Showing papers on "Encryption published in 2017"

Homomorphic Encryption for Arithmetic of Approximate Numbers

Abstract: We suggest a method to construct a homomorphic encryption scheme for approximate arithmetic. It supports an approximate addition and multiplication of encrypted messages, together with a new rescaling procedure for managing the magnitude of plaintext. This procedure truncates a ciphertext into a smaller modulus, which leads to rounding of plaintext. The main idea is to add a noise following significant figures which contain a main message. This noise is originally added to the plaintext for security, but considered to be a part of error occurring during approximate computations that is reduced along with plaintext by rescaling. As a result, our decryption structure outputs an approximate value of plaintext with a predetermined precision.

End-to-end encrypted traffic classification with one-dimensional convolution neural networks

Abstract: Traffic classification plays an important and basic role in network management and cyberspace security. With the widespread use of encryption techniques in network applications, encrypted traffic has recently become a great challenge for the traditional traffic classification methods. In this paper we proposed an end-to-end encrypted traffic classification method with one-dimensional convolution neural networks. This method integrates feature extraction, feature selection and classifier into a unified end-to-end framework, intending to automatically learning nonlinear relationship between raw input and expected output. To the best of our knowledge, it is the first time to apply an end-to-end method to the encrypted traffic classification domain. The method is validated with the public ISCX VPN-nonVPN traffic dataset. Among all of the four experiments, with the best traffic representation and the fine-tuned model, 11 of 12 evaluation metrics of the experiment results outperform the state-of-the-art method, which indicates the effectiveness of the proposed method.

A Survey on Multiple-Antenna Techniques for Physical Layer Security

Abstract: As a complement to high-layer encryption techniques, physical layer security has been widely recognized as a promising way to enhance wireless security by exploiting the characteristics of wireless channels, including fading, noise, and interference. In order to enhance the received signal power at legitimate receivers and impair the received signal quality at eavesdroppers simultaneously, multiple-antenna techniques have been proposed for physical layer security to improve secrecy performance via exploiting spatial degrees of freedom. This paper provides a comprehensive survey on various multiple-antenna techniques in physical layer security, with an emphasis on transmit beamforming designs for multiple-antenna nodes. Specifically, we provide a detailed investigation on multiple-antenna techniques for guaranteeing secure communications in point-to-point systems, dual-hop relaying systems, multiuser systems, and heterogeneous networks. Finally, future research directions and challenges are identified.

Anonymous Authentication for Wireless Body Area Networks With Provable Security

Abstract: Advances in wireless communications, embedded systems, and integrated circuit technologies have enabled the wireless body area network (WBAN) to become a promising networking paradigm. Over the last decade, as an important part of the Internet of Things, we have witnessed WBANs playing an increasing role in modern medical systems because of its capabilities to collect real-time biomedical data through intelligent medical sensors in or around the patients’ body and send the collected data to remote medical personnel for clinical diagnostics. WBANs not only bring us conveniences but also bring along the challenge of keeping data’s confidentiality and preserving patients’ privacy. In the past few years, several anonymous authentication (AA) schemes for WBANs were proposed to enhance security by protecting patients’ identities and by encrypting medical data. However, many of these schemes are not secure enough. First, we review the most recent AA scheme for WBANs and point out that it is not secure for medical applications by proposing an impersonation attack. After that, we propose a new AA scheme for WBANs and prove that it is provably secure. Our detailed analysis results demonstrate that our proposed AA scheme not only overcomes the security weaknesses in previous schemes but also has the same computation costs at a client side.

A Modular Analysis of the Fujisaki-Okamoto Transformation

Abstract: The Fujisaki-Okamoto (FO) transformation (CRYPTO 1999 and Journal of Cryptology 2013) turns any weakly secure public-key encryption scheme into a strongly (i.e., \(\mathsf {IND}\text {-}\mathsf {CCA}\)) secure one in the random oracle model. Unfortunately, the FO analysis suffers from several drawbacks, such as a non-tight security reduction, and the need for a perfectly correct scheme. While several alternatives to the FO transformation have been proposed, they have stronger requirements, or do not obtain all desired properties.

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Abstract: Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.

An image encryption scheme based on chaotic tent map

Abstract: Image encryption has been an attractive research field in recent years. The chaos-based cryptographic algorithms have suggested some new and efficient ways to develop secure image encryption techniques. This paper proposes a novel image encryption scheme, which is based on the chaotic tent map. Image encryption systems based on such map show some better performances. Firstly, the chaotic tent map is modified to generate chaotic key stream that is more suitable for image encryption. Secondly, the chaos-based key stream is generated by a 1-D chaotic tent map, which has a better performance in terms of randomness properties and security level. The performance and security analysis of the proposed image encryption scheme is performed using well-known ways. The results of the fail-safe analysis are inspiring, and it can be concluded that the proposed scheme is efficient and secure.

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Abstract: We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key's associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack. All protected Wi-Fi networks use the 4-way handshake to generate a fresh session key. So far, this 14-year-old handshake has remained free from attacks, and is even proven secure. However, we show that the 4-way handshake is vulnerable to a key reinstallation attack. Here, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying handshake messages. When reinstalling the key, associated parameters such as the incremental transmit packet number (nonce) and receive packet number (replay counter) are reset to their initial value. Our key reinstallation attack also breaks the PeerKey, group key, and Fast BSS Transition (FT) handshake. The impact depends on the handshake being attacked, and the data-confidentiality protocol in use. Simplified, against AES-CCMP an adversary can replay and decrypt (but not forge) packets. This makes it possible to hijack TCP streams and inject malicious data into them. Against WPA-TKIP and GCMP the impact is catastrophic: packets can be replayed, decrypted, and forged. Because GCMP uses the same authentication key in both communication directions, it is especially affected. Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.

Opaque: an oblivious and encrypted distributed analytics platform

Abstract: Many systems run rich analytics on sensitive data in the cloud, but are prone to data breaches. Hardware enclaves promise data confidentiality and secure execution of arbitrary computation, yet still suffer from access pattern leakage. We propose Opaque, a distributed data analytics platform supporting a wide range of queries while providing strong security guarantees. Opaque introduces new distributed oblivious relational operators that hide access patterns, and new query planning techniques to optimize these new operators. Opaque is implemented on Spark SQL with few changes to the underlying system. Opaque provides data encryption, authentication and computation verification with a performance ranging from 52% faster to 3.3x slower as compared to vanilla Spark SQL; obliviousness comes with a 1.6-46x overhead. Opaque provides an improvement of three orders of magnitude over state-of-the-art oblivious protocols, and our query optimization techniques improve performance by 2-5x.

CryptoDL: Deep Neural Networks over Encrypted Data

Abstract: Machine learning algorithms based on deep neural networks have achieved remarkable results and are being extensively used in different domains. However, the machine learning algorithms requires access to raw data which is often privacy sensitive. To address this issue, we develop new techniques to provide solutions for running deep neural networks over encrypted data. In this paper, we develop new techniques to adopt deep neural networks within the practical limitation of current homomorphic encryption schemes. More specifically, we focus on classification of the well-known convolutional neural networks (CNN). First, we design methods for approximation of the activation functions commonly used in CNNs (i.e. ReLU, Sigmoid, and Tanh) with low degree polynomials which is essential for efficient homomorphic encryption schemes. Then, we train convolutional neural networks with the approximation polynomials instead of original activation functions and analyze the performance of the models. Finally, we implement convolutional neural networks over encrypted data and measure performance of the models. Our experimental results validate the soundness of our approach with several convolutional neural networks with varying number of layers and structures. When applied to the MNIST optical character recognition tasks, our approach achieves 99.52\% accuracy which significantly outperforms the state-of-the-art solutions and is very close to the accuracy of the best non-private version, 99.77\%. Also, it can make close to 164000 predictions per hour. We also applied our approach to CIFAR-10, which is much more complex compared to MNIST, and were able to achieve 91.5\% accuracy with approximation polynomials used as activation functions. These results show that CryptoDL provides efficient, accurate and scalable privacy-preserving predictions.

Advanced lightweight encryption algorithms for IoT devices: survey, challenges and solutions

Abstract: There are many emerging areas in which highly constrained devices are interconnected and communicated to accomplish some tasks Nowadays, Internet of Things (IoT) enables many low resources and constrained devices to communicate, compute process and make decision in the communication network In the heterogeneous environments for IoT, there are many challenges and issues like power consumption of devices, limited battery, memory space, performance cost, and security in the Information Communication Technology (ICT) network In this paper, we discuss a state-of-art of lightweight cryptographic primitives which include lightweight block ciphers, hash function, stream ciphers, high performance system, and low resources device for IoT environment in details We analyze many lightweight cryptographic algorithms based on their key size, block size, number of rounds, and structures In addition, we discuss the security architecture in IoT for constrained device environment, and focus on research challenges, issues and solutions Finally, a proposed security scheme with a service scenario for an improvement of resource constrained IoT environment and open issues are discussed

KSF-OABE: Outsourced Attribute-Based Encryption with Keyword Search Function for Cloud Storage

Abstract: Cloud computing becomes increasingly popular for data owners to outsource their data to public cloud servers while allowing intended data users to retrieve these data stored in cloud. This kind of computing model brings challenges to the security and privacy of data stored in cloud. Attribute-based encryption (ABE) technology has been used to design fine-grained access control system, which provides one good method to solve the security issues in cloud setting. However, the computation cost and ciphertext size in most ABE schemes grow with the complexity of the access policy. Outsourced ABE (OABE) with fine-grained access control system can largely reduce the computation cost for users who want to access encrypted data stored in cloud by outsourcing the heavy computation to cloud service provider (CSP). However, as the amount of encrypted files stored in cloud is becoming very huge, which will hinder efficient query processing. To deal with above problem, we present a new cryptographic primitive called attribute-based encryption scheme with outsourcing key-issuing and outsourcing decryption, which can implement keyword search function (KSF-OABE). The proposed KSF-OABE scheme is proved secure against chosen-plaintext attack (CPA). CSP performs partial decryption task delegated by data user without knowing anything about the plaintext. Moreover, the CSP can perform encrypted keyword search without knowing anything about the keywords embedded in trapdoor.

Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing

Abstract: With the development of cloud computing, outsourcing data to cloud server attracts lots of attentions. To guarantee the security and achieve flexibly fine-grained file access control, attribute based encryption (ABE) was proposed and used in cloud storage system. However, user revocation is the primary issue in ABE schemes. In this article, we provide a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system. The issue of user revocation can be solved efficiently by introducing the concept of user group. When any user leaves, the group manager will update users’ private keys except for those who have been revoked. Additionally, CP-ABE scheme has heavy computation cost, as it grows linearly with the complexity for the access structure. To reduce the computation cost, we outsource high computation load to cloud service providers without leaking file content and secret keys. Notably, our scheme can withstand collusion attack performed by revoked users cooperating with existing users. We prove the security of our scheme under the divisible computation Diffie-Hellman assumption. The result of our experiment shows computation cost for local devices is relatively low and can be constant. Our scheme is suitable for resource constrained devices.

How to Simulate It – A Tutorial on the Simulation Proof Technique

Abstract: One of the most fundamental notions of cryptography is that of simulation. It stands behind the concepts of semantic security, zero knowledge, and security for multiparty computation. However, writing a simulator and proving security via the use of simulation is a nontrivial task, and one that many newcomers to the field often find difficult. In this tutorial, we provide a guide to how to write simulators and prove security via the simulation paradigm. Although we have tried to make this tutorial as stand-alone as possible, we assume some familiarity with the notions of secure encryption, zero-knowledge, and secure computation.

Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives

Abstract: Using dynamic Searchable Symmetric Encryption, a user with limited storage resources can securely outsource a database to an untrusted server, in such a way that the database can still be searched and updated efficiently. For these schemes, it would be desirable that updates do not reveal any information a priori about the modifications they carry out, and that deleted results remain inaccessible to the server a posteriori. If the first property, called forward privacy, has been the main motivation of recent works, the second one, backward privacy, has been overlooked. In this paper, we study for the first time the notion of backward privacy for searchable encryption. After giving formal definitions for different flavors of backward privacy, we present several schemes achieving both forward and backward privacy, with various efficiency trade-offs. Our constructions crucially rely on primitives such as constrained pseudo-random functions and puncturable encryption schemes. Using these advanced cryptographic primitives allows for a fine-grained control of the power of the adversary, preventing her from evaluating functions on selected inputs, or decrypting specific ciphertexts. In turn, this high degree of control allows our SSE constructions to achieve the stronger forms of privacy outlined above. As an example, we present a framework to construct forward-private schemes from range-constrained pseudo-random functions. Finally, we provide experimental results for implementations of our schemes, and study their practical efficiency.

Wireless physical layer security.

Abstract: Security in wireless networks has traditionally been considered to be an issue to be addressed separately from the physical radio transmission aspects of wireless systems. However, with the emergence of new networking architectures that are not amenable to traditional methods of secure communication such as data encryption, there has been an increase in interest in the potential of the physical properties of the radio channel itself to provide communications security. Information theory provides a natural framework for the study of this issue, and there has been considerable recent research devoted to using this framework to develop a greater understanding of the fundamental ability of the so-called physical layer to provide security in wireless networks. Moreover, this approach is also suggestive in many cases of coding techniques that can approach fundamental limits in practice and of techniques for other security tasks such as authentication. This paper provides an overview of these developments.

Achieving Efficient and Secure Data Acquisition for Cloud-Supported Internet of Things in Smart Grid

Abstract: Cloud-supported Internet of Things (Cloud-IoT) has been broadly deployed in smart grid systems. The IoT front-ends are responsible for data acquisition and status supervision, while the substantial amount of data is stored and managed in the cloud server. Achieving data security and system efficiency in the data acquisition and transmission process are of great significance and challenging, because the power grid-related data is sensitive and in huge amount. In this paper, we present an efficient and secure data acquisition scheme based on ciphertext policy attribute-based encryption. Data acquired from the terminals will be partitioned into blocks and encrypted with its corresponding access subtree in sequence, thereby the data encryption and data transmission can be processed in parallel. Furthermore, we protect the information about the access tree with threshold secret sharing method, which can preserve the data privacy and integrity from users with the unauthorized sets of attributes. The formal analysis demonstrates that the proposed scheme can fulfill the security requirements of the Cloud-IoT in smart grid. The numerical analysis and experimental results indicate that our scheme can effectively reduce the time cost compared with other popular approaches.

Secure image encryption algorithm design using a novel chaos based S-Box

Abstract: In this study, an encryption algorithm that uses chaos based S-BOX is developed for secure and speed image encryption. First of all, a new chaotic system is developed for creating S-Box and image encryption algorithm. Chaos based random number generator is designed with the help of the new chaotic system. Then, NIST tests are run on generated random numbers to verify randomness. A new S-Box design algorithm is developed to create the chaos based S-Box to be utilized in encryption algorithm and performance tests are made. As the next step, the new developed S-Box based image encryption algorithm is introduced in detail. Finally, image encryption application is carried out. To show the quality and strong of the encryption process, security analysis are performed. Proposed algorithm is compared with the AES and chaos algorithms. According to tests results, the proposed image encryption algorithm is secure and speed for image encryption application.

Security and Privacy Preservation Scheme of Face Identification and Resolution Framework Using Fog Computing in Internet of Things

Abstract: Face identification and resolution technology is crucial to ensure the identity consistency of humans in physical space and cyber space. In the current Internet of Things (IoT) and big data situation, the increase of applications based on face identification and resolution raises the demands of computation, communication, and storage capabilities. Therefore, we have proposed the fog computing-based face identification and resolution framework to improve processing capacity and save the bandwidth. However, there are some security and privacy issues brought by the properties of fog computing-based framework. In this paper, we propose a security and privacy preservation scheme to solve the above issues. We give an outline of the fog computing-based face identification and resolution framework, and summarize the security and privacy issues. Then the authentication and session key agreement scheme, data encryption scheme, and data integrity checking scheme are proposed to solve the issues of confidentiality, integrity, and availability in the processes of face identification and face resolution. Finally, we implement a prototype system to evaluate the influence of security scheme on system performance. Meanwhile, we also evaluate and analyze the security properties of proposed scheme from the viewpoint of logical formal proof and the confidentiality, integrity, and availability (CIA) properties of information security. The results indicate that the proposed scheme can effectively meet the requirements for security and privacy preservation.

An image encryption algorithm based on the memristive hyperchaotic system, cellular automata and DNA sequence operations

Abstract: A novel image encryption scheme employing the memristive hyperchaotic system, cellular automata (CA) and DNA sequence operations is presented, which consists of diffusion process. SHA 256 hash function is used to give the secret key and compute the initial values of the chaotic system. Moreover, a dynamic DNA encoding scheme is introduced. Two DNA rule matrices for encoding the plain image and two-dimensional (2D) CA are generated from chaotic sequences, and they are controlled by the plain image, so that there are different DNA encoding rules for different original image. Besides, we manipulate block diffusion encryption method to the plain image in order to save time. The previous diffused block image and 2D CA are combined to affect the encryption effect of the current block image. Among them, 2D CA is updated by the local rule computed from the previous diffused sub image, and its initial configuration is determined by the chaotic sequences. Simulation results and security analyses both confirm that the proposed image encryption scheme not only demonstrates extraordinary encryption performance, but also resists various attacks. It can be applied in secure image and video communication fields. A novel chaos-based image encryption scheme is presented.The proposed encryption algorithm is sensitive to the plain image.This algorithm is highly secure enough to resist common attacks.

SIT: A Lightweight Encryption Algorithm for Secure Internet of Things

Abstract: The Internet of Things (IoT) being a promising technology of the future is expected to connect billions of devices. The increased number of communication is expected to generate mountains of data and the security of data can be a threat. The devices in the architecture are essentially smaller in size and low powered. Conventional encryption algorithms are generally computationally expensive due to their complexity and requires many rounds to encrypt, essentially wasting the constrained energy of the gadgets. Less complex algorithm, however, may compromise the desired integrity. In this paper we propose a lightweight encryption algorithm named as Secure IoT (SIT). It is a 64-bit block cipher and requires 64-bit key to encrypt the data. The architecture of the algorithm is a mixture of feistel and a uniform substitution-permutation network. Simulations result shows the algorithm provides substantial security in just five encryption rounds. The hardware implementation of the algorithm is done on a low cost 8-bit micro-controller and the results of code size, memory utilization and encryption/decryption execution cycles are compared with benchmark encryption algo-rithms. The MATLAB code for relevant simulations is available online at https://goo.gl/Uw7E0W.