922 research outputs found

    Formal security analysis of registration protocols for interactive systems: a methodology and a case of study

    Full text link
    In this work we present and formally analyze CHAT-SRP (CHAos based Tickets-Secure Registration Protocol), a protocol to provide interactive and collaborative platforms with a cryptographically robust solution to classical security issues. Namely, we focus on the secrecy and authenticity properties while keeping a high usability. In this sense, users are forced to blindly trust the system administrators and developers. Moreover, as far as we know, the use of formal methodologies for the verification of security properties of communication protocols isn't yet a common practice. We propose here a methodology to fill this gap, i.e., to analyse both the security of the proposed protocol and the pertinence of the underlying premises. In this concern, we propose the definition and formal evaluation of a protocol for the distribution of digital identities. Once distributed, these identities can be used to verify integrity and source of information. We base our security analysis on tools for automatic verification of security protocols widely accepted by the scientific community, and on the principles they are based upon. In addition, it is assumed perfect cryptographic primitives in order to focus the analysis on the exchange of protocol messages. The main property of our protocol is the incorporation of tickets, created using digests of chaos based nonces (numbers used only once) and users' personal data. Combined with a multichannel authentication scheme with some previous knowledge, these tickets provide security during the whole protocol by univocally linking each registering user with a single request. [..]Comment: 32 pages, 7 figures, 8 listings, 1 tabl

    Analysis and Design Security Primitives Based on Chaotic Systems for eCommerce

    Get PDF
    Security is considered the most important requirement for the success of electronic commerce, which is built based on the security of hash functions, encryption algorithms and pseudorandom number generators. Chaotic systems and security algorithms have similar properties including sensitivity to any change or changes in the initial parameters, unpredictability, deterministic nature and random-like behaviour. Several security algorithms based on chaotic systems have been proposed; unfortunately some of them were found to be insecure and/or slow. In view of this, designing new secure and fast security algorithms based on chaotic systems which guarantee integrity, authentication and confidentiality is essential for electronic commerce development. In this thesis, we comprehensively explore the analysis and design of security primitives based on chaotic systems for electronic commerce: hash functions, encryption algorithms and pseudorandom number generators. Novel hash functions, encryption algorithms and pseudorandom number generators based on chaotic systems for electronic commerce are proposed. The securities of the proposed algorithms are analyzed based on some well-know statistical tests in this filed. In addition, a new one-dimensional triangle-chaotic map (TCM) with perfect chaotic behaviour is presented. We have compared the proposed chaos-based hash functions, block cipher and pseudorandom number generator with well-know algorithms. The comparison results show that the proposed algorithms are better than some other existing algorithms. Several analyses and computer simulations are performed on the proposed algorithms to verify their characteristics, confirming that these proposed algorithms satisfy the characteristics and conditions of security algorithms. The proposed algorithms in this thesis are high-potential for adoption in e-commerce applications and protocols

    AN EFFICIENT CHAOS-BASED OPTIMIZATION ALGORITHM APPROACH FOR CRYPTOGRAPHY

    Get PDF
    The utmost negative impact of advancement of technology is an exponential increase in security threats, due to which tremendous demand for effective electronic security is increasing importantly. The principles of any security mechanism are confidentiality, authentication, integrity, non-repudiation, access control and availability. Cryptography is an essential aspect for secure communications. Many chaotic cryptosystem has been developed, as a result of the interesting relationship between the two field chaos and cryptography phenomenological behavior. In this paper, an overview of cryptography, optimization algorithm and chaos theory is provided and a novel approach for encryption and decryption based on chaos and optimization algorithms is discussed. In this article, the basic idea is to encrypt and decrypt the information using the concept of genetic algorithm with the pseudorandom sequence further used as a key in genetic algorithm operation for encryption: which is generated by application of chaotic map. This attempt result in good desirable cryptographic properties as a change in key will produce undesired result in receiver side. The suggested approach complements standard, algorithmic procedures, providing security solutions with novel features

    A Proposed hash algorithm to use for blockchain base transaction flow system

    Get PDF
    Blockchain technology introduces a new approach to storing information, implementing tasks and functions, and building trust between participating nodes. Although blockchain technology has received extensive attention in various application contexts in recent years, the issue of privacy and security remains the primary focus of discussions of the blockchain. The use of hash algorithms can provide secure blockchain integration, and many hash algorithms offer solutions to data integrity and security problems within the context of blockchain technology. However, they are also subject to problems related to time, lack of resources, and memory usage. In this research, an algorithm is proposed to generate a hash based on chaos theory (1D and 2D) logistic maps and the new Merkle-Damgård construction. Hash outputs are tested in terms of time, complexity, and collision. The proposed algorithm is evaluated according to Jaccard similarity and various coefficient measurements, and it was found that the similarity between the inputs and the outputs does not exceed 0.1932 percent. All outcomes indicated successful performance. The proposed algorithm was implemented on a blockchain-based transaction flow system, consumed fewer resources than other hash algorithms (such as SHA1, SHA2, and MD5), and requires mere milliseconds to implement

    A Survey of Parallel Message Authentication and Hashing Methods

    Get PDF
    مقدمة: الإنترنت، وتبادل المعلومات، والتواصل الاجتماعي، وغيرها من الأنشطة التي ازدادت بشكل كبير في السنوات الأخيرة. لذلك، يتطلب الأمر زيادة السرية والخصوصية. في الأيام الأخيرة، كان الاحتيال عبر الإنترنت واحدًا من العوائق الرئيسية لنشر استخدام تطبيقات الأعمال. وبالتالي، تحدث الثلاث مخاوف الأمنية الهامة بشكل يومي في عالم الأزياء الشفافة لدينا، وهي: الهوية، والمصادقة، والترخيص. التعرف هو إجراء يسمح بتحديد هوية كيان ما، والذي يمكن أن يكون شخصًا أو جهاز كمبيوتر أو أصل آخر مثل مبرمج برامج. طرق العمل: في أنظمة الأمان، المصادقة والترخيص هما إجراءان مكملان لتحديد من يمكنه الوصول إلى موارد المعلومات عبر الشبكة. تم تقديم العديد من الحلول في الأدبيات. وللحصول على أداء أفضل في خوارزميات المصادقة، استخدم الباحثون التوازي لزيادة الإنتاجية لخوارزمياتهم. من جهة، تم استخدام مجموعة من الطرق لزيادة مستوى الأمان في الأنظمة التشفيرية، بما في ذلك زيادة عدد الجولات، واستخدام جداول الاستبدال ودمج آليات الأمان الأخرى لتشفير الرسائل والمصادقة عليها. النتائج: أظهرت الدراسات الحديثة حول مصادقة الرسائل المتوازية وخوارزميات التجزئة أن وحدات معالجة الرسومات تتفوق في الأداء على الأنظمة الأساسية المتوازية الأخرى من حيث الأداء. الاستنتاجات: يقدم هذا العمل تنفيذًا متوازيًا لتقنيات مصادقة الرسائل على العديد من الأنظمة الأساسية. تدرس وتعرض الأعمال التي تناقش المصادقة والتجزئة وتنفيذها على منصة موازية كهدف رئيسي.Background: Currently, there are approximately 4.95 billion people who use the Internet. This massive audience desires internet shopping, information exchange, social networking, and other activities that have grown dramatically in recent years. Therefore, it creates the need for greater confidentiality and privacy. In recent days, fraud via the Internet has been one of the key impediments to the dissemination of the use of business apps. Therefore, the three important security concerns actually occur daily in our world of transparent fashion, more accurately: identity, authentication, and authorization. Identification is a procedure that permits the recognition of an entity, which may be a person, a computer, or another asset such as a software programmer. Materials and Methods: In security systems, authentication and authorization are two complementary procedures for deciding who may access the information resources across a network. Many solutions have been presented in the literature. To get more performance on the authentication algorithmic, researchers used parallelism to increase the throughput of their algorithms.  On the one hand, various approaches have been employed to enhance the security of cryptographic systems, including increasing the number of rounds, utilizing substitution tables, and integrating other security primitives for encryption and message authentication. Results: Recent studies on parallel message authentication and hashing algorithms have demonstrated that GPUs outperform other parallel platforms in terms of performance. Conclusion: This work presents a parallel implementation of message authentication techniques on several platforms. It is studying and demonstrating works which discuss authentication, hashing, and their implementation on a parallel platform as a main objective
    corecore