Implementation Cryptography and Access Control on IoT-Based Warehouse Inventory Management System

Warehousing is a product storage management activity to ensure product availability, so inventory management is needed to oversee the movement of logistics and equipment. Some things need to be considered in the storage process, such as the suitability of the storage location, safe from theft, and safe from physical disturbances. Vulnerabilities can occur when unauthorized users find out information from the database regarding stored goods, so a security mechanism for the warehouse database is needed. In addition, proper identification needs to be made of someone trying to access the database. In this research, a Warehouse Inventory Management System (WIMS) was created by implementing the AES-128 cryptographic algorithm, which was built using ESP32 and Raspberry Pi 3 devices. Time Password (T-OTP). The results show that the built system can overcome inventory problems in conventional warehousing management systems and implement data security using the AES-128 algorithm. The application of two-factor authentication in the form of smartcards and T-OTP shows very good results in testing its accuracy to overcome the vulnerability of unauthorized access to the system databas

Improving Security of Crypto Wallets in Blockchain Technologies

A big challenge in blockchain and cryptocurrency is securing the private key from potential hackers. Nobody can rollback a transaction made with a stolen key once the network confirms it. The technical solution to protect private keys is the cryptocurrency wallet, software, hardware, or a combination to manage the keys. In this dissertation, we try to investigate the significant challenges in existing cryptocurrency wallets and propose innovative solutions. Firstly, almost all cryptocurrency wallets suffer from the lack of a secure and convenient backup and recovery process. We offer a new cryptographic scheme to securely back up a hardware wallet relying on the side-channel human visual verification on the hardware wallet. Another practical mechanism to protect the funds is splitting the money between two wallets with small and large amounts. We propose a new scheme to create hierarchical wallets that we call deterministic sub-wallet to achieve this goal. The user can send funds from the wallet with a large amount to a smaller one in a secure way. We propose a multilayered architecture for cryptocurrency wallets based on a Defense-in-Depth strategy to protect private keys with a balance between convenience and security. The user protects the private keys in three restricted layers with different protection mechanisms. Finally, we try to solve another challenge in cryptocurrencies, which is losing access to private keys by its user, resulting in inaccessible coins. We propose a new mechanism called lean recovery transaction to tackle this problem. We make a change in wallet key management to generate a recovery transaction when needed. We implement a proof-of-concept for all of our proposals on a resource-constraint hardware wallet with a secure element, an embedded display, and one physical button. Furthermore, we evaluate the performance of our implementation and analyze the security of our proposed mechanisms

Improving key exchange protocols based on sender and receiver electronic identification documents

Предмет рада докторске дисертације је сагледавање актуелних проблема везаних за појмове размена криптографских кључева и аутентификација корисника система за тајну комуникацију. Рад се бави анализом постојећих решења у области истраживања и развијањем сопственог система за тајну комуникацију. Научни циљ дисертације је унапређење протокола за размену криптографских кључева на бази личних идентификационих докумената. Извршена је анализа постојећих приступа у области истраживања с циљем да се побољша ниво заштите приликом тајне комуникације и добије основа за развој сопственог система. Комбиновањем криптографских метода које обезбеђују поверљивост, аутентичност и интегритет, уз примену стеганографских метода за размену информација на скривен начин, корисницима предложеног система се пружа могућност да на ефикасан и сигуран начин размењују тајне поруке. Анализом резултата истраживања закључено је да постоји оправданост употребе личних идентификационих докумената за размену криптографских кључева који се користе у тајној комуникацији

Secure Smart Card Signing With Time-Based Digital Signature

People use their personal computers, laptops, tablets and smart phones to digitally sign documents in company\u27s websites and other online electronic applications, and one of the main cybersecurity challenges in this process is trusted digital signature. While the majority of systems use password-based authentication to secure electronic signature, some more critical systems use USB token and smart card to prevent identity theft and implement the trusted digital signing process. Even though smart card provides stronger security, any weakness in the terminal itself can compromise the security of smart card. In this paper, we investigate current smart card digital signature, and illustrate well-known basic vulnerabilities of smart card terminal with the real implementation of two possible attacks including PIN sniffing and message alteration just before signing. As we focus on second attack in this paper, we propose a novel mechanism using time-based digital signing by smart card to defend against message alteration attack. Our prototype implementation and performance analysis illustrate that our proposed mechanism is feasible and provides stronger security. Our method uses popular timestamping protocol packets and does not require any new key distribution and certificate issuance