24 research outputs found

    CGST: Provably Secure Lightweight Certificateless Group Signcryption Technique Based on Fractional Chaotic Maps

    Get PDF
    In recent years, there has been a lot of research interest in analyzing chaotic constructions and their associated cryptographic structures. Compared with the essential combination of encryption and signature, the signcryption scheme has a more realistic solution for achieving message confidentiality and authentication simultaneously. However, the security of a signcryption scheme is questionable when deployed in modern safety-critical systems, especially as billions of sensitive user information is transmitted over open communication channels. In order to address this problem, a lightweight, provably secure certificateless technique that uses Fractional Chaotic Maps (FCM) for group-oriented signcryption (CGST) is proposed. The main feature of the CGST-FCM technique is that any group signcrypter may encrypt data/information with the group manager (GM) and have it sent to the verifier seamlessly. This implies the legitimacy of the signcrypted information/data is verifiable using the public conditions of the group, but they cannot link it to the conforming signcrypter. In this scenario, valid signcrypted information/data cannot be produced by the GM or any signcrypter in that category alone. However, the GM is allowed to reveal the identity of the signcrypter when there is a legal conflict to restrict repudiation of the signature. Generally, the CGST-FCM technique is protected from the indistinguishably chosen ciphertext attack (IND-CCA). Additionally, the computationally difficult Diffie-Hellman (DH) problems have been used to build unlinkability, untraceability, unforgeability, and robustness of the projected CGST-FCM scheme. Finally, the security investigation of the presented CGST-FCM technique shows appreciable consistency and high efficiency when applied in real-time security applications

    Lightweight identity based online/offline signature scheme for wireless sensor networks

    Get PDF
    Data security is one of the issues during data exchange between two sensor nodes in wireless sensor networks (WSN). While information flows across naturally exposed communication channels, cybercriminals may access sensitive information. Multiple traditional reliable encryption methods like RSA encryption-decryption and Diffie–Hellman key exchange face a crisis of computational resources due to limited storage, low computational ability, and insufficient power in lightweight WSNs. The complexity of these security mechanisms reduces the network lifespan, and an online/offline strategy is one way to overcome this problem. This study proposed an improved identity-based online/offline signature scheme using Elliptic Curve Cryptography (ECC) encryption. The lightweight calculations were conducted during the online phase, and in the offline phase, the encryption, point multiplication, and other heavy measures were pre-processed using powerful devices. The proposed scheme uniquely combined the Inverse Collusion Attack Algorithm (CAA) with lightweight ECC to generate secure identitybased signatures. The suggested scheme was analyzed for security and success probability under Random Oracle Model (ROM). The analysis concluded that the generated signatures were immune to even the worst Chosen Message Attack. The most important, resource-effective, and extensively used on-demand function was the verification of the signatures. The low-cost verification algorithm of the scheme saved a significant number of valued resources and increased the overall network’s lifespan. The results for encryption/decryption time, computation difficulty, and key generation time for various data sizes showed the proposed solution was ideal for lightweight devices as it accelerated data transmission speed and consumed the least resources. The hybrid method obtained an average of 66.77% less time consumption and up to 12% lower computational cost than previous schemes like the dynamic IDB-ECC two-factor authentication key exchange protocol, lightweight IBE scheme (IDB-Lite), and Korean certification-based signature standard using the ECC. The proposed scheme had a smaller key size and signature size of 160 bits. Overall, the energy consumption was also reduced to 0.53 mJ for 1312 bits of offline storage. The hybrid framework of identity-based signatures, online/offline phases, ECC, CAA, and low-cost algorithms enhances overall performance by having less complexity, time, and memory consumption. Thus, the proposed hybrid scheme is ideally suited for a lightweight WSN

    LiS: Lightweight Signature Schemes for continuous message authentication in cyber-physical systems

    Get PDF
    Agency for Science, Technology and Research (A*STAR) RIE 202

    Key-Based Cookie-Less Session Management Framework for Application Layer Security

    Get PDF
    The goal of this study is to extend the guarantees provided by the secure transmission protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and apply them to the application layer. This paper proposes a comprehensive scheme that allows the unification of multiple security mechanisms, thereby removing the burden of authentication, mutual authentication, continuous authentication, and session management from the application development life-cycle. The proposed scheme will allow creation of high-level security mechanisms such as access control and group authentication on top of the extended security provisions. This scheme effectively eliminates the need for session cookies, session tokens and any similar technique currently in use. Hence reducing the attack surface and nullifying a vast group of attack vectors

    IoT Applications, Platforms, Systems, And Framework based on Blockchain

    Get PDF
    The Internet of Things (IoT) has lately evolved as a new technology capable of providing real-time and cutting-edge sensing capabilities to numerous industries such as healthcare, agriculture, smart cities, smart homes, and supply chain. Because of this technology's inherent promise, it has already seen exponential growth in a wide range of use-cases across numerous application domains. As academics around the world continue to examine its capabilities, there is widespread consensus that in order to get the most out of this technology and fully realise its potential, IoT must be built on a flexible network architecture with strong support for security, privacy, and trust. Blockchain (BC) technology, on the other hand, has lately emerged as a breakthrough technology with the promise to give several beneficial qualities such as robustness, support for integrity, anonymity, decentralisation, and autonomous control. Several BC systems are offered, which may be appropriate for various use-cases, including IoT applications. As a result, the integration of IoT with BC technology is seen as a potential solution to some critical concerns. To do this, a good grasp of the requirements of various IoT applications and the viability of a BC platform for a specific application satisfying its underlying requirements is required. This project explains many ways such as the gateway process and sensor device. By addressing the present blockchain concerns, IoT may enable a variety of security services, all of which are described in detail. Various authors present some common facts on the use of blockchain in IoT, which aids in a thorough understanding of the concept. Blockchain improves security and privacy in IoT platforms. In this project, an extra immutable ledger is created using all of the resources and information mentioned in the existing procedure. [1]

    Enhanced fully homomorphic encryption scheme using modified key generation for cloud environment

    Get PDF
    Fully homomorphic encryption (FHE) is a special class of encryption that allows performing unlimited mathematical operations on encrypted data without decrypting it. There are symmetric and asymmetric FHE schemes. The symmetric schemes suffer from the semantically security property and need more performance improvements. While asymmetric schemes are semantically secure however, they pose two implicit problems. The first problem is related to the size of key and ciphertext and the second problem is the efficiency of the schemes. This study aims to reduce the execution time of the symmetric FHE scheme by enhancing the key generation algorithm using the Pick-Test method. As such, the Binary Learning with Error lattice is used to solve the key and ciphertext size problems of the asymmetric FHE scheme. The combination of enhanced symmetric and asymmetric algorithms is used to construct a multi-party protocol that allows many users to access and manipulate the data in the cloud environment. The Pick-Test method of the Sym-Key algorithm calculates the matrix inverse and determinant in one instance requires only n-1 extra multiplication for the calculation of determinant which takes 0(N3) as a total cost, while the Random method in the standard scheme takes 0(N3) to find matrix inverse and 0(N!) to calculate the determinant which results in 0(N4) as a total cost. Furthermore, the implementation results show that the proposed key generation algorithm based on the pick-test method could be used as an alternative to improve the performance of the standard FHE scheme. The secret key in the Binary-LWE FHE scheme is selected from {0,1}n to obtain a minimal key and ciphertext size, while the public key is based on learning with error problem. As a result, the secret key, public key and tensored ciphertext is enhanced from logq , 0(n2log2q) and ((n+1)n2log2q)2log q to n, (n+1)2log q and (n+1)2log q respectively. The Binary-LWE FHE scheme is a secured but noise-based scheme. Hence, the modulus switching technique is used as a noise management technique to scale down the noise from e and c to e/B and c/B respectively thus, the total cost for noise management is enhanced from 0(n3log2q) to 0(n2log q) . The Multi-party protocol is constructed to support the cloud computing on Sym-Key FHE scheme. The asymmetric Binary-LWE FHE scheme is used as a small part of the protocol to verify the access of users to any resource. Hence, the protocol combines both symmetric and asymmetric FHE schemes which have the advantages of efficiency and security. FHE is a new approach with a bright future in cloud computing

    Malware threats and detection for industrial mobile-IoT networks

    Full text link
    Industrial IoT networks deploy heterogeneous IoT devices to meet a wide range of user requirements. These devices are usually pooled from private or public IoT cloud providers. A significant number of IoT cloud providers integrate smartphones to overcome the latency of IoT devices and low computational power problems. However, the integration of mobile devices with industrial IoT networks exposes the IoT devices to significant malware threats. Mobile malware is the highest threat to the security of IoT data, user\u27s personal information, identity, and corporate/financial information. This paper analyzes the efforts regarding malware threats aimed at the devices deployed in industrial mobile-IoT networks and related detection techniques. We considered static, dynamic, and hybrid detection analysis. In this performance analysis, we compared static, dynamic, and hybrid analyses on the basis of data set, feature extraction techniques, feature selection techniques, detection methods, and the accuracy achieved by these methods. Therefore, we identify suspicious API calls, system calls, and the permissions that are extracted and selected as features to detect mobile malware. This will assist application developers in the safe use of APIs when developing applications for industrial IoT networks

    TOWARDS ENHANCING SECURITY IN CLOUD STORAGE ENVIRONMENTS

    Get PDF
    Although widely adopted, one of the biggest concerns with cloud computing is how to preserve the security and privacy of client data being processed and/or stored in a cloud computing environment. When it comes to cloud data protection, the methods employed can be very similar to protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking, and data masking are all data protection methods that have applicability in cloud computing. Current research in cloud data protection primarily falls into three main categories: 1) Authentication & Access Control, 2) Encryption, and 3) Intrusion Detection. This thesis examines the various mechanisms that currently exist to protect data being stored in a public cloud computing environment. It also looks at the methods employed to detect intrusions targeting cloud data when and if data protection mechanisms fail. In response to these findings, we present three primary contributions that focus on enhancing the overall security of user data residing in a hosted environment such as the cloud. We first provide an analysis of Cloud Storage vendors that shows how data can be exposed when shared - even in the most `secure' environments. Secondly, we o er Pretty Good Privacy (PGP) as a method of securing data within this environment while enhancing PGP'sWeb of Trust validation mechanism using Bitcoin. Lastly, we provide a framework for protecting data exfiltration attempts in Software-as-a-Service (SaaS) Cloud Storage environments using Cyber Deception

    Comprehensive Survey: Biometric User Authentication Application, Evaluation, and Discussion

    Full text link
    This paper conducts an extensive review of biometric user authentication literature, addressing three primary research questions: (1) commonly used biometric traits and their suitability for specific applications, (2) performance factors such as security, convenience, and robustness, and potential countermeasures against cyberattacks, and (3) factors affecting biometric system accuracy and po-tential improvements. Our analysis delves into physiological and behavioral traits, exploring their pros and cons. We discuss factors influencing biometric system effectiveness and highlight areas for enhancement. Our study differs from previous surveys by extensively examining biometric traits, exploring various application domains, and analyzing measures to mitigate cyberattacks. This paper aims to inform researchers and practitioners about the biometric authentication landscape and guide future advancements
    corecore