Cryptography

This paper introduces a novel detection method for phishing website attacks while avoiding the issues associated with the deficiencies of the knowledge-based representation and the binary decision. The suggested detection method was performed using Fuzzy Rule Interpolation (FRI). The FRI reasoning methods added the benefit of enhancing the robustness of fuzzy systems and effectively reducing the system’s complexity. These benefits help the Intrusion Detection System (IDS) to generate more realistic and comprehensive alerts in case of phishing attacks. The proposed method was applied to an open-source benchmark phishing website dataset. The results show that the proposed detection method obtained a 97.58% detection rate and effectively reduced the false alerts. Moreover, it effectively smooths the boundary between normal and phishing attack traffic because of its fuzzy nature. It has the ability to generate the required security alert in case of deficiencies in the knowledge-based representation. In addition, the results obtained from the proposed detection method were compared with other literature results. The results showed that the accuracy rate of this work is competitive with other methods. In addition, the proposed detection method can generate the required anti-phishing alerts even if one of the anti-phishing sparse rules does not cover some input parameters (observations). Full article

Consensus algorithms are the building block of any decentralized network where the risk of malicious users is high. These algorithms are required to be robust, scalable, and secure in order to operate properly. Localized state-change consensus (LSC) is a consensus algorithm that is specifically designed to handle state-change consensus, where the state value of given data points can dynamically change and the new value needs to be reflected in the system. LSC utilizes a trust measurement mechanism to validate messages and also enforce cooperation among users. Consensus algorithms, and specifically LSC, can be a practical solution for the immutable and secured communication of autonomous systems with limited computational resources. Indeed, distributed autonomous systems are growing rapidly and the integrity of their communication protocols for coordination and planning is still vulnerable because several units are required to act independently and securely. Therefore, this paper proposes a new localized consensus algorithm for immense and highly dynamic environments with validations through reputation values. The proposed solution can be considered as an efficient and practical consensus solution for any paradigms with resource-constrained devices where a regular encrypted communication method can negatively affect the system performance. Full article

Split manufacturing was introduced as a countermeasure against hardware-level security threats such as IP piracy, overbuilding, and insertion of hardware Trojans. However, the security promise of split manufacturing has been challenged by various attacks which exploit the well-known working principles of design tools to infer the missing back-end-of-line (BEOL) interconnects. In this work, we define the security of split manufacturing formally and provide the associated proof, and we advocate accordingly for a novel, formally secure paradigm. Inspired by the notion of logic locking, we protect the front-end-of-line (FEOL) layout by embedding secret keys which are implemented through the BEOL in such a way that they become indecipherable to foundry-based attacks. At the same time, our technique is competitive with prior art in terms of layout overhead, especially for large-scale designs (ITC’99 benchmarks). Furthermore, another concern for split manufacturing is its practicality (despite successful prototyping). Therefore, we promote an alternative implementation strategy, based on package-level routing, which enables formally secure IP protection without splitting at all, and thus, without the need for a dedicated BEOL facility. We refer to this as “poor man’s split manufacturing” and we study the practicality of this approach by means of physical-design exploration. Full article

Binary PN-sequences generated by LFSRs exhibit good statistical properties; however, due to their intrinsic linearity, they are not suitable for cryptographic applications. In order to break such a linearity, several approaches can be implemented. For example, one can interleave several PN-sequences to increase the linear complexity. In this work, we present a deep randomness study of the resultant sequences of interleaving binary PN-sequences coming from different characteristic polynomials with the same degree. We analyze the period and the linear complexity, as well as many other important cryptographic properties of such sequences. Full article

Vehicular Ad-hoc NETworks (VANETs), a special kind of Mobile Ad-hoc NETworks (MANETs), play an important role in Intelligent Transportation Systems (ITS). Via wireless technology, vehicles exchange information related to road conditions and their status, and, thereby, VANETs enhance transportation safety and efficiency. A critical aspect of VANETs is providing privacy for the vehicles. The employment of pseudonym certificates is a well-known solution to the privacy problems in VANETs. However, certificate management faces challenges in renewing certificates and revoking vehicles. The centralized certificate management, especially resulting in the delay of the revocation process, harms the nodes of VANETs. This paper proposes a blockchain structure-based certificate management for VANETs and voting-based revocation to halt misbehaving vehicles’ actions. Moreover, this paper presents extended privacy for the participants of the voting process using ring signatures. Full article

In the vulnerability analysis of System on Chips, memory hierarchy is considered among the most valuable element to protect against information theft. Many first-order side-channel attacks have been reported on all its components from the main memory to the CPU registers. In this context, memory hierarchy encryption is widely used to ensure data confidentiality. Yet, this solution suffers from both memory and area overhead along with performance losses (timing delays), which is especially critical for cache memories that already occupy a large part of the spatial footprint of a processor. In this paper, we propose a secure and lightweight scheme to ensure the data confidentiality through the whole memory hierarchy. This is done by masking the data in cache memories with a lightweight mask generator that provides masks at each clock cycle without having to store them. Only 8-bit Initialization Vectors are stored for each mask value to enable further recomputation of the masks. The overall security of the masking scheme is assessed through a mutual information estimation that helped evaluate the minimum number of attack traces needed to succeed a profiling side-channel attack to 592 K traces in the attacking phase, which provides an acceptable security level in an analysis where an example of Signal to Noise Ratio of 0.02 is taken. The lightweight aspect of the generator has been confirmed by a hardware implementation that led to resource utilization of 400 LUTs. Full article

The primary purpose of this paper is to bridge the technology gap between Blockchain and Fintech applications. Blockchain technology is already being explored in a wide number of Fintech sectors. After creating a unique taxonomy for Fintech ecosystems, this paper outlines a number of implementation scenarios. For each of the industries in which blockchain is already in use and has established itself as a complementary technology to traditional systems, we give a taxonomy of use cases. In this procedure, we cover both public and private blockchains. Because it is still believed to be in its infancy, especially when it comes to financial use cases, blockchain has both positive and negative aspects. As a result, it is critical to be aware of all of the open research issues in this field. Our goal is to compile a list of open research challenges related to various aspects of the blockchain’s protocol and application layers. Finally, we will provide a clear understanding of the applications for which blockchain can be valuable, as well as the risks associated with its use in parallel. Full article

Stylometry is a well-known field, aiming to identify the author of a text, based only on the way she/he writes. Despite its obvious advantages in several areas, such as in historical research or for copyright purposes, it may also yield privacy and personal data protection issues if it is used in specific contexts, without the users being aware of it. It is, therefore, of importance to assess the potential use of stylometry methods, as well as the implications of their use for online privacy protection. This paper aims to present, through relevant experiments, the possibility of the automated identification of a person using stylometry. The ultimate goal is to analyse the risks regarding privacy and personal data protection stemming from the use of stylometric techniques to evaluate the effectiveness of a specific stylometric identification system, as well as to examine whether proper anonymisation techniques can be applied so as to ensure that the identity of an author of a text (e.g., a user in an anonymous social network) remains hidden, even if stylometric methods are to be applied for possible re-identification. Full article

In the 5G intelligent edge scenario, more and more accelerator-based single-board computers (SBCs) with low power consumption and high performance are being used as edge devices to run the inferencing part of the artificial intelligence (AI) model to deploy intelligent applications. In this paper, we investigate the inference workflow and performance of the You Only Look Once (YOLO) network, which is the most popular object detection model, in three different accelerator-based SBCs, which are NVIDIA Jetson Nano, NVIDIA Jetson Xavier NX and Raspberry Pi 4B (RPi) with Intel Neural Compute Stick2 (NCS2). Different video contents with different input resize windows are detected and benchmarked by using four different versions of the YOLO model across the above three SBCs. By comparing the inference performance of the three SBCs, the performance of RPi + NCS2 is more friendly to lightweight models. For example, the FPS of detected videos from RPi + NCS2 running YOLOv3-tiny is 7.6 times higher than that of YOLOv3. However, in terms of detection accuracy, we found that in the process of realizing edge intelligence, how to better adapt a AI model to run on RPi + NCS2 is much more complex than the process of Jetson devices. The analysis results indicate that Jetson Nano is a trade-off SBCs in terms of performance and cost; it achieves up to 15 FPSs of detected videos when running YOLOv4-tiny, and this result can be further increased by using TensorRT. Full article

The development of increasingly sophisticated quantum computers poses a long-term threat to current cryptographic infrastructure. This has spurred research into both quantum-resistant algorithms and how to safely transition real-world implementations and protocols to quantum-resistant replacements. This transition is likely to be a gradual process due to both the complexity and cost associated with transitioning. One method to ease the transition is the use of classical–quantum hybrid schemes, which provide security against both classical and quantum adversaries. We present a new combiner for creating hybrid encryption schemes directly from traditional encryption schemes. Our construction is the only existing proposal in the literature with $\mathsf{IND}\text{-}\mathsf{CCA}$-security in the classical and quantum random oracle models, respectively. Full article

Mobile banking, shopping, and in-app purchases utilize persistent authentication states for access to sensitive data. One-shot authentication permits access for a fixed time period. For instance, a username/password-based authentication allows a user access to all the shopping and payments data in the Amazon shopping app. Traditional user passwords and lock screens are easily compromised. Snooping attacks—observing an unsuspecting user entering passwords—and smudge attacks—examining touchscreen finger oil residue—enable compromised user authentication. Mobile device interactions provide robust human and device identity data. Such biometrics enhance authentication. In this paper, behavioral attributes during user input constitute the password. Adversary password reproduction difficulty increases since pure observation is insufficient. Current mobile continuous authentication schemes use, among others, touchscreen–swipe interactions or keyboard input timing. Many of these methods require cumbersome training or intrusive authentication. Software keyboard interactions provide a consistent biometric data stream. We develop biometric profiles using touch pressure, location, and timing. New interactions authenticate against a profile using a divergence measure. In our limited user–device data sets, the classification achieves virtually perfect accuracy. Full article

Fully homomorphic encryption (FHE) is a powerful tool in cryptography that allows one to perform arbitrary computations on encrypted material without having to decrypt it first. There are numerous FHE schemes, all of which are expanded from somewhat homomorphic encryption (SHE) schemes, and some of which are considered viable in practice. However, while these FHE schemes are semantically (IND-CPA) secure, the question of their IND-CCA1 security is much less studied, and we therefore provide an overview of the IND-CCA1 security of all acknowledged FHE schemes in this paper. To give this overview, we grouped the SHE schemes into broad categories based on their similarities and underlying hardness problems. For each category, we show that the SHE schemes are susceptible to either known adaptive key recovery attacks, a natural extension of known attacks, or our proposed attacks. Finally, we discuss the known techniques to achieve IND-CCA1-secure FHE and SHE schemes. We concluded that none of the proposed schemes were IND-CCA1-secure and that the known general constructions all had their shortcomings. Full article

Cryptography is an unexpected revolution in information security in the recent decades, where remarkable improvements have been created to provide confidentiality and integrity. Quantum cryptography is one such improvement that has grown rapidly since the first announced protocol. Quantum cryptography contains substantial elements that must be addressed to ensure secure communication between legitimate parties. Quantum key distribution (QKD), a technique for creating a secret key, is one of the most interesting areas in quantum cryptography. This paper reviews some well-known quantum key distribution techniques that have been demonstrated in the past three decades. Furthermore, this paper discusses the process of creating a secret key using quantum mechanics and cryptography methods. Moreover, it explains the relationships between many basic aspects of QKD protocols and suggests some improvements in the cryptosystem. An accurate quantitative comparison between the QKD protocols is presented, especially the runtime execution for each QKD protocol. In addition, the paper will demonstrate a general model of each considered QKD protocol based on security principles. Full article

Many Internet of Things (IoT) devices use an Advanced Encryption Standard (AES) algorithm to secure data stored and transmitted during the communication process. The AES algorithm often suffers DC (DC) attacks. Little has been done to prevent DC attacks, particularly on an AES algorithm. This study focuses on preventing Differential Cryptanalysis attacks. DC attacks are practiced on an AES algorithm that is found on IoT devices. The novel approach of using a Khumbelo Difference Muthavine (KDM) function and changing the 8 × 8 S-Boxes to be the 8 × 32 S-Boxes successfully prevents DC attacks on an AES algorithm. A KDM function is a newly mathematically developed function, coined and used purposely in this study. A KDM function was never produced, defined, or utilized before by any researcher except for in this study. A KDM function makes a new 32-Bit S-Box suitable for the new Modified AES algorithm and confuses the attacker since it comprises many mathematical modulo operators. Additionally, these mathematical modulo operators are irreversible. The study managed to prevent the DC attack of a minimum of $70\%$ on AES and a maximum of $100\%$ on a Simplified DES. The attack on the new Modified AES Algorithm is $0\%$ since no S-Box is used as a building block. Full article

A novel, trusted, and secure durable medium electronic service is proposed in the paper. The proposed idea joins cryptographic methods (such as signing with an electronic seal and data encryption) with blockchain techniques. The e-service and blockchain databases were implemented on the TTP side, which made the presented concept trusted and secure. The proposed electronic service was oriented towards practical implementations, and it has commonly been developed together with a company from the cybersecurity field (which is considered a TTP in the proposed approach). The concept has been designed to meet the requirements of Polish law (i.e., the conditions and regulations related to the implementation of the durable medium in Poland); nevertheless, it can easily be adapted for other regions. The functionality of the presented e-service is illustrated by the example case study. Full article

To prevent eavesdropping and tampering, network security protocols take advantage of asymmetric ciphers to establish session-specific shared keys with which further communication is encrypted using symmetric ciphers. Commonly used asymmetric algorithms include public key encryption, key exchange, and identity-based encryption (IBE). However, network security protocols based on classic identity-based encryption schemes do not have perfect forward secrecy. To solve this problem, we construct the first quantum IBE (QIBE) scheme based on the learning with errors (LWE) problem, which is also the first cryptographic scheme that applies the LWE problem to quantum encryption. We prove that our scheme is fully secure under the random oracle model and highlight the following advantages: (1) Network security protocols with our QIBE scheme provide perfect forward secrecy. The ciphertext is transmitted in the form of a quantum state unknown to the adversary and cannot be copied and stored. Thus, in network security protocols based on QIBE construction, the adversary does not have any previous quantum ciphertext to decrypt for obtaining the previous session key, even if the private identity key is threatened. (2) Classic key generation centre (KGC) systems can still be used in the QIBE scheme to generate and distribute private identity keys, reducing the cost when implementing this scheme. The classic KGC systems can be used because the master public and secret keys of our scheme are both in the form of classic bits. Finally, we present quantum circuits to implement this QIBE scheme and analyse its required quantum resources for given numbers of qubits, Hadamard gates, phase gates, T gates, and CNOT (controlled-NOT) gates. One of our main findings is that the quantum resources required by our scheme increase linearly with the number of plaintext bits to be encrypted. Full article

Cloud computing offers the possibility of providing suitable access within a network for a set of resources. Many users use different services for outsourcing their data within the cloud, saving and mitigating the local storage and other resources involved. One of the biggest concerns is represented by storing sensitive data on remote servers, which can be found to be extremely challenging within different situations related to privacy. Searchable Encryption (SE) represents a particular case of Fully Homomorphic Encryption (FHE) and at the same time represents a method composed from a set of algorithms meant to offer protection for users’ sensitive data, while it preserves the searching functionality on the server-side. There are two main types of SE: Searchable Symmetric Encryption (SSE), where the ciphertexts and trapdoors for searching are performed using private key holders, and Public Key Searchable Encryption (PKSE), in which a specific number of users have the public key based on which are capable of outputting ciphertexts and giving the possibility of producing the trapdoors by using the private key from the holder. In this article, we propose a searchable encryption system that uses biometric authentication. Additionally, biometric data are used in the trapdoor generation process, such that an unauthorized user cannot submit search queries. The proposed system contains three components: classic user authentication (based on username, password, and a message with a code using short message service (SMS), biometric authentication, and the searchable encryption scheme. The first two components can be seen as two-factor authentication (2FA), and the second component represents the initialization step of the searchable encryption scheme. In the end, we show and demonstrate that the proposed scheme can be implemented with success for medium to complex network infrastructures. We have granted special attention to the trapdoor function, which generates a value that can be used to perform the search process and search function that is based on the trapdoor pair for searching within the index structure. We provide the correctness and security proof of the operations, which gives us the guarantee that the cloud servers return the correct documents. Additionally, we discuss measuring the performance of the authentication scheme in terms of performance indicators, introducing two indicators for measuring purposes—namely, cloud average number of non-legitim the user actions for cloud purposes ($C_{ANNL}$) and cloud average number of legitim user actions$\left(C_{ANLU}\right)$. Full article

An adaptor signature can be viewed as a signature concealed with a secret value and, by design, any two of the trio yield the other. In a multiparty setting, an initial adaptor signature allows each party to create additional adaptor signatures without the original secret. Adaptor signatures help address scalability and interoperability issues in blockchain. They can also bring some important advantages to cryptocurrencies, such as low on-chain cost, improved transaction fungibility, and fewer limitations of a blockchain’s scripting language. In this paper, we propose a new two-party adaptor signature scheme that relies on quantum-safe hard problems in coding theory. The proposed scheme uses a hash-and-sign code-based signature scheme introduced by Debris-Alazard et al. and a code-based hard relation defined from the well-known syndrome decoding problem. To achieve all the basic properties of adaptor signatures formalized by Aumayr et al., we introduce further modifications to the aforementioned signature scheme. We also give a security analysis of our scheme and its application to the atomic swap. After providing a set of parameters for our scheme, we show that it has the smallest pre-signature size compared to existing post-quantum adaptor signatures. Full article