Biblio

Recently, placing vehicles in the parking area is becoming a problem. A smart parking system is proposed to solve the problem. Most smart parking systems have a centralized system, wherein that type of system is at-risk of single-point failure that can affect the whole system. To overcome the weakness of the centralized system, the most popular mechanism that researchers proposed is blockchain. If there is no mechanism implemented in the blockchain to verify the authenticity of every transaction, then the system is not secure against impersonation attacks. This study combines blockchain mechanism with Ring Learning With Errors (RLWE) based digital signature for securing the scheme against impersonation and double-spending attacks. RLWE was first proposed by Lyubashevsky et al. This scheme is a development from the previous scheme Learning with Error or LWE.

The rapid development of technology, makes it easier for everyone to exchange information and knowledge. Exchange information via the internet is threatened with security. Security issues, especially the issue of the confidentiality of information content and its authenticity, are vital things that must protect. Peculiarly for agencies that often hold activities that provide certificates in digital form to participants. Digital certificates are digital files conventionally used as proof of participation or a sign of appreciation owned by someone. We need a security technology for certificates as a source of information known as cryptography. This study aims to validate and authenticate digital certificates with digital signatures using SHA-256, DSA, and 3DES. The use of the SHA-256 hash function is in line with the DSA method and the implementation of 3DES which uses 2 private keys so that the security of digital certificate files can be increased. The pixel changes that appear in the MSE calculation have the lowest value of 7.4510 and the highest value of 165.0561 when the file is manipulated, it answers the security of the proposed method is maintained because the only valid file is the original file.

The paper presents the concept of the association of digital signature technology with the currently trending blockchain technology for providing a mechanism which would detect any dubious data and store it in a place where it could be secure for the long term. The features of blockchain technology perfectly complement the requirements of the educational fields of today's world. The growing trend of digital certificate usage makes it easier for a dubious certificate to existing, among the others hampering the integrity of professional life. Association of hash key and a time stamp with a digital document would ensure that a third person does not corrupt the following certificate. The blockchain ensures that after verification, nobody else misuses the data uploaded and keeps it safe for a long time. The information from the blockchain can be retrieved at any moment by the user using the unique id associated with every user.

This is the time of internet, and we are communicating our confidential data over internet in daily life. So, it is necessary to check the authenticity in communication to stop non-repudiation, of the sender. We are using the digital signature for stopping the non-repudiation. There are many versions of digital signature are available in the market. But in every algorithm, we are sending the original message and the digest message to the receiver. Hence, there is no security applied on the original message. In this paper we are proposed an algorithm which can secure the original and its integrity. In this paper we are using the RSA algorithm as the encryption and decryption algorithm, and SHA256 algorithm for making the hash.

As the demand for effective information protection grows, security has become the primary concern in protecting such data from attackers. Cryptography is one of the methods for safeguarding such information. It is a method of storing and distributing data in a specific format that can only be read and processed by the intended recipient. It offers a variety of security services like integrity, authentication, confidentiality and non-repudiation, Malicious. Confidentiality service is required for preventing disclosure of information to unauthorized parties. In this paper, there are no ideal hash functions that dwell in digital signature concepts is proved.

A digital signature is a type of asymmetric cryptography that is used to ensure that the recipient receives the actual received message from the intended sender. Problems that often arise conventionally when requiring letter approval from the authorized official, and the letter concerned is very important and urgent, often the process of giving the signature is hampered because the official concerned is not in place. With these obstacles, the letter that should be distributed immediately becomes hampered and takes a long time in terms of signing the letter. The purpose of this study is to overcome eavesdropping and data exchange in sending data using Digital Signature as authentication of data authenticity and minimizing fake signatures on letters that are not made and authorized by relevant officials based on digital signatures stored in the database. This research implements the Rivest Shamir Adleman method. (RSA) as outlined in an application to provide authorization or online signature with Digital Signature. The results of the study The application of the Rivest Shamir Adleman (RSA) algorithm can run on applications with the Digital Signature method based on ISO 9126 testing by expert examiners, and the questionnaire distributed to users and application operators obtained good results from an average value of 79.81 based on the scale table ISO 9126 conversion, the next recommendation for encryption does not use MD5 but uses Bcrypt secure database to make it stronger.

Currently in El Salvador, efforts are being made to implement the digital signature and as part of this technology, a Public Key Infrastructure (PKI) is required, which must validate Certificate Authorities (CA). For a CA, it is necessary to implement the software that allows it to manage digital certificates and perform security procedures for the execution of cryptographic operations, such as encryption, digital signatures, and non-repudiation of electronic transactions. The present work makes a proposal for a digital certificate management system according to the Digital Signature Law of El Salvador and secure cryptography standards. Additionally, a security discussion is accomplished.

While Smart contracts are agreements stored on Blockchain, NFTs are representation of digital assets encoded as Smart Contracts. The uniqueness of a Non-Fungible Token (NFT) is established through the digital signature of the creator/owner that should be authenticatable and verifiable over a long period of time. This requires possession of assured identities by the entities involved in such transactions, and support for long-term validation, which may pave the way for gaining support from legal systems. Public Key Infrastructure (PKI) is a trusted ecosystem that can assure the identity of an entity, including human users, domain names, devices etc. In PKI, a digital certificate assures the identity by chaining and anchoring to a trusted root, which is currently not the case in Smart Contracts and NFTs. The storage of the digital assets in decentralized nodes need to be assured for availability for a long period of time. This invariably depends on the sustenance of the underlying network that requires monitoring and auditing for assurance. In this paper, we discuss the above challenges in detail and bring out the intricate issues. We also bust the myth that decentralized trust models are flawless and incident free and also indicate that over time, they tend to centralize for optimality. We then present our proposals, and structures that leverages the existing Public Key Infrastructure systems, with mechanisms for creating an environment for reliable Smart Contracts and NFTs.

This paper proposes a lightweight digital signing scheme for supporting document signing on mobile devices connected to cloud computing. We employ elliptic curve (ECC) digital signature algorithm (ECDSA) for key pair generation done at mobile device and introduce outsourced proxy (OSP) to decrypt the encrypted file and compute hash value of the files stored in the cloud system. In our model, a mobile client invokes fixed-sized message digests to be signed with a private key stored in the device and produces the digital signature. Then, the signature is returned to the proxy for embedding it onto the original file. To this end, the trust between proxy and mobile devices is guaranteed by PKI technique. Based on the lightweight property of ECC and the modular design of our OSP, our scheme delivers the practical solution that allows mobile users to create their own digital signatures onto documents in a secure and efficient way. We also present the implementation details including system development and experimental evaluation to demonstrate the efficiency of our proposed system.

Current cryptographic solutions used in information technologies today like Transport Layer Security utilize algorithms with underlying computationally difficult problems to solve. With the ongoing research and development of quantum computers, these same computationally difficult problems become solvable within reasonable (polynomial) time. The emergence of large-scale quantum computers would put the integrity and confidentiality of today’s data in jeopardy. It then becomes urgent to develop, implement, and test a new suite of cybersecurity measures against attacks from a quantum computer. This paper explores, understands, and evaluates this new category of cryptosystems as well as the many tradeoffs among them. All the algorithms submitted to the National Institute of Standards and Technology (NIST) for standardization can be categorized into three major categories, each relating to the new underlying hard problem: namely error code correcting, algebraic lattices (including ring learning with errors), and supersingular isogenies. These new mathematical hard problems have shown to be resistant to the same type of quantum attack. Utilizing hardware clock cycle registers, the work sets up the benchmarks of the four Round 3 NIST algorithms in two environments: cloud computing and embedded system. As expected, there are many tradeoffs and advantages in each algorithm for applications. Saber and Kyber are exceedingly fast but have larger ciphertext size for transmission over a wire. McEliece key size and key generation are the largest drawbacks but having the smallest ciphertext size and only slightly decreased performance allow a use case where key reuse is prioritized. NTRU finds a middle ground in these tradeoffs, being better than McEliece performance wise and better than Kyber and Saber in ciphertext size allows for a use case of highly varied environments, which need to value speed and ciphertext size equally. Going forward, the benchmarking system developed could be applied to digital signature, another vital aspect to a cryptosystem.

Mobile devices have been widely used to deploy security-sensitive applications such as mobile payments, mobile offices etc. SM2 digital signature technology is critical in these applications to provide the protection including identity authentication, data integrity, action non-repudiation. Since mobile devices are prone to being stolen or lost, several server-aided SM2 cooperative signature schemes have been proposed for the mobile scenario. However, existing solutions could not well fit the high-concurrency scenario which needs lightweight computation and communication complexity, especially for the server sides. In this paper, we propose a SM2 cooperative signature algorithm (SM2-CSA) for the high-concurrency scenario, which involves only one-time client-server interaction and one elliptic curve addition operation on the server side in the signing procedure. Theoretical analysis and practical tests shows that SM2-CSA can provide better computation and communication efficiency compared with existing schemes without compromising the security.

In this fifth generation of vehicular communication, the security against various malicious attacks are achieved by using malicious vehicles identification and trust management (MAT) algorithm. Basically, the proposed MAT algorithm performs in two dimensions, they are (i) Node trust and (ii) information trust accompanied with a digital signature and hash chain concept. In node trust, the MAT algorithm introduces the special form of key exchanging algorithm to every members of public group key, and later the vehicles with same target location are formed into cluster. The public group key is common for each participant but everyone maintain their own private key to produce the secret key. The proposed MAT algorithm, convert the secrete key into some unique form that allows the CMs (cluster members) to decipher that secrete key by utilizing their own private key. This key exchanging algorithm is useful to prevent the various attacks, like impersonate attack, man in middle attack, etc. In information trust, the MAT algorithm assigns some special nodes (it has common distance from both vehicles) for monitoring the message forwarding activities as well as routing behavior at particular time. This scheme is useful to predict an exact intruder and after time out the special node has dropped all the information. The proposed MAT algorithm accurately evaluates the trustworthiness of each node as well as information to control different attacks and become efficient for improving a group lifetime, stability of cluster, and vehicles that are located on their target place at correct time.

In Indonesia, there have been many certificates forgery happened. The lack of security system for the certificate and the difficulty in verification process toward the authenticity certificate become the main factor of the certificate forgery cases happen. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The application is built in web system to facilitate the user to access it everywhere and any time. This research uses Research and Development method for problem analysis and to develop application using Software Development Life Cycle method with waterfall approach. Black box testing is chosen as testing method for each function in this system. The result of this research is creatcate application that’s designed to support the publishing and the verification of the electronic authenticity certificate by online. There are two main schemes in system: the scheme in making e-certificate and the scheme of verification QR Code. There is the electronic professional certificate application by applying digital signature and QR Code. It can publish e-certificate that can prevent from criminal action such certificate forgery, that’s showed in implementation and can be proven in test.

Quick response (QR) codes are currently used ubiq-uitously. Their interaction protocol design is initially unsecured. It forces users to scan QR codes, which makes it harder to differentiate a genuine code from a malicious one. Intruders can change the original QR code and make it fake, which can lead to phishing websites that collect sensitive data. The interaction model can be improved and made more secure by adding some modifications to the backend side of the application. This paper addresses the vulnerabilities of QR codes and recommends improvements in security design. Furthermore, two state-of-the-art algorithms, Digital Signature (DS) and Elliptic Curve Digital Signature (ECDS), are analytically compared to determine their strengths in QR code security.

Post-quantum digital signature is a critical primitive of computer security in the era of quantum hegemony. As a finalist of the post-quantum cryptography standardization process, the theoretical security of the CRYSTALS-Dilithium (Dilithium) signature scheme has been quantified to withstand classical and quantum cryptanalysis. However, there is an inherent power side-channel information leakage in its implementation instance due to the physical characteristics of hardware.This work proposes an efficient non-profiled Correlation Power Analysis (CPA) strategy on Dilithium to recover the secret key by targeting the underlying polynomial multiplication arithmetic. We first develop a conservative scheme with a reduced key guess space, which can extract a secret key coefficient with a 99.99% confidence using 157 power traces of the reference Dilithium implementation. However, this scheme suffers from the computational overhead caused by the large modulus in Dilithium signature. To further accelerate the CPA run-time, we propose a fast two-stage scheme that selects a smaller search space and then resolves false positives. We finally construct a hybrid scheme that combines the advantages of both schemes. Real-world experiment on the power measurement data shows that our hybrid scheme improves the attack’s execution time by 7.77×.

In cyberspace, a digital signature is a mathematical technique that plays a significant role, especially in validating the authenticity of digital messages, emails, or documents. Furthermore, the digital signature mechanism allows the recipient to trust the authenticity of the received message that is coming from the said sender and that the message was not altered in transit. Moreover, a digital signature provides a solution to the problems of tampering and impersonation in digital communications. In a real-life example, it is equivalent to a handwritten signature or stamp seal, but it offers more security. This paper proposes a scheme to enable users to digitally sign their communications by validating their identity through users’ mobile devices. This is done by utilizing the user’s ambient Wi-Fi-enabled devices. Moreover, the proposed scheme depends on something that a user possesses (i.e., Wi-Fi-enabled devices), and something that is in the user’s environment (i.e., ambient Wi-Fi access points) where the validation process is implemented, in a way that requires no effort from users and removes the "weak link" from the validation process. The proposed scheme was experimentally examined.

With the advancement in the growth of Internet-of-Things (IoT), its number of applications has also increased such as in healthcare, smart cities, vehicles, industries, household appliances, and Smart Grids (SG). One of the major applications of IoT is the SG and smart meter which consists of a large number of internet-connected sensors and can communicate bi-directionally in real-time. The SG network involves smart meters, data collectors, generators, and sensors connected with the internet. SG networks involve the generation, distribution, transmission, and consumption of electrical power supplies. It consists of Household Area Network (HAN), and Neighborhood Area Network (NAN) for communication. Smart meters can communicate bidirectionally with consumers and provide real-time information to utility offices. But this communication channel is a wide-open network for data transmission. Therefore, it makes the SG network and smart meter vulnerable to outside hacker and various Cyber-Physical System (CPS) attacks such as False Data Injection (FDI), inserting malicious data, erroneous data, manipulating the sensor reading values. Here cryptography techniques can play a major role along with the private blockchain model for secure data transmission in smart meters. Hence, to overcome these existing issues and challenges in smart meter communication we have proposed a blockchain-based system model for secure communication along with a novel Advanced Elliptic Curve Cryptography Digital Signature (AECCDS) algorithm in Fog Computing (FC) environment. Here FC nodes will work as miners at the edge of smart meters for secure and real-time communication. The algorithm is implemented using iFogSim, Geth version 1.9.25, Ganache, Truffle for compiling smart contracts, Anaconda (Python editor), and ATOM as language editor for the smart contracts.

Digital signature is more appropriate for message security in Wireless Sensors Networks (WSNs), which is energy-limited, than costly encryption. However, it meets with difficulty of verification when a large amount of message-signature pairs swarm into the central node in WSNs. In this paper, a scalable group testing algorithm based on Latin square (SGTLS) is proposed, which focus on both batch verification of signatures and invalid signature identification. To address the problem of long time-delay during individual verification, we adapt aggregate signature for batch verification so as to judge whether there are any invalid signatures among the collection of signatures once. In particular, when batch verification fails, an invalid signature identification algorithm is presented based on scalable OR-checking matrix of Latin square, which can adjust the number of group testing by itself with the variation of invalid signatures. Comprehensive analyses show that SGTLS has more advantages, such as scalability, suitability for parallel computing and flexible design (Latin square is popular), than other algorithm.

With the rapid advancements in information technology, data security has become an indispensable component. Cryptography performs a significant role in establishing information security. Computational problems have been utilized extensively by cryptographers to construct digital signature schemes. Digital signature schemes offer security services such as confidentiality, authenticity, integrity, and non-repudiation of a message. This paper proposes a modification of the Dilithium signature scheme that is secure against unforgeability attack based on the hardness of lattice problems such as Learning With Errors and Short Integer Solution over lattices. Using the rejection sampling technique, data is sampled from a uniform distribution to generate keys that are expanded into a matrix. The keys are hashed and signed by the sender to generate a message, which is then accepted by the receiver upon verification. Finally, the security analysis for the proposed signature scheme is provided with a strong emphasis on the security of the secret key. We prove that the attacker cannot forge a signature on a message, and recommended parameters are proposed.

Signatures are used on documents as written proof that the document was verified by the person indicated. Signature also indicated that the document originated from the signer if the document is transferred to another party. A document maybe in physical print form but may also be a digital print. A digital print requires additional security since a digital document may easily be altered by anyone although the said document is signed using a photographed or scanned signature. One of the means of security is by using the RSA Digital Signature method which is a combination of the RSA algorithm with Digital Signature. RSA algorithm is one of the public key cryptography algorithms, while Digital Signature is a security scheme which may guarantee the authenticity, non-repudiation, and integrity of a file by means of a hash function. This research implemented a web-based combination of RSA Digital Signature with SHA-3 hash function to secure the integrity of PDF files using PHP programming language. The result is a web-based system which could guarantee the authenticity, non repudiation and integrity of PDF files. Testing were carried out on six different sizes of PDF files ranging from 6 KB, up to 23285 KB on three different web browsers: Google Chrome, Microsoft Edge, and Mozilla Firefox. Average processing times of signing and verifying on each browsers were 1.3309 seconds, 1.2565 seconds, and 1.2667 seconds.

SM9 is an identity-based cryptography algorithm published by the State Cryptography Administration of China. With SM9, a user's private key for signing is generated by a central system called key generation center (KGC). When the owner of the private key wants to shirk responsibility by denying that the signature was generated by himself, he can claim that the operator of KGC forged the signature using the generated private key. To address this issue, in this paper, two schemes of SM9 digital signature with non-repudiation are proposed. With the proposed schemes, the user's private key for signing is collaboratively generated by two separate components, one of which is deployed in the private key service provider's site while the other is deployed in the user's site. The private key can only be calculated in the user's site with the help of homomorphic encryption. Therefore, only the user can obtain the private key and he cannot deny that the signature was generated by himself. The proposed schemes can achieve the non-repudiation of SM9 digital signature.

This paper presents an overhead analysis of the use of digital signature mechanisms in the Message Queue Telemetry Transport (MQTT) protocol for three classes of constrained-device. Because the resources provided by constrained-devices are very limited, the purpose of this overhead analysis is to help find out the advantages and disadvantages of each class of constrained-devices after a security mechanism has been applied, namely by applying a digital signature mechanism. The objective of using this digital signature mechanism is for providing integrity, that if the payload sent and received in its destination is still original and not changed during the transmission process. The overhead analysis aspects performed are including analyzing decryption time, signature verification performance, message delivery time, memory and flash usage in the three classes of constrained-device. Based on the overhead analysis result, it can be seen that for decryption time and signature verification performance, the Class-2 device is the fastest one. For message delivery time, the smallest time needed for receiving the payload is Class-l device. For memory usage, the Class-2 device is providing the biggest available memory and flash.

We all are living in the digital era, where the maximum of the information is available online. The digital world has made the transfer of information easy and provides the basic needs of security like authentication, integrity, nonrepudiation, etc. But, with the improvement in security, cyber-attacks have also increased. Security researchers have provided many techniques to prevent these cyber-attacks; one is a Digital Signature (DS). The digital signature uses cryptographic key pairs (public and private) to provide the message's integrity and verify the sender's identity. The private key used in the digital signature is confidential; if attackers find it by using various techniques, then this can result in an attack. This paper presents a brief introduction about the digital signature and how it is vulnerable to a man-in-the-middle attack. Further, it discusses a technique to prevent this attack in the digital signature.

Data Transmission in network security is one of the most vital issues in today's communication world. The outcome of the suggested method is outlined over here. Enhanced security can be achieved by this method. The vigorous growth in the field of information communication has made information transmission much easier. But this type of advancement has opened up many possibilities of information being snooped. So, day-by-day maintaining of information security is becoming an inseparable part of computing and communication. In this paper, the authors have explored techniques that blend cryptography & steganography together. In steganography, information is kept hidden behind a cover image. In this paper, approaches for information hiding using both cryptography & steganography is proposed keeping in mind two considerations - size of the encrypted object and degree of security. Here, signature image information is kept hidden into cover image using private key of sender & receiver, which extracts the information from stego image using a public key. This approach can be used for message authentication, message integrity & non-repudiation purpose.

Digital signatures are suitable technology for public key encryption. Acceptance (non-repudiation) of digital messages and data origin authentication are one of the main usage of digital signature. Digital signature's security mainly depends on the keys (public and private). These keys are used to generate and validate digital signatures. In digital signature signing process is performed using signer's secret key. However, any attacker can present a blinded version of message encrypted with signer's public key and can get the original message. Therefore, this paper proposed a novel method to identify blinded version of digital signature. The proposed method has been tested mathematically and found to be more efficient to detect blind signatures.