Integrating verification, testing, and learning for cryptographic protocols

International audienceThe verification of cryptographic protocol specifications is an active research topic and has received much attention from the formal verification community. By contrast, the black-box testing of actual implementations of protocols, which is, arguably, as important as verification for ensuring the correct functioning of protocols in the “real†world, is little studied. We propose an approach for checking secrecy and authenticity properties not only on protocol specifications, but also on black-box implementations. The approach is compositional and integrates ideas from verification, testing, and learning. It is illustrated on the Basic Access Control protocol implemented in biometric passports

Still Wrong Use of Pairings in Cryptography

Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

Post-quantum blockchain for internet of things domain

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonIn the evolving realm of quantum computing, emerging advancements reveal substantial challenges and threats to existing cryptographic infrastructures, particularly impacting blockchain technologies. These are pivotal for securing the Internet of Things (IoT) ecosystems. The traditional blockchain structures, integral to myriad IoT applications, are susceptible to potential quantum computations, emphasizing an urgent need for innovations in post-quantum blockchain solutions to reinforce security in the expansive domain of IoT. This PhD thesis delves into the crucial exploration and meticulous examination of the development and implementation of post-quantum blockchain within the IoT landscape, focusing on the incorporation of advanced post-quantum cryptographic algorithms in Hyperledger Fabric, a forefront blockchain platform renowned for its versatility and robustness. The primary aim is to discern viable post-quantum cryptographic solutions capable of fortifying blockchain systems against impending quantum threats enhancing security and reliability in IoT applications. The research comprehensively evaluates various post-quantum public-key generation and digital signature algorithms, performing detailed analyses of their computational time and memory usage to identify optimal candidates. Furthermore, the thesis proposes an innovative lattice-based digital signature scheme Fast-Fourier Lattice-based Compact Signature over NTRU (Falcon), which leverages the Monte Carlo Markov Chain (MCMC) algorithm as a trapdoor sampler to augment its security attributes. The research introduces a post-quantum version of the Hyperledger Fabric blockchain that integrates post-quantum signatures. The system utilizes the Open Quantum Safe (OQS) library, rigorously tested against NIST round 3 candidates for optimal performance. The study highlights the capability to manage IoT data securely on the post-quantum Hyperledger Fabric blockchain through the Message Queue Telemetry Transport (MQTT) protocol. Such a configuration ensures safe data transfer from IoT sensors directly to the blockchain nodes, securing the processing and recording of sensor data within the node ledger. The research addresses the multifaceted challenges of quantum computing advancements and significantly contributes to establishing secure, efficient, and resilient post-quantum blockchain infrastructures tailored explicitly for the IoT domain. These findings are instrumental in elevating the security paradigms of IoT systems against quantum vulnerabilities and catalysing innovations in post-quantum cryptography and blockchain technologies. Furthermore, this thesis introduces strategies for the optimization of performance and scalability of post-quantum blockchain solutions and explores alternative, energy-efficient consensus mechanisms such as the Raft and Stellar Consensus Protocol (SCP), providing sustainable alternatives to the conventional Proof-of-Work (PoW) approach. A critical insight emphasized throughout this thesis is the imperative of synergistic collaboration among academia, industry, and regulatory bodies. This collaboration is pivotal to expedite the adoption and standardization of post-quantum blockchain solutions, fostering the development of interoperable and standardized technologies enriched with robust security and privacy frameworks for end users. In conclusion, this thesis furnishes profound insights and substantial contributions to implementing post-quantum blockchain in the IoT domain. It delineates original contributions to the knowledge and practices in the field, offering practical solutions and advancing the state-of-the-art in post-quantum cryptography and blockchain research, thereby paving the way for a secure and resilient future for interconnected IoT systems

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

A Logic for Constraint-based Security Protocol Analysis

We propose PS-LTL, a pure-past security linear temporal logic that allows the specification of a variety of authentication, secrecy and data freshness properties. Furthermore, we present a sound and complete decision procedure to establish the validity of security properties for symbolic execution traces, and show the integration with constraint-based analysis techniques

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Two-Factor Biometric Identity Verification System for the Human-Machine System Integrated Deep Learning Model

The Human-Machine Identity Verification System based on Deep Learning offers a robust and automated approach to identity verification, leveraging the power of deep learning algorithms to enhance accuracy and security. This paper focused on the biometric-based authentical scheme with Biometric Recognition for the Huma-Machinary Identification System. The proposed model is stated as the Two-Factor Biometric Authentication Deep Learning (TBAuthDL). The proposed TBAuthDL model uses the iris and fingerprint biometric data for authentication. TBAuthDL uses the Weighted Hashing Cryptographic (WHC) model for the data security. The TBAuthDL model computes the hashing factors and biometric details of the person with WHC and updates to the TBAuthDL. Upon the verification of the details of the assessment is verified in the Human-Machinary identity. The simulation analysis of TBAuthDL model achieves a higher accuracy of 99% with a minimal error rate of 1% which is significantly higher than the existing techniques. The performance also minimizes the computation and processing time with reduced complexity

Machine Learning-Enhanced Advancements in Quantum Cryptography: A Comprehensive Review and Future Prospects

Quantum cryptography has emerged as a promising paradigm for secure communication, leveraging the fundamental principles of quantum mechanics to guarantee information confidentiality and integrity. In recent years, the field of quantum cryptography has witnessed remarkable advancements, and the integration of machine learning techniques has further accelerated its progress. This research paper presents a comprehensive review of the latest developments in quantum cryptography, with a specific focus on the utilization of machine learning algorithms to enhance its capabilities. The paper begins by providing an overview of the principles underlying quantum cryptography, such as quantum key distribution (QKD) and quantum secure direct communication (QSDC). Subsequently, it highlights the limitations of traditional quantum cryptographic schemes and introduces how machine learning approaches address these challenges, leading to improved performance and security. To illustrate the synergy between quantum cryptography and machine learning, several case studies are presented, showcasing successful applications of machine learning in optimizing key aspects of quantum cryptographic protocols. These applicatiocns encompass various tasks, including error correction, key rate optimization, protocol efficiency enhancement, and adaptive protocol selection. Furthermore, the paper delves into the potential risks and vulnerabilities introduced by integrating machine learning with quantum cryptography. The discussion revolves around adversarial attacks, model vulnerabilities, and potential countermeasures to bolster the robustness of machine learning-based quantum cryptographic systems. The future prospects of this combined field are also examined, highlighting potential avenues for further research and development. These include exploring novel machine learning architectures tailored for quantum cryptographic applications, investigating the interplay between quantum computing and machine learning in cryptographic protocols, and devising hybrid approaches that synergistically harness the strengths of both fields. In conclusion, this research paper emphasizes the significance of machine learning-enhanced advancements in quantum cryptography as a transformative force in securing future communication systems. The paper serves as a valuable resource for researchers, practitioners, and policymakers interested in understanding the state-of-the-art in this multidisciplinary domain and charting the course for its future advancements