Education and Research Integration of Emerging Multidisciplinary Medical Devices Security

Traditional embedded systems such as secure smart cards and nano-sensor networks have been utilized in various usage models. Nevertheless, emerging secure deeply-embedded systems, e.g., implantable and wearable medical devices, have comparably larger “attack surface”. Specifically, with respect to medical devices, a security breach can be life-threatening (for which adopting traditional solutions might not be practical due to tight constraints of these often-battery-powered systems), and unlike traditional embedded systems, it is not only a matter of financial loss. Unfortunately, although emerging cryptographic engineering research mechanisms for such deeply-embedded systems have started solving this critical, vital problem, university education (at both graduate and undergraduate level) lags comparably. One of the pivotal reasons for such a lag is the multi-disciplinary nature of the emerging security bottlenecks. Based on the aforementioned motivation, in this work, at Rochester Institute of Technology, we present an effective research and education integration strategy to overcome this issue in one of the most critical deeply-embedded systems, i.e., medical devices. Moreover, we present the results of two years of implementation of the presented strategy at graduate-level through fault analysis attacks, a variant of side-channel attacks. We note that the authors also supervise an undergraduate student and the outcome of the presented work has been assessed for that student as well; however, the emphasis is on graduate-level integration. The results of the presented work show the success of the presented methodology while pinpointing the challenges encountered compared to traditional embedded system security research/teaching integration of medical devices security. We would like to emphasize that our integration approaches are general and scalable to other critical infrastructures as well

A Quantum Safe Key Hierarchy and Dynamic Security Association for LTE/SAE in 5G Scenario

Millions of devices are going to participate in 5G producing a huge space for security threats. The 5G specification goals require rigid and robust security protocol against such threats. Quantum cryptography is a recently emerged term in which we test the robustness of security protocols against Quantum computers. Therefore, in this paper, we propose a security protocol called Quantum Key GRID for Authentication and Key Agreement (QKG-AKA) scheme for the dynamic security association. This scheme is efficiently deployed in Long Term Evolution (LTE) architecture without any significant modifications in the underlying base system. The proposed QKGAKA mechanism is analyzed for robustness and proven safe against quantum computers. The simulation results and performance analysis show drastic improvement regarding security and key management over existing schemes

A post-quantum digital signature scheme based on supersingular isogenies

We present the first general-purpose digital signature scheme based on supersingular elliptic curve isogenies secure against quantum adversaries in the quantum random oracle model with small key sizes. This scheme is an application of Unruh’s construction of non-interactive zero-knowledge proofs to an interactive zero-knowledge proof proposed by De Feo, Jao, and Plut. We implement our proposed scheme on an x86- 64 PC platform as well as an ARM-powered device. We exploit the stateof-the-art techniques to speed up the computations for general C and assembly. Finally, we provide timing results for real world applications

Quantum computing challenges in the software industry. A fuzzy AHP-based approach

publishedVersio

Quantum computing challenges in the software industry. A fuzzy AHP-based approach

ContextThe current technology revolution has posed unexpected challenges for the software industry. In recent years, the field of quantum computing (QC) technologies has continued to grow in influence and maturity, and it is now poised to revolutionise software engineering. However, the evaluation and prioritisation of QC challenges in the software industry remain unexplored, relatively under-identified and fragmented.ObjectiveThe purpose of this study is to identify, examine and prioritise the most critical challenges in the software industry by implementing a fuzzy analytic hierarchy process (F-AHP).MethodFirst, to identify the key challenges, we conducted a systematic literature review by drawing data from the four relevant digital libraries and supplementing these efforts with a forward and backward snowballing search. Second, we followed the F-AHP approach to evaluate and rank the identified challenges, or barriers.ResultsThe results show that the key barriers to QC adoption are the lack of technical expertise, information accuracy and organisational interest in adopting the new process. Another critical barrier is the lack of standards of secure communication techniques for implementing QC.ConclusionBy applying F-AHP, we identified institutional barriers as the highest and organisational barriers as the second highest global weight ranked categories among the main QC challenges facing the software industry. We observed that the highest-ranked local barriers facing the software technology industry are the lack of resources for design and initiative while the lack of organisational interest in adopting the new process is the most significant organisational barrier. Our findings, which entail implications for both academicians and practitioners, reveal the emergent nature of QC research and the increasing need for interdisciplinary research to address the identified challenges.</p

Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves

To the best of our knowledge, we present the first hardware implementation of isogeny-based cryptography available in the literature. Particularly, we present the first implementation of the supersingular isogeny Diffie-Hellman (SIDH) key exchange, which features quantum-resistance. We optimize this design for speed by creating a high throughput multiplier unit, taking advantage of parallelization of arithmetic in Fp2, and minimizing pipeline stalls with optimal scheduling. Consequently, our results are also faster than software libraries running affine SIDH even on Intel Haswell processors. For our implementation at 85-bit quantum security and 128-bit classical security, we generate ephemeral public keys in 1.655 million cycles for Alice and 1.490 million cycles for Bob. We generate the shared secret in an additional 1.510 million cycles for Alice and 1.312 million cycles for Bob. On a Virtex-7, these results are approximately 1.5 times faster than known software implementations running the same 512-bit SIDH. Our results and observations show that the isogeny-based schemes can be implemented with high efficiency on reconfigurable hardware