Cryptography

15 pages, 3927 KiB

Open AccessArticle

Physical Visitor Access Control and Authentication Using Blockchain, Smart Contracts and Internet of Things

by Frederick Stock, Yesem Kurt Peker, Alfredo J. Perez and Jarel Hearst

Cryptography 2022, 6(4), 65; https://doi.org/10.3390/cryptography6040065 - 08 Dec 2022

Cited by 2 | Viewed by 2414

In this work we explore the use of blockchain with Internet of Things (IoT) devices to provide visitor authentication and access control in a physical environment. We propose the use of a “bracelet” based on a low-cost NodeMCU IoT platform that broadcasts visitor [...] Read more.

In this work we explore the use of blockchain with Internet of Things (IoT) devices to provide visitor authentication and access control in a physical environment. We propose the use of a “bracelet” based on a low-cost NodeMCU IoT platform that broadcasts visitor location information and cannot be removed without alerting a management system. We present the design, implementation, and testing of our system. Our results show the feasibility of implementing a physical access control system based on blockchain technology, and performance improvements over a similar system proposed in the literature. Full article

(This article belongs to the Special Issue Emerging Topics in Blockchain Security and Privacy)

► Show Figures

Figure 1

16 pages, 656 KiB

Open AccessArticle

Privacy Protection Scheme for the Internet of Vehicles Based on Private Set Intersection

by Quan Zhou, Zhikang Zeng, Kemeng Wang and Menglong Chen

Cryptography 2022, 6(4), 64; https://doi.org/10.3390/cryptography6040064 - 07 Dec 2022

Cited by 3 | Viewed by 2381

Abstract

Performing location-based services in a secure and efficient manner that remains a huge challenge for the Internet of Vehicles with numerous privacy and security risks. However, most of the existing privacy protection schemes are based on centralized location servers, which makes them all [...] Read more.

Performing location-based services in a secure and efficient manner that remains a huge challenge for the Internet of Vehicles with numerous privacy and security risks. However, most of the existing privacy protection schemes are based on centralized location servers, which makes them all have a common drawback of a single point of failure and leaking user privacy. The employment of anonymity and cryptography is a well-known solution to the above problem, but its expensive resource consumption and complex cryptographic operations are difficult problems to solve. Based on this, designing a distributed and privacy-secure privacy protection scheme for the Internet of Vehicles is an urgent issue for the smart city. In this paper, we propose a privacy protection scheme for the Internet of Vehicles based on privacy set intersection. Specially, using privacy set intersection and blockchain techniques, we propose two protocols, that is, a dual authentication protocol and a service recommendation protocol. The double authentication protocol not only ensures that both communicating parties are trusted users, but also ensures the reliability of their session keys; while the service recommendation protocol based on pseudorandom function and one-way hash function can well protect the location privacy of users from being leaked. Finally, we theoretically analyze the security that this scheme has, i.e., privacy security, non-repudiation, and anti-man-in-the-middle attack. Full article

(This article belongs to the Special Issue Lightweight Cryptography, Cybersecurity and IoT)

► Show Figures

Figure 1

27 pages, 839 KiB

Open AccessArticle

Formalizing and Safeguarding Blockchain-Based BlockVoke Protocol as an ACME Extension for Fast Certificate Revocation

by Anant Sujatanagarjuna, Arne Bochem and Benjamin Leiding

Cryptography 2022, 6(4), 63; https://doi.org/10.3390/cryptography6040063 - 06 Dec 2022

Viewed by 2146

Abstract

Certificates are integral to the security of today’s Internet. Protocols like BlockVoke allow secure, timely and efficient revocation of certificates that need to be invalidated. ACME, a scheme used by the non-profit Let’s Encrypt Certificate Authority to handle most parts of the certificate [...] Read more.

Certificates are integral to the security of today’s Internet. Protocols like BlockVoke allow secure, timely and efficient revocation of certificates that need to be invalidated. ACME, a scheme used by the non-profit Let’s Encrypt Certificate Authority to handle most parts of the certificate lifecycle, allows automatic and seamless certificate issuance. In this work, we bring together both protocols by describing and formalizing an extension of the ACME protocol to support BlockVoke, combining the benefits of ACME’s certificate lifecycle management and BlockVoke’s timely and secure revocations. We then formally verify this extension through formal methods such as Colored Petri Nets (CPNs) and conduct a risk and threat analysis of the ACME/BlockVoke extension using the ISSRM domain model. Identified risks and threats are mitigated to secure our novel extension. Furthermore, a proof-of-concept implementation of the ACME/BlockVoke extension is provided, bridging the gap towards deployment in the real world. Full article

(This article belongs to the Special Issue Emerging Topics in Blockchain Security and Privacy)

► Show Figures

Figure 1

14 pages, 292 KiB

Open AccessArticle

Intrusion Detection System for IoT Using Logical Analysis of Data and Information Gain Ratio

by Sneha Chauhan, Sugata Gangopadhyay and Aditi Kar Gangopadhyay

Cryptography 2022, 6(4), 62; https://doi.org/10.3390/cryptography6040062 - 05 Dec 2022

Cited by 1 | Viewed by 2222

Abstract

The rapidly increasing use of the internet has led to an increase in new devices and technologies; however, attack and security violations have grown exponentially as well. In order to detect and prevent attacks, an Intrusion Detection System (IDS) is proposed using Logical [...] Read more.

The rapidly increasing use of the internet has led to an increase in new devices and technologies; however, attack and security violations have grown exponentially as well. In order to detect and prevent attacks, an Intrusion Detection System (IDS) is proposed using Logical Analysis of Data (LAD). Logical Analysis of Data is a data analysis technique that classifies data as either normal or an attack based on patterns. A pattern generation approach is discussed using the concept of Boolean functions. The IDS model is trained and tested using the Bot-IoT dataset. The model achieves an accuracy of 99.98%, and is able to detect new attacks with good precision and recall. Full article

(This article belongs to the Special Issue Cyber Security, Cryptology and Machine Learning)

► Show Figures

Figure 1

10 pages, 1039 KiB

Open AccessArticle

Certificateless Searchable Encryption Scheme in Multi-User Environment

by Tao Feng and Jiewen Si

Cryptography 2022, 6(4), 61; https://doi.org/10.3390/cryptography6040061 - 02 Dec 2022

Cited by 1 | Viewed by 1783

Abstract

Searchable encryption technology enables users to access data that has been made publicly encrypted without divulging the original content. The majority of the currently available multi-user certificateless searchable encryption technologies are based on identity-based public key encryption as well as conventional public key [...] Read more.

Searchable encryption technology enables users to access data that has been made publicly encrypted without divulging the original content. The majority of the currently available multi-user certificateless searchable encryption technologies are based on identity-based public key encryption as well as conventional public key cryptosystems. Thus, they are challenged to adapt to the security needs of today’s large-scale network computing environment. As a result, issues such as excessive overhead, poor security, and the inability to handle large-scale applications are unavoidable. In order to address the aforementioned issues, this paper uses the method of combining public key authentication encryption and searchable encryption to propose a certificateless searchable encryption scheme in multi-user circumstances. The stochastic prediction model demonstrates that the scheme can effectively fend off keyword guessing attacks. The proposed algorithm not only performs well in terms of computation but also significantly reduces the amount of computation in simulations. Full article

► Show Figures

Figure 1

13 pages, 999 KiB

Open AccessArticle

Reevaluating Graph-Neural-Network-Based Runtime Prediction of SAT-Based Circuit Deobfuscation

by Guangwei Zhao and Kaveh Shamsi

Cryptography 2022, 6(4), 60; https://doi.org/10.3390/cryptography6040060 - 22 Nov 2022

Viewed by 1699

Abstract

Logic locking is a technique that can help hinder reverse-engineering-based attacks in the IC supply chain from untrusted foundries or end-users. In 2015, the Boolean Satisfiability (SAT) attack was introduced. Although the SAT attack is effective in deobfuscating a wide range of logic [...] Read more.

Logic locking is a technique that can help hinder reverse-engineering-based attacks in the IC supply chain from untrusted foundries or end-users. In 2015, the Boolean Satisfiability (SAT) attack was introduced. Although the SAT attack is effective in deobfuscating a wide range of logic locking schemes, its execution time varies widely from a few seconds to months. Previous research has shown that Graph Convolutional Networks (GCN) may be used to estimate this deobfuscation time for locked circuits with varied key sizes. In this paper, we explore whether GCN models truly understand/capture the structural/functional sources of deobfuscation hardness. In order to tackle this, we generate different curated training datasets: traditional ISCAS benchmark circuits locked with varying key sizes, as well as an important novel class of synthetic benchmarks: Substitution-Permutation Networks (SPN), which are circuit structures used to produce the most secure and efficient keyed-functions used today: block-ciphers. We then test whether a GCN trained on a traditional benchmark can predict the simple fact that a deeper SPN is superior to a wide SPN of the same size. We find that surprisingly the GCN model fails at this. We propose to overcome this limitation by proposing a set of circuit features motivated by block-cipher design principles. These features can be used as stand-alone or combined with GCN models to provide deeper topological cues than what GCNs can access. Full article

(This article belongs to the Section Hardware Security)

► Show Figures

Figure 1

23 pages, 2251 KiB

Open AccessArticle

Shift Register, Reconvergent-Fanout (SiRF) PUF Implementation on an FPGA

by Jim Plusquellic

Cryptography 2022, 6(4), 59; https://doi.org/10.3390/cryptography6040059 - 11 Nov 2022

Cited by 1 | Viewed by 1952

Abstract

Physical unclonable functions (PUFs) are gaining traction as an attractive alternative to generating and storing device keying material over traditional secure non-volatile memory (NVM) technologies. In this paper, we propose an engineered delay-based PUF called the shift-register, reconvergent-fanout (SiRF) PUF, and present an [...] Read more.

Physical unclonable functions (PUFs) are gaining traction as an attractive alternative to generating and storing device keying material over traditional secure non-volatile memory (NVM) technologies. In this paper, we propose an engineered delay-based PUF called the shift-register, reconvergent-fanout (SiRF) PUF, and present an analysis of the statistical quality of its bitstrings using data collected from a set of FPGAs subjected to extended industrial temperature-voltage environmental conditions. The SiRF PUF utilizes the Xilinx shift register primitive and an engineered network of logic gates that are designed to distribute signal paths over a wide region of the FPGA fabric using a MUXing scheme similar in principle to the shift-rows permutation function within the Advanced Encryption Standard algorithm. The shift register is utilized in a unique fashion to enable individual paths through a Xilinx 5-input LUT to be selected as a source of entropy by the challenge. The engineered logic gate network utilizes reconvergent-fanout as a means of adding entropy, eliminating bias and increasing uncertainty with respect to which paths are actually being timed and used in post-processing to produce the secret key or authentication bitstring. The SiRF PUF is a strong PUF build on top of a network with 10’s of millions of possible paths. Full article

(This article belongs to the Special Issue Feature Papers in Hardware Security II)

► Show Figures

Figure 1

24 pages, 1649 KiB

Open AccessArticle

Process Authentication through Blockchain: Three Case Studies

by Mario Ciampi, Diego Romano and Giovanni Schmid

Cryptography 2022, 6(4), 58; https://doi.org/10.3390/cryptography6040058 - 11 Nov 2022

Cited by 1 | Viewed by 2435

Abstract

In this work, we elaborate on the concept of process authenticity, which intuitively corresponds to the validity of all process steps and their proper binding. It represents the most exciting forefront of distributed ledger technology research concerning the primary challenge of reliably connecting [...] Read more.

In this work, we elaborate on the concept of process authenticity, which intuitively corresponds to the validity of all process steps and their proper binding. It represents the most exciting forefront of distributed ledger technology research concerning the primary challenge of reliably connecting distributed ledger networks to the physical context it must operate. More in detail, the paper describes a novel methodological approach to ensure the authenticity of business processes through blockchain and several security mechanisms applied to the digital twins of the actual processes. We illustrate difficulties and opportunities deriving from implementing process authenticity in concrete case studies in which we were involved as software designers belonging to three critical application domains: document dematerialization, e-voting, and healthcare. Full article

(This article belongs to the Special Issue Emerging Topics in Blockchain Security and Privacy)

► Show Figures

Figure 1

24 pages, 559 KiB

Open AccessArticle

Scaling Ethereum 2.0s Cross-Shard Transactions with Refined Data Structures

by Alexander Kudzin, Kentaroh Toyoda, Satoshi Takayama and Atsushi Ishigame

Cryptography 2022, 6(4), 57; https://doi.org/10.3390/cryptography6040057 - 10 Nov 2022

Cited by 2 | Viewed by 2736

Abstract

(1) Background: To solve the blockchain scaling issue, sharding has been proposed; however, this approach has its own scaling issue: the cross-shard communication method. To resolve the cross-shard communication scaling issue, rollups have been proposed and are being investigated. However, they also have [...] Read more.

(1) Background: To solve the blockchain scaling issue, sharding has been proposed; however, this approach has its own scaling issue: the cross-shard communication method. To resolve the cross-shard communication scaling issue, rollups have been proposed and are being investigated. However, they also have their own scaling limitations, in particular, the degree of compression they can apply to transactions (TXs) affecting how many TXs can be included in one block. (2) Methods: In this paper, we propose a series of novel data structures for the compiling of cross-shard TXs sent using rollups for both public and private Ethereum. Our proposal removes redundant fields, consolidates repeated fields, and compresses any remaining fields in the rollup, modifying its data structure to compress the address, gas, and value fields. (3) Results: We have shown that our proposals can accommodate more cross-shard TXs in a block by reducing the TX size by up to 65% and 97.6% compared to the state-of-the-art in public and private Ethereum, respectively. This compression in TX size results in an over 2× increase in transactions per block (TPB) for our proposals targeting both types of Ethereum. (4) Conclusions: Our proposals will mitigate the scaling issue in a sharded blockchain that utilizes rollups for cross-shard communication. In particular, it will enable such sharded Ethereum networks to be deployed for large-scale decentralized systems. Full article

(This article belongs to the Special Issue Emerging Topics in Blockchain Security and Privacy)

► Show Figures

Figure 1

22 pages, 579 KiB

Open AccessReview

On Advances of Lattice-Based Cryptographic Schemes and Their Implementations

by Harshana Bandara, Yasitha Herath, Thushara Weerasundara and Janaka Alawatugoda

Cryptography 2022, 6(4), 56; https://doi.org/10.3390/cryptography6040056 - 09 Nov 2022

Cited by 3 | Viewed by 3667

Abstract

Lattice-based cryptography is centered around the hardness of problems on lattices. A lattice is a grid of points that stretches to infinity. With the development of quantum computers, existing cryptographic schemes are at risk because the underlying mathematical problems can, in theory, be [...] Read more.

Lattice-based cryptography is centered around the hardness of problems on lattices. A lattice is a grid of points that stretches to infinity. With the development of quantum computers, existing cryptographic schemes are at risk because the underlying mathematical problems can, in theory, be easily solved by quantum computers. Since lattice-based mathematical problems are hard to be solved even by quantum computers, lattice-based cryptography is a promising foundation for future cryptographic schemes. In this paper, we focus on lattice-based public-key encryption schemes. This survey presents the current status of the lattice-based public-key encryption schemes and discusses the existing implementations. Our main focus is the learning with errors problem (LWE problem) and its implementations. In this paper, the plain lattice implementations and variants with special algebraic structures such as ring-based variants are discussed. Additionally, we describe a class of lattice-based functions called lattice trapdoors and their applications. Full article

(This article belongs to the Section Cryptography Reviews)

► Show Figures

Figure 1

15 pages, 1090 KiB

Open AccessArticle

Improving User Privacy in Identity-Based Encryption Environments

by Carlisle Adams

Cryptography 2022, 6(4), 55; https://doi.org/10.3390/cryptography6040055 - 09 Nov 2022

Viewed by 1719

Abstract

The promise of identity-based systems is that they maintain the functionality of public key cryptography while eliminating the need for public key certificates. The first efficient identity-based encryption (IBE) scheme was proposed by Boneh and Franklin in 2001; variations have been proposed by [...] Read more.

The promise of identity-based systems is that they maintain the functionality of public key cryptography while eliminating the need for public key certificates. The first efficient identity-based encryption (IBE) scheme was proposed by Boneh and Franklin in 2001; variations have been proposed by many researchers since then. However, a common drawback is the requirement for a private key generator (PKG) that uses its own master private key to compute private keys for end users. Thus, the PKG can potentially decrypt all ciphertext in the environment (regardless of who the intended recipient is), which can have undesirable privacy implications. This has led to limited adoption and deployment of IBE technology. There have been numerous proposals to address this situation (which are often characterized as methods to reduce trust in the PKG). These typically involve threshold mechanisms or separation-of-duty architectures, but unfortunately often rely on non-collusion assumptions that cannot be guaranteed in real-world settings. This paper proposes a separation architecture that instantiates several intermediate CAs (ICAs), rather than one (as in previous work). We employ digital credentials (containing a specially-designed attribute based on bilinear maps) as the blind tokens issued by the ICAs, which allows a user to easily obtain multiple layers of pseudonymization prior to interacting with the PKG. As a result, our proposed architecture does not rely on unrealistic non-collusion assumptions and allows a user to reduce the probability of a privacy breach to an arbitrarily small value. Full article

(This article belongs to the Special Issue Applied Cryptography, Network Security, and Privacy Protection)

► Show Figures

Figure 1

16 pages, 395 KiB

Open AccessArticle

Privacy-Preserving Contrastive Explanations with Local Foil Trees

by Thijs Veugen, Bart Kamphorst and Michiel Marcus

Cryptography 2022, 6(4), 54; https://doi.org/10.3390/cryptography6040054 - 28 Oct 2022

Cited by 1 | Viewed by 1508

Abstract

We present the first algorithm that combines privacy-preserving technologies and state-of-the-art explainable AI to enable privacy-friendly explanations of black-box AI models. We provide a secure algorithm for contrastive explanations of black-box machine learning models that securely trains and uses local foil trees. Our [...] Read more.

We present the first algorithm that combines privacy-preserving technologies and state-of-the-art explainable AI to enable privacy-friendly explanations of black-box AI models. We provide a secure algorithm for contrastive explanations of black-box machine learning models that securely trains and uses local foil trees. Our work shows that the quality of these explanations can be upheld whilst ensuring the privacy of both the training data and the model itself. Full article

(This article belongs to the Special Issue Cyber Security, Cryptology and Machine Learning)

► Show Figures

Figure 1

12 pages, 614 KiB

Open AccessArticle

WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations

by Vyron Kampourakis, Efstratios Chatzoglou, Georgios Kambourakis, Apostolos Dolmes and Christos Zaroliagis

Cryptography 2022, 6(4), 53; https://doi.org/10.3390/cryptography6040053 - 20 Oct 2022

Cited by 3 | Viewed by 3933

Abstract

This work attempts to provide a way of scrutinizing the security robustness of Wi-Fi implementations in an automated fashion. To this end, to our knowledge, we contribute the first full-featured and extensible Wi-Fi fuzzer. At the time of writing, the tool, made publicly [...] Read more.

This work attempts to provide a way of scrutinizing the security robustness of Wi-Fi implementations in an automated fashion. To this end, to our knowledge, we contribute the first full-featured and extensible Wi-Fi fuzzer. At the time of writing, the tool, made publicly available as open source, covers the IEEE 802.11 management and control frame types and provides a separate module for the pair of messages of the Simultaneous Authentication of Equals (SAE) authentication and key exchange method. It can be primarily used to detect vulnerabilities potentially existing in wireless Access Points (AP) under the newest Wi-Fi Protected Access 3 (WPA3) certification, but its functionalities can also be exploited against WPA2-compatible APs. Moreover, the fuzzer incorporates: (a) a dual-mode network monitoring module that monitors, in real time, the behavior of the connected AP stations and logs possible service or connection disruptions and (b) an attack tool used to verify any glitches found and automatically craft the corresponding exploit. We present results after testing the fuzzer against an assortment of off-the-shelf APs by different renowned vendors. Adhering to a coordinated disclosure process, we have reported the discovered issues to the affected vendors, already receiving positive feedback from some of them. Full article

► Show Figures

Figure 1

21 pages, 2063 KiB

Open AccessArticle

ICRP: Internet-Friendly Cryptographic Relay-Detection Protocol

by Ghada Arfaoui, Gildas Avoine, Olivier Gimenez and Jacques Traoré

Cryptography 2022, 6(4), 52; https://doi.org/10.3390/cryptography6040052 - 17 Oct 2022

Viewed by 1472

Abstract

Traffic hijacking over the Internet has become a frequent incident over the last two decades. From minor inconveniences for casual users to massive leaks of governmental data, these events cover an unprecedently large spectrum. Many hijackings are presumed to be caused by unfortunate [...] Read more.

Traffic hijacking over the Internet has become a frequent incident over the last two decades. From minor inconveniences for casual users to massive leaks of governmental data, these events cover an unprecedently large spectrum. Many hijackings are presumed to be caused by unfortunate routing mistakes, but a well-organized attacker could set up a long-term stealthy relay, accessing critical traffic metadata, despite suitable encryption schemes. While many studies focus on the mitigation of known attacks, we choose to design a complete detection method regardless of the attacker’s strategy. We propose a two-party cryptographic protocol for detecting traffic hijacking over the Internet. Our proposal relies on a distance-bounding mechanism that performs interactive authentication with a “Challenge–Response” exchange, and measures the round-trip time of packets to decide whether an attack is ongoing. Our construction is supported by worldwide experiments on communication time between multiple nodes, allowing us to both demonstrate its applicability and evaluate its performance. Over the course of this paper, we demonstrate our protocol to be efficient—itrequires only two cryptographic operations per execution inducing negligible workload for users and very few loss of throughput, scalable—no software updates are required for intermediate network nodes, routing protocol independent—this means that any future update of the route selection process will not induce changes on our scheme, and network friendly—the added volume of transiting data is only about

1.5 %

. Full article

► Show Figures

Figure 1

20 pages, 1338 KiB

Open AccessArticle

Efficient RO-PUF for Generation of Identifiers and Keys in Resource-Constrained Embedded Systems

by Macarena C. Martínez-Rodríguez, Luis F. Rojas-Muñoz, Eros Camacho-Ruiz, Santiago Sánchez-Solano and Piedad Brox

Cryptography 2022, 6(4), 51; https://doi.org/10.3390/cryptography6040051 - 05 Oct 2022

Cited by 7 | Viewed by 2931

Abstract

The generation of unique identifiers extracted from the physical characteristics of the underlying hardware ensures the protection of electronic devices against counterfeiting and provides security to the data they store and process. This work describes the design of an efficient Physical Unclonable Function [...] Read more.

The generation of unique identifiers extracted from the physical characteristics of the underlying hardware ensures the protection of electronic devices against counterfeiting and provides security to the data they store and process. This work describes the design of an efficient Physical Unclonable Function (PUF) based on the differences in the frequency of Ring Oscillators (ROs) with identical layout due to variations in the technological processes involved in the manufacture of the integrated circuit. The logic resources available in the Xilinx Series-7 programmable devices are exploited in the design to make it more compact and achieve an optimal bit-per-area rate. On the other hand, the design parameters can also be adjusted to provide a high bit-per-time rate for a particular target device. The PUF has been encapsulated as a configurable Intellectual Property (IP) module, providing it with an AXI4-Lite interface to ease its incorporation into embedded systems in combination with soft- or hard-core implementations of general-purpose processors. The capability of the proposed RO-PUF to generate implementation-dependent identifiers has been extensively tested, using a series of metrics to evaluate its reliability and robustness for different configuration options. Finally, in order to demonstrate its utility to improve system security, the identifiers provided by RO-PUFs implemented on different devices have been used in a Helper Data Algorithm (HDA) to obfuscate and retrieve a secret key. Full article

(This article belongs to the Special Issue Emerging Trends on Physical Security)

► Show Figures

Figure 1

45 pages, 912 KiB

Open AccessArticle

Cryptographic Rational Secret Sharing Schemes over General Networks

by Alfonso Labao and Henry Adorna

Cryptography 2022, 6(4), 50; https://doi.org/10.3390/cryptography6040050 - 01 Oct 2022

Cited by 1 | Viewed by 1647

Abstract

We propose cryptographic rational secret sharing protocols over general networks. In a general network, the dealer may not have direct connections to each player, and players may not have direct connections to each of the other players. We present conditions on the network [...] Read more.

We propose cryptographic rational secret sharing protocols over general networks. In a general network, the dealer may not have direct connections to each player, and players may not have direct connections to each of the other players. We present conditions on the network topology for which our proposed protocols are computational strict Nash equilibria and

(k - 1)

-resilient, along with analysis on their round and communication complexity. We also present new notions of equilibria such as

Φ

-resilient computational Nash equilibria, whereby a protocol is resilient to coalitions that satisfy conditions in

Φ

, regardless of the coalition’s size. We also propose

(n - 1)

-key leakage-tolerant equilibria applicable to cryptographic protocols involving secret keys, whereby the equilibrium holds even if some players acquire

(n - 1)

tuples of secret keys. Full article

► Show Figures

Figure 1

18 pages, 4948 KiB

Open AccessArticle

Blockchain of Resource-Efficient Anonymity Protection with Watermarking for IoT Big Data Market

by Chia-Hui Wang and Chih-Hao Hsu

Cryptography 2022, 6(4), 49; https://doi.org/10.3390/cryptography6040049 - 30 Sep 2022

Cited by 3 | Viewed by 1868

Abstract

According to the ever-growing supply and demand of IoT content, IoT big data in diversified applications are deemed a valuable asset by private and public sectors. Their privacy protection has been a hot research topic. Inspired by previous work on bounded-error-pruned IoT content [...] Read more.

According to the ever-growing supply and demand of IoT content, IoT big data in diversified applications are deemed a valuable asset by private and public sectors. Their privacy protection has been a hot research topic. Inspired by previous work on bounded-error-pruned IoT content market, we observe that the anonymity protection with robust watermarking can be developed by further pruning data for better resource-efficient IoT big data without violating the required quality of sensor service or quality of decision-making. In this paper, resource-efficient anonymity protection with watermarking is thus proposed for data consumers and owners of IoT big data market via blockchain. Our proposed scheme can provide the IoT data with privacy protections of both anonymity and ownership in IoT big data market with resource efficiency. The experiments of four different-type IoT datasets with different settings included bounded-errors, sub-stream sizes, watermark lengths, and ratios of data tampering. The performance results demonstrated that our proposed scheme can provide data owners and consumers with ownership and anonymity via watermarking the IoT big data streams for lossless compressibility. Meanwhile, the developed DApp with our proposed scheme on the Ethereum blockchain can help data owners freely share and trade with consumers in convenience with availability, reliability, and security without mutual trust. Full article

(This article belongs to the Special Issue Privacy-Preserving Techniques in Cloud/Fog and Internet of Things)

► Show Figures

Figure 1

23 pages, 808 KiB

Open AccessArticle

Post Quantum Design in SPDM for Device Authentication and Key Establishment

by Jiewen Yao, Krystian Matusiewicz and Vincent Zimmer

Cryptography 2022, 6(4), 48; https://doi.org/10.3390/cryptography6040048 - 21 Sep 2022

Cited by 4 | Viewed by 7350

Abstract

The Security Protocol and Data Model (SPDM) defines a set of flows whose purpose includes the authentication of a computing device’s hardware identity. SPDM also allows for the creation of a secure session wherein data communication between two devices has both confidentiality and [...] Read more.

The Security Protocol and Data Model (SPDM) defines a set of flows whose purpose includes the authentication of a computing device’s hardware identity. SPDM also allows for the creation of a secure session wherein data communication between two devices has both confidentiality and integrity protection. The present version of SPDM, namely version 1.2, relies upon traditional asymmetric cryptographic algorithms, and these algorithms are known to be vulnerable to quantum attacks. This paper describes the means by which support for post-quantum (PQ) cryptography can be added to the SPDM protocol in order to prepare SPDM for the upcoming world of quantum computing. As part of this paper, we examine the SPDM 1.2 protocol and discuss various aspects of using PQC algorithms, including negotiation of the use of post-quantum cryptography (PQC) algorithms, support for device identity reporting, mechanisms for device authentication, and establishing a secure session. We consider so-called “hybrid modes” where both classical and PQC algorithms are used to achieve security properties, especially given the fact that these modes are important during the transition period from the classical to the quantum computing regime. We also share our experience with implementing a software embodiment of PQC in SPDM, namely “PQ-SPDM”, and we provide benchmarks that evaluate a subset of the winning NIST PQC algorithms. Full article

► Show Figures

Figure 1

Journal Menu

Journal Browser

Cryptography, Volume 6, Issue 4 (December 2022) – 18 articles

Further Information

Guidelines

MDPI Initiatives

Follow MDPI