An improved chacha algorithm for securing data on IoT devices

AbstractIn recent years, revolution of development was exceedingly quick in the Internet. Nevertheless, instead of only linking personal computers, mobiles and wearable equipment's, Internet growths from a web binding to true world physical substances that is indicated to novel connotation, which is labeled as Internet of Things (IoT). This concept is utilized in many scopes like education, health care, agriculture and commerce. IoT devices are presented with batteries to have independence from electric current; consequently, their working time is specified by the total time of the power of these batteries. In many IoT applications, data of IoT devices are extremely critical and should be encrypted. Current encryption approaches are created with a high complexity of an arithmetical process to provide a high level of security. However, these arithmetical processes lead to troubles concerning the efficiency and power consumption. ChaCha cipher is one of these approaches, which recently attracted attention due to its deployment in several applications by Google. In the present study, a new stream cipher procedure is proposed (called Super ChaCha), which performs low duty cycles for securing data on IoT devices. The proposed algorithm represents an improved revision to the standard ChaCha algorithm by increasing resistance to cryptanalysis. The modification focuses on rotation procedure which has been changed from a fixed constant to a variable constant based on random value. Also, the inputs of the cipher are changing in the columns form followed by diagonals form to zigzag form and then by alternate form to provide improved diffusion in comparison with the standard ChaCha. Results regarding the security illustrate that Super ChaCha needs 2512 probable keys to break by brute-force attack. Furthermore, the randomness of Super ChaCha successfully passed the five benchmark and NIST test.

Download Full-text

Investigating Brute Force Attack Patterns in IoT Network

Journal of Electrical and Computer Engineering ◽

10.1155/2019/4568368 ◽

2019 ◽

Vol 2019 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Deris Stiawan ◽

Mohd. Yazid Idris ◽

Reza Firsandaya Malik ◽

Siti Nurmaini ◽

Nizar Alsharif ◽

...

Keyword(s):

Brute Force ◽

File Transfer ◽

Iot Security ◽

Insider Attack ◽

Attack Pattern ◽

Internal Network ◽

Attack Patterns ◽

Iot Devices ◽

Set Up ◽

Brute Force Attack

Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation.

Download Full-text

A Bio-Crypto Protocol for Password Protection Using ECC

Bulletin of Electrical Engineering and Informatics ◽

10.11591/eei.v4i1.318 ◽

2015 ◽

Vol 4 (1) ◽

pp. 67-72

Author(s):

Srinivasan Nagaraj ◽

G.V.S.P. Raju ◽

G Apparao ◽

B. Kishore

Keyword(s):

Low Cost ◽

Brute Force ◽

Public And Private ◽

Voice Input ◽

Cryptographic Keys ◽

Password Protection ◽

Brute Force Attack ◽

High Level ◽

Voice Biometrics ◽

The Voice

In information security the following security parameters like, integrity , non repudiation and confidentiality , authentication must be satisfied. To avoid thievery of organization resources it needs be secured in more efficient way and there is always demand for different levels of security attacks include virus , brute force and Eveadroper in business that organizations make use of voice biometrics an attractive low-cost. Voice biometrics is the cheapest among the other biometrics and used all levels for management to buy readily available metric and it is the way of identifying individuals remotely with high level of accuracy . In this work, we have been designed a new password- authentication approach that provides security using voice biometrics for authentication and uses the device itself into an authenticator which uses voice itself as its passwords and we are primarily interested in keys that can be temporally reproduced on the same device from the same user’s voice. Public and private keys are generated randomly from the user's voice and stored in the voice file(.wav).This Method uses voice recognition , include the operation of register( recording feature ) or voice prints and storing of one or more voice passwords into the database. It uses ECDSA to perform the authentication process that matching the voice sample with the database. The recognition, entity makes the database to decide that the sample is matched to perform an operation or not. Our proposed approach generates cryptographic keys from voice input itself and this algorithm developed an adhoc basis. It can effectively defend attacks specially brute force attack in system networks.

Download Full-text

Enhanced Data Security using Integrated Secret Key with Panagram Series

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f1217.0986s319 ◽

2019 ◽

Vol 8 (6S3) ◽

pp. 1259-1262

Keyword(s):

Data Security ◽

Stream Cipher ◽

Vital Role ◽

Brute Force ◽

Secret Key ◽

Text Format ◽

Common Value ◽

Cipher Text ◽

Single Character ◽

Brute Force Attack

In this fast moving world, communication among several systems via networks plays a vital role. It is significant to secure Data for a classified transmission. It becomes indispensable to protect information from unconstitutional users. The Existing system uses a common value shared between sender and the receiver. Parent string is arranged in ASCII order, therefore same cipher value is generated for a single character at every instance making brute force attack possible. The proposed system aims at the secured transmission of data in text format between the sender and the receiver. The system uses synchronous stream cipher for the secured transmission of data. The system uses algorithm that is integrated with a series of keys adding to which the message can be encrypted and by using this algorithm the cipher text is decrypted on the receiver end. A pangram is chosen as parent string, so that random cipher values are generated at every instance thereby making brute force attack impossible. The key value is generated by Tribonacci multiplication which uses a prime factor impossible for the hacker to trace the key using traffic analysis. The system remains secured as the secret key of the existing system is replaced with a series of hash value that are self generated by the built-in module in the sender and receiver.

Download Full-text

Resetting Your Password Is Vulnerable: A Security Study of Common SMS-Based Authentication in IoT Device

Wireless Communications and Mobile Computing ◽

10.1155/2018/7849065 ◽

2018 ◽

Vol 2018 ◽

pp. 1-15 ◽

Cited By ~ 2

Author(s):

Dong Wang ◽

Xiaosong Zhang ◽

Jiang Ming ◽

Ting Chen ◽

Chao Wang ◽

...

Keyword(s):

Short Message ◽

Brute Force ◽

Authentication Code ◽

Prototype Tool ◽

Important Target ◽

Smart Watch ◽

Message Service ◽

Iot Devices ◽

Brute Force Attack ◽

Security Study

Firmware vulnerability is an important target for IoT attacks, but it is challenging, because firmware may be publicly unavailable or encrypted with an unknown key. We present in this paper an attack on Short Message Service (SMS for short) authentication code which aims at gaining the control of IoT devices without firmware analysis. The key idea is based on the observation that IoT device usually has an official application (app for short) used to control itself. Customer needs to register an account before using this app, phone numbers are usually suggested to be the account name, and most of these apps have a common feature, called Reset Your Password, that uses an SMS authentication code sent to customer phone to authenticate the customer when he forgot his password. We found that an attacker can perform brute-force attack on this SMS authentication code automatically by overcoming several challenges, then he can steal the account to gain the control of IoT devices. In our research, we have implemented a prototype tool, called SACIntruder, to enable performing such brute-force attack test on IoT devices automatically. We evaluated it and successfully found 12 zero-day vulnerabilities including smart lock, sharing car, smart watch, smart router, etc. We also discussed how to prevent this attack.

Download Full-text

Implementing IoT Lottery on Data Encryption Standard

Journal of Communications ◽

10.12720/jcm.15.10.735-740 ◽

2020 ◽

pp. 735-740

Author(s):

Mohammed M. Alani ◽

◽

Muath Alrammal ◽

Munir Naveed

Keyword(s):

Cluster Size ◽

Data Encryption ◽

Brute Force ◽

Data Encryption Standard ◽

The Past ◽

Security Challenges ◽

Iot Devices ◽

Brute Force Attack

As the number of IoT devices grow rapidly, and soon to exceed 40 billion, security challenges grow rapidly as well. One challenge proven to wreak havoc in the past few years is the use of IoT devices as attacking tools. This paper presents the results of implementing a brute-force attack on Data Encryption Standard using clusters of IoT devices. The implementation presented was successful. Results have shown that a cluster size of 200 IoT devices was able on average to find the key within 350 seconds. Another experiment of a cluster of 2000 IoT devices succeeded in finding the key within 0.015 seconds.

Download Full-text

A secure image permutation–substitution framework based on chaos and compressive sensing

International Journal of Distributed Sensor Networks ◽

10.1177/1550147720912949 ◽

2020 ◽

Vol 16 (3) ◽

pp. 155014772091294

Author(s):

Rui Zhang ◽

Di Xiao

Keyword(s):

Compressive Sensing ◽

Imaging System ◽

Image Acquisition ◽

Random Projection ◽

Brute Force ◽

Simulation Experiments ◽

Key Space ◽

Brute Force Attack ◽

High Level ◽

Known Plaintext Attack

Existing secure image acquisition works based on compressive sensing, viewing compressive sensing–based imaging system as a symmetric cryptosystem, can only achieve asymptotic spherical security denoting that the ciphertext only leaks information about the energy of plaintext. Thereby, compressive sensing–based secure image acquisition systems usually work in some scenarios of friendly attack, such as brute-force attack for the entire key space and ciphertext-only attack for the complete plaintext. In this article, a novel permutation–confusion strategy using chaos and compressive sensing is put forward to protect the privacy-crucial images from more threatening malicious attacks, including known-plaintext attack and chosen-plaintext attack. Security guarantee is provided by one-time random projection of compressive sensing, sample-level permutation, and bit-level substitution. It is noteworthy that double confidentiality is embedded in compressive sensing–based image acquisition process using the key-related measurement matrix and sparsifying basis and the randomicity is improved. Simulation experiments and security analyses suggest that the proposed framework can achieve a high-level security and the performance of image reconstruction can be distinctly improved.

Download Full-text

Hardware-Based Physical Layer Security Solutions and Algorithms for Iot Devices on FPGA Platform

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.c8752.019320 ◽

2020 ◽

Vol 9 (3) ◽

pp. 2128-2132

Keyword(s):

Physical Layer Security ◽

Communication Systems ◽

Physical Layer ◽

Security Mechanism ◽

Hardware Platform ◽

Iot Applications ◽

Cryptographic Algorithms ◽

Iot Devices ◽

High Level

The Physical Layer Security mechanism has emerged as a powerful concept that can provide high-level security and can even replace encryption oriented schemes, which necessitate various difficulties and practical challenges for future communication systems (e.g., IoT). Therefore, the critical goal of this work is to enhance the security performance at IoT and prevent the network from various eavesdropping attacks. In this Manuscript, analyze the hardware-based Physical Layer Security solutions and suitable cryptographic Algorithms for IoT applications. The Cryptographical Algorithms include AES, DES, Light Encryption Devices (LED), PRESENT, Extended Tiny Encryption Device (XTEA) are analyzed on the Hardware platform. The Hardware constraints like Area, Frequency, Latency Throughput, and efficiency are evaluated on FPGA devices.

Download Full-text

Virtualizing AI at the Distributed Edge Towards Intelligent IoT Applications

Journal of Sensor and Actuator Networks ◽

10.3390/jsan10010013 ◽

2021 ◽

Vol 10 (1) ◽

pp. 13

Author(s):

Claudia Campolo ◽

Giacomo Genovese ◽

Antonio Iera ◽

Antonella Molinaro

Keyword(s):

Resource Constraints ◽

Smart Cities ◽

Traditional Approach ◽

Low Cost ◽

Iot Applications ◽

Software And Hardware ◽

Iot Devices ◽

Consumer Devices ◽

Hardware Platforms ◽

Smart Factories

Several Internet of Things (IoT) applications are booming which rely on advanced artificial intelligence (AI) and, in particular, machine learning (ML) algorithms to assist the users and make decisions on their behalf in a large variety of contexts, such as smart homes, smart cities, smart factories. Although the traditional approach is to deploy such compute-intensive algorithms into the centralized cloud, the recent proliferation of low-cost, AI-powered microcontrollers and consumer devices paves the way for having the intelligence pervasively spread along the cloud-to-things continuum. The take off of such a promising vision may be hurdled by the resource constraints of IoT devices and by the heterogeneity of (mostly proprietary) AI-embedded software and hardware platforms. In this paper, we propose a solution for the AI distributed deployment at the deep edge, which lays its foundation in the IoT virtualization concept. We design a virtualization layer hosted at the network edge that is in charge of the semantic description of AI-embedded IoT devices, and, hence, it can expose as well as augment their cognitive capabilities in order to feed intelligent IoT applications. The proposal has been mainly devised with the twofold aim of (i) relieving the pressure on constrained devices that are solicited by multiple parties interested in accessing their generated data and inference, and (ii) and targeting interoperability among AI-powered platforms. A Proof-of-Concept (PoC) is provided to showcase the viability and advantages of the proposed solution.

Download Full-text