Array-Based Statistical Analysis of the MK-3 Authenticated Encryption Scheme

Authenticated encryption (AE) schemes are symmetric key cryptographic methods that support confidentiality, integrity and source authentication. There are many AE algorithms in existence today, in part thanks to the CAESAR competition for authenticated encryption, which is in its final stage. In our previous work we introduced a novel AE algorithm MK-3 (not part of the CAESAR competition), which is based on the duplex sponge construction and it is using novel large 16×16 AES-like S-boxes. Unlike most AE schemes, MK-3 scheme provides additional customization features for users who desire unique solutions. This makes it well suited for government and military applications. In this paper, we develop a new array- based statistical analysis approach to evaluate randomness of cryptographic primitives and show its effectiveness in the analysis of MK-3. One of the strengths of this method is that it focuses on the randomness of cryptographic primitive function rather than only on the randomness of the outpu

Side-Channel Attacks and Countermeasures for the MK-3 Authenticated Encryption Scheme

In the field of cryptography, the focus is often placed on security in a mathematical or information-theoretic sense; for example, cipher security is typically evaluated by the difficulty of deducing the plaintext from the ciphertext without knowledge of the key. However, once these cryptographic schemes are implemented in electronic devices, another class of attack presents itself. Side-channel attacks take advantage of the side effects of performing a computation, such as power consumption or electromagnetic emissions, to extract information outside of normal means. In particular, these side-channels can reveal parts of the internal state of a computation. This is important because intermediate values occurring during computation are typically considered implementation details, invisible to a potential attacker. If this information is revealed, then the assumptions of a non-side-channel-aware security analysis based only on inputs and outputs will no longer hold, potentially enabling an attack. This work tests the effectiveness of power-based side-channel attacks against MK-3, a customizable authenticated encryption scheme developed in a collaboration between RIT and L3Harris Technologies. Using an FPGA platform, Correlation Power Analysis (CPA) is performed on several different implementations of the algorithm to evaluate their resistance to power side-channel attacks. This method does not allow the key to be recovered directly; instead, an equivalent 512-bit intermediate state value is targeted. By applying two sequential stages of analysis, a total of between 216 and 322 bits are recovered, dependent on customization parameters. If a 128-bit key is used, then this technique has no benefit to an attacker over brute-forcing the key itself; however, in the case of a 256-bit key, CPA may provide up to a 66-bit advantage. In order to completely defend MK-3 against this type of attack, several potential countermeasures are discussed at the implementation, design, and overall system levels

Security protocols suite for machine-to-machine systems

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks

Evaluating Performance and Efficiency of a 16-bit Substitution Box on an FPGA

A Substitution Box (S-Box) is an integral component of modern block ciphers that provides confusion. The term confusion was introduced by Shannon in 1949 and it refers to the complexity of the relationship between the key and the ciphertext. Most S-Boxes are non-linear in order to promote confusion. Due to this, the S-Box is usually the most complex component of a block cipher. The Advanced Encryption Standard (AES) features an 8-bit S-Box where the output depends on the Galois field multiplicative inverse of the input. MK-3 is a sponge based Authenticated Encryption (AE) algorithm which provides both authenticity and confidentiality. It was developed through a joint effort between the Rochester Institute of Technology and the former Harris Corporation, now L3Harris. The MK-3 algorithm has a state that is 512 bits wide and it uses 32 instances of a 16-bit S-Box to cover the entire state. These 16-bit S-Boxes are similar to what is seen in the AES, however, they are notably larger and more complex. Binary Galois field arithmetic is well suited to hardware implementations where addition and multiplication are mapped to a combination of basic XOR and AND operations. A simple method to calculate Galois field multiplicative inversion is through the extended Euclidean algorithm. This is, however, very expensive to implement in hardware. A possible solution is to use a composite field representation, where the original operation is broken down to a series of simpler operations in the base field. This lends itself very well to implementations that consume less area and power with better performance. Given the size and number of the S-Boxes in MK-3, these units contribute to the majority of the implementation resources. Several composite field structures are explored in this work which provide different area utilization and clock frequency characteristics. This thesis evaluates the composite field structures and recommends several candidates for high performing MK-3 Field Programmable Gate Array (FPGA) applications

Dynamic Physical-Layer Secured Link in a Mobile MIMO VLC System

This paper proposes a novel approach to provide a privately secured multiple-input and multiple-output visible light communication (VLC) in the mobility conditions. In the proposed system, a private secured VLC link is adaptively allocated to a mobile user all the time thanks to the movement tracking assistance by a camera-based detection system. The generation of the dynamic location-based scrambling matrix will be introduced providing a secured communication zone within a full normal coverage illumination area. An extensive range of numerical evaluation and practical experiments is carried out to demonstrate and evaluate the proposed system performance in different environment configurations including the mobility, camera resolutions, link range, and environment light intensity. We demonstrate that the proposed system is fully capable of securely steering the information with respect to a receiver location with a high level of reliability

Security Protocol Suite for Preventing Cloud-based Denial-of-Service Attacks

Cloud systems, also known as cloud services, are among the primary solutions of the information technology domain. Cloud services are accessed through an identity authentication process. These authentication processes have become increasingly vulnerable to adversaries who may perform denial-of-service (DoS) attacks to make cloud services inaccessible. Several strong authentication protocols have been employed to protect conventional network systems. Nevertheless, they can cause a DoS threat when implemented in the cloud-computing system. This is because the comprehensive verification process may exhaust the cloud resources and shut down cloud’s services. This thesis proposes a novel cloud-based secure authentication (CSA) protocol suite that provides a smart authentication approach not only for verifying the users’ identities but also for building a strong line of defense against the DoS attacks. CSA protocol suite offers two modules, CSAM-1 and CSAM-2. The decision of which module of CSA to be utilized depends on the deployment nature of the cloud computing. CSAM-1 is designed to prevent external risks of DoS attacks in private and community cloud computing. CSAM-1 utilizes multiple techniques that include the client puzzle problem and utilization of unique encrypted text (UET). Therefore, these techniques can distinguish between a legitimate user’s request and an attacker’s attempt. CSAM-2 is designed to prevent internal risks of DoS attacks in public and hybrid cloud computing. CSAM-2 combines an extended unique encrypted text (EUET) application, client puzzle problem, and deadlock avoidance algorithm to prevent DoS risks that occur from inside cloud computing systems. The authentication process in both modules is designed so that the cloud-based servers become footprint-free and fully able to detect the signs of DoS attacks. The reliability and scalability of these two modules have been measured through a number of experiments using the GreenCloud simulation tool. The experiments’ results have shown that the CSA protocol suite is practically applicable as a lightweight authentication protocol. These experiments have verified the ability of the CSA to protect the cloud-based system against DoS attacks with an acceptable mean time to failure while still having the spare capacity to handle a large number of user requests

Robust Color Image Encryption Scheme Based on RSA via DCT by Using an Advanced Logic Design Approach

تتزايد أهمية أمن المعلومات في تخزين البيانات ونقلها. من جانب اخر يتم استخدام الصور في العديد من الإجراءات. لذلك ، يعد منع الوصول غير المصرح به إلى بيانات الصورة أمرًا بالغ الأهمية من خلال تشفير الصور لاجل حماية البيانات الحساسة او الخصوصية. تتنوع طرق وخوارزميات إخفاء الصور أو تشفيرها من طرق المجال المكاني البسيطة إلى طرق مجال التردد والذي يعتبر الأكثر تعقيدًا وموثوقية. في هذا البحث ، نقترح نظام تشفير جديد يعتمد على منهجية تهجين مولد المفتاح العشوائي من خلال الاستفادة من خصائص DCT لتوليد مجموعة غير محددة من المفاتيح العشوائية والاستفادة من معاملات المنطقة منخفضة التردد بعد مرحلة DCT لتمريرها إلى نظام فرعي يتكون من مجموعة RLG للحصول على المفاتيح السرية التي يتم تمريرها إلى RSA لتنتهي بتشفير الصورة. تشير النتائج إلى أن الطريقة المقترحة لها القدرة على تولد مجموعة كبيرة جدًا من المفاتيح السرية شديدة التعقيد والآمنة التي يمكن استخدامها لاحقًا في مرحلة التشفير. علاوة على ذلك ، سيتغير عدد وتعقيد تلك المفاتيح في كل مرة يتم فيها تغيير الصورة، وهذا يمثل مساهمة الطريقة المقترحة. ولم نلاحظ اي ضياع للوقت أثناء عمليات التشفير وفك التشفير لاستخدامنا RLG ، مما يدل على أن النظام المقترح قام بعمل جيد في صنع مفاتيح مختلفة من نفس الصورة. ويختلف في قوة المفتاح من صورة إلى أخرى حسب طبيعة الصورة الملونة.Information security in data storage and transmission is increasingly important. On the other hand, images are used in many procedures. Therefore, preventing unauthorized access to image data is crucial by encrypting images to protect sensitive data or privacy. The methods and algorithms for masking or encoding images vary from simple spatial-domain methods to frequency-domain methods, which are the most complex and reliable. In this paper, a new cryptographic system based on the random key generator hybridization methodology by taking advantage of the properties of Discrete Cosine Transform (DCT) to generate an indefinite set of random keys and taking advantage of the low-frequency region coefficients after the DCT stage to pass them to a subsystem consisting of an Reversible Logic Gate (RLG) group to obtain the secret keys that are passed to Rivest Shamir Adleman (RSA) to finish encrypting the image. The results indicate that the proposed method has the ability to generate a very large set of highly complex and secure secret keys that can be used later in the encryption stage. Moreover, the number and complexity of those keys will change each time the image is changed, and this represents the contribution of the proposed method. They experienced no time loss throughout the encryption and decryption processes when using RLG, which indicates that the proposed system did a good job in making different keys from the same image. And it differs in the strength of the key from one image to another, depending on the nature of the color imge