Enhancement of Secrecy of Block Ciphered Systems by Deliberate Noise

This paper considers the problem of end-end security enhancement by resorting to deliberate noise injected in ciphertexts. The main goal is to generate a degraded wiretap channel in application layer over which Wyner-type secrecy encoding is invoked to deliver additional secure information. More specifically, we study secrecy enhancement of DES block cipher working in cipher feedback model (CFB) when adjustable and intentional noise is introduced into encrypted data in application layer. A verification strategy in exhaustive search step of linear attack is designed to allow Eve to mount a successful attack in the noisy environment. Thus, a controllable wiretap channel is created over multiple frames by taking advantage of errors in Eve's cryptanalysis, whose secrecy capacity is found for the case of known channel states at receivers. As a result, additional secure information can be delivered by performing Wyner type secrecy encoding over super-frames ahead of encryption, namely, our proposed secrecy encoding-then-encryption scheme. These secrecy bits could be taken as symmetric keys for upcoming frames. Numerical results indicate that a sufficiently large secrecy rate can be achieved by selective noise addition.Comment: 11 pages, 8 figures, journa

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

Achievable secrecy enchancement through joint encryption and privacy amplification

In this dissertation we try to achieve secrecy enhancement in communications by resorting to both cryptographic and information theoretic secrecy tools and metrics. Our objective is to unify tools and measures from cryptography community with techniques and metrics from information theory community that are utilized to provide privacy and confidentiality in communication systems. For this purpose we adopt encryption techniques accompanied with privacy amplification tools in order to achieve secrecy goals that are determined based on information theoretic and cryptographic metrics. Every secrecy scheme relies on a certain advantage for legitimate users over adversaries viewed as an asymmetry in the system to deliver the required security for data transmission. In all of the proposed schemes in this dissertation, we resort to either inherently existing asymmetry in the system or proactively created advantage for legitimate users over a passive eavesdropper to further enhance secrecy of the communications. This advantage is manipulated by means of privacy amplification and encryption tools to achieve secrecy goals for the system evaluated based on information theoretic and cryptographic metrics. In our first work discussed in Chapter 2 and the third work explained in Chapter 4, we rely on a proactively established advantage for legitimate users based on eavesdropper’s lack of knowledge about a shared source of data. Unlike these works that assume an errorfree physical channel, in the second work discussed in Chapter 3 correlated erasure wiretap channel model is considered. This work relies on a passive and internally existing advantage for legitimate users that is built upon statistical and partial independence of eavesdropper’s channel errors from the errors in the main channel. We arrive at this secrecy advantage for legitimate users by exploitation of an authenticated but insecure feedback channel. From the perspective of the utilized tools, the first work discussed in Chapter 2 considers a specific scenario where secrecy enhancement of a particular block cipher called Data Encryption standard (DES) operating in cipher feedback mode (CFB) is studied. This secrecy enhancement is achieved by means of deliberate noise injection and wiretap channel encoding as a technique for privacy amplification against a resource constrained eavesdropper. Compared to the first work, the third work considers a more general framework in terms of both metrics and secrecy tools. This work studies secrecy enhancement of a general cipher based on universal hashing as a privacy amplification technique against an unbounded adversary. In this work, we have achieved the goal of exponential secrecy where information leakage to adversary, that is assessed in terms of mutual information as an information theoretic measure and Eve’s distinguishability as a cryptographic metric, decays at an exponential rate. In the second work generally encrypted data frames are transmitted through Automatic Repeat reQuest (ARQ) protocol to generate a common random source between legitimate users that later on is transformed into information theoretically secure keys for encryption by means of privacy amplification based on universal hashing. Towards the end, future works as an extension of the accomplished research in this dissertation are outlined. Proofs of major theorems and lemmas are presented in the Appendix

Shake well before use: Authentication based on Accelerometer Data

Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method

Adaptive Encryption Techniques In Wireless Communication Channels With Tradeoffs Between Communication Reliability And Security

Encryption is a vital process to ensure the confidentiality of the information transmitted over an insecure wireless channel. However, the nature of the wireless channel tends to deteriorate because of noise, interference and fading. Therefore, a symmetrically encrypted transmitted signal will be received with some amount of error. Consequently, due to the strict avalanche criterion (sac), this error propagates during the decryption process, resulting in half the bits (on average) after decryption to be in error. In order to alleviate this amount of error, smart coding techniques and/or new encryption algorithms that take into account the nature of wireless channels are required. The solution for this problem could involve increasing the block and key lengths which might degrade the throughput of the channel. Moreover, these solutions might significantly increase the complexity of the encryption algorithms and hence to increase the cost of its implementation and use. Two main approaches have been folloto solve this problem, the first approach is based on developing an effective coding schemes and mechanisms, in order to minimize and correct the errors introduced by the channel. The second approach is more focused on inventing and implementing new encryption algorithms that encounter less error propagation, by alleviating the sac effect. Most of the research done using these two approaches lacked the comprehensiveness in their designs. Some of these works focused on improving the error performance and/or enhancing the security on the cost of complexity and throughput. In this work, we focus on solving the problem of encryption in wireless channels in a comprehensive way that considers all of the factors in its structure (error performance, security and complexity). New encryption algorithms are proposed, which are modifications to the standardized encryption algorithms and are shown to outperform the use of these algorithms in wireless channels in terms of security and error performance with a slight addition in the complexity. We introduce new modifications that improve the error performance for a certain required security level while achieving the highest possible throughput. We show how our proposed algorithm outperforms the use of other encryption algorithms in terms of the error performance, throughput, complexity, and is secure against all known encryption attacks. In addition, we study the effect of each round and s-box in symmetric encryption algorithms on the overall probability of correct reception at the receiver after encryption and the effect on the security is analyzed as well. Moreover, we perform a complete security, complexity and energy consumption analysis to evaluate the new developed encryption techniques and procedures. We use both analytical computations and computer simulations to evaluate the effectiveness of every modification we introduce in our proposed designs

Implementation and Benchmarking of a Crypto Processor for a NB-IoT SoC Platform

The goal of this Master’s Thesis is to investigate the implementation of cryptographic algorithms for IoT and how these encryption systems can be integrated in a NarrowBand IoT platform. Following 3rd Generation Partnership Project (3GPP) specifications, the Evolved Packet System (EPS) Encryption Algorithms (EEA) and EPS Integrity Algorithms (EIA) have been implemented and tested. The latter are based on three different ciphering algorithms, used as keystream generators: Advanced Encryption Standard (AES), SNOW 3G and ZUC. These algorithms are used in Long Term Evolution (LTE) terminals to perform user data confidentiality and integrity protection. In the first place, a thorough study of the algorithms has been conducted. Then, we have used Matlab to generate a reference model of the algorithms and the High-Level Synthesis (HLS) design flow to generate the Register-Transfer Level (RTL) description from algorithmic descriptions in C++. The keystream generation and integrity blocks have been tested at RTL level. The confidentiality block has been described along with the control, datapath and interface block at a RTL level using System C language. The hardware blocks have been integrated into a processor capable of performing hardware confidentiality and integrity protection: the crypto processor. This Intellectual Property (IP) has been integrated and tested in a cycle accurate virtual platform. The outcome of this Master’s Thesis is a crypto processor capable of performing the proposed confidentiality and integrity algorithms under request.The Internet of Things (IoT) is one of the big revolutions that our society is expected to go through in the near future. This represents the inter-connection of devices, sensors, controllers, and any items, refereed as things, through a network that enables machine-to-machine communication. The number of connected devices will greatly increase. The applications taking advantage of IoT will enable to develop a great amount of technologies such as smart homes, smart cities and intelligent transportation. The possibilities allowed are huge and not yet fully explored. Picture yourself in the near future having a nice dinner with some friends. Then, you suddenly recall that your parking ticket expires in five minutes and unfortunately your car is parked some blocks away. You are having a good time and feel lazy to walk all the way to where you parked your car to pay for a time extension. Luckily enough, the parking meter is part of the IoT network and allows you, with the recently installed new application in your smart-phone, to pay this bill from anywhere you are. This payment will be sent to the parking meter and your time will be extended. Problem solved, right? Well, the risk comes when you perform your payment, not knowing that your "worst enemy" has interceded this communication and is able to alter your transaction. Perhaps, this individual decides to cancel your payment and you will have to pay a fine. Or even worse, this person steals your banking details and uses your money to take the vacations you’ve always wanted. There are many examples in our everyday life where we expose our personal information. With an increasing number of devices existing and using wireless communications without the action of an human, the security is a key aspect of IoT. This Master’s Thesis addresses the need to cover these security breaches in a world where an increasing amount of devices are communicating with each other. With the expansion of IoT where billions of devices will be connected wirelessly, our data will be widely spread over the air. The user will not be able to protect their sensible data without these securing capabilities. Therefore, different security algorithms used in today’s and tomorrow’s wireless technologies have been implemented on a chip to secure the communication. The confidentiality and integrity algorithms aim to solve the two aspects of the problem: protect the secrecy of banking details and prevent the alteration of the communication’s information. In this Master’s Thesis we have developed a hardware processor for securing data during a wireless communication, specifically designed for IoT applications. The developed system is realized with minimal area and power in mind, so that they can be fitted even in the smallest devices. We have compared many different hardware architectures, and after exploring many possible implementations, we have implemented the security algorithms on a hardware platform. We believe the content of this Thesis work is of great interest to anybody interested in hardware security applied to the IoT field. Furthermore, due to the processes and methodology used in this work, it will also be of interest to people who want to know more about how higher level programming languages can be used to describe such a specialized circuit, like one performing security algorithms. Finally, people interested in hardware and software co-simulation will find in this project a good example of the utilization of such system modeling technique

Performance Evaluation of Multimedia Transmission over Error-Prone Wireless Channel Using Block and Stream Ciphers.

Network security is one of the crucial topics discussed nowadays, as the world is emerging towards new systems and technologies such as Artificial Intelligence (AI), blockchain, and Internet of Things (IoT). Cryptography plays an important role in managing and providing security services to the information stored and exchanged over the digital network. Cryptographic algorithms are integrated in many of our daily life systems and applications such as: smart cards, electronic devices, mobile applications, and many social media platforms. Therefore, it is important to study the features of the existing cryptographic algorithms to find trends between stream ciphers and block ciphers. Since block ciphers operate at a fixed block size, it is very difficult to apply them in applications that require transmission of large amount of data over error-prone channels. In addition, the avalanche property in block ciphers cause error propagation from a single bit error, resulting in significant corruption to the whole data block. Therefore, cipher block modes of operation are used with the symmetric block ciphers to generate larger stream of input and providing security at the bit level to protect large data from error propagation. In this project, two simulations are conducted to evaluate block and stream ciphers over an error-prone wireless channel in terms of image error rate and time complexity. The first simulation compares the performance of the Rivest (RC4) stream cipher with the following block ciphers: Data Encryption Standard (DES), 3DES and Advanced Encryption Standard (AES). The second simulation examines how the following modes of operation: Cipher Block Chaining (CBC), Cipher Feed-Back (CFB) and Counter (CTR) applied to the AES would enhance the performance of AES compared to RC4. The results show a trade-off in the performance of the algorithms in terms of speed, security, and resistant to channel errors. Stream ciphers are faster and more efficient at localizing errors at a bit level, yet block ciphers are more secure. However, using the modes of operation with AES, the AES-CTR cipher was able to eliminate error propagation more than RC4. In terms of speed, the AES-CTR processed the data with less time compared to AES, but it required more time than RC4