Showing papers on "Cryptography published in 2019"
TL;DR: A cosine-transform-based chaotic system (CTBCS) that can produce chaotic maps with complex dynamical behaviors and an image encryption scheme that provides a higher level of security than several advanced image encryption schemes.
463 citations
TL;DR: This paper designs secure building blocks, such as secure polynomial multiplication and secure comparison, by employing a homomorphic cryptosystem, Paillier, and constructs a secure SVM training algorithm, which requires only two interactions in a single iteration, with no need for a trusted third-party.
Abstract: Machine learning (ML) techniques have been widely used in many smart city sectors, where a huge amount of data is gathered from various (IoT) devices. As a typical ML model, support vector machine (SVM) enables efficient data classification and thereby finds its applications in real-world scenarios, such as disease diagnosis and anomaly detection. Training an SVM classifier usually requires a collection of labeled IoT data from multiple entities, raising great concerns about data privacy. Most of the existing solutions rely on an implicit assumption that the training data can be reliably collected from multiple data providers, which is often not the case in reality. To bridge the gap between ideal assumptions and realistic constraints, in this paper, we propose secureSVM , which is a privacy-preserving SVM training scheme over blockchain-based encrypted IoT data. We utilize the blockchain techniques to build a secure and reliable data sharing platform among multiple data providers, where IoT data is encrypted and then recorded on a distributed ledger. We design secure building blocks, such as secure polynomial multiplication and secure comparison, by employing a homomorphic cryptosystem, Paillier, and construct a secure SVM training algorithm, which requires only two interactions in a single iteration, with no need for a trusted third-party. Rigorous security analysis prove that the proposed scheme ensures the confidentiality of the sensitive data for each data provider as well as the SVM model parameters for data analysts. Extensive experiments demonstrates the efficiency of the proposed scheme.
299 citations
TL;DR: This paper presents a lightweight and privacy-preserving two-factor authentication scheme for IoT devices, where physically uncloneable functions have been considered as one of the authentication factors and is very efficient in terms of computational efficiently.
Abstract: Device authentication is an essential security feature for Internet of Things (IoT). Many IoT devices are deployed in the open and public places, which makes them vulnerable to physical and cloning attacks. Therefore, any authentication protocol designed for IoT devices should be robust even in cases when an IoT device is captured by an adversary. Moreover, many of the IoT devices have limited storage and computational capabilities. Hence, it is desirable that the security solutions for IoT devices should be computationally efficient. To address all these requirements, in this paper, we present a lightweight and privacy-preserving two-factor authentication scheme for IoT devices, where physically uncloneable functions have been considered as one of the authentication factors. Security and performance analysis show that our proposed scheme is not only robust against several attacks, but also very efficient in terms of computational efficiently.
255 citations
31 Jan 2019
TL;DR: The evaluation criteria and selection process is described, based on public feedback and internal review of the first-round candidates, and the 26 candidate algorithms announced on January 30, 2019 for moving forward to the second round of the competition are summarized.
Abstract: The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public competition-like process. The new publickey cryptography standards will specify one or more additional digital signature, public-key encryption, and key-establishment algorithms to augment FIPS 186-4, Digital Signature Standard (DSS), as well as special publications SP 800-56A Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B, Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. In November 2017, 82 candidate algorithms were submitted to NIST for consideration. Among these, 69 met both the minimum acceptance criteria and our submission requirements, and were accepted as First-Round Candidates on Dec. 20, 2017, marking the beginning of the First Round of the NIST Post-Quantum Cryptography Standardization Process. This report describes the evaluation criteria and selection process, based on public feedback and internal review of the first-round candidates, and summarizes the 26 candidate algorithms announced on January 30, 2019 for moving forward to the second round of the competition. The 17 Second-Round Candidate public-key encryption and key-establishment algorithms are BIKE, Classic McEliece, CRYSTALS-KYBER, FrodoKEM, HQC, LAC, LEDAcrypt (merger of LEDAkem/LEDApkc), NewHope, NTRU (merger of NTRUEncrypt/NTRU-HRSS-KEM), NTRU Prime, NTS-KEM, ROLLO (merger of LAKE/LOCKER/Ouroboros-R), Round5 (merger of Hila5/Round2), RQC, SABER, SIKE, and Three Bears. The 9 Second-Round Candidates for digital signatures are CRYSTALS-DILITHIUM, FALCON, GeMSS, LUOV, MQDSS, Picnic, qTESLA, Rainbow, and SPHINCS+.
246 citations
TL;DR: This paper presents a novel block design-based key agreement protocol that supports multiple participants, which can flexibly extend the number of participants in a cloud environment according to the structure of the block design.
Abstract: Data sharing in cloud computing enables multiple participants to freely share the group data, which improves the efficiency of work in cooperative environments and has widespread potential applications. However, how to ensure the security of data sharing within a group and how to efficiently share the outsourced data in a group manner are formidable challenges. Note that key agreement protocols have played a very important role in secure and efficient group data sharing in cloud computing. In this paper, by taking advantage of the symmetric balanced incomplete block design (SBIBD), we present a novel block design-based key agreement protocol that supports multiple participants, which can flexibly extend the number of participants in a cloud environment according to the structure of the block design. Based on the proposed group data sharing model, we present general formulas for generating the common conference key $\mathcal {K}$ K for multiple participants. Note that by benefiting from the $(v,k + 1,1)$ ( v , k + 1 , 1 ) -block design, the computational complexity of the proposed protocol linearly increases with the number of participants and the communication complexity is greatly reduced. In addition, the fault tolerance property of our protocol enables the group data sharing in cloud computing to withstand different key attacks, which is similar to Yi's protocol.
211 citations
TL;DR: In this article, a practical quantum secure direct communication (QSDC) system using concatenation of low-density parity-check (LDPC) codes is presented. But the security is analyzed in the Wyner wiretap channel theory and the system operates with a repetition rate of 1'MHz at a distance of 1.5 kilometers.
Abstract: Rapid development of supercomputers and the prospect of quantum computers are posing increasingly serious threats to the security of communication. Using the principles of quantum mechanics, quantum communication offers provable security of communication and is a promising solution to counter such threats. Quantum secure direct communication (QSDC) is one important branch of quantum communication. In contrast to other branches of quantum communication, it transmits secret information directly. Recently, remarkable progress has been made in proof-of-principle experimental demonstrations of QSDC. However, it remains a technical feat to bring QSDC into a practical application. Here, we report the implementation of a practical quantum secure communication system. The security is analyzed in the Wyner wiretap channel theory. The system uses a coding scheme of concatenation of low-density parity-check (LDPC) codes and works in a regime with a realistic environment of high noise and high loss. The present system operates with a repetition rate of 1 MHz at a distance of 1.5 kilometers. The secure communication rate is 50 bps, sufficient to effectively send text messages and reasonably sized files of images and sounds. A quantum communication system demonstrated by researchers in China can transfer information securely in a realistic noisy environment. Emerging supercomputers and quantum computers may soon break the classical encryption methods that protect our information, highlighting the need for new cryptographic techniques based on quantum mechanics. Gui-Lu Long at Tsinghua University, Beijing, and co-workers have demonstrated a form of quantum secure direct communication (QSDC) that transfers information directly without the need to distribute keys, which are vulnerable to attacks. The team used a laser to generate single photons, which could carry secure quantum information such as text messages and image files over a distance of 1.5 kilometers. The information was decoded successfully by the receiver, even when the situation was made realistic by causing high photon loss or introducing errors due to noise.
192 citations
TL;DR: A sanitizer is used to sanitize the data blocks corresponding to the sensitive information of the file and transforms these data blocks’ signatures into valid ones for the sanitized file, which makes the file stored in the cloud able to be shared and used by others on the condition that thesensitive information is hidden, while the remote data integrity auditing is still able to been efficiently executed.
Abstract: With cloud storage services, users can remotely store their data to the cloud and realize the data sharing with others. Remote data integrity auditing is proposed to guarantee the integrity of the data stored in the cloud. In some common cloud storage systems such as the electronic health records system, the cloud file might contain some sensitive information. The sensitive information should not be exposed to others when the cloud file is shared. Encrypting the whole shared file can realize the sensitive information hiding, but will make this shared file unable to be used by others. How to realize data sharing with sensitive information hiding in remote data integrity auditing still has not been explored up to now. In order to address this problem, we propose a remote data integrity auditing scheme that realizes data sharing with sensitive information hiding in this paper. In this scheme, a sanitizer is used to sanitize the data blocks corresponding to the sensitive information of the file and transforms these data blocks’ signatures into valid ones for the sanitized file. These signatures are used to verify the integrity of the sanitized file in the phase of integrity auditing. As a result, our scheme makes the file stored in the cloud able to be shared and used by others on the condition that the sensitive information is hidden, while the remote data integrity auditing is still able to be efficiently executed. Meanwhile, the proposed scheme is based on identity-based cryptography, which simplifies the complicated certificate management. The security analysis and the performance evaluation show that the proposed scheme is secure and efficient.
182 citations
08 Jun 2019
TL;DR: CHET is a domain-specific optimizing compiler designed to make the task of programming FHE applications easier, and generates homomorphic circuits that outperform expert-tuned circuits and makes it easy to switch across different encryption schemes.
Abstract: Fully Homomorphic Encryption (FHE) refers to a set of encryption schemes that allow computations on encrypted data without requiring a secret key. Recent cryptographic advances have pushed FHE into the realm of practical applications. However, programming these applications remains a huge challenge, as it requires cryptographic domain expertise to ensure correctness, security, and performance. CHET is a domain-specific optimizing compiler designed to make the task of programming FHE applications easier. Motivated by the need to perform neural network inference on encrypted medical and financial data, CHET supports a domain-specific language for specifying tensor circuits. It automates many of the laborious and error prone tasks of encoding such circuits homomorphically, including encryption parameter selection to guarantee security and accuracy of the computation, determining efficient tensor layouts, and performing scheme-specific optimizations. Our evaluation on a collection of popular neural networks shows that CHET generates homomorphic circuits that outperform expert-tuned circuits and makes it easy to switch across different encryption schemes. We demonstrate its scalability by evaluating it on a version of SqueezeNet, which to the best of our knowledge, is the deepest neural network to be evaluated homomorphically.
161 citations
TL;DR: This paper proposes an efficient and geometric range query scheme (EGRQ) supporting searching and data access control over encrypted spatial data, and employs secure KNN computation, polynomial fitting technique, and order-preserving encryption to achieve secure, efficient, and accurate geometricrange query over cloud data.
Abstract: As a basic query function, range query has been exploited in many scenarios such as SQL retrieves, location-based services, and computational geometry Meanwhile, with explosive growth of data volume, users are increasingly inclining to store data on the cloud for saving local storage and computational cost However, a long-standing problem is that the user’s data may be completely revealed to the cloud server because it has full data access right To cope with this problem, a frequently-used method is to encrypt raw data before outsourcing them, but the availability and operability of data will be reduced significantly In this paper, we propose an efficient and geometric range query scheme (EGRQ) supporting searching and data access control over encrypted spatial data We employ secure KNN computation, polynomial fitting technique, and order-preserving encryption to achieve secure, efficient, and accurate geometric range query over cloud data Then, we propose a novel spatial data access control strategy to refine user’s rights in our EGRQ To improve the efficiency, R-tree is adopted to reduce the searching space and matching times in whole search process Finally, we theoretically prove the security of our proposed scheme in terms of confidentiality of spatial data, privacy protection of index and trapdoor, and the unlinkability of trapdoors In addition, extensive experiments demonstrate the high efficiency of our proposed model compared with existing schemes
154 citations
TL;DR: The experimental results show that the distributed authentication can be processed by individual vehicles within 1 ms, which meets the real-time requirement and is much more efficient, in terms of the processing time and storage requirement, than existing approaches.
Abstract: The privacy-preserving authentication is considered as the first line of defense against the attacks in addition to preserving the identity privacy of the vehicles in the vehicular ad hoc networks (VANETs). However, the existing authentication schemes suffer from drawbacks such as nontransparency of the trusted authorities (TAs), heavy workload to revoke certificates, and high computation overhead to authenticate identities and messages. In this paper, we propose a blockchain-based privacy-preserving authentication (BPPA) scheme for VANETs. In BPPA, all the certificates and transactions are recorded permanently and immutably in the blockchain to make the activities of the semi-TAs transparent and verifiable. However, it remains a challenge how to use such blockchain effectively for authentication in real driving scenarios (e.g., high speed or large amount of messages during congestion). With a novel data structure named the Merkle Patricia tree (MPT), we extend the conventional blockchain structure to provide a distributed authentication scheme without the revocation list. To achieve conditional privacy, we allow a vehicle to use multiple certificates. The linkability between the certificates and real identity is encrypted and stored in the blockchain and can only be revealed in case of disputes. We evaluate the validity and performance of BPPA on the Hyperledger Fabric (HLF) platform for each entity. The experimental results show that the distributed authentication can be processed by individual vehicles within 1 ms, which meets the real-time requirement and is much more efficient, in terms of the processing time and storage requirement, than existing approaches.
135 citations
TL;DR: This work introduces a new ADMM, which allows time-varying penalty matrices and rigorously proves that it has a convergence rate of $O(1/t)$ .
Abstract: Privacy preservation is addressed for decentralized optimization, where $N$ agents cooperatively minimize the sum of $N$ convex functions private to these individual agents. In most existing decentralized optimization approaches, participating agents exchange and disclose states explicitly, which may not be desirable when the states contain sensitive information of individual agents. The problem is more acute when adversaries exist which try to steal information from other participating agents. To address this issue, we propose a privacy-preserving decentralized optimization approach based on alternating direction method of multipliers (ADMM) and partially homomorphic cryptography. To the best of our knowledge, this is the first time that cryptographic techniques are incorporated in a fully decentralized setting to enable privacy preservation in decentralized optimization in the absence of any third party or aggregator. To facilitate the incorporation of encryption in a fully decentralized manner, we introduce a new ADMM, which allows time-varying penalty matrices and rigorously prove that it has a convergence rate of $O(1/t)$ . Numerical and experimental results confirm the effectiveness and low-computational complexity of the proposed approach.
19 May 2019
TL;DR: In this article, the authors consider the problem of designing scalable, robust protocols for computing statistics about sensitive data in a distributed setting, where each user holds a private datum and need not trust the server.
Abstract: We consider the problem of designing scalable, robust protocols for computing statistics about sensitive data. Specifically, we look at how best to design differentially private protocols in a distributed setting, where each user holds a private datum. The literature has mostly considered two models: the “central” model, in which a trusted server collects users’ data in the clear, which allows greater accuracy; and the “local” model, in which users individually randomize their data, and need not trust the server, but accuracy is limited. Attempts to achieve the accuracy of the central model without a trusted server have so far focused on variants of cryptographic multiparty computation (MPC), which limits scalability.
TL;DR: Experimental results demonstrate that the presented technique has a high-security, high embedding capacity and good visual quality, and the results prove that the constructed S-box has vital qualities for viable applications in security purposes.
Abstract: Substitution boxes play an essential role in designing secure cryptosystems. With the evolution of quantum technologies, current data security mechanisms may be broken due to their construction based on mathematical computation. Quantum walks, a universal quantum computational model, play an essential role in designing quantum algorithms. We utilize the benefits of quantum walks to present a novel technique for constructing substitution boxes (S-boxes) based on quantum walks (QWs). The performance of the presented QWs S-box technique is evaluated by S-box evaluation criteria, and our results prove that the constructed S-box has vital qualities for viable applications in security purposes. Furthermore, a new technique for image steganography is constructed. The proposed technique is an integrated mechanism between classical data hiding and quantum walks to achieve better security for the embedded data. The embedding and extraction procedures are controlled by QWs S-box. The inclusion of cryptographic QWs S-box ensures the security of both embedding and extraction phases. At the extraction phase, only the stego image and the secret values are needed for constructing the secret data. Experimental results demonstrate that the presented technique has a high-security, high embedding capacity and good visual quality.
TL;DR: The proposed asymmetric image encryption method based on the elliptic curve ElGamal (EC-ElGamal) cryptography and chaotic theory has high security, good efficiency, and strong robustness against the chosen-plaintext attack which make it have potential applications for the image secure communications.
Abstract: Due to the potential security problem about key management and distribution for the symmetric image encryption schemes, a novel asymmetric image encryption method is proposed in this paper, which is based on the elliptic curve ElGamal (EC-ElGamal) cryptography and chaotic theory. Specifically, the SHA-512 hash is first adopted to generate the initial values of a chaotic system, and a crossover permutation in terms of chaotic index sequence is used to scramble the plain-image. Furthermore, the generated scrambled image is embedded into the elliptic curve for the encrypted by EC-ElGamal which can not only improve the security but also can help solve the key management problems. Finally, the diffusion combined chaos game with DNA sequence is executed to get the cipher image. The experimental analysis and performance comparisons demonstrate that the proposed method has high security, good efficiency, and strong robustness against the chosen-plaintext attack which make it have potential applications for the image secure communications.
TL;DR: To the best of the knowledge, this is the first multi-signature scheme provably secure under the Discrete Logarithm assumption in the plain public-key model which allows key aggregation.
Abstract: We describe a new Schnorr-based multi-signature scheme (i.e., a protocol which allows a group of signers to produce a short, joint signature on a common message) called $$\mathsf {MuSig}$$
, provably secure under the Discrete Logarithm assumption and in the plain public-key model (meaning that signers are only required to have a public key, but do not have to prove knowledge of the private key corresponding to their public key to some certification authority or to other signers before engaging the protocol). $$\mathsf {MuSig}$$
improves over the state-of-art scheme of Bellare and Neven (ACM Conference on Computer and Communications Security-CCS 2006) and its variants by Bagherzandi et al. (ACM Conference on Computer and Communications Security-CCS 2008) and Ma et al. (Des Codes Cryptogr 54(2):121–133, 2010) in two respects: (i) it is simple and efficient, having the same key and signature size as standard Schnorr signatures; (ii) it allows key aggregation, which informally means that the joint signature can be verified exactly as a standard Schnorr signature with respect to a single “aggregated” public key which can be computed from the individual public keys of the signers. To the best of our knowledge, this is the first multi-signature scheme provably secure under the Discrete Logarithm assumption in the plain public-key model which allows key aggregation. As an application, we explain how our new multi-signature scheme could improve both performance and user privacy in Bitcoin.
19 May 2019
TL;DR: This work surveys general-purpose compilers for secure multi-party computation and evaluates eleven systems on a range of criteria, including language expressibility, capabilities of the cryptographic back-end, and accessibility to developers.
Abstract: Secure multi-party computation (MPC) allows a group of mutually distrustful parties to compute a joint function on their inputs without revealing any information beyond the result of the computation. This type of computation is extremely powerful and has wide-ranging applications in academia, industry, and government. Protocols for secure computation have existed for decades, but only recently have general-purpose compilers for executing MPC on arbitrary functions been developed. These projects rapidly improved the state of the art, and began to make MPC accessible to non-expert users. However, the field is changing so rapidly that it is difficult even for experts to keep track of the varied capabilities of modern frameworks. In this work, we survey general-purpose compilers for secure multi-party computation. These tools provide high-level abstractions to describe arbitrary functions and execute secure computation protocols. We consider eleven systems: EMP-toolkit, Obliv-C, ObliVM, TinyGarble, SCALE-MAMBA (formerly SPDZ), Wysteria, Sharemind, PICCO, ABY, Frigate and CBMC-GC. We evaluate these systems on a range of criteria, including language expressibility, capabilities of the cryptographic back-end, and accessibility to developers. We advocate for improved documentation of MPC frameworks, standardization within the community, and make recommendations for future directions in compiler development. Installing and running these systems can be challenging, and for each system, we also provide a complete virtual environment (Docker container) with all the necessary dependencies to run the compiler and our example programs.
TL;DR: In this article, the authors combine steganography, cryptography and neural networks all together to hide an image inside another container image of the same or same size, which targets both the challenges and make data hiding secure and non-uniform.
Abstract: Steganography is an art of obscuring data inside another quotidian file of similar or varying types. Hiding data has always been of significant importance to digital forensics. Previously, steganography has been combined with cryptography and neural networks separately. Whereas, this research combines steganography, cryptography with the neural networks all together to hide an image inside another container image of the larger or same size. Although the cryptographic technique used is quite simple, but is effective when convoluted with deep neural nets. Other steganography techniques involve hiding data efficiently, but in a uniform pattern which makes it less secure. This method targets both the challenges and make data hiding secure and non-uniform.
Posted Content•
TL;DR: This paper proposes a novel technique for hiding arbitrary binary data in images using generative adversarial networks which allow us to optimize the perceptual quality of the images produced by the model.
Abstract: Image steganography is a procedure for hiding messages inside pictures. While other techniques such as cryptography aim to prevent adversaries from reading the secret message, steganography aims to hide the presence of the message itself. In this paper, we propose a novel technique for hiding arbitrary binary data in images using generative adversarial networks which allow us to optimize the perceptual quality of the images produced by our model. We show that our approach achieves state-of-the-art payloads of 4.4 bits per pixel, evades detection by steganalysis tools, and is effective on images from multiple datasets. To enable fair comparisons, we have released an open source library that is available online at this https URL.
TL;DR: This paper proposes a novel privacy-aware authenticated key agreement scheme which can not only ensure secure communication between smart meters and the service providers, but also the physical security of smart meters.
Abstract: Information and communication technologies (ICT) are one of the underpinning platforms of smart grids, facilitating efficient grid management and operation, optimization of resource utilization, as well as enabling new products, features, and services. However, this interconnection of grid technology with ICT leads to various security challenges in the power grid. One such concern is the tampering of usage data from smart meters which may result not only in incorrect billing, but also in incorrect decisions related to demand and supply management. In addition to network based cyber attacks, smart meters are also susceptible to physical attacks since they are installed in customer premises without hardware protection mechanisms. In this paper, we propose a novel privacy-aware authenticated key agreement scheme which can not only ensure secure communication between smart meters and the service providers, but also the physical security of smart meters. In this regard, we utilize the lightweight cryptographic primitives such as physically uncloneable functions and one-way hash function, etc. Hence, the proposed scheme is even suitable for the resource constrained smart meters.
TL;DR: This paper studies the performance of SIMON cryptographic algorithm and proposes a light-weight-cryptography algorithm based on SIMON for its possible use in an IoT driven setup and suggests further improvement to implement the original SIMON cryptography in order to reduce the encryption time and maintain the practical trade off between security and performance.
Abstract: Multimedia communication is revolutionizing all major spheres of human life. The advent of IoT and its applications in many fields like sensing, healthcare and industry, result exponential increase in multimedia data, that needs to be shared over insecure networks. IoT driven setups are however constrained in terms of resources as a result of their small size. From data security point of view a conventional algorithms cannot be used for data encryption on an IoT platform given the resource constraints. The work presented in this paper studies the performance of SIMON cryptographic algorithm and proposes a light-weight-cryptography algorithm based on SIMON for its possible use in an IoT driven setup. The focus is on speed enhancement benefitting from software prospective, making it different than common studies mostly reflecting hardware implementations. To achieve performance in practical prospective, the contribution looks into SIMON cipher’s characteristics considering utilizing it for internet of things (IoT) healthcare applications. The paper suggests further improvement to implement the original SIMON cryptography in order to reduce the encryption time and maintain the practical trade-off between security and performance. The proposed work has been compared to Advanced Encryption Standard (AES) and the original SIMON block cipher algorithms in terms of execution time, memory consumption. The results show that the proposed work is suitable for securing data in an IoT driven setup.
TL;DR: Experimental results demonstrate the effectiveness and reliability of the proposed optical image compression and encryption scheme with considerable compression and security performance.
TL;DR: This paper presents a ciphertext-policy HABE scheme with continuous leakage-resilience that is resilient to master key leakage and secret key leakage, and proves the security of the scheme under composite order bilinear group assumptions by using dual system encryption techniques.
TL;DR: This work presents a lightweight authentication and key agreement that enables trust, anonymity, integrity and adequate security in the domain of SEN, and employs hybrid cryptography to facilitate mutual trust, dynamic session key, integrity, and anonymity.
Abstract: Smart meters (SMs) are considered as foundational part of the smart metering infrastructure (SMI) in smart energy networks (SENs). SM is a digital device that makes use of two-way communication between consumer and utility to exchange, manage and control energy consumptions within a home. However, despite all the features, an SM raises several security-related concerns. For instance, how to exchange data between the legal entities (e.g., SM and utility server) while maintaining privacy of the consumer. To address these concerns, authentication and key agreement in SMI can provide important security properties that not only to maintain a trust between the legitimate entities but also to satisfy other security services. This work presents a lightweight authentication and key agreement that enables trust, anonymity, integrity and adequate security in the domain of SEN. The proposed scheme employs hybrid cryptography to facilitate mutual trust (authentication), dynamic session key, integrity, and anonymity. We justify the feasibility of the proposed scheme with a test-bed using 802.15.4 based device (i.e., SM). Moreover, through the security and performance analysis, we show that the proposed scheme is more effective and energy efficient compared to the previous schemes.
TL;DR: In this paper, the authors introduce a framework for the benchmarking of lightweight block ciphers on a multitude of embedded platforms, including 8-bit AVR, 16-bit MSP430, and 32-bit ARM.
Abstract: In this paper, we introduce a framework for the benchmarking of lightweight block ciphers on a multitude of embedded platforms Our framework is able to evaluate the execution time, RAM footprint, as well as binary code size, and allows one to define a custom “figure of merit” according to which all evaluated candidates can be ranked We used the framework to benchmark implementations of 19 lightweight ciphers, namely AES, Chaskey, Fantomas, HIGHT, LBlock, LEA, LED, Piccolo, PRESENT, PRIDE, PRINCE, RC5, RECTANGLE, RoadRunneR, Robin, Simon, SPARX, Speck, and TWINE, on three microcontroller platforms: 8-bit AVR, 16-bit MSP430, and 32-bit ARM Our results bring some new insights into the question of how well these lightweight ciphers are suited to secure the Internet of things The benchmarking framework provides cipher designers with an easy-to-use tool to compare new algorithms with the state of the art and allows standardization organizations to conduct a fair and consistent evaluation of a large number of candidates
Posted Content•
TL;DR: HEAX is presented, a novel hardware architecture for FHE that achieves unprecedented performance improvements and a new highly-parallelizable architecture for number-theoretic transform (NTT) which can be of independent interest as NTT is frequently used in many lattice-based cryptography systems.
Abstract: With the rapid increase in cloud computing, concerns surrounding data privacy, security, and confidentiality also have been increased significantly. Not only cloud providers are susceptible to internal and external hacks, but also in some scenarios, data owners cannot outsource the computation due to privacy laws such as GDPR, HIPAA, or CCPA. Fully Homomorphic Encryption (FHE) is a groundbreaking invention in cryptography that, unlike traditional cryptosystems, enables computation on encrypted data without ever decrypting it. However, the most critical obstacle in deploying FHE at large-scale is the enormous computation overhead.
In this paper, we present HEAX, a novel hardware architecture for FHE that achieves unprecedented performance improvement. HEAX leverages multiple levels of parallelism, ranging from ciphertext-level to fine-grained modular arithmetic level. Our first contribution is a new highly-parallelizable architecture for number-theoretic transform (NTT) which can be of independent interest as NTT is frequently used in many lattice-based cryptography systems. Building on top of NTT engine, we design a novel architecture for computation on homomorphically encrypted data. We also introduce several techniques to enable an end-to-end, fully pipelined design as well as reducing on-chip memory consumption. Our implementation on reconfigurable hardware demonstrates 164-268x performance improvement for a wide range of FHE parameters.
TL;DR: The key challenging problems for achieving physical layer security in URLLC are identified, the role that channel state information can have in providing potential solutions to these problems are discussed, and recommendations on future research directions in this emerging area are presented.
Abstract: URLLC is one category of service to be provided by next-generation wireless networks. Motivated by increasing security concerns in such networks, this article focuses on physical layer security in the context of URLLC. The physical layer security technique mainly uses transmission designs based on the intrinsic randomness of the wireless medium to achieve secrecy. As such, physical layer security is of a lower complexity and incurs less latency than traditional cryptography. In this article, we first introduce appropriate performance metrics for evaluating physical layer security in URLLC and investigate the trade-off between latency, reliability, and security. We then identify the key challenging problems for achieving physical layer security in URLLC, and discuss the role that channel state information can have in providing potential solutions to these problems. Finally, we present our recommendations on future research directions in this emerging area.
TL;DR: A privacy-preserving heath data aggregation scheme that securely collects health data from multiple sources and guarantee fair incentives for contributing patients is proposed and combines Boneh–Goh–Nissim cryptosystem and Shamir’s secret sharing to keep data obliviousness security and fault tolerance.
Abstract: With rapid development of e-healthcare systems, patients that are equipped with resource-limited e-healthcare devices (Internet of Things) generate huge amount of health data for health management. These health data possess significant medical value when aggregated from these distributed devices. However, efficient health data aggregation poses several security and privacy issues such as confidentiality disclosure and differential attacks, as well as patients may be reluctant to contribute their health data for aggregation. In this paper, we propose a privacy-preserving heath data aggregation scheme that securely collects health data from multiple sources and guarantee fair incentives for contributing patients. Specifically, we employ signature techniques to keep fair incentives for patients. Meanwhile, we add noises into the health data for differential privacy. Furthermore, we combine Boneh–Goh–Nissim cryptosystem and Shamir’s secret sharing to keep data obliviousness security and fault tolerance. Security and privacy discussions show that our scheme can resist differential attacks, tolerate healthcare centers failures, and keep fair incentives for patients. Performance evaluations demonstrate cost-efficient computation, communication and storage overhead.
TL;DR: A Privacy-preserving Thin-client Authentication Scheme (PTAS) employing the idea of private information retrieval (PIR) is presented, which enables thin-clients to run normally like full node users and protect their privacy simultaneously and a ( m -1)-private PTAS is proposed which means thin-client’s information can be protected against a collusion of at most at most full nodes users.
TL;DR: This research combines steganography, cryptography with the neural networks all together to hide an image inside another container image of the larger or same size.
Abstract: Steganography is an art of obscuring data inside another quotidian file of similar or varying types. Hiding data has always been of significant importance to digital forensics. Previously, steganography has been combined with cryptography and neural networks separately. Whereas, this research combines steganography, cryptography with the neural networks all together to hide an image inside another container image of the larger or same size. Although the cryptographic technique used is quite simple, but is effective when convoluted with deep neural nets. Other steganography techniques involve hiding data efficiently, but in a uniform pattern which makes it less secure. This method targets both the challenges and make data hiding secure and non-uniform.
01 Apr 2019
TL;DR: It is demonstrated that simple partial evaluation is sufficient to transform into the fastest-known C code, breaking the decades-old pattern that the only fast implementations are those whose instruction-level steps were written out by hand.
Abstract: We introduce a new approach for implementing cryptographic arithmetic in short high-level code with machine-checked proofs of functional correctness. We further demonstrate that simple partial evaluation is sufficient to transform into the fastest-known C code, breaking the decades-old pattern that the only fast implementations are those whose instruction-level steps were written out by hand. These techniques were used to build an elliptic-curve library that achieves competitive performance for 80 prime fields and multiple CPU architectures, showing that implementation and proof effort scales with the number and complexity of conceptually different algorithms, not their use cases. As one outcome, we present the first verified high-performance implementation of P-256, the most widely used elliptic curve. implementations from our library were included in BoringSSL to replace existing specialized code, for inclusion in several large deployments for Chrome, Android, and CloudFlare.