Cryptography: A Cybersecurity Toolkit

A special issue of Cryptography (ISSN 2410-387X).

Deadline for manuscript submissions: closed (31 December 2021) | Viewed by 40018

Special Issue Editors


E-Mail Website
Guest Editor
Data61, CSIRO (the Commonwealth Scientific and Industrial Research Organisation), Sydney, NSW 2000, Australia
Interests: robust distributed ML for cyber, adversarial ML, ML and cyber security (e.g., malware detection, control system security, SW and protocol vulnerability assessment, crypto function detection); malicious and applied cryptography; pulsar and quantum randomness

E-Mail Website
Guest Editor
1. Data61, CSIRO (The Commonwealth Scientific and Industrial Research Organisation), Sydney, NSW 2000, Australia
2. Insitute of Computer Science, Polish Academy of Science, 02-668 Warszawa, Poland
Interests: algorithms and complexity; cryptography; information security; security of computer networks
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cybersecurity has become increasingly important as we turn to the virtual world for communication, entertainment, education and work, to name a few such activities. This is very convenient but also exposes us to cyber criminals, who may try to interfere with our activities. Recent cyber-attacks against the US fuel pipeline and the JBS meatworks infrastructure illustrate this point. Cryptography can be seen as a security toolbox that provides us with algorithms and protocols for secure communication and interactions. The Special Issue explores recent progress in cybersecurity and cryptography. The topics that are of interest to this Special Issue include, but are not limited to:

  • Blockchain Technology
  • Cryptographic Algorithms and Protocols
  • Cloud Security
  • IoT and Lightweight Cryptography
  • Malware, Ransomware and Phishing
  • Privacy, Un-traceability and Anonymity
  • Secure Multiparty Computations
  • Security of Critical Infrastructure
  • Web Authentication

Dr. Seyit A. Camtepe
Prof. Dr. Josef Pieprzyk
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Cryptography is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Blockchain Technology
  • Cryptographic Algorithms and Protocols
  • Cloud Security
  • IoT and Lightweight Cryptography
  • Malware, Ransomware and Phishing
  • Privacy, Un-traceability and Anonymity
  • Secure Multiparty Computations
  • Security of Critical Infrastructure
  • Web Authentication

Published Papers (9 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

24 pages, 722 KiB  
Article
Continuous Nonintrusive Mobile Device Soft Keyboard Biometric Authentication
by Timothy Dee, Ian Richardson and Akhilesh Tyagi
Cryptography 2022, 6(2), 14; https://doi.org/10.3390/cryptography6020014 - 23 Mar 2022
Cited by 3 | Viewed by 2749
Abstract
Mobile banking, shopping, and in-app purchases utilize persistent authentication states for access to sensitive data. One-shot authentication permits access for a fixed time period. For instance, a username/password-based authentication allows a user access to all the shopping and payments data in the Amazon [...] Read more.
Mobile banking, shopping, and in-app purchases utilize persistent authentication states for access to sensitive data. One-shot authentication permits access for a fixed time period. For instance, a username/password-based authentication allows a user access to all the shopping and payments data in the Amazon shopping app. Traditional user passwords and lock screens are easily compromised. Snooping attacks—observing an unsuspecting user entering passwords—and smudge attacks—examining touchscreen finger oil residue—enable compromised user authentication. Mobile device interactions provide robust human and device identity data. Such biometrics enhance authentication. In this paper, behavioral attributes during user input constitute the password. Adversary password reproduction difficulty increases since pure observation is insufficient. Current mobile continuous authentication schemes use, among others, touchscreen–swipe interactions or keyboard input timing. Many of these methods require cumbersome training or intrusive authentication. Software keyboard interactions provide a consistent biometric data stream. We develop biometric profiles using touch pressure, location, and timing. New interactions authenticate against a profile using a divergence measure. In our limited user–device data sets, the classification achieves virtually perfect accuracy. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
Show Figures

Figure 1

12 pages, 1753 KiB  
Article
Trusted and Secure Blockchain-Based Durable Medium Electronic Service
by Grzegorz Bazydło, Remigiusz Wiśniewski and Kamil Kozdrój
Cryptography 2022, 6(1), 10; https://doi.org/10.3390/cryptography6010010 - 21 Feb 2022
Cited by 4 | Viewed by 2815
Abstract
A novel, trusted, and secure durable medium electronic service is proposed in the paper. The proposed idea joins cryptographic methods (such as signing with an electronic seal and data encryption) with blockchain techniques. The e-service and blockchain databases were implemented on the TTP [...] Read more.
A novel, trusted, and secure durable medium electronic service is proposed in the paper. The proposed idea joins cryptographic methods (such as signing with an electronic seal and data encryption) with blockchain techniques. The e-service and blockchain databases were implemented on the TTP side, which made the presented concept trusted and secure. The proposed electronic service was oriented towards practical implementations, and it has commonly been developed together with a company from the cybersecurity field (which is considered a TTP in the proposed approach). The concept has been designed to meet the requirements of Polish law (i.e., the conditions and regulations related to the implementation of the durable medium in Poland); nevertheless, it can easily be adapted for other regions. The functionality of the presented e-service is illustrated by the example case study. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
Show Figures

Figure 1

22 pages, 699 KiB  
Article
A Survey on Group Signatures and Ring Signatures: Traceability vs. Anonymity
by Maharage Nisansala Sevwandi Perera, Toru Nakamura, Masayuki Hashimoto, Hiroyuki Yokoyama, Chen-Mou Cheng and Kouichi Sakurai
Cryptography 2022, 6(1), 3; https://doi.org/10.3390/cryptography6010003 - 19 Jan 2022
Cited by 16 | Viewed by 5796
Abstract
This survey reviews the two most prominent group-oriented anonymous signature schemes and analyzes the existing approaches for their problem: balancing anonymity against traceability. Group signatures and ring signatures are the two leading competitive signature schemes with a rich body of research. Both group [...] Read more.
This survey reviews the two most prominent group-oriented anonymous signature schemes and analyzes the existing approaches for their problem: balancing anonymity against traceability. Group signatures and ring signatures are the two leading competitive signature schemes with a rich body of research. Both group and ring signatures enable user anonymity with group settings. Any group user can produce a signature while hiding his identity in a group. Although group signatures have predefined group settings, ring signatures allow users to form ad-hoc groups. Preserving user identities provided an advantage for group and ring signatures. Thus, presently many applications utilize them. However, standard group signatures enable an authority to freely revoke signers’ anonymity. Thus, the authority might weaken the anonymity of innocent users. On the other hand, traditional ring signatures maintain permanent user anonymity, allowing space for malicious user activities; thus achieving the requirements of privacy-preserved traceability in group signatures and controlled anonymity in ring signatures has become desirable. This paper reviews group and ring signatures and explores the existing approaches that address the identification of malicious user activities. We selected many papers that discuss balancing user tracing and anonymity in group and ring signatures. Since this paper scrutinizes both signatures from their basic idea to obstacles including tracing users, it provides readers a broad synthesis of information about two signature schemes with the knowledge of current approaches to balance excessive traceability in group signatures and extreme anonymity in ring signatures. This paper will also shape the future research directions of two critical signature schemes that require more awareness. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
13 pages, 299 KiB  
Article
Functional Encryption for Pattern Matching with a Hidden String
by Jongkil Kim, Yang-Wai Chow, Willy Susilo, Joonsang Baek and Intae Kim
Cryptography 2022, 6(1), 1; https://doi.org/10.3390/cryptography6010001 - 31 Dec 2021
Cited by 1 | Viewed by 2585
Abstract
We propose a new functional encryption for pattern matching scheme with a hidden string. In functional encryption for pattern matching (FEPM), access to a message is controlled by its description and a private key that is used to evaluate the description for decryption. [...] Read more.
We propose a new functional encryption for pattern matching scheme with a hidden string. In functional encryption for pattern matching (FEPM), access to a message is controlled by its description and a private key that is used to evaluate the description for decryption. In particular, the description with which the ciphertext is associated is an arbitrary string w and the ciphertext can only be decrypted if its description matches the predicate of a private key which is also a string. Therefore, it provides fine-grained access control through pattern matching alone. Unlike related schemes in the literature, our scheme hides the description that the ciphertext is associated with. In many practical scenarios, the description of the ciphertext cannot be public information as an attacker may abuse the message description to identify the data owner or classify the target ciphertext before decrypting it. Moreover, some data owners may not agree to reveal any ciphertext information since it simply gives greater advantage to the adversary. In this paper, we introduce the first FEPM scheme with a hidden string, such that the adversary cannot get any information about the ciphertext from its description. The security of our scheme is formally analyzed. The proposed scheme provides both confidentiality and anonymity while maintaining its expressiveness. We prove these security properties under the interactive general Diffie–Hellman assumption (i-GDH) and a static assumption introduced in this paper. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
29 pages, 1127 KiB  
Article
ES-HAS: ECC-Based Secure Handover Authentication Scheme for Roaming Mobile User in Global Mobility Networks
by Suvidha K. S., Jothi Rangasamy, Shyam S. Kamath and Cheng-Chi Lee
Cryptography 2021, 5(4), 35; https://doi.org/10.3390/cryptography5040035 - 13 Dec 2021
Cited by 2 | Viewed by 2741
Abstract
The design and implementation of two-factor schemes designed for roaming mobile users for global mobility networks in smart cities requires attention to protect the scheme from various security attacks, such as the replay attack, impersonation attack, man-in-the-middle attack, password-guessing attack and stolen-smart-card attack. [...] Read more.
The design and implementation of two-factor schemes designed for roaming mobile users for global mobility networks in smart cities requires attention to protect the scheme from various security attacks, such as the replay attack, impersonation attack, man-in-the-middle attack, password-guessing attack and stolen-smart-card attack. In addition to these attacks, the scheme should achieve user anonymity, unlinkability and perfect forward secrecy. In the roaming scenario, as mobile users are connected to the foreign network, mobile users must provide authentication details to the foreign network to which they are connected. The foreign network forwards the authentication messages received from the mobile users to their home network. The home network validates the authenticity of the mobile user. In the roaming scenario, all communication between the three entities is carried over an insecure channel. It is assumed that the adversary has the capabilities to intercept the messages transmitted over an insecure channel. Hence, the authentication scheme designed must be able to resist the above-mentioned security attacks and achieve the security goals. Our proposed scheme ES-HAS (elliptic curve-based secure handover authentication scheme) is a two-factor authentication scheme in which the mobile user possesses the password, and the smart card resists the above-mentioned security attacks. It also achieves the above-mentioned security goals. We also extended our two-factor authentication to a multi-factor authentication scheme using the fingerprint biometric technique. The formal security analysis using BAN logic and the formal security verification of the proposed scheme using the widely accepted AVISPA (automated validation of internet security protocols and applications) tool is presented in this article. In comparison with the related schemes, the proposed scheme is more efficient and robust. This makes the proposed scheme suitable for practical implementation. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
Show Figures

Figure 1

20 pages, 3792 KiB  
Article
Investigating Deep Learning Approaches on the Security Analysis of Cryptographic Algorithms
by Bang Yuan Chong and Iftekhar Salam
Cryptography 2021, 5(4), 30; https://doi.org/10.3390/cryptography5040030 - 24 Oct 2021
Cited by 6 | Viewed by 5098
Abstract
This paper studies the use of deep learning (DL) models under a known-plaintext scenario. The goal of the models is to predict the secret key of a cipher using DL techniques. We investigate the DL techniques against different ciphers, namely, Simplified Data Encryption [...] Read more.
This paper studies the use of deep learning (DL) models under a known-plaintext scenario. The goal of the models is to predict the secret key of a cipher using DL techniques. We investigate the DL techniques against different ciphers, namely, Simplified Data Encryption Standard (S-DES), Speck, Simeck and Katan. For S-DES, we examine the classification of the full key set, and the results are better than a random guess. However, we found that it is difficult to apply the same classification model beyond 2-round Speck. We also demonstrate that DL models trained under a known-plaintext scenario can successfully recover the random key of S-DES. However, the same method has been less successful when applied to modern ciphers Speck, Simeck, and Katan. The ciphers Simeck and Katan are further investigated using the DL models but with a text-based key. This application found the linear approximations between the plaintext–ciphertext pairs and the text-based key. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
Show Figures

Figure 1

19 pages, 2890 KiB  
Article
On General Data Protection Regulation Vulnerabilities and Privacy Issues, for Wearable Devices and Fitness Tracking Applications
by Irene Ioannidou and Nicolas Sklavos
Cryptography 2021, 5(4), 29; https://doi.org/10.3390/cryptography5040029 - 18 Oct 2021
Cited by 13 | Viewed by 7662
Abstract
Individual users’ sensitive information, such as heart rate, calories burned, or even sleep patterns, are casually tracked by smart wearable devices to be further processed or exchanged, utilizing the ubiquitous capabilities of Internet of Things (IoT) technologies. This work aims to explore the [...] Read more.
Individual users’ sensitive information, such as heart rate, calories burned, or even sleep patterns, are casually tracked by smart wearable devices to be further processed or exchanged, utilizing the ubiquitous capabilities of Internet of Things (IoT) technologies. This work aims to explore the existing literature on various data privacy concerns, posed by the use of wearable devices, and experimentally analyze the data exchanged through mobile applications, in order to identify the underlying privacy and security risks. Emulating a man-in-the-middle attack scenario, five different commercial fitness tracking bands are examined, in order to test and analyze all data transmitted by each vendor’s suggested applications. The amount of personal data collected, processed, and transmitted for advertising purposes was significant and, in some cases, highly affected the network’s total overhead. Some of the applications examined requested access for sensitive data driven device functionalities, such as messaging, phone calling, audio recording, and camera usage, without any clear or specific reason stated by their privacy policy. This paper concludes by listing the most critical aspects in terms of privacy and security concerning some of the most popular commercial fitness tracking applications. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
Show Figures

Figure 1

22 pages, 428 KiB  
Article
A Fault Attack on the Family of Enocoro Stream Ciphers
by Julian Danner and Martin Kreuzer
Cryptography 2021, 5(4), 26; https://doi.org/10.3390/cryptography5040026 - 30 Sep 2021
Viewed by 2455
Abstract
A differential fault attack framework for the Enocoro family of stream ciphers is presented. We only require that the attacker can reset the internal state and inject a random byte-fault, in a random register, during a known time period. For a single fault [...] Read more.
A differential fault attack framework for the Enocoro family of stream ciphers is presented. We only require that the attacker can reset the internal state and inject a random byte-fault, in a random register, during a known time period. For a single fault injection, we develop a differential clocking algorithm that computes a set of linear equations in the in- and output differences of the non-linear parts of the cipher and relates them to the differential keystream. The usage of these equations is two-fold. Firstly, one can determine those differentials that can be computed from the faulty keystream, and secondly they help to pin down the actual location and timing of the fault injection. Combining these results, each fault injection gives us information on specific small parts of the internal state. By encoding the information we gain from several fault injections using the weighted Horn clauses, we construct a guessing path that can be used to quickly retrieve the internal state using a suitable heuristic. Finally, we evaluate our framework with the ISO-standardized and CRYPTREC candidate recommended cipher Enocoro-128v2. Simulations show that, on average, the secret key can be retrieved within 20 min on a standard workstation using less than five fault injections. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
Show Figures

Figure 1

Review

Jump to: Research

33 pages, 562 KiB  
Review
Cryptography as the Means to Protect Fundamental Human Rights
by Konstantinos Limniotis
Cryptography 2021, 5(4), 34; https://doi.org/10.3390/cryptography5040034 - 30 Nov 2021
Cited by 5 | Viewed by 6701
Abstract
Cryptography is traditionally considered as a main information security mechanism, providing several security services such as confidentiality, as well as data and entity authentication. This aspect is clearly relevant to the fundamental human right of privacy, in terms of securing data from eavesdropping [...] Read more.
Cryptography is traditionally considered as a main information security mechanism, providing several security services such as confidentiality, as well as data and entity authentication. This aspect is clearly relevant to the fundamental human right of privacy, in terms of securing data from eavesdropping and tampering, as well as from masquerading their origin. However, cryptography may also support several other (legal) requirements related to privacy. For example, in order to fulfil the data minimisation principle—i.e., to ensure that the personal data that are being processed are adequate and limited only to what is necessary in relation to the purposes for which they are processed—the use of advanced cryptographic techniques such as secure computations, zero-knowledge proofs or homomorphic encryption may be prerequisite. In practice though, it seems that the organisations performing personal data processing are not fully aware of such solutions, thus adopting techniques that pose risks for the rights of individuals. This paper aims to provide a generic overview of the possible cryptographic applications that suffice to address privacy challenges. In the process, we shall also state our view on the public “debate” on finding ways so as to allow law enforcement agencies to bypass the encryption of communication. Full article
(This article belongs to the Special Issue Cryptography: A Cybersecurity Toolkit)
Show Figures

Figure 1

Back to TopTop