Biblio

The Internet is evolving everywhere and expanding its entity globally. The IoT(Internet of things) is a new and interesting concept introduced in this world of internet. Generally it is interconnected computing device which can be embedded in our daily routine objects through which we can send and receive data. It is beyond connecting computers and laptops only although it can connect billion of devices. It can be described as reliable method of communication that also make use of other technologies like wireless sensor, QR code etc. IoT (Internet of Things) is making everything smart with use of technology like smart homes, smart cities, smart watches. In this chapter, we will study the security algorithms in IoT (Internet of Things) which can be achieved with encryption process. In the world of IoT, data is more vulnerable to threats. So as to protect data integrity, data confidentiality, we have Light weight Encryption Algorithms like symmetric key cryptography and public key cryptography for secure IoT (Internet of Things) named as Secure IoT. Because it is not convenient to use full encryption algorithms that require large memory size, large program code and larger execution time. Light weight algorithms meet all resource constraints of small memory size, less execution time and efficiency. The algorithms can be measured in terms of key size, no of blocks and algorithm structure, chip size and energy consumption. Light Weight Techniques provides security to smart object networks and also provides efficiency. In Symmetric Key Cryptography, two parties can have identical keys but has some practical difficulty. Public Key Cryptography uses both private and public key which are related to each other. Public key is known to everyone while private key is kept secret. Public Key cryptography method is based on mathematical problems. So, to implement this method, one should have a great expertise.

An image hiding algorithm based on bit plane and two-dimensional code is proposed in this paper. The main characteristic of information hiding is to use the information redundant data of the existing image, to embed the information into these redundant data by the information hiding algorithm, or to partially replace redundant information with information to be embedded to achieve a visual invisible purpose. We first analyze the color index usage frequency of the block index matrix in the algorithm, and calculate the distance between the color of the block index matrix with only one color and the other color in the palette that is closest to the color. Then, the QR model and the compression model are applied to improve the efficiency. We compare the proposed model with the stateof-the-art models.

The majority of systems rely on user authentication on passwords, but passwords have so many weaknesses and widespread use that easily raise significant security concerns, regardless of their encrypted form. Users hold the same password for different accounts, administrators never check password files for flaws that might lead to a successful cracking, and the lack of a tight security policy regarding regular password replacement are a few problems that need to be addressed. The proposed research work aims at enhancing this security mechanism, prevent penetrations, password theft, and attempted break-ins towards securing computing systems. The selected solution approach is two-folded; it implements a two-factor authentication scheme to prevent unauthorized access, accompanied by Honeyword principles to detect corrupted or stolen tokens. Both can be integrated into any platform or web application with the use of QR codes and a mobile phone.

In Indonesia, there have been many certificates forgery happened. The lack of security system for the certificate and the difficulty in verification process toward the authenticity certificate become the main factor of the certificate forgery cases happen. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The aim of this research is to improve the security system such digital signature and QR code to authenticate the authenticity certificate and to facilitate the user in verify their certificate and also to minimize the certificate forgery cases. The application is built in web system to facilitate the user to access it everywhere and any time. This research uses Research and Development method for problem analysis and to develop application using Software Development Life Cycle method with waterfall approach. Black box testing is chosen as testing method for each function in this system. The result of this research is creatcate application that’s designed to support the publishing and the verification of the electronic authenticity certificate by online. There are two main schemes in system: the scheme in making e-certificate and the scheme of verification QR Code. There is the electronic professional certificate application by applying digital signature and QR Code. It can publish e-certificate that can prevent from criminal action such certificate forgery, that’s showed in implementation and can be proven in test.

Security is a most concerning matter for client's data in today's emerging technological world in each field, like banking, management, retail, shopping, communication, education, etc. Arise in cyber-crime due to the black hat community, there is always a need for a better way to secure the client's sensitive information, Security is the key point in online banking as the threat of unapproved online access to a client's data is very significant as it ultimately danger to bank reputation. The more secure and powerful methods can allow a client to work with untrusted parties. Paper is focusing on how secure banking transaction system can work by using homomorphic encryption and steganography techniques. For data encryption NTRU, homomorphic encryption can be used and to hide details through the QR code, a cover image can be embed using steganography techniques.

A Quick Response (QR) Code is a type of barcode that can be read by the digital devices and which stores the information in a square-shaped. The QR Code readers can extract data from the patterns which are presented in the QR Code matrix. A QR Code can be acting as an attack vector that can harm indirectly. In such case a QR Code can carry malicious or phishing URLs and redirect users to a site which is well conceived by the attacker and pretends to be an authorized one. Once the QR Code is decoded the commands are triggered and executed, causing damage to information, operating system and other possible sequence the attacker expects to gain. In this paper, a new model for QR Code authentication and phishing detection has been presented. The proposed model will be able to detect the phishing and malicious URLs in the process of the QR Code validation as well as to prevent the user from validating it. The development of this application will help to prevent users from being tricked by the harmful QR Codes.

In this paper, we will describe the design and implementation of a secure payment system based on QR codes. These QR codes have been extensively used in recent years since they speed up the payment process and provide users with ultimate convenience. However, as convenient as they may sound, QR-based online payment systems are vulnerable to different types of attacks. Therefore, transaction processing needs to be secure enough to protect the integrity and confidentiality of every payment process. Moreover, the online payment system must provide authenticity for both the sender and receiver of each transaction. In this paper, the security of the proposed QR-based system is provided using visual cryptography. The proposed system consists of a mobile application and a payment gateway server that implements visual cryptography. The application provides a simple and user-friendly interface for users to carry out payment transactions in user-friendly secure environment.

A threat of eavesdropping display screen image of information device is caused by unintended EM leakage emanation. QR bar-code is capable of error correction, and its information is possibly read from a damaged screen image from EM leakage. A new design of QR bar-code proposed in this paper uses selected colors in consideration of correlation between the EM wave leakage and display color. Proposed design of QR bar-code keeps error correction of displayed image, and makes it difficult to read information on the eavesdropped image.

Quick response (QR) codes are currently used ubiq-uitously. Their interaction protocol design is initially unsecured. It forces users to scan QR codes, which makes it harder to differentiate a genuine code from a malicious one. Intruders can change the original QR code and make it fake, which can lead to phishing websites that collect sensitive data. The interaction model can be improved and made more secure by adding some modifications to the backend side of the application. This paper addresses the vulnerabilities of QR codes and recommends improvements in security design. Furthermore, two state-of-the-art algorithms, Digital Signature (DS) and Elliptic Curve Digital Signature (ECDS), are analytically compared to determine their strengths in QR code security.

This research presented a digital watermarking scheme using multi-level authentication for protecting QR code images in order to provide security and authenticity. This research focuses on the improved digital watermarking scheme for QR code security that can protect the confidentiality of the information stored in QR code images from the public. Information modification, malicious attack, and copyright violation may occur due to weak security and disclosure pattern of QR code. Digital watermarking can be a solution to reduce QR code imitation and increase QR code security and authenticity. The objectives of this research are to provide QR code image authentication and security, tamper localization, and recovery scheme on QR code images. This research proposed digital watermarking for QR code images based on multi-level authentication with Least Significant Bit (LSB) and SHA-256 hash function. The embedding and extracting watermark utilized region of Interest (ROI) and Region of Non-Interest (RONI) in the spatial domain for improving the depth and width of QR code application in the anti-counterfeiting field. The experiments tested the reversibility and robustness of the proposed scheme after a tempered watermarked QR code image. The experimental results show that the proposed scheme provides multi-level security, withstands tampered attacks and it provided high imperceptibility of QR code image.

Recent advancements in quantum information theory and quantum computation intend the possibilities of breaking the existing classical cryptographic systems. To mitigate these kinds of threats with quantum computers we need some advanced quantum-based cryptographic systems. The research orientation towards this is tremendous in recent years, and many excellent approaches have been reported. In this article, we discuss the probable approaches of the quantum cryptographic systems from implementation point of views to handle the post-quantum cryptographic attacks.

Cloud computing has changed the paradigm of using computing resources. It has shifted from traditional storage and computing to Internet based computing leveraging economy of scale, cost saving, elimination of data redundancy, scalability, availability and regulatory compliance. With these, cloud also brings plenty of security issues. As security is not a one-time solution, there have been efforts to investigate and provide countermeasures. In the wake of emerging quantum computers, the aim of post-quantum cryptography is to develop cryptography schemes that are secure against both classical computers and quantum computers. Since cloud is widely used across the globe for outsourcing data, it is essential to strive at providing betterment of security schemes from time to time. This paper reviews recent development, methods of cloud data security in post-quantum perspectives. It provides useful insights pertaining to the security schemes used to safeguard data dynamics associated with cloud computing. The findings of this paper gives directions for further research in pursuit of more secure cloud data storage and retrieval.

The advancements in quantum computing and quantum cryptology have recently started to gain momentum and transformation of usable quantum technologies from dream to reality has begun to look viable. This has created an immediate requirement to comprehend quantum attacks and their cryptographic implications, which is a prerequisite obligation to design cryptographic systems resistant to current and futuristic projected quantum and conventional attacks. In this context, this paper reviews the prevalent quantum concepts and analyses their envisaged impact on various aspects of modern-day communication and information security technologies. Moreover, the paper also presents six open-problems and two conjectures, which are formulated to define prerequisite technological obligations for fully comprehending the futuristic quantum threats to contemporary communication security technologies and information assets processed through these systems. Furthermore, the paper also presents some important concepts in the form of questions and discusses some recent trends adapted in cryptographic designs to thwart quantum attacks.

The development of edge computing and machine learning technologies have led to the growth of Industrial IoT systems. Autonomous decision making and smart manufacturing are flourishing in the current age of Industry 4.0. By providing more compute power to edge devices and connecting them to the internet, the so-called Cyber Physical Systems are prone to security threats like never before. Security in the current industry is based on cryptographic techniques that use pseudorandom number keys. Keys generated by a pseudo-random number generator pose a security threat as they can be predicted by a malicious third party. In this work, we propose a secure Industrial IoT Architecture that makes use of true random numbers generated by a quantum random number generator (QRNG). CITRIOT's FireConnect IoT node is used to show the proof of concept in a quantum-safe network where the random keys are generated by a cloud based quantum device. We provide an implementation of QRNG on both real quantum computer and quantum simulator. Then, we compare the results with pseudorandom numbers generated by a classical computer.

Multi-access edge computing (MEC) equipped with artificial intelligence is a promising technology in B5G wireless systems. Due to outsourcing and other transactions, some primitive security modules need to be introduced. In this paper, we design a primitive cipher based on double discrete exponentiation and double discrete logarithm. The machine learning methodology is incorporated in the development. Several interesting results are obtained. It reveals that the number of key-rounds is critically important.

We suggest using Fully Homomorphic Encryption (FHE) to be used, not only to keep the privacy of information but also, to verify computations with no additional significant overhead, using only part of the variables length for verification. This method supports the addition of encrypted values as well as multiplication of encrypted values by the addition of their logarithmic representations and is based on a separation between hardware functionalities. The computer/server performs blackbox additions and is based on the separation of server/device/hardware, such as the enclave, that may deal with additions of logarithmic values and exponentiation. The main idea is to restrict the computer operations and to use part of the variable for computation verification (computation fingerprints) and the other for the actual calculation. The verification part holds the FHE value, of which the calculated result is known (either due to computing locally once or from previously verified computations) and will be checked against the returned FHE value. We prove that a server with bit computation granularity can return consistent encrypted wrong results even when the public key is not provided. For the case of computer word granularity the verification and the actual calculation parts are separated, the verification part (the consecutive bits from the LSB to the MSB of the variables) is fixed across all input vectors. We also consider the case of Single Instruction Multiple Data (SIMD) where the computation fingerprints index in the input vectors is fixed across all vectors.

Pairings on elliptic curves are exploited for pairing-based cryptography, e.g., ID-based encryption and group signature authentication. For secure cryptography, it is important to choose the curves that have resistance to a special variant of the tower number field sieve (TNFS) that is an attack for the finite fields. However, for the pairings on several curves with embedding degree \$k=\10,11,13,14\\$ resistant to the special TNFS, efficient algorithms for computing the final exponentiation constructed by the lattice-based method have not been provided. For these curves, the authors present efficient algorithms with the calculation costs in this manuscript.

Pairings on elliptic curves which are carried out by the Miller loop and final exponentiation are used for innovative protocols such as ID-based encryption and group signature authentication. As the recent progress of attacks for finite fields in which pairings are defined, the importance of the use of the curves with prime embedding degrees \$k\$ has been increased. In this manuscript, the authors provide a method for providing efficient final exponentiation algorithms for a specific cyclotomic family of curves with arbitrary prime \$k\$ of \$k\textbackslashtextbackslashequiv 1(\textbackslashtextbackslashtextmod\textbackslashtextbackslash 6)\$. Applying the proposed method for several curves such as \$k=7\$, 13, and 19, it is found that the proposed method gives rise to the same algorithms as the previous state-of-the-art ones by the lattice-based method.

In the present paper the exponentiation algorithm “To Center and Back” based on the idea of the additive chains exponentiation method is developed. The created by authors algorithm allows to reduce the calculation time and to improve the performance of conventional and cryptographic algorithms, as pre-quantum and quantum, and then post-quantum, in which it is necessary to use the fast exponentiation algorithm.

One of the topics that have successful applications in engineering technologies and computer science is chaos theory. The remarkable area among these successful applications has been especially the subject of chaos-based cryptology. Many practical applications have been proposed in a wide spectrum from image encryption algorithms to random number generators, from block encryption algorithms to hash functions based on chaotic systems. Logistics map is one of the chaotic systems that has been the focus of attention of researchers in these applications. Since, Logistic map can be shown as the most widely used chaotic system in chaos-based cryptology studies due to its simple mathematical structure and its characterization as a strong entropy source. However, in some studies, researchers stated that the behavior displayed in relation to the dynamics of the Logistic map may pose a problem for cryptology applications. For this reason, alternative studies have been carried out using different chaotic systems. In this study, it has been investigated which one is more suitable for cryptographic applications for five different derivatives of the Logistic map. In the study, a substitution box generator program has been implemented using the Logistic map and its five different derivatives. The generated outputs have been tested for five basic substitution box design criteria. Analysis results showed that the proposals for maps derived from Logistic map have a more robust structure than many studies in the literature.

While various encryption algorithms ensure data security, it is essential to determine the accuracy and loss values and performance status in the analyzes made to determine encrypted data by deep learning. In this research, the analysis steps made by applying deep learning methods to encrypted cifar10 picture data are presented practically. The data was tried to be estimated by training with VGG16, VGG19, ResNet50 deep learning models. During this period, the network’s performance was tried to be measured, and the accuracy and loss values in these calculations were shown graphically.

In this paper is devoted a creation cryptographic protocol for the division of mutual authentication and session key. For secure protocols, suitable cryptographic algorithms were monitored.

Bitcoin and other digital cryptocurrencies have de-veloped rapidly in recent years. To reduce hardware and power costs, many criminals use the botnet to infect other hosts to mine cryptocurrency for themselves, which has led to the proliferation of mining botnets and is referred to as cryptojacking. At present, the mechanisms specific to cryptojacking detection include host-based, Deep Packet Inspection (DPI) based, and dynamic network characteristics based. Host-based detection requires detection installation and running at each host, and the other two are heavyweight. Besides, DPI-based detection is a breach of privacy and loses efficacy if encountering encrypted traffic. This paper de-signs a lightweight cryptojacking traffic detection method based on network behavior features for an ISP, without referring to the payload of network traffic. We set up an environment to collect cryptojacking traffic and conduct a cryptojacking traffic study to obtain its discriminative network traffic features extracted from only the first four packets in a flow. Our experimental study suggests that the machine learning classifier, random forest, based on the extracted discriminative network traffic features can accurately and efficiently detect cryptojacking traffic.

Unlike the traditional key-exchange based cryptography, physical layer security is built on information theory and aims to achieve unconditional security by exploiting the physical characteristics of wireless channels. With the growth of the number of wireless devices, physical layer security has been gradually emphasized by researchers. Various physical layer security protocols have been proposed for different communication scenarios. Since these protocols are based on information-theoretic security and the formalization work for information theory were not complete when these protocols were proposed, the security of these protocols lacked formal proofs. In this paper, we propose a formal definition for the secrecy capacity in non-degraded wiretap channel model and a formal proof for the secrecy capacity in binary symmetric channel with the help of SSReflect/Coq theorem prover.

Random number generators (RNGs) has an extensive application area from cryptography to simulation software. Piecewise linear one-dimensional (PL1D) maps are commonly preferred structures used as the basis of RNGs due to their theoretically proven chaotic behavior and ease of implementation. In this work, a skew-tent map based RNG is designed by using the chaotic sampling method in TSMC 180 nm CMOS process. Simulation data of the designed RNG is validated by the statistical randomness tests of the FIPS-140-2 and NIST 800-22 suites. The proposed RNG has three key features: the generated bitstreams can fulfill the randomness tests without using any post processing methods; the proposed RNG has immunity against external interference thanks to the chaotic sampling method; and higher bitrates (4.8 Mbit/s) can be achieved with relatively low power consumption (9.8 mW). Thus, robust RNG systems can be built for high-speed security applications with low power by using the proposed architecture.