Signcryption Schemes With Forward Secrecy Based on Elliptic Curve Cryptography

In this thesis two efficient signcryption schemes based on elliptic curve cryptosystem are proposed which can effectively combine the functionalities of digital signature and encryption and also take a comparable amount of computational cost and communication overhead. They provide confidentiality, authentication, integrity, unforgeability and nonrepudiation, along with forward secrecy of message confidentiality and public verification. By forward secrecy of message confidentiality function we mean, although the private key of the sender is divulged inattentively, it does not affect the confidentiality of the previously stored messages. By the public verification function we mean, any third party can verify directly the signature of the sender of the original message without the sender's private key when dispute occurs. It enhances the justice of judge. In addition, proposed schemes save great amount of computational cost. The proposed scheme II gives a better result as compare to the proposed scheme I, but it requires a zero-knowledge interactive protocol to exchange recipient's private key to a third party or judge for verification. The proposed schemes can be applied to the lower computational power devices, like mobile devices, smart card based applications, e-voting and many more, due to their lower computational cost

LiSP-XK: Extended Light-Weight Signcryption for IoT in Resource-Constrained Environments

There is an increasing drive to provide improved levels of trust within an Internet-of-Things (IoTs) environments, but the devices and sensors used tend to be limited in their capabilities for dealing with traditional cryptography methods. Resource constraints and security are often the two major concerns of IIoT (Industrial IoT applications and big data generation at the present time. The strict security measures are often not significantly resource-managed and therefore, negotiation normally takes place between these. Following this, various lightweight versions of generic security primitives have been developed for IIoT and other resource-constrained sustainability. In this paper, we address the authentication concerns for resource-constrained environments by designing an efficient authentication protocol. Our authentication scheme is based on LiSP (light-weight Signcryption Protocol); however, some further customization has been performed on it to make it more suitable for IIoT-like resource-constrained environments. We use Keccack as the hash function in the process and Elli for lightweight public-key cryptography. We name our authentication scheme: Extended lightweight Signcryption Protocol with Keccack (LiSP-XK). The paper outlines a comparative analysis on our new design of authentication against a range of state-of-the-art schemes. We find the suitability of LiSP-XK for IIoT like environments due to its lesser complexity and less energy consumption. Moreover, the signcryption process is also beneficial in enhancing security. Overall the paper shows that LiSP-XK is overall 35% better in efficiency as compared to the other signcryption approaches

CASCF: Certificateless Aggregated SignCryption Framework for Internet-of-Things Infrastructure

The increasing number of devices in the age of Internet-of-Thing (IoT) has arisen a number of problems related to security. Cryptographic processes, more precisely the signatures and the keys, increase and generate an overhead on the network resources with these huge connections. Therefore, in this paper we present a signcryption framework to address the above problems. The solution highlights the use of aggregate signcryption and certificaless approach based on bilinear pairings. The use of signcryption with aggregation and certificateless authentication reduces the time consumption, overhead and complexity. The solution is also able to solve the key staling problems. Experimental results and comparative analysis based on key parameters, memory utilization and bandwidth utilization have been measured. It confirms that the presented work is efficient for IoT infrastructure

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Contributions to Securing Software Updates in IoT

The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue