In the digital age, the data exchanged within a company is a wealth of knowledge. The survival, growth and influence of a company in the short, medium and long term depend on it. Indeed, it is the lifeblood of any mod...In the digital age, the data exchanged within a company is a wealth of knowledge. The survival, growth and influence of a company in the short, medium and long term depend on it. Indeed, it is the lifeblood of any modern company. A companys operational and historical data contains strategic and operational knowledge of ever-increasing added value. The emergence of a new paradigm: big data. Today, the value of the data scattered throughout this mother of knowledge is calculated in billions of dollars, depending on its size, scope and area of intervention. With the rise of computer networks and distributed systems, the threats to these sensitive resources have steadily increased, jeopardizing the existence of the company itself by drying up production and losing the interest of customers and suppliers. These threats range from sabotage to bankruptcy. For several decades now, most companies have been using encryption algorithms to protect and secure their information systems against the threats and dangers posed by the inherent vulnerabilities of their infrastructure and the current economic climate. This vulnerability requires companies to make the right choice of algorithms to implement in their management systems. For this reason, the present work aims to carry out a comparative study of the reliability and effectiveness of symmetrical and asymmetrical cryptosystems, in order to identify one or more suitable for securing academic data in the DRC. The analysis of the robustness of commonly used symmetric and asymmetric cryptosystems will be the subject of simulations in this article.展开更多
In this paper, we propose a new notion of secure disguisable symmetric encryption schemes, which captures the idea that the attacker can decrypt an encrypted fie to different meaningful values when different keys are ...In this paper, we propose a new notion of secure disguisable symmetric encryption schemes, which captures the idea that the attacker can decrypt an encrypted fie to different meaningful values when different keys are put to the decryption algorithm. This notion is aimed for the following anti-forensics purpose: the attacker can cheat the forensics investigator by decrypting an encrypted file to a meaningful file other than that one he encrypted, in the case that he is caught by the forensics investigator and ordered to hand over the key for decryption. We then present a construction of secure disguisable symmetric encryption schemes.展开更多
A modification of the Hill cipher algorithm was recently proposed by Ismail et al.(2006),who claimed that their new scheme could offer more security than the original one due to an extra non-linearity layer introduced...A modification of the Hill cipher algorithm was recently proposed by Ismail et al.(2006),who claimed that their new scheme could offer more security than the original one due to an extra non-linearity layer introduced via an elaborated key gen-eration mechanism.That mechanism produces one different encryption key for each one of the plaintext blocks.Nevertheless,we show in this paper that their method still has severe security flaws whose weaknesses are essentially the same as that already found in the original Hill cipher scheme.展开更多
The 3PAKE(Three-Party Authenticated Key Exchange)protocol is a valuable cryptographic method that offers safe communication and permits two diverse parties to consent to a new safe meeting code using the trusted serve...The 3PAKE(Three-Party Authenticated Key Exchange)protocol is a valuable cryptographic method that offers safe communication and permits two diverse parties to consent to a new safe meeting code using the trusted server.There have been explored numerous 3PAKE protocols earlier to create a protected meeting code between users employing the trusted server.However,existing modified 3PAKE protocols have numerous drawbacks and are incapable to provide desired secrecy against diverse attacks such as manin-the-middle,brute-force attacks,and many others in social networks.In this article,the authors proposed an improved as well as safe 3PAKE protocol based on the hash function and the symmetric encryption for the social networks.The authors utilized a well-acknowledged AVISPA tool to provide security verification of the proposed 3PAKE technique,and findings show that our proposed protocol is safer in opposition to active as well as passive attacks namely the brute-force,man-in-the-middle,parallel attack,and many more.Furthermore,compared to other similar schemes,the proposed protocol is built with a reduced computing cost as our proposed protocol consumes less time in execution and offers high secrecy in the social networks with improved accuracy.As a result,this verified scheme is more efficient as well as feasible for implementation in the social networks in comparison to previous security protocols.Although multifarious authors carried out extensive research on 3PAKE protocols to offer safe communication,still there are vital opportunities to explore and implement novel improved protocols for higher safety in the social networks and mobile commerce environment in the future in opposition to diverse active as well as passive attacks.展开更多
In a secure group communication system, messages must be encrypted before being transmitted to group members to prevent unauthorized access. In many secure group communication schemes, whenever a member leaves or join...In a secure group communication system, messages must be encrypted before being transmitted to group members to prevent unauthorized access. In many secure group communication schemes, whenever a member leaves or joins the group, group center (GC) immediately changes the common encryption key and sends the new key to all valid members for forward and backward secrecy. If valid members are not on-line, they will miss the re-keying messages and will not be able to decrypt any ciphertext. Therefore, group members must be able to store the state of the system. In some applications, like global positioning systems (GPS) or pay-per-view systems, it is not reasonable to ask group members to stay on-line all the time and save the changes to the system. A hierarchical binary tree-based key management scheme are proposed for a secure group communication. This scheme reduces the key storage requirement of GC to a constant size and the group members are not required to be on-line constantly (stateless).展开更多
To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication sch...To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.展开更多
Due to the rapid growth of telemedicine and healthcare services,color medical image security applications have been expanded precipitously.In this paper,an asymmetric PTFrFT(Phase Truncated Fractional Fourier Transfor...Due to the rapid growth of telemedicine and healthcare services,color medical image security applications have been expanded precipitously.In this paper,an asymmetric PTFrFT(Phase Truncated Fractional Fourier Transform)-based color medical image cryptosystem is suggested.Two different phases in the fractional Fourier and output planes are provided as deciphering keys.Accordingly,the ciphering keys will not be employed for the deciphering procedure.Thus,the introduced PTFrFT algorithm comprises asymmetric ciphering and deciphering processes in contrast to the traditional optical symmetric OSH(Optical Scanning Holography)and DRPE(Double Random Phase Encoding)algorithms.One of the principal impacts of the introduced asymmetric cryptosystem is that it eliminates the onedimensionality aspects of the related symmetric cryptosystems due to its remarkable feature of phase nonlinear truncation components.More comparisons on various colormedical images are examined and analyzed to substantiate the cryptosystem efficacy.The achieved experimental outcomes ensure that the introduced cryptosystem is robust and secure.It has terrific cryptography performance compared to conventional cryptography algorithms,even in the presence of noise and severe channel attacks.展开更多
Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is hon...Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is honest but curious,while the server may be trustless in the real world.Considering a malicious server not honestly performing the queries,verifiable SSE(VSSE)schemes are constructed to ensure the verifiability of the search results.However,existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification.To address this challenge,we present an efficient VSSE scheme,built on OXT protocol(Cash et al.,CRYPTO 2013),for conjunctive keyword queries with sublinear search overhead.The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator,by leveraging a well-established cryptographic primitive,Symmetric Hidden Vector Encryption(SHVE).Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations,thus greatly reducing the computational cost in the verification process.Besides,the proposed VSSE scheme can still provide a proof when the search result is empty.Finally,the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.展开更多
Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.Howeve...Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.展开更多
Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal ...Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model (ICM); we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge functions. Our main idea is to introduce a universal hash function (UHF) h as a random value for each encrypfion, and then use s = h(sk) as the key of the ideal cipher F, where sk is the private key of our symmetric encryption scheme. Although many other schemes that are secure against KDM attacks have already been proposed, in both the ideal standard models, the much more significance of our paper is the simplicity in which we implement KDM security against active attacks.展开更多
The prosperity of network function virtualization(NFV)pushes forward the paradigm of migrating in-house middleboxes to third-party providers,i.e.,software(virtualized)middlebox services.A lot of enterprises have outso...The prosperity of network function virtualization(NFV)pushes forward the paradigm of migrating in-house middleboxes to third-party providers,i.e.,software(virtualized)middlebox services.A lot of enterprises have outsourced traffic processing such as deep packet inspection(DPI),traffic classification,and load balancing to middleboxes provided by cloud providers.However,if the traffic is forwarded to the cloud provider without careful processing,it will cause privacy leakage,as the cloud provider has all the rights to access the data.To solve the security issue,recent efforts are made to design secure middleboxes that can directly conduct network functions over encrypted traffic and middlebox rules.However,security concerns from dynamic operations like dynamic DPI and rule updates are still not yet fully addressed.In this paper,we propose a privacy-preserving dynamic DPI scheme with forward privacy for outsourced middleboxes.Our design can enable cloud side middlebox to conduct secure packet inspection over encrypted traffic data.Besides,the middlebox providers cannot analyze the relationship between the newly added rules and the previous data.Several recent papers have proven that it is a strong property that resist adaptive attacks.Furthermore,we design a general method to inspect stateful packets while still ensuring the state privacy protection.We formally define and prove the security of our design.Finally,we implement a system prototype and analyze the performance from experimental aspects.The evaluation results demonstrate our scheme is effective and efficient.展开更多
A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyr...A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.展开更多
文摘In the digital age, the data exchanged within a company is a wealth of knowledge. The survival, growth and influence of a company in the short, medium and long term depend on it. Indeed, it is the lifeblood of any modern company. A companys operational and historical data contains strategic and operational knowledge of ever-increasing added value. The emergence of a new paradigm: big data. Today, the value of the data scattered throughout this mother of knowledge is calculated in billions of dollars, depending on its size, scope and area of intervention. With the rise of computer networks and distributed systems, the threats to these sensitive resources have steadily increased, jeopardizing the existence of the company itself by drying up production and losing the interest of customers and suppliers. These threats range from sabotage to bankruptcy. For several decades now, most companies have been using encryption algorithms to protect and secure their information systems against the threats and dangers posed by the inherent vulnerabilities of their infrastructure and the current economic climate. This vulnerability requires companies to make the right choice of algorithms to implement in their management systems. For this reason, the present work aims to carry out a comparative study of the reliability and effectiveness of symmetrical and asymmetrical cryptosystems, in order to identify one or more suitable for securing academic data in the DRC. The analysis of the robustness of commonly used symmetric and asymmetric cryptosystems will be the subject of simulations in this article.
文摘In this paper, we propose a new notion of secure disguisable symmetric encryption schemes, which captures the idea that the attacker can decrypt an encrypted fie to different meaningful values when different keys are put to the decryption algorithm. This notion is aimed for the following anti-forensics purpose: the attacker can cheat the forensics investigator by decrypting an encrypted file to a meaningful file other than that one he encrypted, in the case that he is caught by the forensics investigator and ordered to hand over the key for decryption. We then present a construction of secure disguisable symmetric encryption schemes.
文摘A modification of the Hill cipher algorithm was recently proposed by Ismail et al.(2006),who claimed that their new scheme could offer more security than the original one due to an extra non-linearity layer introduced via an elaborated key gen-eration mechanism.That mechanism produces one different encryption key for each one of the plaintext blocks.Nevertheless,we show in this paper that their method still has severe security flaws whose weaknesses are essentially the same as that already found in the original Hill cipher scheme.
基金This project was funded by the Taif University Researchers Supporting Project Number(TURSP-2020/347),Taif Unversity,Taif,Saudi Arabia.
文摘The 3PAKE(Three-Party Authenticated Key Exchange)protocol is a valuable cryptographic method that offers safe communication and permits two diverse parties to consent to a new safe meeting code using the trusted server.There have been explored numerous 3PAKE protocols earlier to create a protected meeting code between users employing the trusted server.However,existing modified 3PAKE protocols have numerous drawbacks and are incapable to provide desired secrecy against diverse attacks such as manin-the-middle,brute-force attacks,and many others in social networks.In this article,the authors proposed an improved as well as safe 3PAKE protocol based on the hash function and the symmetric encryption for the social networks.The authors utilized a well-acknowledged AVISPA tool to provide security verification of the proposed 3PAKE technique,and findings show that our proposed protocol is safer in opposition to active as well as passive attacks namely the brute-force,man-in-the-middle,parallel attack,and many more.Furthermore,compared to other similar schemes,the proposed protocol is built with a reduced computing cost as our proposed protocol consumes less time in execution and offers high secrecy in the social networks with improved accuracy.As a result,this verified scheme is more efficient as well as feasible for implementation in the social networks in comparison to previous security protocols.Although multifarious authors carried out extensive research on 3PAKE protocols to offer safe communication,still there are vital opportunities to explore and implement novel improved protocols for higher safety in the social networks and mobile commerce environment in the future in opposition to diverse active as well as passive attacks.
文摘In a secure group communication system, messages must be encrypted before being transmitted to group members to prevent unauthorized access. In many secure group communication schemes, whenever a member leaves or joins the group, group center (GC) immediately changes the common encryption key and sends the new key to all valid members for forward and backward secrecy. If valid members are not on-line, they will miss the re-keying messages and will not be able to decrypt any ciphertext. Therefore, group members must be able to store the state of the system. In some applications, like global positioning systems (GPS) or pay-per-view systems, it is not reasonable to ask group members to stay on-line all the time and save the changes to the system. A hierarchical binary tree-based key management scheme are proposed for a secure group communication. This scheme reduces the key storage requirement of GC to a constant size and the group members are not required to be on-line constantly (stateless).
基金Project supported by NSFC(Grant Nos.U1836205,61702040)the Major Scientific and Technological Special Project of Guizhou Province(Grant No.20183001)+2 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(Grant No.2018BDKFJJ016)the Foundation of State Key Laboratory of Public Big Data(Grant No.2018BDKFJJ018)Beijing Natural Science Foundation(Grant No.4174089).
文摘To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.
基金This research was funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University through the Fast-track Research Funding Program to support publication in the top journal(Grant no.42-FTTJ-12).
文摘Due to the rapid growth of telemedicine and healthcare services,color medical image security applications have been expanded precipitously.In this paper,an asymmetric PTFrFT(Phase Truncated Fractional Fourier Transform)-based color medical image cryptosystem is suggested.Two different phases in the fractional Fourier and output planes are provided as deciphering keys.Accordingly,the ciphering keys will not be employed for the deciphering procedure.Thus,the introduced PTFrFT algorithm comprises asymmetric ciphering and deciphering processes in contrast to the traditional optical symmetric OSH(Optical Scanning Holography)and DRPE(Double Random Phase Encoding)algorithms.One of the principal impacts of the introduced asymmetric cryptosystem is that it eliminates the onedimensionality aspects of the related symmetric cryptosystems due to its remarkable feature of phase nonlinear truncation components.More comparisons on various colormedical images are examined and analyzed to substantiate the cryptosystem efficacy.The achieved experimental outcomes ensure that the introduced cryptosystem is robust and secure.It has terrific cryptography performance compared to conventional cryptography algorithms,even in the presence of noise and severe channel attacks.
基金supported by the National Natural Science Foundation of China (Grant Nos.61932010 and 62072357)the Zhuhai Top Discipline-Information Securitysupported by the China Scholarship Council (CSC)and the Australian Research Council (ARC).
文摘Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is honest but curious,while the server may be trustless in the real world.Considering a malicious server not honestly performing the queries,verifiable SSE(VSSE)schemes are constructed to ensure the verifiability of the search results.However,existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification.To address this challenge,we present an efficient VSSE scheme,built on OXT protocol(Cash et al.,CRYPTO 2013),for conjunctive keyword queries with sublinear search overhead.The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator,by leveraging a well-established cryptographic primitive,Symmetric Hidden Vector Encryption(SHVE).Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations,thus greatly reducing the computational cost in the verification process.Besides,the proposed VSSE scheme can still provide a proof when the search result is empty.Finally,the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.
基金This work is supported by Guangxi Cooperative Innovation Center of Cloud Computing and Big Data(No.YD16506)。
文摘Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant Nos. 61173151, 61173152) and the Fundamental Research Funds for the Central Universities (K5051270003).
文摘Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model (ICM); we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge functions. Our main idea is to introduce a universal hash function (UHF) h as a random value for each encrypfion, and then use s = h(sk) as the key of the ideal cipher F, where sk is the private key of our symmetric encryption scheme. Although many other schemes that are secure against KDM attacks have already been proposed, in both the ideal standard models, the much more significance of our paper is the simplicity in which we implement KDM security against active attacks.
基金supported by the Fundamental Research Funds for the Central Universities under grants 310421108.
文摘The prosperity of network function virtualization(NFV)pushes forward the paradigm of migrating in-house middleboxes to third-party providers,i.e.,software(virtualized)middlebox services.A lot of enterprises have outsourced traffic processing such as deep packet inspection(DPI),traffic classification,and load balancing to middleboxes provided by cloud providers.However,if the traffic is forwarded to the cloud provider without careful processing,it will cause privacy leakage,as the cloud provider has all the rights to access the data.To solve the security issue,recent efforts are made to design secure middleboxes that can directly conduct network functions over encrypted traffic and middlebox rules.However,security concerns from dynamic operations like dynamic DPI and rule updates are still not yet fully addressed.In this paper,we propose a privacy-preserving dynamic DPI scheme with forward privacy for outsourced middleboxes.Our design can enable cloud side middlebox to conduct secure packet inspection over encrypted traffic data.Besides,the middlebox providers cannot analyze the relationship between the newly added rules and the previous data.Several recent papers have proven that it is a strong property that resist adaptive attacks.Furthermore,we design a general method to inspect stateful packets while still ensuring the state privacy protection.We formally define and prove the security of our design.Finally,we implement a system prototype and analyze the performance from experimental aspects.The evaluation results demonstrate our scheme is effective and efficient.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant Nos. 61003244, 61100224), Doctoral Fund of Ministry of Education of China (20120171110027).Fundamental Research Funds for the Central Universities (1 11gpy71).
文摘A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.