Biblio

Identity based digital signature is an important research topic of public key cryptography, which can effectively guarantee the authentication, integrity and unforgeability of data. In this paper, a new fuzzy multi-identity based signature scheme is proposed. It is proved that the scheme is existentially unforgeable against adaptively chosen message attack, and the security of the signature scheme can be reduced to CDH assumption. The storage cost and the communication overhead are small, therefore the new fuzzy multi-identity based signature (FMIBS) scheme can be implemented efficiently.

Modular exponentiation (ME) is a complex operation for several public-key cryptosystems (PKCs). Moreover, ME is expensive for resource-constrained devices in terms of computation time and energy consumption, especially when the exponent is large. ME is defined as the task of raising an integer x to power k and reducing the result modulo some integer n. Several methods to calculate ME have been proposed. In this paper, we present the efficient ME methods. We then implement the methods using different security levels of RSA keys on a Raspberry Pi. Finally, we give the fast ME method.

We propose versatile hardware framework for ECC. The framework supports arithmetic operations over P-256, Ed25519 and Curve25519 curves, enabling easy implementation of various ECC algorithms. Framework finds its application area e.g. in FIDO2 attestation or in nowadays rapidly expanding field of hardware wallets. As the design is intended to be ASIC-ready, we designed it to be area efficient. Hardware units are reused for calculations in several finite fields, and some of them are superior to previously designed circuits in terms of time-area product. The framework implements several attack countermeasures. It enables implementation of certain countermeasures even in later stages of design. The design was validated on SoC FPGA.

While Smart contracts are agreements stored on Blockchain, NFTs are representation of digital assets encoded as Smart Contracts. The uniqueness of a Non-Fungible Token (NFT) is established through the digital signature of the creator/owner that should be authenticatable and verifiable over a long period of time. This requires possession of assured identities by the entities involved in such transactions, and support for long-term validation, which may pave the way for gaining support from legal systems. Public Key Infrastructure (PKI) is a trusted ecosystem that can assure the identity of an entity, including human users, domain names, devices etc. In PKI, a digital certificate assures the identity by chaining and anchoring to a trusted root, which is currently not the case in Smart Contracts and NFTs. The storage of the digital assets in decentralized nodes need to be assured for availability for a long period of time. This invariably depends on the sustenance of the underlying network that requires monitoring and auditing for assurance. In this paper, we discuss the above challenges in detail and bring out the intricate issues. We also bust the myth that decentralized trust models are flawless and incident free and also indicate that over time, they tend to centralize for optimality. We then present our proposals, and structures that leverages the existing Public Key Infrastructure systems, with mechanisms for creating an environment for reliable Smart Contracts and NFTs.

Recently, Ning et al. proposed the “CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage” in IEEE Transaction on Services Computing. This work provided two versatile ciphertext-policy attribute-based encryption (CP-ABE) schemes to achieve flexible access control on encrypted data, namely ATER-CP-ABE and ATIR-CP-ABE, both of which have attractive advantages, such as white-box malicious user traceability, semi-honest authority accountability, public auditing and user revocation. However, we find a bug of access control in both schemes, i.e., a non-revoked user with attribute set \$S\$ can decrypt the ciphertext \$ct\$ encrypted under any access policy \$(A,\textbackslashrho )\$, regardless of whether \$S\$ satisfies \$(A,\textbackslashrho )\$ or not. This paper carefully analyzes the bug, and makes an improvement on Ning's pioneering work, so as to fix it.

Modern IoT infrastructure consists of different sub-systems, devices, applications, platforms, varied connectivity protocols with distinct operating environments scattered across different subsystems within the whole network. Each of these subsystems of the global system has its peculiar computational and security challenges. A security loophole in one subsystem has a directly negative impact on the security of the whole system. The nature and intensity of recent cyber-attacks within IoT networks have increased in recent times. Blockchain technology promises several security benefits including a decentralized authentication mechanism that addresses almost readily the challenges with a centralized authentication mechanism that has the challenges of introducing a single point of failure that affects data and system availability anytime such systems are compromised. The different design specifications and the unique functional requirements for most IoT devices require a strong yet universal authentication mechanism for multimedia data that assures an additional security layer to IoT data. In this paper, the authors propose a decentralized authentication to validate data integrity at the IoT node level. The proposed mechanism guarantees integrity, privacy, and availability of IoT node data.

The Multivariate Polynomial Public Key (MPPK) algorithm, over a prime Galois field, takes a multiplier multivariate polynomial and two multiplicand univariate solvable polynomials to create two product multivariate polynomials. One of variables is for secret message and all others are for noises. The public key consists of all coefficients of the product multivariate polynomials, except the two constant terms for the message variable. The private key is made of both multiplicands. Encryption takes a list of random numbers, over the prime Galois field. The first number is the secret to exchange. The other random numbers generate noise automatically cancelled by decryption. The secret is easily extracted from the evaluation of a solvable equation. The level of security provided by MPPK is adaptable. The algorithm can be used in several different ways. In this paper, we review the performance achieved by MPPK for several combinations of polynomial configurations and Galois field sizes. For every combination, we calculated key generation time, encryption time and decryption time. We also compare the effectiveness of MPPK with the performance of all four NIST PQC finalists. For MPPK, the data has been collected from the execution of an implementation in Java. In comparison to the NIST PQC finalists, MPPK key generation, encryption and decryption performance is excellent.

What do we need to do to protect our personal information? IoT devices such as smartphones, smart watches, and home appliances are widespread. Encryption is required not only to prevent eavesdropping on communications but also to prevent information leakage from cloud services due to unauthorized access. Therefore, attention is being paid to fully homomorphic encryption (FHE) that allows addition and multiplication between ciphertexts. However, FHE with this convenient function has a drawback that the encryption requires huge volume of calculation and the ciphertext is large. Therefore, if FHE is used on a device with limited computational resources such as an IoT device, the load on the IoT device will be too heavy. In this research, we propose a system that can safely and effectively utilize data without imposing a load on IoT devices. In this system, somewhat homomorphic encryption (SHE), which is a lightweight cryptosystem compared with FHE, is combined with FHE. The results of the experiment confirmed that the load on the IoT device can be reduced to approximately 1/1400 compared to load of the system from previous research.

The design of public-key cryptography algorithm based on LWE hard problem is a hot topic in the field of post-quantum cryptography. In this paper, we design a new homomorphic encryption algorithm based on LWE problem. Firstly, to solve the problem that the existing encryption algorithms can only encrypt a single 0 or 1 bit, a new encryption algorithm based on LWE over integer is proposed, and its correctness and security are proved by theoretical analysis. Secondly, an additive homomorphism algorithm is constructed based on the algorithm, and the correctness of the algorithm is proved. The homomorphism algorithm can carry out multi-level homomorphism addition under certain parameters. Finally, the public key cryptography algorithm and homomorphic encryption algorithm are simulated through experiments, which verifies the correctness of the algorithm again, and compares the efficiency of the algorithm with existing algorithms. The experimental data shows that the algorithm has certain efficiency advantages.

The signcryption technique was first proposed by Y. Zheng, where two cryptographic operations digital signature and message encryption are made combinedly. We cryptanalyze the technique and observe that the signature and encryption become vulnerable if the forged public keys are used. This paper proposes an improvement using modified DSS (Digital Signature Standard) version of ElGamal signature and DHP (Diffie-Hellman key exchange protocol), and shows that the vulnerabilities in both the signature and encryption methods used in Zheng's signcryption are circumvented. DHP is used for session symmetric key establishment and it is combined with the signature in such a way that the vulnerabilities of DHP can be avoided. The security and performance analysis of our signcryption technique are provided and found that our scheme is secure and designed using minimum possible operations with comparable computation cost of Zheng's scheme.

Underwater wireless sensor network(UWSN) is an emerging technology for exploring and research inside the ocean. Since it is somehow similar to the normal wireless network, which uses radio signals for communication purposes, while UWSN uses acoustic for communication between nodes inside the ocean and sink nodes. Due to unattended areas and the vulnerability of acoustic medium, UWNS are more prone to various malicious attacks like Sybil attack, Black-hole attack, Wormhole attack, etc. This paper analyzes blackhole attacks in UWSN and proposes an algorithm to mitigate blackhole attacks by forming clusters of nodes and selecting coordinator nodes from each cluster to identify the presence of blackholes in its cluster. We used public-key cryptography and the challenge-response method to authenticate and verify nodes.

IPsec is widely used for internet security because it offers confidentiality, integrity, and authenticity also protects from replay attacks. IP Security depends on numerous frameworks, organization propels, and cryptographic techniques. IPsec is a heavyweight complex security protocol suite. Because of complex architecture and implementation processes, security implementers prefer TLS. Because of complex implementation, it is impractical to manage over the IoT devices. We propose a simplified and lite version of internet security protocol implemented with only ESP. For encryption, we use AES, RAS-RLP public key cryptography.

With the emergence and development of quantum computers, the traditional public-key cryptography (PKC) is facing the risk of being cracked. In order to resist quantum attacks and ensure long-term communication security, NIST launched a global collection of Post Quantum Cryptography (PQC) standards in 2016, and it is currently in the third round of selection. There are three Lattice-based PKC algorithms that stand out, and NTRU is one of them. In this article, we proposed the first complete and compact full hardware implementation of NTRU algorithm submitted in the third round. By using one structure to complete the design of the three types of complex polynomial multiplications in the algorithm, we achieved better performance while reducing area costs.

Signatures are used on documents as written proof that the document was verified by the person indicated. Signature also indicated that the document originated from the signer if the document is transferred to another party. A document maybe in physical print form but may also be a digital print. A digital print requires additional security since a digital document may easily be altered by anyone although the said document is signed using a photographed or scanned signature. One of the means of security is by using the RSA Digital Signature method which is a combination of the RSA algorithm with Digital Signature. RSA algorithm is one of the public key cryptography algorithms, while Digital Signature is a security scheme which may guarantee the authenticity, non-repudiation, and integrity of a file by means of a hash function. This research implemented a web-based combination of RSA Digital Signature with SHA-3 hash function to secure the integrity of PDF files using PHP programming language. The result is a web-based system which could guarantee the authenticity, non repudiation and integrity of PDF files. Testing were carried out on six different sizes of PDF files ranging from 6 KB, up to 23285 KB on three different web browsers: Google Chrome, Microsoft Edge, and Mozilla Firefox. Average processing times of signing and verifying on each browsers were 1.3309 seconds, 1.2565 seconds, and 1.2667 seconds.

Research on post-quantum cryptography (PQC) to improve the security against quantum computers has been actively conducted. In 2020, NIST announced the final PQC candidates whose design rationales rely on NP-hard or NP-complete problems. It is believed that cryptography based on NP-hard problem might be secure against attacks using quantum computers. N. Koblitz introduced the concept of public-key cryptography using a 3-regular graph with a perfect dominating set in the 1990s. The proposed cryptosystem is based on NP-complete problem to find a perfect dominating set in the given graph. Later, S. Yoon proposed a variant scheme using a perfect minus dominating function. However, their works have not received much attention since these schemes produce huge ciphertexts and are hard to implement efficiently. Also, the security parameters such as key size and plaintext-ciphertext size have not been proposed yet. We conduct security and performance analysis of their schemes and discuss the practical range of security parameters. As an application, the scheme with one-wayness property can be used as an encoding method in the white-box cryptography (WBC).

The Transient Public Key Infrastructure or T-PKI is introduced in this paper that allows a transactional approach to attestation, where a Trusted Platform Module (TPM) can stay anonymous to a verifier. In cloud computing and IoT environments, attestation is a critical step in ensuring that the environment is untampered with. With attestation, the verifier would be able to ascertain information about the TPM (such as location, or other system information) that one may not want to disclose. The addition of the Direct Anonymous Attestation added to TPM 2.0 would potentially solve this problem, but it uses the traditional RSA or ECC based methods. In this paper, a Lattice-based approach is used that is both quantum safe, and not dependent on creating a new key pair in order to increase anonymity.

This paper presents a decentralized messaging system based on blockchain technology. This system allows their users to securely send and receive digital messages in the network. Since the messages stored in a conventional blockchain could be easily read by everyone in the network, under the proposed approach these messages are previously encrypted using public-key cryptography, while the sender and recipient remain anonymous. The proposed system incorporates a browser-based user interface that enable their users to interact seamlessly in a peer-to-peer fashion.

Certificateless signcryption mechanism can not only provide security services, such as message integrity, non-repudiation and confidentiality, but also solve the problems of public key certificate management and key escrow. Zhou et al. proposed a certificateless signcryption mechanism without bilinear mapping and gave its security proof under the discrete logarithm problem and the computational Diffie Hellman problem in the random oracle model. However, the analysis show that this scheme has security flaws. That is, attackers can forge legitimate signatures of any messages. Finally, we give the specific attack process.

Modern cryptographic ransomware pose a severe threat to the security of individuals and organizations. Targeted ransomware attacks exhibit refinement in attack vectors owing to the manual reconnaissance performed by the perpetrators for infiltration. The result is an impenetrable lock on multiple hosts within the organization which allows the cybercriminals to demand hefty ransoms. Reliance on prevention strategies is not sufficient and a firm comprehension of implementation details is necessary to develop effective solutions that can thwart ransomware after preventative strategies have failed. Ransomware depend heavily on the abstraction offered by Windows APIs. This paper provides a detailed review of the common API calls in ransomware. We propose four classes of API calls that can be used for profiling and generating effective API call relationships useful in automated detection. Finally, we present counts and visualizations pertaining to API call extraction from real-world ransomware that demonstrate that even advanced variants from different families carry similarities in implementation.

As the unmanned aerial vehicle (UAV) can play a vital role to collect information remotely in a military battlefield, researchers have shown great interest to reveal the domain of internet of battlefield Things (IoBT). In a rescue mission on a battlefield, UAV can collect data from different regions to identify the casualty of a soldier. One of the major challenges in IoBT is to identify the soldier in a complex environment. Image processing algorithm can be helpful if proper methodology can be applied to identify the victims. However, due to the limited hardware resources of a UAV, processing task can be handover to the nearby edge computing server for offloading the task as every second is very crucial in a battlefield. Furthermore, to avoid any third-party interaction in the network and to store the data securely, blockchain can help to create a trusted network as it forms a distributed ledger among the participants. This paper proposes a UAV assisted casualty detection scheme based on image processing algorithm where data is protected using blockchain technology. Result analysis has been conducted to identify the victims on the battlefield successfully using image processing algorithm and network issues like throughput and delay has been analyzed in details using public-key cryptography.

In order to realize the security authentication of information transmission between vehicle nodes in the vehicular ad hoc network, based on the certificateless public key cryptosystem and aggregate signature, a privacy-protected certificateless aggregate signature scheme is proposed, which eliminates the complicated certificate maintenance cost. This solution also solves the key escrow problem. By Communicating with surrounding nodes through the pseudonym of the vehicle, the privacy protection of vehicle users is realized. The signature scheme satisfies the unforgeability of an adaptive selective message attack under a random prophetic machine. The scheme meets message authentication, identity privacy protection, resistance to reply attacks.

This article describes a new way to generate and distribute secret encryption keys, in which the processes of generating a public key and formicating a secret encryption key are performed in algebra with a parameter, the secrecy of which provides increased durability of the key.

Authenticating a person's identity has always been a challenge. While attempts are being made by government agencies to address this challenge, the citizens are being exposed to a new age problem of Identity management. The sharing of photocopies of identity cards in order to prove our identity is a common sight. From score-card to Aadhar-card, the details of our identity has reached many unauthorized hands during the years. In India the identity thefts accounts for 77% [1] of the fraud cases, and the threats are trending. Programs like e-Residency by Estonia[2], Bitnation using Ethereum[3] are being devised for an efficient Identity Management. Even the US Home Land Security is funding a research with an objective of “Design information security and privacy concepts on the Blockchain to support identity management capabilities that increase security and productivity while decreasing costs and security risks for the Homeland Security Enterprise (HSE).” [4] This paper will discuss the challenges specific to India around Identity Management, and the possible solution that the Distributed ledger, hashing algorithms and smart contracts can offer. The logic of hashing the personal data, and controlling the distribution of identity using public-private keys with Blockchain technology will be discussed in this paper.

As the computer architecture technology evolves, communication protocols have been demanded not only having reliable security but also flexible functionality. Advanced cryptography has been expected as a new generation cryptography which suffices such the requirements. A pairing is one of the key technologies of the cryptography and the pairing has been known as having a substantial amount of construction parameters. Recently, the elliptic curve with embedding degree 14 is evaluated as one of the efficient curves for pairing. In the paper, we implement an optimal ate pairing on the elliptic curve by applying several variants of multiplication algorithms of extension field of degree 7 on multiple devices. The best multiplication algorithm among the candidates is derived. Besides, for efficient calculations, we propose a pseudo 7-sparse algorithm and a fast calculation method of final exponentiation. As a result, we discover the proper multiplication algorithm bases on the rate of addition and multiplications on several different computer platforms. Our proposed pseudo 7-sparse algorithm is approximately 1.54% faster than a regular algorithm on almost all tested platforms. Eventually, for the total execution time of pairing we record 9.33ms on Corei5-9500.

In this brief, a cryptographically secure pseudo-random number generator based on the NIST Koblitz elliptic curve K-163 is implemented. A 3-stage pipelined multiplier is adopted to speed up point additions. In addition, Frobenius map and point additions are performed in parallel to reduce the clock cycles required for scalar multiplication. By expanding the multiplier with a multiplexer, exponentiation and multiplication can be executed simultaneously, thus greatly reducing the clock cycles needed for inversion. Implementation results on Xilinx Virtex-4 show that the frequency of the multiplier is up to 248 MHz, therefore it takes only 2.21 us for scalar multiplication over K-163. The cryptographically secure pseudo-random number generator can produce 452 Kbit random number every second.