High Performance GCM Architecture for the Security of High Speed Network

Advanced Encryption Standard (AES) is an effective cryptography algorithm for providing the better data communication since it guaranties high security. The Galois/Counter Mode (AES-GCM) has been integrated in various security constrained applications because it provides both authentication and confidentiality. AES algorithm helps to provide data confidentiality while authentication is provided by a universal GHASH function. Since most of existing GCM architectures concentrated on power and area reduction but an compact and efficient hardware architecture should also be considered. In this paper, high-performance architecture for GCM is proposed and its implementation is described. In order to achieve higher operating frequency and throughput, pipelined S-boxes are used in AES algorithm. For a GCM realization of AES, a high-speed, high-throughput, parallel architecture is proposed. Experimental results proves that the performance of the proposed work is around 17% higher than the existing architecture with 3 Gb/s throughput using TSMC 45-nm CMOS technology.     

Hybrid and Adaptive Cryptographic-based secure authentication approach in IoT based applications using hybrid encryption

The Internet of Things (IoT) in communication networks has gained major interest in recent decades. Accordingly, secure authentication of such individuals results in a major challenge due to the weakness in the authentication process. Hence, an effective Hybrid and Adaptive Cryptographic (HAC)-based secure authentication framework is designed in this research to perform an authentication process in IoT. The proposed approach uses cryptographic operations, like exclusive-or (Ex-or) operation, a hashing function, and hybrid encryption to accomplish the authentication process. However, the hybrid encryption function is carried out in two different ways: one depends on Advanced Encryption Standard (AES) as well as Elliptic Curve Cryptography (ECC), while other is based on Rivest Shamir Adleman (RSA) and AES. With a hybrid encryption function, security flaws can be effectively dealt through the cryptographic system. Moreover, the proposed approach provides high robustness with low complexity. The proposed HAC-based secure authentication approach obtained a minimum communication cost of 0.017sec, less computation time of 0.060sec, and minimum memory usage of 2.502MB, respectively.     

一种WLAN的新安全标准CCMP协议

新一代WLAN安全标准IEEE 802.11 i定义了三种协议来保护数据的传输,这三种协议增强了WLAN中数据的加密和鉴别性能,取代了IEEE 802.11 WEP方案。CCMP协议是数据保密协议之一。CCMP协议使用基于AES的加密算法和CCM加密鉴别模式,在软件和硬件实现上都提供了很好的安全性能。     

RFID系统中基于公钥加密的相互认证协议

随着RFID系统能力的提高和标签应用的日益普及,安全问题,特别是用户隐私问题变得日益严重。提出了一种新的RFID认证协议。认为基于公钥加密的RFID认证协议相对基于哈希函数和基于对称密钥加密的RFID认证协议,有较好的安全性。公钥加密算法NTRU被认为是一种效率较高的加密算法,且更适合于RFID系统,因此提出的协议采用了NTRU公钥加密算法。对该协议的安全性和性能进行了比较分析,结果表明该协议可以为RFID系统提供更好的安全性,能为用户提供更好的隐私保护,且性能较佳。     

A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

The Internet of Things (IoT) is now a buzzword for Internet connectivity which extends to embedded devices, sensors and other objects connected to the Internet. Rapid development of this technology has led to the usage of various embedded devices in our daily life. However, for resource sharing and communication among these devices, there is a requirement for connecting these embedded devices to a large pool of resources like a cloud. The promising applications of IoT in Government and commercial sectors are possible by integrating cloud servers with these embedded devices. But such an integration of technologies involves security issues like data privacy and authentication of devices whenever information is exchanged between them. Recently, Kalra and Sood proposed an authentication scheme based on elliptic curve cryptography (ECC) for IoT and cloud servers and claimed that their scheme satisfies all security requirements and is immune to various types of attacks. However, in this paper, we show that Kalra and Sood scheme is susceptible to offline password guessing and insider attacks and it does not achieve device anonymity, session key agreement, and mutual authentication. Keeping in view of the shortcomings of Kalra and Sood’s scheme, we have proposed an authentication scheme based on ECC for IoT and cloud servers. In the proposed scheme in this paper, we have formally analyzed the security properties of the designed scheme by the most widely accepted and used Automated Validation of Internet Security Protocols and Applications tool. Security and performance analysis show that when compared with other related schemes, the proposed scheme is more powerful, efficient, and secure with respect to various known attacks.     

A lightweight attribute-based encryption scheme for the Internet of Things

Internet of Things (IoT) is an emerging network paradigm, which realizes the interconnections among the ubiquitous things and is the foundation of smart society. Since IoT are always related to user’s daily life or work, the privacy and security are of great importance. The pervasive, complex and heterogeneous properties of IoT make its security issues very challenging. In addition, the large number of resources-constraint nodes makes a rigid lightweight requirement for IoT security mechanisms. Presently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission, storage and sharing in the distributed environment such as IoT. However, the existing ABE schemes are based on expensive bilinear pairing, which make them not suitable for the resources-constraint IoT applications. In this paper, a lightweight no-pairing ABE scheme based on elliptic curve cryptography (ECC) is proposed to address the security and privacy issues in IoT. The security of the proposed scheme is based on the ECDDH assumption instead of bilinear Diffie–Hellman assumption, and is proved in the attribute based selective-set model. By uniformly determining the criteria and defining the metrics for measuring the communication overhead and computational overhead, the comparison analyses with the existing ABE schemes are made in detail. The results show that the proposed scheme has improved execution efficiency and low communication costs. In addition, the limitations and the improving directions of it are also discussed in detail.     

FPGA控制MEMS强链的移动硬盘加密设计

设计了一种能广泛应用于信息安全领域的新型硬件加密系统——基于MEMS（微机电系统）强链的移动硬盘加密系统。利用MEMS强链的反馈信号生成用于AES加解密算法过程的物理密钥,使得该系统的安全性能大大提高。测试结果表明,该系统实现了数据透明加密和身份认证功能,在Ultra DMA模式2下读写数据的传输速率能够达到17 MB/s。     

构建基于微证书的物联网密码认证系统

针对物联网环境中传感节点运算能力弱,存储空间有限的特点,本文研究和设计了基于微证书的物联网密码认证系统,通过使用微证书技术来提高系统的认证,数据完整性验征以及加解密数据的速度和安全性。基丁微证书的密码认证系统,主要采用组合对称密钥技术和安全芯片技术,实现微证书的一次一变的动态特征以及硬件芯片的安全存储,町以满足夫规模的感知设备认证、签名以及加解密等物联网安全需求,提高物联网的安全性能。     

基于轻量级加密技术建立物联网感知层信息安全的解决方案

本文提出了采用轻量级(密码编制简单、安全性高、运算速度快的单钥密码算法,如:RC4、RC5、SMS4算法等)加密技术,并采用一种安全单钥管理技术来解决轻量级密码的密钥更新管理的难题,在传感器或RFID读卡器设备端的智能芯片里和物联网认证中心端加密卡芯片里,建立传感设备认证、签名和加密协议、签名验证和解密协议,保证物联网感知层的设备可信,保证传感信息可信、完整和安全保密,从而,建立物联网感知层的信息安全系统。     

基于虎符TePA的物联网安全接入机制研究

以椭圆曲线密码算法和三元对等鉴别架构为基础,通过对物联网的基本概念、体系结构的分析,提出了一种基于椭圆曲线签名、三元鉴别的物联网安全接入机制.该机制强化了对物联网中无线传感器节点的鉴别,要求通信的任何一方在通信前必须通过其它两方的身份验证.从性能和安全等方面分析了该机制的可行性和可靠性,增强了物联网下对接入访问的安全控制,从而对物联网的建设发展起到了一定的建言作用.     

一种基于区块链的IoV隐私保护认证方案设计

传统车联网（Internet of Vehicles,IoV）身份认证系统普遍具有中心不可信的安全风险,而智联车又存在许多亟待解决的隐私安全问题。因此,借助区块链分布式、可溯源、不可窜改等特点,提出云链结合的可信分散式系统架构,基于该架构同时结合无证书的密码机制以及密钥隔离技术设计分布式身份认证协议。通过安全性分析表明,该方案安全性高、能满足车联网匿名身份认证的要求。同时与现有方案进行仿真对比表明,本方案具有更低的计算开销和通信成本,适用于实际的认证时延低和隐私保护的车联网环境中。     

Secure and light IoT protocol (SLIP) for anti-hacking

In the elemental technologies, it is necessary to realize the Internet service of things (IoT), sensors and devices, network, platform (hardware platforms, open software platform, such as specific OS platforms). Web services, data analysis and prediction, big data processing, such as security and privacy protection technology, there are a variety of techniques. These elements technology provide a specific function. The element technology is integrated with each other. However, by several techniques are integrated, it can be problems with integration of security technologies that existed for each element technology. Even if individual technologies basic security features are constituting Internet Services (CIA: Confidentiality, integrity, authentication or authorization). It also offers security technology not connected to each other. Therefore, I will look at the security technology and proposes a lightweight routing protocol indispensable for realizing a secure Internet services things.     

面向对象的分布式系统OZ的加密与认证模型

针对面向对象的分布式系统ＯＺ的通信安全要求,采用面向对象（ｏｒｉｅｎｔｅｄ－ｏｂｊｅｃｔ）策略和密码学技术,提出了加密与认证模型。主要进行了加密算法设计及类模型设计。设计了基于公开钥算法的安全认证系统,进行ｃａｌｌｅｒ与ｃａｌｌｅｅ之间的身份认证。     

基于BRLWE的物联网后量子加密技术研究

随着量子计算机的发展,现有的公钥加密体系无法保障物联网通信的安全性。后量子加密算法所基于的数学难题目前还不能被量子计算机攻破,因此具备良好的抗量子安全性,尤其是基于格的公钥密码体制,有望成为下一代公钥加密体系的主流。然而,后量子加密算法存在计算量大、存储空间大等问题,如果将其直接应用于物联网终端的轻量级设备中,会降低物联网环境的通信效率。为了更好地保护物联网通信安全,保障物联网通信效率,提出了Sym-BRLWE(symmetrical binary RLWE)后量子加密算法。该算法在基于二进制环上容错学习(BRLWE,binary ring-learning with errors)问题的加密算法的基础上,改进了离散均匀分布上的随机数选取方式和多项式乘法的计算方式,从而满足物联网通信的效率要求,增加了加密安全性防护性措施以保证算法在取得高效率的同时具有高安全性,更加适应于物联网轻量设备。安全性分析表明,Sym-BRLWE加密算法具有高安全性,从理论上能够抵抗格攻击、时序攻击、简单能量分析和差分能量分析;仿真实验结果表明,Sym-BRLWE加密算法具有通信效率高的优势,加密解密效率高且密钥尺寸小,在模拟8 bit微型设备的二进制运算环境下,选择140 bit的抗量子安全级别参数时,相较于其他已有的基于BRLWE的加密算法,同等加密条件下Sym-BRLWE加密算法能够在加密总时间上减少30%~40%。     

Security enhancement for AES encrypted speech in communications

This paper introduces a secure speech communication approach, which is based on encryption and authentication. This system is based on Advanced Encryption Standard (AES) for encryption and private image database for enhancement of encryption and for authentication. The idea of this cryptosystem is based on XOR of one image from image database with the clear speech before encryption and embedding the index number of this image in the database as a least significant bit watermark into speech. A comparison study is held between the AES block cipher algorithm and the proposed algorithm. This proposed cryptosystem used to enhance the security of AES algorithm and increase its immunity to brute force attacks. It used also to provide authentication and enhance security by addition of extra key which don’t need to be exchanged between parts depending on the embedded image. The extra proposed step remove residual intelligibility from clear speech and fill the silent periods within speech conversation and help in destroy format and pitch information. Security analyses are presented for the proposed cryptosystem from a strict cryptographic viewpoint. Experimental results verify and prove that the proposed cryptosystem is highly secure from the cryptographic viewpoint.     

基于区块链技术的健康医疗数据隐私加密控制系统设计

为确保电子健康记录系统尽快实现安全地医疗数据共享,克服传统隐私加密控制模型访问时延增长率较高,控制效果不够平稳的问题,本文基于区块链技术对健康医疗数据隐私加密控制系统进行了设计研究。采用C/S体系结构,设计了4层的基于区块链技术的的加密控制系统硬件。在系统软件的软件部分,采用了基于无证书公钥体制的内容提取签名方案,完成了对健康医疗数据隐私保护功能的设计。采用区块链技术,提出了数据加密访问控制方法MDACSC,在该方法中设计区块结构和链式存储结构,将后序遍历策略树匹配算法与分类分级属性算法应用到访问控制结构中提升访问控制效率,完成对健康医疗数据的加密访问控制。采用PoP-DPoS算法设计了改进共识机制,以确定记账权归属,优化了加密控制方法。经实验测试实现了对健康医疗数据隐私的加密控制,结果表明:该模型访问时延增长率较低,具有平稳、高效的访问控制性能,密文小、加密成本低,解密成本极高,并且数据安全系数达到了0.98,说明该系统总体应用效果良好。     

基于无证书的具有否认认证的可搜索加密方案

物联网环境下,云存储技术的发展和应用降低用户数据的存储和管理开销并实现资源共享。为了保护用户的身份隐私,提出一种具有否认认证特性的可搜索加密方案。发送方对原始数据进行可否认加密并将密文上传,而接收端在密文的确认阶段无法向第三方证明数据的来源,保障了数据的安全性。相较于基于身份认证的单一设计,提出方案利用无证书密码技术解决了传统方案中密钥托管和密钥撤销阶段中存在的弊端,同时也实现了可否认加密的密态搜索。最后,对提出方案进行了严格的安全性分析。实验结果表明该方案可以较好地完成可搜索加密任务。     

A resource-efficient encryption algorithm for multimedia big data

Nowadays, multimedia is considered to be the biggest big data as it dominates the traffic in the Internet and mobile phones. Currently symmetric encryption algorithms are used in IoT but when considering multimedia big data in IoT, symmetric encryption algorithms incur more computational cost. In this paper, we have designed and developed a resource-efficient encryption system for encrypting multimedia big data in IoT. The proposed system takes the advantages of the Feistel Encryption Scheme, an Advanced Encryption Standard (AES), and genetic algorithms. To satisfy high throughput, the GPU has also been used in the proposed system. This system is evaluated on real IoT medical multimedia data to benchmark the encryption algorithms such as MARS, RC6, 3-DES, DES, and Blowfish in terms of computational running time and throughput for both encryption and decryption processes as well as the avalanche effect. The results show that the proposed system has the lowest running time and highest throughput for both encryption and decryption processes and highest avalanche effect with compared to the existing encryption algorithms. To satisfy the security objective, the developed algorithm has better Avalanche Effect with compared to any of the other existing algorithms and hence can be incorporated in the process of encryption/decryption of any plain multimedia big data. Also, it has shown that the classical and modern ciphers have very less Avalanche Effect and hence cannot be used for encryption of confidential multimedia messages or confidential big data. The developed encryption algorithm has higher Avalanche Effect and for instance, AES in the proposed system has an Avalanche Effect of %52.50. Therefore, such system is able to secure the multimedia big data against real-time attacks.

     

Confidential smart-sensing framework in the IoT era

With the revolution of the Internet technology, smart-sensing applications and the Internet of Things (IoT) are coupled in critical missions. Wireless sensor networks (WSNs), for example, present the main enabling technology in IoT architectures and extend the spectrum of their smart applications. However, this technology has limited resources and suffers from several vulnerabilities and security issues. Since the wireless networks used by this technology are deployed in open areas, several challenges are faced by the service provider in terms of privacy and the quality of service. Encryption can be a good solution to preserve confidentiality and privacy, but it raises serious problems concerning time latency and performance. In this paper, we propose agile framework that enables authentication, confidentiality and integrity while collecting the sensed data by using elliptic curve cryptography.     

SupAUTH: A new approach to supply chain authentication for the IoT

Recent advances of the Internet of Things (IoT) technologies have enhanced the use of radio‐frequency identification‐based tracking system to be widely deployed in supply chain management covering every step involved in the flow of merchandise from the supplier to the customer to ensure a trustworthy delivery environment. Such authentication system (also known as path authentication) not only guarantees the merchandise to be available in the right destination with no discrepancies and errors but also ensures the route of the merchandise progress to be valid. This paper outlines the current state‐of‐the‐art cryptographic solutions for path authentication, highlights their properties and weakness, and proposes a novel, privacy‐preserving, and efficient solution. Compared with the existing elliptic curve ElGamal re‐encryption–based solution, our homomorphic message authentication code on arithmetic circuit–based solution offers less memory storage (with limited scalability) and no computational requirement on the reader. Moreover, we allow computational ability inside the tag that articulates a new privacy direction to the state‐of‐the‐art path privacy. This privacy notion helps support the confidentiality of the tag movement in the context of IoT‐enabled cross‐organizational tracking environment where the stakeholders can be from different organizations associated together with the merchandise being delivered. As a potential extension to the path authentication protocol, we further propose a polynomial‐based mutual authentication as a security extension and batch initialization as an efficiency extension. Besides our brief security and privacy analysis, our evaluation shows that the proposed solution can significantly reduce memory requirements on tags with marginal computational overhead to ensure transmission path confidentiality. We observe that SupAUTH requires maximum 513‐bit tag memory and 57.3 ms of processing time during evaluation, which is not only practical but also suitable for any suitable low‐cost radio‐frequency identification deployment in IoT.