Perfect Trees: Designing Energy-Optimal Symmetric Encryption Primitives

Energy efficiency is critical in battery-driven devices, and designing energyoptimal symmetric-key ciphers is one of the goals for the use of ciphers in such environments. In the paper by Banik et al. (IACR ToSC 2018), stream ciphers were identified as ideal candidates for low-energy solutions. One of the main conclusions of this paper was that Trivium, when implemented in an unrolled fashion, was by far the most energy-efficient way of encrypting larger quantity of data. In fact, it was shown that as soon as the number of databits to be encrypted exceeded 320 bits, Trivium consumed the least amount of energy on STM 90 nm ASIC circuits and outperformed the Midori family of block ciphers even in the least energy hungry ECB mode (Midori was designed specifically for energy efficiency).In this work, we devise the first heuristic energy model in the realm of stream ciphers that links the underlying algebraic topology of the state update function to the consumptive behaviour. The model is then used to derive a metric that exhibits a heavy negative correlation with the energy consumption of a broad range of stream cipher architectures, i.e., the families of Trivium-like, Grain-like and Subterranean-like constructions. We demonstrate that this correlation is especially pronounced for Trivium-like ciphers which leads us to establish a link between the energy consumption and the security guarantees that makes it possible to find several alternative energy-optimal versions of Trivium that meet the requirements but consume less energy. We present two such designs Trivium-LE(F) and Trivium-LE(S) that consume around 15% and 25% less energy respectively making them the to date most energy-efficient encryption primitives. They inherit the same security level as Trivium, i.e., 80-bit security. We further present Triad-LE as an energy-efficient variant satisfying a higher security level. The simplicity and wide applicability of our model has direct consequences for the conception of future hardware-targeted stream ciphers as for the first time it is possible to optimize for energy during the design phase. Moreover, we extend the reach of our model beyond plain encryption primitives and propose a novel energy-efficient message authentication code Trivium-LE-MAC.

Potential Security Vulnerabilities of the IEEE 802.15.4 Standard and a Proposed Solution Against the Dissociation Process

Many different networks that rely on short-distance wireless technology for their functions utilize the IEEE 802.15.4 Standard, especially in the case of systems that experience a low level of traffic. The networks using this standard are typically based on the Low-Rate Wireless Personal Area Network, herein called the LR-WPAN; this network is used for the provision of both the physical layer, herein referred to as the PHY, and the media access control, herein abbreviated as the MAC. There are four security features in the IEEE 802.15.4 Standard that are designed to ensure the safe and secure transmission of data through the network. Disconnection from the network is managed and controlled by the message authentication code, herein referred to as the MAC, while the coordinator personal area network, herein abbreviated as the PAN, is also able to trigger the disconnection. However, the process of disconnection from the network is one area of vulnerability to denial-of-service attacks, herein referred to as DoS; this highlights a major shortcoming of the IEEE 802.15.4 Standard’s security features. This paper is intended to contribute to the improvement of security for the IEEE network by conducting a specific and in-depth review of available literature as well as conducting an analysis of the disassociation process. In doing so, potential new threats will be highlighted, and this data can be used to improve the security of the IEEE 802.15.4 Standard. Overall, in this paper, the role of the Castalia tool in the OMNET++ environment is analysed and interpreted for these potential new threats. Also, this paper proposes a solution to such threats to improve the security IEEE 802.15.4 disassociation process. Keywords: Disassociation vulnerability of IEEE 802.15.4 Standard, DoS attack, IoT security.

Personalized CAPTCHA Using Cognitive Cryptography

Cognitive Cryptography is used to improve personal verification process using the individual’s characteristics. The personal information contained can be biometrics because it is the unique information that identifies the owner. In advanced cryptographic protocol oriented for authentication of user, there is a possibility of using personal characteristics and perception abilities are required to create a new authentication procedure. This paper presents a new approach for creation of advanced multilevel user authentication protocol by using Image grid CAPTCHA codes. Here the user needs the special skills or knowledge while verifying, this is because of cognitive CAPTCHA’s. Instead of generating some random numbers or text while authentication procedure these CAPTCHA’s can be used. In multilevel authentication code the user verification can be realized in several iterations, in which the user attention can be oriented on different visual elements, region of interest or semantic content. This cognitive code will able to identify the recognition abilities of the user. Cognitive codes are having high security feature similar to traditional CAPTCHA’s because of understanding or recognizing the blurred or distorted patterns and also requires background knowledge to experience the connection with evaluated patterns. This feature guarantees the high level of security and allows to get succeeded in authentication process because the user possess specific skill that or not available for computers or answering systems. The traditional authentication protocols are to be involved with human mental capability is the vital idea of the proposed solution.

Efficient Secret Image Sharing Scheme with Authentication and Cheating Prevention

Due to the widespread adoption and popularity of digital images in distributed storage, Secret Image Sharing (SIS) has attracted much attention. However, preventing the cheating of shares is an important problem that needs to be solved in the traditional SIS scheme. An adversary without image shares may participate in the restoration phase as a share owner. In this phase, the adversary can obtain real shares or prevent recovering real images by submitting fake shadows. Our schemes are based on the original Thien-Lin’s scheme. In the scheme I, we use some XOR operations to get two authentication codes through all secret pixel values to achieve a lightweight and fast-calculated authentication scheme for cheating prevention. This scheme is suitable for small devices with limited resources. In scheme II, we use a hash algorithm to generate the authentication code. This scheme is suitable for environments with larger storage space and higher security levels. Since all pixel values are involved in the authentication in our proposed schemes, it can prevent fake shadow images from cheating. Meanwhile, the shadow size is almost the same as the original Thien-Lin’s scheme. Experimental results and theoretical analysis show that the proposed schemes are feasible and effective.

Cryptography – An Overview

With the day-by-day advancement of the Internet throughout the world, online marketing sites and applications are growing rapidly. More and more social networking sites are emerging almost every day connecting people from various parts of the world. These situations demand the organizers behind those networks to generate and store a huge amount of data regularly. Nonetheless to say, the more the data, the more is the risk of losing it. Hackers, phishers, or breachers are there at every nook and corner of the World Wide Web to steal and abuse the data of users. To protect the data from breaches, it is a necessity to secure the network. The general method of network protection is known as "Cryptography". Users are generally given a unique User ID and authentication code known as Password under which their data are stored individually. In this paper, we will discuss the overall idea of cryptography along with its methods and techniques.

Securing Audio Using AES-based Authenticated Encryption with Python

The focus of this research is to analyze the results of encrypting audio using various authenticated encryption algorithms implemented in the Python cryptography library for ensuring authenticity and confidentiality of the original contents. The Advanced Encryption Standard (AES) is used as the underlying cryptographic primitive in conjunction with various modes including Galois Counter Mode (GCM), Counter with Cipher Block Chaining Message Authentication Code (CCM), and Cipher Block Chaining (CBC) with Keyed-Hashing for encrypting a relatively small audio file. The resulting encrypted audio shows similarity in the variance when encrypting using AES-GCM and AES-CCM. There is a noticeable reduction in variance of the performed encodings and an increase in the amount of time it takes to encrypt and decrypt the same audio file using AES-CBC with Keyed-Hashing. In addition, the corresponding encrypted using this mode audio spans a longer duration. As a result, AES should either have GCM or CCM for an efficient and reliable authenticated encryption integration within a workflow.

METHOD OF OPTIMIZING ELEMENTS OF INTEGRATED OPTICAL AUTHENTICATION MODULE

В ходе информационного обмена между локальными вычислительными сетями пользователей передаваемая информация проходит через не защищенную сеть провайдера связи. Отсутствие аутентификации коммутаторов позволяет злоумышленникам осуществлять сетевые атаки на коммутаторы второго уровня модели OSI. Для устранения проблемы аутентификации коммутационного оборудования канального уровня можно использовать модуль аутентификации, встроенный в коммутатор. В работе приведена схема интегрально-оптического интерферометра для устройства управления оптическим излучением модуля аутентификации. Так как для передачи кода аутентификации применяется ослабленное лазерное излучение, то актуальным является расчет потерь оптического сигнала в интерферометре. Высокие потери оптического излучения могут происходить во внутреннем двойном изгибе спирали и во входном и выходном разветвителях интерферометра. Разработана методика оптимизации этих элементов интерферометра для уменьшения потерь оптического сигнала. Методика основана на методе распространяющегося пучка, методе эффективного показателя преломления и конечно-элементном анализе. На основе разработанной методики можно оценить оптимальное смещение волноводов в точке перегиба внутреннего S-изгиба спирали, геометрические параметры входного и выходного разветвителей. During information exchange between local computer networks of users, the transmitted information passes through an unprotected network of a communication provider. The lack of switch authentication allows attackers to carry out network attacks on Layer 2 switches of the OSI model. You can use the authentication module built into the switch to resolve the link layer switching equipment authentication problem. The work shows the integrated optical interferometer circuit for the optical radiation control device of the authentication module. Since attenuated laser light is used to transmit the authentication code, the calculation of optical signal losses in the interferometer is relevant. High losses of optical radiation can occur in the inner double bend of the spiral and in the input and output splitters of the interferometer. A technique has been developed to optimize these interferometer elements to reduce optical signal losses. The technique is based on the propagating beam method, the effective refractive index method, and finite element analysis. Based on the developed technique, the optimal displacement of waveguides at the inflection point of the internal S-bend of the spiral, the geometric parameters of the input and output splitters can be estimated.

Location-based key management, data authentication and aggregation in wireless sensor networks

The first design presents a novel location-based key management and en-route data authentication proposal. It divides the whole sensing area into a number of location cells. A group of location cells consist of a logical group. A pairwise key between two sensor nodes is established based on grid-based bivariate t-degree polynomials. Any valid reading report needs to collect enough message authentication code (MACs) from different neighbours. These pairwise keys used for generating the MAC are forwarded several hops down to the base station for future en-route data authentication. The second design proposes a greedy location-based secure and energy-efficient data aggregation approach. It further utilizes data aggregation based on the previous design by setting up control groups, applying pattern codes, selecting and switching control head nodes dynamically and periodically. In addition, different from the first design, it only requires control head nodes to collect enough MACs in each reading report. Extensive analysis, evaluations and experiments show us that both designs are secure, efficient and resilient.

Location-based key management, data authentication and aggregation in wireless sensor networks

The first design presents a novel location-based key management and en-route data authentication proposal. It divides the whole sensing area into a number of location cells. A group of location cells consist of a logical group. A pairwise key between two sensor nodes is established based on grid-based bivariate t-degree polynomials. Any valid reading report needs to collect enough message authentication code (MACs) from different neighbours. These pairwise keys used for generating the MAC are forwarded several hops down to the base station for future en-route data authentication. The second design proposes a greedy location-based secure and energy-efficient data aggregation approach. It further utilizes data aggregation based on the previous design by setting up control groups, applying pattern codes, selecting and switching control head nodes dynamically and periodically. In addition, different from the first design, it only requires control head nodes to collect enough MACs in each reading report. Extensive analysis, evaluations and experiments show us that both designs are secure, efficient and resilient.

Security for eHealth system: data hiding in AMBTC compressed images via gradient-based coding

Various eHealth applications based on the Internet of Things (IoT) contain a considerable number of medical images and visual electronic health records, which are transmitted through the Internet everyday. Information forensics thus becomes a critical issue. This paper presents a data hiding algorithm for absolute moment block truncation coding (AMBTC) images, wherein secret data, or the authentication code, can be embedded in images to enhance security. Moreover, in view of the importance of transmission efficiency in IoT, image compression is widely used in Internet-based applications. To cope with this challenge, we present a novel compression method named gradient-based (GB) compression, which is compatible with AMBTC compression. Therefore, after applying the block classification scheme, GB compression and data hiding can be performed jointly for blocks with strong gradient effects, and AMBTC compression and data hiding can be performed jointly for the remaining blocks. From the experimental results, we demonstrate that the proposed method outperforms other state-of-the-art methods.