2,744 research outputs found
THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system
In this paper, we propose a new biometric verification and template
protection system which we call the THRIVE system. The system includes novel
enrollment and authentication protocols based on threshold homomorphic
cryptosystem where the private key is shared between a user and the verifier.
In the THRIVE system, only encrypted binary biometric templates are stored in
the database and verification is performed via homomorphically randomized
templates, thus, original templates are never revealed during the
authentication stage. The THRIVE system is designed for the malicious model
where the cheating party may arbitrarily deviate from the protocol
specification. Since threshold homomorphic encryption scheme is used, a
malicious database owner cannot perform decryption on encrypted templates of
the users in the database. Therefore, security of the THRIVE system is enhanced
using a two-factor authentication scheme involving the user's private key and
the biometric data. We prove security and privacy preservation capability of
the proposed system in the simulation-based model with no assumption. The
proposed system is suitable for applications where the user does not want to
reveal her biometrics to the verifier in plain form but she needs to proof her
physical presence by using biometrics. The system can be used with any
biometric modality and biometric feature extraction scheme whose output
templates can be binarized. The overall connection time for the proposed THRIVE
system is estimated to be 336 ms on average for 256-bit biohash vectors on a
desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link
connection speed. Consequently, the proposed system can be efficiently used in
real life applications
Smooth Number Message Authentication Code in the IoT Landscape
This paper presents the Smooth Number Message Authentication Code (SNMAC) for
the context of lightweight IoT devices. The proposal is based on the use of
smooth numbers in the field of cryptography, and investigates how one can use
them to improve the security and performance of various algorithms or security
constructs. The literature findings suggest that current IoT solutions are
viable and promising, yet they should explore the potential usage of smooth
numbers. The methodology involves several processes, including the design,
implementation, and results evaluation. After introducing the algorithm,
provides a detailed account of the experimental performance analysis of the
SNMAC solution, showcasing its efficiency in real-world scenarios. Furthermore,
the paper also explores the security aspects of the proposed SNMAC algorithm,
offering valuable insights into its robustness and applicability for ensuring
secure communication within IoT environments.Comment: 19 pages, 7 figure
Research of collision properties of the modified UMAC algorithm on crypto-code constructions
The transfer of information by telecommunication channels is accompanied by message hashing to control the integrity of the data and confirm the authenticity of the data. When using a reliable hash function, it is computationally difficult to create a fake message with a pre-existing hash code, however, due to the weaknesses of specific hashing algorithms, this threat can be feasible. To increase the level of cryptographic strength of transmitted messages over telecommunication channels, there are ways to create hash codes, which, according to practical research, are imperfect in terms of the speed of their formation and the degree of cryptographic strength. The collisional properties of hashing functions formed using the modified UMAC algorithm using the methodology for assessing the universality and strict universality of hash codes are investigated. Based on the results of the research, an assessment of the impact of the proposed modifications at the last stage of the generation of authentication codes on the provision of universal hashing properties was presented. The analysis of the advantages and disadvantages that accompany the formation of the hash code by the previously known methods is carried out. The scheme of cascading generation of data integrity and authenticity control codes using the UMAC algorithm on crypto-code constructions has been improved. Schemes of algorithms for checking hash codes were developed to meet the requirements of universality and strict universality. The calculation and analysis of collision search in the set of generated hash codes was carried out according to the requirements of a universal and strictly universal class for creating hash code
Pendekatan konstruktif dalam inovasi pengajaran dan pembelajaran Bahasa Melayu di Kolej Vokasional
Pendekatan konstruktif adalah pendekatan pengajaran dan pembelajaran yang
berpusatkan pelajar manakala inovasi pengajaran pula dikaitkan dengan kaedah
pengajaran yang terbaru demi mengukuhkan pemahaman pelajar. Pembelajaran
berasaskan pendekatan konstruktif merupakan elemen yang penting dan perlu
difahami oleh guru-guru bagi memantapkan proses pengajaran dan pembelajaran
sesuai dengan peredaran masa dan menjayakan proses tranformasi pendidikan
negara. Objektif kajian ini dijalankan untuk mengenal pasti pemahaman guru-guru
bahasa Melayu berkaitan inovasi, mengenal pasti perbezaan yang wujud antara guru
lelaki dan guru perempuan dalam mengamalkan inovasi, pengkaji juga melihat
adakah wujud perbezaan antara guru baru dan guru yang sudah berpengalaman
dalam aspek mengaplikasikan inovasi serta mengenal pasti kekangan-kekangan yang
dialami oleh para guru untuk mengaplikasikan inovasi di sekolah. Seramai 63 orang
guru bahasa Melayu dari lapan buah kolej vokasional telah dipilih sebagai responden
dalam kajian ini. Data dianalisis menggunakan perisian Winsteps 3.69.1.11 dengan
pendekatan Model Pengukuran Rasch. Hasil analisis menunjukkan bahawa guru�guru bahasa Melayu memahami kepentingan inovasi dalam pengajaran dan
pembelajaran. Hasil kajian juga menunjukkan guru-guru perempuan lebih banyak
menerapkan unsur inovasi dalam pengajaran berbanding guru lelaki. Walaupun
begitu, aspek pengalaman tidak menunjukkan perbezaan dari segi pengamalan
inovasi sama ada guru baru ataupun guru yang sudah berpengalaman. Pengkaji juga
mengenal pasti beberapa kekangan yang dialami oleh guru-guru untuk mengamalkan
inovasi ini. Sebagai langkah untuk menangani masalah berkenaan, beberapa
cadangan telah dikemukakan oleh pengkaji bagi memastikan guru-guru dapat
merealisasikan proses pengajaran berkesan dengan penerapan inovasi mengikut
model pendekatan konstruktif. Pengkaji berharap, kajian ini dapat dijadikan sebagai
satu panduan kepada pelaksana kurikulum bagi memastikan budaya inovasi sentiasa
menjadi amalan dalam kalangan guru demi mengangkat profesionalisme guru di
Malaysia
Formally based semi-automatic implementation of an open security protocol
International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation
A Multi-User, Single-Authentication Protocol for Smart Grid Architectures
open access articleIn a smart grid system, the utility server collects data from various smart grid devices. These data play an important role in the energy distribution and balancing between the energy providers and energy consumers. However, these data are prone to tampering attacks by an attacker, while traversing from the smart grid devices to the utility servers, which may result in energy disruption or imbalance. Thus, an authentication is mandatory to efficiently authenticate the devices and the utility servers and avoid tampering attacks. To this end, a group authentication algorithm is proposed for preserving demand–response security in a smart grid. The proposed mechanism also provides a fine-grained access control feature where the utility server can only
access a limited number of smart grid devices. The initial authentication between the utility server and smart grid device in a group involves a single public key operation, while the subsequent authentications with the same device or other devices in the same group do not need a public key operation. This reduces the overall computation and communication overheads and takes less time to successfully establish a secret session key, which is used to exchange sensitive information over an unsecured wireless channel. The resilience of the proposed algorithm is tested against various attacks using formal and informal security analysis
A New Approach in Expanding the Hash Size of MD5
The enhanced MD5 algorithm has been developed by expanding its hash value up to 1280 bits from the original size of 128 bit using XOR and AND operators. Findings revealed that the hash value of the modified algorithm was not cracked or hacked during the experiment and testing using powerful bruteforce, dictionary, cracking tools and rainbow table such as CrackingStation, Hash Cracker, Cain and Abel and Rainbow Crack which are available online thus improved its security level compared to the original MD5. Furthermore, the proposed method could output a hash value with 1280 bits with only 10.9 ms additional execution time from MD5. Keywords: MD5 algorithm, hashing, client-server communication, modified MD5, hacking, bruteforce, rainbow table
Hardware Implementation of an Enhanced Securityand Authentication-Related Automotive CAN Bus Prototype
In this paper a new security technique aiming to ensure safe and reliable communications between different nodes on an automotive Controller Area Network (CAN) is presented. The proposed method relies on a robust authentication code using Blake-3 as a hash algorithm within an adapted structure that includes a monitor node. A prototype is implemented and run effectively to perform hardware simulations of real case-based security problems of automotive embedded CAN systems. As a result, data transfer can take place on a newly enhanced CAN bus according to the standard protocol without being intercepted nor tampered with by unauthorized parties thereby highlighting the effectiveness of the proposed technique
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
- …