Showing papers on "40-bit encryption published in 2016"

Roadmap on optical security

Abstract: Information security and authentication are important challenges facing society. Recent attacks by hackers on the databases of large commercial and financial companies have demonstrated that more research and development of advanced approaches are necessary to deny unauthorized access to critical data. Free space optical technology has been investigated by many researchers in information security, encryption, and authentication. The main motivation for using optics and photonics for information security is that optical waveforms possess many complex degrees of freedom such as amplitude, phase, polarization, large bandwidth, nonlinear transformations, quantum properties of photons, and multiplexing that can be combined in many ways to make information encryption more secure and more difficult to attack. This roadmap article presents an overview of the potential, recent advances, and challenges of optical security and encryption using free space optics. The roadmap on optical security is comprised of six categories that together include 16 short sections written by authors who have made relevant contributions in this field. The first category of this roadmap describes novel encryption approaches, including secure optical sensing which summarizes double random phase encryption applications and flaws [Yamaguchi], the digital holographic encryption in free space optical technique which describes encryption using multidimensional digital holography [Nomura], simultaneous encryption of multiple signals [Perez-Cabre], asymmetric methods based on information truncation [Nishchal], and dynamic encryption of video sequences [Torroba]. Asymmetric and one-way cryptosystems are analyzed by Peng. The second category is on compression for encryption. In their respective contributions, Alfalou and Stern propose similar goals involving compressed data and compressive sensing encryption. The very important area of cryptanalysis is the topic of the third category with two sections: Sheridan reviews phase retrieval algorithms to perform different attacks, whereas Situ discusses nonlinear optical encryption techniques and the development of a rigorous optical information security theory. The fourth category with two contributions reports how encryption could be implemented at the nano- or micro-scale. Naruse discusses the use of nanostructures in security applications and Carnicer proposes encoding information in a tightly focused beam. In the fifth category, encryption based on ghost imaging using single-pixel detectors is also considered. In particular, the authors [Chen, Tajahuerce] emphasize the need for more specialized hardware and image processing algorithms. Finally, in the sixth category, Mosk and Javidi analyze in their corresponding papers how quantum imaging can benefit optical encryption systems. Sources that use few photons make encryption systems much more difficult to attack, providing a secure method for authentication.

An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing

Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) has been a preferred encryption technology to solve the challenging problem of secure data sharing in cloud computing. The shared data files generally have the characteristic of multilevel hierarchy, particularly in the area of healthcare and the military. However, the hierarchy structure of shared files has not been explored in CP-ABE. In this paper, an efficient file hierarchy attribute-based encryption scheme is proposed in cloud computing. The layered access structures are integrated into a single access structure, and then, the hierarchical files are encrypted with the integrated access structure. The ciphertext components related to attributes could be shared by the files. Therefore, both ciphertext storage and time cost of encryption are saved. Moreover, the proposed scheme is proved to be secure under the standard assumption. Experimental simulation shows that the proposed scheme is highly efficient in terms of encryption and decryption. With the number of the files increasing, the advantages of our scheme become more and more conspicuous.

Cryptanalyzing an Image-Scrambling Encryption Algorithm of Pixel Bits

Abstract: Position scrambling (permutation) is widely used in multimedia encryption schemes and some international encryption standards, such as the Data Encryption Standard and the Advanced Encryption Standard. In this article, the authors re-evaluate the security of a typical image-scrambling encryption algorithm (ISEA). Using the internal correlation remaining in the cipher image, they disclose important visual information of the corresponding plain image in a ciphertext-only attack scenario. Furthermore, they found that the real scrambling domain--the position-scrambling scope of ISEA's scrambled elements--can be used to support an efficient known or chosen-plaintext attack on it. Detailed experimental results have verified these points and demonstrate that some advanced multimedia processing techniques can facilitate the cryptanalysis of multimedia encryption algorithms.

Practical Order-Revealing Encryption with Limited Leakage

Abstract: In an order-preserving encryption scheme, the encryption algorithm produces ciphertexts that preserve the order of their plaintexts. Order-preserving encryption schemes have been studied intensely in the last decade, and yet not much is known about the security of these schemes. Very recently, Boneh eti¾?al. Eurocrypti¾?2015 introduced a generalization of order-preserving encryption, called order-revealing encryption, and presented a construction which achieves this notion with best-possible security. Because their construction relies on multilinear maps, it is too impractical for most applications and therefore remains a theoretical result. In this work, we build efficiently implementable order-revealing encryption from pseudorandom functions. We present the first efficient order-revealing encryption scheme which achieves a simulation-based security notion with respect to a leakage function that precisely quantifies what is leaked by the scheme. In fact, ciphertexts in our scheme are only about 1.6 times longer than their plaintexts. Moreover, we show how composing our construction with existing order-preserving encryption schemes results in order-revealing encryption that is strictly more secure than all preceding order-preserving encryption schemes.

A secure image encryption scheme based on chaotic maps and affine transformation

Abstract: Due to the interesting nonlinear dynamic properties of chaotic maps, recently chaos-based encryption algorithms have gained much attention in cryptographic communities. However, many encryption schemes do not fulfil the minimum key space requirement, which is an essential concern in many secure data applications. In this paper, an efficient chaos-based image encryption scheme with higher key space is presented. Even with a single round of encryption, a significantly larger key space can be achieved. The proposed scheme removes correlation among image pixels via random chaotic sequences, simply by XOR and addition operations. In order to resist against numerous attacks, we apply the affine transformation to get the final ciphertext image. The security of the proposed scheme is proved through histogram, contrast, PSNR, entropy, correlation, key space, key sensitivity and differential attack analysis. Many significant properties of chaotic maps, sensitivity to initial condition and control parameters, structure and attack complexity, make the anticipated scheme very reliable, practical and robust in various secure communication applications.

Attribute-Based Data Sharing Scheme Revisited in Cloud Computing

Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) is a very promising encryption technique for secure data sharing in the context of cloud computing. Data owner is allowed to fully control the access policy associated with his data which to be shared. However, CP-ABE is limited to a potential security risk that is known as key escrow problem, whereby the secret keys of users have to be issued by a trusted key authority. Besides, most of the existing CP-ABE schemes cannot support attribute with arbitrary state. In this paper, we revisit attribute-based data sharing scheme in order to solve the key escrow issue but also improve the expressiveness of attribute, so that the resulting scheme is more friendly to cloud computing applications. We propose an improved two-party key issuing protocol that can guarantee that neither key authority nor cloud service provider can compromise the whole secret key of a user individually. Moreover, we introduce the concept of attribute with weight, being provided to enhance the expression of attribute, which can not only extend the expression from binary to arbitrary state, but also lighten the complexity of access policy. Therefore, both storage cost and encryption complexity for a ciphertext are relieved. The performance analysis and the security proof show that the proposed scheme is able to achieve efficient and secure data sharing in cloud computing.

Key-Aggregate Searchable Encryption (KASE) for Group Data Sharing via Cloud Storage

Abstract: The capability of selectively sharing encrypted data with different users via public cloud storage may greatly ease security concerns over inadvertent data leaks in the cloud. A key challenge to designing such encryption schemes lies in the efficient management of encryption keys. The desired flexibility of sharing any group of selected documents with any group of users demands different encryption keys to be used for different documents. However, this also implies the necessity of securely distributing to users a large number of keys for both encryption and search, and those users will have to securely store the received keys, and submit an equally large number of keyword trapdoors to the cloud in order to perform search over the shared data. The implied need for secure communication, storage, and complexity clearly renders the approach impractical. In this paper, we address this practical problem, which is largely neglected in the literature, by proposing the novel concept of key-aggregate searchable encryption and instantiating the concept through a concrete KASE scheme, in which a data owner only needs to distribute a single key to a user for sharing a large number of documents, and the user only needs to submit a single trapdoor to the cloud for querying the shared documents. The security analysis and performance evaluation both confirm that our proposed schemes are provably secure and practically efficient.

Evaluating Performance of Symmetric Encryption Algorithms

Abstract: The security of information being stored and transmitted is paramount in today's world. Many efficient encryption standards exist for securing classified data from cyber threats. Two common types of encryption algorithms are classified as Symmetric and Asymmetric. With Symmetric encryption, the same key/password is used to cipher and decipher data whereas with Asymmetric algorithms, we have different key/passwords for encryption and decryption. Symmetric algorithms tend to be less complicated than Asymmetric and hence are more widely used. In this paper, we evaluate and compare the performance between the universally used Advanced Encryption Standard (AES) and Blowfish algorithms. The execution time is measured for different types of data string values. The length of the string as well as ASCII value range is also varied.

Hidden ciphertext policy attribute-based encryption under standard assumptions

Abstract: We propose two new ciphertext policy attribute-based encryption (CP-ABE) schemes where the access policy is defined by AND-gate with wildcard. In the first scheme, we present a new technique that uses only one group element to represent an attribute, while the existing ABE schemes of the same type need to use three different group elements to represent an attribute for the three possible values (namely, positive, negative, and wildcard). Our new technique leads to a new CP-ABE scheme with constant ciphertext size, which, however, cannot hide the access policy used for encryption. The main contribution of this paper is to propose a new CP-ABE scheme with the property of hidden access policy by extending the technique we used in the construction of our first scheme. In particular, we show a way to bridge ABE based on AND-gate with wildcard with inner product encryption and then use the latter to achieve the goal of hidden access policy. We prove that our second scheme is secure under the standard decisional linear and decisional bilinear Diffie-Hellman assumptions.

A secure data routing schema for WSN using Elliptic Curve Cryptography and homomorphic encryption

Abstract: Despite the great efforts to secure wireless sensor network (WSN), the dynamic nature and the limited resources of sensor nodes make searching for a secure and optimal network structure an open challenge. In this paper, we propose a novel encryption schema based on Elliptic Curve Cryptography (ECC) and homomorphic encryption to secure data transmission in WSN. The proposed encryption schema is built upon GASONeC algorithm (Elhoseny et al., 2014) that uses genetic algorithm to build the optimum network structure in the form of clusters. ECC is used to exchange public and private keys due to its ability to provide high security with small key size. The proposed encryption key is 176-bit and is produced by combining the ECC key, node identification number, and distance to its cluster head (CH). To reduce energy consumption of CH, homomorphic encryption is used to allow CH to aggregate the encrypted data without having to decrypt them. We demonstrated that the proposed method is capable to work with different sensing environments that need to capture text data as well as images. Compared with the state-of-the-art methods, our experimental results demonstrated that our proposed method greatly improve the network performance in terms of lifetime, communication overhead, memory requirements, and energy consumption.

Conditional Identity-Based Broadcast Proxy Re-Encryption and Its Application to Cloud Email

Abstract: Recently, a number of extended Proxy Re-Encryptions (PRE), e.g. Conditional (CPRE), identity-based PRE (IPRE) and broadcast PRE (BPRE), have been proposed for flexible applications. By incorporating CPRE, IPRE and BPRE, this paper proposes a versatile primitive referred to as conditional identity-based broadcast PRE (CIBPRE) and formalizes its semantic security. CIBPRE allows a sender to encrypt a message to multiple receivers by specifying these receivers’ identities, and the sender can delegate a re-encryption key to a proxy so that he can convert the initial ciphertext into a new one to a new set of intended receivers. Moreover, the re-encryption key can be associated with a condition such that only the matching ciphertexts can be re-encrypted, which allows the original sender to enforce access control over his remote ciphertexts in a fine-grained manner. We propose an efficient CIBPRE scheme with provable security. In the instantiated scheme, the initial ciphertext, the re-encrypted ciphertext and the re-encryption key are all in constant size, and the parameters to generate a re-encryption key are independent of the original receivers of any initial ciphertext. Finally, we show an application of our CIBPRE to secure cloud email system advantageous over existing secure email systems based on Pretty Good Privacy protocol or identity-based encryption.

Server-Aided Public Key Encryption With Keyword Search

Abstract: Public key encryption with keyword search (PEKS) is a well-known cryptographic primitive for secure searchable data encryption in cloud storage. Unfortunately, it is inherently subject to the (inside) offline keyword guessing attack (KGA), which is against the data privacy of users. Existing countermeasures for dealing with this security issue mainly suffer from low efficiency and are impractical for real applications. In this paper, we provide a practical and applicable treatment on this security vulnerability by formalizing a new PEKS system named server-aided public key encryption with keyword search (SA-PEKS). In SA-PEKS, to generate the keyword ciphertext/trapdoor, the user needs to query a semitrusted third-party called keyword server (KS) by running an authentication protocol, and hence, security against the offline KGA can be obtained. We then introduce a universal transformation from any PEKS scheme to a secure SA-PEKS scheme using the deterministic blind signature. To illustrate its feasibility, we present the first instantiation of SA-PEKS scheme by utilizing the Full Domain Hash RSA signature and the PEKS scheme proposed by Boneh et al. in Eurocrypt 2004. Finally, we describe how to securely implement the client-KS protocol with a rate-limiting mechanism against online KGA and evaluate the performance of our solutions in experiments.

Hash key-based image encryption using crossover operator and chaos

Abstract: This paper proposes a color image encryption scheme using one-time keys based on crossover operator, chaos and the Secure Hash Algorithm(SHA-2). The (SHA-2) is employed to generate a 256-bit hash value from both the plain-image and the secret hash keys to make the key stream change in each encryption process. The SHA-2 value is employed to generate three initial values of the chaotic system. The permutation-diffusion process is based on the crossover operator and XOR operator, respectively. Experimental results and security analysis show that the scheme can achieve good encryption result through only one round encryption process, the key space is large enough to resist against common attacks,so the scheme is reliable to be applied in image encryption and secure communication.

An energy efficient encryption method for secure dynamic WSN

Abstract: Clustering methods have been developed to improve network life of wireless sensor network WSN, yet the dynamic nature of sensor clusters and limited memory and processing power make security a much more challenging problem, and most conventional cryptography methods are ill suited to WSNs. In this paper, we propose a novel encryption method to secure data transmission in WSN with dynamic sensor clusters. Our method leverages elliptic curve cryptography algorithm to generate binary strings for each sensor and combines with node ID, distance to the cluster head, and the index of transmission round to form unique 176-bit encryption keys. Using exclusive OR, substitution, and permutation operations, encryption and decryption are achieved efficiently. Compared with the state-of-the-art methods, our simulation results demonstrated that the proposed method exhibited much improved network lifetime and reduced the energy consumption most evenly among all sensor nodes. More importantly, it overcame many security attacks including brute-force attack, HELLO flood attack, selective forwarding attack, and compromised cluster head attack. Copyright © 2016 John Wiley & Sons, Ltd.

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Abstract: The use of e-payment system for electronic trade is on its way to make daily life more easy and convenient. Contrarily, there are a number of security issues to be addressed, user anonymity and fair exchange have become important concerns along with authentication, confidentiality, integrity and non-repudiation. In a number of existing e-payment schemes, the customer pays for the product before acquiring it. Furthermore, many such schemes require very high computation and communication costs. To address such issues recently Yang et al. proposed an authenticated encryption scheme and an e-payment scheme based on their authenticated encryption. They excluded the need of digital signatures for authentication. Further they claimed their schemes to resist replay, man-in-middle, impersonation and identity theft attack while providing confidentiality, authenticity, integrity and privacy protection. However our analysis exposed that Yang et al.'s both authenticated encryption scheme and e-payment system are vulnerable to impersonation attack. An adversary just having knowledge of public parameters can easily masquerade as a legal user. Furthermore, we proposed improved authenticated encryption and e-payment schemes to overcome weaknesses of Yang et al.'s schemes. We prove the security of our schemes using automated tool ProVerif. The improved schemes are more robust and more lightweight than Yang et al.'s schemes which is evident from security and performance analysis.

A complete key recovery timing attack on a GPU

Abstract: Graphics Processing Units (GPUs) have become mainstream parallel computing devices. They are deployed on diverse platforms, and an increasing number of applications have been moved to GPUs to exploit their massive parallel computational resources. GPUs are starting to be used for security services, where high-volume data is encrypted to ensure integrity and confidentiality. However, the security of GPUs has only begun to receive attention. Issues such as side-channel vulnerability have not been addressed. The goal of this paper is to evaluate the side-channel security of GPUs and demonstrate a complete AES (Advanced Encryption Standard) key recovery using known ciphertext through a timing channel. To the best of our knowledge, this is the first work that clearly demonstrates the vulnerability of a commercial GPU architecture to side-channel timing attacks. Specifically, for AES-128, we have been able to recover all key bytes utilizing a timing side channel in under 30 minutes.

Server-Aided Revocable Attribute-Based Encryption

Abstract: As a one-to-many public key encryption system, attribute-based encryption (ABE) enables scalable access control over encrypted data in cloud storage services. However, efficient user revocation has been a very challenging problem in ABE. To address this issue, Boldyreva, Goyal and Kumar [5] introduced a revocation method by combining the binary tree data structure with fuzzy identity-based encryption, in which a key generation center (KGC) periodically broadcasts key update information to all data users over a public channel. The Boldyreva-Goyal-Kumar approach reduces the size of key updates from linear to logarithm in the number of users, and it has been widely used in subsequent revocable ABE systems; however, it requires each data user to keep a private key of logarithmic size and all non-revoked data users to periodically update decryption keys for each new time period. To further optimize user revocation in ABE, in this paper, we propose a notion called server-aided revocable ABE (SR-ABE), in which almost all workloads of data users incurred by user revocation are delegated to an untrusted server and each data user only needs to store a key of constant size. We then define a security model for SR-ABE, and present a concrete SR-ABE scheme secure under this model. Interestingly, due to the key embedding gadget employed in the construction of SR-ABE, our SR-ABE scheme does not require any secure channels for key transmission, and also enjoys an additional property in the decryption phase, where a data user only needs to perform one exponentiation computation to decrypt a ciphertext.

High-Performance and Lightweight Lattice-Based Public-Key Encryption

Abstract: In the emerging Internet of Things, lightweight public-key cryptography is an essential component for many cost-efficient security solutions. Since conventional public-key schemes, such as ECC and RSA, remain expensive and energy hungry even after aggressive optimization, this work investigates a possible alternative. In particular, we show the practical potential of replacing the Gaussian noise distribution in the Ring-LWE based encryption scheme by Lindner and Peikert/Lyubashevsky et al. with a binary distribution. When parameters are carefully chosen, our construction is resistant against any state-of-the-art cryptanalytic techniques (e.g., attacks on original Ring-LWE or NTRU) and suitable for low-cost scenarios. In the end, our scheme can enable public-key encryption even on very small and low-cost 8-bit (ATXmega128) and 32-bit (Cortex-M0) microcontrollers.

Efficient and Expressive Keyword Search Over Encrypted Data in Cloud

Abstract: Searchable encryption allows a cloud server to conduct keyword search over encrypted data on behalf of the data users without learning the underlying plaintexts. However, most existing searchable encryption schemes only support single or conjunctive keyword search, while a few other schemes that are able to perform expressive keyword search are computationally inefficient since they are built from bilinear pairings over the composite-order groups. In this paper, we propose an expressive public-key searchable encryption scheme in the prime-order groups, which allows keyword search policies (i.e., predicates, access structures) to be expressed in conjunctive, disjunctive or any monotonic Boolean formulas and achieves significant performance improvement over existing schemes. We formally define its security, and prove that it is selectively secure in the standard model. Also, we implement the proposed scheme using a rapid prototyping tool called Charm [37], and conduct several experiments to evaluate it performance. The results demonstrate that our scheme is much more efficient than the ones built over the composite-order groups.

Functional Encryption for Inner Product with Full Function Privacy

Abstract: Functional encryption FE supports constrained decryption keys that allow decrypters to learn specific functions of encrypted messages. In numerous practical applications of FE, confidentiality must be assured not only for the encrypted data but also for the functions for which functional keys are provided. This paper presents a non-generic simple private key FE scheme for the inner product functionality, also known as inner product encryption IPE. In contrast to the existing similar schemes, our construction achieves the strongest indistinguishability-based notion of function privacy in the private key setting without employing any computationally expensive cryptographic tool or non-standard complexity assumption. Our construction is built in the asymmetric bilinear pairing group setting of prime order. The security of our scheme is based on the well-studied Symmetric External Diffie-Hellman SXDH assumption.

Lightweight Attribute-Based Encryption for the Internet of Things

Abstract: The large volume of data produced by the increasingly deployed Internet of Things (IoT), is shifting security priorities to consider data access control from a data-centric perspective. To secure the IoT, it becomes essential to implement a data access control solution that offers the necessary flexibility required to manage a large number of IoT devices. The concept of Ciphertext-Policy Attribute-based Encryption (CP-ABE) fulfills such requirement. It allows the data source to encrypt data while cryptographically enforcing a security access policy, whereby only authorized data users with the desired attributes are able to decrypt data. Yet, despite these manifest advantages; CPABE has not been designed taking into consideration energy efficiency. Many IoT devices, like sensors and actuators, cannot be part of CP-ABE enforcement points, because of their resource limitations in terms of CPU, memory, battery, etc. In this paper, we propose to extend the basic CP-ABE scheme using effective pre-computation techniques. We will experimentally compute the energy saving potential offered by the proposed variant of CPABE, and thus demonstrate the applicability of CP-ABE in the IoT.

Hierarchical Multi-Authority and Attribute-Based Encryption Friend Discovery Scheme in Mobile Social Networks

Abstract: In mobile social networks, to guarantee the security and privacy in the friend discovery process, we propose a hierarchical multi-authority and attribute-based encryption (ABE) friend discovery scheme based on ciphertext-policy (CP)-ABE. It employs character attribute subsets to achieve flexible fine-grained access control, which solves the problem of single-point failure and performance bottleneck. Performance analysis demonstrates the superiority of our scheme in terms of system initialization time and key generation time.

Cryptographic Hierarchical Access Control for Dynamic Structures

Abstract: A hierarchical key assignment scheme is a method to assign some private information and encryption keys to a set of classes in a partially ordered hierarchy, in such a way that the private information of a higher class can be used to derive the keys of all classes lower down in the hierarchy. Sometimes, it is necessary to make dynamic updates to the hierarchy, in order to implement an access control policy which evolves with time. All security models for hierarchical key assignment schemes have been designed to cope with static hierarchies and do not consider the issue of performing dynamic updates to the hierarchy. In this paper, we define the concept of hierarchical key assignment schemes supporting dynamic updates, formalizing the relative security model. In particular, we provide the notion of security with respect to key indistinguishability, by considering the dynamic changes to the hierarchy. Moreover, we show how to construct a hierarchical key assignment scheme supporting dynamic updates, by using as a building block a symmetric encryption scheme. The proposed construction is provably secure with respect to key indistinguishability, and provides efficient key derivation and updating procedures, while requiring each user to store only a single private key.