We introduce a new lattice-based cryptographic structure called a bonsai tree, and use it to resolve some important open problems in the area. Applications of bonsai trees include:

An efficient, stateless ‘hash-and-sign’ signature scheme in the standard model (i.e., no random oracles), and

The first hierarchical identity-based encryption (HIBE) scheme (also in the standard model) that does not rely on bilinear pairings.

Interestingly, the abstract properties of bonsai trees seem to have no known realization in conventional number-theoretic cryptography.

/pdf/bonsai-trees-or-how-to-delegate-a-lattice-basis-4e0qtrtzw3.pdf

Bonsai trees, or how to delegate a lattice basis

We survey the notion of provably secure searchable encryption (SE) by giving a complete and comprehensive overview of the two main SE techniques: searchable symmetric encryption (SSE) and public key encryption with keyword search (PEKS). Since the pioneering work of Song, Wagner, and Perrig (IEEE S&P '00), the field of provably secure SE has expanded to the point where we felt that taking stock would provide benefit to the community.The survey has been written primarily for the nonspecialist who has a basic information security background. Thus, we sacrifice full details and proofs of individual constructions in favor of an overview of the underlying key techniques. We categorize and compare the different SE schemes in terms of their security, efficiency, and functionality. For the experienced researcher, we point out connections between the many approaches to SE and identify open research problems.Two major conclusions can be drawn from our work. While the so-called IND-CKA2 security notion becomes prevalent in the literature and efficient (sublinear) SE schemes meeting this notion exist in the symmetric setting, achieving this strong form of security efficiently in the asymmetric setting remains an open problem. We observe that in multirecipient SE schemes, regardless of their efficiency drawbacks, there is a noticeable lack of query expressiveness that hinders deployment in practice.

http://romisatriawahono.net/lecture/rm/survey/network%20security/Bosch%20-%20Provably%20Secure%20Searchable%20Encryption%20-%202014.pdf

A Survey of Provably Secure Searchable Encryption

Security has become the primary concern in many telecommunications industries today as risks can have high consequences. Especially, as the core and enable technologies will be associated with 5G network, the confidential information will move at all layers in future wireless systems. Several incidents revealed that the hazard encountered by an infected wireless network, not only affects the security and privacy concerns, but also impedes the complex dynamics of the communications ecosystem. Consequently, the complexity and strength of security attacks have increased in the recent past making the detection or prevention of sabotage a global challenge. From the security and privacy perspectives, this paper presents a comprehensive detail on the core and enabling technologies, which are used to build the 5G security model; network softwarization security, PHY (Physical) layer security and 5G privacy concerns, among others. Additionally, the paper includes discussion on security monitoring and management of 5G networks. This paper also evaluates the related security measures and standards of core 5G technologies by resorting to different standardization bodies and provide a brief overview of 5G standardization security forces. Furthermore, the key projects of international significance, in line with the security concerns of 5G and beyond are also presented. Finally, a future directions and open challenges section has included to encourage future research.

/pdf/a-survey-on-security-and-privacy-of-5g-technologies-1hq5wqw2pb.pdf

A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions

The platforms supporting the smart city applications are rarely implemented from scratch by a municipality and/or totally owned by a single company, but are more typically realized by integrating some existing ICT infrastructures thanks to a supporting platform, such as the well known FIWARE platform. Such a multi-tenant deployment model is required to lower the initial investment costs to implement large scale solutions for smart cities, but also imposes some key security obstacles. In fact, smart cities support critical applications demanding to protect the data and functionalities from malicious and unauthorized uses. Equipping the supporting platforms with proper means for access control is demanding, but these means are typically implemented according to a centralized approach, where a single server stores and makes available a set of identity attributes and authorization policies. Having a single root of trust is not suitable in a distributed and cooperating scenario of large scale smart cities due to their multi-tenant deployment. In fact, each of the integrated system has its own set of security policies, and the other systems need to be aware of these policy, in order to allow a seamless use of the same credentials across the overall infrastructure (realizing what is known as the single-sign-on). This imposes the problem of consistent and secure data replicas within a distributed system, which can be properly approached by using the blockchain technology. Therefore, this work proposes a novel solution for distributed management of identity and authorization policies by leveraging on the blockchain technology to hold a global view of the security policies within the system, and integrating it in the FIWARE platform. A detailed assessment is provided to evaluate the goodness of the proposed approach and to compare it with the existing solutions.

Blockchain-based authentication and authorization for smart city applications

We introduce a new lattice-based cryptographic structure called a bonsai tree, and use it to resolve some important open problems in the area. Applications of bonsai trees include an efficient, stateless `hash-and-sign' signature scheme in the standard model (i.e., no random oracles), and the first hierarchical identity-based encryption (HIBE) scheme (also in the standard model) that does not rely on bilinear pairings. Interestingly, the abstract properties of bonsai trees seem to have no known realization in conventional number-theoretic cryptography.

/pdf/bonsai-trees-or-how-to-delegate-a-lattice-basis-jg55mb8kfe.pdf

Bonsai Trees, or How to Delegate a Lattice Basis

Public-key encryption schemes with searchable keywords are useful to delegate searching capabilities on encrypted data to a third party, who does not hold the entire secret key, but only an appropriate token which allows searching operations but preserves data privacy. Such notion was previously proved to imply identity-based public-key encryption [5] and to be equivalent to anonymous (or key-private) identity-based encryption which are useful for fully-private communication.

So far all presented public-key encryption with keyword search (PEKS) schemes were based on bilinear forms and finding a PEKS that is not based on bilinear forms has been an open problem since the notion of PEKS was first introduced in [5]. We construct a public-key encryption scheme with keyword search based on a variant of the quadratic residuosity problem. We obtain our scheme using a non-trivial transformation of Cocks' identity-based encryption scheme [9]. Thus we show that the primitive of PEKS can be based on additional intractability assumptions which is a conventional desiderata about all cryptographic primitives.

Public key encryption with searchable keywords based on Jacobi symbols

Analysis-preserving protection of user privacy against information leakage of social-network Likes

In this paper, we take a closer look at the attack surface of permissioned blockchains by focusing on Hyperledger Fabric and present scenarios where the assumptions of trust could lead to possible attacks on an organization’s ledger. We systematically examine each participant and treating it as a malicious entity look at the attacks possible on the system as a whole. With the global shift in adopting blockchains as vehicles of trust, a collection of such scenarios would be useful to organizations using Fabric to implement their own Distributed Ledger Technologies (DLT), as it would highlight the possible misuse cases of the platform. It would also help fellow researchers by presenting a primitive idea of the possible attacks and promote further research in preventing them.

Ripping the Fabric: Attacks and Mitigations on Hyperledger Fabric

In March 2017, NIST (National Institute of Standards and Technology) has announced to create a portfolio of lightweight algorithms through an open process. The report emphasizes that with emerging applications like automotive systems, sensor networks, healthcare, distributed control systems, the Internet of Things (IoT), cyber-physical systems, and the smart grid, a detailed evaluation of the so called light-weight ciphers helps to recommend algorithms in the context of profiles, which describe physical, performance, and security characteristics. In recent years, a number of lightweight block ciphers have been proposed for encryption/decryption of data which makes such choices complex. Each such cipher offers a unique combination of resistance to classical cryptanalysis and resource-efficient implementations. At the same time, these implementations must be protected against implementation-based attacks such as side-channel analysis. In this paper, we present a holistic comparison study of four lightweight block ciphers, PRESENT, SIMON, SPECK, and KHUDRA, along with the more traditional Advanced Encryption Standard (AES). We present a uniform comparison of the performance and efficiency of these block ciphers in terms of area and power consumption, on ASIC and FPGA-based platforms. Additionally, we also compare the amenability to side-channel secure implementations for these ciphers on ASIC-based platforms. Our study is expected to help designers make suitable choices when securing a given application, across a wide range of implementation platforms.

An Evaluation of Lightweight Block Ciphers for Resource-Constrained Applications: Area, Performance, and Security

In 2013, researchers from the National Security Agency of the USA (NSA) proposed two lightweight block ciphers SIMON and SPECK [3]. While SIMON is tuned for optimal performance in hardware, SPECK is tuned for optimal performance in software. At CHES 2015, Yang et al. [6] combined the "good" design components from both SIMON and SPECK and proposed a new lightweight block cipher SIMECK that is even more compact and efficient. In this paper we show that SIMECK is vulnerable to fault attacks and demonstrate two fault attacks on SIMECK. The first is a random bit-flip fault attack which recovers the n-bit last round key of Simeck using on average about n/2 faults and the second is a more practical, random byte fault attack which recovers the n-bit last round key of SIMECK using on average about n/6.5 faults.

Vishal Saraswat

Papers

Public key encryption with searchable keywords based on Jacobi symbols

Analysis-preserving protection of user privacy against information leakage of social-network Likes

Ripping the Fabric: Attacks and Mitigations on Hyperledger Fabric

An Evaluation of Lightweight Block Ciphers for Resource-Constrained Applications: Area, Performance, and Security

Differential Fault Attack on SIMECK