Showing papers on "40-bit encryption published in 2014"

Secure Deduplication with Efficient and Reliable Convergent Key Management

Abstract: Data deduplication is a technique for eliminating duplicate copies of data, and has been widely used in cloud storage to reduce storage space and upload bandwidth. Promising as it is, an arising challenge is to perform secure deduplication in cloud storage. Although convergent encryption has been extensively adopted for secure deduplication, a critical issue of making convergent encryption practical is to efficiently and reliably manage a huge number of convergent keys. This paper makes the first attempt to formally address the problem of achieving efficient and reliable key management in secure deduplication. We first introduce a baseline approach in which each user holds an independent master key for encrypting the convergent keys and outsourcing them to the cloud. However, such a baseline key management scheme generates an enormous number of keys with the increasing number of users and requires users to dedicatedly protect the master keys. To this end, we propose Dekey , a new construction in which users do not need to manage any keys on their own but instead securely distribute the convergent key shares across multiple servers. Security analysis demonstrates that Dekey is secure in terms of the definitions specified in the proposed security model. As a proof of concept, we implement Dekey using the Ramp secret sharing scheme and demonstrate that Dekey incurs limited overhead in realistic environments.

A Survey of Provably Secure Searchable Encryption

Abstract: We survey the notion of provably secure searchable encryption (SE) by giving a complete and comprehensive overview of the two main SE techniques: searchable symmetric encryption (SSE) and public key encryption with keyword search (PEKS). Since the pioneering work of Song, Wagner, and Perrig (IEEE S&P '00), the field of provably secure SE has expanded to the point where we felt that taking stock would provide benefit to the community.The survey has been written primarily for the nonspecialist who has a basic information security background. Thus, we sacrifice full details and proofs of individual constructions in favor of an overview of the underlying key techniques. We categorize and compare the different SE schemes in terms of their security, efficiency, and functionality. For the experienced researcher, we point out connections between the many approaches to SE and identify open research problems.Two major conclusions can be drawn from our work. While the so-called IND-CKA2 security notion becomes prevalent in the literature and efficient (sublinear) SE schemes meeting this notion exist in the symmetric setting, achieving this strong form of security efficiently in the asymmetric setting remains an open problem. We observe that in multirecipient SE schemes, regardless of their efficiency drawbacks, there is a noticeable lack of query expressiveness that hinders deployment in practice.

Online/Offline Attribute-Based Encryption

Abstract: Attribute-based encryption ABE is a type of public key encryption that allows users to encrypt and decrypt messages based on user attributes. For instance, one can encrypt a message to any user satisfying the boolean formula "crypto conference attendee" AND "PhD student" OR "IACR member". One drawback is that encryption and key generation computational costs scale with the complexity of the access policy or number of attributes. In practice, this makes encryption and user key generation a possible bottleneck for some applications. To address this problem, we develop new techniques for ABE that split the computation for these algorithms into two phases: a preparation phase that does the vast majority of the work to encrypt a message or create a secret key before it knows the message or the attribute list/access control policy that will be used or even the size of the list or policy. A second phase can then rapidly assemble an ABE ciphertext or key when the specifics become known. This concept is sometimes called "online/offline" encryption when only the message is unknown during the preparation phase; we note that the addition of unknown attribute lists and access policies makes ABE significantly more challenging. One motivating application for this technology is mobile devices: the preparation work can be performed while the phone is plugged into a power source, then it can later rapidly perform ABE operations on the move without significantly draining the battery.

Searchable Encryption with Secure and Efficient Updates

Abstract: Searchable (symmetric) encryption allows encryption while still enabling search for keywords. Its immediate application is cloud storage where a client outsources its files while the (cloud) service provider should search and selectively retrieve those. Searchable encryption is an active area of research and a number of schemes with different efficiency and security characteristics have been proposed in the literature. Any scheme for practical adoption should be efficient -- i.e. have sub-linear search time --, dynamic -- i.e. allow updates -- and semantically secure to the most possible extent. Unfortunately, efficient, dynamic searchable encryption schemes suffer from various drawbacks. Either they deteriorate from semantic security to the security of deterministic encryption under updates, they require to store information on the client and for deleted files and keywords or they have very large index sizes. All of this is a problem, since we can expect the majority of data to be later added or changed. Since these schemes are also less efficient than deterministic encryption, they are currently an unfavorable choice for encryption in the cloud. In this paper we present the first searchable encryption scheme whose updates leak no more information than the access pattern, that still has asymptotically optimal search time, linear, very small and asymptotically optimal index size and can be implemented without storage on the client (except the key). Our construction is based on the novel idea of learning the index for efficient access from the access pattern itself. Furthermore, we implement our system and show that it is highly efficient for cloud storage.

Performance evaluation of Attribute-Based Encryption: Toward data privacy in the IoT

Abstract: With the ever increasing number of connected devices and the over abundance of data generated by these devices, data privacy has become a critical concern in the Internet of Things (IoT). One promising privacy-preservation approach is Attribute-Based Encryption (ABE), a public key encryption scheme that enables fine-grained access control, scalable key management and flexible data distribution. This paper presents an in-depth performance evaluation of ABE that focuses on execution time, data and network overhead, energy consumption, and CPU and memory usage. We evaluate two major types of ABE, Key-Policy Attribute-Based Encryption (KP-ABE) and Ciphertext-Policy Attribute-Based Encryption (CP-ABE), on different classes of mobile devices including a laptop and a smartphone. To the best of our knowledge, this is the first comprehensive study of ABE dedicated solely to its performance. Our results provide insights into important practical issues of ABE, including what computing resources ABE requires in heterogeneous environments, at what cost ABE offers benefits, and under what situations ABE is best suited for use in the IoT.

A novel image encryption based on hash function with only two-round diffusion process

Abstract: In this paper, a novel algorithm for image encryption based on hash function is proposed. In our algorithm, a 512-bit long external secret key is used as the input value of the salsa20 hash function. First of all, the hash function is modified to generate a key stream which is more suitable for image encryption. Then the final encryption key stream is produced by correlating the key stream and plaintext resulting in both key sensitivity and plaintext sensitivity. This scheme can achieve high sensitivity, high complexity, and high security through only two rounds of diffusion process. In the first round of diffusion process, an original image is partitioned horizontally to an array which consists of 1,024 sections of size 8 × 8. In the second round, the same operation is applied vertically to the transpose of the obtained array. The main idea of the algorithm is to use the average of image data for encryption. To encrypt each section, the average of other sections is employed. The algorithm uses different averages when encrypting different input images (even with the same sequence based on hash function). This, in turn, will significantly increase the resistance of the cryptosystem against known/chosen-plaintext and differential attacks. It is demonstrated that the 2D correlation coefficients (CC), peak signal-to-noise ratio (PSNR), encryption quality (EQ), entropy, mean absolute error (MAE) and decryption quality can satisfy security and performance requirements (CC 204.8, entropy >7.9974 and MAE >79.35). The number of pixel change rate (NPCR) analysis has revealed that when only one pixel of the plain-image is modified, almost all of the cipher pixels will change (NPCR >99.6125 %) and the unified average changing intensity is high (UACI >33.458 %). Moreover, our proposed algorithm is very sensitive with respect to small changes (e.g., modification of only one bit) in the external secret key (NPCR >99.65 %, UACI >33.55 %). It is shown that this algorithm yields better security performance in comparison to the results obtained from other algorithms.

Optimal Average-Complexity Ideal-Security Order-Preserving Encryption

Abstract: Order-preserving encryption enables performing many classes of queries -- including range queries -- on encrypted databases. Popa et al. recently presented an ideal-secure order-preserving encryption (or encoding) scheme, but their cost of insertions (encryption) is very high. In this paper we present an also ideal-secure, but significantly more efficient order-preserving encryption scheme. Our scheme is inspired by Reed's referenced work on the average height of random binary search trees. We show that our scheme improves the average communication complexity from O(n log n) to O(n) under uniform distribution. Our scheme also integrates efficiently with adjustable encryption as used in CryptDB. In our experiments for database inserts we achieve a performance increase of up to 81% in LANs and 95% in WANs.

Low Overhead Broadcast Encryption from Multilinear Maps

Abstract: We use multilinear maps to provide a solution to the long-standing problem of public-key broadcast encryption where all parameters in the system are small. In our constructions, ciphertext overhead, private key size, and public key size are all poly-logarithmic in the total number of users. The systems are fully collusion-resistant against any number of colluders. All our systems are based on an O(logN)-way multilinear map to support a broadcast system for N users. We present three constructions based on different types of multilinear maps and providing different security guarantees. Our systems naturally give identity-based broadcast systems with short parameters.

An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds

Abstract: We propose a mediated certificateless encryption scheme without pairing operations for securely sharing sensitive information in public clouds. Mediated certificateless public key encryption (mCL-PKE) solves the key escrow problem in identity based encryption and certificate revocation problem in public key cryptography. However, existing mCL-PKE schemes are either inefficient because of the use of expensive pairing operations or vulnerable against partial decryption attacks. In order to address the performance and security issues, in this paper, we first propose a mCL-PKE scheme without using pairing operations. We apply our mCL-PKE scheme to construct a practical solution to the problem of sharing sensitive information in public clouds. The cloud is employed as a secure storage as well as a key generation center. In our system, the data owner encrypts the sensitive data using the cloud generated users' public keys based on its access control policies and uploads the encrypted data to the cloud. Upon successful authorization, the cloud partially decrypts the encrypted data for the users. The users subsequently fully decrypt the partially decrypted data using their private keys. The confidentiality of the content and the keys is preserved with respect to the cloud, because the cloud cannot fully decrypt the information. We also propose an extension to the above approach to improve the efficiency of encryption at the data owner. We implement our mCL-PKE scheme and the overall cloud based system, and evaluate its security and performance. Our results show that our schemes are efficient and practical.

Memory encryption: A survey of existing techniques

Abstract: Memory encryption has yet to be used at the core of operating system designs to provide confidentiality of code and data. As a result, numerous vulnerabilities exist at every level of the software stack. Three general approaches have evolved to rectify this problem. The most popular approach is based on complex hardware enhancements; this allows all encryption and decryption to be conducted within a well-defined trusted boundary. Unfortunately, these designs have not been integrated within commodity processors and have primarily been explored through simulation with very few prototypes. An alternative approach has been to augment existing hardware with operating system enhancements for manipulating keys, providing improved trust. This approach has provided insights into the use of encryption but has involved unacceptable overheads and has not been adopted in commercial operating systems. Finally, specialized industrial devices have evolved, potentially adding coprocessors, to increase security of particular operations in specific operating environments. However, this approach lacks generality and has introduced unexpected vulnerabilities of its own. Recently, memory encryption primitives have been integrated within commodity processors such as the Intel i7, AMD bulldozer, and multiple ARM variants. This opens the door for new operating system designs that provide confidentiality across the entire software stack outside the CPU. To date, little practical experimentation has been conducted, and the improvements in security and associated performance degradation has yet to be quantified. This article surveys the current memory encryption literature from the viewpoint of these central issues.

Color image encryption using one-time keys and coupled chaotic systems

Abstract: This paper proposes a color image encryption scheme using one-time keys based on coupled chaotic systems. The key stream has both the key sensitivity and the plaintext sensitivity. The Secure Hash Algorithm 3 (SHA-3) is employed to combine with the initial keys to generate the new keys, to make the key stream change in each encryption process. Firstly, the SHA-3 hash value of the plain image is employed to generate six initial values of the chaotic systems. Secondly, combine and permute the six state variables, and randomly select three state variables from them, to encrypt the red, green and blue components, respectively. Experimental results and security analysis show that the scheme can achieve good encryption result through only one round encryption process, the key space is large enough to resist against common attacks, so the scheme is reliable to be applied in image encryption and secure communication.

Survey of Various Homomorphic Encryption algorithms and Schemes

Abstract: Homomorphic encryption is the encryption scheme which means the operations on the encrypted data. Homomorphic encryption can be applied in any system by using various public key algorithms. When the data is transferred to the public area, there are many encryption algorithms to secure the operations and the storage of the data. But to process data located on remote server and to preserve privacy, homomorphic encryption is useful that allows the operations on the cipher text, which can provide the same results after calculations as the working directly on the raw data. In this paper, the main focus is on public key cryptographic algorithms based on homomorphic encryption scheme for preserving security. The case study on various principles and properties of homomorphic encryption is given and then various homomorphic algorithms using asymmetric key systems such as RSA, ElGamal, Paillier algorithms as well as various homomorphic encryption schemes such as BrakerskiGentry-Vaikuntanathan (BGV), Enhanced homomorphic Cryptosystem (EHC), Algebra homomorphic encryption scheme based on updated ElGamal (AHEE), Non-interactive exponential homomorphic encryption scheme (NEHE) are investigated.

Distributed Key Generation for Encrypted Deduplication: Achieving the Strongest Privacy

Abstract: Large-scale cloud storage systems often attempt to achieve two seemingly conflicting goals: (1) the systems need to reduce the copies of redundant data to save space, a process called deduplication; and (2) users demand encryption of their data to ensure privacy. Conventional encryption makes deduplication on ciphertexts ineffective, as it destroys data redundancy. A line of work, originated from Convergent Encryption [27], and evolved into Message Locked Encryption [13] and the latest DupLESS architecture [12], strives to solve this problem. DupLESS relies on a key server to help the clients generate encryption keys that result in convergent ciphertexts. In this paper, we first introduce a new security notion appropriate for the setting of deduplication and show that it is strictly stronger than all relevant notions. We then provide a rigorous proof of security against this notion, in the random oracle model, for the DupLESS architecture which is lacking in the original paper. Our proof shows that using additional secret, other than the data itself, for generating encryption keys achieves the best possible security under current deduplication paradigm. We also introduce a distributed protocol that eliminates the need for the key server. This not only provides better protection but also allows less managed systems such as P2P systems to enjoy the high security level. Implementation and evaluation show that the scheme is both robust and practical.

Limitations on information-theoretically-secure quantum homomorphic encryption

Abstract: Homomorphic encryption is a form of encryption which allows computation to be carried out on the encrypted data without the need for decryption. The success of quantum approaches to related tasks in a delegated computation setting has raised the question of whether quantum mechanics may be used to achieve information-theoretically-secure fully homomorphic encryption. Here we show, via an information localization argument, that deterministic fully homomorphic encryption necessarily incurs exponential overhead if perfect security is required.

Security analysis of an image encryption algorithm based on a DNA addition combining with chaotic maps

Abstract: In this paper, we propose to cryptanalyse an encryption algorithm which combines a DNA addition and a chaotic map to encrypt a gray scale image. Our contribution consists on, at first, demonstrating that the algorithm, as it is described, is non-invertible, which means that the receiver cannot decrypt the ciphered image even if he posses the secret key. Then, a chosen plaintext attack on the invertible encryption block is described, where, the attacker can illegally decrypt the ciphered image by a temporary access to the encryption machinery.

Efficient homomorphic encryption on integer vectors and its applications

Abstract: Homomorphic encryption, aimed at enabling computation in the encrypted domain, is becoming important to a wide and growing range of applications, from cloud computing to distributed sensing. In recent years, a number of approaches to fully (or nearly fully) homomorphic encryption have been proposed, but to date the space and time complexity of the associated schemes has precluded their use in practice. In this work, we demonstrate that more practical homomorphic encryption schemes are possible when we require that not all encrypted computations be supported, but rather only those of interest to the target application. More specifically, we develop a homomorphic encryption scheme operating directly on integer vectors that supports three operations of fundamental interest in signal processing applications: addition, linear transformation, and weighted inner products. Moreover, when used in combination, these primitives allow us to efficiently and securely compute arbitrary polynomials. Some practically relevant examples of the computations supported by this framework are described, including feature extraction, recognition, classification, and data aggregation.

Privacy Preserving Delegated Access Control in Public Clouds

Abstract: Current approaches to enforce fine-grained access control on confidential data hosted in the cloud are based on fine-grained encryption of the data. Under such approaches, data owners are in charge of encrypting the data before uploading them on the cloud and re-encrypting the data whenever user credentials change. Data owners thus incur high communication and computation costs. A better approach should delegate the enforcement of fine-grained access control to the cloud, so to minimize the overhead at the data owners, while assuring data confidentiality from the cloud. We propose an approach, based on two layers of encryption, that addresses such requirement. Under our approach, the data owner performs a coarse-grained encryption, whereas the cloud performs a fine-grained encryption on top of the owner encrypted data. A challenging issue is how to decompose access control policies (ACPs) such that the two layer encryption can be performed. We show that this problem is NP-complete and propose novel optimization algorithms. We utilize an efficient group key management scheme that supports expressive ACPs. Our system assures the confidentiality of the data and preserves the privacy of users from the cloud while delegating most of the access control enforcement to the cloud.

C-CP-ABE: Cooperative Ciphertext Policy Attribute-Based Encryption for the Internet of Things

Abstract: Cipher text Policy Attribute-Based Encryption (CP-ABE) is an extremely powerful asymmetric encryption mechanism, but its complexity and its overhead cannot be neglected in an Internet of Things environment. Indeed, Internet of Things, by its heterogeneous nature, may contains highly resource-constrained devices that are not able to support the heavy overhead due to CP-ABE. Further, constrained devices, like sensors, often need to encrypt data as they are usually led to send sensitive data they collect to more powerful devices like storage servers. This paper proposes a novel approach for employing CP-ABE on highly resource-constrained sensor nodes in the IoT environments. The proposed approach exploits collaboration between heterogeneous nodes, to make feasible the implementation of CP-ABE in an IoT environment, by delegating costly operations to a set of assisting nodes. An analysis is conducted to verify that the proposed solution accomplishes safely and efficiently its objective.

A Noisy Channel Tolerant Image Encryption Scheme

Abstract: In this paper, we present an image encryption scheme that has the capability to tolerate noisy effects of a wireless channel. This means if the encrypted image data is corrupted by channel noise up to a certain level, correct decryption is possible with some distortion. The proposed image encryption scheme relies on some very interesting properties of orthogonal matrices containing columns that form a set of orthonormal basis vectors. Besides being tolerant to noisy channels, the proposed scheme also provides good security against well-known cryptographic attacks as demonstrated in this paper by a number of experimental results and security analysis.

Controlled Functional Encryption

Abstract: Motivated by privacy and usability requirements in various scenarios where existing cryptographic tools (like secure multi-party computation and functional encryption) are not adequate, we introduce a new cryptographic tool called Controlled Functional Encryption (C-FE). As in functional encryption, C-FE allows a user (client) to learn only certain functions of encrypted data, using keys obtained from an authority. However, we allow (and require) the client to send a fresh key request to the authority every time it wants to evaluate a function on a ciphertext. We obtain efficient solutions by carefully combining CCA2 secure public-key encryption (or rerandomizable RCCA secure public-key encryption, depending on the nature of security desired) with Yao's garbled circuit. Our main contributions in this work include developing and for- mally defining the notion of C-FE; designing theoretical and practical constructions of C-FE schemes achieving these definitions for specific and general classes of functions; and evaluating the performance of our constructions on various application scenarios.

Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices

Abstract: With the break of RSA and ECC cryptosystems in an era of quantum computing, asymmetric code-based cryptography is an established alternative that can be a potential replacement. A major drawback are large keys in the range between 50kByte to several MByte that prevented real-world applications of code-based cryptosystems so far. A recent proposal by Misoczki et al. showed that quasi-cyclic moderate density parity-check (QC-MDPC) codes can be used in McEliece encryption -- reducing the public key to just 0.6 kByte to achieve a 80-bit security level. Despite of reasonably small key sizes that could also enable small designs, previous work only report high-performance implementations with high resource consumptions of more than 13,000 slices on a large Xilinx Virtex-6 FPGA for a combined en-/decryption unit. In this work we focus on lightweight implementations of code-based cryptography and demonstrate that McEliece encryption using QC-MDPC codes can be implemented with a significantly smaller resource footprint -- still achieving reasonable performance sufficient for many applications, e.g., challenge-response protocols or hybrid firmware encryption. More precisely, our design requires just 68 slices for the encryption and around 150 slices for the decryption unit and is able to en-/decrypt an input block in 2.2ms and 13.4 ms, respectively.

A new image encryption scheme based on cyclic elliptic curve and chaotic system

Abstract: Recently, several cryptosystems based on chaos have been proposed. Nevertheless, most of them hinder the system performance, security, and suffer from the small key space problem. This paper introduces an efficient symmetric encryption scheme for secure digital images based on a cyclic elliptic curve and chaotic system that can overcome these disadvantages. The cipher encrypts 256-bit of plainimage to 256-bit of cipherimage within eight 32-bit registers. The scheme generates pseudorandom bit sequences for round keys based on a piecewise nonlinear chaotic map. Then, the generated sequences are mixed with the key sequences derived from the cyclic elliptic curve points. Results of statistical and differential analysis demonstrate that the proposed algorithm has adequate security for the confidentiality of digital images. Furthermore, it has key sensitivity together with a large key space and the encryption is fast compared to other competitive algorithms.

Partial Image Encryption Algorithm Using Pixel Position Manipulation Technique: The SMART Copyback System

Abstract: Nowadays, the most important locomotive to provide confidentiality is image encryption. In real-time applications the classical and modern ciphers are not appropriate because of vast quantity of data. However, certain applications like Pay-TV or Payable Internet Imaging Albums do not require entire part of an encryption, but requires a part of the image to be transparent to all users. Partial encryption is an approach to encode only the most essential portion of the data in order to afford a proportional confidentiality and to trim down the computational requirements and also execution time for encryption is reduced. In this paper, partial image encryption of color images using pixel position manipulation technique based on region of interest is proposed. It offers the amenities of partial encryption and reconstructs the images partially. Here input image is divided into sub blocks, and then selected blocks are encrypted using the proposed technique. The proposed technique achieves quick security by encrypting the selected blocks of an image. Encrypted data can be store long term without fail using SMART (Self Monitoring Analysis and Reporting Technology Copyback) system.

Enhancing the data security in Cloud by implementing hybrid (Rsa & Aes) encryption algorithm

Abstract: This paper presents Hybrid (RSA & AES) encryption algorithm to safeguard data security in Cloud. Security being the most important factor in cloud computing has to be dealt with great precautions. This paper mainly focuses on the following key tasks: 1. Secure Upload of data on cloud such that even the administrator is unaware of the contents. 2. Secure Download of data in such a way that the integrity of data is maintained. 3. Proper usage and sharing of the public, private and secret keys involved for encryption and decryption. The use of a single key for both encryption and decryption is very prone to malicious attacks. But in hybrid algorithm, this problem is solved by the use of three separate keys each for encryption as well as decryption. Out of the three keys one is the public key, which is made available to all, the second one is the private key which lies only with the user. In this way, both the secure upload as well as secure download of the data is facilitated using the two respective keys. Also, the key generation technique used in this paper is unique in its own way. This has helped in avoiding any chances of repeated or redundant key.

Image Encryption Using Chaotic Maps: A Survey

Abstract: As the exchange of data over the open networks and Internet is rapidly growing, security of the data becomes a major concern. One possible solution to this problem is to encrypt the data. The data can be text, image, audio, video etc.. In today's world most of the multimedia applications involve images. Earlier image encryption techniques like AES,DES,RSA etc. exhibit low levels of security and also weak anti attack ability. This problem was overcome by using chaos based cryptography. The chaotic systems are very sensitive to initial conditions and control parameters which make them suitable for image encryption. Many works have been done in the field of chaos based image encryption. In this survey paper an attempt has been made to review the aspects and approaches of the design used for image encryption.