party intercepting, modifying and retransmitting messages. Heterogeneous vehicular communication in VANETs occurs when vehicles (only) or vehicles and other infrastructure communicate using different cryptographic techniques. To address the security and privacy issues in heterogeneous vehicular communication, some heterogeneous signcryption schemes have been proposed. These schemes simultaneously satisfy the confidentiality, authentication, integrity and non-repudiation security requirements. They however fail to properly address the efficiency with respect to the computational cost involved in unsigncrypting ciphertexts, which is often affected by the speeds at which vehicles travel in VANETs. In this paper, we propose an efficient conditional privacy-preserving hybrid signcryption (CPP-HSC) scheme that uses bilinear pairing to satisfy the security requirements of heterogeneous vehicular communication in a single logical step. Our scheme ensures the transmission of a message from a vehicle with a background of an identity-based cryptosystem (IBC) to a receiver with a background of a public-key infrastructure (PKI). Furthermore, it supports a batch unsigncryption method, which allows the receiver to speed up the process by processing multiple messages simultaneously. The security of our CPP-HSC scheme ensures the indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) under the intractability assumption of q-bilinear Diffie-Hellman inversion (q-BDHI) problem and the existential unforgeability against adaptive chosen message attack (EUF-CMA) under the intractability assumption of q-strong Diffie-Hellman (q-SDH) problem in the random oracle model (ROM). The performance analysis indicates that our scheme has an improvement over the existing related schemes with respect to the computational cost without an increase in the communication cost.

Development in the area of quantum technologies led to the appearance of first quantum computers. The threat of using a quantum computer for cryptanalysis requires wide implementing post-quantum security in computing algorithms and communication protocols. We evaluate the computational power of some existing quantum computers to illustrate the relevance of research in post-quantum security. One of the best ways to test post-quantum protocols is to embed them into some non-critical but widely-used sphere. Secure messaging is an excellent example of such an application. In the paper, we analyze the post-quantum security of well-known messaging specification Signal, which is considered to have high-security properties. The core of Signal specification is the Double Ratchet protocol. We notice and explain why it is not a post-quantum secure scheme. After that, we suggest some possible ways to improve the security features of Signal specification.

VSS (Verifiable Secret Sharing) protocols are used in a number of block-chain systems, such as Dfinity and Ouroboros to generate unpredicted random number flow, they can be used to determine the proposer list and the voting powers of the voters at each height. To prevent random numbers from being predicted and attackers from corrupting a sufficient number of participants to violate the underlying trust assumptions, updatable VSS protocol in distributed protocols is important. The updatable VSS universal setup is also a hot topic in zkSNARKS protocols such as Sonic [19]. The way that we make it updatable is to execute the share exchange process repeatedly on chain, this process is challenging to be implemented in asynchronous network model, because it involves the wrong shares and the complaints, it requires the participant has the same view towards the qualified key generators, we take this process on chain and rely on BFT consensus mechanism to solve this. The group secret is thus updatable on chain. This is an enhancement to Dfinity. Therefore, even if all the coefficients of the random polynomials of epoch n are leaked, the attacker can use them only in epoch n+2. And the threshold group members of the DKG protocol can be updated along with the updates of the staked accounts and nodes.

Vehicular Social Networks (VSNs) are expected to become a reality soon, where commuters having common interests in the virtual community of vehicles, drivers, passengers can share information, both about road conditions and their surroundings. This will improve transportation efficiency and public safety. However, social networking exposes vehicles to different kinds of cyber-attacks. This concern can be addressed through an efficient and secure key management framework. This study presents a Secure and Transparent Public-key Management (ST-PKMS) based on blockchain and notary system, but it addresses security and privacy challenges specific to VSNs. ST-PKMS significantly enhances the efficiency and trustworthiness of mutual authentication. In ST-PKMS, each vehicle has multiple short-lived anonymous public-keys, which are recorded on the blockchain platform. However, public-keys get activated only when a notary system notarizes it, and clients accept only notarized public-keys during mutual authentication. Compromised vehicles can be effectively removed from the VSNs by blocking notarization of their public-keys; thus, the need to distribute Certificate Revocation List (CRL) is eliminated in the proposed scheme. ST-PKMS ensures transparency, security, privacy, and availability, even in the face of an active adversary. The simulation and evaluation results show that the ST-PKMS meets real-time performance requirements, and it is cost-effective in terms of scalability, delay, and communication overhead.

Cloud federation is the evolution of modern cloud computing. It provides better resource-sharing, perfect resource-utilization, and load-balancing. However, the heterogeneity of security policies and configurations between cloud service providers makes it hard for users to totally trust them. Further, the severe impact of modern cloud attacks such as cross-side channels on federated environments is a major roadblock against such evolution. Securing users' capsules (Virtual Machines and containers) against cross-side channel attacks is considered as a big challenge to cloud service providers. Moving-target Defense (MtD) by live capsule migration was introduced as an effective mechanism to overcome such challenge. However, researchers noted that even with MtD, migrated capsules can still be tracked via routing information. In this paper, we propose a novel Blockchain-based routing mechanism to enable trace-resistant Moving-target Defence (BMtD) to enable anonymous live cross-cloud migrations of running capsules in federated cloud environments. Exploiting the Vulnerable, Exposed, Attacked, Recovered (VEAR) model, simulation results demonstrated the effectiveness of BMtD in minimizing viral attack dispersion.

RSA is a popular asymmetric key algorithm with two keys scheme, a public key for encryption and private key for decryption. RSA has weaknesses in encryption and decryption of data, including slow in the process of encryption and decryption because it uses a lot of number generation. The reason is RSA algorithm can work well and is resistant to attacks such as brute force and statistical attacks. in this paper, it aims to strengthen the scheme by combining RSA with the One Time Pad algorithm so that it will bring up a new design to be used to enhance security on two-factor authentication. Contribution in this paper is to find a new scheme algorithm for an enhanced scheme of RSA. One Time Pad and RSA can combine as well.

Modern learning systems, say a tutoring platform, has many characteristics like digital data presentation with interactivity, mobility, which provides information about the study-content as per the learners understanding levels, intelligent learners behavior, etc. A sophisticated ubiquitous learner system maintains security and monitors the mischievous behavior of the learner, and authenticates and authorizes every learner, which is quintessential. Some of the existing security schemes aim only at single entry-point authentication, which may not suit to ubiquitous tutor platform. We propose a secured authentication scheme which is based on the information utility of the learner. Whenever a learner moves into a tutor platform, which has ubiquitous learner system technology, the system at first-begins with learners' identity authentication, and then it initiates trust evaluation after the successful authentication of the learner. Periodic credential verification of the learner will be carried out, which intensifies the authentication scheme of the system proposed. BAN logic has been used to prove the authentication in this system. The proposed authentication scheme has been simulated and analyzed for the indoor tutor platform environment.

With the rapid technological advancement of the universal internet of vehicles (UIoV), it becomes crucial to ensure safe and secure communication over the network, in an effort to achieve the implementation objective of UIoV effectively. A UIoV is characterized by highly dynamic topology, scalability, and thus vulnerable to various types of security and privacy attacks (i.e., replay attack, impersonation attack, man-in-middle attack, non-repudiation, and modification). Since the components of UIoV are constrained by numerous factors (e.g., low memory devices, low power), which makes UIoV highly susceptible. Therefore, existing schemes to address the privacy and security facets of UIoV exhibit an enormous scope of improvement in terms of time complexity and efficiency. This paper presents a lightweight authentication and batch verification scheme (LABVS) for UIoV using a bilinear map and cryptographic operations (i.e., one-way hash function, concatenation, XOR) to minimize the rate of message loss occurred due to delay in response time as in single message verification scheme. Subsequently, the scheme results in a high level of security and privacy. Moreover, the performance analysis substantiates that LABVS minimizes the computational delay and has better performance in the delay-sensitive network in terms of security and privacy as compared to the existing schemes.

Ensuring secure transmission over the communication channel is a fundamental responsibility to achieve the implementation objective of universal internet of vehicles (UIoV) efficiently. Characteristics like highly dynamic topology and scalability of UIoV makes it more vulnerable to different types of privacy and security attacks. Considerable scope of improvement in terms of time complexity and performance can be observed within the existing schemes that address the privacy and security aspects of UIoV. In this paper, we present an improvised authentication and lightweight batch verification method for security and privacy in UIoV. The suggested method reduces the message loss rate, which occurred due to the response time delay by implementing some low-cost cryptographic operations like one-way hash function, concatenation, XOR, and bilinear map. Furthermore, the performance analysis proves that the proposed method is more reliable that reduces the computational delay and has a better performance in the delay-sensitive network as compared to the existing schemes. The experimental results are obtained by implementing the proposed scheme on a desktop-based configuration as well as Raspberry Pi 4.