On the Design and Analysis of a Biometric Authentication System using Keystroke Dynamics

This paper proposes a portable hardware token for user authentication, it is based on the use of keystroke dynamics to verify users in a bio-metric manner. The proposed approach allows for a multifactor authentication scheme in which users are not allowed access unless they provide the correct password and their unique bio-metric signature. The proposed system is implemented in hardware and its security is evaluated

Secure communication interface design for IoT applications, using the GSM network

In this work, a secure short messaging service (SMS)-based communication interface is designed. The interface has applications in the internet of things (IoT) such as machine to machine (M2M) communications, and human-operated remote system management. The case study of waking a personal computer remotely is considered, and a complete proof-of-conceptis implemented for this purpose, using a field-programmable gate array (FPGA)-based receiving device and an Androidbased transmitting device. On the Android device, SMS messages are generated in software using a “rolling code” system based on linear feedback shift registers (LFSRs), then encrypted with the extended tiny encryption algorithm (XTEA) cipher. The FPGA employs both hardware XTEA decryption, and hardware systems to validate incoming messages

Cryptotool: A secure data storage software

Confidentiality and personal information security has always been a big problem in the world of cyberspace. There exist a number of solutions which are based on encryption methods, however such tools are typically file-format specific and/or do not give sufficient control to the user to choose the cryptographic algorithm. In this study, a private key encryption software is presented; it supports two main security features. The first is encryption that supports all file formats and several encryption algorithms such as AES, 3DES and RC2. The second feature is integrity using Hash functions, the latter ensures that unauthorised modifications of stored files can be detected. In addition, the tool has an easy-to-use interface which allows the user to choose from several encryption algorithms and define the encryption key. The software also allows the user to combine a number of cryptographic algorithms to build stronger ciphers for more enhanced security. In addition, the Crypto Tool can be used as an education tool as it supprts a number of classic ciphers and provides opportunity to compare different cryptographic encrypting techniques

Enhancement techniques for student engagement in cybersecurity education

In order to create successful cybersecurity professionals, it is important to engage students in a way that bridges the gap from the academic to the real world. In this paper, we present three examples used within teaching at Southampton University: The use of real-world scenarios presented through virtual environments, the creation of a cryptography learning platform and the fostering of student communities to support learning through social networking.We explore the ways in which practical hands-on experience based on industry can better support the development skills. We examine how real-life techniques can be combined with gamification and personalised learning to engender positive engagement. We consider how real-world scenarios within the educational institution can be utilised to further learning within in a safe but relevant context, being mutually beneficial to the students and institution. Finally, we consider the role of fostering a strong cybersecurity student community, using social networking, student societies and extra-curricular activities.<br/

Overview of PUF-based hardware security solutions for the Internet of Things

The Internet of Things (IoT) consists of numerous inter-connected resource-constrained devices such as sensors nodes and actuators, which are linked to the Internet. By 2020 it is anticipated that the IoT paradigm will include approximately 20 billion connected devices. The interconnection of such devices provides the ability to collect a huge amount of data for processing and analysis. A significant portion of the transacted data between IoT devices is private information, which must not in any way be eavesdropped on or tampered with. Security in IoT devices is therefore of paramount importance for further development of the technology. Such devices typically have limited area and energy resources, which makes the use of classic cryptography prohibitively expensive. Physically Unclonable Functions (PUFs) are a class of novel hardware security primitives that promise a paradigm shift in many security applications; their relatively simple architecture can answer many of the security challenges of energy-constrained IoT devices. In this paper, we discuss the design challenges of secure IoT systems; then we explain the principles of PUFs; finally we discuss the outstanding reliability and security problems of PUF technology and outline the open research questions in this field

SRAM-PUF Based on Selective Power-Up and Non-Destructive Scheme

Research in hardware security, particularly on Physical Unclonable Functions (PUF) has attracted a lot of attention in recent years. PUFs provide primitives for implementing encryption/decryption and device fingerprinting. Though a wide range of solutions exists for PUF-based CMOS devices, the most investigated solutions today for weak PUF implementation are based on the use of random start-up values of SRAM, which offers the advantage of reusing memories that already exist in many designs. However, the start-up value availability is compromised during memory write access which causes a limitation in using SRAM as both memory and PUF. Although using a dedicated SRAM as PUF could overcome the problem, it comes with high extra overhead. In this work, we propose a new scheme called ‘selective power-up and non-destructive’ scheme to enable SRAM as memory and PUF. A case study of generating a 128-bit key shows that the area overhead of proposed scheme is approximately 12.5_ smaller than for a dedicated SRAM-PUF

A Secure and Private Billing Protocol for Smart Metering

Traditional utility metering is to be replaced by smart metering. Smart metering enables very fine grained utility consumption measurements. These fine grained measurements raise privacy concerns due to the lifestyle information which can be inferred from the precise time at which utilities were consumed. This paper outlines two privacy respecting time of use billing protocols for smart metering. These protocols protect the privacy of customers by never transmitting the fine grained utility readings outside of the customer’s home network. One protocol favours complexity on the trusted smart meter hardware while the other uses homorphic commitments to offload computation to a third device. Both protocols are designed to operate on top of existing cryptographic secure channel protocols in place on smart meters. Proof of concept software implementations of these protocols have been written and their suitability for real world application to low performance smart meter hardware is discussed. These protocols may also have application to other privacy conscious aggregation systems such as electronic voting

A survey of hardware implementations of elliptic curve cryptographic systems

Elliptic Curve Cryptography (ECC) has gained much recognition over the last decades and has established itself among the well known public-key cryptography schemes, not least due its smaller key size and relatively lower computational effort compared to RSA. The wide employment of Elliptic Curve Cryptography in many different application areas has been leading to a variety of implementation types and domains ranging from pure software approaches over hardware implemenations to hardware/software co-designs. The following review provides an overview of state of the art hardware implemenations of ECC, specifically in regard to their targeted design goals. In this context the suitability of the hardware/software approach in regard to the security challenges opposed by the low-end embedded devices of the Internet of Things is briefly examined. The paper also outlines ECC’s vulnerability against quantum attacks and references one possible solution to that problem