Showing papers on "Message authentication code published in 2013"

Message-Locked Encryption and Secure Deduplication

Abstract: We formalize a new cryptographic primitive that we call Message-Locked Encryption (MLE), where the key under which encryption and decryption are performed is itself derived from the message. MLE provides a way to achieve secure deduplication (space-efficient secure outsourced storage), a goal currently targeted by numerous cloudstorage providers. We provide definitions both for privacy and for a form of integrity that we call tag consistency. Based on this foundation, we make both practical and theoretical contributions. On the practical side, we provide ROM security analyses of a natural family of MLE schemes that includes deployed schemes. On the theoretical side the challenge is standard model solutions, and we make connections with deterministic encryption, hash functions secure on correlated inputs and the sample-then-extract paradigm to deliver schemes under different assumptions and for different classes of message sources. Our work shows that MLE is a primitive of both practical and theoretical interest.

User-convenient authentication method and apparatus using a mobile authentication application

Abstract: Methods, apparatus, and systems for securing application interactions are disclosed. Application interactions may be secured by, at a user authentication device, capturing a signal emitted by an access device encoded with an authentication initiating message including an application identifier, decoding the signal and obtaining the authentication initiating message, retrieving the application identifier, presenting a human interpretable representation of the application identity to the user, obtaining user approval to generate a response message available to a verification server, generating a dynamic security value using a cryptographic algorithm that is cryptographically linked to the application identity, and generating a response message including the generated dynamic security value; making the response message available to a verification server; and, at the verification server, receiving the response message, verifying the response message including verifying the validity of the dynamic security value, and communicating the result of the verification of the response message to the application.

EMAP: Expedite Message Authentication Protocol for Vehicular Ad Hoc Networks

Abstract: Vehicular ad hoc networks (VANETs) adopt the Public Key Infrastructure (PKI) and Certificate Revocation Lists (CRLs) for their security. In any PKI system, the authentication of a received message is performed by checking if the certificate of the sender is included in the current CRL, and verifying the authenticity of the certificate and signature of the sender. In this paper, we propose an Expedite Message Authentication Protocol (EMAP) for VANETs, which replaces the time-consuming CRL checking process by an efficient revocation checking process. The revocation check process in EMAP uses a keyed Hash Message Authentication Code ({HMAC}), where the key used in calculating the {HMAC} is shared only between nonrevoked On-Board Units (OBUs). In addition, EMAP uses a novel probabilistic key distribution, which enables nonrevoked OBUs to securely share and update a secret key. EMAP can significantly decrease the message loss ratio due to the message verification delay compared with the conventional authentication methods employing CRL. By conducting security analysis and performance evaluation, EMAP is demonstrated to be secure and efficient.

Storing Shared Data on the Cloud via Security-Mediator

Abstract: Nowadays, many organizations outsource data storage to the cloud such that a member (owner) of an organization can easily share data with other members (users). Due to the existence of security concerns in the cloud, both owners and users are suggested to verify the integrity of cloud data with Provable Data Possession (PDP) before further utilization on data. However, previous methods either unnecessarily reveal the identity of a data owner to the untrusted cloud or any public verifiers, or introduce significant overheads on verification metadata to preserve anonymity. In this paper, we propose a simple and efficient publicly verifiable approach to ensure cloud data integrity without sacrificing the anonymity of data owners nor requiring significant verification metadata. Specifically, we introduce a security-mediator (SEM), which is able to generate verification metadata (i.e., signatures) on outsourced data for data owners. Our approach decouples the anonymity protection mechanism from the PDP. Thus, an organization can employ its own anonymous authentication mechanism, and the cloud is oblivious to that since it only deals with typical PDP-metadata, Consequently, there is no extra storage overhead when compared with existing non-anonymous PDP solutions. The distinctive features of our scheme also include data privacy, such that the SEM does not learn anything about the data to be uploaded to the cloud at all, which is able to minimize the requirement of trust on the SEM. In addition, we can also extend our scheme to work with the multi-SEM model, which can avoid the potential single point of failure existing in the single-SEM scenario. Security analyses prove our scheme is secure, and experiment results demonstrate our scheme is efficient.

Achieving Efficient Cooperative Message Authentication in Vehicular Ad Hoc Networks

Abstract: Recently, vehicular ad hoc networks (VANETs) have emerged as a promising approach to increasing road safety and efficiency, as well as improving the driving experience. This can be accomplished in a variety of applications that involve communication between vehicles, such as warning other vehicles about emergency braking; however, if we do not take security and privacy issues into consideration, the attractive features of VANETs will inevitably result in higher risks for abuse, even before the wide deployment of such networks. While message authentication is a common tool for ensuring information reliability, namely, data integrity and authenticity, it faces a challenge in VANETs. When the number of messages that are received by a vehicle becomes large, traditional exhaustive (or per-message) authentication may generate unaffordable computational overhead on the vehicle and therefore bring unacceptable delay to time-critical applications, such as accident warning. In this paper, we propose an efficient cooperative authentication scheme for VANETs. To reduce the authentication overhead on individual vehicles and shorten the authentication delay, this scheme maximally eliminates redundant authentication efforts on the same message by different vehicles. To further resist various attacks, including free-riding attacks that are launched by selfish vehicles, and encourage cooperation, the scheme uses an evidence-token approach to controlling the authentication workload, without the direct involvement of a trusted authority (TA). When a vehicle passes a roadside unit (RSU), the vehicle obtains an evidence token from the TA via the RSU. This token reflects the contribution that the vehicle has made to cooperative authentication in the past, which enables the vehicle to proportionally benefit from other vehicles' authentication efforts in the future and thus reduce its own workload. Through extensive simulation, we evaluate the proposed cooperative authentication scheme in terms of workload savings and the ability to resist free-riding attacks.

Protected resource access control utilizing credentials based on message authentication codes and hash chain values

Abstract: A processing device comprises a processor coupled to a memory and is configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to generate a credential for a particular access control interval based at least in part on the message authentication code and an intermediate value of a hash chain, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. The message authentication code may be generated over a message payload that includes a password provided by the user. The credential may comprise a combination of the message authentication code and the intermediate value of the hash chain.

BANA: Body Area Network Authentication Exploiting Channel Characteristics

Abstract: In wireless body area network (BAN), node authentication is essential for trustworthy and reliable gathering of patient's critical health information. Traditional authentication solutions depend on prior trust among nodes whose establishment would require either key pre-distribution or non-intuitive participation by inexperienced users. Most existing non-cryptographic authentication schemes require advanced hardware or significant modifications to the system software, which are impractical for BANs. In this paper, for the first time, we propose a lightweight body area network authentication scheme BANA. Different from previous work, BANA does not depend on prior-trust among nodes and can be efficiently realized on commercial off-the-shelf low-end sensors. We achieve this by exploiting a unique physical layer characteristic naturally arising from the multi-path environment surrounding a BAN, i.e., the distinct received signal strength (RSS) variation behaviors among on-body channels and between on-body and off-body communication channels. Based on distinct RSS variations, BANA adopts clustering analysis to differentiate the signals from an attacker and a legitimate node. We also make use of multi-hop on-body channel characteristics to enhance the robustness of our authentication mechanism. The effectiveness of BANA is validated through extensive real-world experiments under various scenarios. It is shown that BANA can accurately identify multiple attackers with minimal amount of overhead.

Quantum-Secure Message Authentication Codes

Abstract: We construct the first Message Authentication Codes (MACs) that are existentially unforgeable against a quantum chosen message attack. These chosen message attacks model a quantum adversary’s ability to obtain the MAC on a superposition of messages of its choice. We begin by showing that a quantum secure PRF is sufficient for constructing a quantum secure MAC, a fact that is considerably harder to prove than its classical analogue. Next, we show that a variant of Carter-Wegman MACs can be proven to be quantum secure. Unlike the classical settings, we present an attack showing that a pair-wise independent hash family is insufficient to construct a quantum secure one-time MAC, but we prove that a four-wise independent family is sufficient for one-time security.

A beacon-based trust management system for enhancing user centric location privacy in VANETs

Abstract: In recent years, more and more researches have been focusing on trust management of vehicle ad-hoc networks (VANETs) for improving the safety of vehicles However, in these researches, little attention has been paid to the location privacy due to the natural conflict between trust and anonymity, which is the basic protection of privacy Although traffic safety remains the most crucial issue in VANETs, location privacy can be just as important for drivers, and neither can be ignored In this paper, we propose a beacon-based trust management system, called BTM, that aims to thwart internal attackers from sending false messages in privacy-enhanced VANETs To evaluate the reliability and performance of the proposed system, we conducted a set of simulations under alteration attacks, bogus message attacks, and message suppression attacks The simulation results show that the proposed system is highly resilient to adversarial attacks, whether it is under a fixed silent period or random silent period location privacy-enhancement scheme

An efficient security protocol for advanced metering infrastructure in smart grid

Abstract: In this article, we present a security protocol for advanced metering infrastructure in smart grid. We consider various security vulnerabilities of deploying AMI, and explore the issues related to confidentiality for user privacy and behavior as well as message authentication for meter reading and control messages. After surveying the existing security solutions in this area, we propose a new protocol, Integrated Authentication and Confidentiality (IAC), to provide efficient secure AMI communications in smart grid. With the help of IAC, an AMI system can provide trust services, data privacy, and integrity by mutual authentications whenever a new smart meter initiates and joins the smart grid AMI network. Data integrity and confidentiality are fulfilled through message authentication and encryption services, using the corresponding keys established in mutual authentications. Simulation and analytical results show that the proposed IAC protocol has better performance in terms of end-to-end delay and packet loss than a basic security scheme. Additionally, it can also facilitate efficient secure data collection and control message delivery between smart meters and a local collector for AMI communications in a smart grid.

Toward Mobile Authentication with Keystroke Dynamics on Mobile Phones and Tablets

Abstract: Security and protection of personal data are becoming more and more important. At the same time, we see a steady rise of very powerful mobile devices like smartphones and tablets. These devices offer most capabilities of desktop computers. Even today, they are often used for storing or accessing individual data. In the near future, it is obviously desirable to use their Internet capability to access private data or even business intra-nets from everywhere. Therefore, new security mechanisms must be designed. In this paper, we only focus on the authentication part (and ignore OS and network issues). Traditional methods for authentication (like smartcards or face recognition) may not be used in every context because of hardware and environment limitations (dark environments or camera restrictions in business). Therefore, we suggest to develop a mixture of a keystroke-based and a handwriting-based authentication method using capacitive displays. In this paper, we will briefly discuss limitations of existing approaches and why we believe that keystroke and handwriting authentication is a possible way for improving the security on mobile devices. First experiments will demonstrate the effectivity of this new approach with error rates under 2%.

Security-aware mapping for CAN-based real-time distributed automotive systems

Abstract: Cyber-security is a rising issue for automotive electronic systems, and it is critical to system safety and dependability. Current in-vehicles architectures, such as those based on the Controller Area Network (CAN), do not provide direct support for secure communications. When retrofitting these architectures with security mechanisms, a major challenge is to ensure that system safety will not be hindered, given the limited computation and communication resources. We apply Message Authentication Codes (MACs) to protect against masquerade and replay attacks on CAN networks, and propose an optimal Mixed Integer Linear Programming (MILP) formulation for solving the mapping problem from a functional model to the CAN-based platform while meeting both the security and the safety requirements. We also develop an efficient heuristic for the mapping problem under security and safety constraints. To the best of our knowledge, this is the first work to address security and safety in an integrated formulation in the design automation of automotive electronic systems. Experimental results of an industrial case study show the effectiveness of our approach.

A biometric-based security for data authentication in Wireless Body Area Network (WBAN)

Abstract: The empowerment in wireless communication technologies and sensors have developed the Wireless Body Area Network (WBAN). In the past few years, many researchers have been focusing on building system architecture of health monitoring to improve the technical requirement specifically designed for WBAN. Less research was found in providing the strong security system. As part of communication medium, WBAN faced various security issues such as loss of data, authentication and access control. Implementing high security system leads to inconsistency in computational performance. It is recommended that the security system for WBAN must be implemented with low computational complexity and high power efficiency. None of previous researches successfully identified solution to the above problem. This study explores the use of biometric characteristics in securing data communication within WBAN and reducing computational complexity as well as power efficiency. Hybrid authentication model is used as a conceptual framework for the system. Precisely, the proposed framework requires a unique feature of human body regarded as the authentication identity, while the other techniques use hardware and software to achieve the same purpose. In addition, an authentication process is provided by using this unique feature of the body as a key to develop a security system under the resource-constrained of WBAN sensor challenges.

WAKE: Key management scheme for wide-area measurement systems in smart grid

Abstract: A wide-area measurement system (WAMS) is a system that provides a time-synchronized view of electrical conditions over a large geographical area, thereby enhancing the situational awareness of the energy management system of a power grid. With this enhanced situational awareness, utilities would be able to react promptly to contingencies, and prevent large-scale blackouts. To secure WAMS communications, we propose WAMS key management (WAKE), a comprehensive key management scheme targeting a concrete set of security objectives derived from NIST's security impact level ratings. For security objectives involving unicast, WAKE employs industry- standard security protocols. For security objectives involving multicast, we show the scheme standardized by the IEC is inadequate, and identify multicast authentication as a requirement. We investigate two recent multicast authentication schemes designed for power grid communications: TV-HORS and tunable signing and verification (TSV), which supposedly improves on TV-HORS. We show that TSV is vulnerable, and propose a patched version of TSV called TSV+. Systematic comparison of TV-HORS and TSV+ shows that TV-HORS provides significantly more efficient signing and verification for the same security level at the expense of signature size. Consequently, TV-HORS is chosen as part of WAKE for multicast authentication.

A Cross-Layer Approach to Privacy-Preserving Authentication in WAVE-Enabled VANETs

Abstract: We present an anonymous authentication and verification scheme for the IEEE Wireless Access in Vehicular Communications (WAVE)-based vehicular ad hoc networks (VANETs). Our contribution includes vehicular message authentication and an efficient prioritized verification strategy for periodic road safety messages. A variation of elliptic curve digital signature algorithm (ECDSA) is used in combination with the identity-based (ID-based) signature, where current position information on a vehicle is utilized as the ID of the corresponding vehicle. This waives the need for a third-party public key certificate for message authentication in VANETs. A high-density road traffic condition poses a challenge for authentication of vehicular messages since the required verification time is often much longer than the average interarrival time. To mitigate the issue, messages of each traffic class are verified following the VANET's medium access control (MAC) layer priorities and the application relevance of individual safety messages. Performance analysis and simulation results have shown that our approach is secure, privacy preserving, scalable, and resource efficient.

Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol

Abstract: Traditionally supervisory control and data acquisition (SCADA) networks were physically isolated, providing some inherent level of security; yet, as these networks slowly converged with both corporate intranets and the Internet, their security continually eroded. The gradual evolution of SCADA systems has introduced many novel and previously unknown security risks. During the advent of SCADA technologies, a heavy focus was put on providing system robustness, safety, and reliability. Because of this, widely deployed SCADA protocols like Modbus and DNP3 provide no inherent security controls. In this paper, we will propose a novel Modbus alternative capable of providing secure, backward-compatible Modbus message transmission using stream control transmission protocol and hash-based message authentication code technologies. This proposed protocol improvement ensures the availability and integrity of Modbus messages while providing a robust and secure mutual authentication mechanism. Improvements upon the legacy Modbus protocol aim to mitigate common SCADA protocol attack vectors.

Physical layer assist authentication technique for smart meter system

Abstract: The study introduces the novel message authentication schemes for the smart meter system, where the symmetric cryptography-based physical layer-assisted message authentication (PLAA) scheme and the public key infrastructure- based PLAA scheme are introduced. The proposed schemes integrate the conventional message authentication schemes and the physical layer authentication mechanisms by taking advantage of temporal and spatial uniqueness in physical layer channel responses, aiming to achieve fast authentication while minimising the packet transmission overhead. The authors also verify their claims through extensive analysis and simulation via comparing with proposed PLAA scheme with traditional upper layer authentication schemes. The proposed novel schemes yield the lower time delay for authenticating each message, which can satisfy the requirement of the real-time control over the smart grid.

Hardware Implementation of a Digital Watermarking System for Video Authentication

Abstract: This paper presents a hardware implementation of a digital watermarking system that can insert invisible, semifragile watermark information into compressed video streams in real time. The watermark embedding is processed in the discrete cosine transform domain. To achieve high performance, the proposed system architecture employs pipeline structure and uses parallelism. Hardware implementation using field programmable gate array has been done, and an experiment was carried out using a custom versatile breadboard for overall performance evaluation. Experimental results show that a hardware-based video authentication system using this watermarking technique features minimum video quality degradation and can withstand certain potential attacks, i.e., cover-up attacks, cropping, and segment removal on video sequences. Furthermore, the proposed hardware-based watermarking system features low power consumption, low cost implementation, high processing speed, and reliability.

LGTH: A lightweight group authentication protocol for machine-type communication in LTE networks

Abstract: Supporting a massive number of machine-type communication (MTC) devices has been considered as an essential requirement in machine to machine (M2M) communications. Meanwhile, cyber security is of paramount importance in MTC; if MTC devices cannot securely access the networks through efficient authentication, all applications involving MTC cannot be widely accepted. One of research challenges in MTC is group authentication. A large number of MTC devices accessing the network simultaneously will cause a severe authentication signaling congestion. To solve this problem and reduce authentication overhead of the previous schemes based on public key cryptosystems, we propose a novel lightweight group authentication protocol for MTC in the long term evolution (LTE) networks based on aggregate message authentication codes (MACs), called LGTH, which can not only authenticate all MTC devices simultaneously, but also minimize the authentication overhead. Through security analysis, we conclude that the proposed LGTH can provide robust security, and avoid the authentication signaling congestion in the LTE networks. In addition, performance evaluations in terms of communication and computation overhead demonstrate that LGTH is more efficient than previous schemes.

SoK: Lessons Learned from SSL/TLS Attacks

Abstract: Since its introduction in 1994 the Secure Socket Layer (SSL) protocol (later renamed to Transport Layer Security (TLS)) evolved to the de facto standard for securing the transport layer. SSL/TLS can be used for ensuring data confidentiality, integrity and authenticity during transport. A main feature of the protocol is flexibility: Modes of operation and security aims can easily be configured through different cipher suites. However, during the evolutionary development several flaws were found. This paper presents an overview on theoretical and practical attacks of the last 17 years, in chronological order and four categories: Attacks on the Handshake protocol, on the Record and Application Data Protocols, on the PKI infrastructure and various other attacks. We try to give a short "Lesson(s) Learned" at the end of each paragraph.

Optimal Coding for Streaming Authentication and Interactive Communication

Abstract: Error correction and message authentication are well studied in the literature, and various efficient solutions have been suggested and analyzed. This is however not the case for data streams in which the message is very long, possibly infinite, and not known in advance to the sender. Trivial solutions for error-correcting and authenticating data streams either suffer from a long delay at the receiver’s end or cannot perform well when the communication channel is noisy.

Verifiable Privacy-Preserving Aggregation in People-Centric Urban Sensing Systems

Abstract: People-centric urban sensing systems (PC-USSs) refer to using human-carried mobile devices such as smartphones and tablets for urban-scale distributed data collection, analysis, and sharing to facilitate interaction between humans and their surrounding environments. A main obstacle to the widespread deployment and adoption of PC-USSs are the privacy concerns of participating individuals as well as the concerns about data integrity. To tackle this open challenge, this paper presents the design and evaluation of VPA, a novel peer-to-peer based solution to verifiable privacy-preserving data aggregation in PC-USSs. VPA achieves strong user privacy by letting each user exchange random shares of its datum with other peers, while at the same time ensures data integrity through a combination of Trusted Platform Module and homomorphic message authentication code. VPA can support a wide range of statistical additive and non-additive aggregation functions such as Sum, Average, Variance, Count, Max/Min, Median, Histogram, and Percentile with accurate aggregation results. The efficacy and efficiency of VPA are confirmed by thorough analytical and simulation results.

Wireless local area network security communication method based on quantum key distribution

Abstract: The invention provides a wireless local area network security communication method based on quantum key distribution. The method comprises the following steps that: (1) identity authentication based on quantum keys is carried out; (2) quantum key negotiation is carried out; and (3) encryption is started. With the method of the invention adopted, information exchange between a faked access point and an applicant, the waste of system resources or a caused denial of service attack can be can avoided; bidirectional authentication between the applicant and an authentication server as well as between the applicant and an authenticator can be realized, and therefore, the security of the identity authentication is greatly improved; keys produced in the identity authentication can be adopted to protect message authentication in key negotiation, and therefore, attacks such as the tamper of a intermediary can be prevented; the security of key negotiation based on quantum technology is guaranteed by physical laws, and therefore, the key negotiation based on quantum technology has undecodability, and can withstand the decoding of a quantum computer with strong computational ability, and therefore, the security of a whole system can be enhanced.

On Symmetric Encryption with Distinguishable Decryption Failures

Abstract: We propose to relax the assumption that decryption failures are indistinguishable in security models for symmetric encryption. Our main purpose is to build models that better reflect the reality of cryptographic implementations, and to surface the security issues that arise from doing so. We systematically explore the consequences of this relaxation, with some surprising consequences for our understanding of this basic cryptographic primitive. Our results should be useful to practitioners who wish to build accurate models of their implementations and then analyse them. They should also be of value to more theoretical cryptographers proposing new encryption schemes, who, in an ideal world, would be compelled by this work to consider the possibility that their schemes might leak more than simple decryption failures.

Cooperative Message Authentication in Vehicular Cyber-Physical Systems

Abstract: The vehicular ad hoc network presents a very complex cyber-physical system with intricate interplay between the physical and cyber domains. In the physical domain, vehicles need to frequently broadcast their geographic information. The safety message broadcasting in an area with a high density of vehicles tends to incur a large data traffic rate that should be properly processed in the cyber domain. In this paper, we address the issue of large computation overhead caused by the safety message authentication. Especially, a cooperative message authentication protocol (CMAP) is developed to alleviate vehicles' computation burden. With CMAP, all the vehicles share their verification results with each other in a cooperative way, so that the number of safety messages that each vehicle needs to verify reduces significantly. Furthermore, we study the verifier selection algorithms for a high detection rate of invalid messages in a practical 2-D road scenario. Another important contribution in this paper is that we develop an analytical model for CMAP and the existing probabilistic verification protocol , considering the hidden terminal impact. Simulation results over a practical map are presented to demonstrate the performance of the proposed CMAP with comparison to the existing method.

Security in Wireless Sensor Networks

Abstract: As wireless sensor networks edge closer towards wide-spread deployment, security issues become a central concern. However, the more challenging it becomes to fit the security of WSN into that constrained environment including very limited energy resources, low abilities to resist physical attacks, and lack of feedback mechanisms for abnormal cases off-line. Thus the research of security issues in WSN is very important. The intent of this chapter is to investigate the security related issues in wireless sensor networks. Firstly, the security architecture of sensor networks is proposed, trying to outline a general illustration on this area. Then, the following four aspects are investigated. (1) The cryptographic mechanisms. (2) Various keying mechanisms for the key management issue. (3) A panoramic view and detailed analysis of the trust management. (4) A set of effective strategies based on protecting location privacy.

Analysis of secured video steganography using computer forensics technique for enhance data security

Abstract: Steganography is used to hide the messages inside other harmless messages in a way that does not allow any enemy to even sense that there is a second secret message present while the purpose of computer forensics is that it provides security from covert communication dealing with digital data and covert communication channel. In this paper we used video as cover media for hiding the secret message and used computer forensics as tool for authentication. Our aim is to hide an image and text behind a video file. Suitable algorithm such as 1LSB, 2LSB, 4LSB is used and 4LSB method found to be good for hiding more secret information data. This paper deals with the idea of video steganography, cryptography and the use of computer forensic techniques in both investigative and security manner.

Survey and comparison of message authentication solutions on wireless sensor networks

Abstract: Security is an important concern in any modern network. This also applies to Wireless Sensor Networks (WSNs), especially those used in applications that monitor sensitive information (e.g., health care applications). However, the highly constrained nature of sensors imposes a difficult challenge: their reduced availability of memory, processing power and energy hinders the deployment of many modern cryptographic algorithms considered secure. For this reason, the choice of the most memory-, processing- and energy-efficient security solutions is of vital importance in WSNs. To date, a number of extensive analyses comparing different encryption algorithms and key management schemes have been developed, while very little attention has been given to message authentication solutions. In this paper, aiming to close this gap, we identify cipher-based Message Authentication Codes (MACs) and Authenticated Encryption with Associated Data (AEAD) schemes suitable for WSNs and then evaluate their features and performance on a real platform (TelosB). As a result of this analysis, we identify the recommended choices depending on the characteristics of the target network and available hardware.