Cryptographic system for data applications,in the context of internet of things

With each passing day, Internet of Things (IoT), has the potential to transform our society to a more digital way. In this paper, a cryptographic system is proposed, which has been designed and implemented, following the IoT optimized technologies. As the benefits of IoT are numerous, the need for a privacy platform is more than necessary to be developed. This work aims to demonstrate this by, firstly, implementing efficient and flexible, the fundamentals primitives of cryptography and privacy. Secondly, this is achieved, by introducing applied cryptography, in a more interactive and flexible approach. The proposed system and the incorporation of this platform is scrutinized. In the context of this work, an application of symmetric cryptography is introduced, based on the Advanced Encryption Standard (AES) in Electronic Code Book (ECB), Cipher Block Chaining (CBC) and Counter (CTR) modes of operation, for both encryption and decryption of texts, images and electronic data applications. In addition two other security schemes are supported by the proposed system: AES Galois/Counter Mode (GCM) and AES Galois Message Authentication Code (GMAC). The GCM proposed integration, in an authentication scheme, designed to provide authenticity and confidentiality, at the same time. On the other hand, GMAC, can be applied as message authentication code. Both operations, are optimized in sense of implementation resources, since the major cost is targeted to AES core. In addition, based on the integrated hardware modules, user registration and validation is proposed and implemented, with no additional cost, and with no performance penalty. Furthermore, two factor authentication has been designed and proposed, based on One Time Passwords (OTP), which can been produced with a random procedure. After these, a reference to the security levels, as regards to the communication between the IoT layers of the architecture, is presented. IoT hardware platforms are facing lack of security level and this brings the opportunity to use advanced security mechanisms. Implementation comparison results emphasize the importance of testing and measuring the performance of the alternative encryption algorithms, supported by hardware platforms.     

改进的AES算法在智慧住区门户中的应用与实现

智慧住区信息门户系统中包含着大量及涉及居民生命财产安全的敏感数据,为了保证这些数据的保密性,采用优化的AES加密算法对这些数据进行加密,在保证数据安全的同时,减少了加密时间,从而减少了通信延时,提高了系统的性能.分析了高级加密标准AES的原理和加解密流程,针对AES算法加解密过程耗时相差较大的问题,在列混合和逆列混合运算时采用有限域GF（2^8）上最简形式的矩阵,减少了解密过程的运算量,使加解密过程耗时差减少了.在此基础上对加解密过程进行了合并优化,在保证加密速度的同时,减少了算法所占用的存储空间.在Visual Studio 2010平台上,使用C语言实现了几种AES优化算法在智能家居中的应用,结果显示,所提的优化算法有较高的执行效率,并占较少的存储空间.     

大数据加密算法在数据安全保护中的应用研究

针对大数据加密算法安全性不高,计算效率低等问题,本研究采用双混沌系统结合改进AES加密算法设计出一个混合加密算法,改进AES算是利用仿射变换对(A7、6F)生成新的S盒,采用的双四维超混沌系统是从两个三维混沌系统进行改造而成,然后利用改造后的超混沌系统生成混沌序列,设计出一个分组加密方案,在Hadoop大数据平台上,将双超混沌加密方案和改进的AES算法进行合并;试验表明,本研究的大数据加密算法安全性能高、密钥长度达688 bit,加密解密效率提高2倍以上.     

HPAC-sbox- a novel implementation of predictive learning classifier and adaptive chaotic s-box for counterfeiting sidechannel attacks in an IOT networks

Today, embedded systems are augmented with the Internet of things and more with the artificial intelligence to make world even connected with aliens. With an IoT networks are getting its insight since it deals with large number of data information, security has considered to be more important and needs to be a diagnosis for every minute. To enhance the security in the network, a mathematically secure algorithms were formulated and runs on the cryptographic embedded chips to counterfeit the risks which are caused by the different attacks such as side channel attacks (SCA) on the networks. Even though many cryptographic encryption algorithms such as AES, DES, RC4 algorithms were gaining its importance, fixed encryption keys, non-intelligent detection of attacks, cognitive countermeasures are some of the real-time challenges in an existing system of encryption. Following the limitations of existing systems, this research article focuses on design of new AES with HPAC-SBOX (Hybrid Prediction and Adaptive Chaos) which integrates powerful predictive learning algorithms and adaptive chaotic logistic S-Box. The following contributions of this research articles are: a) Preparation of Data Sets from the Power consumption traces captured from Multi Core Embedded boards while running the Advanced Encryption Systems(AES) on it b) Implementation of High Speed and High Accurate Prediction learning machines for the prediction of side-channel attacks c) Design of Adaptive Chaotic S-Box using 3-Dlogistic Hyperbolic maps for attacked bits. To evaluate the proposed architecture, experimentation in carried out in an IoT networks and various performance parameters were calculated and analyzed. The results show that the proposed architecture outperforms the other existing algorithms in terms of prediction and performance.     

雾计算中支持计算外包的访问控制方案

在雾计算中,基于密文策略属性加密（Ciphertext-Policy Attribute-Based Encryption,CP-ABE）技术被广泛用于解决数据的细粒度访问控制问题,然而其中的加解密计算给资源有限的物联网设备带来沉重的负担。提出一种改进的支持计算外包的多授权CP-ABE访问控制方案,将部分加解密计算从物联网设备外包给临近的雾节点,在实现数据细粒度访问控制的同时减少物联网设备的计算开销,适用于实际的物联网应用场景。从理论和实验两方面对所提方案的效率与功能进行分析,分析结果表明所提方案具有较高的系统效率和实用价值。     

基于BRLWE的物联网后量子加密技术研究

随着量子计算机的发展,现有的公钥加密体系无法保障物联网通信的安全性。后量子加密算法所基于的数学难题目前还不能被量子计算机攻破,因此具备良好的抗量子安全性,尤其是基于格的公钥密码体制,有望成为下一代公钥加密体系的主流。然而,后量子加密算法存在计算量大、存储空间大等问题,如果将其直接应用于物联网终端的轻量级设备中,会降低物联网环境的通信效率。为了更好地保护物联网通信安全,保障物联网通信效率,提出了Sym-BRLWE(symmetrical binary RLWE)后量子加密算法。该算法在基于二进制环上容错学习(BRLWE,binary ring-learning with errors)问题的加密算法的基础上,改进了离散均匀分布上的随机数选取方式和多项式乘法的计算方式,从而满足物联网通信的效率要求,增加了加密安全性防护性措施以保证算法在取得高效率的同时具有高安全性,更加适应于物联网轻量设备。安全性分析表明,Sym-BRLWE加密算法具有高安全性,从理论上能够抵抗格攻击、时序攻击、简单能量分析和差分能量分析;仿真实验结果表明,Sym-BRLWE加密算法具有通信效率高的优势,加密解密效率高且密钥尺寸小,在模拟8 bit微型设备的二进制运算环境下,选择140 bit的抗量子安全级别参数时,相较于其他已有的基于BRLWE的加密算法,同等加密条件下Sym-BRLWE加密算法能够在加密总时间上减少30%~40%。     

一种资源共享的快速加解密AES算法的实现

针对AES算法的特点,提出一种适用于在FPGA上实现的快速加解密资源共享的AES算法。对传统的AES加解密的s_box进行变换,使用一张查找表实现了加解密过程的资源共享,有效的节省了硬件实现面积。并对AES加解密的列混合变换进行了改进,从而达到资源共享,节省资源。本方案对轮密钥扩展,列混合变换及其逆变换等操作进行了优化处理,并在加密计算及解密计算中对S-盒,列混合变换等关键计算部件进行了复用,并且采用AES轮内流水结果和密钥并行处理,可在一块芯片上同时支持128位、192位、256位三种密钥长度的加解密算法。实验结果表明本设计相比于其他设计具有更高的性能。     

AES密码算法的性能研究与实现

对AES算法进行分析。并探究其安全性．对其扩散性、混淆性和数据加／解密速率等密码学性能进行探析，同时与其他对称加密算法进行比较，结果显示AES具有很强的优势。     

类AES分组密码统一框架及其FPGA实现

通过将AES算法模块化、运算一般化,给出了类AES算法的统一框架。在此框架下不仅可以同时实现AES的加密、解密,而且可以通过外部参数动态设定分组算法,使得密码算法的使用更加灵活、安全。给出了算法的FPGA实现。结果表明设计方案可行,速度较高。     

组合算法在软件加密系统中的实现

通过对现有数据加密技术的分析,提出了一种将AES和RSA相结合的组合加密系统。利用AES算法加密速度快,而RSA安全性高这一特点,从而有效的解决了速度和安全二者不能兼顾的问题。提高了软件的加密处理速度与加密强度。     

基于AES和RSA的数据加密传送方案研究

随着Internet的广泛应用,信息安全问题日益突出,以数据加密技术为核心的信息安全技术也得到了极大的发展。该文首先介绍了对称加密算法AES和公钥加密算法RSA,并分别给出了两种算法单独实现数据加密的基本流程。在对两种加密算法进行比较的基础上,将两种算法相结合,提出了一种安全、快速的数据加密方案。     

An 8-bit systolic AES architecture for moderate data rate applications

The complexity involved in mapping an algorithm to hardware is a function of the controller logic and data path. Minimizing data path size can lead to significant savings in hardware area and power dissipation. This paper presents an implementation of a novel architectural transformation technique for mapping a word bit wide algorithm to byte vector serial architecture. The technique divides the input word to several bytes and then traces each byte for extracting architectural transformation. The technique is applied on Advanced Encryption Standard (AES) algorithm which is non-linear in nature. Using this technique, the 32-bit AES algorithm is transformed into a byte-systolic architecture. The novelty of the technique is more pronounced around the mix column design which is the most complex part of the AES algorithm. The complex matrix multiplication component and standard transformations of the 32-bit AES algorithm are transformed to support 8-bit operations. The resulted AES architectures reuse same logic resources for key expansion and encryption/decryption. The proposed design offers moderate data rates in the range of 41 Mbps for encryption and 37 Mbps for decryption while utilizing 236 and 280 slices, respectively, on Xilinx Virtex II xc2v1000-6 FPGA. Comparison results show significant gain in throughput when compared with other 8-bit designs. This makes it a viable data/communication security solution for a variety of embedded and consumer electronics.     

基于龙芯SIMD技术的AES加解密优化

高级加密标准AES是Linux系统中安全网络协议采用的主流的加解密算法。该文通过分析AES加解密算法,结合龙芯平台的体系结构特征,提出基于多媒体指令扩展（SIMD技术）优化AES性能的方法。优化前后的安全文件传输协议Sftp（AES加解密）数据传输结果表明,龙芯SIMD技术优化AES算法减少了加解密时间,有效地提高了Sftp的网络传输速率。     

基于轻量级加密技术建立物联网感知层信息安全的解决方案

本文提出了采用轻量级(密码编制简单、安全性高、运算速度快的单钥密码算法,如:RC4、RC5、SMS4算法等)加密技术,并采用一种安全单钥管理技术来解决轻量级密码的密钥更新管理的难题,在传感器或RFID读卡器设备端的智能芯片里和物联网认证中心端加密卡芯片里,建立传感设备认证、签名和加密协议、签名验证和解密协议,保证物联网感知层的设备可信,保证传感信息可信、完整和安全保密,从而,建立物联网感知层的信息安全系统。     

基于流水线的AES密码算法的硬件设计与实现

介绍了新一代加密标准AES的加密和解密流程，并根据其轮变换的特点，在不增加硬件的前提下，采用了流水线进行设计，从而节省了硬件开销，并可以达到比较高的加、解密速率。对SMIC0．18um的综合结果显示，该设计的加、解密速率可以达到8．2Gbit／s。     

分组密码AES的优化与设计

AES是现有的一种抗攻击能力强、加密速度快以及可移植性好的加密算法。在FPGA上实现AES算法可以更快地处理数据。为了提高整体系统的运行速度,在优化设计中采用全流水的技术来实现算法,并对S-box进行优化。S-box是AES算法中唯一的非线性单元,在进行加密、解密尤其是在字节替换过程时,需要分别执行S-box和逆S-box,一般使用查表来进行操作,这样会占用大量的资源,所以对S-box进行优化是对整个算法优化的最重要的步骤。最终使用Modelsim对设计结果进行仿真然后使用Quartus进行总体综合。     

A multikey secure multimedia proxy using asymmetric reversible parametric sequences: theory, design, and implementation

Because of limited server and network capacities for streaming applications, multimedia proxies are commonly used to cache multimedia objects such that, by accessing nearby proxies, clients can enjoy a smaller start-up latency and receive a better quality-of-service (QoS) guarantee-for example, reduced packet loss and delay jitters for their requests. However, the use of multimedia proxies increases the risk that multimedia data are exposed to unauthorized access by intruders. In this paper, we present a framework for implementing a secure multimedia proxy system for audio and video streaming applications. The framework employs a notion of asymmetric reversible parametric sequence (ARPS) to provide the following security properties: i) data confidentiality during transmission, ii) end-to-end data confidentiality, iii) data confidentiality against proxy intruders, and iv) data confidentiality against member collusion. Our framework is grounded on a multikey RSA technique such that system resilience against attacks is provably strong given standard computability assumptions. One important feature of our proposed scheme is that clients only need to perform a single decryption operation to recover the original data even though the data packets may have been encrypted by multiple proxies along the delivery path. We also propose the use of a set of encryption configuration parameters (ECP) to trade off proxy encryption throughput against the presentation quality of audio/video obtained by unauthorized parties. Implementation results show that we can simultaneously achieve high encryption throughput and extremely low video quality (in terms of peak signal-to-noise ratio and visual quality of decoded video frames) for unauthorized access.     

基于时间标签的以太无源光网络下行加密方案

为解决以太无源光网络下行数据传输的不安全性问题,提出一种基于时间标签函数的加密方案。将高级加密标准算法与时间标签相结合形成密钥,完成下行数据的加密,通过在光线路终端和光网络单元两端增加一个加/解密模块,避免密钥通过不安全的信道传输,并给出时间标签提取与同步以及密钥动态更新与同步问题的解决方案。实验结果表明,与传统加密方案相比,该方案具有延时低、吞吐量高、安全性高等优点。     

高级加密标准算法在RFID数据安全中的应用

在与金钱或资产相关的RFID系统中,带有身份认证和密码体制的高档电子标签是必不可少的,同时RFID系统又是资源受限的;把导出密钥的相互鉴别和高级加密标准(AES)算法相结合可以进行身份认证,能够抵抗回放攻击,体现了分级密钥的原则,密码算法也保证了很高的安全性;对AES算法进行工程优化设计,使之能够以很少的资源在8位单片机PIC16F873A中实现,加解密速度可以达到58 kb/s,这在资源受限的嵌入式应用中是非常适合的.     

非对称加密算法在身份认证中的应用研究

随着计算机网络以及智能终端应用的不断普及,特别是网络金融以及二维码的快速普及,信息安全问题越来越突出。文中研究了对称加密算法数据加密标准DES,主要研究了公开密钥基础设施体系PKI,这是确保信息在传输过程中安全性的第三方平台,它主要负责颁发带有CA中心数字签名的证书以及管理RSA算法中需要的公钥和私钥;研究了几种非对称加密算法并分析了它们的性能;重点研究了CEE中基于有限域上的椭圆曲线离散对数算法和RSA非对称加密算法,提出了用私钥加密公钥解密方案来解决信息真伪鉴别即身份认证问题,编程实现了RSA的公钥生成以及信息的加密和解密,主要实现了RSA密钥生成器模块、加密模块和解密模块,设计了加解密图形界面,完成了文件路径加密和整个文件的加密。实验结果表明RSA算法的可行性和安全性是较高的。