Performance Comparison of Hyper-V and KVM for Cryptographic Tasks in Cloud Computing

As the extensive use of cloud computing raises questions about the security of any personal data stored there,cryptography is being used more frequently as a security tool to protect data confidentiality and privacy in the cloud environment.A hypervisor is a virtualization software used in cloud hosting to divide and allocate resources on various pieces of hardware.The choice of hypervisor can significantly impact the performance of cryptographic operations in the cloud environment.An important issue that must be carefully examined is that no hypervisor is completely superior in terms of performance;Each hypervisor should be examined to meet specific needs.The main objective of this study is to provide accurate results to compare the performance of Hyper-V and Kernel-based Virtual Machine(KVM)while implementing different cryptographic algorithms to guide cloud service providers and end users in choosing the most suitable hypervisor for their cryptographic needs.This study evaluated the efficiency of two hypervisors,Hyper-V and KVM,in implementing six cryptographic algorithms:Rivest,Shamir,Adleman(RSA),Advanced Encryption Standard(AES),Triple Data Encryption Standard(TripleDES),Carlisle Adams and Stafford Tavares(CAST-128),BLOWFISH,and TwoFish.The study’s findings show that KVM outperforms Hyper-V,with 12.2%less Central Processing Unit(CPU)use and 12.95%less time overall for encryption and decryption operations with various file sizes.The study’s findings emphasize how crucial it is to pick a hypervisor that is appropriate for cryptographic needs in a cloud environment,which could assist both cloud service providers and end users.Future research may focus more on how various hypervisors perform while handling cryptographic workloads.

A Holistic Secure Communication Mechanism Using a Multilayered Cryptographic Protocol to Enhanced Security

In an era characterized by digital pervasiveness and rapidly expanding datasets,ensuring the integrity and reliability of information is paramount.As cyber threats evolve in complexity,traditional cryptographic methods face increasingly sophisticated challenges.This article initiates an exploration into these challenges,focusing on key exchanges(encompassing their variety and subtleties),scalability,and the time metrics associated with various cryptographic processes.We propose a novel cryptographic approach underpinned by theoretical frameworks and practical engineering.Central to this approach is a thorough analysis of the interplay between Confidentiality and Integrity,foundational pillars of information security.Our method employs a phased strategy,beginning with a detailed examination of traditional cryptographic processes,including Elliptic Curve Diffie-Hellman(ECDH)key exchanges.We also delve into encrypt/decrypt paradigms,signature generation modes,and the hashes used for Message Authentication Codes(MACs).Each process is rigorously evaluated for performance and reliability.To gain a comprehensive understanding,a meticulously designed simulation was conducted,revealing the strengths and potential improvement areas of various techniques.Notably,our cryptographic protocol achieved a confidentiality metric of 9.13 in comprehensive simulation runs,marking a significant advancement over existing methods.Furthermore,with integrity metrics at 9.35,the protocol’s resilience is further affirmed.These metrics,derived from stringent testing,underscore the protocol’s efficacy in enhancing data security.

Classification Model for IDS Using Auto Cryptographic Denoising Technique

Intrusion detection systems(IDS)are one of the most promising ways for securing data and networks;In recent decades,IDS has used a variety of categorization algorithms.These classifiers,on the other hand,do not work effectively unless they are combined with additional algorithms that can alter the classifier’s parameters or select the optimal sub-set of features for the problem.Optimizers are used in tandem with classifiers to increase the stability and with efficiency of the classifiers in detecting invasion.These algorithms,on the other hand,have a number of limitations,particularly when used to detect new types of threats.In this paper,the NSL KDD dataset and KDD Cup 99 is used to find the performance of the proposed classifier model and compared;These two IDS dataset is preprocessed,then Auto Cryptographic Denoising(ACD)adopted to remove noise in the feature of the IDS dataset;the classifier algorithms,K-Means and Neural network classifies the dataset with adam optimizer.IDS classifier is evaluated by measuring performance measures like f-measure,recall,precision,detection rate and accuracy.The neural network obtained the highest classifying accuracy as 91.12%with drop-out function that shows the efficiency of the classifier model with drop-out function for KDD Cup99 dataset.Explaining their power and limitations in the proposed methodology that could be used in future works in the IDS area.

An FPGA Implementation of GF(p) Elliptic Curve Cryptographic Coprocessor

A GF(p) elliptic curve cryptographic coprocessor is proposed and implemented on Field Programmable Gate Array (FPGA). The focus of the coprocessor is on the most critical, complicated and time-consuming point multiplications. The technique of coordinates conversion and fast multiplication algorithm of two large integers are utilized to avoid frequent inversions and to accelerate the field multiplications used in point multiplications. The characteristic of hardware parallelism is considered in the implementation of point multiplications. The coprocessor implemented on XILINX XC2V3000 computes a point multiplication for an arbitrary point on a curve defined over GF(2192?264?1) with the frequency of 10 MHz in 4.40 ms in the average case and 5.74 ms in the worst case. At the same circumstance, the coprocessor implemented on XILINX XC2V4000 takes 2.2 ms in the average case and 2.88 ms in the worst case.

Dining Cryptographer安全协议及工程分析

网络信息安全包括信息内容的加密及通讯的匿名性质 .DiningCryptographer (DC net)协议[1,2 ] 就是一个基于数学不可解特性的基础安全匿名通信协议 ,其主要特点是通过提供匿名信息服务来避免恶意攻击 .本文在介绍DC net协议工作原理的基础上 ,从工程应用角度给出了如何构建基于DC net协议的分布式安全信息服务 ,并对运行时的有关问题进行了研究 .

Research of the Kernel Operator Library Based on Cryptographic Algorithm

The variety of encryption mechanism and algorithms which were conventionally used have some limitations.The kernel operator library based on Cryptographic algorithm is put forward. Owing to the impenetrability of algorithm, the data transfer system with the cryptographic algorithm library has many remarkable advantages in algorithm rebuilding and optimization,easily adding and deleting algorithm, and improving the security power over the traditional algorithm. The user can choose any one in all algorithms with the method against any attack because the cryptographic algorithm library is extensible.

Game-Based Automated Security Proofs for Cryptographic Protocols

Provable security has become a popular approach for analyzing the security of cryptographic protocols.However,writing and verifying proofs by hand are prone to errors.This paper advocates the automatic security proof framework with sequences of games.We make slight modifications to Blanchet's calculus to make it easy for parsing the initial game.The main contribution of this work is that it introduces algebraic properties with observational equivalences to automatic security proofs,and thus can deal with some practical cryptographic schemes with hard problems.We illustrate the use of algebraic properties in the framework by proving the semantic security of the ElGamal encryption scheme.

Measurement-device-independent quantum cryptographic conferencing with an untrusted source

Measurement-device-independent quantum cryptographic conferencing（MDI-QCC） protocol puts MDI quantum key distribution（MDI-QKD） forwards to multi-party applications, and suggests a significant framework for practical multi-party quantum communication. In order to mitigate the experimental complexity of MDI-QCC and remove the key assumption（the sources are trusted） in MDI-QCC, we extend the framework of MDI-QKD with an untrusted source to MDI-QCC and give the rigorous security analysis of MDI-QCC with an untrusted source. What is more, in the security analysis we clearly provide a rigorous analytical method for parameters＇ estimation, which with simple modifications can be applied to not only MDI-QKD with an untrusted source but also arbitrary multi-party communication protocol with an untrusted source. The simulation results show that at reasonable distances the asymptotic key rates for the two cases（with trusted and untrusted sources） almost overlap, which indicates the feasibility of our protocol.

Design of a Secure and Efficient Distributed Cryptographic Storage System

Proxy Re-encryption(PRE) is greatly concerned by researchers recently. It potentially has many useful applications in network communications and file sharing. Secure distributed cryptographic file system is one of its applications. But the practical applications of PRE are few. And even fewer of them are tested by systematically designed experiments. Appling a couple of representative algorithms proposed by BBS,Ateniese,Shao,et al.,a distributed file system is designed. In the system,some substitute mechanisms such as data dispersal,dynamic file sharing,are well-applied. A lot of features such as flexible authorization and data redundancy are embraced in the system. The comparison evaluation justified that the system is more practical and efficient.

Establishment and Application of Cryptographic Library Model

When doing reverse analysis of program’s binary codes, it is often to encounter the function of cryptographic library. In order to reduce workload, a cryptographic library model has been designed by analysts. Models use formalized approach to describe the frame of cryptology and the structure of cryptographic function, complete the mapping from cryptographic function property to its architecture, and accomplish the result presentation of data analysis and mapping at last. The model can solve two problems: the first one is to know the hierarchy of the cryptographic function in the library well;the second one is to know some kinds of information, such as related cryptology algorithm and protocol, etc. These function implements can display the result graphically. The model can find relevant knowledge for the analysts automatically and rapidly, which is helpful to the learning of the overall abstract structure of cryptology.

A Combinational Power Analysis Method against Cryptographic Hardware

Power analysis is a non-invaslve attack against cryptographic hardware, which effectively exploits runtime power consumption characteristics of circuits. This paper proposes a new power model which combines Hamming Distance model and the model based on the template value of power consumption in combinational logic circuit. The new model can describe the power consumption characteristics of sequential logic circuits and those of combinational logic as well. The new model can be used to improve the existing power analysis methods and detect the information leakage of power consumption. Experimental results show that, compared to CPA（Correlation Power Analysis） method, our proposed attack which adopt the combinational model is more efficient in terms of the number of required power traces.

All-Optical Cryptographic Device for Secure Communication

An all-optical cryptographic device for secure communication, based on the properties of soliton beams, is presented. It can encode a given bit stream of optical pulses, changing their phase and their amplitude as a function of an encryption serial key that merge with the data stream, generating a ciphered stream. The greatest advantage of the device is real-time encrypting – data can be transmitted at the original speed without slowing down.

C3SM: Information Assurance Based on Cryptographic Checksum with Clustering Security Management Protocol

Wireless Sensor Networks (WSNs) are resource-constrained networks in which sensor nodes operate in an aggressive and uncontrolled environment and interact with sensitive data. Traffic aggregated by sensor nodes is susceptible to attacks and, due to the nature of WSNs, security mechanisms used in wired networks and other types of wireless networks are not suitable for WSNs. In this paper, we propose a mechanism to assure information security against security attacks and particularly node capturing attacks. We propose a cluster security management protocol, called Cryptographic Checksum Clustering Security Management (C3SM), to provide an efficient decentralized security management for hierarchal networks. In C3SM, every cluster selects dynamically and alternately a node as a cluster security manager (CSM) which distributes a periodic shared secrete key for all nodes in the cluster. The cluster head, then, authenticates identity of the nodes and derive a unique pairwise key for each node in the cluster. C3SM provides sufficient security regardless how many nodes are compromised, and achieves high connectivity with low memory cost and low energy consumption. Compared to existing protocols, our protocol provides stronger resilience against node capture with lower key storage overhead.

A Partially Non-Cryptographic Security Routing Protocol in Mobile Ad Hoc Networks

In this paper, we propose a partially non-cryptographic security routing protocol （PNCSR） that protects both routing and data forwarding operations through the same reactive approach. PNCSR only apply public-key cryptographic system in managing token, but it doesn＇t utilize any cryptographic primitives on the routing messages. In PNCSR, each node is fair. Local neighboring nodes collaboratively monitor each other and sustain each other. It also uses a novel credit strategy which additively increases the token lifetime each time a node renews its token. We also analyze the storage, computation, and communication overhead of PNCSR, and provide a simple yet meaningful overhead comparison. Finally, the simulation results show the effectiveness of PNCSR in various situations.

The Research on Cryptographic Schemes

Cryptography is an important technology for information security. It mainly includes symmetric and asymmetric cryptographic algorithms and protocols. For the symmetric cryptographic algorithms, it is easy to deduce decryption keys from the encryption keys and vice versa. Because this algorithm encrypts and decrypts data very quickly, it is applicable in situations where large numbers of data have to be protected. However, for the asymmetric algorithm, extracting the secret key from the public key is computationally infeasible. Although the performance speed of the asymmetric algorithm is much slower than that of the symmetric algorithm, the asymmetric algorithm has key distribution and management advantages over the symmetric one. Moreover, it is a perfect digital signature scheme.

A Review of Lightweight Cryptographic Schemes and Fundamental Cryptographic Characteristics of Boolean Functions

In this paper, we survey a number of studies in the literature on improving lightweight systems in the Internet of Things (IoT). The paper illustrates recent development of Boolean cryptographic function Application and how it assists in using hardware such as the internet of things. For a long time there seems to be little progress in applying pure mathematics in providing security since the wide progress made by George Boole and Shannon. We discuss cryptanalysis of Boolean functions to avoid trapdoors and vulnerabilities in the development of block ciphers. It appears that there is significant progress. A comparative analysis of lightweight cryptographic schemes is reported in terms of execution time, code size and throughput. Depending on the schemes and the structure of the algorithms, these parameters change but remain within reasonable values making them suited for Internet of things applications. The driving force of lightweight cryptography (LWC) stems mainly from its direct applications in the real world since it provides solutions to actual problems faced by designers of IoT systems. Broadly speaking, lightweight cryptographic algorithms are designed to achieve two main goals. The first goal of a cryptographic algorithm is to withstand all known cryptanalytic attacks and thus to be secure in the black-box model. The second goal is to build the cryptographic primitive in such a way that its implementations satisfy a clearly specified set of constraints that depend on a case-by-case basis.

Cryptographic obfuscation for smart contracts: Trustless bitcoin bridge and more

Privacy protection for smart contracts is currently inadequate.Existing solutions for privacy-preserving smart contracts either support only a limited class of smart contracts or rely on noncryptographic assumptions.We propose a cryptographic obfuscation scheme for smart contracts based on existing blockchain mechanisms,standard cryptographic assumptions,and witness encryption.In the proposed scheme,an obfuscated smart contract does not reveal its algorithm and hardcoded secrets and preserves encrypted states.Any user can provide it with encrypted inputs and allow an untrusted third party to execute it.Although multiparty computation(MPC)among dynamically changing users is necessary,its privacy is protected if at least one user is honest.If the MPC does not finish within a period of time,anyone can cancel and restart it.The proposed scheme also supports decentralized obfuscation where even the participants of the obfuscation process cannot learn secrets in the obfuscated smart contract unless all of them are malicious.As its applications,we present a new trustless bitcoin bridge mechanism that exposes no secret key and privacy-preserving anti-money laundering built into smart contracts.

Data Secure Storage Mechanism for IIoT Based on Blockchain

With the development of Industry 4.0 and big data technology,the Industrial Internet of Things(IIoT)is hampered by inherent issues such as privacy,security,and fault tolerance,which pose certain challenges to the rapid development of IIoT.Blockchain technology has immutability,decentralization,and autonomy,which can greatly improve the inherent defects of the IIoT.In the traditional blockchain,data is stored in a Merkle tree.As data continues to grow,the scale of proofs used to validate it grows,threatening the efficiency,security,and reliability of blockchain-based IIoT.Accordingly,this paper first analyzes the inefficiency of the traditional blockchain structure in verifying the integrity and correctness of data.To solve this problem,a new Vector Commitment(VC)structure,Partition Vector Commitment(PVC),is proposed by improving the traditional VC structure.Secondly,this paper uses PVC instead of the Merkle tree to store big data generated by IIoT.PVC can improve the efficiency of traditional VC in the process of commitment and opening.Finally,this paper uses PVC to build a blockchain-based IIoT data security storage mechanism and carries out a comparative analysis of experiments.This mechanism can greatly reduce communication loss and maximize the rational use of storage space,which is of great significance for maintaining the security and stability of blockchain-based IIoT.

支持等式测试及密码逆向防火墙的SM9标识加密方案

支持等式测试的标识加密(identity-based encryption with equality test, IBEET)体制解决了传统等式测试方案中证书管理的问题,得到了广泛的关注.但现有的IBEET体制难以抵抗渗透攻击,且都是基于国外密码算法设计,不具有自主知识产权.基于此,提出一种支持等式测试并具有密码逆向防火墙的SM9标识加密方案(SM9 identity-based encryption scheme with equality test and cryptographic reverse firewalls, SM9-IBEET-CRF).该方案在用户与云服务器的上行信道间部署密码逆向防火墙(cryptographic reverse firewalls,CRF),对用户发出的信息执行重随机化以达到抵抗渗透攻击的作用.该方案拓展国密算法SM9至IBEET领域中,提升其运行效率并丰富国密算法在云计算领域的研究.给出了SM9-IBEET-CRF的形式化定义和安全模型,并在随机预言机模型中考虑2种不同的敌手将此方案在选择密文攻击下的不可区分性与单向性分别形式化地规约到BDH困难假设上.同时,该方案通过考虑第3种敌手证明CRF的部署为其带来维持功能性、保留安全性以及抵抗渗透性.实验仿真和分析结果展示了该方案的有效性.

支持密码逆向防火墙的基于SM9的属性基可搜索加密方案

针对属性基可搜索加密(ABSE)方案大都基于非国密算法设计,且无法抵抗内部算法替换攻击(ASA)的问题,提出一种支持密码逆向防火墙的基于SM9的属性基可搜索加密方案(SM9ABSE-CRF)。该方案将国密算法SM9扩展至ABSE领域,实现了细粒度数据访问控制,并引入密码逆向防火墙(CRF)技术有效抵御ASA。分析了SM9ABSE-CRF在判定性Diffie-Hellman(DBDH)假设下满足了选择关键词下的不可区分性,并形式化证明了CRF的部署满足维持功能性、保留安全性以及抵抗泄漏性。理论分析和仿真实验结果表明,与提供CRF的ABSE方案cABKSCRF(consistent Attribute-Based Keyword Search system with CRF)相比,SM9ABSE-CRF具有更高的安全性,并且在索引与陷门生成阶段也表现出显著的性能优势。