890 research outputs found
Study of the IEEE Standard 1619.1: Authenticated Encryption with Length Expansion for Storage Devices
This Thesis will analyze the standard 1619.1 published by the IEEE. The aim of this standard is to provide authenticated encryption to stored data with AES algorithm working in XTS mode. XTS-AES is a 128-bit block cipher characterized by the use of two AES encryptions with two different keys of the same size, tweak values to add uncertainty to cipher data, (2128) Galois fields and The Ciphertext Stealing technique for data units not perfectly divisible into 128-bit blocks. There is no unanimous agreement about the profits of this standard so various aspects such as the use of two different keys, implementation in other areas or the support of the storage industry will be a source of controversy. Some commercial software and hardware that implement XTS-AES encryption mode will be presented and used to test and analyze the security properties presented by the standard IEEE 1619.1. Keywords. AES, XTS, Tweak values, Ciphertext Stealing, XTS-AES Comments
MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
With the widespread use of machine learning (ML) techniques, ML as a service
has become increasingly popular. In this setting, an ML model resides on a
server and users can query it with their data via an API. However, if the
user's input is sensitive, sending it to the server is undesirable and
sometimes even legally not possible. Equally, the service provider does not
want to share the model by sending it to the client for protecting its
intellectual property and pay-per-query business model.
In this paper, we propose MLCapsule, a guarded offline deployment of machine
learning as a service. MLCapsule executes the model locally on the user's side
and therefore the data never leaves the client. Meanwhile, MLCapsule offers the
service provider the same level of control and security of its model as the
commonly used server-side execution. In addition, MLCapsule is applicable to
offline applications that require local execution. Beyond protecting against
direct model access, we couple the secure offline deployment with defenses
against advanced attacks on machine learning models such as model stealing,
reverse engineering, and membership inference
Password Cracking and Countermeasures in Computer Security: A Survey
With the rapid development of internet technologies, social networks, and
other related areas, user authentication becomes more and more important to
protect the data of the users. Password authentication is one of the widely
used methods to achieve authentication for legal users and defense against
intruders. There have been many password cracking methods developed during the
past years, and people have been designing the countermeasures against password
cracking all the time. However, we find that the survey work on the password
cracking research has not been done very much. This paper is mainly to give a
brief review of the password cracking methods, import technologies of password
cracking, and the countermeasures against password cracking that are usually
designed at two stages including the password design stage (e.g. user
education, dynamic password, use of tokens, computer generations) and after the
design (e.g. reactive password checking, proactive password checking, password
encryption, access control). The main objective of this work is offering the
abecedarian IT security professionals and the common audiences with some
knowledge about the computer security and password cracking, and promoting the
development of this area.Comment: add copyright to the tables to the original authors, add
acknowledgement to helpe
Benchmarking Block Ciphers for Wireless Sensor Networks
Choosing the most storage- and energy-efficient block cipher specifically for wireless sensor networks (WSNs) is not as straightforward as it seems. To our knowledge so far, there is no systematic evaluation framework for the purpose. We have identified the candidates of block ciphers suitable for WSNs based on existing literature. For evaluating and assessing these candidates, we have devised a systematic framework that not only considers the security properties but also the storage- and energy-efficency of the candidates. Finally, based on the evaluation results, we have selected the suitable ciphers for WSNs, namely Rijndael for high security and energy efficiency requirements; and MISTY1 for good storage and energy efficiency
Survey and Benchmark of Block Ciphers for Wireless Sensor Networks
Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications
Elastic Block Ciphers: Method, Security and Instantiations
We introduce the concept of an elastic block cipher which refers to stretching the supported block size of a block cipher to any length up to twice the original block size while incurring a computational workload that is proportional to the block size. Our method uses the round function of an existing block cipher as a black box and inserts it into a substitution- permutation network. Our method is designed to enable us to form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic version of a cipher is secure against key-recovery attacks if the original cipher is secure against such attacks. We note that while reduction-based proofs of security are a cornerstone of cryptographic analysis, they are typical when complete components are used as sub-components in a larger design. We are not aware of the use of such techniques in the case of concrete block cipher designs. We demonstrate the general applicability of the elastic block cipher method by constructing examples from existing block ciphers: AES, Camellia, MISTY1, and RC6. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. We also use our examples to demonstrate the concept of a generic key schedule for block ciphers
Parallel Implementation of AES using XTS Mode of Operation
Data encryption is essential for protecting data from unauthorized access. The Advanced Encryption Standard (AES), among many encryption algorithms, is the most popular algorithm currently employed to secure static and dynamic data. There are several modes of AES operation. Each of these modes defines a unique way to perform data encryption. XTS mode is the latest mode developed to protect data stored in hard-disk-like sector-based storage devices.
A recent increase in the rate of data breaches has triggered the necessity to encrypt stored data as well. AES encryption, however, is a complex process. As it involves a lot of computations, encrypting huge amount of data would undoubtedly be computationally intensive. Parallel computers have been used mostly in high-performance computation research to solve computationally intensive problems. Parallel systems are currently gaining popularity configured as general purpose multi-core system, even at a desktop level. Several programming models have been developed to assist the writing of parallel programs, and some have already been used to parallelize AES. As a result, AES data encryption has become more efficient and applicable.
The message passing model is a popular parallel communication/synchronization model with an early origin. Message Passing Interface (MPI) is the first standardized, vendor-independent, message passing library interface that establishes a portable, efficient, and flexible standard for message passing during computation. Therefore, this paper describes an implementation of AES using XTS mode in parallel via MPI
- …