Analysis and Design Security Primitives Based on Chaotic Systems for eCommerce

Security is considered the most important requirement for the success of electronic commerce, which is built based on the security of hash functions, encryption algorithms and pseudorandom number generators. Chaotic systems and security algorithms have similar properties including sensitivity to any change or changes in the initial parameters, unpredictability, deterministic nature and random-like behaviour. Several security algorithms based on chaotic systems have been proposed; unfortunately some of them were found to be insecure and/or slow. In view of this, designing new secure and fast security algorithms based on chaotic systems which guarantee integrity, authentication and confidentiality is essential for electronic commerce development. In this thesis, we comprehensively explore the analysis and design of security primitives based on chaotic systems for electronic commerce: hash functions, encryption algorithms and pseudorandom number generators. Novel hash functions, encryption algorithms and pseudorandom number generators based on chaotic systems for electronic commerce are proposed. The securities of the proposed algorithms are analyzed based on some well-know statistical tests in this filed. In addition, a new one-dimensional triangle-chaotic map (TCM) with perfect chaotic behaviour is presented. We have compared the proposed chaos-based hash functions, block cipher and pseudorandom number generator with well-know algorithms. The comparison results show that the proposed algorithms are better than some other existing algorithms. Several analyses and computer simulations are performed on the proposed algorithms to verify their characteristics, confirming that these proposed algorithms satisfy the characteristics and conditions of security algorithms. The proposed algorithms in this thesis are high-potential for adoption in e-commerce applications and protocols

User-controlled cyber-security using automated key generation

Traditionally, several different methods are fully capable of providing an adequate degree of security to the threats and attacks that exists for revealing different keys. Though almost all the traditional methods give a good level of immunity to any possible breach in security keys, the biggest issue that exist with these methods is the dependency over third-party applications. Therefore, use of third-party applications is not an acceptable method to be used by high-security applications. For high-security applications, it is more secure that the key generation process is in the hands of the end users rather than a third-party. Giving access to third parties for high-security applications can also make the applications more venerable to data theft, security breach or even a loss in their integrity. In this research, the evolutionary computing tool Eureqa is used for the generation of encryption keys obtained by modelling pseudo-random input data. Previous approaches using this tool have required a calculation time too long for practical use and addressing this drawback is the main focus of the research. The work proposes a number of new approaches to the generation of secret keys for the encryption and decryption of data files and they are compared in their ability to operate in a secure manner using a range of statistical tests and in their ability to reduce calculation time using realistic practical assessments. A number of common tests of performance are the throughput, chi-square, histogram, time for encryption and decryption, key sensitivity and entropy analysis. From the results of the statistical tests, it can be concluded that the proposed data encryption and decryption algorithms are both reliable and secure. Being both reliable and secure eliminates the need for the dependency over third-party applications for the security keys. It also takes less time for the users to generate highly secure keys compared to the previously known techniques.The keys generated via Eureqa also have great potential to be adapted to data communication applications which require high security

The dynamics of complex systems. Studies and applications in computer science and biology

Our research has focused on the study of complex dynamics and on their use in both information security and bioinformatics. Our first work has been on chaotic discrete dynamical systems, and links have been established between these dynamics on the one hand, and either random or complex behaviors. Applications on information security are on the pseudorandom numbers generation, hash functions, informationhiding, and on security aspects on wireless sensor networks. On the bioinformatics level, we have applied our studies of complex systems to theevolution of genomes and to protein folding

Cryptographic Tools for Privacy Preservation

Data permeates every aspect of our daily life and it is the backbone of our digitalized society. Smartphones, smartwatches and many more smart devices measure, collect, modify and share data in what is known as the Internet of Things.Often, these devices don’t have enough computation power/storage space thus out-sourcing some aspects of the data management to the Cloud. Outsourcing computation/storage to a third party poses natural questions regarding the security and privacy of the shared sensitive data.Intuitively, Cryptography is a toolset of primitives/protocols of which security prop- erties are formally proven while Privacy typically captures additional social/legislative requirements that relate more to the concept of “trust” between people, “how” data is used and/or “who” has access to data. This thesis separates the concepts by introducing an abstract model that classifies data leaks into different types of breaches. Each class represents a specific requirement/goal related to cryptography, e.g. confidentiality or integrity, or related to privacy, e.g. liability, sensitive data management and more.The thesis contains cryptographic tools designed to provide privacy guarantees for different application scenarios. In more details, the thesis:(a) defines new encryption schemes that provide formal privacy guarantees such as theoretical privacy definitions like Differential Privacy (DP), or concrete privacy-oriented applications covered by existing regulations such as the European General Data Protection Regulation (GDPR);(b) proposes new tools and procedures for providing verifiable computation’s guarantees in concrete scenarios for post-quantum cryptography or generalisation of signature schemes;(c) proposes a methodology for utilising Machine Learning (ML) for analysing the effective security and privacy of a crypto-tool and, dually, proposes a secure primitive that allows computing specific ML algorithm in a privacy-preserving way;(d) provides an alternative protocol for secure communication between two parties, based on the idea of communicating in a periodically timed fashion

Analysis and improvement of S-Box in Rijndael- AES algorithm

The internet has become a part of everyday life and is used as a communication tool, a way to bank, invest, shop and an educational and entertainment medium. As the importance and popularity of the internet has grown over the years, so has the number of threats from hackers on the internet which has necessitated the need for the encryption of confidential data. Various methods of data encryption have been used over time, with developments being made to improve these techniques as hackers develop improved ways of attacking the algorithms used for encryption. This process of continued improvement of cryptographic security brought about the development and acceptance of the Advanced Encryption Standard (AES), which is a National Institute of Standards and Technology specification for the encryption of electronic data including financial, telecommunications, and government data. The Rijndael algorithm was selected as the encryption algorithm for AES in October 2001 and is currently used by government agencies and the private sector to secure sensitive unclassified information. Research has shown that Rijndael is susceptible to differential/ linear cryptanalysis for 7 and 8-round Rijndael, saturation attacks, algebraic attacks and side channel attacks on reduced versions of Rijndael, which could pave the way for a full-blown attack on the Rijndael algorithm in the future. This research investigates the weaknesses present in the Rijndael algorithm using various custom-made testing tools and then using the results of this investigation to improve the security of the algorithm. The improvement is provided in the form a technique of generating highly non-linear output using a non-linear random number generator which uses the recursive inverse congruential method. The research will comprise of three phases; literature review, analysis of the Rijndael algorithm using custom-made tools and development of an improvement whose performance will be evaluated in comparison to the current algorithm

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Secure covert communications over streaming media using dynamic steganography

Streaming technologies such as VoIP are widely embedded into commercial and industrial applications, so it is imperative to address data security issues before the problems get really serious. This thesis describes a theoretical and experimental investigation of secure covert communications over streaming media using dynamic steganography. A covert VoIP communications system was developed in C++ to enable the implementation of the work being carried out. A new information theoretical model of secure covert communications over streaming media was constructed to depict the security scenarios in streaming media-based steganographic systems with passive attacks. The model involves a stochastic process that models an information source for covert VoIP communications and the theory of hypothesis testing that analyses the adversary‘s detection performance. The potential of hardware-based true random key generation and chaotic interval selection for innovative applications in covert VoIP communications was explored. Using the read time stamp counter of CPU as an entropy source was designed to generate true random numbers as secret keys for streaming media steganography. A novel interval selection algorithm was devised to choose randomly data embedding locations in VoIP streams using random sequences generated from achaotic process. A dynamic key updating and transmission based steganographic algorithm that includes a one-way cryptographical accumulator integrated into dynamic key exchange for covert VoIP communications, was devised to provide secure key exchange for covert communications over streaming media. The discrete logarithm problem in mathematics and steganalysis using t-test revealed the algorithm has the advantage of being the most solid method of key distribution over a public channel. The effectiveness of the new steganographic algorithm for covert communications over streaming media was examined by means of security analysis, steganalysis using non parameter Mann-Whitney-Wilcoxon statistical testing, and performance and robustness measurements. The algorithm achieved the average data embedding rate of 800 bps, comparable to other related algorithms. The results indicated that the algorithm has no or little impact on real-time VoIP communications in terms of speech quality (< 5% change in PESQ with hidden data), signal distortion (6% change in SNR after steganography) and imperceptibility, and it is more secure and effective in addressing the security problems than other related algorithms

Advances in Information Security and Privacy

With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue

Performance Evaluation of Different DS-CDMA Receivers Using Chaotic Sequences

Direct sequence-code division multiple access (DS-CDMA) technique is used in cellular systems where users in the cell are separated from each other with their unique spreading codes. In recent times DS-CDMA has been used extensively. These systems suffers from multiple access interference (MAI) due to other users transmitting in the cell, channel inter symbol interference (ISI) due to multipath nature of channels in presence of additive white Gaussian noise(AWGN). Spreading codes play an important role in multiple access capacity of DS-CDMA system. M-sequences, gold sequences etc., has been traditionally used as spreading codes in DS-CDMA. These sequences are generated by shift registers and periodic in nature. So these sequences are less in number and also limits the security. This thesis presents an investigation on use of new type of sequences called chaotic sequences for DS-CDMA system. These sequences are generated by chaotic maps. First of all, chaotic sequences are easy to generate and store. Only a few parameters and functions are needed even for very long sequences. In addition, an enormous number of different sequences can be generated simply by changing its initial condition. . Chaotic sequences are deterministic, reproducible, uncorrelated and random-like, which can be very helpful in enhancing the security of transmission in communication. This Thesis investigates the performance of chaotic sequences in DS-CDMA communication systems using various receiver techniques. Extensive simulation studies demonstrate the performance of the different linear and nonlinear DS-CDMA receivers like RAKE receiver, matched filter (MF) receiver, minimum mean square error (MMSE) receiver and Volterra receiver using chaotic sequences and the performance have been compared with gold sequences