Biblio

Many applications use asymmetric cryptography to secure communications between two parties. One of the main issues with asymmetric cryptography is the need for vast amounts of computation and storage. While this may be true, elliptic curve cryptography (ECC) is an approach to asymmetric cryptography used widely in low computation devices due to its effectiveness in generating small keys with a strong encryption mechanism. The ECC decreases power consumption and increases device performance, thereby making it suitable for a wide range of devices, ranging from sensors to the Internet of things (IoT) devices. It is necessary for the ECC to have a strong implementation to ensure secure communications, especially when encoding a message to an elliptic curve. It is equally important for the ECC to secure the mapping of the message to the curve used in the encryption. This work objective is to propose a trusted and proofed scheme that offers authenticated encryption (AE) for both encoding and mapping a message to the curve. In addition, this paper provides analytical results related to the security requirements of the proposed scheme against several encryption techniques. Additionally, a comparison is undertaken between the SE-Enc and other state-of-the-art encryption schemes to evaluate the performance of each scheme.

Securing multi-party communication is very challenging particularly in dynamic networks. Existing multi-recipient cryptographic schemes pose variety of limitations. These include: requiring trust among all recipients to make an agreement, high computational cost for both encryption and decryption, and additional communication overhead when group membership changes. To overcome these limitations, this paper introduces a novel multi-recipient asymmetric cryptographic scheme, AMOUN. This scheme enables the sender to possibly send different messages in one ciphertext to multiple recipients to better utilize network resources, while ensuring that each recipient only retrieves its own designated message. Security analysis demonstrates that proposed scheme is secure against well-known attacks. Evaluation results demonstrate that lightweight AMOUN outperforms RSA and Multi-RSA in terms of computational cost for both encryption and decryption. For a given prime size, in case of encryption, AMOUN achieves 86% and 98% lower average computational cost than RSA and Multi-RSA, respectively; while for decryption, it shows performance improvement of 98% compared to RSA and Multi-RSA.

Cloud computing is a new promising technology paradigm that can provide clients from the whole network with scalable storage resources and on-demand high-quality services. However, security concerns are raised when sensitive data are outsourced. Searchable encryption is a kind of cryptographic primitive that enables clients to selectively retrieve encrypted data, the existing schemes that support for sub-linear boolean queries are only considered in symmetric key setting, which makes a limitation for being widely deployed in many cloud applications. In order to address this issue, we propose a novel searchable asymmetric encryption scheme to support for sub-linear boolean query over encrypted data in a multi-client model that is extracted from an important observation that the outsourced database in cloud is continuously contributed and searched by multiple clients. For the purpose of introducing the scheme, we combine both the ideas of symmetric searchable encryption and public key searchable encryption and then design a novel secure inverted index. Furthermore, a detailed security analysis for our scheme is given under the simulation-based security definition. Finally, we conduct experiments for our construction on a real dataset (Enron) along with a performance analysis to show its practicality.

In this paper, we establish a cryptographic primitive for wireless communications. An asymmetric physical layer encryption (PLE) scheme based on elliptic curve cryptography is proposed. Compared with the conventional symmetric PLE, asymmetric PLE avoids the need of key distribution on a private channel, and it has more tools available for processing complex-domain signals to confuse possible eavesdroppers when compared with upper-layer public key encryption. We use quantized information entropy to measure the constellation confusion degree. The numerical results show that the proposed scheme provides greater confusion to eavesdroppers and yet does not affect the bit error rate (BER) of the intended receiver (the information entropy of the constellation increases to 17.5 for 9-bit quantization length). The scheme also has low latency and complexity [O(N2.37), where N is a fixed block size], which is particularly attractive for implementation.

Due to the potential security problem about key management and distribution for the symmetric image encryption schemes, a novel asymmetric image encryption method is proposed in this paper, which is based on the elliptic curve ElGamal (EC-ElGamal) cryptography and chaotic theory. Specifically, the SHA-512 hash is first adopted to generate the initial values of a chaotic system, and a crossover permutation in terms of chaotic index sequence is used to scramble the plain-image. Furthermore, the generated scrambled image is embedded into the elliptic curve for the encrypted by EC-ElGamal which can not only improve the security but also can help solve the key management problems. Finally, the diffusion combined chaos game with DNA sequence is executed to get the cipher image. The experimental analysis and performance comparisons demonstrate that the proposed method has high security, good efficiency, and strong robustness against the chosen-plaintext attack which make it have potential applications for the image secure communications.

Based on the analysis of existing wireless sensor networks(WSNs) security vulnerability, combining the characteristics of high encryption efficiency of the symmetric encryption algorithm and high encryption intensity of asymmetric encryption algorithm, a hybrid encryption algorithm based on wireless sensor networks is proposed. Firstly, by grouping plaintext messages, this algorithm uses advanced encryption standard (AES) of symmetric encryption algorithm and elliptic curve encryption (ECC) of asymmetric encryption algorithm to encrypt plaintext blocks, then uses data compression technology to get cipher blocks, and finally connects MAC address and AES key encrypted by ECC to form a complete ciphertext message. Through the description and implementation of the algorithm, the results show that the algorithm can reduce the encryption time, decryption time and total running time complexity without losing security.

Aiming at the poor stability of traditional communication data encryption methods, a point-to-point encryption method of power system communication data based on block chain technology is studied and designed. According to the principle of asymmetric key encryption, the design method makes use of the decentralization and consensus mechanism of block chain technology to develop the public key distribution scheme. After the public key distribution is completed, the sender and receiver of communication data generate the transfer key and pair the key with the public key to realize the pairing between data points. Xor and modular exponentiation are performed on the communication data content, and prime Numbers are used to fill the content data block. The receiver decrypts the data according to the encryption identifier of the data content, and completes the design of the encryption method of communication data point to ground. Through the comparison with the traditional encryption method, it is proved that the larger the amount of encrypted data is, the more secure the communication data can be, and the stability performance is better than the traditional encryption method.

KP-ABE mechanism emerges as one of the most suitable security scheme for asymmetric encryption. It has been widely used to implement access control solutions. However, due to its expensive overhead, it is difficult to consider this cryptographic scheme in resource-limited networks, such as the IoT. As the cloud has become a key infrastructural support for IoT applications, it is interesting to exploit cloud resources to perform heavy operations. In this paper, a collaborative variant of KP-ABE named C-KP-ABE for cloud-based IoT applications is proposed. Our proposal is based on the use of computing power and storage capacities of cloud servers and trusted assistant nodes to run heavy operations. A performance analysis is conducted to show the effectiveness of the proposed solution.

Cloud Computing is the most promising paradigm in recent times. It offers a cost-efficient service to individual and industries. However, outsourcing sensitive data to entrusted Cloud servers presents a brake to Cloud migration. Consequently, improving the security of data access is the most critical task. As an efficient cryptographic technique, Ciphertext Policy Attribute Based Encryption(CP-ABE) develops and implements fine-grained, flexible and scalable access control model. However, existing CP-ABE based approaches suffer from some limitations namely revocation, data owner overhead and computational cost. In this paper, we propose a sliced revocable solution resolving the aforementioned issues abbreviated RS-CPABE. We applied splitting algorithm. We execute symmetric encryption with Advanced Encryption Standard (AES)in large data size and asymmetric encryption with CP-ABE in constant key length. We re-encrypt in case of revocation one single slice. To prove the proposed model, we expose security and performance evaluation.

Great numbers of embedded devices are performing safety critical operations, which means it is very important to keep them operating without interference. Update is the weak point that could be exploited by potential attackers to gain access to the system, sabotage it or to simply steal someone else's intellectual property. This paper presents an implementation of secure update process for embedded systems which prevents man-in-the-middle attacks. By using a combination of hash functions, symmetric and asymmetric encryption algorithms it demonstrates how to achieve integrity, authenticity and confidentiality of the update package that is sent to the target hardware. It covers implementation starting from key exchange, next explaining update package encryption process and then decryption on the target hardware. It does not go into a detail about specific encryption algorithms that could be used. It presents a generalized model for secure update that could be adjusted to specific needs.

The traditional logistics transaction lacks a perfect traceability mechanism, and the data information's integrity and safety are not guaranteed in the existing traceability system. In order to solve the problem of main body responsibility caused by the participation of many stakeholders and the uncompleted supervision system in the process of logistics service transaction, This paper proposes a traceability algorithm for logistics service transactions based on blockchain. Based on the logistics service supply chain and alliance chain, the paper firstly investigates the traditional logistics service supply chain, analyzes the existing problems, and combines the structural characteristics of the blockchain to propose a decentralized new logistics service supply chain concept model based on blockchain. Then, using Globe sandara 1 to standardize the physical products and data circulating in the new logistics service supply chain, form unified and standard traceable data, and propose a multi-dimensional traceable data model based on logistics service supply chain. Based on the proposed model, combined with the business process of the logistics service supply chain and asymmetric encryption, a blockchain-based logistics service transaction traceability algorithm is designed. Finally, the simulation results show that the algorithm realizes the end-to-end traceability of the logistics service supply chain, and the service transaction is transparent while ensuring the integrity and security of the data.

Ubiquitous Healthcare System (U-Healthcare) is a well-known application of wireless sensor networking (WSN). In this system, the sensors take less power for operating the function. As the data transfers between sensor and other stations is sensitive so there needs to provide a security scheme. Due to the low life of sensor nodes in Wireless Sensor Networks (WSN), asymmetric key based security (AKS) architecture is always considered as unsuitable for these types of networks. Several papers have been published in recent past years regarding how to incorporate AKS in WSN, Haque et al's Asymmetric key based Architecture (AKA) is one of them. But later it is found that this system has authentication problem and therefore prone to man-in-the-middle (MITM) attack, furthermore it is not a truly asymmetric based scheme. We address these issues in this paper and proposed a complete asymmetric approach using PEKS-PM (proposed by Pham in [8]) to remove impersonation attack. We also found some other vulnerabilities in the original AKA system and proposed solutions, therefore making it a better and enhanced asymmetric key based architecture.

The use of real-time video streaming is increasing day-by-day, and its security has become a serious issue now. Video encryption is a challenging task because of its large frame size. Video encryption can be done with symmetric key as well as asymmetric key encryption. Among different asymmetric key encryption technique, ECC performs better than other algorithms like RSA in terms of smaller key size and faster encryption and decryption operation. In this work, we have analyzed the performance of 18 different ECC curves and suggested some suitable curves for real-time video encryption.

Cryptography is a widespread technique that maintains information security over insecure networks. The symmetric encryption scheme provides a good security, but the key exchange is difficult on the other hand, in the asymmetric encryption scheme, key management is easier, but it does not offer the same degree of security compared to symmetric scheme. A hybrid cryptosystem merges the easiness of the asymmetric schemes key distribution and the high security of symmetric schemes. In the proposed hybrid cryptosystem, Serpent algorithm is used as a data encapsulation scheme and Elliptic Curve Cryptography (ECC) is used as a key encapsulation scheme to achieve key generation and distribution within an insecure channel. This modification is done to tackle the issue of key management for Serpent algorithm, so it can be securely used in multimedia protection.

Public key cryptography or asymmetric keys are widely used in the implementation of data security on information and communication systems. The RSA algorithm (Rivest, Shamir, and Adleman) is one of the most popular and widely used public key cryptography because of its less complexity. RSA has two main functions namely the process of encryption and decryption process. Digital Signature Algorithm (DSA) is a digital signature algorithm that serves as the standard of Digital Signature Standard (DSS). DSA is also included in the public key cryptography system. DSA has two main functions of creating digital signatures and checking the validity of digital signatures. In this paper, the authors compare the computational times of RSA and DSA with some bits and choose which bits are better used. Then combine both RSA and DSA algorithms to improve data security. From the simulation results, the authors chose RSA 1024 for the encryption process and added digital signatures using DSA 512, so the messages sent are not only encrypted but also have digital signatures for the data authentication process.

In this work NTRU-like cryptosystem NTRU Prime IIT Ukraine, which is created on the basis of existing cryptographic transformations end-to-end encryption type, is considered. The description of this cryptosystem is given and its analysis is carried out. Also, features of its implementation, comparison of the main characteristics and indicators, as well as the definition of differences from existing NTRU-like cryptographic algorithms are presented. Conclusions are made and recommendations are given.

Outsourcing the decryption of attribute-based encryption (ABE) ciphertext is a promising way to tackle the question of how users can perform decryption efficiently. However, existing solutions require the type of the target ciphertext to be determined at the setup of the outsourcing scheme. As such, making the target cryptosystems (or the clients) to be versatile becomes an issue that warrants investigations. In this paper, the problem we wish to tackle is to transform an ABE ciphertext to any client who is using the same, or possibly different, public-key encryption (PKE) system with the sender. The problem is of practical interest since it is hard to require all clients to use the same PKE, especially in the case of remote and cross-system data sharing. In addition, we also consider whether robust client-side decryption scheme can be adopted. This feature is not supported in the existing ABE with outsourcing. We introduce cross-system proxy re-encryptions (CS-PRE), a new re-encryption paradigm in which a semi-trusted proxy converts a ciphertext of a source cryptosystem (\$\textparagraphi\_0\$) into a ciphertext for a target cryptosystem (\$\textparagraphi\$). We formalize CS-PRE and present a construction that performs well in the following aspects. (1)Versatility: \$\textparagraphi\_0\$ can be any attribute-based encryption (ABE) within Attrapadung's pair encoding framework. \$\textparagraphi\$ can be any public-key encryption. Furthermore, the keys and public parameters can be generated independently. (2) Compatibility: CS-PRE does not modify the public parameters and keys of \$\textparagraphi\_0\$ and \$\textparagraphi\$. Besides, input for the conversion is an ordinary ciphertext of \$\textparagraphi\_0\$. (3) Efficiency: The computational cost for re-encryption and decryption of the re-encrypted ciphertext are roughly the same as a decryption in \$\textparagraphi\_0\$ and \$\textparagraphi\$ respectively. We prove that our construction is fully secure assuming \$\textparagraphi\_0\$ is secure in Attrapadung's framework and \$\textparagraphi\$ is IND-CPA secure. Furthermore, it remains secure when there are multiple target cryptosystems. As with other proxy re-encryption, CS-PRE enables flexible sharing of cloud data, as the owner can instruct the cloud server to re-encrypt his ciphertext to those for the intended recipient. In addition, it allows lightweight devices to enjoy access to remote data encrypted under powerful but possibly costly encryption, such as functional encryption, by utilizing the server's power in converting the ciphertext to a simpler encryption, such as RSA. Finally, instances of CS-PRE can be viewed as new proxy re-encryption schemes, such as a PRE supporting ABE for regular language to Hierarchical IBE or Doubly Spatial Encryption to lattice-based encryptions (e.g. NTRUCCA).

Fully homomorphic encryption (FHE) makes it easier for cloud computing to be consistent with privacy. But the efficiency of existing FHE schemes is still far from the actual needs. The main cause is that most of existing FHE schemes are single-bit encryption. Hiromasa, Abe and Okamoto (PKC 2015) reached the major milestone by constructing the first fully homomorphic encryption (FHE) scheme that encrypted message matrices (with single-bit matrices components) and supported homomorphic matrix addition and multiplication. In this paper, we propose a more efficient variant of Hiromasa, Abe and Okamoto with a lower factor noise-expansion factor for homomorphic multiplication from $\Theta$(poly(n)) to $\Theta$(1) and multi-bit matrices components.

With the recent explosion of data breaches and data misuse cases, there is more demand than ever for secure system designs that fundamentally tackle today's data trust models. One promising alternative to today's trust model is true end-to-end encryption without however compromising user experience nor data utility. Fully homomorphic encryption (FHE) provides a powerful tool in empowering users with more control over their data, while still benefiting from computing services of remote services, though without trusting them with plaintext data. However, due to the complexity of fully homomorphic encryption, it has remained reserved exclusively for a small group of domain experts. With our system Marble, we make FHE accessible to the broader community of researchers and developers. Marble takes away the complexity of setup and configuration associated with FHE schemes. It provides a familiar programming environment. Marble allows rapid feasibility assessment and development of FHE-based applications. More importantly, Marble benchmarks the overall performance of an FHE-based application, as part of the feasibility assessment. With real-world application case-studies, we show the practicality of Marble.

This study examines the secure transition for robotic surgery session. Surgeon sends set of instructions as data. The data is encapsulated with surgeon secure signature to conform surgeon identity. At the same time, patient information sends to the surgeon as a secure row of frames to estimate patient situation dependent on the real medical reports. Elliptic Curve Diffie-Hellman is use as an asymmetric encryption method. Here the session between surgeon console and interactive robot arm was achieved and supported with four secret keys. Two private keys are chosen on each side and two public keys are calculated from these private keys. These results indicate that the level of the security was improved by use asymmetric encryption rather than symmetric encryption. And by contributed four secret keys the patient information must be safer.

Recently, there has been a growing interest in using online technologies to design protocols for secure electronic voting. The main challenges include vote privacy and anonymity, ballot irrevocability and transparency throughout the vote counting process. The introduction of the blockchain as a basis for cryptocurrency protocols, provides for the exploitation of the immutability and transparency properties of these distributed ledgers. In this paper, we discuss possible uses of the blockchain technology to implement a secure and fair voting system. In particular, we introduce a secret share-based voting system on the blockchain, the so-called SHARVOT protocol1. Our solution uses Shamir's Secret Sharing to enable on-chain, i.e. within the transactions script, votes submission and winning candidate determination. The protocol is also using a shuffling technique, Circle Shuffle, to de-link voters from their submissions.

This paper proposes a new DNA cryptographic technique based on dynamic DNA encoding and asymmetric cryptosystem to increase the level of secrecy of data. The key idea is: to split the plaintext into fixed sized chunks, to encrypt each chunk using asymmetric cryptosystem and finally to merge the ciphertext of each chunk using dynamic DNA encoding. To generate chunks, characters of the plaintext are transformed into their equivalent ASCII values and split it into finite values. Now to encrypt each chunk, asymmetric cryptosystem is applied and the ciphertext is transformed into its equivalent binary value. Then this binary value is converted into DNA bases. Finally to merge each chunk, sufficient random strings are generated. Here to settle the required number of random strings, dynamic DNA encoding is exploited which is generated using Fibonacci series. Thus the use of finite chunks, asymmetric cryptosystem, random strings and dynamic DNA encoding increases the level of security of data. To evaluate the encryption-decryption time requirement, an empirical analysis is performed employing RSA, ElGamal and Paillier cryptosystems. The proposed technique is suitable for any use of cryptography.

Identity-Based Encryption (IBE) was introduced as an elegant concept for secure data exchange due to its simplified key management by specifically addressing the asymmetric key distribution problems in multi-user scenarios. In the context of ad-hoc network connections that are of particular importance in the emerging Internet of Things, the simple key discovery procedures as provided by IBE are very beneficial in many situations. In this work we demonstrate for the first time that IBE has become practical even for a range of embedded devices that are populated with low-cost ARM Cortex-M microcontrollers or reconfigurable hardware components. More precisely, we adopt the IBE scheme proposed by Ducas et al. at ASIACRYPT 2014 based on the RLWE problem for which we provide implementation results for two security levels on the aforementioned embedded platforms. We give evidence that the implementations of the basic scheme are efficient, as for a security level of 80 bits it requires 103 ms and 36 ms for encryption and decryption, respectively, on the smallest ARM Cortex-M0 microcontroller.

as data size is growing up, cloud storage is becoming more familiar to store a significant amount of private information. Government and private organizations require transferring plenty of business files from one end to another. However, we will lose privacy if we exchange information without data encryption and communication mechanism security. To protect data from hacking, we can use Asymmetric encryption technique, but it has a key exchange problem. Although Asymmetric key encryption deals with the limitations of Symmetric key encryption it can only encrypt limited size of data which is not feasible for a large amount of data files. In this paper, we propose a probabilistic approach to Pretty Good Privacy technique for encrypting large-size data, named as ``BigCrypt'' where both Symmetric and Asymmetric key encryption are used. Our goal is to achieve zero tolerance security on a significant amount of data encryption. We have experimentally evaluated our technique under three different platforms.

We introduce $μ$DTNSec, the first fully-implemented security layer for Delay/Disruption-Tolerant Networks (DTN) on microcontrollers. It provides protection against eavesdropping and Man-in-the-Middle attacks that are especially easy in these networks. Following the Store-Carry-Forward principle of DTNs, an attacker can simply place itself on the route between source and destination. Our design consists of asymmetric encryption and signatures with Elliptic Curve Cryptography and hardware-backed symmetric encryption with the Advanced Encryption Standard. $μ$DTNSec has been fully implemented as an extension to $μ$DTN on Contiki OS and is based on the Bundle Protocol specification. Our performance evaluation shows that the choice of the curve (secp128r1, secp192r1, secp256r1) dominates the influence of the payload size. We also provide energy measurements for all operations to show the feasibility of our security layer on energy-constrained devices.