Showing papers on "Message authentication code published in 2022"

PLVA: Privacy-Preserving and Lightweight V2I Authentication Protocol

Abstract: Vehicular ad hoc networks (VANETs) significantly improves the efficiency and safety of driving since it reduces traffic jams and avoiding accidents, in which the necessary security goals are guaranteed using cryptographic method. In reality, the computation efficiency is very important in implementing the protocol in VANETs. When a vehicle with high speed enters in the coverage of a roadside unit (RSU), the computation overhead of authentication not only affects the communication experience, but also downgrades the driving safety. The feasible solution is to share a message in advance between vehicle and RSU with the help of certification authority (CA), however, CA can deduce the vehicle’s route that should be privacy. In this paper, a privacy-preserving and lightweight V2I authentication (PLVA) protocol is proposed. Specifically, in the beginning phase, all roadside units in a region are converted to a vector using the Moore curve technique, then, a vehicle deduces the RSUs’ information on its planning route using BGN homomorphic encryption before the vehicle begins its trip, meanwhile, CA knows nothing about the route plan although it assists the above process. With the deduced RSUs’ information, fast authentication is achieved between vehicle and each RSU on its route. Moreover, performance evaluation illustrates that our PLVA is efficient in practical VANETs environment.

CyberChain: Cybertwin Empowered Blockchain for Lightweight and Privacy-Preserving Authentication in Internet of Vehicles

Abstract: Internet of Vehicles (IoVs) presents promising opportunities for vehicle to everything (V2X) applications, wherein authentication acts as the cornerstone to realize trustworthy vehicular context and to support advanced applications. However, existing authentication schemes mainly depend on centralized servers with both security and privacy issues. In this paper, we propose a CyberTwin (CT) empowered blockchain framework for authentication, namely CyberChain, to reduce both the communication and storage cost while maintaining vehicular privacy. By designing a blockchain system in the cyberspace, we decouple the consensus process from the physical world, so that the operation cost of blockchain can be reduced. A Privacy-Preserving Parallel Pedersen Commitment (P4C) algorithm is designed to protect the privacy of vehicles and accelerate the authentication process. To further enhance the operation efficiency of CyberChain, we propose a Diffused Practical Byzantine Fault Tolerance (DPBFT) mechanism to reach consensus in the cyberspace that can reduce consensus latency. The proposed cyberchain framework and the associated mechanisms are evaluated by qualitative analysis and simulations. The evaluation results demonstrated that the proposed cyberchain based framework significantly improves the authentication performance in terms of authentication latency, privacy, communication overhead and storage cost.

DRiVe: Detecting Malicious Roadside Units in the Internet of Vehicles With Low Latency Data Integrity

Abstract: The Internet of Vehicles (IoV) may enhance road safety, improve traffic flow, etc. However, Internet-connected intelligent vehicles (IVs) are vulnerable to cyber-attacks. One of the important challenges in IoV is thus, verifying data integrity with strict latency requirements. The conventional way of providing data integrity in the Internet cannot be applied to IoV due to excessive overhead and latency. Therefore, most commercially available IVs do not use any security mechanisms for delay-sensitive traffic. However, if a road side unit (RSU) has been compromised, it can tamper with the data sent or received by IVs. To solve this issue, this article presents a light-weight mechanism called DRiVe to establish data integrity for the IVs and detect malicious RSUs. The DRiVe is based on a probabilistic model to identify malicious RSUs using specially constructed authentication techniques. The authentication parameters are only sent when a vehicle leaves the coverage area of one RSU and enters that of another. DRiVe does not employ any computationally intensive cryptographic primitives. This significantly reduces the security overhead introduced by sending message authentication codes (MACs) with each packet. A security and performance analysis shows that DRiVe can not only identify malicious RSUs effectively but can do so without introducing any significant communication overhead or latency. The proposed scheme reduces the number of bits transmitted by approximately 7% and decreases the latency incurred by 7.5%. For the scenario where malicious vehicles are present, the proposed scheme achieves a probability of detection close to 99%.

An Authentication Mechanism for Remote Keyless Entry Systems in Cars to Prevent Replay and RollJam Attacks

Abstract: Modern cars come with Keyless Entry Systems that can be either Remote Keyless Entry (RKE) systems or Passive Keyless Entry and Start (PKES) systems. In the initial versions of RKE implementation, fixed code was used by the key fob to unlock the car door. However, this method is vulnerable to replay attacks as an adversary may capture and replay the same code later to unlock the car. A rolling code system was introduced to protect RKE systems from such replay attacks. Studies have shown that even the rolling code system is vulnerable to certain attacks. In this work, we investigate the attacks possible on RKE systems and propose an efficient and effective authentication mechanism to defend RKE systems against such attacks with minimal changes to the existing RKE system. The proposed mechanism makes use of hashing and asymmetric cryptographic techniques for the secure transmission of signals from the key fob to the car that cannot be replayed. The security of the proposed mechanism is shown using informal security proof and simulation of the proposed solution is also provided.

A Low-Overhead Message Authentication and Secure Message Dissemination Scheme for VANETs

Abstract: Given the enormous interest shown by customers as well as industry in autonomous vehicles, the concept of Internet of Vehicles (IoV) has evolved from Vehicular Ad hoc NETworks (VANETs). VANETs are likely to play an important role in Intelligent Transportation Systems (ITS). VANETs based on fixed infrastructures, called Road Side Units (RSUs), have been extensively studied. Efficient, authenticated message dissemination in VANETs is important for the timely delivery of authentic messages to vehicles in appropriate regions in the VANET. Many of the approaches proposed in the literature use RSUs to collect events (such as accidents, weather conditions, etc.) observed by vehicles in its region, authenticate them, and disseminate them to vehicles in appropriate regions. However, as the number of messages received by RSUs increases in the network, the computation and communication overhead for RSUs related to message authentication and dissemination also increases. We address this issue and propose a low-overhead message authentication and dissemination scheme in this paper. We compare the overhead, related to authentication and message dissemination, of our approach with an existing approach and also present an analysis of privacy and security implications of our approach.

Masked Symmetric Key Encrypted Verification Codes for Secure Authentication in Smart Grid Networks

Abstract: Although many smart grid authentication protocols have been presented in literature, majority of them remain susceptible to numerous attacks. In addition, some of these protocols are based on computationally intensive cryptographic primitives, which render them inefficient. To address some of these challenges, a protocol based on masked symmetric key encrypted verification codes is presented in this paper. The security analysis carried out shows that this protocol provides message confidentiality, unlinkability, and traceability for malicious network entities. It is also resilient against side-channel and forgery attacks. In terms of efficiency, limited numbers of elliptic curve multiplication and one way-hashing operations are executed during mutual authentication, message signing and verification. As such, this protocol exhibits the least computation and communication complexities in comparison with its peers.

Cross-Layer Authentication based on Physical-Layer Signatures for Secure Vehicular Communication

Abstract: In recent years, research has focused on exploiting the inherent physical (PHY) characteristics of wireless channels to discriminate between different spatially separated network terminals, mitigating the significant costs of signature-based techniques. In this paper, the legitimacy of the corresponding terminal is firstly verified at the protocol stack’s upper layers, and then the re-authentication process is performed at the PHY-layer. In the latter, a unique PHY-layer signature is created for each transmission based on the spatially and temporally correlated channel attributes within the coherence time interval. As part of the verification process, the PHY-layer signature can be used as a message authentication code to prove the packet’s authenticity. Extensive simulation has shown the capability of the proposed scheme to support high detection probability at small signal-to-noise ratios. In addition, security evaluation is conducted against passive and active attacks. Computation and communication comparisons are performed to demonstrate that the proposed scheme provides superior performance compared to conventional cryptographic approaches.

Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems

Abstract: Attacks against industrial control systems (ICSs) often exploit the insufficiency of authentication mechanisms. Verifying whether the received messages are intact and issued by legitimate sources can prevent malicious data/command injection by illegitimate or compromised devices. However, the key challenge is to introduce message authentication for various ICS communication models, including multicast or broadcast, with a messaging rate that can be as high as thousands of messages per second, within very stringent latency constraints. For example, certain commands for protection in smart grids must be delivered within 2 milliseconds, ruling out public-key cryptography. This paper proposes two lightweight message authentication schemes, named CMA and its multicast variant CMMA, that perform precomputation and caching to authenticate future messages. With minimal precomputation and communication overhead, C(M)MA eliminates all cryptographic operations for the source after the message is given, and all expensive cryptographic operations for the destinations after the message is received. C(M)MA considers the urgency profile (or likelihood) of a set of future messages for even faster verification of the most time-critical (or likely) messages. We demonstrate the feasibility of C(M)MA in an ICS setting based on a substation automation system in smart grids.

Auth-AIS: Secure, Flexible, and Backward-Compatible Authentication of Vessels AIS Broadcasts

Abstract: Automatic Identification System (AIS) is the de-facto communication standard used by vessels to broadcast identification and position information. However, being AIS communications neither encrypted nor authenticated, they can be eavesdropped and spoofed by adversaries, leading to potentially threatening scenarios. Existing solutions, including the ones conceived in the avionics domain, do not consider integration with the AIS standard, and they do not provide protection against rogue messages flooding. In this article, we propose Auth-AIS, a secure, flexible, standard-compliant, and backward-compatible authentication framework to secure AIS broadcast messages. Auth-AIS leverages existing sound cryptographic tools, including TESLA and Bloom Filters, inheriting their security properties while contextualizing them in the AIS technology. Auth-AIS is a software-only solution, that can be seamlessly integrated into existing AIS deployments, without requiring any hardware replacement. Its innovative design also provides backward-compatibility—i.e., Auth-AIS messages can be received also by AIS users not adopting Auth-AIS, while renouncing at its security guarantees. Auth-AIS can work in either two configuration modes: Deterministic Security Configuration, able to achieve low-delay authentication with a message overhead of 75 percent, or Probabilistic Security Configuration, reducing the message overhead down to 35.71 percent, while experiencing a marginal increase in the authentication delay. All these security configurations guarantee an 80 bits equivalent security level and false-positive rate less than 2 ^--40 . Note that these latter security parameters can easily be tuned to fit different security requirements. Finally, the source code of Auth-AIS in the GNURadio ecosystem has been released as open-source, to foster research activities from both Industry and Academia on secure AIS communications.

ALI: Anonymous Lightweight Inter-Vehicle Broadcast Authentication with Encryption

Abstract: Wireless broadcast transmission enables Inter-vehicle or Vehicle-to-Vehicle (V2V) communication among nearby vehicles. This communication supports latency-critical applications for improved safety and maybe optimized traffic. However, V2V communication is vulnerable to cyber attacks involving message manipulation. Mechanisms are required to ensure both authenticity and integrity of broadcast data, while maintaining drivers privacy against surveillance. Considering the limited computational resources of vehicles and the possibility of high traffic density scenarios, authentication processes should have low computational overhead. Prior research has produced multiple authentication protocol proposals based on digital signatures, hash functions, or Message Authentication Codes (MACs). To date, there is no computationally efficient secure broadcast authentication scheme tolerable by the vehicles resource-constrained On-Board Units (OBUs) for latency-critical applications in heavy traffic conditions. This paper provides a new secure, efficient, and privacy-preserving scheme proposing Anonymous Lightweight Inter-vehicle (ALI) broadcast authentication with encryption. ALI provides a high level of anonymity by combining a message authentication scheme with beacon encryption. The cryptographic overhead for V2V communication in the ALI scheme is only 149 bytes, and can handle authentication of approximately 700 broadcast messages every 100 milliseconds. This demonstrates the suitability of the ALI scheme in heavy traffic scenarios. We show the security and efficiency of our proposal by conducting security proof and performance analysis.

Take a Bite of the Reality Sandwich

Abstract: Message authentication guarantees the integrity of messages exchanged over untrusted channels. However, to achieve this goal, message authentication considerably expands packet sizes, which is especially problematic in constrained wireless environments. To address this issue, progressive message authentication provides initially reduced integrity protection that is often sufficient to process messages upon reception. This reduced security is then successively improved with subsequent messages to uphold the strong guarantees of traditional integrity protection. However, contrary to previous claims, we show in this paper that existing progressive message authentication schemes are highly susceptible to packet loss induced by poor channel conditions or jamming attacks. Thus, we consider it imperative to rethink how authentication tags depend on the successful reception of surrounding packets. To this end, we propose R2-D2, which uses randomized dependencies with parameterized security guarantees to increase the resilience of progressive authentication against packet loss. To deploy our approach to resource-constrained devices, we introduce SP-MAC, which implements R2-D2 using efficient XOR operations. Our evaluation shows that SP-MAC is resilient to sophisticated network-level attacks and operates as resources-conscious and fast as existing, yet insecure, progressive message authentication schemes.

Information Hiding in Digital Textual Contents: Techniques and Current Challenges

Abstract: Information hiding is the science of concealing a secret message or watermark inside a cover media (a host file/message) for providing various security purposes such as content authentication, integrity verification, covert communication, and so on.

AutoSec: Secure Automotive Data Transmission Scheme for In-Vehicle Networks

Abstract: Modern vehicles comprise hundreds of Electronic Control Units (ECUs) and sensors for enhancing numerous security and comfort-related functionalities. The ECUs perform real-time information exchange, such as automotive instructions over the Controller Area Network (CAN) bus. However, the CAN bus architecture supports very limited security features. Thus, in-vehicle communications over CAN are vulnerable to critical security threats. Also, as ECUs are resource-constrained in nature, the continuous message transmissions lead to drain out of energy during inter-ECU communication if the authentication scheme is not cost-effective. This paper proposes AutoSec, a lightweight scheme, exploiting low-cost bit-wise XOR and concatenation operations to facilitate secure and efficient in-vehicle communications for connected vehicles. We show through qualitative analysis that AutoSec preserves the security properties of message integrity, user authentication, and message confidentiality. We implemented AutoSec on Raspberry Pi 3B+ and performed exhaustive experiments to validate the security robustness and lightweightness of AutoSec. The results show that AutoSec reduces the computation time by and energy consumption by .

ESAR: Enhanced Secure Authentication and Revocation Scheme for Vehicular Ad Hoc Networks

Abstract: Vehicle Ad Hoc Network (VANET) systems that use Public Key Infrastructure (PKI) experience significant delays when checking Certificate Revocation Lists (CRLs) and performing key pair-based asymmetric cryptographic operations. This paper offers a fast and secure mechanism for revocation checking, processing and PKI key pair updating called the Enhanced Secure Authentication and Revocation (ESAR) scheme for VANETs. The ESAR Vehicle-To-Vehicle (V2V) authentication method applies Keyed-Hash-based Message Authentication Code (H-MAC) cryptogram validation for On-Board-Unit (OBU) revocation checks instead of the CRL search. We examined the ESAR together with a similar VANET scheme and achieved better results. We selected the Expedite Message Authentication Protocol for Vehicular Ad Hoc Networks (EMAP), which, upon a review of the literature, was seen to offer fewer countermeasures to provide resistance to most attacks. In addition, we completed the missing parts of the EMAP scheme with performance improvements and we compared it with other schemes in terms of security. Our ESAR scheme includes the following improvements. (1) The unauthorized update protection of sensitive assets is handled by revocation key sender verification and revocation version validation. (2) Privacy concerns are addressed by the use of keyed trimmed H-MAC-based pseudo ID creation. (3) Reliable data transmission issues are resolved by including missing message identification tags. (4) Performance concerns are addressed by eliminating and combining network requests to offer fast security key revocation. We targeted system performance and durability and also attack resistance using anomaly detection improvements. We ran three simulations: the standard (using CRL only), the proposed (ESAR), and the existing (EMAP) methods. According to the findings of our simulation analysis, our proposed system was more efficient in terms of performance and network congestion than the other examined methods.

Centralized architecture for ECU security management in connected and autonomous vehicles

Abstract: The strong development of automotive industry is changing traditional perceptions towards a vision of connected and autonomous vehicles (CAVs), such as each vehicle consists of a number of networked computer components, called Electronic Control Units (ECUs) in order to achieve numerous automotive services. Controller Area Network (CAN) is primarily designed for automotive networking with little regard to security. Indeed, the lack of authentication and confidentiality features could lead to automotive cyberattacks putting at risk the safety of the driver, the pedestrians and other vehicles. Therefore, identity management, authentication and data confidentiality must be handled efficiently. In this paper, we propose a centralized architecture for ECU security management in CAVs. First, we present a lightweight symmetric cryptography based session key agreement scheme between each ECU and the manufacturer data center, which uses a random nonce, concatenation operator, a simple hash function and a keyed-hash message authentication code (HMAC). Then, we define the configuration and security parameters on the CAN bus. Finally, we discuss our proposal. To the best of our knowledge, no prior works have been proposed for the establishment of a session key between each ECU and the data center.

Provable Secure and Lightweight Vehicle Message Broadcasting Authentication Protocol with Privacy Protection for VANETs

Abstract: With the emergence of intelligent transportation and the widespread use of vehicle network equipment, the vehicle ad hoc network (VANET) is widely used in the communication among participating entities to obtain traffic information, such as speed, traffic congestion, road conditions, and accident. In VANET, the secure and efficient message broadcasting protocol can effectively reduce the message transmission delay, to meet the requirements of openness, real-time, and high-speed mobility in the VANET environment. However, most related researches mainly rely on third parties, such as TA and RSU, to ensure the identity authentication of vehicles and the security of message transmission, which are not suitable for infrastructure-less scenario. Therefore, designing a protocol for decentralized message broadcasting, identity authentication without a third party, and the safe message transmission is meaningful. In this study, we propose a lightweight vehicle message broadcasting authentication protocol, which realizes the identity authentication of the message broadcasting vehicle and vehicle-to-vehicle (V2V) key agreement without the need of a trusted third party. In our protocol, the vehicle can verify the identity of the sending vehicle to identify the reliability of the message source and prevent malicious messages. Meanwhile, the vehicle can update its pseudonym identity to resist tracking attacks, but the trusted authority can always track the real identity of the malicious message sending vehicle according to the sent messages. The proposed protocol is proved secure by formal security proof. In addition, our scheme provides better security and computational efficiency over others by comparing with related schemes.

Multi-Channel Authentication for Secure D2D using Optical Camera Communication

Abstract: Device-to-Device (D2D) communication is a promising solution for providing on-demand network connectivity to numerous devices. In particular, the autonomous D2D approach enables personal devices to flexibly communicate with each other with less operation. Despite all the benefits of D2D communication, security is a significant concern because of the broadcast nature of wireless communication. The biggest threats for the autonomous D2D are masquerading, impersonation, man-in-the-middle (MITM) attacks due to absence of a trusted third party. There have been many research efforts on this problem including physical layer based and the well-known Diffie-Hellman based approaches. However, they cannot be employed for authentication between physically distant devices. To address this problem, this paper proposes a multi-channel authentication for the autonomous D2D using optical camera communication (OCC). It executes the Diffie-Hellman key exchange in an optical link between a light source and a camera. The idea behind the proposed scheme is to leverage the limited reachability of OCC for ensuring security; a device can only communicate with a visible device. In this paper we introduce the security analysis for the proposed authentication and preliminary results using smartphones.

Secret Key-Enabled Authenticated-Capacity Region, Part I: Average Authentication

Abstract: This paper investigates the secret-key-authenticated-capacity region, where information-theoretic authentication is defined by the ability of the decoder to accept and decode messages originating from a valid encoder while rejecting messages from other invalid sources. The model considered here consists of a valid encoder-decoder pairing that can communicate through a channel controlled by an adversary who is also able to eavesdrop on the encoder’s transmissions. Over multiple rounds of communication, the adversary first decides whether or not to replace the decoder’s observation with an arbitrary one of the adversary’s choosing, with the goal of the adversary being to have the decoder accept and decode their observation as a valid message (different from that of the encoder). To combat the adversary, the encoder and decoder share a secret key. The secret-key-authenticated-capacity region here is then defined as the region of jointly achievable message rate, authentication rate (a to be defined per symbol measure that will generally represent the likelihood that an adversary can fool the decoder), and the key-consumption rate (how many bits of secret key are needed per symbol sent). This is the first of a two-part study, with the parts differing in their measure of the authentication rate. In this first study, the authentication rate is the exponent of blocklength-normalized exponent of the expected probability of false authentication. For this metric, we provide an inner bound which improves on those existing in the literature. This is achieved by adopting and merging different classical techniques in novel ways. Within these classical secret-key-based authentication techniques, one technique derives authentication capability from secure channel coding to send the secret key with the message, and the other technique derives its authentication capability directly from obscuring the source.

BP-MAC: Fast Authentication for Short Messages

Abstract: Resource-constrained devices increasingly rely on wireless communication for the reliable and low-latency transmission of short messages. However, especially the implementation of adequate integrity protection of time-critical messages places a significant burden on these devices. We address this issue by proposing BP-MAC, a fast and memory-efficient approach for computing message authentication codes based on the well-established Carter-Wegman construction. Our key idea is to offload resource-intensive computations to idle phases and thus save valuable time in latency-critical phases, i.e., when new data awaits processing. Therefore, BP-MAC leverages a universal hash function designed for the bitwise preprocessing of integrity protection to later only require a few XOR operations during the latency-critical phase. Our evaluation on embedded hardware shows that BP-MAC outperforms the state-of-the-art in terms of latency and memory overhead, notably for small messages, as required to adequately protect resource-constrained devices with stringent security and latency requirements.

ShadowAuth: Backward-Compatible Automatic CAN Authentication for Legacy ECUs

Abstract: Controller Area Network (CAN) is the de-facto standard in-vehicle network system. Despite its wide adoption by automobile manufacturers, the lack of security design makes it vulnerable to attacks. For instance, broadcasting packets without authentication allows the impersonation of electronic control units (ECUs). Prior mitigations, such as message authentication or intrusion detection systems, fail to address the compatibility requirement with legacy ECUs, stealthy and sporadic malicious messaging, or guaranteed attack detection. We propose a novel authentication system called ShadowAuth that overcomes the aforementioned challenges by offering backwardcompatible packet authentication to ECUs without requiring ECU firmware source code. Specifically, our authentication scheme provides transparent CAN packet authentication without modifying existing CAN packet definitions (e.g., J1939) via automatic ECU firmware instrumentation technique to locate CAN packet transmission code, and instrument authentication code based on the CAN packet behavioral transmission patterns. ShadowAuth enables vehicles to detect state-of-the-art CAN attacks, such as busoff and packet injection, responsively within 60ms without false positives. ShadowAuth provides a sound and deployable solution for real-world ECUs.

Implementation of Secure Sampled Value (SeSV) Messages in Substation Automation System

Abstract: IEC61850 is the mainstream of the development for substation automation. This paper presents a practical consideration and analysis for implementing a secure sampled measured value (SeSV) message in substation automation system. Due to the lack of security features in the standard, IEC Working Group 15 of Technical Committee 57 published IEC62351 on security for IEC61850 profiles. However, the use of authentication methods for SV based on IEC62351 standards are still not integrated, and computational capabilities and performance are not validated and tested with commercial grade equipment. Hence, this paper shows the performance of security feature enabled SeSV packets transmitted between protection and control devices by appending a message authentication code (MAC) to the extended IEC61850 packets. A prototype implementation on a low cost commodity embedded system has proved that the MAC-enabled SV message can fully secure the process bus communication in the digital substation with negligible time delay.

A Single-Pass and One-Round Message Authentication Encryption for Limited IoT Devices

Abstract: In this work, we propose three efficient variants of a message authentication encryption (MAE) algorithm, which is based on the dynamic key-dependent concept and dynamic operation mode to reach a high level of security. These variants consist of a single pass and a single round, in addition to the use of common operations for the encryption and authentication processes to reduce the required execution time and resources. Accordingly, the proposed scheme outperforms the existing solutions that are based on the static approach with multiple rounds. Furthermore, to reduce the overhead associated with the regeneration of the dynamic key and the corresponding cryptographic primitives, we propose a simple, yet effective update process. In such a scheme, even when the same plaintext is processed, it will be encrypted and authenticated using different cryptographic primitives (substitution and permutation tables in addition to round keys), which guards against the existing cryptanalysis techniques. The experimental results show that the proposed MAE variants are more efficient than the counter with cipher block chaining message authentication code (CCM), Galois message authentication code (GMAC), offset codebook mode (OCB), and the Chacha20-poly1305. The best performance is achieved with the third MAE variant that presents a high throughput with an enhancement of at least 373% compared to CCM, 90% compared to GCM, 23% compared to OCB, and 22% compared to Chacha20-poly1305.

Digital Signature with Message Security Process

Abstract: This is the time of internet, and we are communicating our confidential data over internet in daily life. So, it is necessary to check the authenticity in communication to stop non-repudiation, of the sender. We are using the digital signature for stopping the non-repudiation. There are many versions of digital signature are available in the market. But in every algorithm, we are sending the original message and the digest message to the receiver. Hence, there is no security applied on the original message. In this paper we are proposed an algorithm which can secure the original and its integrity. In this paper we are using the RSA algorithm as the encryption and decryption algorithm, and SHA256 algorithm for making the hash.

Towards an Energy-Efficient Hash-based Message Authentication Code (HMAC)

Abstract: Hash-based message authentication code (HMAC) involves a secret cryptographic key and an underlying crypto-graphic hash function. HMAC is used to simultaneously verify both integrity and authenticity of messages and, in turn, plays a significant role in secure communication protocols e.g., Transport Layer Security (TLS). The high energy consumption of HMAC is well-known as is the trade-off between security, energy consumption, and performance. Previous research in reducing energy consumption in HMAC has approached the problem primarily at the system software level (e.g. scheduling algorithms). This paper attempts to reduce energy consumption in HMAC by applying an energy-reducing algorithmic engineering technique to the underlying hash function of HMAC, as a means to preserve the promised security benefits. Using pyRAPL, a python library to measure computational energy, we experiment with both the standard and energy-reduced implementations of HMAC for different input sizes (in bytes). Our results show up to 17% reduction in energy consumption by HMAC, while preserving function. Such energy savings in HMAC, by virtue of HMAC's prevalent use in existing network protocols, extrapolate to lighter-weight network operations with respect to total energy consumption.

Model for Storing Tokens in Local Storage (Cookies) Using JSON Web Token (JWT) with HMAC (Hash-based Message Authentication Code) in E-Learning Systems

Abstract: E-learning is a technology that may be used in the learning process to improve not only the distribution of learning materials but also the ability of learners to modify their abilities of various competencies contained in a database. A Web Service is used to integrate the data. Web Service is a set of standards and programming methods for sharing data between different software applications, distributing services over the internet that supports system interoperability. In this digital era, the system that will survive is one that can function on multiple platforms, and one of the options is to use web servicess. Data is exchanged in JSON format, and JSON Web Tokens are used for authentication security (JWT). The use of JWT for token-based authentication on web services can help overcome interoperability issues. JWT is stateless and allows for the inclusion of data in the token authorisation. JWT includes a number of algorithm possibilities, including HMAC. Overall, the adoption of HMAC outperforms the criteria of token generation time, token size, and token transfer speed. Storing JSON Web Token into local storage in the client browser using the HMAC algorithm has been presented in this paper. The proposed work has shown that JWTs do not need to be stored on the server but can be stored on the client browser side using local storage.

Multi-Designated Receiver Authentication-Codes with Information-Theoretic Security

Abstract: A multi-designated receiver authentication code (MDRA-code) with information-theoretic security is proposed as an extension of the traditional multi-receiver authentication code. The purpose of the MDRA-code is to securely transmit a message via a broadcast channel from a single sender to an arbitrary subset of multiple receivers that have been designated by the sender, and only the receivers in the subset (i.e., not all receivers) should accept the message if an adversary is absent. This paper proposes a model and security formalization of MDRA-codes, and provides constructions of MDRA-codes.

Secure and Efficient Message Authentication Scheme for 6G-Enabled VANETs

Abstract: In 6G-enabled vehicle ad hoc networks (VANETs), the messages transmitted through wireless communication face security problems such as tampering and disclosure. In this paper, to ensure the security of transmitted messages and the privacy of vehicle users, we propose an anonymous and secure message authentication (ASMA) scheme. The ASMA scheme can realize message verification and conditional privacy preservation with a lower computation overhead, and its security does not depend on a tamper-proof device (TPD). As the numbers of vehicles and applications increase in 6G-enabled VANETs, the number of messages in the network increases greatly. One-by-one verification messages in the ASMA scheme cannot meet the strict low-latency requirements. To improve the efficiency of the ASMA scheme, we investigate a proxy-vehicle-assisted batch message authentication (PVBA) scheme. In the scheme, a proxy vehicle selection algorithm is designed to choose a certain number of proxy vehicles, and the message verification tasks are completed by a roadside unit (RSU) and the proxy vehicles synchronously. Performance analysis shows that in the case of large-scale messages, the PVBA scheme has lower verification delay than related schemes, and the verification efficiency is greatly improved.

A New Modified MD5-224 Bits Hash Function and an Efficient Message Authentication Code Based on Quasigroups

Abstract: In this paper, we have proposedUmesh Kumar V. Ch. Venkaiah (i) a hash function and (ii) an efficient message authentication code based on quasigroup. We refer to these as QGMD5 and QGMAC, respectively. The proposed new hash function QGMD5 is an extended version of MD5 that uses an optimal quasigroup along with two operations named as QGExp and QGComp. The operations quasigroup expansion (QGExp) and the quasigroup compression (QGComp) are also defined in this paper. QGMAC is designed using the proposed hash function QGMD5 and a quasigroup of order 256 as the secret key. The security of QGMD5 is analyzed by comparing it with both the MD5 and the SHA-244. It is found that the proposed QGMD5 hash function is more secure. Also, QGMAC is analyzed against the brute-force attack. It is resistant to this attack because of the exponential number of quasigroups of its order. It is also analyzed for the forgery attack, and it is found to be resistant. In addition, we compared the performance of the proposed hash function to that of the existing MD5 and SHA-224. Similarly, the performance of the proposed QGMAC is compared with that of the existing HMAC-MD5 and HMAC-SHA-224. The results show that the proposed QGMD5 would take around 2 $$\mu s$$ additional execution time from that of MD5 but not more than SHA-224, while QGMAC always takes less time than that of both the HMAC-MD5 and the HMAC-SHA-224. So, our schemes can be deployed in all the applications of hash functions, such as in blockchain and for verifying the integrity of messages.

The Model of Parallel Processing of Messages Buffered in the Shared Memory

Abstract: The use of chained block cifer mode makes it possible to increase the reliability of making decisions about the integrity and authenticity of messages in the conditions of a limited size of the message authentication code. Such solutions require independent implementation of procedures for decoding incoming data packets to authenticate multiple remote sources. It is proposed to use indirect addressing in order to increase the processing speed of incoming packets and to reduce the amount of internal buffer memory. The initial packet data is stored in a common large-capacity buffer, and the decoding results, descriptors of the generated message chains are stored in a separate memory of a smaller capacity. In this case, decoding for each source takes place on a separate computing core. Mathematical modeling has shown that the proposed computer configuration provides a performance increase of up to 0.9 message authentication code extraction operations with a reasonable number of computing modules of 7–10. The operation of the independent computing modules in a quasi-multitasking mode ensures the processing of messages from 10 remote sources without significant loss in performance of the authentication receiver

Analysis of Different Types of Digital Signature

Abstract: A signature scheme is a method of signing a message stored in electronic form. Such signed message can be transmitted over a computer network. Digital signatures have many applications in information security, related to authentication, data integrity, and non-repudiation. One of the most important applications of digital signatures is the public keys certification in large networks. This paper is dedicated to analyze different digital signature schemes term of the domain of the group used and the analysis three categories are proposed to increase the development directivity of new efforts toward producing new digital signature algorithms.