S-Mbank: Secure Mobile Banking Authentication Scheme Using Signcryption, Pair Based Text Authentication, and Contactless Smartcard

Nowadays, mobile banking becomes a popular tool which consumers can conduct financial transactions such as shopping, monitoring accounts balance, transferring funds and other payments. Consumers dependency on mobile needs, make people take a little bit more interest in mobile banking. The use of the one-time password which is sent to the user mobile phone by short message service (SMS) is a vulnerability which we want to solve with proposing a new scheme called S-Mbank. We replace the authentication using the one-time password with the contactless smart card to prevent attackers to use the unencrypted message which is sent to the user's mobile phone. Moreover, it deals vulnerability of spoofer to send an SMS pretending as a bank's server. The contactless smart card is proposed because of its flexibility and security which easier to bring in our wallet than the common passcode generators. The replacement of SMS-based authentication with contactless smart card removes the vulnerability of unauthorized users to act as a legitimate user to exploit the mobile banking user's account. Besides that, we use public-private key pair and PIN to provide two factors authentication and mutual authentication. We use signcryption scheme to provide the efficiency of the computation. Pair based text authentication is also proposed for the login process as a solution to shoulder-surfing attack. We use Scyther tool to analyze the security of authentication protocol in S-Mbank scheme. From the proposed scheme, we are able to provide more security protection for mobile banking service.Comment: 6 page

Fixed Point Attack in PGV-5 Scheme Using SIMON Algorithm

AbstractBlock cipher-based hash function is a hash function that is constructed by applying a block cipher algorithm on a scheme to form a hash algorithm. So that the strength of the block cipher-based hash function depends on the strength of a block cipher algorithm which is used. In this research, fixed point attack is done to determine the application of SIMON lightweight block cipher scheme PGV-5 hash function in accordance with the characteristics of the fixed point attack. SIMON is a lightweight block cipher algorithm which uses Feistel network as its structure and is recommended as an alternative algorithm beside AES. Fixed-point attack is applied to generate all possible 232 plaintext with some random and extreme IV. The result of this research is plaintext that meets the characteristics of fixed point that does not affect the plaintext hash value because the resulting output is the used IV value itself. Plaintext is used to construct collision. Apparently the result of the application of the PGV-5 scheme is not resistant to collision attack because there is a collision with probability of fixed point 0.00000000093 in the thirty-two IV samples which are used

A Novel Session Key Update Scheme for LoRaWAN

This paper proposes a novel Long-range Wide Area Network (LoRaWAN) session key updating scheme to enhance the security of LoRaWAN with cost-effective communication that provides a unique key for each communication session. The scheme consists of three sequential stages, i.e., initialization, keying material preparation, and key updating, on the basis of the truncated Photon-256 algorithm with updatable keying materials. These stages are structured by a set of novel communication protocols. To prove the uniqueness of the key, we validated its sequence bit randomness using the NIST 800-22 and ENT statistical test suites. The validation results show that the key passes all test parameters. Subsequently, the communication protocols were validated by using Scyther tools. We proved that these protocols ensure the security of the LoRaWAN key update scheme and guarantee that active interception does not occur. The analysis was performed by focusing on the security features of data confidentiality, integrity protection, mutual authentication, perfect forward secrecy, and replay attack resistance. Finally, a formal security analysis using GNY logic indicated that the overall security goals are achieved. The proposed scheme’s performance was evaluated in terms of computational cost, communication cost, and storage. The computational cost needed by the scheme is very small, indicating that there is no additional burden on the backend system. The communication cost requires less traffic than previous solutions, yet it offers more robust security for LoRaWAN by producing a new key in every communication session. The scheme needs insignificant additional storage that is considered negligible

A novel digital forensic framework for data breach investigation

Data breaches are becoming an increasingly prevalent and global concern due to their massive impact. One of the primary challenges in investigating data breach incidents is the unavailability of a specific framework that acknowledges the characteristics of a data breach incident and provides clear steps on how the investigative framework can comprehensively answer what, who, when, where, why, and how (5WH) questions. This paper aims to develop a novel digital forensic investigation framework that can overcome these data breach investigation challenges. The proposed framework utilizes the data breach breakdown phases to analyze data breach incidents according to their characteristics. The main contribution of our work is a novel digital forensic framework for data breach investigation that enhances the 5WH analysis depth by utilizing evidence classification and artifact visualization based on data breach breakdown phases. Furthermore, we design the framework components to provide comprehensive analysis results that make it easier for investigators to summarize the answers to the 5WH questions. To validate the framework, we apply it to a case study of enterprise-level data breach incidents. Based on the case study analysis, the proposed investigation framework successfully provides all the answers to the 5WH questions. This comprehensive answering ability is the study’s fundamental strength compared to other digital forensic investigation frameworks

Two new lightweight cryptographic hash functions based on saturnin and beetle for the Internet of Things

With the enormous growth in Internet of Things (IoT) applications, the volume of data shared among IoT devices is vastly increasing. Extensive IoT device connectivity and substantial data transmission have made information integrity susceptible to various assaults. Therefore, hash functions are required to ensure data integrity in IoT networks. IoT systems are constrained by their complexity, necessitating the consumption of minimal computational power. As a result, lightweight hash functions have been selected as the solution for the IoT data integrity issue. We present two lightweight hash functions, Alit-Hash and Tjuilik-Hash, based on the Saturnin block cipher and the Beetle mode of operation. In particular, we created Tjuilik-Hash by modifying the Saturnin block cipher. The strength of the proposed hash functions is evaluated through security analysis and performance testing. Alit-Hash and Tjuilik-Hash both show reasonably good resistance to differential and linear cryptanalysis. Hardware implementations on a cost-effective and low-power microcontroller board (ATmega2560) demonstrate an average execution time of 0.746 microseconds for the Tjuilik-Hash algorithm. Performance evaluations on a 64-bit personal computer indicate that the Alit-Hash and Tjuilik-Hash implementations exhibit comparable speed and throughput to seven other evaluated hash functions. Simulation experiments employing Contiki-NG and the Cooja simulator confirm the good performance of these two hash functions relative to Photon-Beetle-Hash, Photon, and Spongent across five metrics. The hash functions pass seven cryptographic randomness tests and pass all tests in the National Institute of Standards and Technology (NIST) Statistical Test Suite (STS). Therefore, the implementation of both proposed hash functions should be considered, as they are both cost-effective and provide an adequate level of security, which is essential for IoT devices with limited resources

Lightweight Cryptographic Hash Functions: Design Trends, Comparative Study, and Future Directions

The emergence of the Internet of Things (IoT) has enabled billions of devices that collect large amounts of data to be connected. Therefore, IoT security has fundamental requirements. One critical aspect of IoT security is data integrity. Cryptographic hash functions are cryptographic primitives that provide data integrity services. However, due to the limitations of IoT devices, existing cryptographic hash functions are not suitable for all IoT environments. As a result, researchers have proposed various lightweight cryptographic hash function algorithms. In this paper, we discuss advanced lightweight cryptographic hash functions for highly constrained devices, categorize design trends, analyze cryptographic aspects and cryptanalytic attacks, and present a comparative analysis of different hardware and software implementations. In the final section of this paper, we highlight present research challenges and suggest future research topics related to the design of lightweight cryptographic hash functions