Cryptography doi: 10.3390/cryptography3010010

Authors: Syed Kamran Haider Marten van Dijk

Oblivious RAM (ORAM) is a cryptographic primitive which obfuscates the access patterns to a storage, thereby preventing privacy leakage. So far in the current literature, only ‘fully functional’ ORAMs are widely studied which can protect, at a cost of considerable performance penalty, against the strong adversaries who can monitor all read and write operations. However, recent research has shown that information can still be leaked even if only the write access pattern (not reads) is visible to the adversary. For such weaker adversaries, a fully functional ORAM turns out to be an overkill, causing unnecessary overheads. Instead, a simple ‘write-only’ ORAM is sufficient, and, more interestingly, is preferred as it can offer far better performance and energy efficiency than a fully functional ORAM. In this work, we present Flat ORAM: an efficient write-only ORAM scheme which outperforms the closest existing write-only ORAM called HIVE. HIVE suffers from performance bottlenecks while managing the memory occupancy information vital for correctness of the protocol. Flat ORAM introduces a simple idea of Occupancy Map (OccMap) to efficiently manage the memory occupancy information resulting in far better performance. Our simulation results show that, compared to HIVE, Flat ORAM offers 50 % performance gain on average and up to 80 % energy savings.

]]>Cryptography doi: 10.3390/cryptography3010009

Authors: Luigi Accardi Satoshi Iriyama Koki Jimbo Massimo Regoli

A new class of public key agreement (PKA) algorithms called strongly-asymmetric algorithms (SAA) was introduced in a previous paper by some of the present authors. This class can be shown to include some of the best-known PKA algorithms, for example the Diffie&ndash;Hellman and several of its variants. In this paper, we construct a new version of the previous construction, called SAA-5, improving it in several points, as explained in the Introduction. In particular, the construction complexity is reduced, and at the same time, robustness is increased. Intuitively, the main difference between SAA-5 and the usual PKA consists of the fact that in the former class, B (Bob) has more than one public key and A (Alice) uses some of them to produce her public key and others to produce the secret shared key (SSK). This introduces an asymmetry between the sender of the message (B) and the receiver (A) and motivates the name for this class of algorithms. After describing the main steps of SAA-5, we discuss its breaking complexity assuming zero complexity of discrete logarithms and the computational complexity for both A and B to create SSK.

]]>Cryptography doi: 10.3390/cryptography3010008

Authors: Le Van Luyen

Multivariate Public Key Cryptography (MPKC) is one of the main candidates for post-quantum cryptography, especially in the area of signature schemes. In this paper, we instantiate a certificate Identity-Based Signature (IBS) scheme based on Rainbow, one of the most efficient and secure multivariate signature schemes. In addition, we revise the previous identity-based signature scheme IBUOV based on the Unbalanced Oil and Vinegar (UOV) scheme on the security and choice of parameters and obtain that our scheme is more efficient than IBUOV in terms of key sizes and signature sizes.

]]>Cryptography doi: 10.3390/cryptography3010007

Authors: Karuna Pande Joshi Agniva Banerjee

An essential requirement of any information management system is to protect data and resources against breach or improper modifications, while at the same time ensuring data access to legitimate users. Systems handling personal data are mandated to track its flow to comply with data protection regulations. We have built a novel framework that integrates semantically rich data privacy knowledge graph with Hyperledger Fabric blockchain technology, to develop an automated access-control and audit mechanism that enforces users&rsquo; data privacy policies while sharing their data with third parties. Our blockchain based data-sharing solution addresses two of the most critical challenges: transaction verification and permissioned data obfuscation. Our solution ensures accountability for data sharing in the cloud by incorporating a secure and efficient system for End-to-End provenance. In this paper, we describe this framework along with the comprehensive semantically rich knowledge graph that we have developed to capture rules embedded in data privacy policy documents. Our framework can be used by organizations to automate compliance of their Cloud datasets.

]]>Cryptography doi: 10.3390/cryptography3010006

Authors: Yasir Naseer Tariq Shah Dawood Shah Sadam Hussain

The role of substitution boxes is very important in block ciphers. Substitution boxes are utilized to create confusion in the cryptosystem. However, to create both confusion and diffusion in any cryptosystem p-boxes and chaos base substitution boxes are designed. In this work, a simple method is presented that serves both ways. This method is based on composition of the action of symmetric group on Galois field and inversion map. This construction method provides a large number of highly non-linear substitution permutation boxes having the property of confusion as well as diffusion. These substitution permutation boxes have all the cryptography properties. Their utilization in the image encryption application is measured by majority logic criterion. We named these newly designed substitution boxes (S-boxes) as substitution permutation boxes (S-p-boxes), because they serve as both substitution boxes (S-boxes) as well as permutation boxes (p-boxes).

]]>Cryptography doi: 10.3390/cryptography3010005

Authors: Cryptography Editorial Office

Rigorous peer-review is the corner-stone of high-quality academic publishing [...]

]]>Cryptography doi: 10.3390/cryptography3010004

Authors: Ashutosh Dhar Dwivedi Shalini Dhar Gautam Srivastava Rajani Singh

In this work, we focus on LS-design ciphers Fantomas, Robin, and iSCREAM. LS-designs are a family of bitslice ciphers aimed at efficient masked implementations against side-channel analysis. We have analyzed Fantomas and Robin with a technique that previously has not been applied to both algorithms or linear cryptanalysis. The idea behind linear cryptanalysis is to build a linear characteristic that describes the relation between plaintext and ciphertext bits. Such a relationship should hold with probability 0.5 (bias is zero) for a secure cipher. Therefore, we try to find a linear characteristic between plaintext and ciphertext where bias is not equal to zero. This non-random behavior of cipher could be converted to some key-recovery attack. For Fantomas and Robin, we find 5 and 7-round linear characteristics. Using these characteristics, we attack both the ciphers with reduced rounds and recover the key for the same number of rounds. We also apply linear cryptanalysis to the famous CAESAR candidate iSCREAM and the closely related LS-design Robin. For iScream, we apply linear cryptanalysis to the round-reduced cipher and find a 7-round best linear characteristics. Based on those linear characteristics we extend the path in the related-key scenario for a higher number of rounds.

]]>Cryptography doi: 10.3390/cryptography3010003

Authors: Asad Ali Siyal Aisha Zahid Junejo Muhammad Zawish Kainat Ahmed Aiman Khalil Georgia Soursou

Blockchain technology has gained considerable attention, with an escalating interest in a plethora of numerous applications, ranging from data management, financial services, cyber security, IoT, and food science to healthcare industry and brain research. There has been a remarkable interest witnessed in utilizing applications of blockchain for the delivery of safe and secure healthcare data management. Also, blockchain is reforming the traditional healthcare practices to a more reliable means, in terms of effective diagnosis and treatment through safe and secure data sharing. In the future, blockchain could be a technology that may potentially help in personalized, authentic, and secure healthcare by merging the entire real-time clinical data of a patient&rsquo;s health and presenting it in an up-to-date secure healthcare setup. In this paper, we review both the existing and latest developments in the field of healthcare by implementing blockchain as a model. We also discuss the applications of blockchain, along with the challenges faced and future perspectives.

]]>Cryptography doi: 10.3390/cryptography3010002

Authors: Muhammad Rezal Kamel Ariffin Saidu Isah Abubakar Faridah Yunos Muhammad Asyraf Asbullah

This paper presents new short decryption exponent attacks on RSA, which successfully leads to the factorization of RSA modulus N = p q in polynomial time. The paper has two parts. In the first part, we report the usage of the small prime difference method of the form | b 2 p &minus; a 2 q | &lt; N &gamma; where the ratio of q p is close to b 2 a 2 , which yields a bound d &lt; 3 2 N 3 4 &minus; &gamma; from the convergents of the continued fraction expansion of e N &minus; &lceil; a 2 + b 2 a b N &rceil; + 1 . The second part of the paper reports four cryptanalytic attacks on t instances of RSA moduli N s = p s q s for s = 1 , 2 , &hellip; , t where we use N &minus; &lceil; a 2 + b 2 a b N &rceil; + 1 as an approximation of ϕ ( N ) satisfying generalized key equations of the shape e s d &minus; k s ϕ ( N s ) = 1 , e s d s &minus; k ϕ ( N s ) = 1 , e s d &minus; k s ϕ ( N s ) = z s , and e s d s &minus; k ϕ ( N s ) = z s for unknown positive integers d , k s , d s , k s , and z s , where we establish that t RSA moduli can be simultaneously factored in polynomial time using combinations of simultaneous Diophantine approximations and lattice basis reduction methods. In all the reported attacks, we have found an improved short secret exponent bound, which is considered to be better than some bounds as reported in the literature.

]]>Cryptography doi: 10.3390/cryptography3010001

Authors: Seyed Mojtaba Dehnavi

SIMON and SPECK families of block ciphers are well-known lightweight ciphers designed by the NSA. In this note, based on the previous investigations on SIMON, a closed formula for the squared correlations and differential probabilities of the mapping ϕ ( x ) = x ⊙ S 1 ( x ) on F 2 n is given. From the aspects of linear and differential cryptanalysis, this mapping is equivalent to the core quadratic mapping of SIMON via rearrangement of coordinates and EA -equivalence. Based on the proposed explicit formula, a full description of DDT and LAT of ϕ is provided. In the case of SPECK, as the only nonlinear operation in this family of ciphers is addition mod 2 n , after reformulating the formula for linear and differential probabilities of addition mod 2 n , straightforward algorithms for finding the output masks with maximum squared correlation, given the input masks, as well as the output differences with maximum differential probability, given the input differences, are presented. By the aid of the tools given in this paper, the process of the search for linear and differential characteristics of SIMON and SPECK families of block ciphers could be sped up, and the complexity of linear and differential attacks against these ciphers could be reduced.

]]>Cryptography doi: 10.3390/cryptography2040042

Authors: Jonathan Trostle

In some wireless environments, minimizing the size of messages is paramount due to the resulting significant energy savings. We present CMCC (CBC-MAC-CTR-CBC), an authenticated encryption scheme with associated data (AEAD) that is also nonce misuse resistant. The main focus for this work is minimizing ciphertext expansion, especially for short messages including plaintext lengths less than the underlying block cipher length (e.g., 16 bytes). For many existing AEAD schemes, a successful forgery leads directly to a loss of confidentiality. For CMCC, changes to the ciphertext randomize the resulting plaintext, thus forgeries do not necessarily result in a loss of confidentiality which allows us to reduce the length of the authentication tag. For protocols that send short messages, our scheme is similar to Synthetic Initialization Vector (SIV) mode for computational overhead but has much smaller expansion. We prove both a misuse resistant authenticated encryption (MRAE) security bound and an authenticated encryption (AE) security bound for CMCC. We also present a variation of CMCC, CWM (CMCC With MAC), which provides a further strengthening of the security bounds.

]]>Cryptography doi: 10.3390/cryptography2040041

Authors: Christian Frøystad Inger Anne Tøndel Martin Gilje Jaatun

Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident information exchanges between providers to improve accountability of CSPs, and present both such a format and a prototype implementing it. The solution can handle simple incident information natively as well as embed standard representation formats for incident-sharing, such as IODEF and STIX. Preliminary interviews show a desire for such a solution. The discussion considers both technical challenges and non-technical aspects related to improving the situation for incident response in cloud-computing scenarios. Our solution holds the potential of making incident-sharing more efficient.

]]>Cryptography doi: 10.3390/cryptography2040040

Authors: Filippo Gandino Bartolomeo Montrucchio Maurizio Rebaudengo

Security in wireless sensor networks is commonly based on symmetric encryption and requires key-management systems to establish and exchange secret keys. A constraint that is common to many key-management approaches is an upper bound to the total number of nodes in the network. An example is represented by the schemes based on combinatorial design. These schemes use specific rules for the generation of sets of keys that are distributed to the nodes before deploying the network. The aim of these approaches is to improve the resilience of the network. However, the quantity of data that must be stored by each node is proportional to the number of nodes of the network, so the available memory affects the applicability of these schemes. This paper investigates the opportunity of reducing the storage overhead by distributing the same set of keys to more than one node. In addition, the presence of redundant sets of keys affects the resilience and the security of the network. A careful analysis is conducted to evaluate benefits and drawbacks of redundant key distribution approaches. The results show that the use of redundancy decreases the level of resilience, but it scales well on very large networks.

]]>Cryptography doi: 10.3390/cryptography2040039

Authors: Stefania Loredana Nita Marius Iulian Mihailescu Valentin Corneliu Pau

Authentication systems based on biometrics characteristics and data represents one of the most important trend in the evolution of the society, e.g., Smart City, Internet-of-Things (IoT), Cloud Computing, Big Data. In the near future, biometrics systems will be everywhere in the society, such as government, education, smart cities, banks etc. Due to its uniqueness, characteristic, biometrics systems will become more and more vulnerable, privacy being one of the most important challenges. The classic cryptographic primitives are not sufficient to assure a strong level of secureness for privacy. The current paper has several objectives. The main objective consists in creating a framework based on cryptographic modules which can be applied in systems with biometric authentication methods. The technologies used in creating the framework are: C#, Java, C++, Python, and Haskell. The wide range of technologies for developing the algorithms give the readers the possibility and not only, to choose the proper modules for their own research or business direction. The cryptographic modules contain algorithms based on machine learning and modern cryptographic algorithms: AES (Advanced Encryption System), SHA-256, RC4, RC5, RC6, MARS, BLOWFISH, TWOFISH, THREEFISH, RSA (Rivest-Shamir-Adleman), Elliptic Curve, and Diffie Hellman. As methods for implementing with success the cryptographic modules, we will propose a methodology which can be used as a how-to guide. The article will focus only on the first category, machine learning, and data clustering, algorithms with applicability in the cloud computing environment. For tests we have used a virtual machine (Virtual Box) with Apache Hadoop and a Biometric Analysis Tool. The weakness of the algorithms and methods implemented within the framework will be evaluated and presented in order for the reader to acknowledge the latest status of the security analysis and the vulnerabilities founded in the mentioned algorithms. Another important result of the authors consists in creating a scheme for biometric enrollment (in Results). The purpose of the scheme is to give a big overview on how to use it, step by step, in real life, and how to use the algorithms. In the end, as a conclusion, the current work paper gives a comprehensive background on the most important and challenging aspects on how to design and implement an authentication system based on biometrics characteristics.

]]>Cryptography doi: 10.3390/cryptography2040038

Authors: James Jin Kang Kiran Fahd Sitalakshmi Venkatraman

Due to the prevalence and constantly increasing risk of cyber-attacks, new and evolving security mechanisms are required to protect information and networks and ensure the basic security principles of confidentiality, integrity, and availability&mdash;referred to as the CIA triad. While confidentiality and integrity can be achieved using Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates, these depend on the correct authentication of servers, which could be compromised due to man-in-the-middle (MITM) attacks. Many existing solutions have practical limitations due to their operational complexity, deployment costs, as well as adversaries. We propose a novel scheme to detect MITM attacks with minimal intervention and workload to the network and systems. Our proposed model applies a novel inferencing scheme for detecting true anomalies in transmission time at a trusted time server (TTS) using time-based verification of sent and received messages. The key contribution of this paper is the ability to automatically detect MITM attacks with trusted verification of the transmission time using a learning-based inferencing algorithm. When used in conjunction with existing systems, such as intrusion detection systems (IDS), which require comprehensive configuration and network resource costs, it can provide a robust solution that addresses these practical limitations while saving costs by providing assurance.

]]>Cryptography doi: 10.3390/cryptography2040037

Authors: Megha Agrawal Donghoon Chang Jinkeon Kang

A technique of authenticated encryption for memory constrained devices called sp-AELM was proposed by Agrawal et al. at ACISP 2015. The sp-ALEM construction utilizes a sponge-based primitive to support online encryption and decryption functionalities. Online encryption in the construction is achieved in the standard manner by processing plaintext blocks as they arrive to produce ciphertext blocks. However, decryption is achieved by storing only one intermediate state and releasing it to the user upon correct verification. This intermediate state allows a legitimate user to generate the plaintext herself. However, the scheme is nonce-respecting, i.e., the scheme is insecure if the nonce is repeated. Implementation of a nonce is non-trivial in practice, and reuse of a nonce in an AE scheme is often devastating. In this paper, we propose a new AE scheme called dAELM, which stands for deterministic authenticated encryption (DAE) scheme for low memory devices. DAE is used in domains such as the key wrap, where the available message entropy omits the overhead of a nonce. For limiting memory usage, our idea is to use a session key to encrypt a message and share the session key with the user depending upon the verification of a tag. We provide the security proof of the proposed construction in the ideal cipher model.

]]>Cryptography doi: 10.3390/cryptography2040036

Authors: Pratha Anuradha Kameswari Lambadi Jyotsna

In this paper, we gave an attack on RSA (Rivest&ndash;Shamir&ndash;Adleman) Cryptosystem when &phi; ( N ) has small multiplicative inverse modulo e and the prime sum p + q is of the form p + q = 2 n k 0 + k 1 , where n is a given positive integer and k 0 and k 1 are two suitably small unknown integers using sublattice reduction techniques and Coppersmith&rsquo;s methods for finding small roots of modular polynomial equations. When we compare this method with an approach using lattice based techniques, this procedure slightly improves the bound and reduces the lattice dimension. Employing the previous tools, we provide a new attack bound for the deciphering exponent when the prime sum p + q = 2 n k 0 + k 1 and performed an analysis with Boneh and Durfee&rsquo;s deciphering exponent bound for appropriately small k 0 and k 1 .

]]>Cryptography doi: 10.3390/cryptography2040035

Authors: Xavier Boyen Thomas Haines

We present the first linkable ring signature scheme with both unconditional anonymity and forward-secure key update: a powerful tool which has direct applications in elegantly addressing a number of simultaneous constraints in remote electronic voting. We propose a comprehensive security model, and construct a scheme based on the hardness of finding discrete logarithms, and (for forward security) inverting bilinear or multilinear maps of moderate degree to match the time granularity of forward security. We prove efficient security reductions&mdash;which, of independent interest, apply to, and are much tighter than, linkable ring signatures without forward security, thereby vastly improving the provable security of these legacy schemes. If efficient multilinear maps should ever admit a secure realisation, our contribution would elegantly address a number of problems heretofore unsolved in the important application of (multi-election) practical Internet voting. Even if multilinear maps are never obtained, our minimal two-epoch construction instantiated from bilinear maps can be combinatorially boosted to synthesise a polynomial time granularity, which would be sufficient for Internet voting and more.

]]>Cryptography doi: 10.3390/cryptography2040034

Authors: Jialuo Han Jidong Wang

The LoRaWAN is one of the new low-power wide-area network (LPWAN) standards applied to Internet of Things (IoT) technology. The key features of LPWAN are its low power consumption and long-range coverage. The LoRaWAN 1.1 specification includes a basic security scheme. However, this scheme could be further improved in the aspect of key management. In this paper, LoRaWAN 1.1 security is reviewed, and enhanced LoRaWAN security with a root key update scheme is proposed. The root key update will make cryptoanalysis of security keys in LoRaWAN more difficult. The analysis and simulation show that the proposed root key update scheme requires fewer computing resources compared with other key derivation schemes, including the scheme used in the LoRaWAN session key update. The results also show the key generated in the proposed scheme has a high degree of randomness, which is a basic requirement for a security key.

]]>Cryptography doi: 10.3390/cryptography2040033

Authors: Ziyuan Hu Shengli Liu Kefei Chen Joseph K. Liu

An Identity-based encryption (IBE) simplifies key management by taking users&rsquo; identities as public keys. However, how to dynamically revoke users in an IBE scheme is not a trivial problem. To solve this problem, IBE scheme with revocation (namely revocable IBE scheme) has been proposed. Apart from those lattice-based IBE, most of the existing schemes are based on decisional assumptions over pairing-groups. In this paper, we propose a revocable IBE scheme based on a weaker assumption, namely Computational Diffie-Hellman (CDH) assumption over non-pairing groups. Our revocable IBE scheme is inspired by the IBE scheme proposed by D&ouml;ttling and Garg in Crypto2017. Like D&ouml;ttling and Garg&rsquo;s IBE scheme, the key authority maintains a complete binary tree where every user is assigned to a leaf node. To adapt such an IBE scheme to a revocable IBE, we update the nodes along the paths of the revoked users in each time slot. Upon this updating, all revoked users are forced to be equipped with new encryption keys but without decryption keys, thus they are unable to perform decryption any more. We prove that our revocable IBE is adaptive IND-ID-CPA secure in the standard model. Our scheme serves as the first revocable IBE scheme from the CDH assumption. Moreover, we extend our scheme to support Decryption Key Exposure Resistance (DKER) and also propose a server-aided revocable IBE to decrease the decryption workload of the receiver. In our schemes, the size of updating key in each time slot is only related to the number of newly revoked users in the past time slot.

]]>Cryptography doi: 10.3390/cryptography2040032

Authors: Terry Lau Chik Tan

We propose a rank metric codes based encryption based on the hard problem of rank syndrome decoding problem. We propose a new encryption with a public key matrix by considering the adding of a random distortion matrix over F q m of full column rank n. We show that IND-CPA security is achievable for our encryption under assumption of the Decisional Rank Syndrome Decoding problem. Furthermore, we also prove some bounds for the number of matrices of a fixed rank with entries over a finite field. Our proposal allows the choice of the error terms with rank up to r 2 , where r is the error-correcting capability of a code. Our encryption based on Gabidulin codes has public key size of 13 . 68 KB, which is 82 times smaller than the public key size of McEliece Cryptosystem based on Goppa codes. For similar post-quantum security level of 2 140 bits, our encryption scheme has a smaller public key size than the key size suggested by LOI17 Encryption.

]]>Cryptography doi: 10.3390/cryptography2040031

Authors: Ted Krovetz

Two of the fastest types of cryptographic algorithms are the stream cipher and the almost-universal hash function. There are secure examples of each that process data in software using less than one CPU cycle per byte. Hashstream combines the two types of algorithms in a straightforward manner yielding a PRF that can both consume inputs of and produce pseudorandom outputs of any desired length. The result is an object useful in many contexts: authentication, encryption, authenticated encryption, random generation, mask generation, etc. The HS1-SIV authenticated-encryption algorithm&mdash;a CAESAR competition second round selection&mdash;was based on Hashstream and showed the promise of such an approach by having provable security and topping the speed charts in several test configurations.

]]>Cryptography doi: 10.3390/cryptography2040030

Authors: Edoardo Persichetti

The design of a practical code-based signature scheme is an open problem in post-quantum cryptography. This paper is the full version of a work appeared at SIN&rsquo;18 as a short paper, which introduced a simple and efficient one-time secure signature scheme based on quasi-cyclic codes. As such, this paper features, in a fully self-contained way, an accurate description of the scheme setting and related previous work, a detailed security analysis, and an extensive comparison and performance discussion.

]]>Cryptography doi: 10.3390/cryptography2040029

Authors: Salome James N.B. Gayathri P. Vasudeva Reddy

With the rapid development of modern technology, personal privacy has become a critical concern in many applications. Various digitalized applications such as online voting systems and the electronic cash systems need authenticity and anonymity. Blind signature is an advanced technique that provides the authenticity and anonymity of the user by obtaining a valid signature for a message without revealing its content to the signer. The message recovery property minimizes the signature size and allows efficient communication in situations where bandwidth is limited. With the advantage of blind signature and message recovery properties, in this paper, we present a new pairing free blind signature scheme with message recovery in Identity-based settings. The proposed scheme is proven to be secure in the random oracle model under the assumption that the Elliptic Curve Discrete Logarithm Problem (ECDLP) is intractable. The proposed scheme meets the security requirements such as blindness, untracebility, and unforgeability. We compare our scheme with the well-known existing schemes in the literature, and the efficiency analysis shows that our scheme is more efficient in terms of computational and communicational point of view.

]]>Cryptography doi: 10.3390/cryptography2040028

Authors: Ying-Yu Chen Bo-Yuan Huang Justie Su-Tzu Juan

Visual cryptography (VC) encrypts a secret image into n shares (transparency). As such, we cannot see any information from any one share, and the original image is decrypted by stacking all of the shares. The general (k, n)-threshold secret sharing scheme (SSS) can similarly encrypt and decrypt the original image by stacking at least k (&le; n) shares. If one stack is fewer than k shares, the secret image is unrecognizable. Another subject is progressive visual secret sharing, which means that when more shares are progressively stacked, the combined share becomes clearer. In this study, we constructed an advanced scheme for (k, n)-threshold SSS that can be encrypted in VC for any positive integers n &ge; k &ge; 2 through the method of combination, and the size of each share is the same as that of the original image. That is, no pixel expansion is required. Our scheme is novel, and the results from the theoretical analysis and simulation reveal that our scheme exhibits favorable contrast to that of other related schemes.

]]>Cryptography doi: 10.3390/cryptography2040027

Authors: Rami Sheikh Rosario Cammarota

We present Value Prediction for Security (VPsec), a novel hardware-only framework to counter fault attacks in modern microprocessors, while preserving the performance benefits of Value Prediction (VP.) VP is an elegant and hitherto mature microarchitectural performance optimization, which aims to predict the data value ahead of the data production with high prediction accuracy and coverage. Instances of VPsec leverage the state-of-the-art Value Predictors in an embodiment and system design to mitigate fault attacks in modern microprocessors. Specifically, VPsec implementations re-architect any baseline VP embodiment with fault detection logic and reaction logic to mitigate fault attacks to both the datapath and the value predictor itself. VPsec also defines a new mode of execution in which the predicted value is trusted rather than the produced value. From a microarchitectural design perspective, VPsec requires minimal hardware changes (negligible area and complexity impact) with respect to a baseline that supports VP, it has no software overheads (no increase in memory footprint or execution time), and it retains most of the performance benefits of VP under realistic attacks. Our evaluation of VPsec demonstrates its efficacy in countering fault attacks, as well as its ability to retain the performance benefits of VP on cryptographic workloads, such as OpenSSL, and non-cryptographic workloads, such as SPEC CPU 2006/2017.

]]>Cryptography doi: 10.3390/cryptography2030026

Authors: William Diehl Abubakr Abdulgadir Farnoud Farahmand Jens-Peter Kaps Kris Gaj

Authenticated ciphers, which combine the cryptographic services of confidentiality, integrity, and authentication into one algorithmic construct, can potentially provide improved security and efficiencies in the processing of sensitive data. However, they are vulnerable to side-channel attacks such as differential power analysis (DPA). Although the Test Vector Leakage Assessment (TVLA) methodology has been used to confirm improved resistance of block ciphers to DPA after application of countermeasures, extension of TVLA to authenticated ciphers is non-trivial, since authenticated ciphers have expanded input and output requirements, complex interfaces, and long test vectors which include protocol necessary to describe authenticated cipher operations. In this research, we upgrade the FOBOS test architecture with capability to perform TVLA on authenticated ciphers. We show that FPGA implementations of the CAESAR Round 3 candidates ACORN, Ascon, CLOC (with AES and TWINE primitives), SILC (with AES, PRESENT, and LED primitives), JAMBU (with AES and SIMON primitives), and Ketje Jr.; as well as AES-GCM, are vulnerable to 1st order DPA. We then use threshold implementations to protect the above cipher implementations against 1st order DPA, and verify the effectiveness of countermeasures using the TVLA methodology. Finally, we compare the unprotected and protected cipher implementations in terms of area, performance (maximum frequency and throughput), throughput-to-area (TP/A) ratio, power, and energy per bit (E/bit). Our results show that ACORN consumes the lowest number of resources, has the highest TP/A ratio, and is the most energy-efficient of all DPA-resistant implementations. However, Ketje Jr. has the highest throughput.

]]>Cryptography doi: 10.3390/cryptography2030025

Authors: Jean-Luc Danger Youssef El Housni Adrien Facon Cheikh T. Gueye Sylvain Guilley Sylvie Herbel Ousmane Ndiaye Edoardo Persichetti Alexander Schaub

Multiplications in G F ( 2 N ) can be securely optimized for cryptographic applications when the integer N is small and does not match machine words (i.e., N &lt; 32 ). In this paper, we present a set of optimizations applied to DAGS, a code-based post-quantum cryptographic algorithm and one of the submissions to the National Institute of Standards and Technology&rsquo;s (NIST) Post-Quantum Cryptography (PQC) standardization call.

]]>Cryptography doi: 10.3390/cryptography2030024

Authors: Joy Jo-Yi Chang Bo-Yuan Huang Justie Su-Tzu Juan

In (2, 2)-visual secret sharing (VSS) schemes, a common type of (k, n)-threshold VSS schemes, secret information can be decoded directly through only two shares by using a human vision system. Several studies have analyzed methods of simplifying the decoding process and refining encoding to pass more secret images through two identical shares. However, limited secret images are retrieved, and the quality of the recovered images is low. This paper proposes an advanced (2, 2)-VSS scheme that can embed N secret images into two rectangular shares. Compared with other related VSS schemes, more secret images can be encrypted and the distortion is adjustable in the proposed scheme, yielding more flexibility in theory and practice.

]]>Cryptography doi: 10.3390/cryptography2030023

Authors: Sadiel De la Fe Carles Ferrer

Modular inversions are widely employed in public key crypto-systems, and it is known that they imply a bottleneck due to the expensive computation. Recently, a new algorithm for inversions modulo p k was proposed, which may speed up the calculation of a modulus dependent quantity used in the Montgomery multiplication. The original algorithm lacks security countermeasures; thus, a straightforward implementation may expose the input. This is an issue if that input is a secret. In the RSA-CRT signature using Montgomery multiplication, the moduli are secrets (primes p and q). Therefore, the moduli dependent quantities related to p and q must be securely computed. This paper presents a security analysis of the novel method considering that it might be used to compute secrets. We demonstrate that a Side Channel Analysis leads to disclose the data being manipulated. In consequence, a secure variant for inversions modulo 2 k is proposed, through the application of two known countermeasures. In terms of performance, the secure variant is still comparable with the original one.

]]>Cryptography doi: 10.3390/cryptography2030021

Authors: Jim Plusquellic Matt Areno

Physical unclonable function (PUF)-based authentication protocols have been proposed as a strong challenge-response form of authentication for internet of things (IoT) and embedded applications. A special class of so called strong PUFs are best suited for authentication because they are able to generate an exponential number of challenge-response-pairs (CRPs). However, strong PUFs must also be resilient to model-building attacks. Model-building utilizes machine learning algorithms and a small set of CRPs to build a model that is able to predict the responses of a fielded chip, thereby compromising the security of chip-server interactions. In this paper, response bitstrings are eliminated in the message exchanges between chips and the server during authentication, and therefore, it is no longer possible to carry out model-building attacks in the traditional manner. Instead, the chip transmits a Helper Data bitstring to the server and this information is used for authentication instead. The server constructs Helper Data bitstrings using enrollment data that it stores for all valid chips in a secure database and computes correlation coefficients (CCs) between the chip&rsquo;s Helper Data bitstring and each of the server-generated Helper Data bitstrings. The server authenticates (and identifies) the chip if a CC is found that exceeds a threshold, which is determined during characterization. The technique is demonstrated using data from a set of 500 Xilinx Zynq 7020 FPGAs, subjected to industrial-level temperature and voltage variations.

]]>Cryptography doi: 10.3390/cryptography2030022

Authors: Yunxi Guo Timothy Dee Akhilesh Tyagi

Physical Unclonable Functions (PUFs) are designed to extract physical randomness from the underlying silicon. This randomness depends on the manufacturing process. It differs for each device. This enables chip-level authentication and key generation applications. We present an encryption protocol using PUFs as primary encryption/decryption functions. Each party has a PUF used for encryption and decryption. This PUF is constrained to be invertible and commutative. The focus of the paper is an evaluation of an invertible and commutative PUF based on a primitive shifting permutation network&mdash;a barrel shifter. Barrel shifter (BS) PUF captures the delay of different shift paths. This delay is entangled with message bits before they are sent across an insecure channel. BS-PUF is implemented using transmission gates for physical commutativity. Post-layout simulations of a common centroid layout 8-level barrel shifter in 0.13 &mu; m technology assess uniqueness, stability, randomness and commutativity properties. BS-PUFs pass all selected NIST statistical randomness tests. Stability similar to Ring Oscillator (RO) PUFs under environmental variation is shown. Logistic regression of 100,000 plaintext&ndash;ciphertext pairs (PCPs) fails to successfully model BS-PUF behavior.

]]>Cryptography doi: 10.3390/cryptography2030020

Authors: Taimour Wehbe Vincent Mooney David Keezer

Attacks on embedded devices are becoming more and more prevalent, primarily due to the extensively increasing plethora of software vulnerabilities. One of the most dangerous types of these attacks targets application code at run-time. Techniques to detect such attacks typically rely on software due to the ease of implementation and integration. However, these techniques are still vulnerable to the same attacks due to their software nature. In this work, we present a novel hardware-assisted run-time code integrity checking technique where we aim to detect if executable code resident in memory is modified at run-time by an adversary. Specifically, a hardware monitor is designed and attached to the device&rsquo;s main memory system. The monitor creates page-based signatures (hashes) of the code running on the system at compile-time and stores them in a secure database. It then checks for the integrity of the code pages at run-time by regenerating the page-based hashes (with data segments zeroed out) and comparing them to the legitimate hashes. The goal is for any modification to the binary of a user-level or kernel-level process that is resident in memory to cause a comparison failure and lead to a kernel interrupt which allows the affected application to halt safely.

]]>Cryptography doi: 10.3390/cryptography2030019

Authors: Andreas Vogt

n/a

]]>Cryptography doi: 10.3390/cryptography2030018

Authors: Juha Partala

Blockchain is a public open ledger that provides data integrity in a distributed manner. It is the underlying technology of cryptocurrencies and an increasing number of related applications, such as smart contracts. The open nature of blockchain together with strong integrity guarantees on the stored data makes it a compelling platform for covert communication. In this paper, we suggest a method of securely embedding covert messages into a blockchain. We formulate a simplified ideal blockchain model based on existing implementations and devise a protocol that enables two parties to covertly communicate through the blockchain following that model. We also formulate a rigorous definition for the security and covertness of such a protocol based on computational indistinguishability. Finally, we show that our method satisfies this definition in the random oracle model for the underlying cryptographic hash function.

]]>Cryptography doi: 10.3390/cryptography2030017

Authors: Sadman Sakib Preeti Kumari B. M. S. Bahar Talukder Md Tauhidur Rahman Biswajit Ray

Counterfeiting electronic components is a serious problem for the security and reliability of any electronic systems. Unfortunately, the number of counterfeit components has increased considerably after the introduction of horizontal semiconductor supply chain. In this paper, we propose and experimentally demonstrate an approach for detecting recycled Flash memory. The proposed method is based on measurement of change in Flash array characteristics (such as erase time, program time, fail bit count, etc.) with its usage. We find that erase time is the best metric to distinguish a used Flash chip from a fresh one for the following reasons: (1) erase time shows minimal variation among different fresh memory blocks/chip and (2) erase time increases significantly with usage. We verify our method for a wide range of commercial off the shelf Flash chips from several vendors, technology nodes, storage density and storage type (single-bit per cell and multi-bit per cell). The minimum detectable chip usage varies from 0.05% to 3.0% of its total lifetime depending on the exact details of the chip.

]]>Cryptography doi: 10.3390/cryptography2030016

Authors: María Isabel González Vasco Angela Robinson Rainer Steinwandt

In 2008, Doliskani et al. proposed an ElGamal-style encryption scheme using the symmetric group Sn as mathematical platform. In 2012, an improvement of the cryptosystem&rsquo;s memory requirements was suggested by Othman. The proposal by Doliskani et al. in particular requires the discrete logarithm problem in Sn, using its natural representation, to be hard. Making use of the Chinese Remainder Theorem, we describe an efficient method to solve this discrete logarithm problem, yielding a polynomial time secret key recovery attack against Doliskani et al.&rsquo;s proposal.

]]>Cryptography doi: 10.3390/cryptography2030015

Authors: Don Owen Jr. Derek Heeger Calvin Chan Wenjie Che Fareena Saqib Matt Areno Jim Plusquellic

Secure booting within a field-programmable gate array (FPGA) environment is traditionally implemented using hardwired embedded cryptographic primitives and non-volatile memory (NVM)-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during the start-up. The internal configuration access port (ICAP) interface is accessed to read out configuration information of the unencrypted bitstream, which is then used as input to a secure hash function SHA-3 to generate a digest. In contrast to conventional authentication, where the digest is computed and compared with a second pre-computed value, we use the digest as a challenge to a hardware-embedded delay physical unclonable function (PUF) called HELP. The delays of the paths sensitized by the challenges are used to generate a decryption key using the HELP algorithm. The decryption key is used in the second stage of the boot process to decrypt the operating system (OS) and applications. It follows that any type of malicious tampering with the unencrypted bitstream changes the challenges and the corresponding decryption key, resulting in key regeneration failure. A ring oscillator is used as a clock to make the process autonomous (and unstoppable), and a novel on-chip time-to-digital-converter is used to measure path delays, making the proposed boot process completely self-contained, i.e., implemented entirely within the re-configurable fabric and without utilizing any vendor-specific FPGA features.

]]>Cryptography doi: 10.3390/cryptography2030014

Authors: Balaji Chandrasekaran Ramadoss Balakrishnan

Attribute-based encryption (ABE) is used for achieving data confidentiality and access control in cloud environments. Most often ABE schemes are constructed using bilinear pairing which has a higher computational complexity, making algorithms inefficient to some extent. The motivation of this paper is on achieving user privacy during the interaction with attribute authorities by improving the efficiency of ABE schemes in terms of computational complexity. As a result the aim of this paper is two-fold; firstly, to propose an efficient Tate pairing algorithm based on multi-base number representation system using point halving (TP-MBNR-PH) with bases 1/2, 3, and 5 to reduce the cost of bilinear pairing operations and, secondly, the TP-MBNR-PH algorithm is applied in decentralized KP-ABE to compare its computational costs for encryption and decryption with existing schemes.

]]>Cryptography doi: 10.3390/cryptography2030013

Authors: Nikolaos Athanasios Anagnostopoulos Tolga Arul Yufan Fan Christian Hatzfeld André Schaller Wenjie Xiong Manishkumar Jain Muhammad Umair Saleem Jan Lotichius Sebastian Gabmeyer Jakub Szefer Stefan Katzenbeisser

Physical Unclonable Functions (PUFs) based on the retention times of the cells of a Dynamic Random Access Memory (DRAM) can be utilised for the implementation of cost-efficient and lightweight cryptographic protocols. However, as recent work has demonstrated, the times needed in order to generate their responses may prohibit their widespread usage. To address this issue, the Row Hammer PUF has been proposed by Schaller et al., which leverages the row hammer effect in DRAM modules to reduce the retention times of their cells and, therefore, significantly speed up the generation times for the responses of PUFs based on these retention times. In this work, we extend the work of Schaller et al. by presenting a run-time accessible implementation of this PUF and by further reducing the time required for the generation of its responses. Additionally, we also provide a more thorough investigation of the effects of temperature variations on the Row Hammer PUF and briefly discuss potential statistical relationships between the cells used to implement it. As our results prove, the Row Hammer PUF could potentially provide an adequate level of security for Commercial Off-The-Shelf (COTS) devices, if its dependency on temperature is mitigated, and, may therefore, be commercially adopted in the near future.

]]>Cryptography doi: 10.3390/cryptography2030012

Authors: Michel A. Kinsy Lake Bu Mihailo Isakov Miguel Mark

In current systems-on-chip (SoCs) designs, processing elements, i.e., intellectual property (IP) cores, may come from different providers, and executable code may have varying levels of trust, all executing on the same compute platform and sharing resources. This creates a very fertile attack ground and represents the Achilles&rsquo; heel of heterogeneous SoC architectures and distributed connected devices. The general consensus today is that conventional approaches and software-only add-on schemes fail to provide sufficient security protections and trustworthiness. In this paper, we develop a secure heterogeneous SoC architecture named Hermes. It represents a new architectural model that integrates multiple processing elements (called tenants) of secure and non-secure cores into the same chip design while: (a) maintaining individual tenant security; (b) preventing data leakage and corruption; (c) promoting collaboration among the tenants; and (d) tolerating untrusted tenants with potentially malicious purposes. The Hermes architecture is based on a programmable secure router interface and a trust-aware routing algorithm. Depending on the trust levels of computing nodes, it is able to virtually isolate them in different access modes to the memory blocks. With secure key management and join protocols, Hermes is also able to function properly when nodes request for, or allow, memory access in a dishonest manner. With 17% hardware overhead, it enables the implementation of processing-element-oblivious secure multicore systems with a programmable distributed group key management scheme. The Hermes architecture is meant to emblematize the design of secure heterogeneous multicore computing systems out of unsecured or untrusted components using user-defined security policies to create at the hardware-level virtual zones to enforce these security and trust policies.

]]>Cryptography doi: 10.3390/cryptography2020011

Authors: Shoichi Hirose

This article presents a sequential domain extension scheme with minimum padding for hashing using a compression function. The proposed domain extension scheme is free from the length extension property. The collision resistance of a hash function using the proposed domain extension is shown to be reduced to the collision resistance and the everywhere preimage resistance of the underlying compression function in the standard model, where the compression function is assumed to be chosen at random from a function family in some efficient way. Its indifferentiability from a random oracle up to the birthday bound is also shown on the assumption that the underlying compression function is a fixed-input-length random oracle or the Davies-Meyer mode of a block cipher chosen uniformly at random. The proposed domain extension is also applied to the sponge construction and the resultant hash function is shown to be indifferentiable from a random oracle up to the birthday bound in the ideal permutation model. The proposed domain extension scheme is expected to be useful for processing short messages.

]]>Cryptography doi: 10.3390/cryptography2020010

Authors: Alan Litchfield Jeff Herbert

This paper presents a method for a decentralised peer-to-peer software license validation system using cryptocurrency blockchain technology to ameliorate software piracy, and to provide a mechanism for software developers to protect copyrighted works. Protecting software copyright has been an issue since the late 1970s and software license validation has been a primary method employed in an attempt to minimise software piracy and protect software copyright. The method described creates an ecosystem in which the rights and privileges of participants are observed.

]]>Cryptography doi: 10.3390/cryptography2020009

Authors: Filipe Casal João Rasga André Souto

We study characterizations of one-way functions in terms of time-bounded Kolmogorov complexity. As the main contribution, we propose definitions for strong and weak Kolmogorov one-way functions and show that these are equivalent to classical strong and weak one-way functions, respectively. The new definitions were motivated by the fact that the expected value approach is not able to characterize strong one-way functions as we prove in the paper.

]]>Cryptography doi: 10.3390/cryptography2020008

Authors: Sebastian Baur Holger Boche

We consider an authentication process that makes use of biometric data or the output of a physical unclonable function (PUF), respectively, from an information theoretical point of view. We analyse different definitions of achievability for the authentication model. For the secrecy of the key generated for authentication, these definitions differ in their requirements. In the first work on PUF based authentication, weak secrecy has been used and the corresponding capacity regions have been characterized. The disadvantages of weak secrecy are well known. The ultimate performance criteria for the key are perfect secrecy together with uniform distribution of the key. We derive the corresponding capacity region. We show that, for perfect secrecy and uniform distribution of the key, we can achieve the same rates as for weak secrecy together with a weaker requirement on the distribution of the key. In the classical works on PUF based authentication, it is assumed that the source statistics are known perfectly. This requirement is rarely met in applications. That is why the model is generalized to a compound model, taking into account source uncertainty. We also derive the capacity region for the compound model requiring perfect secrecy. Additionally, we consider results for secure storage using a biometric or PUF source that follow directly from the results for authentication. We also generalize known results for this problem by weakening the assumption concerning the distribution of the data that shall be stored. This allows us to combine source compression and secure storage.

]]>Cryptography doi: 10.3390/cryptography2020007

Authors: Nikolaos Anagnostopoulos Stefan Katzenbeisser John Chandy Fatemeh Tehranipoor

Recent developments have increased the demand for adequate security solutions, based on primitives that cannot be easily manipulated or altered, such as hardware-based primitives. Security primitives based on Dynamic Random Access Memory (DRAM) can provide cost-efficient and practical security solutions, especially for resource-constrained devices, such as hardware used in the Internet of Things (IoT), as DRAMs are an intrinsic part of most contemporary computer systems. In this work, we present a comprehensive overview of the literature regarding DRAM-based security primitives and an extended classification of it, based on a number of different criteria. In particular, first, we demonstrate the way in which DRAMs work and present the characteristics being exploited for the implementation of security primitives. Then, we introduce the primitives that can be implemented using DRAM, namely Physical Unclonable Functions (PUFs) and True Random Number Generators (TRNGs), and present the applications of each of the two types of DRAM-based security primitives. We additionally proceed to assess the security such primitives can provide, by discussing potential attacks and defences, as well as the proposed security metrics. Subsequently, we also compare these primitives to other hardware-based security primitives, noting their advantages and shortcomings, and proceed to demonstrate their potential for commercial adoption. Finally, we analyse our classification methodology, by reviewing the criteria employed in our classification and examining their significance.

]]>Cryptography doi: 10.3390/cryptography2010006

Authors: Bertrand Cambou Paul Flikkema James Palmer Donald Telesca Christopher Philabaum

Modern computer microarchitectures build on well-established foundations that have encouraged a pattern of computational homogeneity that many cyberattacks depend on. We suggest that balanced ternary logic can be valuable to Internet of Things (IoT) security, authentication of connected vehicles, as well as hardware and software assurance, and have developed a ternary encryption scheme between a computer and smartcard based on public key exchange through non-secure communication channels to demonstrate the value of balanced ternary systems. The concurrent generation of private keys by the computer and the smartcard uses ternary schemes and cryptographic primitives such as ternary physical unclonable functions. While general purpose ternary computers have not succeeded in general use, heterogeneous computing systems with small ternary computing units dedicated to cryptographic functions have the potential to improve information assurance, and may also be designed to execute binary legacy codes.

]]>Cryptography doi: 10.3390/cryptography2010005

Authors: Jani Suomalainen Adrian Kotelba Jari Kreku Sami Lehtonen

The threat of quantum-computer-assisted cryptanalysis is forcing the security community to develop new types of security protocols. These solutions must be secure against classical and post-quantum cryptanalysis techniques as well as feasible for all kinds of devices, including energy-restricted Internet of Things (IoT) devices. The quantum immunity can be implemented in the cryptographic layer, e.g., by using recent lattice-based key exchange algorithms NewHope or Frodo, or in the physical layer of wireless communication, by utilizing eavesdropping-resistant secrecy coding techniques. In this study, we explore and compare the feasibility and energy efficiency of selected cryptographic layer and physical layer approaches by applying an evaluation approach that is based on simulation and modeling. In particular, we consider NewHope and Frodo key exchange algorithms as well as novel physical layer secrecy coding approach that is based on polar codes. The results reveal that our proposed physical layer implementation is very competitive with respect to the cryptographic solutions, particularly in short-range wireless communication. We also observed that the total energy consumption is unequally divided between transmitting and receiving devices in all the studied approaches. This may be an advantage when designing security architectures for energy-restricted devices.

]]>Cryptography doi: 10.3390/cryptography2010004

Authors: Iftekhar Salam Leonie Simpson Harry Bartlett Ed Dawson Kenneth Koon-Ho Wong

This paper investigates the application of fault attacks to the authenticated encryption stream cipher algorithm MORUS. We propose fault attacks on MORUS with two different goals: one to breach the confidentiality component, and the other to breach the integrity component. For the fault attack on the confidentiality component of MORUS, we propose two different types of key recovery. The first type is a partial key recovery using a permanent fault model, except for one of the variants of MORUS where the full key is recovered with this model. The second type is a full key recovery using a transient fault model, at the cost of a higher number of faults compared to the permanent fault model. Finally, we describe a fault attack on the integrity component of MORUS, which performs a forgery using the bit-flipping fault model.

]]>Cryptography doi: 10.3390/cryptography2010003

Authors: Dimitrios Alvanos Konstantinos Limniotis Stavros Stavrou

Security issues of typical Voice over Internet Protocol (VoIP) applications are studied in this paper; in particular, the open source Linphone application is being used as a case study. An experimental analysis indicates that protecting signalling data with the TLS protocol, which unfortunately is not always the default option, is needed to alleviate several security concerns. Moreover, towards improving security, it is shown that a VoIP application may operate over a virtual private network without significantly degrading the overall performance. The conclusions of this study provide useful insights to the usage of any VoIP application.

]]>Cryptography doi: 10.3390/cryptography2010002

Authors: Cryptography Editorial Office

Peer review is an essential part in the publication process, ensuring that Cryptography maintains high quality standards for its published papers.[...]

]]>Cryptography doi: 10.3390/cryptography2010001

Authors: Aleksandr Ometov Sergey Bezzateev Niko Mäkitalo Sergey Andreev Tommi Mikkonen Yevgeni Koucheryavy

Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.

]]>Cryptography doi: 10.3390/cryptography1030025

Authors: Anunay Kulshrestha Akshay Rampuria Matthew Denton Ashwin Sreenivas

We introduce a robust framework that allows for cryptographically secure multiparty computations, such as distributed private value auctions. The security is guaranteed by two-sided authentication of all network connections, homomorphically encrypted bids, and the publication of zero-knowledge proofs of every computation. This also allows a non-participant verifier to verify the result of any such computation using only the information broadcasted on the network by each individual bidder. Building on previous work on such systems, we design and implement an extensible framework that puts the described ideas to practice. Apart from the actual implementation of the framework, our biggest contribution is the level of protection we are able to guarantee from attacks described in previous work. In order to provide guidance to users of the library, we analyze the use of zero knowledge proofs in ensuring the correct behavior of each node in a computation. We also describe the usage of the library to perform a private-value distributed auction, as well as the other challenges in implementing the protocol, such as auction registration and certificate distribution. Finally, we provide performance statistics on our implementation of the auction.

]]>Cryptography doi: 10.3390/cryptography1030024

Authors: Hae-Duck Jeong WonHwi Ahn Hyeonggeun Kim Jong-Suk Lee

Internet utilisation has steadily increased, predominantly due to the rapid recent development of information and communication networks and the widespread distribution of smartphones. As a result of this increase in Internet consumption, various types of services, including web services, social networking services (SNS), Internet banking, and remote processing systems have been created. These services have significantly enhanced global quality of life. However, as a negative side-effect of this rapid development, serious information security problems have also surfaced, which has led to serious to Internet privacy invasions and network attacks. In an attempt to contribute to the process of addressing these problems, this paper proposes a process to detect anomalous traffic using self-similarity analysis in the Anomaly Teletraffic detection Measurement analysis Simulator (ATMSim) environment as a research method. Simulations were performed to measure normal and anomalous traffic. First, normal traffic for each attack, including the Address Resolution Protocol (ARP) and distributed denial-of-service (DDoS) was measured for 48 h over 10 iterations. Hadoop was used to facilitate processing of the large amount of collected data, after which MapReduce was utilised after storing the data in the Hadoop Distributed File System (HDFS). A new platform on Hadoop, the detection system ATMSim, was used to identify anomalous traffic after which a comparative analysis of the normal and anomalous traffic was performed through a self-similarity analysis. There were four categories of collected traffic that were divided according to the attack methods used: normal local area network (LAN) traffic, DDoS attack, and ARP spoofing, as well as DDoS and ARP attack. ATMSim, the anomaly traffic detection system, was used to determine if real attacks could be identified effectively. To achieve this, the ATMSim was used in simulations for each scenario to test its ability to distinguish between normal and anomalous traffic. The graphic and quantitative analyses in this study, based on the self-similarity estimation for the four different traffic types, showed a burstiness phenomenon when anomalous traffic occurred and self-similarity values were high. This differed significantly from the results obtained when normal traffic, such as LAN traffic, occurred. In further studies, this anomaly detection approach can be utilised with biologically inspired techniques that can predict behaviour, such as the artificial neural network (ANN) or fuzzy approach.

]]>Cryptography doi: 10.3390/cryptography1030023

Authors: Chenglu Jin Charles Herder Ling Ren Phuong Nguyen Benjamin Fuller Srinivas Devadas Marten Van Dijk

Herder et al. (IEEE Transactions on Dependable and Secure Computing, 2017) designed a new computational fuzzy extractor and physical unclonable function (PUF) challenge-response protocol based on the Learning Parity with Noise (LPN) problem. The protocol requires no irreversible state updates on the PUFs for security, like burning irreversible fuses, and can correct for significant measurement noise when compared to PUFs using a conventional (information theoretical secure) fuzzy extractor. However, Herder et al. did not implement their protocol. In this paper, we give the first implementation of a challenge response protocol based on computational fuzzy extractors. Our main insight is that “confidence information” does not need to be kept private, if the noise vector is independent of the confidence information, e.g., the bits generated by ring oscillator pairs which are physically placed close to each other. This leads to a construction which is a simplified version of the design of Herder et al. (also building on a ring oscillator PUF). Our simplifications allow for a dramatic reduction in area by making a mild security assumption on ring oscillator physical obfuscated key output bits.

]]>Cryptography doi: 10.3390/cryptography1030022

Authors: George Ekladious Robert Sabourin Eric Granger

Biometric traits, such as fingerprints, faces and signatures have been employed in bio-cryptosystems to secure cryptographic keys within digital security schemes. Reliable implementations of these systems employ error correction codes formulated as simple distance thresholds, although they may not effectively model the complex variability of behavioral biometrics like signatures. In this paper, a Global-Local Distance Metric (GLDM) framework is proposed to learn cost-effective distance metrics, which reduce within-class variability and augment between-class variability, so that simple error correction thresholds of bio-cryptosystems provide high classification accuracy. First, a large number of samples from a development dataset are used to train a global distance metric that differentiates within-class from between-class samples of the population. Then, once user-specific samples are available for enrollment, the global metric is tuned to a local user-specific one. Proof-of-concept experiments on two reference offline signature databases confirm the viability of the proposed approach. Distance metrics are produced based on concise signature representations consisting of about 20 features and a single prototype. A signature-based bio-cryptosystem is designed using the produced metrics and has shown average classification error rates of about 7% and 17% for the PUCPR and the GPDS-300 databases, respectively. This level of performance is comparable to that obtained with complex state-of-the-art classifiers.

]]>Cryptography doi: 10.3390/cryptography1030021

Authors: Harry Shaw

Processes of gene expression such as regulation of transcription by the general transcription complex can be used to create hard cryptographic protocols which should not be breakable by common cipherattack methodologies. The eukaryotic processes of gene expression permit expansion of DNA cryptography into complex networks of transcriptional and translational coding interactions. I describe a method of coding messages into genes and their regulatory sequences, transcription products, regulatory protein complexes, transcription proteins, translation proteins and other required sequences. These codes then serve as the basis for a cryptographic model based on the processes of gene expression. The protocol provides a hierarchal structure that extends from the initial coding of a message into a DNA code (ciphergene), through transcription and ultimately translation into a protein code (cipherprotein). The security is based upon unique knowledge of the DNA coding process, all of the regulatory codes required for expression, and their interactions. This results in a set of cryptographic protocols that is capable of securing data at rest, data in motion and providing an evolvable form of security between two or more parties. The conclusion is that implementation of these protocols will enhance security and substantially burden cyberattackers to develop new forms of countermeasures.

]]>Cryptography doi: 10.3390/cryptography1030020

Authors: Tom Eccles Basel Halak

Traditional utility metering is to be replaced by smart metering. Smart metering enables fine-grained utility consumption measurements. These fine-grained measurements raise privacy concerns due to the lifestyle information which can be inferred from the precise time at which utilities were consumed. This paper outlines and compares two privacy-respecting time of use billing protocols for smart metering and investigates their performance on a variety of hardware. These protocols protect the privacy of customers by never transmitting the fine-grained utility readings outside of the customer’s home network. One protocol favors complexity on the trusted smart meter hardware while the other uses homomorphic commitments to offload computation to a third device. Both protocols are designed to operate on top of existing cryptographic secure channel protocols in place on smart meters. Proof of concept software implementations of these protocols have been written and their suitability for real world application to low-performance smart meter hardware is discussed. These protocols may also have application to other privacy conscious aggregation systems, such as electronic voting.

]]>Cryptography doi: 10.3390/cryptography1030019

Authors: Sarah Renwick Keith Martin

Public cloud service providers provide an infrastructure that gives businesses and individuals access to computing power and storage space on a pay-as-you-go basis. This allows these entities to bypass the usual costs associated with having their own data centre such as: hardware, construction, air conditioning and security costs, for example, making this a cost-effective solution for data storage. If the data being stored is of a sensitive nature, encrypting it prior to outsourcing it to a public cloud is a good method of ensuring the confidentiality of the data. With the data being encrypted, however, searching over it becomes unfeasible. In this paper, we examine different architectures for supporting search over encrypted data and discuss some of the challenges that need to be overcome if these techniques are to be engineered into practical systems.

]]>Cryptography doi: 10.3390/cryptography1030018

Authors: Anton Pljonkin Konstantin Rumyantsev Pradeep Singh

In the description of quantum key distribution systems, much attention is paid to the operation of quantum cryptography protocols. The main problem is the insufficient study of the synchronization process of quantum key distribution systems. This paper contains a general description of quantum cryptography principles. A two-line fiber-optic quantum key distribution system with phase coding of photon states in transceiver and coding station synchronization mode was examined. A quantum key distribution system was built on the basis of the scheme with automatic compensation of polarization mode distortions. Single-photon avalanche diodes were used as optical radiation detecting devices. It was estimated how the parameters used in quantum key distribution systems of optical detectors affect the detection of the time frame with attenuated optical pulse in synchronization mode with respect to its probabilistic and time-domain characteristics. A design method was given for the process that detects the time frame that includes an optical pulse during synchronization. This paper describes the main quantum communication channel attack methods by removing a portion of optical emission. This paper describes the developed synchronization algorithm that takes into account the time required to restore the photodetector’s operation state after the photon has been registered during synchronization. The computer simulation results of the developed synchronization algorithm were analyzed. The efficiency of the developed algorithm with respect to synchronization process protection from unauthorized gathering of optical emission is demonstrated herein.

]]>Cryptography doi: 10.3390/cryptography1030017

Authors: Wenjie Che Venkata Kajuluri Fareena Saqib Jim Plusquellic

A special class of Physical Unclonable Functions (PUFs) referred to as strong PUFs can be used in novel hardware-based authentication protocols. Strong PUFs are required for authentication because the bit strings and helper data are transmitted openly by the token to the verifier, and therefore are revealed to the adversary. This enables the adversary to carry out attacks against the token by systematically applying challenges and obtaining responses in an attempt to machine learn, and later predict, the token’s response to an arbitrary challenge. Therefore, strong PUFs must both provide an exponentially large challenge space and be resistant to machine-learning attacks in order to be considered secure. We investigate a transformation called temperature–voltage compensation (TVCOMP), which is used within the Hardware-Embedded Delay PUF (HELP) bit string generation algorithm. TVCOMP increases the diversity and unpredictability of the challenge–response space, and therefore increases resistance to model-building attacks. HELP leverages within-die variations in path delays as a source of random information. TVCOMP is a linear transformation designed specifically for dealing with changes in delay introduced by adverse temperature–voltage (environmental) variations. In this paper, we show that TVCOMP also increases entropy and expands the challenge–response space dramatically.

]]>Cryptography doi: 10.3390/cryptography1030016

Authors: Florentin Thullier Bruno Bouchard Bob-Antoine Menelas

This paper presents a text independent speaker authentication method adapted to mobile devices. Special attention was placed on delivering a fully operational application, which admits a sufficient reliability level and an efficient functioning. To this end, we have excluded the need for any network communication. Hence, we opted for the completion of both the training and the identification processes directly on the mobile device through the extraction of linear prediction cepstral coefficients and the naive Bayes algorithm as the classifier. Furthermore, the authentication decision is enhanced to overcome misidentification through access privileges that the user should attribute to each application beforehand. To evaluate the proposed authentication system, eleven participants were involved in the experiment, conducted in quiet and noisy environments. Public speech corpora were also employed to compare this implementation to existing methods. Results were efficient regarding mobile resources’ consumption. The overall classification performance obtained was accurate with a small number of samples. Then, it appeared that our authentication system might be used as a first security layer, but also as part of a multilayer authentication, or as a fall-back mechanism.

]]>Cryptography doi: 10.3390/cryptography1020015

Authors: Diego Romano Giovanni Schmid

After more than eight years since the launch of Bitcoin, the decentralized transaction ledger functionality implemented through the blockchain technology is being used not only for cryptocurrencies, but to register, confirm and transfer any kind of contract and property. In this work, we analyze the most relevant functionalities and known issues of this technology, with the intent of pointing out the possible behaviours that are not as efficient and reliable as they should be when thinking with a broader outlook.

]]>Cryptography doi: 10.3390/cryptography1020014

Authors: Rémi Bricout André Chailloux

In this paper, we study relativistic bit commitment, which uses timing and location constraints to achieve information theoretic security. Using those constraints, we consider a relativistic bit commitment scheme introduced by Lunghi et al. This protocol was shown secure against classical adversaries as long as the number of rounds performed in the protocol is not too large. In this work, we study classical attacks on this scheme. We use the correspondence between this protocol and the CHSHQ game—which is a variant of the CHSH game—to derive cheating strategies for this protocol. Our attack matches the existing security bound for some range of parameters and shows that the scaling of the security in the number of rounds is essentially optimal.

]]>Cryptography doi: 10.3390/cryptography1020013

Authors: Xukai Zou Huian Li Feng Li Wei Peng Yan Sui

Many e-voting techniques have been proposed but not widely used in reality. One of the problems associated with most existing e-voting techniques is the lack of transparency, leading to a failure to deliver voter assurance. In this work, we p verifiable, viewable, and mutual restraining e-voting protocol that exploits the existing multi-party political dynamics such as in the US. The new e-voting protocol consists of three original technical contributions—universal verifiable voting vector, forward and backward mutual lock voting, and in-process check and enforcement—that, along with a public real time bulletin board, resolves the apparent conflicts in voting such as anonymity vs. accountability and privacy vs. verifiability. Especially, the trust is split equally among tallying authorities who have conflicting interests and will technically restrain each other. The voting and tallying processes are transparent/viewable to anyone, which allow any voter to visually verify that his vote is indeed counted and also allow any third party to audit the tally, thus, enabling open and fair election. Depending on the voting environment, our interactive protocol is suitable for small groups where interaction is encouraged, while the non-interactive protocol allows large groups to vote without interaction.

]]>Cryptography doi: 10.3390/cryptography1020012

Authors: Elham Kashefi Anna Pappa

Quantum computing has seen tremendous progress in the past few years. However, due to limitations in the scalability of quantum technologies, it seems that we are far from constructing universal quantum computers for everyday users. A more feasible solution is the delegation of computation to powerful quantum servers on the network. This solution was proposed in previous studies of blind quantum computation, with guarantees for both the secrecy of the input and of the computation being performed. In this work, we further develop this idea of computing over encrypted data, to propose a multiparty delegated quantum computing protocol in the measurement-based quantum computing framework. We prove the security of the protocol against a dishonest server and against dishonest clients, under the assumption of common classical cryptographic constructions.

]]>Cryptography doi: 10.3390/cryptography1020011

Authors: Jamie Sikora

Die-rolling is the cryptographic task where two mistrustful, remote parties wish to generate a random D-sided die-roll over a communication channel. Optimal quantum protocols for this task have been given by Aharon and Silman (New Journal of Physics, 2010) but are based on optimal weak coin-flipping protocols that are currently very complicated and not very well understood. In this paper, we first present very simple classical protocols for die-rolling that have decent (and sometimes optimal) security, which is in stark contrast to coin-flipping, bit-commitment, oblivious transfer, and many other two-party cryptographic primitives. We also present quantum protocols based on the idea of integer-commitment, a generalization of bit-commitment, where one wishes to commit to an integer. We analyze these protocols using semidefinite programming and finally give protocols that are very close to Kitaev’s lower bound for any D ≥ 3 . Lastly, we briefly discuss an application of this work to the quantum state discrimination problem.

]]>Cryptography doi: 10.3390/cryptography1020010

Authors: George Hatzivasilis

Computers are used in our everyday activities, with high volumes of users accessing provided services. One-factor authentication consisting of a username and a password is the common choice to authenticate users in the web. However, the poor password management practices are exploited by attackers that disclose the users’ credentials, harming both users and vendors. In most of these occasions the user data were stored in clear or were just processed by a cryptographic hash function. Password-hashing techniques are applied to fortify this user-related information. The standardized primitive is currently the PBKDF2 while other widely-used schemes include Bcrypt and Scrypt. The evolution of parallel computing enables several attacks in password-hash cracking. The international cryptographic community conducted the Password Hashing Competition (PHC) to identify new efficient and more secure password-hashing schemes, suitable for widespread adoption. PHC advanced our knowledge of password-hashing. Further analysis efforts revealed security weaknesses and novel schemes were designed afterwards. This paper provides a review of password-hashing schemes until the first quarter of 2017 and a relevant performance evaluation analysis on a common setting in terms of code size, memory consumption, and execution time.

]]>Cryptography doi: 10.3390/cryptography1010009

Authors: Swapnoneel Roy Chanchal Khatwani

Elliptic curve cryptography (ECC) is extensively used in various multifactor authentication protocols. In this work, various recent ECC-based authentication and key exchange protocols are subjected to threat modeling and static analysis to detect vulnerabilities and to enhance them to be more secure against threats. This work demonstrates how currently-used ECC-based protocols are vulnerable to attacks. If protocols are vulnerable, damage could include critical data loss and elevated privacy concerns. The protocols considered in this work differ in their usage of security factors (e.g., passwords, pins and biometrics), encryption and timestamps. The threat model considers various kinds of attacks including denial of service, man in the middle, weak authentication and SQL injection. Countermeasures to reduce or prevent such attacks are suggested. Beyond cryptanalysis of current schemes and the proposal of new schemes, the proposed adversary model and criteria set forth provide a benchmark for the systematic evaluation of future two-factor authentication proposals.

]]>Cryptography doi: 10.3390/cryptography1010008

Authors: Wenjie Che Venkata Kajuluri Mitchell Martin Fareena Saqib Jim Plusquellic

The magnitude of the information content associated with a particular implementation of a Physical Unclonable Function (PUF) is critically important for security and trust in emerging Internet of Things (IoT) applications. Authentication, in particular, requires the PUF to produce a very large number of challenge-response-pairs (CRPs) and, of even greater importance, requires the PUF to be resistant to adversarial attacks that attempt to model and clone the PUF (model-building attacks). Entropy is critically important to the model-building resistance of the PUF. A variety of metrics have been proposed for reporting Entropy, each measuring the randomness of information embedded within PUF-generated bitstrings. In this paper, we report the Entropy, MinEntropy, conditional MinEntropy, Interchip hamming distance and National Institute of Standards and Technology (NIST) statistical test results using bitstrings generated by a Hardware-Embedded Delay PUF called HELP. The bitstrings are generated from data collected in hardware experiments on 500 copies of HELP implemented on a set of Xilinx Zynq 7020 SoC Field Programmable Gate Arrays (FPGAs) subjected to industrial-level temperature and voltage conditions. Special test cases are constructed which purposely create worst case correlations for bitstring generation. Our results show that the processes proposed within HELP to generate bitstrings add significantly to their Entropy, and show that classical re-use of PUF components, e.g., path delays, does not result in large Entropy losses commonly reported for other PUF architectures.

]]>Cryptography doi: 10.3390/cryptography1010007

Authors: Leyla Işık Arne Winterhof

We estimate the maximum-order complexity of a binary sequence in terms of its correlation measures. Roughly speaking, we show that any sequence with small correlation measure up to a sufficiently large order k cannot have very small maximum-order complexity.

]]>Cryptography doi: 10.3390/cryptography1010006

Authors: Elham Kashefi Petros Wallden

The universal blind quantum computation protocol (UBQC) enables an almost classical client to delegate a quantum computation to an untrusted quantum server (in the form of a garbled quantum circuit) while the security for the client is unconditional. In this contribution, we explore the possibility of extending the verifiable UBQC, to achieve further functionalities following the analogous research for classical circuits (Yao 1986). First, exploring the asymmetric nature of UBQC (the client preparing only single qubits, while the server runs the entire quantum computation), we present a “Yao”-type protocol for secure two-party quantum computation. Similar to the classical setting, our quantum Yao protocol is secure against a specious (quantum honest-but-curious) garbler, but in our case, against a (fully) malicious evaluator. Unlike the previous work on quantum two-party computation of Dupuis et al., 2010, we do not require any online-quantum communication between the garbler and the evaluator and, thus, no extra cryptographic primitive. This feature will allow us to construct a simple universal one-time compiler for any quantum computation using one-time memory, in a similar way to the classical work of Goldwasser et al., 2008, while more efficiently than the previous work of Broadbent et al., 2013.

]]>Cryptography doi: 10.3390/cryptography1010005

Authors: Nicolas Sklavos

The book entitled Privacy in a Digital, Networked World: Technologies, Implications and Solutions of the series Computer Communications and Networks is the latest published book edited by Sherali Zeadally and Mohamad Badra.[...]

]]>Cryptography doi: 10.3390/cryptography1010004

Authors: Daniel Costa Solenir Figuerêdo Gledson Oliveira

Wireless multimedia sensor networks will play a central role in the Internet of Things world, providing content-rich information for an uncountable number of monitoring and control scenarios. As more applications rely on multimedia data, security concerns gain attention, and new approaches arise to provide security for such networks. However, the usual resource constraints of processing, memory and the energy of multimedia-based sensors have brought different challenges for data encryption, which have driven the development of different security approaches. In this context, this article presents the state-of-the-art of cryptography in wireless multimedia sensor networks, surveying innovative works in this area and discussing promising research directions.

]]>Cryptography doi: 10.3390/cryptography1010003

Authors: Wenjie Che Mitchell Martin Goutham Pocklassery Venkata Kajuluri Fareena Saqib Jim Plusquellic

This paper describes an authentication protocol using a Hardware-Embedded Delay PUF called HELP. HELP derives randomness from within-die path delay variations that occur along the paths within a hardware implementation of a cryptographic primitive, such as AES or SHA-3. The digitized timing values which represent the path delays are stored in a database on a secure server (verifier) as an alternative to storing PUF response bitstrings. This enables the development of an efficient authentication protocol that provides both privacy and mutual authentication. The security properties of the protocol are analyzed using data collected from a set of Xilinx Zynq FPGAs.

]]>Cryptography doi: 10.3390/cryptography1010002

Authors: Shoni Gilboa Shay Gueron Mridul Nandi

The r-rounds Even–Mansour block cipher is a generalization of the well known Even–Mansour block cipher to r iterations. Attacks on this construction were described by Nikolić et al. and Dinur et al. for r = 2 , 3 . These attacks are only marginally better than brute force but are based on an interesting observation (due to Nikolić et al.): for a “typical” permutation P, the distribution of P ( x ) ⊕ x is not uniform. This naturally raises the following question. Let us call permutations for which the distribution of P ( x ) ⊕ x is uniformly “balanced” — is there a sufficiently large family of balanced permutations, and what is the security of the resulting Even–Mansour block cipher? We show how to generate families of balanced permutations from the Luby–Rackoff construction and use them to define a 2 n -bit block cipher from the 2-round Even–Mansour scheme. We prove that this cipher is indistinguishable from a random permutation of { 0 , 1 } 2 n , for any adversary who has oracle access to the public permutations and to an encryption/decryption oracle, as long as the number of queries is o ( 2 n / 2 ) . As a practical example, we discuss the properties and the performance of a 256-bit block cipher that is based on our construction, and uses the Advanced Encryption Standard (AES), with a fixed key, as the public permutation.

]]>Cryptography doi: 10.3390/cryptography1010001

Authors: Kwangjo Kim

Cryptography has very long history, from ancient ciphers, such as Ceaser cipher, machine (or rotor) cipherx during WWI and WWII, and modern ciphers, which play a fundamental role in providing Confidentiality, Integrity, and Authentication services during transmission, processing, and storage of the sensitive data over the open or public networks. [...]

]]>