Showing papers on "Encryption published in 2018"
TL;DR: The basics of HE and the details of the well-known Partially Homomorphic Encryption and Somewhat Homomorphic encryption schemes, which are important pillars for achieving FHE, are presented and the implementations and recent improvements in Gentry-type FHE schemes are surveyed.
Abstract: Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the data. Especially with popular cloud services, control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. Therefore, this survey focuses on HE and FHE schemes. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars for achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes, are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, and extending the state-of-the-art HE, PHE, SWHE, and FHE systems.
504 citations
TL;DR: This paper studies the data storage and sharing scheme for decentralized storage systems and proposes a framework that combines the decentralized storage system interplanetary file system, the Ethereum blockchain, and ABE technology, and solves the problem that the cloud server may not return all of the results searched or return wrong results.
Abstract: In traditional cloud storage systems, attribute-based encryption (ABE) is regarded as an important technology for solving the problem of data privacy and fine-grained access control. However, in all ABE schemes, the private key generator has the ability to decrypt all data stored in the cloud server, which may bring serious problems such as key abuse and privacy data leakage. Meanwhile, the traditional cloud storage model runs in a centralized storage manner, so single point of failure may leads to the collapse of system. With the development of blockchain technology, decentralized storage mode has entered the public view. The decentralized storage approach can solve the problem of single point of failure in traditional cloud storage systems and enjoy a number of advantages over centralized storage, such as low price and high throughput. In this paper, we study the data storage and sharing scheme for decentralized storage systems and propose a framework that combines the decentralized storage system interplanetary file system, the Ethereum blockchain, and ABE technology. In this framework, the data owner has the ability to distribute secret key for data users and encrypt shared data by specifying access policy, and the scheme achieves fine-grained access control over data. At the same time, based on smart contract on the Ethereum blockchain, the keyword search function on the cipher text of the decentralized storage systems is implemented, which solves the problem that the cloud server may not return all of the results searched or return wrong results in the traditional cloud storage systems. Finally, we simulated the scheme in the Linux system and the Ethereum official test network Rinkeby, and the experimental results show that our scheme is feasible.
433 citations
TL;DR: The proposed hybrid security model for securing the diagnostic text data in medical images proved its ability to hide the confidential patient’s data into a transmitted cover image with high imperceptibility, capacity, and minimal deterioration in the received stego-image.
Abstract: Due to the significant advancement of the Internet of Things (IoT) in the healthcare sector, the security, and the integrity of the medical data became big challenges for healthcare services applications. This paper proposes a hybrid security model for securing the diagnostic text data in medical images. The proposed model is developed through integrating either 2-D discrete wavelet transform 1 level (2D-DWT-1L) or 2-D discrete wavelet transform 2 level (2D-DWT-2L) steganography technique with a proposed hybrid encryption scheme. The proposed hybrid encryption schema is built using a combination of Advanced Encryption Standard, and Rivest, Shamir, and Adleman algorithms. The proposed model starts by encrypting the secret data; then it hides the result in a cover image using 2D-DWT-1L or 2D-DWT-2L. Both color and gray-scale images are used as cover images to conceal different text sizes. The performance of the proposed system was evaluated based on six statistical parameters; the peak signal-to-noise ratio (PSNR), mean square error (MSE), bit error rate (BER), structural similarity (SSIM), structural content (SC), and correlation. The PSNR values were relatively varied from 50.59 to 57.44 in case of color images and from 50.52 to 56.09 with the gray scale images. The MSE values varied from 0.12 to 0.57 for the color images and from 0.14 to 0.57 for the gray scale images. The BER values were zero for both images, while SSIM, SC, and correlation values were ones for both images. Compared with the state-of-the-art methods, the proposed model proved its ability to hide the confidential patient’s data into a transmitted cover image with high imperceptibility, capacity, and minimal deterioration in the received stego-image.
414 citations
TL;DR: This paper proposes a new attribute-based data sharing scheme suitable for resource-limited mobile users in cloud computing and is proven secure against adaptively chosen-ciphertext attacks, which is widely recognized as a standard security notion.
407 citations
TL;DR: A two-dimensional (2D) Logistic-Sine-coupling map (LSCM) is presented and performance estimations demonstrate that it has better ergodicity, more complex behavior and larger chaotic range than several newly developed 2D chaotic maps.
383 citations
24 Apr 2018
TL;DR: This paper introduces Kyber, a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices, and introduces a CPA-secure public-key encryption scheme and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes.
Abstract: Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digitalsignature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of CRYSTALS – Cryptographic Suite for Algebraic Lattices – a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NEWHOPE KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme. We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki–Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of postquantum security.
370 citations
10 Apr 2018
TL;DR: PASH is introduced, a privacy-aware s-health access control system, in which the key ingredient is a large universe CP-ABE with access policies partially hidden, and attribute values of access policies are hidden in encrypted SHRs and only attribute names are revealed.
Abstract: With the rapid development of the Internet of Things and cloud computing technologies, smart health (s-health) is expected to significantly improve the quality of health care. However, data security and user privacy concerns in s-health have not been adequately addressed. As a well-received solution to realize fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has the potential to ensure data security in s-health. Nevertheless, direct adoption of the traditional CP-ABE in s-health suffers two flaws. For one thing, access policies are in cleartext form and reveal sensitive health-related information in the encrypted s-health records (SHRs). For another, it usually supports small attribute universe, which places an undesirable limitation on practical deployments of CP-ABE because the size of its public parameters grows linearly with the size of the universe. To address these problems, we introduce PASH, a privacy-aware s-health access control system, in which the key ingredient is a large universe CP-ABE with access policies partially hidden. In PASH, attribute values of access policies are hidden in encrypted SHRs and only attribute names are revealed. In fact, attribute values carry much more sensitive information than generic attribute names. Particularly, PASH realizes an efficient SHR decryption test which needs a small number of bilinear pairings. The attribute universe can be exponentially large and the size of public parameters is small and constant. Our security analysis indicates that PASH is fully secure in the standard model. Performance comparisons and experimental results show that PASH is more efficient and expressive than previous schemes.
337 citations
TL;DR: This work presents a blockchain-based system for secure mutual authentication, BSeIn, to enforce fine-grained access control polices and is designed to provide privacy and security guarantees such as anonymous authentication, auditability, and confidentiality.
307 citations
TL;DR: A novel image encryption scheme whose image pixels are diffused by the DNA approach and permutated by 2D-HSM, is proposed to protect image content while an image is transferred over the Internet.
289 citations
Posted Content•
TL;DR: Gazelle is designed, a scalable and low-latency system for secure neural network inference, using an intricate combination of homomorphic encryption and traditional two-party computation techniques (such as garbled circuits).
Abstract: The growing popularity of cloud-based machine learning raises a natural question about the privacy guarantees that can be provided in such a setting. Our work tackles this problem in the context where a client wishes to classify private images using a convolutional neural network (CNN) trained by a server. Our goal is to build efficient protocols whereby the client can acquire the classification result without revealing their input to the server, while guaranteeing the privacy of the server's neural network.
To this end, we design Gazelle, a scalable and low-latency system for secure neural network inference, using an intricate combination of homomorphic encryption and traditional two-party computation techniques (such as garbled circuits). Gazelle makes three contributions. First, we design the Gazelle homomorphic encryption library which provides fast algorithms for basic homomorphic operations such as SIMD (single instruction multiple data) addition, SIMD multiplication and ciphertext permutation. Second, we implement the Gazelle homomorphic linear algebra kernels which map neural network layers to optimized homomorphic matrix-vector multiplication and convolution routines. Third, we design optimized encryption switching protocols which seamlessly convert between homomorphic and garbled circuit encodings to enable implementation of complete neural network inference.
We evaluate our protocols on benchmark neural networks trained on the MNIST and CIFAR-10 datasets and show that Gazelle outperforms the best existing systems such as MiniONN (ACM CCS 2017) by 20 times and Chameleon (Crypto Eprint 2017/1164) by 30 times in online runtime. Similarly when compared with fully homomorphic approaches like CryptoNets (ICML 2016) we demonstrate three orders of magnitude faster online run-time.
288 citations
TL;DR: Contrary to current expectation, eavesdropping on terahertz wireless data links is shown to be easier than expected, by placing an object in the path of the signal that scatters part of it to a receiver located elsewhere.
Abstract: Resiliency against eavesdropping and other security threats has become one of the key design considerations for communication systems. As wireless systems become ubiquitous, there is an increasing need for security protocols at all levels, including software (such as encryption), hardware (such as trusted platform modules) and the physical layer (such as wave-front engineering)1–5. With the inevitable shift to higher carrier frequencies, especially in the terahertz range (above 100 gigahertz), an important consideration is the decreased angular divergence (that is, the increased directionality) of transmitted signals, owing to the reduced effects of diffraction on waves with shorter wavelengths. In recent years, research on wireless devices6–8 and systems9–11 that operate at terahertz frequencies has ramped up markedly. These high-frequency, narrow-angle broadcasts present a more challenging environment for eavesdroppers compared to the wide-area broadcasts used at lower frequencies12,13. However, despite the widespread assumption of improved security for high-frequency wireless data links14–16, the possibility of terahertz eavesdropping has not yet been characterized. A few recent studies have considered the issue at lower frequencies5,12,13,17,18, but generally with the idea that the eavesdropper’s antenna must be located within the broadcast sector of the transmitting antenna, leading to the conclusion that eavesdropping becomes essentially impossible when the transmitted signal has sufficiently high directionality15. Here we demonstrate that, contrary to this expectation, an eavesdropper can intercept signals in line-of-sight transmissions, even when they are transmitted at high frequencies with narrow beams. The eavesdropper’s techniques are different from those for lower-frequency transmissions, as they involve placing an object in the path of the transmission to scatter radiation towards the eavesdropper. We also discuss one counter-measure for this eavesdropping technique, which involves characterizing the backscatter of the channel. We show that this counter-measure can be used to detect some, although not all, eavesdroppers. Our work highlights the importance of physical-layer security in terahertz wireless networks and the need for transceiver designs that incorporate new counter-measures. Contrary to current expectation, eavesdropping on terahertz wireless data links is shown to be easier than expected, by placing an object in the path of the signal that scatters part of it to a receiver located elsewhere.
TL;DR: A novel image encryption algorithm is designed by employing bit-level permutation and diffusion simultaneously, which has good encryption effect and high efficiency and can resist typical attacks including statistical, brute-force, differential attacks and so forth.
TL;DR: An image encryption algorithm based on chaotic system and compressive sensing and the ECA that can compress and encrypt the image simultaneously by use of CS, which may reduce the amount of data and storage space.
TL;DR: This paper proposes a new reversible method based on MSB (most significant bit) prediction with a very high capacity, which is better than current state of the art methods, both in terms of reconstructed image quality and embedding capacity.
Abstract: Reversible data hiding in encrypted images (RDHEI) is an effective technique to embed data in the encrypted domain. An original image is encrypted with a secret key and during or after its transmission, it is possible to embed additional information in the encrypted image, without knowing the encryp-tion key or the original content of the image. During the decoding process, the secret message can be extracted and the original image can be reconstructed. In the last few years, RDHEI has started to draw research interest. Indeed, with the development of cloud computing, data privacy has become a real issue. However, none of the existing methods allow us to hide a large amount of information in a reversible manner. In this paper, we propose a new reversible method based on MSB (most significant bit) prediction with a very high capacity. We present two approaches, these are: high capacity reversible data hiding approach with correction of prediction errors and high capacity reversible data hiding approach with embedded prediction errors. With this method, regardless of the approach used, our results are better than those obtained with current state of the art methods, both in terms of reconstructed image quality and embedding capacity.
TL;DR: A solution for secure and efficient image encryption with the help of self-adaptive permutation–diffusion and DNA random encoding and the reusability of the random variables can dramatically promote the efficiency of the cryptosystem, which renders great potential for real-time secure image applications.
Proceedings Article•
16 Jan 2018TL;DR: Gazelle as discussed by the authors is a scalable and low-latency system for secure neural network inference, using an intricate combination of homomorphic encryption and traditional two-party computation techniques (such as garbled circuits).
Abstract: The growing popularity of cloud-based machine learning raises a natural question about the privacy guarantees that can be provided in such a setting. Our work tackles this problem in the context where a client wishes to classify private images using a convolutional neural network (CNN) trained by a server. Our goal is to build efficient protocols whereby the client can acquire the classification result without revealing their input to the server, while guaranteeing the privacy of the server's neural network.
To this end, we design Gazelle, a scalable and low-latency system for secure neural network inference, using an intricate combination of homomorphic encryption and traditional two-party computation techniques (such as garbled circuits). Gazelle makes three contributions. First, we design the Gazelle homomorphic encryption library which provides fast algorithms for basic homomorphic operations such as SIMD (single instruction multiple data) addition, SIMD multiplication and ciphertext permutation. Second, we implement the Gazelle homomorphic linear algebra kernels which map neural network layers to optimized homomorphic matrix-vector multiplication and convolution routines. Third, we design optimized encryption switching protocols which seamlessly convert between homomorphic and garbled circuit encodings to enable implementation of complete neural network inference.
We evaluate our protocols on benchmark neural networks trained on the MNIST and CIFAR-10 datasets and show that Gazelle outperforms the best existing systems such as MiniONN (ACM CCS 2017) by 20 times and Chameleon (Crypto Eprint 2017/1164) by 30 times in online runtime. Similarly when compared with fully homomorphic approaches like CryptoNets (ICML 2016) we demonstrate three orders of magnitude faster online run-time.
TL;DR: A new cryptographic primitive is introduced, called combined attribute-based/identity-based encryption and signature (C-AB/IB-ES), which greatly facilitates the management of the system, and does not need to introduce different cryptographic systems for different security requirements.
Abstract: To achieve confidentiality, authentication, integrity of medical data, and support fine-grained access control, we propose a secure electronic health record (EHR) system based on attribute-based cryptosystem and blockchain technology. In our system, we use attribute-based encryption (ABE) and identity-based encryption (IBE) to encrypt medical data, and use identity-based signature (IBS) to implement digital signatures. To achieve different functions of ABE, IBE and IBS in one cryptosystem, we introduce a new cryptographic primitive, called combined attribute-based/identity-based encryption and signature (C-AB/IB-ES). This greatly facilitates the management of the system, and does not need to introduce different cryptographic systems for different security requirements. In addition, we use blockchain techniques to ensure the integrity and traceability of medical data. Finally, we give a demonstrating application for medical insurance scene.
TL;DR: Simulations and evaluations show that both encryption schemes using bitwise XOR and modulo arithmetic have high security levels, can achieve much faster speeds, and can better adapt to impulse noise and data loss interference than several typical and state-of-the-art encryption schemes.
TL;DR: The results ascertain that the proposed encryption algorithm based on the piecewise linear chaotic map and the chaotic inertial neural network is efficient and reliable for secure communication applications.
Abstract: In this paper, synchronization of an inertial neural network with time-varying delays is investigated. Based on the variable transformation method, we transform the second-order differential equations into the first-order differential equations. Then, using suitable Lyapunov–Krasovskii functionals and Jensen’s inequality, the synchronization criteria are established in terms of linear matrix inequalities. Moreover, a feedback controller is designed to attain synchronization between the master and slave models, and to ensure that the error model is globally asymptotically stable. Numerical examples and simulations are presented to indicate the effectiveness of the proposed method. Besides that, an image encryption algorithm is proposed based on the piecewise linear chaotic map and the chaotic inertial neural network. The chaotic signals obtained from the inertial neural network are utilized for the encryption process. Statistical analyses are provided to evaluate the effectiveness of the proposed encryption algorithm. The results ascertain that the proposed encryption algorithm is efficient and reliable for secure communication applications.
TL;DR: A method for distributing encryption keys in a quantum network surpasses current limits and is immune to all detection attacks, potentially offering a new standard for future implementations of quantum key distribution as mentioned in this paper.
Abstract: A method for distributing encryption keys in a quantum network surpasses current limits and is immune to all detection attacks, potentially offering a new standard for future implementations of quantum key distribution.
TL;DR: This paper proposes a fast probabilistic and lightweight algorithm for the encryption of keyframes prior to transmission, considering the memory and processing requirements of constrained devices that increase its suitability for IoT systems.
Abstract: This paper proposes a secure surveillance framework for Internet of things (IoT) systems by intelligent integration of video summarization and image encryption. First, an efficient video summarization method is used to extract the informative frames using the processing capabilities of visual sensors. When an event is detected from keyframes, an alert is sent to the concerned authority autonomously. As the final decision about an event mainly depends on the extracted keyframes, their modification during transmission by attackers can result in severe losses. To tackle this issue, we propose a fast probabilistic and lightweight algorithm for the encryption of keyframes prior to transmission, considering the memory and processing requirements of constrained devices that increase its suitability for IoT systems. Our experimental results verify the effectiveness of the proposed method in terms of robustness, execution time, and security compared to other image encryption algorithms. Furthermore, our framework can reduce the bandwidth, storage, transmission cost, and the time required for analysts to browse large volumes of surveillance data and make decisions about abnormal events, such as suspicious activity detection and fire detection in surveillance applications.
TL;DR: A novel four-image encryption scheme based on the quaternion Fresnel transforms (QFST), computer generated hologram and the two-dimensional Logistic-adjusted-Sine map (LASM) is presented and the validity of the proposed image encryption technique is demonstrated.
Abstract: A novel four-image encryption scheme based on the quaternion Fresnel transforms (QFST), computer generated hologram and the two-dimensional (2D) Logistic-adjusted-Sine map (LASM) is presented. To treat the four images in a holistic manner, two types of the quaternion Fresnel transform (QFST) are defined and the corresponding calculation method for a quaternion matrix is derived. In the proposed method, the four original images, which are represented by quaternion algebra, are processed holistically in a vector manner by using QFST first. Then the input complex amplitude, which is constructed by the components of the QFST-transformed plaintext images, is encoded by Fresnel transform with two virtual independent random phase masks (RPM). In order to avoid sending entire RPMs to the receiver side for decryption, the RPMs are generated by utilizing 2D–LASM, which results that the amount of the key data is reduced dramatically. Subsequently, by using Burch’s method and the phase-shifting interferometry, the encrypted computer generated hologram is fabricated. To improve the security and weaken the correlation, the encrypted hologram is scrambled base on 2D–LASM. Experiments demonstrate the validity of the proposed image encryption technique.
29 Apr 2018
TL;DR: In this article, the authors presented a protocol that uses semi-homomorphic (addition-only) encryption for MASCOT and showed that it is more efficient in practice than the one used in the original work by Damgard et al.
Abstract: SPDZ denotes a multiparty computation scheme in the preprocessing model based on somewhat homomorphic encryption (SHE) in the form of BGV. At CCS ’16, Keller et al. presented MASCOT, a replacement of the preprocessing phase using oblivious transfer instead of SHE, improving by two orders of magnitude on the SPDZ implementation by Damgard et al. (ESORICS ’13). In this work, we show that using SHE is faster than MASCOT in many aspects:
1.
We present a protocol that uses semi-homomorphic (addition-only) encryption. For two parties, our BGV-based implementation is six times faster than MASCOT on a LAN and 20 times faster in a WAN setting. The latter is roughly the reduction in communication.
2.
We show that using the proof of knowledge in the original work by Damgard et al. (Crypto ’12) is more efficient in practice than the one used in the implementation mentioned above by about one order of magnitude.
3.
We present an improvement to the verification of the aforementioned proof of knowledge that increases the performance with a growing number of parties, doubling it for 16 parties.
TL;DR: Experimental results and security analysis show that the presented encryption algorithm has a good encryption effect and can resist various typical attacks.
TL;DR: A thorough security analysis of a chaotic image encryption algorithm based on autoblocking and electrocardiography from the view point of modern cryptography finds it is vulnerable to the known plaintext attack.
Abstract: This paper performs a thorough security analysis of a chaotic image encryption algorithm based on autoblocking and electrocardiography from the view point of modern cryptography. The algorithm uses electrocardiography (ECG) signals to generate the initial key for a chaotic system and applies an autoblocking method to divide a plain image into blocks of certain sizes suitable for subsequent encryption. The designers claimed that the proposed algorithm is “strong and flexible enough for practical applications”. We find it is vulnerable to the known plaintext attack: based on one pair of a known plain-image and its corresponding cipher-image, an adversary is able to derive a mask image, which can be used as an equivalent secret key to successfully decrypt other cipher images encrypted under the same key with a non-negligible probability of 1/256. Using this as a typical counterexample, we summarize some security defects existing in many image encryption algorithms.
TL;DR: This paper focuses on enabling data sharing and storage for the same group in the cloud with high security and efficiency in an anonymous manner by leveraging the key agreement and the group signature to support anonymous multiple users in public clouds.
Abstract: Group data sharing in cloud environments has become a hot topic in recent decades. With the popularity of cloud computing, how to achieve secure and efficient data sharing in cloud environments is an urgent problem to be solved. In addition, how to achieve both anonymity and traceability is also a challenge in the cloud for data sharing. This paper focuses on enabling data sharing and storage for the same group in the cloud with high security and efficiency in an anonymous manner. By leveraging the key agreement and the group signature, a novel traceable group data sharing scheme is proposed to support anonymous multiple users in public clouds. On the one hand, group members can communicate anonymously with respect to the group signature, and the real identities of members can be traced if necessary. On the other hand, a common conference key is derived based on the key agreement to enable group members to share and store their data securely. Note that a symmetric balanced incomplete block design is utilized for key generation, which substantially reduces the burden on members to derive a common conference key. Both theoretical and experimental analyses demonstrate that the proposed scheme is secure and efficient for group data sharing in cloud computing.
TL;DR: Two integrated chaotic systems are proposed, which conduct cascade, nonlinear combination, and switch operations to three basic 1D chaotic maps to generate new structures to improve the randomicity behaviors of some existing chaotic maps.
TL;DR: The proposed checklist is thought to be a good starting point for researchers who are considering to work in chaos-based cryptography and actually not as secure as they are expressed although these algorithms do pass several statistical and randomness tests.
Abstract: Chaos-based cryptology has become one of the most common design techniques to design new encryption algorithms in the last two decades. However, many proposals have been observed to be weak against simple known attacks. However, security of proposals cannot be proved. An analysis roadmap is needed for the security analysis of new proposals. This study aims to address this shortcoming. Analysis and test results show that many chaos-based image encryption algorithms previously published in the nonlinear dynamics are actually not as secure as they are expressed although these algorithms do pass several statistical and randomness tests. A checklist has been proposed to solve these problems. The applications of the proposed checklist have been shown for different algorithms. The proposed checklist is thought to be a good starting point for researchers who are considering to work in chaos-based cryptography.
TL;DR: Simulate test and comparative analysis show that the proposed image cryptosystem has the characteristics of large key space, fast encryption/decryption speed, high sensitivity, good statistical properties of cipher-text, and etc.
20 Oct 2018
TL;DR: This paper provides the key insight that randomized mapping can be accomplished efficiently by accessing the cache with an encrypted address, as encryption would cause the lines that map to the same set of a conventional cache to get scattered to different sets.
Abstract: Modern processors share the last-level cache between all the cores to efficiently utilize the cache space. Unfortunately, such sharing makes the cache vulnerable to attacks whereby an adversary can infer the access pattern of a co-running application by carefully orchestrating evictions using cache conflicts. Conflict-based attacks can be mitigated by randomizing the location of the lines in the cache. Unfortunately, prior proposals for randomized mapping require storage-intensive tables and are effective only if the OS can classify the applications into protected and unprotected groups. The goal of this paper is to mitigate conflict-based attacks while incurring negligible storage and performance overheads, and without relying on OS support. This paper provides the key insight that randomized mapping can be accomplished efficiently by accessing the cache with an encrypted address, as encryption would cause the lines that map to the same set of a conventional cache to get scattered to different sets. This paper proposes CEASE, a design that uses Low-Latency Block-Cipher (LLBC) to translate the physical line-address into an encrypted line-address, and accesses the cache with this encrypted line-address. We analyze efficient designs for LLBC that can perform encryption and decryption within two cycles. We also propose CEASER, a design that periodically changes the encryption key and performs dynamic-remapping to improve robustness. CEASER provides strong security (tolerates 100+ years of attack), has low performance overhead (1% slowdown), requires a storage overhead of less than 24 bytes for the newly added structures, and does not need any OS support.