258 research outputs found
Recommended from our members
Post-quantum blockchain for internet of things domain
This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonIn the evolving realm of quantum computing, emerging advancements reveal substantial challenges and threats to existing cryptographic infrastructures, particularly impacting blockchain technologies. These are pivotal for securing the Internet of Things (IoT) ecosystems. The traditional blockchain structures, integral to myriad IoT applications, are susceptible to potential quantum computations, emphasizing an urgent need for innovations in post-quantum blockchain solutions to reinforce security in the expansive domain of IoT.
This PhD thesis delves into the crucial exploration and meticulous examination of the development and implementation of post-quantum blockchain within the IoT landscape, focusing on the incorporation of advanced post-quantum cryptographic algorithms in Hyperledger Fabric, a forefront blockchain platform renowned for its versatility and robustness. The primary aim is to discern viable post-quantum cryptographic solutions capable of fortifying blockchain systems against impending quantum threats enhancing security and reliability in IoT applications.
The research comprehensively evaluates various post-quantum public-key generation and digital signature algorithms, performing detailed analyses of their computational time and memory usage to identify optimal candidates. Furthermore, the thesis proposes an innovative lattice-based digital signature scheme Fast-Fourier Lattice-based Compact Signature over NTRU (Falcon), which leverages the Monte Carlo Markov Chain (MCMC) algorithm as a trapdoor sampler to augment its security attributes.
The research introduces a post-quantum version of the Hyperledger Fabric blockchain that integrates post-quantum signatures. The system utilizes the Open Quantum Safe (OQS) library, rigorously tested against NIST round 3 candidates for optimal performance. The study highlights the capability to manage IoT data securely on the post-quantum Hyperledger Fabric blockchain through the Message Queue Telemetry Transport (MQTT) protocol. Such a configuration ensures safe data transfer from IoT sensors directly to the blockchain nodes, securing the processing and recording of sensor data within the node ledger. The research addresses the multifaceted challenges of quantum computing advancements and significantly contributes to establishing secure, efficient, and resilient post-quantum blockchain infrastructures tailored explicitly for the IoT domain. These findings are instrumental in elevating the security paradigms of IoT systems against quantum vulnerabilities and catalysing innovations in post-quantum cryptography and blockchain technologies.
Furthermore, this thesis introduces strategies for the optimization of performance and scalability of post-quantum blockchain solutions and explores alternative, energy-efficient consensus mechanisms such as the Raft and Stellar Consensus Protocol (SCP), providing sustainable alternatives to the conventional Proof-of-Work (PoW) approach.
A critical insight emphasized throughout this thesis is the imperative of synergistic collaboration among academia, industry, and regulatory bodies. This collaboration is pivotal to expedite the adoption and standardization of post-quantum blockchain solutions, fostering the development of interoperable and standardized technologies enriched with robust security and privacy frameworks for end users.
In conclusion, this thesis furnishes profound insights and substantial contributions to implementing post-quantum blockchain in the IoT domain. It delineates original contributions to the knowledge and practices in the field, offering practical solutions and advancing the state-of-the-art in post-quantum cryptography and blockchain research, thereby paving the way for a secure and resilient future for interconnected IoT systems
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Privacy and Robustness in Federated Learning: Attacks and Defenses
As data are increasingly being stored in different silos and societies
becoming more aware of data privacy issues, the traditional centralized
training of artificial intelligence (AI) models is facing efficiency and
privacy challenges. Recently, federated learning (FL) has emerged as an
alternative solution and continue to thrive in this new reality. Existing FL
protocol design has been shown to be vulnerable to adversaries within or
outside of the system, compromising data privacy and system robustness. Besides
training powerful global models, it is of paramount importance to design FL
systems that have privacy guarantees and are resistant to different types of
adversaries. In this paper, we conduct the first comprehensive survey on this
topic. Through a concise introduction to the concept of FL, and a unique
taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against
robustness; 3) inference attacks and defenses against privacy, we provide an
accessible review of this important topic. We highlight the intuitions, key
techniques as well as fundamental assumptions adopted by various attacks and
defenses. Finally, we discuss promising future research directions towards
robust and privacy-preserving federated learning.Comment: arXiv admin note: text overlap with arXiv:2003.02133; text overlap
with arXiv:1911.11815 by other author
Consensus Algorithms of Distributed Ledger Technology -- A Comprehensive Analysis
The most essential component of every Distributed Ledger Technology (DLT) is
the Consensus Algorithm (CA), which enables users to reach a consensus in a
decentralized and distributed manner. Numerous CA exist, but their viability
for particular applications varies, making their trade-offs a crucial factor to
consider when implementing DLT in a specific field. This article provided a
comprehensive analysis of the various consensus algorithms used in distributed
ledger technologies (DLT) and blockchain networks. We cover an extensive array
of thirty consensus algorithms. Eleven attributes including hardware
requirements, pre-trust level, tolerance level, and more, were used to generate
a series of comparison tables evaluating these consensus algorithms. In
addition, we discuss DLT classifications, the categories of certain consensus
algorithms, and provide examples of authentication-focused and
data-storage-focused DLTs. In addition, we analyze the pros and cons of
particular consensus algorithms, such as Nominated Proof of Stake (NPoS),
Bonded Proof of Stake (BPoS), and Avalanche. In conclusion, we discuss the
applicability of these consensus algorithms to various Cyber Physical System
(CPS) use cases, including supply chain management, intelligent transportation
systems, and smart healthcare.Comment: 50 pages, 20 figure
Recommended from our members
An embedded sensor node microcontroller with crypto-processors
Wireless sensor network applications range from industrial automation and control, agricultural and environmental protection, to surveillance and medicine. In most applications, data are highly sensitive and must be protected from any type of attack and abuse. Security challenges in wireless sensor networks are mainly defined by the power and computing resources of sensor devices, memory size, quality of radio channels and susceptibility to physical capture. In this article, an embedded sensor node microcontroller designed to support sensor network applications with severe security demands is presented. It features a low power 16-bitprocessor core supported by a number of hardware accelerators designed to perform complex operations required by advanced crypto algorithms. The microcontroller integrates an embedded Flash and an 8-channel 12-bit analog-to-digital converter making it a good solution for low-power sensor nodes. The article discusses the most important security topics in wireless sensor networks and presents the architecture of the proposed hardware solution. Furthermore, it gives details on the chip implementation, verification and hardware evaluation. Finally, the chip power dissipation and performance figures are estimated and analyzed
Cryptanalysis and Secure Implementation of Modern Cryptographic Algorithms
Cryptanalytic attacks can be divided into two classes: pure mathematical attacks and Side Channel Attacks (SCAs). Pure mathematical attacks are traditional cryptanalytic techniques that rely on known or chosen input-output pairs of the cryptographic function and exploit the inner structure of the cipher to reveal the secret key information. On the other hand, in SCAs, it is assumed that attackers have some access to the cryptographic device and can gain some information from its physical implementation.
Cold-boot attack is a SCA which exploits the data remanence property of Random Access Memory (RAM) to retrieve its content which remains readable shortly after its power has been removed. Fault analysis is another example of SCAs in which the attacker is assumed to be able to induce faults in the cryptographic device and observe the faulty output. Then, by careful inspection of faulty outputs, the attacker recovers the secret information, such as secret inner state or secret key. Scan-based Design-For-Test (DFT) is a widely deployed technique for testing hardware chips. Scan-based SCAs exploit the information obtained by analyzing the scanned data in order to retrieve secret information from cryptographic hardware devices that are designed with this testability feature.
In the first part of this work, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the Advance Encryption Standard (AES-128) key schedules from its corresponding decayed memory images which can be obtained using cold-boot attacks.
We also present a fault analysis on both NTRUEncrypt and NTRUSign cryptosystems. For this specific original instantiation of the NTRU encryption system with parameters , our attack succeeds with probability and when the number of faulted coefficients is upper bounded by , it requires polynomial inversions in . We also investigate several techniques to strengthen hardware implementations of NTRUEncrypt against this class of attacks. For NTRUSign with parameters (, , , \emph{standard}, ), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault to succeed with probability and requires steps when the number of faulted polynomial coefficients is upper bounded by . The attack is also applicable to NTRUSign utilizing the \emph{transpose} NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are also investigated.
Furthermore, we present a scan-based SCA on NTRUEncrypt hardware implementations that employ scan-based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key.
Several key agreement schemes based on matrices were recently proposed. For example, \'{A}lvarez \emph{et al.} proposed a scheme in which the secret key is obtained by multiplying powers of block upper triangular matrices whose elements are defined over . Climent \emph{et al.} identified the elements of the endomorphisms ring with elements in a set, , of matrices of size , whose elements in the first row belong to and the elements in the second row belong to . Keith Salvin presented a key exchange protocol using matrices in the general linear group, , where is the product of two distinct large primes. The system is fully specified in the US patent number 7346162 issued in 2008. In the second part of this work, we present mathematical cryptanalytic attacks against these three schemes and show that they can be easily broken for all practical choices of their security parameters
A Network-based Asynchronous Architecture for Cryptographic Devices
Institute for Computing Systems ArchitectureThe traditional model of cryptography examines the security of the cipher as a
mathematical function. However, ciphers that are secure when specified as mathematical
functions are not necessarily secure in real-world implementations. The physical
implementations of ciphers can be extremely difficult to control and often leak socalled
side-channel information. Side-channel cryptanalysis attacks have shown to
be especially effective as a practical means for attacking implementations of cryptographic
algorithms on simple hardware platforms, such as smart-cards. Adversaries
can obtain sensitive information from side-channels, such as the timing of operations,
power consumption and electromagnetic emissions. Some of the attack techniques
require surprisingly little side-channel information to break some of the best known
ciphers. In constrained devices, such as smart-cards, straightforward implementations
of cryptographic algorithms can be broken with minimal work. Preventing these attacks
has become an active and a challenging area of research.
Power analysis is a successful cryptanalytic technique that extracts secret information
from cryptographic devices by analysing the power consumed during their operation.
A particularly dangerous class of power analysis, differential power analysis
(DPA), relies on the correlation of power consumption measurements. It has been proposed
that adding non-determinism to the execution of the cryptographic device would
reduce the danger of these attacks. It has also been demonstrated that asynchronous
logic has advantages for security-sensitive applications. This thesis investigates the
security and performance advantages of using a network-based asynchronous architecture,
in which the functional units of the datapath form a network. Non-deterministic
execution is achieved by exploiting concurrent execution of instructions both with and
without data-dependencies; and by forwarding register values between instructions
with data-dependencies using randomised routing over the network. The executions of
cryptographic algorithms on different architectural configurations are simulated, and
the obtained power traces are subjected to DPA attacks. The results show that the
proposed architecture introduces a level of non-determinism in the execution that significantly
raises the threshold for DPA attacks to succeed. In addition, the performance
analysis shows that the improved security does not degrade performance
Systematic Literature Review of EM-SCA Attacks on Encryption
Cryptography is vital for data security, but cryptographic algorithms can
still be vulnerable to side-channel attacks (SCAs), physical assaults
exploiting power consumption and EM radiation. SCAs pose a significant threat
to cryptographic integrity, compromising device keys. While literature on SCAs
focuses on real-world devices, the rise of sophisticated devices necessitates
fresh approaches. Electromagnetic side-channel analysis (EM-SCA) gathers
information by monitoring EM radiation, capable of retrieving encryption keys
and detecting malicious activity. This study evaluates EM-SCA's impact on
encryption across scenarios and explores its role in digital forensics and law
enforcement. Addressing encryption susceptibility to EM-SCA can empower
forensic investigators in overcoming encryption challenges, maintaining their
crucial role in law enforcement. Additionally, the paper defines EM-SCA's
current state in attacking encryption, highlighting vulnerable and resistant
encryption algorithms and devices, and promising EM-SCA approaches. This study
offers a comprehensive analysis of EM-SCA in law enforcement and digital
forensics, suggesting avenues for further research
- …