Security is a major barrier to enterprise adoption of cloud computing. Physical co-residency with other tenants poses a particular risk, due to pervasive virtualization in the cloud. Recent research has shown how side channels in shared hardware may enable attackers to exfiltrate sensitive data across virtual machines (VMs). In view of such risks, cloud providers may promise physically isolated resources to select tenants, but a challenge remains: Tenants still need to be able to verify physical isolation of their VMs. We introduce Home Alone, a system that lets a tenant verify its VMs' exclusive use of a physical machine. The key idea in Home Alone is to invert the usual application of side channels. Rather than exploiting a side channel as a vector of attack, Home Alone uses a side-channel (in the L2 memory cache) as a novel, defensive detection tool. By analyzing cache usage during periods in which "friendly" VMs coordinate to avoid portions of the cache, a tenant using Home Alone can detect the activity of a co-resident "foe" VM. Key technical contributions of Home Alone include classification techniques to analyze cache usage and guest operating system kernel modifications that minimize the performance impact of friendly VMs sidestepping monitored cache portions. Home Alone requires no modification of existing hyper visors and no special action or cooperation by the cloud provider.

/pdf/homealone-co-residency-detection-in-the-cloud-via-side-3lj3qktqrq.pdf

HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis

Image encryption using 2D Hénon-Sine map and DNA approach

In this paper we revisit the security models of certificateless signatures and propose two new constructions which are provably secure in the random oracle model. We divide the potential adversaries according to their attack power, and for the first time, three new kinds of adversaries are introduced into certificateless signatures. They are Normal Adversary, Strong Adversary and Super Adversary (ordered by their attack power). Combined with the known Type I Adversary and Type II Adversary in certificateless system, we then define the security of certificateless signatures in different attack scenarios. Our new models, together with the others in the literature, will enable us to better understand the security of certificateless signatures. Two concrete schemes with different security levels are also proposed in this paper. The first scheme, which is proved secure against Normal Type I and Super Type II Adversary, enjoys the shortest signature length among all the known certificateless signature schemes. The second scheme is secure against Super Type I and Type II adversary. Compared with the scheme in ACNS 2006 which has a similar security level, our second scheme requires lower operation cost but a little longer signature length.

Certificateless signature revisited

On the cryptanalysis of Fridrich's chaotic image encryption scheme

A visually secure image encryption scheme based on compressive sensing

Certificateless public key cryptography (CLPKC) is a paradi-gm to solve the inherent key escrow problem suffered by identity-based cryptography (IBC). While certificateless signature is one of the most important security primitives in CLPKC, there are relatively few proposed schemes in the literature. In this paper, we manage to construct an efficient certificateless signature scheme based on the intractability of the computational Diffie-Hellman problem. By using a shorter public key, two pairing computations can be saved in the verification algorithm. Besides, no pairing computation is needed in the signing algorithm. The proposed scheme is existential unforgeable in the random oracle model. We also present an extended construction whose trust level is the same as that of a traditional signature scheme.

/pdf/an-efficient-certificateless-signature-scheme-57klltx61x.pdf

An efficient certificateless signature scheme

Cancellable iris template generation based on Indexing-First-One hashing

Wang and Guo (Nonlinear Dyn 76(4):1943–1950, 2014) proposed a new image alternate encryption algorithm based on chaotic map. The image alternate encryption can be conceptually treated as a block cipher where a round function which provides both confusion and diffusion is applied on a plain image iteratively. After performing the round function for $T$ iterations, the processed image is denoted as the encrypted image. We analyse the security of Wang and Guo image encryption scheme, especially from cryptographic point of view, in line with the designers’ approach in their security analyses. Negatively, we show that the image encryption scheme is vulnerable to an impossible differential attack (a type of chosen plaintext attack) and a divide-and-conquer attack when a large all black image is encrypted. This paper serves as another important security result showing that any future design of image encryption schemes based on chaotic map should be evaluated through systematic cryptanalytic approaches which include impossible differential attack. To the best of our knowledge, this is the first impossible differential attack applied on an image encryption algorithm.

Cryptanalysis of a new image alternate encryption algorithm based on chaotic map

Due to the increasing demand on secure image transmission, image encryption has emerged as an active research field in recent years Many of the proposed image encryption schemes are designed based on chaotic maps with permutation–diffusion architecture While most of these schemes reported good statistical properties, they are slow in execution speed due to inherent data dependency of the proposed schemes Some of these schemes are designed based on complex chaotic systems that require significant computational resources to obtain the keystream for encryption In this paper, we propose SPRING, a novel image encryption scheme designed based on lightweight chaotic maps and simple logical and arithmetic operations, which is also highly optimized for massively parallel architecture (eg GPU) The extensive experimental results show that SPRING is not only secure but also able to achieve high encryption speed in single-core CPU, multi-core CPU and many-core GPU Encrypting a 512 
 $$\times $$
  512 grayscale image in serial takes 09126 ms which is 220% faster than state-of-the-art ARX-based image encryption scheme proposed by Choi et al SPRING can be implemented in parallel to encrypt the same image in 00862 ms by exploiting many-core GPU, which is 10
 $$\times $$
 faster than the serial version implemented using CPU

SPRING: a novel parallel chaos-based image encryption scheme

In PKC 2006, Chow, Boyd and Gonzalez Neito introduced the notion of security mediated certificateless (SMC) cryptography. SMC cryptography equips certificateless cryptography with instantaneous revocation. They presented a formal security model with two constructions for SMC encryption. This paper studies SMC signatures. We first present a security analysis of a previous attempt by Ju et al.in constructing a SMC signature scheme. We then formalize the notion of SMC signatures and propose the first concrete provable scheme without bilinear pairing. Our scheme is existential unforgeable in the random oracle model based on the intractability of the discrete logarithm problem, has a short public key size, and achieves a trust level which is the same as that of a traditional public key signature.

/pdf/security-mediated-certificateless-signatures-23fhwznbkn.pdf

Wun-She Yap

Papers

An efficient certificateless signature scheme

Cancellable iris template generation based on Indexing-First-One hashing

Cryptanalysis of a new image alternate encryption algorithm based on chaotic map

SPRING: a novel parallel chaos-based image encryption scheme

Security Mediated Certificateless Signatures