Frontiers in Network Security and Cryptography

A special issue of Mathematics (ISSN 2227-7390). This special issue belongs to the section "Mathematics and Computer Science".

Deadline for manuscript submissions: closed (31 January 2024) | Viewed by 17631

Special Issue Editors


E-Mail Website
Guest Editor
Department of Cryptography and Technology, Nankai University, Tianjin 300071, China
Interests: information security; cryptography; artificial intelligence security

E-Mail Website
Guest Editor
School of Cyber Engineering, Xidian University, Xi'an 710071, China
Interests: digital identity; network security

Special Issue Information

Dear Colleagues,

Network security is a multidisciplinary area in computer science and engineering, while cryptography—which evolved from applied mathematics—constitutes the core technology to ensure network security. To protect information systems against potential attacks, network security and cryptography mainly focus on the development and implementation of security mechanisms. At present, around five billion people around the world are connected through networks to enable the exchange and sharing of information of all kinds, making security and privacy serious issues in various applications. Additionally, rapidly evolving computing paradigms and computing environments such as edge computing, cloud computing, Internet of Things (IoT), blockchain, metaverse, and other large-scale computing environments have made the security of information in storage and during transmission crucial in our daily digital lives.

With the developments of computing and communication technologies, new security challenges emerge constantly. Attacks of all kinds, such as hacking, impersonation, traffic analysis, etc., cause devastating damages to the confidentiality, integrity and availability of information. To address such new threats, cryptography algorithms and technologies need to be enriched with new elements and developments in mathematics such as number theory and graph theory. In the meantime, new security countermeasures can be proposed on the basis of advancements in cryptography.  

This Special Issue is dedicated to exploring the theories and the recent trends in the development of network security as well as the application of cryptography to counter security and privacy problems. We are soliciting contributions (research articles) covering a broad range of topics on frontiers in network security and cryptography, including but not limited to the following:

  • new cryptographic primitives evolved from mathematics;
  • cryptographic protocols for network security;
  • new cryptographic techniques for mobile networks;
  • new authentication techniques for network security;
  • network security with symmetry cryptographic techniques;
  • network security with asymmetry cryptographic techniques;
  • security and privacy in Internet of Things;
  • security and privacy in blockchain;
  • security and privacy in big data;
  • security and privacy in cloud and edge computing;
  • explicable machine learning theories for network security;
  • hardware security attacks and countermeasures.

Prof. Dr. Ding Wang
Prof. Dr. Qi Jiang
Dr. Chunhua Su
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Mathematics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (12 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

16 pages, 1471 KiB  
Article
A Novel Seed Generation Approach for Vulnerability Mining Based on Generative Adversarial Networks and Attention Mechanisms
by Chunlai Du, Guizhi Xu, Yanhui Guo, Zhongru Wang and Weiqiang Yu
Mathematics 2024, 12(5), 745; https://doi.org/10.3390/math12050745 - 01 Mar 2024
Viewed by 541
Abstract
Coverage-guided fuzzing has been widely applied in software error and security vulnerability detection. The fuzzing technique based on AFL (American Fuzzy Loop) is a common coverage-guided fuzzing method. The code coverage during AFL fuzzing is highly dependent on the quality of the initial [...] Read more.
Coverage-guided fuzzing has been widely applied in software error and security vulnerability detection. The fuzzing technique based on AFL (American Fuzzy Loop) is a common coverage-guided fuzzing method. The code coverage during AFL fuzzing is highly dependent on the quality of the initial seeds. If the selected seeds’ quality is poor, the AFL may not be able to detect program paths in a targeted manner, resulting in wasted time and computational resources. To solve the problems that the seed selection strategy in traditional AFL fuzzing cannot quickly and effectively generate high-quality seed sets and the mutated test cases cannot reach deeper paths and trigger security vulnerabilities, this paper proposes an attention mechanism-based generative adversarial network (GAN) seed generation approach for vulnerability mining, which can learn the characteristics and distribution of high-quality test samples during the testing process and generate high-quality seeds for fuzzing. The proposed method improves the GAN by introducing fully connected neural networks to balance the competitive adversarial process between discriminators and generators and incorporating attention mechanisms, greatly improving the quality of generated seeds. Our experimental results show that the seeds generated by the proposed method have significant improvements in coverage, triggering unique crashes and other indicators and improving the efficiency of AFL fuzzing. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

15 pages, 1170 KiB  
Article
Dynamic S-Box Construction Using Mordell Elliptic Curves over Galois Field and Its Applications in Image Encryption
by Amal S. Alali, Rashad Ali, Muhammad Kamran Jamil, Javed Ali and Gulraiz
Mathematics 2024, 12(4), 587; https://doi.org/10.3390/math12040587 - 16 Feb 2024
Viewed by 683
Abstract
Elliptic curve cryptography has gained attention due to its strong resilience against current cryptanalysis methods. Inspired by the increasing demand for reliable and secure cryptographic methods, our research investigates the relationship between complex mathematical structures and image encryption. A substitution box (S-box) is [...] Read more.
Elliptic curve cryptography has gained attention due to its strong resilience against current cryptanalysis methods. Inspired by the increasing demand for reliable and secure cryptographic methods, our research investigates the relationship between complex mathematical structures and image encryption. A substitution box (S-box) is the single non-linear component of several well-known security systems. Mordell elliptic curves are used because of their special characteristics and the immense computational capacity of Galois fields. These S-boxes are dynamic, which adds a layer of complexity that raises the encryption process’s security considerably. We suggest an effective technique for creating S-boxes based on a class of elliptic curves over GF(2n),n8. We demonstrate our approach’s robustness against a range of cryptographic threats through thorough examination, highlighting its practical applicability. The assessment of resistance of the newly generated S-box to common attack methods including linear, differential, and algebraic attacks involves a thorough analysis. This analysis is conducted by quantifying various metrics such as non-linearity, linear approximation, strict avalanche, bit independence, and differential approximation to gauge the S-box’s robustness against these attacks. A recommended method for image encryption involves the use of built-in S-boxes to quickly perform pixel replacement and shuffling. To evaluate the efficiency of the proposed strategy, we employed various tests. The research holds relevance as it can provide alternative guidelines for image encryption, which could have wider consequences for the area of cryptography as a whole. We believe that our findings will contribute to the development of secure communication and data protection, as digital security is becoming increasingly important. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

17 pages, 5683 KiB  
Article
Reversible Data Hiding for Color Images Using Channel Reference Mapping and Adaptive Pixel Prediction
by Dan He and Zhanchuan Cai
Mathematics 2024, 12(4), 517; https://doi.org/10.3390/math12040517 - 07 Feb 2024
Viewed by 553
Abstract
Reversible data hiding (RDH) is a technique that embeds secret data into digital media while preserving the integrity of the original media and the secret data. RDH has a wide range of application scenarios in industrial image processing, such as intellectual property protection [...] Read more.
Reversible data hiding (RDH) is a technique that embeds secret data into digital media while preserving the integrity of the original media and the secret data. RDH has a wide range of application scenarios in industrial image processing, such as intellectual property protection and data integrity verification. However, with the increasing prevalence of color images in industrial applications, traditional RDH methods for grayscale images are inadequate to meet the requirements of image fidelity. This paper proposes an RDH method for color images based on channel reference mapping (CRM) and adaptive pixel prediction. Initially, the CRM mode for a color image is established based on the pixel variation correlation between the RGB channels. Then, the pixel local complexity context is adaptively selected using the CRM mode. Next, each pixel value is adaptively predicted based on the features and characteristics of adjacent pixels and reference channels, and then data is embedded by expanding the prediction error. Finally, we compare seven existing RDH algorithms on the standard image dataset and the Kodak dataset to validate the advantages of our method. The experimental results demonstrate that our approach achieves average peak signal-to-noise ratio (PSNR) values of 63.61 and 60.53 dB when embedding 20,000 and 40,000 bits of data, respectively. These PSNR values surpass those of other RDH methods. These findings indicate that our method can effectively preserve the visual quality of images even under high embedding capacities. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

22 pages, 5003 KiB  
Article
Enhancing the Security: A Lightweight Authentication and Key Agreement Protocol for Smart Medical Services in the IoHT
by Tsu-Yang Wu, Liyang Wang and Chien-Ming Chen
Mathematics 2023, 11(17), 3701; https://doi.org/10.3390/math11173701 - 28 Aug 2023
Cited by 5 | Viewed by 974
Abstract
The Internet of Things (IoT) has witnessed significant growth with advancements in Internet and wireless technologies. In the medical field, the Internet of Health Things (IoHT) has emerged as an extension of the IoT, enabling the exchange of remote data and real-time monitoring [...] Read more.
The Internet of Things (IoT) has witnessed significant growth with advancements in Internet and wireless technologies. In the medical field, the Internet of Health Things (IoHT) has emerged as an extension of the IoT, enabling the exchange of remote data and real-time monitoring of patients’ health conditions. Through the IoHT, doctors can promptly provide diagnoses and treatment for patients. As patient data are transmitted over public channels, security issues may arise, necessitating security mechanisms. Recently, Amintoosi et al. proposed an authentication protocol for smart medical services in the IoHT. However, their protocol exhibited security weaknesses, including vulnerabilities to privileged insider attacks. To address the security concerns, we propose an enhanced authentication and key agreement protocol. The security of our protocol is rigorously analyzed using the Real-Or-Random model, informal security analysis, and the AVISPA tool. Finally, the results of our analysis demonstrate that our proposed protocol ensures sufficient security while maintaining a performance level similar to existing protocols. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

23 pages, 2912 KiB  
Article
Cross-Server End-to-End Patient Key Agreement Protocol for DNA-Based U-Healthcare in the Internet of Living Things
by Tuan-Vinh Le
Mathematics 2023, 11(7), 1638; https://doi.org/10.3390/math11071638 - 28 Mar 2023
Cited by 1 | Viewed by 2021
Abstract
(1) Background: Third-generation sequencing (TGS) technique directly sequences single deoxyribonucleic acid (DNA) molecules, enabling real-time sequencing and reducing sequencing time from a few days to a few hours. Sequencing devices can be miniaturized and DNA-reading sensors placed on the body to monitor human [...] Read more.
(1) Background: Third-generation sequencing (TGS) technique directly sequences single deoxyribonucleic acid (DNA) molecules, enabling real-time sequencing and reducing sequencing time from a few days to a few hours. Sequencing devices can be miniaturized and DNA-reading sensors placed on the body to monitor human health and vital signs, building an “internet of living things” (IoLT) facilitating ubiquitous healthcare services. In many cases, patients may wish to directly connect to each other for purposes of sharing real-time sequencing data, medical status or trading genomic data, etc. (2) Problems: User registration for a specific service may be limited due to some reason. Registering for multiple redundant services would also result in wasted money and possible wasteful communication overhead. In addition, since medical data and health information are very sensitive, security and privacy issues in the network are of paramount importance. (3) Methods: In this article, I propose a cross-server end-to-end (CS-E2E) patient authenticated key agreement protocol for DNA-based healthcare services in IoLT networks. My work allows two patients to mutually authenticate each other through assistance of respective servers, so that they can establish a reliable shared session key for securing E2E communications. The design employs multiple cost-saving solutions and robust cryptographic primitives, including smart-card-based single sign-on, elliptic curve cryptography, biohash function, etc. (4) Results: My proposed protocol is proven to be secure against various attacks and to incur reasonable communication cost compared to its predecessor works. The protocol also provides the support for more security properties and better functionalities. (5) Conclusions: The E2E communications between the patients are properly protected using the proposed approach. This assures a secure and efficient cross-server patient conversation for multiple purposes of healthcare communication. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

16 pages, 1469 KiB  
Article
The Data Privacy Protection Method for Hyperledger Fabric Based on Trustzone
by Wen Gao, Xinhong Hei and Yichuan Wang
Mathematics 2023, 11(6), 1357; https://doi.org/10.3390/math11061357 - 10 Mar 2023
Cited by 1 | Viewed by 2304
Abstract
Hyperledger Fabric is a distributed ledger solution platform based on a modular architecture. The cryptographic algorithm is the core of the platform to ensure the security and tamper-resistant of the data on the chain. However, the original Fabric platform lacks the protection of [...] Read more.
Hyperledger Fabric is a distributed ledger solution platform based on a modular architecture. The cryptographic algorithm is the core of the platform to ensure the security and tamper-resistant of the data on the chain. However, the original Fabric platform lacks the protection of user’s keys and cryptographic operations. To this end, this paper proposes a data privacy protection method for Hyperledger Fabric based on Trustzone technology, which places the user‘s key and the cryptographic operation process of private data in the trusted execution environment for protection. The experimental results based on the existing blockchain network show that the scheme can effectively ensure the security of data encryption process and key static storage, greatly reduce the trusted computing base and the attack surface. The performance loss is within an acceptable range. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

11 pages, 1137 KiB  
Article
A New Construction of Weightwise Perfectly Balanced Functions with High Weightwise Nonlinearity
by Qinglan Zhao, Yu Jia, Dong Zheng and Baodong Qin
Mathematics 2023, 11(5), 1193; https://doi.org/10.3390/math11051193 - 28 Feb 2023
Cited by 1 | Viewed by 1087
Abstract
The FLIP cipher was proposed at Eurocrypt 2016 for the purpose of meliorating the efficiency of fully homomorphic cryptosystems. Weightwise perfectly balanced Boolean functions meet the balancedness requirement of the filter function in FLIP ciphers, and the construction of them has attracted serious [...] Read more.
The FLIP cipher was proposed at Eurocrypt 2016 for the purpose of meliorating the efficiency of fully homomorphic cryptosystems. Weightwise perfectly balanced Boolean functions meet the balancedness requirement of the filter function in FLIP ciphers, and the construction of them has attracted serious attention from researchers. Nevertheless, the literature is still thin. Modifying the supports of functions with a low degree is a general construction technique whose key problem is to find a class of available low-degree functions. We first seek out a class of quadratic functions and then, based on these functions, present the new construction of weightwise perfectly balanced Boolean functions by adopting an iterative approach. It is worth mentioning that the functions we construct have good performance in weightwise nonlinearity. In particular, some p-weight nonlinearities achieve the highest values in the literature for a small number of variables. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

33 pages, 1052 KiB  
Article
Lattice Enumeration with Discrete Pruning: Improvements, Cost Estimation and Optimal Parameters
by Luan Luan, Chunxiang Gu, Yonghui Zheng and Yanan Shi
Mathematics 2023, 11(3), 766; https://doi.org/10.3390/math11030766 - 03 Feb 2023
Viewed by 1270
Abstract
Lattice enumeration is a linear-space algorithm for solving the shortest lattice vector problem (SVP). Extreme pruning is a practical technique for accelerating lattice enumeration, which has a mature theoretical analysis and practical implementation. However, these works have yet to be applied to discrete [...] Read more.
Lattice enumeration is a linear-space algorithm for solving the shortest lattice vector problem (SVP). Extreme pruning is a practical technique for accelerating lattice enumeration, which has a mature theoretical analysis and practical implementation. However, these works have yet to be applied to discrete pruning. In this paper, we improve the discrete pruned enumeration (DP enumeration) and provide a solution to the problem proposed by Léo Ducas and Damien Stehlé regarding the cost estimation of discrete pruning. We first rectify the randomness assumption to more precisely describe the lattice point distribution of DP enumeration. Then, we propose a series of improvements, including a new polynomial-time binary search algorithm for cell enumeration radius, a refined cell-decoding algorithm and a rerandomization and reprocessing strategy, all aiming to lift the efficiency and build a more precise cost-estimation model for DP enumeration. Based on these theoretical and practical improvements, we build a precise cost-estimation model for DP enumeration by simulation, which has good accuracy in experiments. This DP simulator enables us to propose an optimization method of calculating the optimal parameters of DP enumeration to minimize the running time. The experimental results and asymptotic analysis both show that the discrete pruning method could outperform extreme pruning, which means that our optimized DP enumeration might become the most efficient polynomial-space SVP solver to date. An open-source implementation of DP enumeration with its simulator is also provided. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

24 pages, 1405 KiB  
Article
Secure Authentication in the Smart Grid
by Mehdi Hosseinzadeh, Rizwan Ali Naqvi, Masoumeh Safkhani, Lilia Tightiz and Raja Majid Mehmood
Mathematics 2023, 11(1), 176; https://doi.org/10.3390/math11010176 - 29 Dec 2022
Cited by 1 | Viewed by 1584
Abstract
Authenticated key agreement is a process in which protocol participants communicate over a public channel to share a secret session key, which is then used to encrypt data transferred in subsequent communications. LLAKEP, an authenticated key agreement protocol for Energy Internet of Things [...] Read more.
Authenticated key agreement is a process in which protocol participants communicate over a public channel to share a secret session key, which is then used to encrypt data transferred in subsequent communications. LLAKEP, an authenticated key agreement protocol for Energy Internet of Things (EIoT) applications, was recently proposed by Zhang et al. While the proposed protocol has some interesting features, such as putting less computation on edge devices versus the server side, its exact security level is unclear. As a result, we shed light on its security in this paper through careful security analysis against various attacks. Despite the designers’ security claims in the random oracle model and its verification using GNY logic, this study demonstrates that this protocol has security weaknesses. We show that LLAKEP is vulnerable to traceability, dictionary, stolen smart glass, known session-specific temporary information, and key compromise impersonation attacks. Furthermore, we demonstrate that it does not provide perfect forward secrecy. To the best of our knowledge, it is the protocol’s first independent security analysis. To overcome the LLAKEP vulnerabilities, we suggested the LLAKEP+ protocol, based on the same set of cryptographic primitives, namely the one-way hash function and ECC point multiplication. Our comprehensive security analysis demonstrates its resistance to different threats, such as impersonation, privileged insider assaults, and stolen smart glass attacks, along with its resistance to sophisticated assaults, such as key compromised impersonation (KCI) and known session-specific temporary information (KSTI). The overhead of the proposed protocol is acceptable compared to the provided security level. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

14 pages, 429 KiB  
Article
A Delegation Attack Method on Attribute-Based Signatures and Probable Solutions
by Jialu Hao, Wei Wu, Shuo Wang, Xiaoge Zhong, Guang Chu and Feng Shao
Mathematics 2023, 11(1), 29; https://doi.org/10.3390/math11010029 - 21 Dec 2022
Viewed by 1228
Abstract
Attribute-based signature (ABS) assures the verifier that the message is endorsed by a signer whose attributes satisfy the claimed attribute policy (predicate); thus, it can provide identity authentication with privacy preservation in scenarios like anonymous communication and access control. However, we have found [...] Read more.
Attribute-based signature (ABS) assures the verifier that the message is endorsed by a signer whose attributes satisfy the claimed attribute policy (predicate); thus, it can provide identity authentication with privacy preservation in scenarios like anonymous communication and access control. However, we have found that the inherent delegatibility of attribute-based cryptography, which enables the utilization of relationship between policies, could make most of the existing ABS constructions not satisfy the unforgeability requirement under the common security model. In this paper, we dig into the delegatibility property of ABS for the first time and propose the potential delegation attack to break the unforgeability of the existing ABS constructions under the common security model. We also give two attack instances on a typical ABS construction to demonstrate the feasibility of the proposed delegation attack. Finally, we present two solutions to improve the above issue and give a further discussion about the delegatibility property of ABS. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

19 pages, 3842 KiB  
Article
Address Privacy of Bluetooth Low Energy
by Dazhi Sun and Yangguang Tian
Mathematics 2022, 10(22), 4346; https://doi.org/10.3390/math10224346 - 19 Nov 2022
Viewed by 2166
Abstract
Bluetooth low energy (LE) devices have been widely used in the Internet of Things (IoT) and wireless personal area networks (WPAN). However, attackers may compromise user privacy by tracking the addresses of the LE device. The resolvable private address (RPA) mechanism provides address [...] Read more.
Bluetooth low energy (LE) devices have been widely used in the Internet of Things (IoT) and wireless personal area networks (WPAN). However, attackers may compromise user privacy by tracking the addresses of the LE device. The resolvable private address (RPA) mechanism provides address privacy protection for the LE device. Similar to Zhang and Lin’s work in CCS 2022, we investigate the privacy of the RPA mechanism in this paper. Our contributions are threefold. First, we discover that the RPA mechanism has a privacy weakness. The attacker can track the targeted device by exploiting the runs of the RPA mechanism when he intercepts the targeted device’s obsolete RPA value. Second, we propose an improved RPA mechanism to overcome the privacy weakness in the RPA mechanism. The improved RPA mechanism leads to a small amount of extra overheads without requiring modification to the basic cryptographic tools used in the standard specification. Third, we formalize a privacy model to capture the address privacy of the RPA mechanisms. Our improved RPA mechanism provides enhanced privacy guarantees to Bluetooth LE devices in wireless personal applications. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

20 pages, 6118 KiB  
Article
A Provable Secure Session Key Distribution Protocol Based on NSSK for In-Vehicle CAN Network
by Long Yin, Jian Xu, Zihao Wang and Chen Wang
Mathematics 2022, 10(16), 2903; https://doi.org/10.3390/math10162903 - 12 Aug 2022
Cited by 1 | Viewed by 1556
Abstract
Many CAN-based session key sharing approaches are based on the group key scheme, which can easily lead advanced adversaries to infiltrate all ECUs (electronic control units) in the network if the sharing key is leaked. To address the above problem, we propose a [...] Read more.
Many CAN-based session key sharing approaches are based on the group key scheme, which can easily lead advanced adversaries to infiltrate all ECUs (electronic control units) in the network if the sharing key is leaked. To address the above problem, we propose a provable secure session key distribution protocol based on the improved NSSK (Needham–Schroeder shared key) protocol for the in-vehicle CAN network. We applied the mechanisms of message authentication and digital signature to fix the defects of the original NSSK regarding its lack of resistance to the Denning–Sacco attack. Then, we analyzed the provable security of the proposed protocol on the random oracle model and verified the security goals of the protocol by using the simulation tools AVISPA and Tamarin Prover; the results reflect that the protocol met the security requirements for key distribution such as session key secrecy, injective agreement, and known key secrecy. Finally, we compared our new protocol with other key distribution protocols in CAN bus communication to evaluate the performance of the new protocol in actual scenarios. The result shows that the protocol is secure against many payload-based attacks and is practical for in-vehicle CAN networks. Full article
(This article belongs to the Special Issue Frontiers in Network Security and Cryptography)
Show Figures

Figure 1

Back to TopTop