The Internet of Things(IoT)has taken the interconnected world by storm.Due to their immense applicability,IoT devices are being scaled at exponential proportions worldwide.But,very little focus has been given to secur...The Internet of Things(IoT)has taken the interconnected world by storm.Due to their immense applicability,IoT devices are being scaled at exponential proportions worldwide.But,very little focus has been given to securing such devices.As these devices are constrained in numerous aspects,it leaves network designers and administrators with no choice but to deploy them with minimal or no security at all.We have seen distributed denial-ofservice attacks being raised using such devices during the infamous Mirai botnet attack in 2016.Therefore we propose a lightweight authentication protocol to provide proper access to such devices.We have considered several aspects while designing our authentication protocol,such as scalability,movement,user registration,device registration,etc.To define the architecture we used a three-layered model consisting of cloud,fog,and edge devices.We have also proposed several pre-existing cipher suites based on post-quantum cryptography for evaluation and usage.We also provide a fail-safe mechanism for a situation where an authenticating server might fail,and the deployed IoT devices can self-organize to keep providing services with no human intervention.We find that our protocol works the fastest when using ring learning with errors.We prove the safety of our authentication protocol using the automated validation of Internet security protocols and applications tool.In conclusion,we propose a safe,hybrid,and fast authentication protocol for authenticating IoT devices in a fog computing environment.展开更多
Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In C...Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL- PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be cer- tificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large in- teger factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate- less encryption scheme based on lattices, more precisely, us- ing the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factoriza- tion and discrete logarithms, the most operations are matrix- vector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.展开更多
The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into...The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into four groups:lattice methods,algebraic methods,combinatorial methods,and exhaustive searching.The Blum–Kalai–Wasserman(BKW)algorithm is an important variety of combinatorial algorithms,which was first presented for solving the Learning Parity With Noise(LPN)problem and then extended to solve LWE.In this paper,we give an overview of BKW algorithms for solving LWE.We introduce the framework and key techniques of BKW algorithms and make comparisons between different BKW algorithms and also with lattice methods by estimating concrete security of specific LWE instances.We also briefly discuss the current problems and potential future directions of BKW algorithms.展开更多
Fiat-Shamir is a mainstream construction paradigm of lattice-based signature schemes.While its theoretical security is well-studied,its implementation security in the presence of leakage is a relatively under-explored...Fiat-Shamir is a mainstream construction paradigm of lattice-based signature schemes.While its theoretical security is well-studied,its implementation security in the presence of leakage is a relatively under-explored topic.Specifically,even some side-channel attacks on lattice-based Fiat-Shamir signature(FS-Sig)schemes have been proposed since 2016,little work on the leakage resilience of these schemes appears.Worse still,the proof idea of the leakage resilience of FS-Sig schemes based on traditional number-theoretic assumptions does not apply to most lattice-based FS-Sig schemes.For this,we propose a framework to construct fully leakage resilient lattice-based FS-Sig schemes in the bounded memory leakage(BML)model.The framework consists of two parts.The first part shows how to construct leakage resilient FS-Sig schemes in BML model from leakage resilient versions of nonlossy or lossy identification schemes,which can be instantiated based on lattice assumptions.The second part shows how to construct fully leakage resilient FS-Sig schemes based on leakage resilient ones together with a new property called state reconstruction.We show almost all lattice-based FS-Sig schemes have this property.As a concrete application of our fundamental framework,we apply it to existing lattice-based FS-Sig schemes and provide analysis results of their security in the leakage setting.展开更多
文摘The Internet of Things(IoT)has taken the interconnected world by storm.Due to their immense applicability,IoT devices are being scaled at exponential proportions worldwide.But,very little focus has been given to securing such devices.As these devices are constrained in numerous aspects,it leaves network designers and administrators with no choice but to deploy them with minimal or no security at all.We have seen distributed denial-ofservice attacks being raised using such devices during the infamous Mirai botnet attack in 2016.Therefore we propose a lightweight authentication protocol to provide proper access to such devices.We have considered several aspects while designing our authentication protocol,such as scalability,movement,user registration,device registration,etc.To define the architecture we used a three-layered model consisting of cloud,fog,and edge devices.We have also proposed several pre-existing cipher suites based on post-quantum cryptography for evaluation and usage.We also provide a fail-safe mechanism for a situation where an authenticating server might fail,and the deployed IoT devices can self-organize to keep providing services with no human intervention.We find that our protocol works the fastest when using ring learning with errors.We prove the safety of our authentication protocol using the automated validation of Internet security protocols and applications tool.In conclusion,we propose a safe,hybrid,and fast authentication protocol for authenticating IoT devices in a fog computing environment.
基金This work was supported by the National Natural Science Foundations of China (Grant Nos. 61173151, 61173152 and 61100229) and Huawei Technologies Co., Ltd., (YBCB2011116).
文摘Certificateless public key cryptography (CL- PKC) can solve the problems of certificate management in a public key infrastructure (PKI) and of key escrows in identity-based public key cryptography (ID-PKC). In CL- PKC, the key generation center (KGC) does not know the private keys of all users, and their public keys need not be cer- tificated by certification authority (CA). At present, however, most certificateless encryption schemes are based on large in- teger factorization and discrete logarithms that are not secure in a quantum environment and the computation complexity is high. To solve these problems, we propose a new certificate- less encryption scheme based on lattices, more precisely, us- ing the hardness of the learning with errors (LWE) problem. Compared with schemes based on large integer factoriza- tion and discrete logarithms, the most operations are matrix- vector multiplication and inner products in our scheme, our approach has lower computation complexity. Our scheme can be proven to be indistinguishability chosen ciphertext attacks (IND-CPA) secure in the random oracle model.
基金supported by National Natural Science Foundation of China(No.U1936209).
文摘The Learning With Errors(LWE)problem is widely used in lattice-based cryptography,which is the most promising post-quantum cryptography direction.There are a variety of LWE-solving methods,which can be classified into four groups:lattice methods,algebraic methods,combinatorial methods,and exhaustive searching.The Blum–Kalai–Wasserman(BKW)algorithm is an important variety of combinatorial algorithms,which was first presented for solving the Learning Parity With Noise(LPN)problem and then extended to solve LWE.In this paper,we give an overview of BKW algorithms for solving LWE.We introduce the framework and key techniques of BKW algorithms and make comparisons between different BKW algorithms and also with lattice methods by estimating concrete security of specific LWE instances.We also briefly discuss the current problems and potential future directions of BKW algorithms.
基金This work was supported in part by National Natural Science Foundation of China(Grant Nos.61632020,U1936209,62002353)Beijing Natural Science Foundation(4192067).
文摘Fiat-Shamir is a mainstream construction paradigm of lattice-based signature schemes.While its theoretical security is well-studied,its implementation security in the presence of leakage is a relatively under-explored topic.Specifically,even some side-channel attacks on lattice-based Fiat-Shamir signature(FS-Sig)schemes have been proposed since 2016,little work on the leakage resilience of these schemes appears.Worse still,the proof idea of the leakage resilience of FS-Sig schemes based on traditional number-theoretic assumptions does not apply to most lattice-based FS-Sig schemes.For this,we propose a framework to construct fully leakage resilient lattice-based FS-Sig schemes in the bounded memory leakage(BML)model.The framework consists of two parts.The first part shows how to construct leakage resilient FS-Sig schemes in BML model from leakage resilient versions of nonlossy or lossy identification schemes,which can be instantiated based on lattice assumptions.The second part shows how to construct fully leakage resilient FS-Sig schemes based on leakage resilient ones together with a new property called state reconstruction.We show almost all lattice-based FS-Sig schemes have this property.As a concrete application of our fundamental framework,we apply it to existing lattice-based FS-Sig schemes and provide analysis results of their security in the leakage setting.