Optimized Implementation of Gift Cipher

The Internet of Things is an emerging area which deals with transfer of the data through the wired or wireless network. The prime thing that needs to be addressed in this is the security of the data that must be transferred within the optimized time limit. In this paper, throughput and time delay are need to be considered for the optimized data transfer and while concentrating on this, there is a possibility of allowing the data to be vulnerable to attacks. Security algorithms currently available may be adequate for the wired system and not as the same for wireless scenario. PRESENT cipher is a one of the popular cryptosystem used in wireless which falls under the light weight cryptography category. Gift cipher is an enhanced version of PRESENT cipher. Which aims that maximizing the throughput. In this, iteration structure used for encryption. This can still be improved and optimized in terms of increased data rate and reduced time delay. In this paper, implements the optimization technique of the existing GIFT cipher and throughput is considered as the performance metrics. Pipeline and sub-stage pipeline techniques are used for enhancing the architecture.

     

PRESENT代数故障攻击的改进与评估

提出了一种基于代数分析的PRESENT故障攻击改进方法,将代数分析用于密码和故障方程构建,通过逆向构建加密方程来加快求解速度;提出了一种故障注入后的密钥剩余熵评估方法,可评估不同故障模型下的PRESENT抗故障攻击安全性;最后对智能卡上的8位智能卡上的PRESENT实现进行了时钟毛刺故障注入,最好情况下1次故障注入即可恢复主密钥,这是PRESENT故障攻击在数据复杂度上的最好结果。     

Public key cryptography based privacy preserving multi-context RFID infrastructure

In this paper, we propose a novel radio frequency identification (RFID) infrastructure enabling multi-purpose RFID tags realized by the use of privacy preserving public key cryptography (PKC) architecture. The infrastructure ensures that the access rights of the tags are preserved based on the spatial and temporal information collected from the RFID readers. We demonstrate that the proposed scheme is secure with respect to cryptanalytic, impersonation, tracking, replay, and relay attacks. We also analyze the feasibility of PKC implementation on passive class 2 RFID tags, and show that the requirements for PKC are comparable to those of other cryptographic implementations based on symmetric ciphers. Our numerical results indicate PKC based systems can outperform symmetric cipher based systems, since the back end servers can identify RFID tags with PKC based systems approximately 57 times faster than the best symmetric cipher based systems.     

A novel image encryption scheme based on a linear hyperbolic chaotic system of partial differential equations

Compared with general chaotic systems, a linear hyperbolic chaotic system of partial differential equations with nonlinear boundary conditions has larger parameter space, stronger sensitivity to initial condition and control parameter, better random-like behavior and so on, but it has not been employed in cryptography so far. Then using its significant properties, we present a new cryptosystem with coupled map lattices and time-varying delay. The proposed image encryption algorithm with permutation–diffusion architecture can overcome some drawbacks in the existing methods, because the sum of pixel value of original image is used for determining the permutation parameters and the previous cipher image information is utilized in the next diffusion. Theoretical analysis and computer experiments confirm that the new algorithm is efficient, practicable, and reliable, with high potential to be adopted for network security and secure communications.     

Efficient Key Management Protocol for Secure RTMP Video Streaming toward Trusted Quantum Network

This paper presents an achievable secure videoconferencing system based on quantum key encryption in which key management can be directly applied and embedded in a server/client videoconferencing model using, for example, OpenMeeting. A secure key management methodology is proposed to ensure both a trusted quantum network and a secure videoconferencing system. The proposed methodology presents architecture on how to share secret keys between key management servers and distant parties in a secure domain without transmitting any secrets over insecure channels. The advantages of the proposed secure key management methodology overcome the limitations of quantum point‐to‐point key sharing by simultaneously distributing keys to multiple users; thus, it makes quantum cryptography a more practical and secure solution. The time required for the encryption and decryption may cause a few seconds delay in video transmission, but this proposed method protects against adversary attacks.     

改进的CBC 模式及其安全性分析

针对CBC模式在分块适应性攻击模型下不安全这一问题,提出了一个新的分组密码工作模式。新方案引进了Gray码,改变了原有模式的输入方式,打乱了前后输出输入的内在联系。同时,利用规约的思想对其安全性进行了分析。结果表明,在所用分组密码是伪随机置换的条件下,方案在分块适应性攻击模型下是可证明安全的。     

大数模幂乘算法的快速实现

大素数的选取是构造RSA密钥的关键 ,在素数的产生及测试是RSA公钥系统中的一个重要研究课题。描述了公钥密码体制中DSA、RSA等数据加密算法的原理及加密、解密过程 ,分析了各种算法的性能和适用的场合 ,针对上述算法的计算量巨大的问题 ,给出了实现数据加密较好的方法。理论和实验表明 ,该算法用于实现RSA算法 ,新算法的效率有明显的提高     

SeC‐SDWSN: Secure cluster‐based SDWSN environment for QoS guaranteed routing in three‐tier architecture

Software defined wireless sensor network (SDWSN) is a recent evolution in networking that improves network performance and scalability. However, Quality of Service (QoS) and security are major the issues in SDWSN due to inefficient route selection (traffic load minimization algorithm) and insecure cryptography scheme (homomorphic algorithm). This paper proposes novel three‐tier architecture for secure cluster‐based SDWSN (SeC‐SDWSN) environment to ensure QoS and security for WSN using SDN. In the first tier, sensor nodes are segregated into multiple clusters by secure hash tree‐based clustering (SHTC) algorithm. Within each secure cluster, data transmission is performed through optimal route selected by adaptive spider monkey optimization (ASMO) algorithm in which two new fitness factors (F₁, F₂ ) are formulated by multiple QoS metrics. For data security, parallel advanced encryption standard with cipher block chaining (PAES‐CBC) algorithm is proposed. Aggregated ciphertext is transmitted to optimal switch in the second tier by using fuzzy weighted technique for order preference by similarity to ideal solution (FW‐TOPSIS) algorithm according to selection criteria. Switches forward the data to sink node based on flow rules deployed by SDN controllers in the third tier. SDN controllers provide global view on the entire network and deploy flow rules on switches in accordance to network status and security level. Extensive simulation in ns‐3 shows that the proposed three‐tier architecture achieves 5% throughput improvement, 7.8% PDR improvement, and 16% energy consumption improvement.     

无证书签密机制的安全性分析与改进

为了解决传统公钥密码体制中的证书管理问题和身份基公钥密码体制中的密钥托管问题,Al-Riyami和Paterson提出了无证书公钥密码体制。最近朱辉等提出了一个不含双线性对运算的无证书签密机制。然而,通过对其进行分析,发现该机制是不安全的(即不能提供保密性和不可伪造性),并给出了具体的攻击方法。为了增强安全性,提出了一个更安全的无证书签密机制,并在随机预言模型下基于离散对数问题和计算性Diffie-Hellman问题给出了安全性证明。此外,新机制具有良好的性能,签密算法只需要4个模幂运算,解密验证算法只需要5个模幂运算。     

GF(p)上安全椭圆曲线及其基点的选取

椭圆曲线密码体制的研究与实现已逐渐成为公钥密码体制研究的主流,适用于密码的安全椭圆曲线及其基点的选取,是椭圆曲线密码实现的基础。在该文中,作者讨论了大素数域上的安全椭圆曲线的选取算法和基点的选取,并借助于MIRACL系统利用标准C语言对它们成功实现。     

Side-Channel Resistant Crypto for Less than 2,300 GE

A provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, pp. 529–545, Springer, Berlin, 2006). We have implemented the lightweight block cipher PRESENT using the proposed countermeasure. For this purpose we had to decompose the S-box used in PRESENT and split it into three shares that fulfill the properties of the scheme presented by Nikova et al. (P. Lee, J. Cheon (eds.) International conference in information security and cryptology. Lecture notes in computer science, vol. 5461, pp. 218–234, Springer, Berlin, 2008). Our experimental results on real-world power traces show that this countermeasure provides additional security. Post-synthesis figures for an ASIC implementation require only 2,300 GE, which makes this implementation suitable for low-cost passive RFID-tags.     

Chaotic image encryption based on circular substitution box and key stream buffer

A new image encryption algorithm based on spatiotemporal chaotic system is proposed, in which the circular S-box and the key stream buffer are introduced to increase the security. This algorithm is comprised of a substitution process and a diffusion process. In the substitution process, the S-box is considered as a circular sequence with a head pointer, and each image pixel is replaced with an element of S-box according to both the pixel value and the head pointer, while the head pointer varies with the previous substituted pixel. In the diffusion process, the key stream buffer is used to cache the random numbers generated by the chaotic system, and each image pixel is then enciphered by incorporating the previous cipher pixel and a random number dependently chosen from the key stream buffer. A series of experiments and security analysis results demonstrate that this new encryption algorithm is highly secure and more efficient for most of the real image encryption practices.     

An area-efficient universal cryptography processor for smart cards

Cryptography circuits for smart cards and portable electronic devices provide user authentication and secure data communication. These circuits should, in general, occupy small chip area, consume low power, handle several cryptography algorithms, and provide acceptable performance. This paper presents, for the first time, a hardware implementation of three standard cryptography algorithms on a universal architecture. The microcoded cryptography processor targets smart card applications and implements both private key and public key algorithms and meets the power and performance specifications and is as small as 2.25 mm/sup 2/ in 0.18-/spl mu/m 6LM CMOS. A new algorithm is implemented by changing the contents of the memory blocks that are implemented in ferroelectric RAM (FeRAM). Using FeRAM allows nonvolatile storage of the configuration bits, which are changed only when a new algorithm instantiation is required.     

PRESENT密码代数故障攻击

提出了一种新的PRESENT密码故障分析方法——代数故障攻击。将代数攻击和故障攻击相结合,首先利用代数攻击方法建立密码算法等效布尔代数方程组;然后通过故障攻击手段获取错误密文信息,并将故障差分和密文差分转化为额外的布尔代数方程组;最后使用CryptoMiniSAT解析器求解方程组恢复密钥。结果表明:在PRESENT-80的第29轮注入宽度为4的故障,故障位置和值未知时,2次故障注入可在50s内恢复64bit后期白化密钥,将PRESENT-80密钥搜索空间降低为216,经1min暴力破解恢复完整主密钥;和现有PRESENT故障攻击相比,该攻击所需样本量是最小的;此外该代数故障分析方法也可为其他分组密码故障分析提供一定思路。     

基于神经网络算法的组合序列密码芯片

序列密码一直是密码学中最重要的加密方式之一.现提出基于神经网络算法的序列密码加密芯片设计,在保留原序列良好统计特性基础上,使输出序列的周期性和线性复杂性均有增加.利用FPGA技术进行序列密码芯片电路设计,灵活运用现代电子设计方法实现了运算功能和时序分配.逻辑综合仿真结果验证了芯片电路的正确性.该研究结果有助于序列密码算法在信息安全及现代保密通信设备中的应用.     

ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things

Constraint Application Protocol (CoAP), an application layer based protocol, is a compressed version of HTTP protocol that is used for communication between lightweight resource constraint devices in Internet of Things (IoT) network. The CoAP protocol is generally associated with connectionless User Datagram Protocol (UDP) and works based on Representational State Transfer architecture. The CoAP is associated with Datagram Transport Layer Security (DTLS) protocol for establishing a secure session using the existing algorithms like Lightweight Establishment of Secure Session for communication between various IoT devices and remote server. However, several limitations regarding the key management, session establishment and multi-cast message communication within the DTLS layer are present in CoAP. Hence, development of an efficient protocol for secure session establishment of CoAP is required for IoT communication. Thus, to overcome the existing limitations related to key management and multicast security in CoAP, we have proposed an efficient and secure communication scheme to establish secure session key between IoT devices and remote server using lightweight elliptic curve cryptography (ECC). The proposed ECC-based CoAP is referred to as ECC-CoAP that provides a CoAP implementation for authentication in IoT network. A number of well-known cryptographic attacks are analyzed for validating the security strength of the ECC-CoAP and found that all these attacks are well defended. The performance analysis of the ECC-CoAP shows that our scheme is lightweight and secure.

     

Lightweight and scalable secure communication in VANET

To avoid a message to be tempered and forged in vehicular ad hoc network (VANET), the digital signature method is adopted by IEEE1609.2. However, the costs of the method are excessively high for large-scale networks. The paper efficiently copes with the issue with a secure communication framework by introducing some lightweight cryptography primitives. In our framework, point-to-point and broadcast communications for vehicle-to-infrastructure (V2I) and vehicle-to-vehicle (V2V) are studied, mainly based on symmetric cryptography. A new issue incurred is symmetric key management. Thus, we develop key distribution and agreement protocols for two-party key and group key under different environments, whether a road side unit (RSU) is deployed or not. The analysis shows that our protocols provide confidentiality, authentication, perfect forward secrecy, forward secrecy and backward secrecy. The proposed group key agreement protocol especially solves the key leak problem caused by members joining or leaving in existing key agreement protocols. Due to aggregated signature and substitution of XOR for point addition, the average computation and communication costs do not significantly increase with the increase in the number of vehicles; hence, our framework provides good scalability.     

高效的无证书短签名方案

无证书密码体制不仅有效地解决了基于身份密码系统中固有的密钥托管问题而且成功地避免了公钥证书的使用,近年来得到了广泛的应用。基于无证书密码系统,提出了一个新的无证书短签名方案,新方案构造简洁、高效,在签名验证阶段仅需2次对运算。方案在随机预言机模型下是可证明安全的,更适于在公开且低带宽的通信环境下应用。     

Eight-sided fortress: a lightweight block cipher简

In this paper, we present a new lightweight block cipher named eight-sided fortress（ESF）, which is suitable for resource-constrained environments such as sensor networks and low-cost radio rrequency identification（RFID） tags. Meanwhile, we present the specification, design rationale and evaluation results in terms of the hardware implementation. For realizing both efficiency and security in embedded systems, similar to the other lightweight block ciphers, ESF is 64 bits block length and key size is 80 bits. It is inspired from existing block cipher, PRESENT and LBlock. The encryption algorithm of ESF is based on variant Feistel structure with SPN round function, used Feistel network as an overall structure with the purpose of minimizing computational resources.     

Securing Mobile Ad Hoc Networks Using Enhanced Identity‐Based Cryptography

Recent developments in identity‐based cryptography (IBC) have provided new solutions to problems related to the security of mobile ad hoc networks (MANETs). Although many proposals to solve problems related to the security of MANETs are suggested by the research community, there is no one solution that fits all. The interdependency cycle between secure routing and security services makes the use of IBC in MANETs very challenging. In this paper, two novel methods are proposed to eliminate the need for this cycle. One of these methods utilizes a key pool to secure routes for the distribution of cryptographic materials, while the other adopts a pairing‐based key agreement method. Furthermore, our proposed methods utilize threshold cryptography for shared secret and private key generation to eliminate the “single point of failure” and distribute cryptographic services among network nodes. These characteristics guarantee high levels of availability and scalability for the proposed methods. To illustrate the effectiveness and capabilities of the proposed methods, they are simulated and compared against the performance of existing methods.