Practical IBC Using Hybrid-Mode Problems: Factoring and Discrete Logarithm

Shamir proposed the concept of the ID-based cryptosystem (IBC) in 1984. Instead of generating and publishing a public key for each user, the ID-based scheme permits each user to choose his name or network address as his public key. This is advantageous to public-key cryptosystems because the public-key verification is so easy and direct. In such a way, a large public key file is not required. Since new cryptographic schemes always face security challenges and many integer factorization problem and discrete logarithm based cryptographic systems have been deployed, therefore, the purpose of this paper is to design practical IBC using hybrid mode problems factoring and discrete logarithm. We consider the security against a conspiracy of some entities in the proposed system and show the possibility of establishing a more secure system

Practical IBC using Hybrid-Mode Problems: Factoring and Discrete Logarithm

Shamir proposed the concept of the ID-based cryptosystem (IBC) in 1984. Instead of generating and publishing a public key for each user, the ID-based scheme permits each user to choose his name or network address as his public key. This is advantageous to public-key cryptosystems because the public-key verification is so easy and direct. In such a way, a large public key file is not required. Since new cryptographic schemes always face security challenges and many integer factorization problem and discrete logarithm based cryptographic systems have been deployed, therefore, the purpose of this paper is to design practical IBC using hybrid mode problems factoring and discrete logarithm. We consider the security against a conspiracy of some entities in the proposed system and show the possibility of establishing a more secure system

Roadmap on optical security

Postprint (author's final draft

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

From Pre-Quantum to Post-Quantum IoT Security: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things

© 2020 IEEE. This version of the article has been accepted for publication, after peer review. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.[Absctract]: Although quantum computing is still in its nascent age, its evolution threatens the most popular public-key encryption systems. Such systems are essential for today's Internet security due to their ability for solving the key distribution problem and for providing high security in insecure communications channels that allow for accessing websites or for exchanging e-mails, financial transactions, digitally signed documents, military communications or medical data. Cryptosystems like Rivest-Shamir-Adleman (RSA), elliptic curve cryptography (ECC) or Diffie-Hellman have spread worldwide and are part of diverse key Internet standards like Transport Layer Security (TLS), which are used both by traditional computers and Internet of Things (IoT) devices. It is especially difficult to provide high security to IoT devices, mainly because many of them rely on batteries and are resource constrained in terms of computational power and memory, which implies that specific energy-efficient and lightweight algorithms need to be designed and implemented for them. These restrictions become relevant challenges when implementing cryptosystems that involve intensive mathematical operations and demand substantial computational resources, which are often required in applications where data privacy has to be preserved for the long term, like IoT applications for defense, mission-critical scenarios or smart healthcare. Quantum computing threatens such a long-term IoT device security and researchers are currently developing solutions to mitigate such a threat. This article provides a survey on what can be called post-quantum IoT systems (IoT systems protected from the currently known quantum computing attacks): the main post-quantum cryptosystems and initiatives are reviewed, the most relevant IoT architectures and challenges are analyzed, and the expected future trends are indicated. Thus, this article is aimed at providing a wide view of post-quantum IoT security and give useful guidelines...This work was supported in part by the Xunta de Galicia under Grant ED431G2019/01, in part by the Agencia Estatal de Investigación of Spain under Grant TEC2016-75067-C4- 1-R and Grant RED2018-102668-T, and in part by ERDF funds of the EU (AEI/FEDER, UE).Xunta de Galicia; ED431G2019/0

An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations

With the expansion of wireless sensor networks (WSNs), the need for securing the data flow through these networks is increasing. These sensor networks allow for easy-to-apply and flexible installations which have enabled them to be used for numerous applications. Due to these properties, they face distinct information security threats. Security of the data flowing through across networks provides the researchers with an interesting and intriguing potential for research. Design of these networks to ensure the protection of data faces the constraints of limited power and processing resources. We provide the basics of wireless sensor network security to help the researchers and engineers in better understanding of this applications field. In this chapter, we will provide the basics of information security with special emphasis on WSNs. The chapter will also give an overview of the information security requirements in these networks. Threats to the security of data in WSNs and some of their counter measures are also presented

Joint block and stream cipher based on a modified skew tent map

Image encryption is very different from that of texts due to the bulk data capacity and the high redundancy of images. Thus, traditional methods are difficult to use for image encryption as their pseudo-random sequences have small space. Chaotic cryptography use chaos theory in specific systems working such as computing algorithms to accomplish dissimilar cryptographic tasks in a cryptosystem with a fast throughput. For higher security, encryption is the approach to guard information and prevent its leakage. In this paper, a hybrid encryption scheme that combines both stream and block ciphering algorithms is proposed in order to achieve the required level of security with the minimum encryption time. This scheme is based on an improved mathematical model to cover the defects in the previous discredited model proposed by Masuda. The proposed chaos-based cryptosystem uses the improved Skew Tent Map (STM) RQ-FSTM as a substitution layer. This map is based on a lookup table to overcome various problems, such as the fixed point, the key space restrictions, and the limitation of mapping between plain text and cipher text. It uses the same map as a generator to change the byte position to achieve the required confusion and diffusion effects. This modification improves the security level of the original STM. The robustness of the proposed cryptosystem is proven by the performance and the security analysis, as well as the high encryption speed. Depending on the results of the security analysis the proposed system has a better dynamic key space than previous ones using STM, a double encryption quality and a better security analysis than others in the literature with speed convenience to real-time applications

Privacy in Biometric Systems

Biometrics are physiological and/or behavioral characteristics of a person that have been used to provide an automatic proof of identity in a growing list of applications including crime/terrorism fighting, forensics, access and border control, securing e-/m-commerce transactions and service entitlements. In recent years, a great deal of research into a variety of new and traditional biometrics has widened the scope of investigations beyond improving accuracy into mechanisms that deal with serious concerns raised about the potential misuse of collected biometric data. Despite the long list of biometrics’ benefits, privacy concerns have become widely shared due to the fact that every time the biometric of a person is checked, a trace is left that could reveal personal and confidential information. In fact, biometric-based recognition has an inherent privacy problem as it relies on capturing, analyzing, and storing personal data about us as individuals. For example, biometric systems deal with data related to the way we look (face, iris), the way we walk (gait), the way we talk (speaker recognition), the way we write (handwriting), the way we type on a keyboard (keystroke), the way we read (eye movement), and many more. Privacy has become a serious concern for the public as biometric systems are increasingly deployed in many applications ranging from accessing our account on a Smartphone or computer to border control and national biometric cards on a very large scale. For example, the Unique Identification Authority of India (UIDAI) has issued 56 million biometric cards as of January 2014 [1], where each biometric card holds templates of the 10 fingers, the two irises and the face. An essential factor behind the growing popularity of biometrics in recent years is the fact that biometric sensors have become a lot cheaper as well as easier to install and handle. CCTV cameras are installed nearly everywhere and almost all Smartphones are equipped with a camera, microphone, fingerprint scanner, and probably very soon, an iris scanner

THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system

In this paper, we propose a new biometric verification and template protection system which we call the THRIVE system. The system includes novel enrollment and authentication protocols based on threshold homomorphic cryptosystem where the private key is shared between a user and the verifier. In the THRIVE system, only encrypted binary biometric templates are stored in the database and verification is performed via homomorphically randomized templates, thus, original templates are never revealed during the authentication stage. The THRIVE system is designed for the malicious model where the cheating party may arbitrarily deviate from the protocol specification. Since threshold homomorphic encryption scheme is used, a malicious database owner cannot perform decryption on encrypted templates of the users in the database. Therefore, security of the THRIVE system is enhanced using a two-factor authentication scheme involving the user's private key and the biometric data. We prove security and privacy preservation capability of the proposed system in the simulation-based model with no assumption. The proposed system is suitable for applications where the user does not want to reveal her biometrics to the verifier in plain form but she needs to proof her physical presence by using biometrics. The system can be used with any biometric modality and biometric feature extraction scheme whose output templates can be binarized. The overall connection time for the proposed THRIVE system is estimated to be 336 ms on average for 256-bit biohash vectors on a desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link connection speed. Consequently, the proposed system can be efficiently used in real life applications