Proving chaotic behaviour of CBC mode of operation

International audienceThe cipher block chaining (CBC) block cipher mode of operation was invented by IBM (International Business Machine) in 1976. It presents a very popular way of encrypting which is used in various applications. In this paper, we have mathematically proven that, under some conditions, the CBC mode of operation can admit a chaotic behaviour according to Devaney. Some cases will be properly studied in order to put in evidence this idea

Quantitative Evaluation of Chaotic CBC Mode of Operation

The cipher block chaining (CBC) block cipher mode of operation presents a very popular way of encrypting which is used in various applications. In previous research work, we have mathematically proven that, under some conditions, this mode of operation can admit a chaotic behavior according to Devaney. Proving that CBC mode is chaotic is only the beginning of the study of its security. The next step, which is the purpose of this paper, is to develop the quantitative study of the chaotic CBC mode of operation by evaluating the level of sensibility and expansivity for this mode.Comment: in International Conference on Advanced Technologies for Signal & Images Processing ATSIP'2016 , Mar 2016, Monastir, Tunisi

The dynamics of the CBC Mode of Operation

In cryptography, the Cipher Block Chaining (CBC), one of the most commonly used mode in recent years, is a mode of operation that uses a block cipher to provide confidentiality or authenticity. In our previous research work, we have shown that this mode of operation exhibits, under some conditions, a chaotic behaviour. We have studied this behaviour by evaluating both its level of sensibility and expansivity. In this paper, we intend to deepen the topological study of the CBC mode of operation and evaluate its property of topological mixing. Additionally, other quantitative evaluations are performed, and the level of topological entropy has been evaluated too.Comment: Nonlinearity, IOP Publishing, 2016. arXiv admin note: text overlap with arXiv:1601.0813

Security performance and protocol consideration in optical communication system with optical layer security enabled by optical coding techniques

With the fast development of communication systems, network security issues have more and more impact on daily life. It is essential to construct a high degree of optical layer security to resolve the security problem once and for all. Three different techniques which can provide optical layer security are introduced and compared. Optical chaos can be used for fast random number generation. Quantum cryptography is the most promising technique for key distribution. And the optical coding techniques can be deployed to encrypt the modulated signal in the optical layer. A mathematical equation has been derived from information theory to evaluate the information-theoretic security level of the wiretap channel in optical coding schemes. And the merits and limitation of two coherent optical coding schemes, temporal phase coding and spectral phase coding, have been analysed. The security scheme based on a reconfigurable optical coding device has been introduced, and the corresponding security protocol has been developed. By moving the encryption operation from the electronic layer to the optical layer, the modulated signals become opaque to the unauthorised users. Optical code distribution and authentication is the one of the major challenges for our proposed scheme. In our proposed protocol, both of the operations are covered and defined in detail. As a preliminary draft of the optical code security protocol, it could be a useful guidance for further research

Securing clouds using cryptography and traffic classification

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Over the last decade, cloud computing has gained popularity and wide acceptance, especially within the health sector where it offers several advantages such as low costs, flexible processes, and access from anywhere. Although cloud computing is widely used in the health sector, numerous issues remain unresolved. Several studies have attempted to review the state of the art in eHealth cloud privacy and security however, some of these studies are outdated or do not cover certain vital features of cloud security and privacy such as access control, revocation and data recovery plans. This study targets some of these problems and proposes protocols, algorithms and approaches to enhance the security and privacy of cloud computing with particular reference to eHealth clouds. Chapter 2 presents an overview and evaluation of the state of the art in eHealth security and privacy. Chapter 3 introduces different research methods and describes the research design methodology and processes used to carry out the research objectives. Of particular importance are authenticated key exchange and block cipher modes. In Chapter 4, a three-party password-based authenticated key exchange (TPAKE) protocol is presented and its security analysed. The proposed TPAKE protocol shares no plaintext data; all data shared between the parties are either hashed or encrypted. Using the random oracle model (ROM), the security of the proposed TPAKE protocol is formally proven based on the computational Diffie-Hellman (CDH) assumption. Furthermore, the analysis included in this chapter shows that the proposed protocol can ensure perfect forward secrecy and resist many kinds of common attacks such as man-in-the-middle attacks, online and offline dictionary attacks, replay attacks and known key attacks. Chapter 5 proposes a parallel block cipher (PBC) mode in which blocks of cipher are processed in parallel. The results of speed performance tests for this PBC mode in various settings are presented and compared with the standard CBC mode. Compared to the CBC mode, the PBC mode is shown to give execution time savings of 60%. Furthermore, in addition to encryption based on AES 128, the hash value of the data file can be utilised to provide an integrity check. As a result, the PBC mode has a better speed performance while retaining the confidentiality and security provided by the CBC mode. Chapter 6 applies TPAKE and PBC to eHealth clouds. Related work on security, privacy preservation and disaster recovery are reviewed. Next, two approaches focusing on security preservation and privacy preservation, and a disaster recovery plan are proposed. The security preservation approach is a robust means of ensuring the security and integrity of electronic health records and is based on the PBC mode, while the privacy preservation approach is an efficient authentication method which protects the privacy of personal health records and is based on the TPAKE protocol. A discussion about how these integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects follows. Distributed denial of service (DDoS) attacks are the second most common cybercrime attacks after information theft. The timely detection and prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. Chapter 7 presents a new classification system for detecting and preventing DDoS TCP flood attacks (CS_DDoS) for public clouds, particularly in an eHealth cloud environment. The proposed CS_DDoS system offers a solution for securing stored records by classifying incoming packets and making a decision based on these classification results. During the detection phase, CS_DDOS identifies and determines whether a packet is normal or from an attacker. During the prevention phase, packets classified as malicious are denied access to the cloud service, and the source IP is blacklisted. The performance of the CS_DDoS system is compared using four different classifiers: a least-squares support vector machine (LS-SVM), naïve Bayes, K-nearest-neighbour, and multilayer perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classifier is used. This combination can detect DDoS TCP flood attacks with an accuracy of approximately 97% and a Kappa coefficient of 0.89 when under attack from a single source, and 94% accuracy and a Kappa coefficient of 0.9 when under attack from multiple attackers. These results are then discussed in terms of the accuracy and time complexity, and are validated using a k-fold cross-validation model. Finally, a method to mitigate DoS attacks in the cloud and reduce excessive energy consumption through managing and limiting certain flows of packets is proposed. Instead of a system shutdown, the proposed method ensures the availability of service. The proposed method manages the incoming packets more effectively by dropping packets from the most frequent requesting sources. This method can process 98.4% of the accepted packets during an attack. Practicality and effectiveness are essential requirements of methods for preserving the privacy and security of data in clouds. The proposed methods successfully secure cloud projects and ensure the availability of services in an efficient way

Enhancement of Self-Organisation and Adaptivity in Laser Systems

Self-organisation is an inherent mechanism in all laser systems although it is often overlooked. The self formation of spatial and spectral modes, competition between modes and much spatio-temporal dynamics are driven by the intrinsic non-linearity of saturable gain in the laser amplifier medium coupled with feedback from a resonator structure. It is highly insightful to consider the growth, extinction and competition of modes in a laser system as an evolving ecosystem with modes as species growing by stimulated emission in the gain medium, decaying by intracavity and output coupling losses, and having to compete for the common, but finite, resource of gain which is supplied by an external excitation source. The outcome of species competition is a survival-of-the-fittest that determines the final steady-state output or dynamical set of modes that can continue to persist. This thesis presents investigations into the design solid-state laser systems which utilise the inherent dynamics of optical fields and gain media in order to self-organise the system to operate in a desirable manner. The Nd:YVO4 bounce geometry laser amplifier is employed throughout this thesis. A numerical investigation of the thermally induced lensing within the laser crystal is reported. Optimisation of the geometry parameters is explored as well as investigation into future developments, such as the utilisation of an additional sapphire crystal to directly cool the laser crystal pump face. This is shown to theoretically reduce the horizontal thermally induced lens strengths by a factor of 4. Single longitudinal mode single longitudinal mode (SLM) ring lasers where the unidirectionality is imposed either by an extra-cavity ‘parasitic’ pass of the gain media or by retro-reflection of one of the two outputs are investigated. SLM TEM00 output powers of up to 20W are demonstrated without the need for a Faraday isolator. A self-adaptive sensor which allows the measurement of remote surface vibrations is demonstrated. The two-wave mixing interaction within a saturable gain media is shown to allow measurement of high frequency phase modulations (>10kHz) whilst adapting to cancel out low frequency perturbations. This sensor system is shown to have potential as a remote ultrasound detector as the holographic nature allows high frequency measurement of the vibrations of rough remote surfaces. Self-starting self-adaptive lasers, where a four wave mixing interaction within the saturable gain medium is utilised to generate phase conjugate and aberration corrective laser systems are experimentally investigated. This work is extended to show that the gain hologram is capable of adapting to low frequency phase modulations in order to maintain a high quality output. A demonstration of self-organised coherent beam combination of two bounce geometry laser oscillators into a single output beam is reported. A combined output beam of 35.7W was demonstrated from 94W of pump power. This coherent beam combination is extended into the technique of phase conjugate self-organised coherent beam combination (PCSOCBC) where a first demonstration of the combination of two self-starting self-adaptive modules is reported. It is shown that the adaptive modules allow efficient beam combination (94%) with a combined output of 27W. As the self-starting self-adaptive modules do not have predefined spatial or spectral modes it is believed that this system could be scaled to much higher numbers of modules than is possible with conventional self-organised coherent beam combination

A Low-Energy Security Solution for IoT-Based Smart Farms

This work proposes a novel configuration of the Transport Layer Security protocol (TLS), suitable for low energy Internet of Things (IoT), applications. The motivation behind the redesign of TLS is energy consumption minimisation and sustainable farming, as exemplified by an application domain of aquaponic smart farms. The work therefore considers decentralisation of a formerly centralised security model, with a focus on reducing energy consumption for battery powered devices. The research presents a four-part investigation into the security solution, composed of a risk assessment, energy analysis of authentication and data exchange functions, and finally the design and verification of a novel consensus authorisation mechanism. The first investigation considered traditional risk-driven threat assessment, but to include energy reduction, working towards device longevity within a content-oriented framework. Since the aquaponics environments include limited but specific data exchanges, a content-oriented approach produced valuable insights into security and privacy requirements that would later be tested by implementing a variety of mechanisms available on the ESP32. The second and third investigations featured the energy analysis of authentication and data exchange functions respectively, where the results of the risk assessment were implemented to compare the re-configurations of TLS mechanisms and domain content. Results concluded that selective confidentiality and persistent secure sessions between paired devices enabled considerable improvements for energy consumptions, and were a good reflection of the possibilities suggested by the risk assessment. The fourth and final investigation proposed a granular authorisation design to increase the safety of access control that would otherwise be binary in TLS. The motivation was for damage mitigation from inside attacks or network faults. The approach involved an automated, hierarchy-based, decentralised network topology to reduce data duplication whilst still providing robustness beyond the vulnerability of central governance. Formal verification using model-checking indicated a safe design model, using four automated back-ends. The research concludes that lower energy IoT solutions for the smart farm application domain are possible

CBR and MBR techniques: review for an application in the emergencies domain

The purpose of this document is to provide an in-depth analysis of current reasoning engine practice and the integration strategies of Case Based Reasoning and Model Based Reasoning that will be used in the design and development of the RIMSAT system. RIMSAT (Remote Intelligent Management Support and Training) is a European Commission funded project designed to: a.. Provide an innovative, 'intelligent', knowledge based solution aimed at improving the quality of critical decisions b.. Enhance the competencies and responsiveness of individuals and organisations involved in highly complex, safety critical incidents - irrespective of their location. In other words, RIMSAT aims to design and implement a decision support system that using Case Base Reasoning as well as Model Base Reasoning technology is applied in the management of emergency situations. This document is part of a deliverable for RIMSAT project, and although it has been done in close contact with the requirements of the project, it provides an overview wide enough for providing a state of the art in integration strategies between CBR and MBR technologies.Postprint (published version