Effective software-oriented cryptosystem in complex PC security software

To ensure high encryption rate and good data security, an organization of an encipherement program in the form of two modules was proposed. The first module is used for customizing the second one, the latter being the resident of the program, which maintains all application calls about encryption procedures. This approach is shown to be perspective for the elaboration of the cryptosystems with indefinite cryptalgorithm. Several typical software-oriented cryptoschemes are considered. The developed cryptomodules have high encipherement rate (2-10 Mbps for Intel 386) and secure high information protection level Organization of a new computer security software complex COBRA is considered. High enciphering rate and good data protection are provided by the resident cryptomodule using less than 1 kbyte of the main memory and working in dynamic encryption mode

Biometrics for internet‐of‐things security: A review

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric traits and the number of biometric traits employed in the system. As for encryption, biometric‐cryptographic systems, which integrate biometrics with cryptography and take advantage of both to provide enhanced security for IoT, are thoroughly reviewed and discussed. Moreover, challenges arising from applying biometrics to IoT and potential solutions are identified and analyzed. With an insight into the state‐of‐the‐art research in biometrics for IoT security, this review paper helps advance the study in the field and assists researchers in gaining a good understanding of forward‐looking issues and future research directions

Crypto-test-lab for security validation of ECC co-processor test infrastructure

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksElliptic Curve Cryptography (ECC) is a technology for public-key cryptography that is becoming increasingly popular because it provides greater speed and implementation compactness than other public-key technologies. Calculations, however, may not be executed by software, since it would be so time consuming, thus an ECC co-processor is commonly included to accelerate the speed. Test infrastructure in crypto co-processors is often avoided because it poses serious security holes against adversaries. However, ECC co-processors include complex modules for which only functional test methodologies are unsuitable, because they would take an unacceptably long time during the production test. Therefore, some internal test infrastructure is always included to permit the application of structural test techniques. Designing a secure test infrastructure is quite a complex task that relies on the designer's experience and on trial & error iterations over a series of different types of attacks. Most of the severe attacks cannot be simulated because of the demanding computational effort and the lack of proper attack models. Therefore, prototypes are prepared using FPGAs. In this paper, a Crypto-Test-Lab is presented that includes an ECC co-processor with flexible test infrastructure. Its purpose is to facilitate the design and validation of secure strategies for testing in this type of co-processor.Postprint (author's final draft

An Evaluation of the State-of-the-Art Software and Hardware Implementations of BIKE

NIST is conducting a process for the standardization of post-quantum cryptosystems, i.e., cryptosystems that are resistant to attacks by both traditional and quantum computers and that can thus substitute the traditional public-key cryptography solutions which are expected to be broken by quantum computers in the next decades. This manuscript provides an overview and a comparison of the existing state-of-the-art implementations of the BIKE QC-MDPC code-based post-quantum KEM, a candidate in NIST's PQC standardization process. We consider both software, hardware, and mixed hardware-software implementations and evaluate their performance and, for hardware ones, their resource utilization.Comment: Accepted for presentation at PARMA-DITAM 2023: 14th Workshop on Parallel Programming and Run-Time Management Techniques for Many-core Architectures / 12th Workshop on Design Tools and Architectures for Multicore Embedded Computing Platforms, January 17, 202

Algorithmic Security is Insufficient: A Comprehensive Survey on Implementation Attacks Haunting Post-Quantum Security

This survey is on forward-looking, emerging security concerns in post-quantum era, i.e., the implementation attacks for 2022 winners of NIST post-quantum cryptography (PQC) competition and thus the visions, insights, and discussions can be used as a step forward towards scrutinizing the new standards for applications ranging from Metaverse, Web 3.0 to deeply-embedded systems. The rapid advances in quantum computing have brought immense opportunities for scientific discovery and technological progress; however, it poses a major risk to today's security since advanced quantum computers are believed to break all traditional public-key cryptographic algorithms. This has led to active research on PQC algorithms that are believed to be secure against classical and powerful quantum computers. However, algorithmic security is unfortunately insufficient, and many cryptographic algorithms are vulnerable to side-channel attacks (SCA), where an attacker passively or actively gets side-channel data to compromise the security properties that are assumed to be safe theoretically. In this survey, we explore such imminent threats and their countermeasures with respect to PQC. We provide the respective, latest advancements in PQC research, as well as assessments and providing visions on the different types of SCAs

An effective simulation analysis of transient electromagnetic multiple faults

Embedded encryption devices and smart sensors are vulnerable to physical attacks. Due to the continuous shrinking of chip size, laser injection, particle radiation and electromagnetic transient injection are possible methods that introduce transient multiple faults. In the fault analysis stage, the adversary is unclear about the actual number of faults injected. Typically, the single-nibble fault analysis encounters difficulties. Therefore, in this paper, we propose novel ciphertext-only impossible differentials that can analyze the number of random faults to six nibbles. We use the impossible differentials to exclude the secret key that definitely does not exist, and then gradually obtain the unique secret key through inverse difference equations. Using software simulation, we conducted 32,000 random multiple fault attacks on Midori. The experiments were carried out to verify the theoretical model of multiple fault attacks. We obtain the relationship between fault injection and information content. To reduce the number of fault attacks, we further optimized the fault attack method. The secret key can be obtained at least 11 times. The proposed ciphertext-only impossible differential analysis provides an effective method for random multiple faults analysis, which would be helpful for improving the security of block ciphers

A NOVEL SIMPLE AND HIGHLY SECURE METHOD FOR DATA ENCRYPTION-DECRYPTION

In the course of the past 30 years, data has become pivotal to all aspects of human life. Data generated, captured, and replicated are increasing in size and expanding applications. The proliferation of fast wireless networks has encouraged data storage within the cloud. So, protecting data from attackers has become urgent to maintain its security and confidentiality, need for security and privacy technologies, systems, and processes to address it. This research paper proposes a simple and highly secure encryption decryption (SHSED) algorithm that can be used for cloud computing-based applications. It achieves the Shannon’s concept of diffusion and confusion by the involvement of logical operations, such as XORing, addition, and subtraction in addition to byte shifting. It is also characterized by the flexibility in the secret key length and the number of rounds. Experimental results have demonstrated powerful security level and a clear improvement in the encryption execution time measurements and security strength as compared with cryptosystems widely used in cloud computing

Supply Chain Security Using RSA Algorithm

The success of supply chain depends greatly on how its information technology is used. Over the years the rate at which supply chain sensitive information is sent over the internet and network has increased drastically. It is for this reason that every company wants to ensure that its supply chain information is secured because large volume of sensitive information is sent over the internet on daily basis. This has created room for this information to be properly secure so that unauthorized user cannot gain access to such sensitive information. There is need for supply chain information to be transmitted via the internet and computer networks to be protected. The integrity of supply chain information can be secured by using appropriate data security technology. The aims of this thesis were to focus on supply chain security and how supply chain information sent through the computer network and internet can be secured using RSA technique. The thesis elucidates on the limitations of RSA algorithm and how these limitations can be overcome. The methods used in this thesis are information derived from secondary source materials made up of journal articles, conference proceedings, textbooks and good websites source. In this thesis, it was showed that supply chain security powered with RSA techniques was very important in supply chain management. In conclusion, 2048 bits or more bits RSA are recommended for better supply chain security