Modernizing Password Usage In Computing

A study of password usage and crypotography in computing culminates in the development of a password manager that improves users' password security. PassMan offers two-factor encrypted storage of user passwords and account information via the Yubikey, a common hardware authentication device, login auto-typing, password strength calculation, and customizable password generation. *Includes CD

Trustee: Full Privacy Preserving Vickrey Auction on top of Ethereum

The wide deployment of tokens for digital assets on top of Ethereum implies the need for powerful trading platforms. Vickrey auctions have been known to determine the real market price of items as bidders are motivated to submit their own monetary valuations without leaking their information to the competitors. Recent constructions have utilized various cryptographic protocols such as ZKP and MPC, however, these approaches either are partially privacy-preserving or require complex computations with several rounds. In this paper, we overcome these limits by presenting Trustee as a Vickrey auction on Ethereum which fully preserves bids' privacy at relatively much lower fees. Trustee consists of three components: a front-end smart contract deployed on Ethereum, an Intel SGX enclave, and a relay to redirect messages between them. Initially, the enclave generates an Ethereum account and ECDH key-pair. Subsequently, the relay publishes the account's address and ECDH public key on the smart contract. As a prerequisite, bidders are encouraged to verify the authenticity and security of Trustee by using the SGX remote attestation service. To participate in the auction, bidders utilize the ECDH public key to encrypt their bids and submit them to the smart contract. Once the bidding interval is closed, the relay retrieves the encrypted bids and feeds them to the enclave that autonomously generates a signed transaction indicating the auction winner. Finally, the relay submits the transaction to the smart contract which verifies the transaction's authenticity and the parameters' consistency before accepting the claimed auction winner. As part of our contributions, we have made a prototype for Trustee available on Github for the community to review and inspect it. Additionally, we analyze the security features of Trustee and report on the transactions' gas cost incurred on Trustee smart contract.Comment: Presented at Financial Cryptography and Data Security 2019, 3rd Workshop on Trusted Smart Contract

Exploiting an HMAC-SHA-1 optimization to speed up PBKDF2

PBKDF2 is a well-known password-based key derivation function. In order to slow attackers down, PBKDF2 introduces CPU-intensive operations based on an iterated pseudorandom function (in our case HMAC-SHA-1). If we are able to speed up a SHA-1 or an HMAC implementation, we are able to speed up PBKDF2-HMAC-SHA-1. This means that a performance improvement might be exploited by regular users and attackers. Interestingly, FIPS 198-1 suggests that it is possible to precompute first message block of a keyed hash function only once, store such a value and use it each time is needed. Therefore the computation of first message block does not contribute to slowing attackers down, thus making the computation of second message block crucial. In this paper we focus on the latter, investigating the possibility to avoid part of the HMAC-SHA-1 operations. We show that some CPU-intensive operations may be replaced with a set of equivalent, but less onerous, instructions. We identify useless XOR operations exploiting and extending Intel optimizations, and applying the Boyar-Peralta heuristic. In addition, we provide an alternative method to compute the SHA-1 message scheduling function and explain why attackers might exploit these findings to speed up a brute force attack against PBKDF2

A Solution for Privacy-Preserving and Security in Cloud for Document Oriented Data (By Using NoSQL Database)

Cloud computing delivers massively scalable computing resources as a service with Internet based technologies those can share resources within the cloud users. The cloud offers various types of services that majorly include infrastructure as services, platform as a service, and software as a service and security as a services and deployment model as well. The foremost issues in cloud data security include data security and user privacy, data protection, data availability, data location, and secure transmission. In now day, preserving-privacy of data and user, and manipulating query from big-data is the most challenging problem in the cloud. So many researches were conducted on privacy preserving techniques for sharing data and access control; secure searching on encrypted data and verification of data integrity. This work  included preserving-privacy of document oriented data security, user privacy in the three phases those are data security at rest, at process and at transit by using Full Homomorphic encryption and decryption scheme to achieve afore most mentioned goal. This work implemented on document oriented data only by using NoSQL database and  the encryption/decryption algorithm such as RSA and Paillier’s cryptosystem in Java package with MongoDB, Apache Tomcat Server 9.1, Python, Amazon Web Service mLab for MongoDB as remote server.  Keywords: Privacy-Preserving, NoSQL, MongoDB, Cloud computing, Homomorphic encryption/decryption, public key, private key, RSA Algorithm, Paillier’s cryptosystem DOI: 10.7176/CEIS/11-3-02 Publication date:May 31st 202

Lazy updates in key assignment schemes for hierarchical access control

Hierarchical access control policies are used to restrict access to objects by users based on their respective security labels. There are many key assignment schemes in the literature for implementing such policies using cryptographic mechanisms. Updating keys in such schemes has always been problematic, not least because many objects may be encrypted with the same key. We propose a number of techniques by which this process can be improved, making use of the idea of lazy key updates, which have been studied in the context of cryptographic file systems. We demonstrate in passing that schemes for lazy key updates can be regarded as simple instances of key assignment schemes. Finally, we illustrate the utility of our techniques by applying them to hierarchical file systems and to temporal access control policies

Recent Advancements on Symmetric Cryptography Techniques -A Comprehensive Case Study

Now a day2019;s Cryptography is one of the broad areas for researchers; because of the conventional block cipher has lost its potency due to the sophistication of modern systems that can break it by brute force. Due to its importance, several cryptography techniques and algorithms are adopted by many authors to secure the data, but still there is a scope to improve the previous approaches. For this necessity, we provide the comprehensive survey which will help the researchers to provide better techniques