Biblio

Chaotic dynamics is widely used to design pseudo-random number generators and for other applications, such as secure communications and encryption. This paper aims to study the dynamics of the discrete-time chaotic maps in the digital (i.e., finite-precision) domain. Differing from the traditional approaches treating a digital chaotic map as a black box with different explanations according to the test results of the output, the dynamical properties of such chaotic maps are first explored with a fixed-point arithmetic, using the Logistic map and the Tent map as two representative examples, from a new perspective with the corresponding state-mapping networks (SMNs). In an SMN, every possible value in the digital domain is considered as a node and the mapping relationship between any pair of nodes is a directed edge. The scale-free properties of the Logistic map's SMN are proved. The analytic results are further extended to the scenario of floating-point arithmetic and for other chaotic maps. Understanding the network structure of a chaotic map's SMN in digital computers can facilitate counteracting the undesirable degeneration of chaotic dynamics in finite-precision domains, also helping to classify and improve the randomness of pseudo-random number sequences generated by iterating the chaotic maps.

A localized electromagnetic (EM) attack is a potent threat to security of embedded cryptographic implementations. The attack utilizes high resolution EM probes to localize and exploit information leakage in sub-circuits of a system, providing information not available in traditional EM and power attacks. In this paper, we propose a countermeasure based on randomizing the assignment of sensitive data to parallel datapath components in a high-performance implementation of AES. In contrast to a conventional design where each state register byte is routed to a fixed S-box, a permutation network, controlled by a transient random value, creates a dynamic random mapping between the state registers and the set of S-boxes. This randomization results in a significant reduction of exploitable leakage.We demonstrate the countermeasure's effectiveness under two attack scenarios: a more powerful attack that assumes a fully controlled access to an attacked implementation for building a priori EM-profiles, and a generic attack based on the black-box model. Spatial randomization leads to a 150× increase of the minimum traces to disclosure (MTD) for the profiled attack and a 3.25× increase of MTD for the black-box model attack.

The notion of attribute-based encryption with outsourced decryption (OD-ABE) was proposed by Green, Hohenberger, and Waters. In OD-ABE, the ABE ciphertext is converted to a partially-decrypted ciphertext that has a shorter bit length and a faster decryption time than that of the ABE ciphertext. In particular, the transformation can be performed by a powerful third party with a public transformation key. In this paper, we propose a generic approach for constructing ABE with outsourced decryption from standard ABE, as long as the later satisfies some additional properties. Its security can be reduced to the underlying standard ABE in the selective security model by a black-box way. To avoid the drawback of selective security in practice, we further propose a modified decryption outsourcing mode so that our generic construction can be adapted to satisfying adaptive security. This partially solves the open problem of constructing an OD-ABE scheme, and its adaptive security can be reduced to the underlying ABE scheme in a black-box way. Then, we present some concrete constructions that not only encompass existing ABE outsourcing schemes of Green et al., but also result in new selectively/adaptively-secure OD-ABE schemes with more efficient transformation key generation algorithm. Finally, we use the PBC library to test the efficiency of our schemes and compare the results with some previous ones, which shows that our schemes are more efficient in terms of decryption outsourcing and transformation key generation.

Accountable authority identity-based encryption (A-IBE), as an attractive way to guarantee the user privacy security, enables a malicious private key generator (PKG) to be traced if it generates and re-distributes a user private key. Particularly, an A-IBE scheme achieves full black-box security if it can further trace a decoder box and is secure against a malicious PKG who can access the user decryption results. In PKC'11, Sahai and Seyalioglu presented a generic construction for full black-box A-IBE from a primitive called dummy identity-based encryption, which is a hybrid between IBE and attribute-based encryption (ABE). However, as the complexity of ABE, their construction is inefficient and the size of private keys and ciphertexts in their instantiation is linear in the length of user identity. In this paper, we present a new efficient generic construction for full black-box A-IBE from a new primitive called token-based identity-based encryption (TB-IBE), without using ABE. We first formalize the definition and security model for TB-IBE. Subsequently, we show that a TB-IBE scheme satisfying some properties can be converted to a full black-box A-IBE scheme, which is as efficient as the underlying TB-IBE scheme in terms of computational complexity and parameter sizes. Finally, we give an instantiation with the computational complexity as O(1) and the constant size master key pair, private keys, and ciphertexts.

Cryptography is one of the important aspect of data and information security. The security strength of cryptographic algorithms rely on the secrecy and randomness of keys. In this study, bitwise operations, Fisher-Yates shuffling algorithm, and cipher text mapping are integrated in the proposed TRNG key generator for One-Time Pad cryptography. Frequency monobit, frequency within a block, and runs tests are performed to evaluate the key randomness. The proposed method is also evaluated in terms of avalanche effect and brute force attack. Tests results indicate that the proposed method generates more random keys and has a higher level of security compared with the usual OTP using PRNG and TRNGs that do not undergo a refining phase.

A parallel brute force attack on RC4 algorithm based on FPGA (Field Programmable Gate Array) with an efficient style has been presented. The main idea of this design is to use number of forecast keying methods to reduce the overall clock pulses required depended to key searching operation by utilizes on-chip BRAMs (block RAMs) of FPGA for maximizing the total number of key searching unit with taking into account the highest clock rate. Depending on scheme, 32 key searching units and main controller will be used in one Xilinx XC3S1600E-4 FPGA device, all these units working in parallel and each unit will be searching in a specific range of keys, by comparing the current result with the well-known cipher text if its match the found flag signal will change from 0 to 1 and the main controller will receive this signal and stop the searching operation. This scheme operating at 128-MHz clock frequency and gives us key searching speed of 7.7 × 106 keys/sec. Testing all possible keys (40-bits length), requires only around 39.5h.

One of the fundamental methods for eavesdroppers to achieve a plaintext from a cryptogram is the brute force attack where possible candidates of decryption keys are exhaustively applied to the decryption algorithm. Here the only reason why the eavesdroppers believe to find the common-key and to achieve the plaintext is that the output of the decryption algorithm is contextually acceptable. According to this fact, this paper proposes a novel common-key cryptosystem where fake plaintexts which are also contextually acceptable are mixed into a cryptogram with the legal plaintext. If an eavesdropper applies a fake common-key to the decryption algorithm, it outputs the fake plaintexts which the eavesdroppers might believe legal. This paper also proposes concrete encryption/decryption algorithm which can be combined with any conventional common-key cryptosystem. Results of simulation experiments show the proposed method reduces probability for eavesdroppers to get legal plaintexts.

In the era of digitization, data security is a vital role in message transmission and all systems that deal with users require stronger encryption techniques that against brute force attack. Honey encryption (HE) algorithm is a user data protection algorithm that can deceive the attackers from unauthorized access to user, database and websites. The main part of conventional HE is distribution transforming encoder (DTE). However, the current DTE process using cumulative distribution function (CDF) has the weakness in message space limitation because CDF cannot solve the probability theory in more than four messages. So, we propose a new method in DTE process using discrete distribution function in order to solve message space limitation problem. In our proposed honeywords generation method, the current weakness of existing honeywords generation method such as storage overhead problem can be solved. In this paper, we also describe the case studies calculation of DTE in order to prove that new DTE process has no message space limitation and mathematical model using discrete distribution function for DTE process facilitates the distribution probability theory.

Information security has developed rapidly over the recent years with a key being the emergence of social media. To standardize this discipline, security of an individual becomes an urgent concern. In 2019, it is estimated that there will be over 2.5 billion social media users around the globe. Unfortunately, anonymous identity has become a major concern for the security advisors. Due to the technological advancements, the phishers are able to access the confidential information. To resolve these issues numerous solutions have been proposed, such as biometric identification, facial and audio recognition etc prior access to any highly secure forum on the web. Generating digital signatures is the recent trend being incorporated in the field of digital security. We have designed an algorithm that after generating 68 point facial landmark, converts the image to a highly compressed and secure digital signature. The proposed algorithm generates a unique signature for an individual which when stored in the user account information database will limit the creation of fake or multiple accounts. At the same time the algorithm reduces the database storage overhead as it stores the facial identity of an individual in the form of a compressed textual signature rather than the traditional method where the image file was being stored, occupying lesser amount of space and making it more efficient in terms of searching, fetching and manipulation. A unique new analysis of the features produced at intermediate layers has been applied. Here, we opt to use the normal and two opposites' angular measures of the triangle as the invariance. It simply acts as the real-time optimized encryption procedure to achieve the reliable security goals explained in detail in the later sections.

One of the most difficult tasks in networking is to provide security to data during transmission, the main issue using network is lack of security. Various techniques and methods had been introduced to satisfy the needs to enhance the firmness of the data while transmitting over internet. Due to several reasons and intruders the mechanism of providing security becomes a tedious task. At first conventional passwords are used to provide security to data while storing and transmitting but remembering the password quite confusing and difficult for the user to access the data. After that cryptography methodology is introduced to protect the data from the intruders by converting readable form of data into unreadable data by encryption process. Then the data is processed and received the receiver can access the original data by the reverse process of encryption called decryption. The processes of encoding have broken by intruders using various combinations of keys. In this proposed work strong encryption key can be generated by combining biometric and cryptography methods for enhancing firmness of data. Here biometric face image is pre-processed at initial stage then facial features are extracted to generate biometric-cryptographic key. After generating bio-crypto key data can be encrypted along with newly produced key with 0's or 1's bit combination and stored in the database. By generating bio-crypto key and using them for transmitting or storing the data the privacy and firmness of the data can be enhanced and by using own biometrics as key the process of hacking and interfere of intruders to access the data can be minimized.

When employing biometric recognition systems, we have to take into account that biometric data are considered sensitive data. This has raised some privacy issues, and therefore secure systems providing template protection are required. Using homomorphic encryption, permanent protection can be ensured, since templates are stored and compared in the encrypted domain. In addition, the unprotected system's accuracy is preserved. To solve the problem of the computational overload linked to the encryption scheme, we present an early decision making strategy for iris-codes. In order to improve the recognition accuracy, the most consistent bits of the iris-code are moved to the beginning of the template. This allows an accurate block-wise comparison, thereby reducing the execution time. Hence, the resulting system grants template protection in a computationally efficient way. More specifically, in the experimental evaluation in identification mode, the block-wise comparison achieves a 92% speed-up on the IITD database with 300 enrolled templates.

Security and confidentiality of big data stored in the cloud are important concerns for many organizations to adopt cloud services. One common approach to address the concerns is client-side encryption where data is encrypted on the client machine before being stored in the cloud. Having encrypted data in the cloud, however, limits the ability of data clustering, which is a crucial part of many data analytics applications, such as search systems. To overcome the limitation, in this paper, we present an approach named ClustCrypt for efficient topic-based clustering of encrypted unstructured big data in the cloud. ClustCrypt dynamically estimates the optimal number of clusters based on the statistical characteristics of encrypted data. It also provides clustering approach for encrypted data. We deploy ClustCrypt within the context of a secure cloud-based semantic search system (S3BD). Experimental results obtained from evaluating ClustCrypt on three datasets demonstrate on average 60% improvement on clusters' coherency. ClustCrypt also decreases the search-time overhead by up to 78% and increases the accuracy of search results by up to 35%.

With the exponential growth in the usage of electronic medical records (EMR), the amount of data generated by the healthcare industry has too increased exponentially. These large amounts of data, known as “Big Data” is mostly unstructured. Special big data analytics methods are required to process the information and retrieve information which is meaningful. As patient information in hospitals and other healthcare facilities become increasingly electronic, Big Data technologies are needed now more than ever to manage and understand this data. In addition, this information tends to be quite sensitive and needs a highly secure environment. However, current security algorithms are hard to be implemented because it would take a huge amount of time and resources. Security protocols in Big data are also not adequate in protecting sensitive information in the healthcare. As a result, the healthcare data is both heterogeneous and insecure. As a solution we propose the Secure Pattern-Based Data Sensitivity Framework (PBDSF), that uses machine learning mechanisms to identify the common set of attributes of patient data, data frequency, various patterns of codes used to identify specific conditions to secure sensitive information. The framework uses Hadoop and is built on Hadoop Distributed File System (HDFS) as a basis for our clusters of machines to process Big Data, and perform tasks such as identifying sensitive information in a huge amount of data and encrypting data that are identified to be sensitive.

This paper introduces a secured and distributed Big Data storage scheme with multiple authorizations. It divides the Big Data into small chunks and distributes them through multiple Cloud locations. The Shamir's Secret Sharing and Secure Hash Algorithm are employed to provide the security and authenticity of this work. The proposed methodology consists of two phases: the distribution and retrieving phases. The distribution phase comprises three operations of dividing, encrypting, and distribution. The retrieving phase performs collecting and verifying operations. To increase the security level, the encryption key is divided into secret shares using Shamir's Algorithm. Moreover, the Secure Hash Algorithm is used to verify the Big Data after retrieving from the Cloud. The experimental results show that the proposed design can reconstruct a distributed Big Data with good speed while conserving the security and authenticity properties.

This paper introduces an anonymous privacy-preserving scheme for big data over the cloud. The proposed design helps to enhance the encryption/decryption time of big data by utilizing the MapReduce framework. The Hadoop distributed file system and the secure hash algorithm are employed to provide the anonymity, security and efficiency requirements for the proposed scheme. The experimental results show a significant enhancement in the computational time of data encryption and decryption.

Big data of mobile network privacy is vulnerable to clear text attack in the process of storage and mixed network information sharing, which leads to information leakage. Through the mixed encryption of data of mobile network privacy big data to improve the confidentiality and security of mobile network privacy big data, a mobile network privacy big data hybrid encryption algorithm based on hyperchaos theory is proposed. The hybrid encryption key of mobile network privacy big data is constructed by using hyperchaotic nonlinear mapping hybrid encryption technology. Combined with the feature distribution of mobile network privacy big data, the mixed encrypted public key is designed by using Logistic hyperchaotic arrangement method, and a hyperchaotic analytic cipher and block cipher are constructed by using Rossle chaotic mapping. The random piecewise linear combination method is used to design the coding and key of mobile network privacy big data. According to the two-dimensional coding characteristics of mobile network privacy big data in the key authorization protocol, the hybrid encryption and decryption key of mobile network privacy big data is designed, and the mixed encryption and decryption key of mobile network privacy big data is constructed, Realize the privacy of mobile network big data mixed encryption output and key design. The simulation results show that this method has good confidentiality and strong steganography performance, which improves the anti-attack ability of big data, which is used to encrypt the privacy of mobile network.

Nowadays, multimedia content retrieval has become the major service requirement of the Internet and the traffic of these contents has dominated the IP traffic. To reduce the duplicated traffic and improve the performance of distributing massive volumes of multimedia contents, in-network caching has been proposed recently. However, because in-network content caching can be directly utilized to respond users' requests, multimedia content retrieval is beyond content providers' control and makes it hard for them to implement access control and service accounting. In this paper, we propose an attribute-based accountable access control scheme for multimedia content distribution while making the best of in-network caching, in which content providers can be fully offline. In our scheme, the attribute-based encryption at multimedia content provider side and access policy based authentication at the edge router side jointly ensure the secure access control, which is also efficient in both space and time. Besides, secure service accounting is implemented by letting edge routers collect service credentials generated during users' request process. Through the informal security analysis, we prove the security of our scheme. Simulation results demonstrate that our scheme is efficient with acceptable overhead.

The Internet of Things (IoT) relies on sensor devices to measure real-world phenomena in order to provide IoT services. The sensor readings are shared with multiple entities, such as IoT services, other IoT devices or other third parties. The collected data may be sensitive and include personal information. To protect the privacy of the users, the data needs to be protected through an encryption algorithm. For sharing cryptographic cipher-texts with a group of users Attribute-Based Encryption (ABE) is well suited, as it does not require to create group keys. However, the creation of ABE cipher-texts is slow when executed on resource constraint devices, such as IoT sensors. In this paper, we present a modification of an ABE scheme, which not only allows to encrypt data efficiently using ABE but also reduces the size of the cipher-text, that must be transmitted by the sensor. We also show how our modification can be used to realise an instantaneous key revocation mechanism.

Ciphertext-policy Attributes-based Encryption (CP-ABE) is an encouraging cryptographic mechanism. It behaves an access control mechanism for data security. A ciphertext and secret key of user are dependent upon attributes. As a nature of CP-ABE, the data owner defines access policy before encrypting plaintext by his right. Therefore, CP-ABE is suitable in a real environment. In CP-ABE, the revocation issue is demanding since each attribute is shared by many users. A policy-based revolutionary CP-ABE scheme is proposed in this paper. In the proposed scheme, revocation takes place in policy level because a policy consists of threshold attributes and each policy is identified as a unique identity number. Policy revocation means that the data owner updates his policy identity number for ciphertext whenever any attribute is changed in his policy. To be a flexible updating policy control, four types of updating policy levels are identified for the data owner. Authorized user gets a secret key from a trusted authority (TA). TA updates the secret key according to the policy updating level done by the data owner. This paper tests personal health records (PHRs) and analyzes execution times among conventional CP-ABE, other enhanced CP-ABE and the proposed scheme.

The Internet of Things (IoT) is enabling a new generation of innovative services based on the seamless integration of smart objects into information systems. Such IoT devices generate an uninterrupted flow of information that can be transmitted through an untrusted network and stored on an untrusted infrastructure. The latter raises new security and privacy challenges that require novel cryptographic methods. Attribute-Based Encryption (ABE) is a new type of public-key encryption that enforces a fine-grained access control on encrypted data based on flexible access policies. The feasibility of ABE adoption in fully-fledged computing systems, i.e. smartphones or embedded systems, has been demonstrated in recent works. In this paper we assess the feasibility of the adoption of ABE in typical IoT constrained devices, characterized by limited capabilities in terms of computing, storage and power. Specifically, an implementation of three ABE schemes for ESP32, a low-cost popular platform to deploy IoT devices, is developed and evaluated in terms of encryption/decryption time and energy consumption. The performance evaluation shows that the adoption of ABE on constrained devices is feasible, although it has a cost that increases with the number of attributes. The analysis in particular highlights how ABE has a significant impact in the lifetime of battery-powered devices, which is impaired significantly when a high number of attributes is adopted.

The Internet of Things (IoT) is a technological vision in which constrained or embedded devices connect together through the Internet. This enables common objects to be empowered with communication and cooperation capabilities. Industry can take an enormous advantage of IoT, leading to the so-called Industrial IoT. In these systems, integrity, confidentiality, and access control over data are key requirements. An emerging approach to reach confidentiality and access control is Attribute-Based Encryption (ABE), which is a technique able to enforce cryptographically an access control over data. In this paper, we propose fABElous, an ABE scheme suitable for Industrial IoT applications which aims at minimizing the overhead of encryption on communication. fABElous ensures data integrity, confidentiality, and access control, while reducing the communication overhead of 35% with respect to using ABE techniques naively.

Modern cloud applications can consist of hundreds of services with thousands of instances. In order to solve the problems of interservice interaction in this highly dynamic environment, an additional software infrastructure layer called service mesh is introduced. This layer provides a single point of interaction with the network for each service. Service mesh mechanisms are responsible for: load balancing, processing of network requests, service discovery, authentication, authorization, etc. However, the following questions arise: complex key management, fine-grained access control at the application level, confidentiality of data and many-to-many communications. It is possible to solve these problems with Attribute-based encryption (ABE) methods. This paper presents an abstract model of a service mesh and a protocol for interservice communications, which uses ABE for authorization and confidentiality of the messages.

Multi-authority attribute-based encryption (MA-ABE) is a promising technique to protect data privacy and achieve fine-grained access control in edge computing for Internet of Things (IoT). However, most of the existing MA-ABE schemes suffer from expensive computational cost in the encryption and decryption phases, which are not practical for resource constrained users in IoT. We propose a large-universe MA-CP-ABE scheme with online/offline encryption and outsourced decryption. In our scheme, most expensive encryption operations have been executed in the user's initialization phase by adding reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Moreover, massive decryption operation are outsourced to the near edge server for reducing the computation overhead of decryption. The proposed scheme is proven statically secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable for resource-constrained users in edge computing for IoT.

With the growth of the number of smart devices the range of fields where they are used is growing too, and it is essential to protect the communication between them. In addition to data integrity and confidentiality, for which standard mechanisms exists, a security service that may also be required is anonymity, allowing entities to communicate with each other in such a way that no third party knows that they are the participants of a certain message exchange. In this paper we propose a mechanism for creating anonymous communications using MQTT protocol. The design of our solution is based on dynamic broker bridging mechanism and allows clients to subscribe and to publish to a topic remaining incognito.

Generalized chaos systems have more complex dynamic behavior than conventional chaos systems. If a generalized response system can be synchronized with a conventional drive system, the flexible control parameters and unpredictable synchronization state will increase significantly. The study first constructs a four-dimensional nonlinear dynamic equation with quadratic variables as a drive system. The numerical simulation and analyses of the Lyapunov exponent show that it is also a chaotic system. Based on the generalized chaos synchronization (GCS) theory, a four-dimensional diffeomorphism function is designed, and the corresponding GCS response system is generated. Simultaneously, the structural and synchronous circuits of information interaction and control are constructed with Multisim™ software, with the circuit simulation resulting in a good agreement with the numerical calculations. In order to verify the practical effect of generalized synchronization, an RGB digital image secure communication scheme is proposed. We confuse a 24-bit true color image with the designed GCS system, extend the original image to 48-bits, analyze the scheme security from keyspace, key sensitivity and non-symmetric identity authentication, classical types of attacks, and statistical average from the histogram, image correlation. The research results show that this GCS system is simple and feasible, and the encryption algorithm is closely related to the confidential information, which can resist the differential attack. The scheme is suitable to be applied in network images or other multimedia safe communications.