Abstract: The Elliptic Curve Digital Signature algorithm-based X509v3 certificates are becoming more popular due to their short public and private key sizes. Moreover, these certificates can be stored in Internet of Things (IoT) devices, with limited resources, using less memory and transmitted in network security protocols, such as Internet Key Exchange (IKE), Transport Layer Security (TLS) and Secure Shell (SSH) with less bandwidth. The proposed method gives another advantage, in that it increases the performance of the above-mentioned protocols in terms of key exchange by saving one scalar multiplication operation.
Abstract: The quantum communication technology is an evolving
design which connects multiple quantum enabled devices to internet
for secret communication or sensitive information exchange. In
future, the number of these compact quantum enabled devices
will increase immensely making them an integral part of present
communication systems. Therefore, safety and security of such
devices is also a major concern for us. To ensure the customer
sensitive information will not be eavesdropped or deciphered, we
need a strong authentications and encryption mechanism. In this
paper, we propose a mutual authentication scheme between these
smart quantum devices and server based on the secure exchange of
information through quantum channel which gives better solutions
for symmetric key exchange issues. An important part of this
work is to propose a secure mutual authentication protocol over
the quantum channel. We show that our approach offers robust
authentication protocol and further our solution is lightweight,
scalable, cost-effective with optimized computational processing
overheads.
Abstract: Algebra is one of the important fields of mathematics. It concerns with the study and manipulation of mathematical symbols. It also concerns with the study of abstractions such as groups, rings, and fields. Due to the development of these abstractions, it is extended to consider other structures, such as vectors, matrices, and polynomials, which are non-numerical objects. Computer algebra is the implementation of algebraic methods as algorithms and computer programs. Recently, many algebraic cryptosystem protocols are based on non-commutative algebraic structures, such as authentication, key exchange, and encryption-decryption processes are adopted. Cryptography is the science that aimed at sending the information through public channels in such a way that only an authorized recipient can read it. Ring theory is the most attractive category of algebra in the area of cryptography. In this paper, we employ the algebraic structure called skew -Armendariz rings to design a neoteric algorithm for zero knowledge proof. The proposed protocol is established and illustrated through numerical example, and its soundness and completeness are proved.
Abstract: Un-keyed SIM cards do not contain the required security infrastructure to provide end-to-end encryption with Service Providers. Hence, new, emerging, or smart services those require end-to-end encryption between SIM card and a Service Provider is impossible. SIMSec key exchange protocol creates symmetric keys between SIM card and Service Provider. After a successful protocol execution, SIM card and Service Provider creates the symmetric keys and can perform end-to-end data encryption when required. In this paper, our aim is to analyze the SIMSec protocol’s security. According to the results, SIM card and Service Provider can generate keys securely using SIMSec protocol.
Abstract: Three-party password authenticated key exchange (3PAKE) protocols are widely deployed on lots of remote user authentication system due to its simplicity and convenience of maintaining a human-memorable password at client side to achieve secure
communication within a hostile network. Recently, an improvement of 3PAKE protocol by processing a built-in data attached to other party for identity authentication to individual data was proposed by some researchers. However, this paper points out that the improved 3PAKE protocol is still vulnerable to undetectable on-line dictionary attack and off-line dictionary attack.
Abstract: IPsec has now become a standard information security
technology throughout the Internet society. It provides a well-defined
architecture that takes into account confidentiality, authentication,
integrity, secure key exchange and protection mechanism against
replay attack also. For the connectionless security services on packet
basis, IETF IPsec Working Group has standardized two extension
headers (AH&ESP), key exchange and authentication protocols. It is
also working on lightweight key exchange protocol and MIB's for
security management. IPsec technology has been implemented on
various platforms in IPv4 and IPv6, gradually replacing old
application-specific security mechanisms. IPv4 and IPv6 are not
directly compatible, so programs and systems designed to one
standard can not communicate with those designed to the other. We
propose the design and implementation of controlled Internet security
system, which is IPsec-based Internet information security system in
IPv4/IPv6 network and also we show the data of performance
measurement. With the features like improved scalability and
routing, security, ease-of-configuration, and higher performance of
IPv6, the controlled Internet security system provides consistent
security policy and integrated security management on IPsec-based
Internet security system.
Abstract: Quantum cryptography offers a way of key agreement,
which is unbreakable by any external adversary. Authentication is
of crucial importance, as perfect secrecy is worthless if the identity
of the addressee cannot be ensured before sending important information.
Message authentication has been studied thoroughly, but no
approach seems to be able to explicitly counter meet-in-the-middle
impersonation attacks. The goal of this paper is the development of
an authentication scheme being resistant against active adversaries
controlling the communication channel. The scheme is built on top
of a key-establishment protocol and is unconditionally secure if built
upon quantum cryptographic key exchange. In general, the security
is the same as for the key-agreement protocol lying underneath.
Abstract: In 2011, Debiao et al. pointed out that S-3PAKE protocol proposed by Lu and Cao for password-authenticated key exchange in the three-party setting is vulnerable to an off-line dictionary attack. Then, they proposed some countermeasures to eliminate the security vulnerability of the S-3PAKE. Nevertheless, this paper points out their enhanced S-3PAKE protocol is still vulnerable to undetectable on-line dictionary attacks unlike their claim.
Abstract: SIP (Session Initiation Protocol), using HTML based
call control messaging which is quite simple and efficient, is being
replaced for VoIP networks recently. As for authentication and
authorization purposes there are many approaches and considerations
for securing SIP to eliminate forgery on the integrity of SIP
messages. On the other hand Elliptic Curve Cryptography has
significant advantages like smaller key sizes, faster computations on
behalf of other Public Key Cryptography (PKC) systems that obtain
data transmission more secure and efficient. In this work a new
approach is proposed for secure SIP authentication by using a public
key exchange mechanism using ECC. Total execution times and
memory requirements of proposed scheme have been improved in
comparison with non-elliptic approaches by adopting elliptic-based
key exchange mechanism.
Abstract: Key management is a vital component in any modern security protocol. Due to scalability and practical implementation considerations automatic key management seems a natural choice in significantly large virtual private networks (VPNs). In this context IETF Internet Key Exchange (IKE) is the most promising protocol under permanent review. We have made a humble effort to pinpoint IKEv2 net gain over IKEv1 due to recent modifications in its original structure, along with a brief overview of salient improvements between the two versions. We have used US National Institute of Technology NIIST VPN simulator to get some comparisons of important performance metrics.
Abstract: Vehicular communications play a substantial role in providing safety in transportation by means of safety message exchange. Researchers have proposed several solutions for securing safety messages. Protocols based on a fixed key infrastructure are more efficient in implementation and maintain stronger security in comparison with dynamic structures. These protocols utilize zone partitioning to establish distinct key infrastructure under Certificate Authority (CA) supervision in different regions. Secure anonymous broadcasting (SAB) is one of these protocols that preserves most of security aspects but it has some deficiencies in practice. A very important issue is region change of a vehicle for its mobility. Changing regions leads to change of CA and necessity of having new key set to resume communication. In this paper, we propose solutions for informing vehicles about region change to obtain new key set before entering next region. This hinders attackers- intrusion, packet loss and lessons time delay. We also make key request messages secure by confirming old CA-s public key to the message, hence stronger security for safety message broadcasting is attained.
Abstract: In Public Wireless LANs(PWLANs), user anonymity
is an essential issue. Recently, Juang et al. proposed an anonymous
authentication and key exchange protocol using smart cards in
PWLANs. They claimed that their proposed scheme provided identity
privacy, mutual authentication, and half-forward secrecy. In this paper,
we point out that Juang et al.'s protocol is vulnerable to the
stolen-verifier attack and does not satisfy user anonymity.
Abstract: Deniable authentication is a new protocol which not only enables a receiver to identify the source of a received message but also prevents a third party from identifying the source of the message. The proposed protocol in this paper makes use of bilinear pairings over elliptic curves, as well as the Diffie-Hellman key exchange protocol. Besides the security properties shared with previous authentication protocols, the proposed protocol provides the same level of security with smaller public key sizes.
Abstract: This paper proposes a VPN Accelerator Board
(VPN-AB), a virtual private network (VPN) protocol designed for
trust channel security system (TCSS). TCSS supports safety
communication channel between security nodes in internet. It
furnishes authentication, confidentiality, integrity, and access control
to security node to transmit data packets with IPsec protocol. TCSS
consists of internet key exchange block, security association block,
and IPsec engine block. The internet key exchange block negotiates
crypto algorithm and key used in IPsec engine block. Security
Association blocks setting-up and manages security association
information. IPsec engine block treats IPsec packets and consists of
networking functions for communication. The IPsec engine block
should be embodied by H/W and in-line mode transaction for high
speed IPsec processing. Our VPN-AB is implemented with high speed
security processor that supports many cryptographic algorithms and
in-line mode. We evaluate a small TCSS communication environment,
and measure a performance of VPN-AB in the environment. The
experiment results show that VPN-AB gets a performance throughput
of maximum 15.645Gbps when we set the IPsec protocol with
3DES-HMAC-MD5 tunnel mode.
Abstract: Key management represents a major and the most
sensitive part of cryptographic systems. It includes key generation,
key distribution, key storage, and key deletion. It is also considered
the hardest part of cryptography. Designing secure cryptographic
algorithms is hard, and keeping the keys secret is much harder.
Cryptanalysts usually attack both symmetric and public key
cryptosystems through their key management. We introduce a
protocol to exchange cipher keys over insecure communication
channel. This protocol is based on public key cryptosystem,
especially elliptic curve cryptosystem. Meanwhile, it tests the cipher
keys and selects only the good keys and rejects the weak one.
Abstract: This paper is introduced a modification to Diffie-
Hellman protocol to be applicable on the decimal numbers, which
they are the numbers between zero and one. For this purpose we
extend the theory of the congruence. The new congruence is over
the set of the real numbers and it is called the “real congruence"
or the “real modulus". We will refer to the existing congruence by
the “integer congruence" or the “integer modulus". This extension
will define new terms and redefine the existing terms. As the
properties and the theorems of the integer modulus are extended as
well. Modified Diffie-Hellman key exchange protocol is produced a
sharing, secure and decimal secret key for the the cryptosystems that
depend on decimal numbers.
Abstract: The purpose of this research is to develop a security model for voice eavesdropping protection over digital networks. The proposed model provides an encryption scheme and a personal secret key exchange between communicating parties, a so-called voice data transformation system, resulting in a real-privacy conversation. The operation of this system comprises two main steps as follows: The first one is the personal secret key exchange for using the keys in the data encryption process during conversation. The key owner could freely make his/her choice in key selection, so it is recommended that one should exchange a different key for a different conversational party, and record the key for each case into the memory provided in the client device. The next step is to set and record another personal option of encryption, either taking all frames or just partial frames, so-called the figure of 1:M. Using different personal secret keys and different sets of 1:M to different parties without the intervention of the service operator, would result in posing quite a big problem for any eavesdroppers who attempt to discover the key used during the conversation, especially in a short period of time. Thus, it is quite safe and effective to protect the case of voice eavesdropping. The results of the implementation indicate that the system can perform its function accurately as designed. In this regard, the proposed system is suitable for effective use in voice eavesdropping protection over digital networks, without any requirements to change presently existing network systems, mobile phone network and VoIP, for instance.
Abstract: Modular multiplication is the basic operation
in most public key cryptosystems, such as RSA, DSA, ECC,
and DH key exchange. Unfortunately, very large operands
(in order of 1024 or 2048 bits) must be used to provide
sufficient security strength. The use of such big numbers
dramatically slows down the whole cipher system, especially
when running on embedded processors.
So far, customized hardware accelerators - developed on
FPGAs or ASICs - were the best choice for accelerating
modular multiplication in embedded environments. On the
other hand, many algorithms have been developed to speed
up such operations. Examples are the Montgomery modular
multiplication and the interleaved modular multiplication
algorithms. Combining both customized hardware with
an efficient algorithm is expected to provide a much faster
cipher system.
This paper introduces an enhanced architecture for computing
the modular multiplication of two large numbers X
and Y modulo a given modulus M. The proposed design is
compared with three previous architectures depending on
carry save adders and look up tables. Look up tables should
be loaded with a set of pre-computed values. Our proposed
architecture uses the same carry save addition, but replaces
both look up tables and pre-computations with an enhanced
version of sign detection techniques. The proposed architecture
supports higher frequencies than other architectures.
It also has a better overall absolute time for a single operation.