A Novel Digital Signature based on Error Correcting Codes

A digital signature is a cryptographic primitive for ensuring the authenticity of digital documents. A valid digital signature allows checking that a message was created by a known sender (authentication), that the sender cannot deny having sent the message (nonrepudiation), and that the message was not altered in transit (integrity).The idea of constructing practical signatures based on error correcting codes was introduced by Courtois et al in [1]. The main goal is to make digital signature for which the security is based on decoding syndrome problem. In this paper, a new construction of digital signature is considered which is an extension of the error correcting code construction. The proposed method consists of reordering the message bits to get a decodable word. Then apply an efficient decoding algorithm to get signature

Lightweight identity based online/offline signature scheme for wireless sensor networks

Data security is one of the issues during data exchange between two sensor nodes in wireless sensor networks (WSN). While information flows across naturally exposed communication channels, cybercriminals may access sensitive information. Multiple traditional reliable encryption methods like RSA encryption-decryption and Diffie–Hellman key exchange face a crisis of computational resources due to limited storage, low computational ability, and insufficient power in lightweight WSNs. The complexity of these security mechanisms reduces the network lifespan, and an online/offline strategy is one way to overcome this problem. This study proposed an improved identity-based online/offline signature scheme using Elliptic Curve Cryptography (ECC) encryption. The lightweight calculations were conducted during the online phase, and in the offline phase, the encryption, point multiplication, and other heavy measures were pre-processed using powerful devices. The proposed scheme uniquely combined the Inverse Collusion Attack Algorithm (CAA) with lightweight ECC to generate secure identitybased signatures. The suggested scheme was analyzed for security and success probability under Random Oracle Model (ROM). The analysis concluded that the generated signatures were immune to even the worst Chosen Message Attack. The most important, resource-effective, and extensively used on-demand function was the verification of the signatures. The low-cost verification algorithm of the scheme saved a significant number of valued resources and increased the overall network’s lifespan. The results for encryption/decryption time, computation difficulty, and key generation time for various data sizes showed the proposed solution was ideal for lightweight devices as it accelerated data transmission speed and consumed the least resources. The hybrid method obtained an average of 66.77% less time consumption and up to 12% lower computational cost than previous schemes like the dynamic IDB-ECC two-factor authentication key exchange protocol, lightweight IBE scheme (IDB-Lite), and Korean certification-based signature standard using the ECC. The proposed scheme had a smaller key size and signature size of 160 bits. Overall, the energy consumption was also reduced to 0.53 mJ for 1312 bits of offline storage. The hybrid framework of identity-based signatures, online/offline phases, ECC, CAA, and low-cost algorithms enhances overall performance by having less complexity, time, and memory consumption. Thus, the proposed hybrid scheme is ideally suited for a lightweight WSN

Proposal and evaluation of authentication protocols for Smart Grid networks

Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2018.Uma rede Smart Grid (ou rede elétrica inteligente) representa a evolução das redes elétricas tradicionais, tornada possível graças à integração das tecnologias da informação e das comunicações com a infraestrutura elétrica. Esta integração propicia o surgimento de novos serviços, tornando a rede elétrica mais eficiente, gerando também novos desafios a serem atendidos, dentre eles a segurança do sistema. A rede SG deve garantir a confiabilidade, a integridade e a privacidade dos dados armazenados ou em transito pelo sistema, o que leva à necessidade de autenticação e controle de acesso, obrigando a todo usuário ou dispositivo a se autenticar e a realizar somente operações autorizadas. A autenticação de usuários e dispositivos é um processo muito importante para a rede SG, e os protocolos usados para esse fim devem ser capazes de proteção contra possiveis ataques (por exemplo, Man-in-the-Middle - MITM, repetição, Denegação de Serviço - DoS). Por outro lado, a autorização é tratada em conjunto com a autenticação e relacionada com as politicas de controle de acesso do sistema. Uma parte essencial para criar os protocolos de autenticação seguros envolve os esquemas de ciframento. O uso de um ou a combinação de vários esquemas afeta diretamente o desempenho do protocolo. Cada dia novos esquemas são propostos, e seu emprego nos protocolos de autenticação melhora o desempenho do sistema em comparação aos protocolos já propostos no mesmo cenário. Neste trabalho são propostos 3 (três) protocolos de autenticação seguros e de custo adequado para os cenários descritos a seguir: - Autenticação dos empregados das empresas de fornecimento de energia que procuram acesso ao sistema de forma remota; - Autenticação de Smart Meters numa Infraestrutura de medição avançada (AMI, do inglês Advanced Metering Infrastructure) baseada em nuvem computacional; e - Autenticação de veículos elétricos em uma rede V2G (do inglês, Vehicle-to-Grid). Cada um dos cenários tem caraterísticas particulares que são refletidas no projeto dos protocolos propostos. Além disso, todos os protocolos propostos neste trabalho garantem a autenticação mutua entre todas as entidades e a proteção da privacidade, confidencialidade e integridade dos dados do sistema. Uma comparação dos custos de comunicação e computação é apresentada entre os protocolos propostos neste trabalho e protocolos desenvolvidos por outros autores para cada um dos cenários. Os resultados das comparações mostram que os protocolos propostos neste trabalho têm, na maioria dos casos, o melhor desempenho computacional e de comunicações, sendo assim uma ótima escolha para a sua implementação nas redes SG. A validação formal dos protocolos propostos por meio da ferramenta AVISPA é realizada, permitindo verificar o atendimento a requisitos de segurança.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES).A Smart Grid network (or inteligent electrical network) represents the evolution of traditional electrical networks, made possible due to the integration of information and communication technologies with the electrical power grid. This integration generates new services and improves the efficiency of the electrical power grid, while new challenges appear and must be solved, including the security of the system. The SG network must assure reliability, integrity and privacy of the data stored or in trnsit in the system, leading to the need for authentication and access control, thus all users and devices must authenticate and accomplish only authorized operations. The authentication of users and devices is a very important process for the SG network, and the protocols used for this task must be able to protect against possible attacks (for example, Man- in-the-Middle - MITM, repetição, Denegação de Serviço – DoS). On the other hand, authorization is treated jointly with authentication and related to policies of access control to the system. An essential part of creating secure authentication protocols involves encryption schemes. The use of one or the combination of several schemes directly affects protocol performance. Each day new schemas are proposed, and their utilization in the authentication protocols improves the performance of the system compared to the protocols already proposed in the same scenario. In this work 3 (three) secure and cost-effective authentication protocols are proposed, for the following scenarios: - Authentication of employees of energy suply enterprises, looking for remote or local access to the system; - Authentication of Smart Meters in an Advanced Metering Infrastructure based on cloud computing; and - Authentication of electrical vehicles in a V2G (“Vehicle-to-Grid”) network. Each scenario has specific characteristics, that are reflected on the design of the proposed protocols. Moreover, such protocols assure mutual authentication among entities as well as the protection of privacy, confidentiality and integrity of system data. A comparison considering communication and computing costs is presented, involving proposed protocols and other previously published protocols, for each scenario. The results show that the proposed protocols have, in most cases, the best performance, thus constituting good choices for future implementation in SG networks. The formal validation of the proposed protocols by the use of AVISPA tool is realized, allowing to verify the compliance with security requirements

Post-quantum cryptosystems for internet-of-things: A survey on lattice-based algorithms

The latest quantum computers have the ability to solve incredibly complex classical cryptography equations particularly to decode the secret encrypted keys and making the network vulnerable to hacking. They can solve complex mathematical problems almost instantaneously compared to the billions of years of computation needed by traditional computing machines. Researchers advocate the development of novel strategies to include data encryption in the post-quantum era. Lattices have been widely used in cryptography, somewhat peculiarly, and these algorithms have been used in both; (a) cryptoanalysis by using lattice approximation to break cryptosystems; and (b) cryptography by using computationally hard lattice problems (non-deterministic polynomial time hardness) to construct stable cryptographic functions. Most of the dominant features of lattice-based cryptography (LBC), which holds it ahead in the post-quantum league, include resistance to quantum attack vectors, high concurrent performance, parallelism, security under worst-case intractability assumptions, and solutions to long-standing open problems in cryptography. While these methods offer possible security for classical cryptosytems in theory and experimentation, their implementation in energy-restricted Internet-of-Things (IoT) devices requires careful study of regular lattice-based implantation and its simplification in lightweight lattice-based cryptography (LW-LBC). This streamlined post-quantum algorithm is ideal for levelled IoT device security. The key aim of this survey was to provide the scientific community with comprehensive information on elementary mathematical facts, as well as to address real-time implementation, hardware architecture, open problems, attack vectors, and the significance for the IoT networks

Authentication protocols for D2D communications

Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, 2019.A comunicação Dispositivo-a-Dispositivo (D2D) é uma das tecnologias promissoras para ser usada na conexão de grandes quantidades de dispositivos, como previsto para a Internet das Coisas (IoT, do inglês Internet of Things), ao proporcionar a oportunidade de conexão direta entre dispositivos, sem a obrigatoriedade de emprego da infraestrutura de redes tradicionais. A segurança é um item crucial para o sucesso da IoT e das comunicações D2D e pode ser proporcionada por protocolos de autenticação e acordo de chaves (AKA, do inglês Authentication and Key Agreement). Entretanto, os protocolos de autenticação utilizados nas redes tradicionais (como os protocolos EPS-AKA e EAP-AKA) não estão adaptados para D2D, e seu emprego em situação de grande aumento no número de dispositivos conectados imporia um elevado consumo de recursos, especialmente de banda e de processamento computacional. Adicionalmente, no início do trabalho foram identificados poucos protocolos dessa categoria, especificamente voltados para D2D. Este trabalho apresenta o projeto e a avaliação de 3 (três) protocolos de autenticação e acordo de chaves para comunicações D2D, desenvolvidos para 3 (três) cenários:1) dispositivos integrantes de Telecare Medical Information Systems (TMIS) baseados em sistema de nuvem computacional; 2) grupos de dispositivos em cenário genérico de emprego de comunicações D2D, onde sejam esperadas grandes quantidades de dispositivos; 3) grupos de dispositivos em comunicações D2D em cenário m-health. A metodologia para obtenção de novos protocolos seguros considerou, como passo inicial, uma revisão da literatura, buscando identificar protocolos que tenham sido empregados, de forma específica, em cada cenário considerado. Em seguida, foi definida uma arquitetura específica de cada cenário considerado, bem como propriedades de segurança a serem alcançadas e possíveis ataques contra os quais caberia oferecer proteção. Foram então criados novos protocolos de autenticação para os cenários e arquiteturas citados, considerando o emprego de comunicações D2D. Em todos os três cenários, dentre as propriedades de segurança tidas como requisitos para o correto funcionamento da comunicação D2D, incluem-se a preservação da confidencialidade, a integridade e a disponibilidade do sistema; em termos de possíveis ataques, ataques tais como os dos tipos man-in-the-middle, repetição e personificação foram tratados, visando proteção pelo protocolo contra os mesmos. Após a descrição de cada protocolo, esta dissertação apresenta comparações em relação a propriedades de segurança entre cada um dos protocolos propostos e alguns de seus respectivos trabalhos relacionados. Uma comparação envolvendo custos de computação, de comunicação e de energia é então realizada. Os resultados obtidos mostram bom desempenho e robustez em segurança para os três esquemas propostos. As propostas mostram-se adequadas para uso futuro, na autenticação de dispositivos IoT que utilizarem comunicação D2D, dentro dos cenários adotados e sob as condições em que foram avaliadas. Uma validação semiformal dos protocolos é também apresentada. A ferramenta AVISPA é utilizada para verificar a robustez da segurança dos protocolos desenvolvidos.Device-to-Device (D2D) communication is one of the promising technologies to be used to connect the large quantity of devices, as forecasted for the Internet of Things (IoT), by providing to devices the opportunity of connecting each other without mandatory use of traditional networks infrastructure. Security is a crucial item for the success of IoT and D2D communication and can be provided by robust authentication and key agreement protocols (AKA). However, the authentication protocols used for traditional networks (such as EPS-AKA and EAP-AKA) are not adapted for D2D and their use in the situation of large number of devices connected would impose high consume of resources, specially bandwidth and computational processing. Additionally, in the beginning of the work, it was identified a small quantity of protocols of the described category, specifically for D2D. This work provides the project and evaluation of 3 (three) authentication protocols designed to meet the demand on Device-to-Device (D2D) communications authentication and key agreement protocols, developed for 3 (three) scenarios: 1) devices that are members of Telecare Medical Information Systems (TMIS) based on cloud system; 2) groups of devices in generic scenario for the use of D2D communications, which there are expected large quantities of devices; 3) groups of devices for D2D communication in m-health scenario. The methodology for obtaining of new secure protocols considered, as initial step, a literature review, searching for protocols that might be specifically used in each of the scenarios considered. Next, a specific architecture for each scenario considered was developed, as well as security properties to be accomplished and possible attacks that might be suitable for the protocol to have protection. Therefore, authentication protocols were created for the scenarios and architecture cited, considering the use of D2D. In all three cases, among the security objectives required for the proper functioning of D2D communication, there are included the preservation of confidentiality, integrity, and availability of the system; in terms of attacks, such as man-in-the-middle, replay and impersonation were treated, aiming the protection of the protocols against the cited attacks. After the description of each protocol, this dissertation presents comparisons regarding security properties among each of the proposed protocols and some of their respective related works. A comparison involving computational, communication and energy costs is executed. The results obtained show good performance and robust security to the three proposed schemes. The proposals show up suitable future use, in the authentication of IoT devices using D2D communication, in the scenarios adopted and under the conditions evaluated. A semi-formal validation of the protocols is also presented. The tool AVISPA is used to verify the security robustness of the protocols developed

Signing with Codes

Code-based cryptography is an area of classical cryptography in which cryptographic primitives rely on hard problems and trapdoor functions related to linear error-correcting codes. Since its inception in 1978, the area has produced the McEliece and the Niederreiter cryptosystems, multiple digital signature schemes, identification schemes and code-based hash functions. All of these are believed to be resistant to attacks by quantum computers. Hence, code-based cryptography represents a post-quantum alternative to the widespread number-theoretic systems. This thesis summarizes recent developments in the field of code-based cryptography, with a particular emphasis on code-based signature schemes. After a brief introduction and analysis of the McEliece and the Niederreiter cryptosystems, we discuss the currently unresolved issue of constructing a practical, yet provably secure signature scheme. A detailed analysis is provided for the Courtois, Finiasz and Sendrier signature scheme, along with the mCFS and parallel CFS variations. Finally, we discuss a recent proposal by Preetha et al. that attempts to solve the issue of provable security, currently failing in the CFS scheme case, by randomizing the public key construct. We conclude that, while the proposal is not yet practical, it represents an important advancement in the search for an ideal code-based signature scheme