Other affiliations: Isfahan University of Technology
Bio: Hamid Mala is an academic researcher from University of Isfahan. The author has contributed to research in topics: Block cipher & Impossible differential cryptanalysis. The author has an hindex of 14, co-authored 60 publications receiving 726 citations. Previous affiliations of Hamid Mala include Isfahan University of Technology.
••12 Dec 2010
TL;DR: By this attack, 7-round AES- 128 is breakable with a data complexity of about 2106 chosen plaintexts and a time complexity equivalent to about 2110 encryptions, better than any previously known attack on AES-128 in the single-key scenario.
Abstract: Using a new 4-round impossible differential in AES that allows us to exploit the redundancy in the key schedule of AES-128 in a way more effective than previous work, we present a new impossible differential attack on 7 rounds of this block cipher. By this attack, 7-round AES-128 is breakable with a data complexity of about 2106 chosen plaintexts and a time complexity equivalent to about 2110 encryptions. This result is better than any previously known attack on AES-128 in the single-key scenario.
TL;DR: The LACO protocol overcomes the security flaws of recent authentication protocols that were proposed for e-health systems, but are unfortunately vulnerable to traceability, de-synchronization, denial of service (DoS), and insider attacks.
Abstract: The use of the Internet of Things (IoT) in the electronic health (e-health) management systems brings with it many challenges, including secure communications through insecure radio channels, authentication and key agreement schemes between the entities involved, access control protocols and also schemes for transferring ownership of vital patient information. Besides, the resource-limited sensors in the IoT have real difficulties in achieving this goal. Motivated by these considerations, in this work we propose a new lightweight authentication and ownership transfer protocol for e-health systems in the context of IoT (LACO in short). The goal is to propose a secure and energy-efficient protocol that not only provides authentication and key agreement but also satisfies access control and preserves the privacy of doctors and patients. Moreover, this is the first time that the ownership transfer of users is considered. In the ownership transfer phase of the proposed scheme, the medical server can change the ownership of patient information. In addition, the LACO protocol overcomes the security flaws of recent authentication protocols that were proposed for e-health systems, but are unfortunately vulnerable to traceability, de-synchronization, denial of service (DoS), and insider attacks. To avoid past mistakes, we present formal (i.e., conducted on ProVerif language) and informal security analysis for the LACO protocol. All this ensures that our proposed scheme is secure against the most common attacks in IoT systems. Compared to the predecessor schemes, the LACO protocol is both more efficient and more secure to use in e-health systems.
19 Mar 2012
TL;DR: This paper proposes a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear, and investigates the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer.
Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively Finally, we try to extend our results for up to 8×8 words diffusion layers
TL;DR: A new secure and lightweight mutual RFID authentication (SecLAP) protocol is proposed, which provides secure communication and preserves privacy in MIoT systems and shows that the SecLAP protocol is robust against de-synchronization, replay, reader/tag impersonation, and traceability attacks.
Abstract: The safety of medical data and equipment plays a vital role in today’s world of Medical Internet of Things (MIoT). These IoT devices have many constraints (e.g., memory size, processing capacity, and power consumption) that make it challenging to use cost-effective and energy-efficient security solutions. Recently, researchers have proposed a few Radio-Frequency Identification (RFID) based security solutions for MIoT. The use of RFID technology in securing IoT systems is rapidly increasing because it provides secure and lightweight safety mechanisms for these systems. More recently, authors have proposed a lightweight RFID mutual authentication (LRMI) protocol. The authors argue that LRMI meets the necessary security requirements for RFID systems, and the same applies to MIoT applications as well. In this paper, our contribution has two-folds, firstly we analyze the LRMI protocol’s security to demonstrate that it is vulnerable to various attacks such as secret disclosure, reader impersonation, and tag traceability. Also, it is not able to preserve the anonymity of the tag and the reader. Secondly, we propose a new secure and lightweight mutual RFID authentication (SecLAP) protocol, which provides secure communication and preserves privacy in MIoT systems. Our security analysis shows that the SecLAP protocol is robust against de-synchronization, replay, reader/tag impersonation, and traceability attacks, and it ensures forward and backward data communication security. We use Burrows–Abadi–Needham (BAN) logic to validate the security features of SecLAP. Moreover, we compare SecLAP with the state-of-the-art and validate its performance through a Field Programmable Gate Array (FPGA) implementation, which shows that it is lightweight, consumes fewer resources on tags concerning computation functions, and requires less number of flows.
••04 Dec 2011
TL;DR: This paper presents the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: the first key recovery method for the full AES-128 with computational complexity 2126.1.4 and key recovery methods with lower complexity for the reduced-round versions of AES not considered before.
Abstract: Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: The first key recovery method for the full AES-128 with computational complexity 2126.1. The first key recovery method for the full AES-192 with computational complexity 2189.7. The first key recovery method for the full AES-256 with computational complexity 2254.4. Key recovery methods with lower complexity for the reduced-round versions of AES not considered before, including cryptanalysis of 8-round AES-128 with complexity 2124.9. Preimage search for compression functions based on the full AES versions faster than brute force. In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our techniques only need a very small part of the codebook and have low memory requirements, and are practically verified to a large extent. As our cryptanalysis is of high computational complexity, it does not threaten the practical use of AES in any way.
28 Jan 2013
TL;DR: The BGP protocol is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP) and customer networks.
Abstract: is a network or group of networks under a common administration and with common routing policies. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP). Customer networks, such as universities and corporations, usually employ an Interior Gateway Protocol (IGP) such as RIP or OSPF for the exchange of routing information within their networks. Customers connect to ISPs, and ISPs use BGP to exchange customer and ISP routes. When BGP is used between autonomous systems (AS), the protocol is referred to as External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS, then the protocol is referred to as Interior BGP (IBGP).
TL;DR: The recent advances of federated learning towards enabling Federated learning-powered IoT applications are presented and a set of metrics such as sparsification, robustness, quantization, scalability, security, and privacy, is delineated in order to rigorously evaluate the recent advances.
Abstract: The Internet of Things (IoT) will be ripe for the deployment of novel machine learning algorithms for both network and application management. However, given the presence of massively distributed and private datasets, it is challenging to use classical centralized learning algorithms in the IoT. To overcome this challenge, federated learning can be a promising solution that enables on-device machine learning without the need to migrate the private end-user data to a central cloud. In federated learning, only learning model updates are transferred between end-devices and the aggregation server. Although federated learning can offer better privacy preservation than centralized machine learning, it has still privacy concerns. In this paper, first, we present the recent advances of federated learning towards enabling federated learning-powered IoT applications. A set of metrics such as sparsification, robustness, quantization, scalability, security, and privacy, is delineated in order to rigorously evaluate the recent advances. Second, we devise a taxonomy for federated learning over IoT networks. Third, we propose two IoT use cases of dispersed federated learning that can offer better privacy preservation than federated learning. Finally, we present several open research challenges with their possible solutions.
TL;DR: A comprehensive review of state-of-the-art research progress in lightweight block ciphers' implementation and future research directions is presented and the energy/bit metric is designated as the most appropriate metric for energy-constrained low-resource designs.
Abstract: This paper investigates the lightweight block ciphers' implementations, which have received a fair amount of research for their essential security role in low-resource devices Our objective is to present a comprehensive review of state-of-the-art research progress in lightweight block ciphers' implementation and highlight future research directions At first, we present taxonomy of the cipher design space and accurately define the scope of lightweight ciphers for low-resource devices Moreover, this paper discusses the performance metrics that are commonly reported in the literature when comparing cipher implementations The sources of inaccuracies and deviations are carefully examined In order to mitigate the confusion in the composite metrics, we developed a general metric which includes the basic metrics Our analysis designated the energy/bit metric as the most appropriate metric for energy-constrained low-resource designs Afterwards, the software and hardware implementations of the block cipher algorithms are surveyed, investigated, and compared The paper selects the top performing ciphers in various metrics and suggests the Present cipher as a good reference for hardware implementations What transpires from this survey is that unresolved research questions and issues are yet to be addressed by future research projects
TL;DR: This paper aims to identify, compare systematically, and classify existing investigations taxonomically in the Healthcare IoT (HIoT) systems by reviewing 146 articles between 2015 and 2020, and presents a comprehensive taxonomy in the HIoT.
Abstract: Internet of Things (IoT) is an ever-expanding ecosystem that integrates software, hardware, physical objects, and computing devices to communicate, collect, and exchange data. The IoT provides a seamless platform to facilitate interactions between humans and a variety of physical and virtual things, including personalized healthcare domains. Lack of access to medical resources, growth of the elderly population with chronic diseases and their needs for remote monitoring, an increase in medical costs, and the desire for telemedicine in developing countries, make the IoT an interesting subject in healthcare systems. The IoT has a potential to decrease the strain on sanitary systems besides providing tailored health services to improve the quality of life. Therefore, this paper aims to identify, compare systematically, and classify existing investigations taxonomically in the Healthcare IoT (HIoT) systems by reviewing 146 articles between 2015 and 2020. Additionally, we present a comprehensive taxonomy in the HIoT, analyze the articles technically, and classify them into five categories, including sensor-based, resource-based, communication-based, application-based, and security-based approaches. Furthermore, the benefits and limitations of the selected methods, with a comprehensive comparison in terms of evaluation techniques, evaluation tools, and evaluation metrics, are included. Finally, based on the reviewed studies, power management, trust and privacy, fog computing, and resource management as leading open issues; tactile Internet, social networks, big data analytics, SDN/NFV, Internet of nano things, and blockchain as important future trends; and interoperability, real-testbed implementation, scalability, and mobility as challenges are worth more studying and researching in HIoT systems.