The SM9 Cryptographic Schemes

SM9 is a Chinese official cryptography standard which defines a set of identity-based cryptographic schemes from pairings. This report describes the technical specification of SM9. The security of schemes is also analyzed

Security Analysis of Pairing-based Cryptography

Recent progress in number field sieve (NFS) has shaken the security of Pairing-based Cryptography. For the discrete logarithm problem (DLP) in finite field, we present the first systematic review of the NFS algorithms from three perspectives: the degree $\alpha$, constant $c$, and hidden constant $o(1)$ in the asymptotic complexity $L_Q\left(\alpha,c\right)$ and indicate that further research is required to optimize the hidden constant. Using the special extended tower NFS algorithm, we conduct a thorough security evaluation for all the existing standardized PF curves as well as several commonly utilized curves, which reveals that the BN256 curves recommended by the SM9 and the previous ISO/IEC standard exhibit only 99.92 bits of security, significantly lower than the intended 128-bit level. In addition, we comprehensively analyze the security and efficiency of BN, BLS, and KSS curves for different security levels. Our analysis suggests that the BN curve exhibits superior efficiency for security strength below approximately 105 bit. For a 128-bit security level, BLS12 and BLS24 curves are the optimal choices, while the BLS24 curve offers the best efficiency for security levels of 160bit, 192bit, and 256bit.Comment: 8 figures, 8 tables, 5121 word

A Regulatable Blockchain Transaction Model with Privacy Protection

Blockchain is a decentralized distributed ledger technology. The public chain represented by Bitcoin and Ethereum only realizes the limited anonymity of user identity, and the transaction amount is open to the whole network, resulting in user privacy leakage. Based on the existing anonymous technology, the concealment of the sender, receiver, amount of the transaction, and does not disclose any information, which makes the supervision difficult. Therefore, the design of blockchain scheme with privacy protection and supervision functions is of great significance. In this paper, a blockchain transaction model with both privacy and supervision function is proposed. It uses probability encryption to realize the hiding of the true identity of the blockchain transaction, and uses the commitment scheme and zero-knowledge proof technology to realize the privacy protection and guarantee legitimacy verification of the transaction. With the use of encryption technology, the regulators can supervise blockchain transactions without storing the users' information, which greatly reduces the pressure on storage, computing and key management. In addition, it does not rely on specific consensus mechanism and can be used as an independent module. The security performance analysis shows that the proposed scheme has great practicability and has potential application in many fields

A novel architecture to virtualise a hardware-bound trusted platform module

Security and trust are particularly relevant in modern softwarised infrastructures, such as cloud environments, as applications are deployed on platforms owned by third parties, are publicly accessible on the Internet and can share the hardware with other tenants. Traditionally, operating systems and applications have leveraged hardware tamper-proof chips, such as the Trusted Platform Modules (TPMs) to implement security workflows, such as remote attestation, and to protect sensitive data against software attacks. This approach does not easily translate to the cloud environment, wherein the isolation provided by the hypervisor makes it impractical to leverage the hardware root of trust in the virtual domains. Moreover, the scalability needs of the cloud often collide with the scarce hardware resources and inherent limitations of TPMs. For this reason, existing implementations of virtual TPMs (vTPMs) are based on TPM emulators. Although more flexible and scalable, this approach is less secure. In fact, each vTPM is vulnerable to software attacks both at the virtualised and hypervisor levels. In this work, we propose a novel design for vTPMs that provides a binding to an underlying physical TPM; the new design, akin to a virtualisation extension for TPMs, extends the latest TPM 2.0 specification. We minimise the number of required additions to the TPM data structures and commands so that they do not require a new, non-backwards compatible version of the specification. Moreover, we support migration of vTPMs among TPM-equipped hosts, as this is considered a key feature in a highly virtualised environment. Finally, we propose a flexible approach to vTPM object creation that protects vTPM secrets either in hardware or software, depending on the required level of assurance

Blockchain Securities Issues: Decentralized Identity System With Key Management Perspective

Blockchain was created many years ago to solve the problems of data transfer Integrity, several years later the issues persist. Blockchain securities are one of the most important considerations to be investigated, and data integrity is about ensuring the accuracy and validity of messages such that when they are read, they are the same as when they were first written. It is of the opinion that passing information across from one person to another cannot be the same as it was first said at the onset. Our work investigated Blockchain security issues, studying Integrity emanating from transactions across the blocks and how to deal with the securities issues. It also investigated decentralization and issues in blockchain to investigate how to mitigate the security issues associated with blockchain. It further discusses the use of key management in solving security issues in blockchain, viewing different key management systems of private and public keys, and solutions in addressing the blockchain problems. Lastly, we contributed the use of Decentralized Identity systems (DIDs) into the blockchain where we use a unique identifier, “ID.me” to verifier the individual credentials before any transaction, this was done by sending a digital ID through the issuer to the verifier to authenticate the integrity and identity of the holder and this proof worthy of protecting the information and maintaining the privacy of the user of the blockchain technology

Development of a model for smart card based access control in multi-user, multi-resource, multi-level access systems

The primary focus of this research is an examination of the issues involved in the granting of access in an environment characterised by multiple users, multiple resources and multiple levels of access permission. Increasing levels of complexity in automotive systems provides opportunities for improving the integration and efficiency of the services provided to the operator. The vehicle lease / hire environment provided a basis for evaluating conditional access to distributed, mobile assets where the principal medium for operating in this environment is the Smart Card. The application of Smart Cards to existing vehicle management systems requires control of access to motor vehicles, control of vehicle operating parameters and secure storage of operating information. The issues addressed include examination of the characteristics of the operating environment, development of a model and design, simulation and evaluation of a multiple application Smart Card. The functions provided by the card include identification and authentication, secure hash and encryption functions which may be applied, in general, to a wide range of access problems. Evaluation of the algorithms implemented indicate that the Smart Card design may be provably secure under single use conditions and conditionally secure under multiple use conditions. The simulation of the card design provided data to support further research and shows the design is practical and able to be implemented on current Smart Card types

A vulnerability assesment framework for the IMS

Includes bibliography.With multimedia services being made available via more and more devices to end users, it is no longer feasible to develop a delivery platform for each new type of service. The IP multimedia subsystem (IMS) aims to provide a unified service delivery platform capable of supporting a wide range of multimedia, data and voice services. It has been developed with a focus on content delivery and rich communications, and has already begun to replace existing legacy GSM network components. The IMS is intended to be an access agnostic platform, capable of providing services over both mobile and fixed networks using a multi-access all-IP platform. By providing a feature-rich all IP platform, operators are able to deploy open IP-based networks, allowing for easy deployment and development of new, rich multimedia centric communication services. With the IMS in place, an operator may take the role of a service broker, providing them with far more revenue generating opportunities than just traditional voice and data. Application services may leverage the functionality provided by the IMS to create new services quickly while allowing them to be easily integrated into the network infrastructure. With the IMS gaining more and more attention from telecoms operators, and already being adopted by some, the ability to assess the security of the system becomes critical to the success of the IMS platform. While the 3GPP has placed emphasis on security throughout the development of the IMS, implementation is left up to vendors looking to create their own IMS systems. Implementation specific vulnerabilities may be missed by standard quality assurance testing, as they may be triggered only by boundary or near boundary conditions, or non-standard or unexpected state transitions