SmartOTPs: An Air-Gapped 2-Factor Authentication for Smart-Contract Wallets

With the recent rise of cryptocurrencies' popularity, the security and management of crypto-tokens have become critical. We have witnessed many attacks on users and providers, which have resulted in significant financial losses. To remedy these issues, several wallet solutions have been proposed. However, these solutions often lack either essential security features, usability, or do not allow users to customize their spending rules. In this paper, we propose SmartOTPs, a smart-contract wallet framework that gives a flexible, usable, and secure way of managing crypto-tokens in a self-sovereign fashion. The proposed framework consists of four components (i.e., an authenticator, a client, a hardware wallet, and a smart contract), and it provides 2-factor authentication (2FA) performed in two stages of interaction with the blockchain. To the best of our knowledge, our framework is the first one that utilizes one-time passwords (OTPs) in the setting of the public blockchain. In SmartOTPs, the OTPs are aggregated by a Merkle tree and hash chains whereby for each authentication only a short OTP (e.g., 16B-long) is transferred from the authenticator to the client. Such a novel setting enables us to make a fully air-gapped authenticator by utilizing small QR codes or a few mnemonic words, while additionally offering resilience against quantum cryptanalysis. We have made a proof-of-concept based on the Ethereum platform. Our cost analysis shows that the average cost of a transfer operation is comparable to existing 2FA solutions using smart contracts with multi-signatures

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

Data Integrity Protection For Security in Industrial Networks

Modern industrial systems are increasingly based on computer networks. Network- based control systems connect the devices at the field level of industrial environments together and to the devices at the upper levels for monitoring, configuration and management purposes. Contrary to traditional industrial networks which axe con­ sidered stand-alone and proprietary networks, modern industrial networks are highly connected systems which use open protocols and standards at different levels. This new structure of industrial systems has made them vulnerable to security attacks. Among various security needs of computer networks, data integrity protection is the major issue in industrial networks. Any unauthorized modification of information during transmission could result in significant damages in industrial environments. In this thesis, the security needs of industrial environments are considered first. The need for security in industrial systems, challenges of security in these systems and security status of protocols used in industrial networks are presented. Furthermore, the hardware implementation of the Secure Hash Algorithm (SHA) which is used in security protocols for data integrity protection is the main focus of this thesis. A scheme has been proposed for the implementation of the SHA-1 and SHA-512 hash functions on FPGAs with fault detection capability. The proposed scheme is based on time redundancy and pipelining and is capable of detecting permanent as well as transient faults. The implementation results of the proposed scheme on Xilinx FPGAs show small area and timing overhead compared to the original implementation without fault detection. Moreover, the implementation of SHA-1 and SHA-512 on Wireless Sensor Boards has been presented taking into account their memory usage and execution time. There is an improvement in the execution time of the proposed implementation compared to the previous works

Kryptowochenende 2006 - Workshop über Kryptographie

Das Kryptowochenende ist eine Aktivität der Fachgruppe Angewandte Kryptologie in der Gesellschaft für Informatik (GI) mit dem Ziel, Nachwuchswissenschaftlern, etablierten Forschern und Praktikern auf dem Gebiet der Kryptologie und Computersicherheit die Möglichkeit zu bieten, Kontakte über die eigene Universität hinaus zu knüpfen und sich mit Kollegen aus dem Fachgebiet auszutauschen. Die Vorträge decken ein breites Spektrum ab, von noch laufenden Projekten bis zu abgeschlossenen Forschungsarbeiten, die zeitnah auch auf Konferenzen publiziert wurden bzw. werden sollen. Das erste Kryptowochenende hat stattgefunden vom 01.-02. Juli 2006 im Tagungszentrum der Universität Mannheim im Kloster Bronnbach. Die Beiträge zu diesem Workshop sind im vorliegenden Tagungsband zusammengefasst

REISCH: incorporating lightweight and reliable algorithms into healthcare applications of WSNs

Healthcare institutions require advanced technology to collect patients' data accurately and continuously. The tradition technologies still suffer from two problems: performance and security efficiency. The existing research has serious drawbacks when using public-key mechanisms such as digital signature algorithms. In this paper, we propose Reliable and Efficient Integrity Scheme for Data Collection in HWSN (REISCH) to alleviate these problems by using secure and lightweight signature algorithms. The results of the performance analysis indicate that our scheme provides high efficiency in data integration between sensors and server (saves more than 24% of alive sensors compared to traditional algorithms). Additionally, we use Automated Validation of Internet Security Protocols and Applications (AVISPA) to validate the security procedures in our scheme. Security analysis results confirm that REISCH is safe against some well-known attacks

Data Hiding and Its Applications

Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others

Recent Application in Biometrics

In the recent years, a number of recognition and authentication systems based on biometric measurements have been proposed. Algorithms and sensors have been developed to acquire and process many different biometric traits. Moreover, the biometric technology is being used in novel ways, with potential commercial and practical implications to our daily activities. The key objective of the book is to provide a collection of comprehensive references on some recent theoretical development as well as novel applications in biometrics. The topics covered in this book reflect well both aspects of development. They include biometric sample quality, privacy preserving and cancellable biometrics, contactless biometrics, novel and unconventional biometrics, and the technical challenges in implementing the technology in portable devices. The book consists of 15 chapters. It is divided into four sections, namely, biometric applications on mobile platforms, cancelable biometrics, biometric encryption, and other applications. The book was reviewed by editors Dr. Jucheng Yang and Dr. Norman Poh. We deeply appreciate the efforts of our guest editors: Dr. Girija Chetty, Dr. Loris Nanni, Dr. Jianjiang Feng, Dr. Dongsun Park and Dr. Sook Yoon, as well as a number of anonymous reviewers