A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder

On the Development of Novel Encryption Methods for Conventional and Biometric Images

Information security refers to the technique of protecting information from unauthorized access, use, disclosure, disruption and modification. Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic media and transmitted across networks to other computers. Encryption clearly addresses the need for confidentiality of information, in process of storage and transmission. Popular application of multimedia technology and increasingly transmission ability of network gradually leads us to acquire information directly and clearly through images and hence the security of image data has become inevitable. Moreover in the recent years, biometrics is gaining popularity for security purposes in many applications. However, during communication and transmission over insecure network channels it has some risks of being hacked, modified and reused. Hence, there is a strong need to protect biometric images during communication and transmission. In this thesis, attempts have been made to encrypt image efficiently and to enhance the security of biometrics images during transmission. In the first contribution, three different key matrix generation methods invertible, involuntary, and permutation key matrix generation have been proposed. Invertible and involuntary key matrix generation methods solves the key matrix inversion problem in Hill cipher. Permutation key matrix generation method increases the Hill system’s security. The conventional Hill cipher technique fails to encrypt images properly if the image consists of large area covered with same colour or gray level. Thus, it does not hide all features of the image which reveals patterns in the plaintext. Moreover, it can be easily broken with a known plaintext attack revealing weak security. To address these issues two different techniques are proposed, those are advanced Hill cipher algorithm and H-S-X cryptosystem to encrypt the images properly. Security analysis of both the techniques reveals superiority of encryption and decryption of images. On the other hand, H-S-X cryptosystem has been used to instil more diffusion and confusion on the cryptanalysis. FPGA implementation of both the proposed techniques has been modeled to show the effectiveness of both the techniques. An extended Hill cipher algorithm based on XOR and zigzag operation is designed to reduce both encryption and decryption time. This technique not only reduces the encryption and decryption time but also ensures no loss of data during encryption and decryption process as compared to other techniques and possesses more resistance to intruder attack. The hybrid cryptosystem which is the combination of extended Hill cipher technique and RSA algorithm has been implemented to solve the key distribution problem and to enhance the security with reduced encryption and decryption time. Two distinct approaches for image encryption are proposed using chaos based DNA coding along with shifting and scrambling or poker shuffle to create grand disorder between the pixels of the images. In the first approach, results obtained from chaos based DNA coding scheme is shifted and scrambled to provide encryption. On the other hand in the second approach the results obtained from chaos based DNA coding encryption is followed by poker shuffle operation to generate the final result. Simulated results suggest performance superiority for encryption and decryption of image and the results obtained have been compared and discussed. Later on FPGA implementation of proposed cryptosystem has been performed. In another contribution, a modified Hill cipher is proposed which is the combination of three techniques. This proposed modified Hill cipher takes advantage of all the three techniques. To acquire the demands of authenticity, integrity, and non-repudiation along with confidentiality, a novel hybrid method has been implemented. This method has employed proposed modified Hill cipher to provide confidentiality. Produced message digest encrypted by private key of RSA algorithm to achieve other features such as authenticity, integrity, and non-repudiation To enhance the security of images, a biometric cryptosystem approach that combines cryptography and biometrics has been proposed. Under this approach, the image is encrypted with the help of fingerprint and password. A key generated with the combination of fingerprint and password and is used for image encryption. This mechanism is seen to enhance the security of biometrics images during transmission. Each proposed algorithm is studied separately, and simulation experiments are conducted to evaluate their performance. The security analyses are performed and performance compared with other competent schemes

Secure authentication for remote patient monitoring withwireless medical sensor networks

There is broad consensus that remote health monitoring will benefit all stakeholders in the healthcare system and that it has the potential to save billions of dollars. Among the major concerns that are preventing the patients from widely adopting this technology are data privacy and security. Wireless Medical Sensor Networks (MSNs) are the building blocks for remote health monitoring systems. This paper helps to identify the most challenging security issues in the existing authentication protocols for remote patient monitoring and presents a lightweight public-key-based authentication protocol for MSNs. In MSNs, the nodes are classified into sensors that report measurements about the human body and actuators that receive commands from the medical staff and perform actions. Authenticating these commands is a critical security issue, as any alteration may lead to serious consequences. The proposed protocol is based on the Rabin authentication algorithm, which is modified in this paper to improve its signature signing process, making it suitable for delay-sensitive MSN applications. To prove the efficiency of the Rabin algorithm, we implemented the algorithm with different hardware settings using Tmote Sky motes and also programmed the algorithm on an FPGA to evaluate its design and performance. Furthermore, the proposed protocol is implemented and tested using the MIRACL (Multiprecision Integer and Rational Arithmetic C/C++) library. The results show that secure, direct, instant and authenticated commands can be delivered from the medical staff to the MSN nodes. © 2016 by the authors; licensee MDPI, Basel, Switzerland

Secure Authentication for Remote Patient Monitoring with Wireless Medical Sensor Networks.

There is broad consensus that remote health monitoring will benefit all stakeholders in the healthcare system and that it has the potential to save billions of dollars. Among the major concerns that are preventing the patients from widely adopting this technology are data privacy and security. Wireless Medical Sensor Networks (MSNs) are the building blocks for remote health monitoring systems. This paper helps to identify the most challenging security issues in the existing authentication protocols for remote patient monitoring and presents a lightweight public-key-based authentication protocol for MSNs. In MSNs, the nodes are classified into sensors that report measurements about the human body and actuators that receive commands from the medical staff and perform actions. Authenticating these commands is a critical security issue, as any alteration may lead to serious consequences. The proposed protocol is based on the Rabin authentication algorithm, which is modified in this paper to improve its signature signing process, making it suitable for delay-sensitive MSN applications. To prove the efficiency of the Rabin algorithm, we implemented the algorithm with different hardware settings using Tmote Sky motes and also programmed the algorithm on an FPGA to evaluate its design and performance. Furthermore, the proposed protocol is implemented and tested using the MIRACL (Multiprecision Integer and Rational Arithmetic C/C++) library. The results show that secure, direct, instant and authenticated commands can be delivered from the medical staff to the MSN nodes

Authentication Methods and Password Cracking

Na začátku této práce porovnáváme dnes běžně používané metody autentizace a také mluvíme o historii, současnosti a budoucnosti zabezpečení hesel. Později využíváme nástroj Hashcat k experimentům s útoky hrubou silou a slovníkovými útoky, které zrychlujeme s pomocí Markovových modelů a pravidel pro manipulaci se slovy. Porovnáváme také dva hardwarové přístupy --- běžný počítač a cloud computing. Nakonec na základě našich poznatků práci uzavíráme souborem doporučení na prolamování hesel s důrazem na hardware, velikost datové sady a použitou hašovací funkci.In the beginning of this thesis, we compare authentication methods commonly used today and dive into the history, state of the art as well as the future of password security. Later on, we use the tool Hashcat to experiment with brute-force and dictionary attacks accelerated with Markov models and word mangling rules. We also compare two hardware approaches --- regular computer and cloud computing. Based on our findings, we finally conclude with a set of password-cracking recommendations with focus on hardware, dataset size and used hash function

Exploitation of Unintentional Information Leakage from Integrated Circuits

Unintentional electromagnetic emissions are used to recognize or verify the identity of a unique integrated circuit (IC) based on fabrication process-induced variations in a manner analogous to biometric human identification. The effectiveness of the technique is demonstrated through an extensive empirical study, with results presented indicating correct device identification success rates of greater than 99:5%, and average verification equal error rates (EERs) of less than 0:05% for 40 near-identical devices. The proposed approach is suitable for security applications involving commodity commercial ICs, with substantial cost and scalability advantages over existing approaches. A systematic leakage mapping methodology is also proposed to comprehensively assess the information leakage of arbitrary block cipher implementations, and to quantitatively bound an arbitrary implementation\u27s resistance to the general class of differential side channel analysis techniques. The framework is demonstrated using the well-known Hamming Weight and Hamming Distance leakage models, and approach\u27s effectiveness is demonstrated through the empirical assessment of two typical unprotected implementations of the Advanced Encryption Standard. The assessment results are empirically validated against correlation-based differential power and electromagnetic analysis attacks

A Novel Secure Patient Data Transmission through Wireless Body Area Network: Health Tele-Monitoring

The security of sensitive data obtained from a patient has not been implemented properly because of energy issues of sensor nodes in Wireless Body Area Network (WBAN) and constrained resources such as computational power and low battery life. The main of this paper is to enhance the security level of data transmission between patient and health service provider by considering the availability of energy at sensor nodes. The proposed system consists of a hybrid Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC), which provides simple, fast and high cryptographic strength of data security. ECC is used for securing AES encryption keys, and AES algorithm is used for encrypting/decrypting text. A scenario where sensor nodes are continuously supplied energy from solar power is considered and based upon the energy availability; respective encryption technique is implemented. The result shows that the proposed EEHEE algorithm increases the encryption of the data file by more than 19% compared to the State of Art's solution. The proposed EEHEE system is 11% faster in encrypting data file and reduces the energy consumption by 34 % compared to the current best solution.  The proposed system concentrates on reducing the energy consumption in WBAN and increasing cryptographic strength to the system by using the hybrid symmetric and asymmetric algorithm. Thus, this study provides an efficient scheme to enhance security for real-time data transmission in telemedicine

Improvement security in e-business systems using hybrid algorithm

E-business security becomes an important issue in the development of technology, to ensure the safety and comfort of transactions in the exchange of information is privacy. This study aims to improve security in e-business systems using a hybrid algorithm that combines two types of keys, namely symmetric and asymmetric keys. Encryption and decryption of messages or information carried by a symmetric key using the simple symmetric key algorithm and asymmetric keys using the Rivest Shamir Adleman (RSA) algorithm. The proposed hybrid algorithm requires a high running time in the decryption process compared to the application of a single algorithm. The level of security is stronger because it implements the process of message encryption techniques with two types of keys simultaneously