Biblio

This Since the past century, the digital design industry has performed an outstanding role in the development of electronics. Hence, a great variety of designs are developed daily, these designs must be submitted to high standards of verification in order to ensure the 100% of reliability and the achievement of all design requirements. The Universal Verification Methodology (UVM) is the current standard at the industry for the verification process due to its reusability, scalability, time-efficiency and feasibility of handling high-level designs. This research proposes a functional verification framework using UVM for an AES encryption module based on a very detailed and robust verification plan. This document describes the complete verification process as done in the industry for a popular module used in information-security applications in the field of cryptography, defining the basis for future projects. The overall results show the achievement of the high verification standards required in industry applications and highlight the advantages of UVM against System Verilog-based functional verification and direct verification methodologies previously developed for the AES module.

In Smart Grids (SGs), data aggregation process is essential in terms of limiting packet size, data transmission amount and data storage requirements. This paper presents a novel Domingo-Ferrer additive privacy based Secure Data Aggregation (SDA) scheme for Fog Computing based SGs (FCSG). The proposed protocol achieves end-to-end confidentiality while ensuring low communication and storage overhead. Data aggregation is performed at fog layer to reduce the amount of data to be processed and stored at cloud servers. As a result, the proposed protocol achieves better response time and less computational overhead compared to existing solutions. Moreover, due to hierarchical architecture of FCSG and additive homomorphic encryption consumer privacy is protected from third parties. Theoretical analysis evaluates the effects of packet size and number of packets on transmission overhead and the amount of data stored in cloud server. In parallel with the theoretical analysis, our performance evaluation results show that there is a significant improvement in terms of data transmission and storage efficiency. Moreover, security analysis proves that the proposed scheme successfully ensures the privacy of collected data.

Physical Unclonable Functions (PUFs) have been designed for many security applications such as identification, authentication of devices and key generation, especially for lightweight electronics. Traditional approaches to enhancing security, such as hash functions, may be expensive and resource dependent. However, modelling attacks using machine learning (ML) show the vulnerability of most PUFs. In this paper, a combination of a 32-bit current mirror and 16-bit arbiter PUFs in 65nm CMOS technology is proposed to improve resilience against modelling attacks. Both PUFs are vulnerable to machine learning attacks and we reduce the output prediction rate from 99.2% and 98.8% individually, to 60%.

This computer era leads human to interact with computers and networks but there is no such solution to get rid of security problems. Securities threats misleads internet, we are sometimes losing our hope and reliability with many server based access. Even though many more crypto algorithms are coming for integrity and authentic data in computer access still there is a non reliable threat penetrates inconsistent vulnerabilities in networks. These vulnerable sites are taking control over the user's computer and doing harmful actions without user's privileges. Though Firewalls and protocols may support our browsers via setting certain rules, still our system couldn't support for data reliability and confidentiality. Since these problems are based on network access, lets we consider TCP/IP parameters as a dataset for analysis. By doing preprocess of TCP/IP packets we can build sovereign model on data set and clump cluster. Further the data set gets classified into regular traffic pattern and anonymous pattern using KNN classification algorithm. Based on obtained pattern for normal and threats data sets, security devices and system will set rules and guidelines to learn by it to take needed stroke. This paper analysis the computer to learn security actions from the given data sets which already exist in the previous happens.

Mobile Ad Hoc Networks are dynamic in nature and have no rigid or reliable network infrastructure by their very definition. They are expected to be self-governed and have dynamic wireless links which are not entirely reliable in terms of connectivity and security. Several factors could cause their degradation, such as attacks by malicious and selfish nodes which result in data carrying packets being dropped which in turn could cause breaks in communication between nodes in the network. This paper aims to address the issue of remedy and mitigation of the damage caused by packet drops. We proposed an improvement on the EAACK protocol to reduce the network overhead packet delivery ratio by using hybrid cryptography techniques DES due to its higher efficiency in block encryption, and RSA due to its management in key cipher. Comparing to the existing approaches, our simulated results show that hybrid cryptography techniques provide higher malicious behavior detection rates, and improve the performance. This research can also lead to more future efforts in using hybrid encryption based authentication techniques for attack detection/prevention in MANETs.

The purpose of this research is to propose a new mathematical model, designed to evaluate the security of cryptosystems. This model is a mixture of ideas from two basic mathematical theories, information theory and game theory. The role of information theory is assigning the model with security criteria of the cryptosystems. The role of game theory was to produce the value of the game which is representing the outcome of these criteria, which finally refers to cryptosystem's security. The proposed model support an accurate and mathematical way to evaluate the security of cryptosystems by unifying the criteria resulted from information theory and produce a unique reasonable value.

{We study secret sharing schemes for general (non-threshold) access structures. A general secret sharing scheme for n parties is associated to a monotone function F:\0,1\n$\rightarrowłbrace$0,1\}. In such a scheme, a dealer distributes shares of a secret s among n parties. Any subset of parties T {$\subseteq$} [n] should be able to put together their shares and reconstruct the secret s if F(T)=1, and should have no information about s if F(T)=0. One of the major long-standing questions in information-theoretic cryptography is to minimize the (total) size of the shares in a secret-sharing scheme for arbitrary monotone functions F. There is a large gap between lower and upper bounds for secret sharing. The best known scheme for general F has shares of size 2n-o(n), but the best lower bound is {$Ømega$}(n2/logn). Indeed, the exponential share size is a direct result of the fact that in all known secret-sharing schemes, the share size grows with the size of a circuit (or formula, or monotone span program) for F. Indeed, several researchers have suggested the existence of a representation size barrier which implies that the right answer is closer to the upper bound, namely, 2n-o(n). In this work, we overcome this barrier by constructing a secret sharing scheme for any access structure with shares of size 20.994n and a linear secret sharing scheme for any access structure with shares of size 20.999n. As a contribution of independent interest, we also construct a secret sharing scheme with shares of size 2Õ({$\surd$}n) for 2n n/2 monotone access structures, out of a total of 2n n/2{$\cdot$} (1+O(logn/n)) of them. Our construction builds on recent works that construct better protocols for the conditional disclosure of secrets (CDS) problem.

Cloud Computing is an important term of modern technology. The usefulness of Cloud is increasing day by day and simultaneously more and more security problems are arising as well. Two of the major threats of Cloud are improper authentication and multi-tenancy. According to the specialists both pros and cons belong to multi-tenancy. There are security protocols available but it is difficult to claim these protocols are perfect and ensure complete protection. The purpose of this paper is to propose an integrated model to ensure better Cloud security for Authentication and multi-tenancy. Multi-tenancy means sharing of resources and virtualization among clients. Since multi-tenancy allows multiple users to access same resources simultaneously, there is high probability of accessing confidential data without proper privileges. Our model includes Kerberos authentication protocol to enhance authentication security. During our research on Kerberos we have found some flaws in terms of encryption method which have been mentioned in couple of IEEE conference papers. Pondering about this complication we have elected Elliptic Curve Cryptography. On the other hand, to attenuate arose risks due to multi-tenancy we are proposing a Resource Allocation Manager Unit, a Control Database and Resource Allocation Map. This part of the model will perpetuate resource allocation for the users.

Cloud computing is a standard architecture for providing computing services among servers and cloud user (CU) for preserving data from unauthorized users. Therefore, the user authentication is more reliable to ensure cloud services accessed only by a genuine user. To improve the authentication accuracy, Tiger Hash-based Kerberos Biometric Blowfish Authentication (TH-KBBA) Mechanism is introduced for accessing data from server. It comprises three steps, namely Registration, Authentication and Ticket Granting. In the Registration process, client enrolls user details and stores on cloud server (CS) using tiger hashing function. User ID and password is given by CS after registration. When client wants to access data from CS, authentication server (AS) verifies user identity by sending a message. When authenticity is verified, AS accepts user as authenticated user and convinces CS that user is authentic. For convincing process, AS generates a ticket and encrypted using Blowfish encryption. Encrypted ticket is sent back to user. Then, CU sends message to server containing users ID and encrypted ticket. Finally, the server decrypts ticket using blowfish decryption and verifies the user ID. If these two ID gets matched, the CS grants requested data to the user. Experimental evaluation of TH-KBBA mechanism and existing methods are carried out with different factors such as Authentication accuracy, authentications time and confidentiality rate with respect to a number of CUs and data.

Kerberos is a third party and widely used authentication protocol, in which it enables computers to connect securely using a single sign-on over an insecure channel. It proves the identity of clients and encrypts all the communications between them to ensure data privacy and integrity. Typically, Kerberos composes of three communication phases to establish a secure session between any two clients. The authentication is based on a password-based scheme, in which it is a secret long-term key shared between the client and the Kerberos. Therefore, Kerberos suffers from a password-guessing attack, the main drawback of Kerberos. In this paper, we overcome this limitation by modifying the first initial phase using the virtual password and biometric data. In addition, the proposed protocol provides a strong authentication scenario against multiple types of attacks.

We present the IT solution for remote modeling of cryptographic protocols and other cryptographic primitives and a number of education-oriented capabilities based on them. These capabilities are provided at the Department of Mathematical Modeling using the MPEI algebraic processor, and allow remote participants to create automata models of cryptographic protocols, use and manage them in the modeling process. Particular attention is paid to the IT solution for modeling of the private communication and key distribution using the processor combined with the Kerberos protocol. This allows simulation and studying of key distribution protocols functionality on remote computers via the Internet. The importance of studying cryptographic primitives for future IT specialists is emphasized.

In order to solve the problem of vulnerable password guessing attacks caused by dictionary attacks, replay attacks in the authentication process, and man-in-the-middle attacks in the existing wireless local area network in terms of security authentication, we make some improvements to the 802.1X / EAP authentication protocol based on the study of the current IEEE802.11i security protocol with high security. After introducing the idea of Kerberos protocol authentication and applying the idea in the authentication process of 802.1X / EAP, a new protocol of Kerberos extensible authentication protocol (KEAP) is proposed. Firstly, the protocol introduces an asymmetric key encryption method, uses public key encryption during data transmission, and the receiver uses the corresponding private key for decryption. With unidirectional characteristics and high security, the encryption can avoid password guessing attacks caused by dictionary attacks as much as possible. Secondly, aiming at the problem that the request message sent from the client to the authentication server is vulnerable to replay attacks, the protocol uses a combination of the message sequence number and the random number, and the message serial number is added to the request message sent from the client to the authentication server. And establish a list database for storing message serial number and random number in the authentication server. After receiving a transfer message, the serial number and the random number are extracted and compared with the values in the list database to distinguish whether it is a retransmission message. Finally, the protocol introduces a keychain mechanism and uses an irreversible Hash function to encrypt the final authentication result, thereby effectively solving the man-in-the-middle attack by the pretender. The experiment uses the OPNET 14.5 simulation platform to model the KEAP protocol and simulate simulation attacks, and compares it with the current more common EAP-TLS authentication protocol. Experimental results show that the average traffic of the KEAP protocol is at least 14.74% higher than the EAP-TLS authentication protocol, and the average bit error rate is reduced by at least 24.00%.

This paper presents a theoretical background of main research activity focused on the evaluation of wiping/erasure standards which are mostly implemented in specific software products developed and programming for data wiping. The information saved in storage devices often consists of metadata and trace data. Especially but not only these kinds of data are very important in the process of forensic analysis because they sometimes contain information about interconnection on another file. Most people saving their sensitive information on their local storage devices and later they want to secure erase these files but usually there is a problem with this operation. Secure file destruction is one of many Anti-forensics methods. The outcome of this paper is to define the future research activities focused on the establishment of the suitable digital environment. This environment will be prepared for testing and evaluating selected wiping standards and appropriate eraser software.

State-of-the-art system-on-chip (SoC) field programmable gate arrays (FPGAs) integrate hard powerful ARM processor cores and the reconfigurable logic fabric on a single chip in addition to many commonly needed high performance and high-bandwidth peripherals. The increasing reliance on untrustworthy third-party IP (3PIP) cores, including both hardware and software in FPGA-based embedded systems has made the latter increasingly vulnerable to security attacks. Detection of trojans in 3PIPs is extremely difficult to current static detection methods since there is no golden reference model for 3PIPs. Moreover, many FPGA-based embedded systems do not have the support of security services typically found in operating systems. In this paper, we present our run-time, low-cost, and low-latency hardware and software based solution for protecting data stored in on-chip memory blocks, which has attracted little research attention. The implemented memory protection design consists of a hierarchical top-down structure and controls memory access from software IPs running on the processor and hardware IPs running in the FPGA, based on a set of rules or access rights configurable at run time. Additionally, virtual addressing and encryption of data for each memory help protect confidentiality of data in case of a failure of the memory protection unit, making it hard for the attacker to gain access to the data stored in the memory. The design is implemented and tested on the Intel (Altera) DE1-SoC board featuring a SoC FPGA that integrates a dual-core ARM processor with reconfigurable logic and hundreds of memory blocks. The experimental results and case studies show that the protection model is successful in eliminating malicious IPs from the system without need for reconfiguration of the FPGA. It prevents unauthorized accesses from untrusted IPs, while arbitrating access from trusted IPs generating legal memory requests, without incurring a serious area or latency penalty.

The paper deals with the implementation aspects of the bilinear pairing operation over an elliptic curve on constrained devices, such as smart cards, embedded devices, smart meters and similar devices. Although cryptographic constructions, such as group signatures, anonymous credentials or identity-based encryption schemes, often rely on the pairing operation, the implementation of such schemes into practical applications is not straightforward, in fact, it may become very difficult. In this paper, we show that the implementation is difficult not only due to the high computational complexity, but also due to the lack of cryptographic libraries and programming interfaces. In particular, we show how difficult it is to implement pairing-based schemes on constrained devices and show the performance of various libraries on different platforms. Furthermore, we show the performance estimates of fundamental cryptographic constructions, the group signatures. The purpose of this paper is to reduce the gap between the cryptographic designers and developers and give performance results that can be used for the estimation of the implementability and performance of novel, upcoming schemes.

This paper presents an efficient arithmetic in extension field based on Cyclic Vector Multiplication Algorithm that reduces calculation costs over cubic extension for elliptic curve pairing cryptography. In addition, we evaluate the calculation costs compared to Karatsuba-based method.

Edge detection is one of the most important topics of image processing. In the scenario of cloud computing, performing edge detection may also consider privacy protection. In this paper, we propose an edge detection and image segmentation scheme on an encrypted image with Sobel edge detector. We implement Gaussian filtering and Sobel operator on the image in the encrypted domain with homomorphic property. By implementing an adaptive threshold decision algorithm in the encrypted domain, we obtain a threshold determined by the image distribution. With the technique of garbled circuit, we perform comparison in the encrypted domain and obtain the edge of the image without decrypting the image in advanced. We then propose an image segmentation scheme on the encrypted image based on the detected edges. Our experiments demonstrate the viability and effectiveness of the proposed encrypted image edge detection and segmentation.

Scan design is a universal design for test (DFT) technology to increase the observability and controllability of the circuits under test by using scan chains. However, it also leads to a potential security problem that attackers can use scan design as a backdoor to extract confidential information. Researchers have tried to address this problem by using secure scan structures that usually have some keys to confirm the identities of users. However, the traditional methods to store intermediate data or keys in memory are also under high risk of being attacked. In this paper, we propose a dynamic-key secure DFT structure that can defend scan-based and memory attacks without decreasing the system performance and the testability. The main idea is to build a scan design key generator that can generate the keys dynamically instead of storing and using keys in the circuit statically. Only specific patterns derived from the original test patterns are valid to construct the keys and hence the attackers cannot shift in any other patterns to extract correct internal response from the scan chains or retrieve the keys from memory. Analysis results show that the proposed method can achieve a very high security level and the security level will not decrease no matter how many guess rounds the attackers have tried due to the dynamic nature of our method.

Given the high frequency of information security incidents, feeling that we may soon become innocent victims of these events may be justified. Perpetrators of information security offenses take advantage of several methods to leave no evidence of their crimes, and this pattern of hiding tracks has caused difficulties for investigators searching for digital evidence. Use of the onion router (Tor) is a common way for criminals to conceal their identities and tracks. This paper aims to explain the composition and operation of onion routing; we conduct a forensic experiment to detect the use of the Tor browser and compare several browser modes, including incognito and normal. Through the experimental method described in this paper, investigators can learn to identify perpetrators of Internet crimes, which will be helpful in future endeavors in digital forensics.

The security level is very important in Bluetooth, because the network or devices using secure communication, are susceptible to many attacks against the transmitted data received through eavesdropping. The cryptosystem designers needs to know the complexity of the designed Bluetooth E0. And what the advantages given by any development performed on any known Bluetooth E0Encryption method. The most important criteria can be used in evaluation method is considered as an important aspect. This paper introduce a proposed fuzzy logic technique to evaluate the complexity of Bluetooth E0Encryption system by choosing two parameters, which are entropy and correlation rate, as inputs to proposed fuzzy logic based Evaluator, which can be applied with MATLAB system.

Blockchain technology has been increasingly used for decentralizing cloud-based Internet of Things (IoT) architectures to address some limitations faced by centralized systems. While many existing efforts are successful in leveraging blockchain for decentralization with multiple servers (full nodes) to handle faulty nodes, an important issue has arisen that external clients (also called lightweight clients) have to rely on a relay node to communicate with the full nodes in the blockchain. Compromization of such relay nodes may result in a security breach and even a blockage of IoT sensors from the network. We propose censorship resistant decentralized IoT management systems, which include a "diffusion" function to deliver all messages from sensors to all full nodes and an augmented consensus protocol to check data loss, replicate processing outcome, and facilitate opportunistic outcome delivery. We also leverage the cryptographic tool of aggregate signature to reduce the complexity of communication and signature verification.

The Blockchain is an emerging paradigm that could solve security and trust issues for Internet of Things (IoT) platforms. We recently introduced in an IETF draft (“Blockchain Transaction Protocol for Constraint Nodes”) the BIoT paradigm, whose main idea is to insert sensor data in blockchain transactions. Because objects are not logically connected to blockchain platforms, controller entities forward all information needed for transaction forgery. Never less in order to generate cryptographic signatures, object needs some trusted computing resources. In previous papers we proposed the Four-Quater Architecture integrating general purpose unit (GPU), radio SoC, sensors/actuators and secure elements including TLS/DTLS stacks. These secure microcontrollers also manage crypto libraries required for blockchain operation. The BIoT concept has four main benefits: publication/duplication of sensors data in public and distributed ledgers, time stamping by the blockchain infrastructure, data authentication, and non repudiation.

The increasing deployment of smart meters at individual households has significantly improved people's experience in electricity bill payments and energy savings. It is, however, still challenging to guarantee the accurate detection of attacked meters' behaviors as well as the effective preservation of users'privacy information. In addition, rare existing research studies jointly consider both these two aspects. In this paper, we propose a Privacy-Preserving energy Theft Detection scheme (PPTD) to address the energy theft behaviors and information privacy issues in smart grid. Specifically, we use a recursive filter based on state estimation to estimate the user's energy consumption, and detect the abnormal data. During data transmission, we use the lightweight NTRU algorithm to encrypt the user's data to achieve privacy preservation. Security analysis demonstrates that in the PPTD scheme, only authorized units can transmit/receive data, and data privacy are also preserved. The performance evaluation results illustrate that our PPTD scheme can significantly reduce the communication and computation costs, and effectively detect abnormal users.

In the smart grid, residents' electricity usage needs to be periodically measured and reported for the purpose of better energy management. At the same time, real-time collection of residents' electricity consumption may unfavorably incur privacy leakage, which has motivated the research on privacy-preserving aggregation of electricity readings. Most previous studies either rely on a trusted third party (TTP) or suffer from expensive computation. In this paper, we first reveal the privacy flaws of a very recent scheme pursing privacy preservation without relying on the TTP. By presenting concrete attacks, we show that this scheme has failed to meet the design goals. Then, for better privacy protection, we construct a new scheme called PMDA, which utilizes Shamir's secret sharing to allow smart meters to negotiate aggregation parameters in the absence of a TTP. Using only lightweight cryptography, PMDA efficiently supports multi-functional aggregation of the electricity readings, and simultaneously preserves residents' privacy. Theoretical analysis is provided with regard to PMDA's security and efficiency. Moreover, experimental data obtained from a prototype indicates that our proposal is efficient and feasible for practical deployment.

With the advancement of Technology, the existing electric grids are shifting towards smart grid. The smart grids are meant to be effective in power management, secure and safe in communication and more importantly, it is favourable to the environment. The smart grid is having huge architecture it includes various stakeholders that encounter challenges in the name of authorisation and authentication. The smart grid has another important issue to deal with that is securing the communication from varieties of cyber-attacks. In this paper, we first discussed about the challenges in the smart grid data communication and later we surveyed the existing cryptographic algorithm and presented comparative work on certain factors for existing working cryptographic algorithms This work gives insight conclusion to improve the working scheme for data security and Privacy preservation of customer who is one of the stack holders. Finally, with the comparative work, we suggest a direction of future work on improvement of working algorithms for secure and safe data communication in a smart grid.