scholarly journals Let’s Take it Offline: Boosting Brute-Force Attacks on iPhone’s User Authentication through SCA

2021 ◽  
pp. 496-519
Author(s):  
Oleksiy Lisovets ◽  
David Knichel ◽  
Thorben Moos ◽  
Amir Moradi
Keyword(s):  
Graphics Processing Unit ◽  
User Authentication ◽  
Realistic Model ◽  
Data Encryption ◽  
Processing Unit ◽  
Brute Force ◽  
Sensitive Data ◽  
User Data ◽  
Encryption Decryption ◽  
Brute Force Attack

In recent years, smartphones have become an increasingly important storage facility for personal sensitive data ranging from photos and credentials up to financial and medical records like credit cards and person’s diseases. Trivially, it is critical to secure this information and only provide access to the genuine and authenticated user. Smartphone vendors have already taken exceptional care to protect user data by the means of various software and hardware security features like code signing, authenticated boot chain, dedicated co-processor and integrated cryptographic engines with hardware fused keys. Despite these obstacles, adversaries have successfully broken through various software protections in the past, leaving only the hardware as the last standing barrier between the attacker and user data. In this work, we build upon existing software vulnerabilities and break through the final barrier by performing the first publicly reported physical Side-Channel Analysis (SCA) attack on an iPhone in order to extract the hardware-fused devicespecific User Identifier (UID) key. This key – once at hand – allows the adversary to perform an offline brute-force attack on the user passcode employing an optimized and scalable implementation of the Key Derivation Function (KDF) on a Graphics Processing Unit (GPU) cluster. Once the passcode is revealed, the adversary has full access to all user data stored on the device and possibly in the cloud.As the software exploit enables acquisition and processing of hundreds of millions oftraces, this work further shows that an attacker being able to query arbitrary many chosen-data encryption/decryption requests is a realistic model, even for compact systems with advanced software protections, and emphasizes the need for assessing resilience against SCA for a very high number of traces.

scholarly journals Implementation of Security Enhancement in AES by Inducting Dynamicity in AES S-Box

2019 ◽  
Vol 8 (10) ◽  
pp. 2010-2018
Keyword(s):  
Block Cipher ◽  
Data Encryption ◽  
The Novel ◽  
Brute Force ◽  
Avalanche Effect ◽  
Security Enhancement ◽  
Aes Algorithm ◽  
Dispersion Technique ◽  
Brute Force Attack ◽  
High Computational Complexity

Advance Encryption Standard (AES) supersedes Data Encryption Standard (DES) and is the best known and most widely used block cipher. As for now, there are no known practical attacks that would allow anyone to read correctly implemented AES encrypted data. However, several theoretical attacks have been announced until now. A theoretical attack called Biclique Attack is known to have broken Full AES and requires 2126.1 , 2 189.7 , 2254.4 operations to recover an AES-128, AES-192, AES-256 respectively. Biclique Attack is faster than Brute force attack by a factor of four. As such, these theoretical attacks are of high computational complexity; they do not threaten the practical use of AES in any way. However, attacks always get better; they never get worse. As the technology evolves, successful attacks (using Quantum Computing and faster GPU) against AES may turn up, and they may be difficult to ignore. In this study, we aim to enhance the security prospects of AES with the inclusion of Dynamicity character in AES S-Box for increased resilience against Brute Force Attack and Biclique Attack, and hashing technique is combined with AES algorithm to achieve variance in security using MD4, SHA3 or SHA5. The novel key dispersion technique is introduced to increase the avalanche effect of AES algorithm.

scholarly journals DATA ENCRYPTION USING XOR CIPHER

2021 ◽  
Vol 1 (63) ◽  
pp. 81-83
Author(s):  
G. Golovko ◽  
A. Matiashenko ◽  
N. Solopihin
Keyword(s):  
Data Encryption ◽  
Encryption Algorithm ◽  
Random Numbers ◽  
Main Task ◽  
Microsoft Word ◽  
Data Message ◽  
Encrypt Data ◽  
User Data ◽  
Encryption Decryption ◽  
Exclusive Disjunction

This article offers an example of using an application whose main task is to encrypt data such as files and private messages. Data encryption is performed using an encryption algorithm - xor. The XOR cipher is a data encryption algorithm using exclusive disjunction. Acquired widespread use in computer networks in the 90's due to the ease of implementation. Used to encrypt Microsoft Word documents in Windows. The XOR encryption algorithm is to "overlay" a sequence of random numbers on the text to be encrypted. A sequence of random numbers is called a gamma sequence, and is used to encrypt and decrypt data. If you use a key with a length at least equal to the length of the message, the XOR cipher becomes much more crypto-resistant than when using a duplicate key. For cryptological protection of information of the travel company Rest & Travel, EDcrypt software has been created, which performs the following functions: account login; inability to use the system without logging in to the account; notification of entering incorrect user data; message encryption; decryption of messages; the ability to select the recipient of the message; encryption of text files; decryption of text files; sending text files to selected recipients; three interface languages: English, Russian, Ukrainian

scholarly journals Unmasking Concealed 5G Privacy Identity with Machine Learning and GPU in 12 mins

2020 ◽  
Author(s):  
Vui Huang Tea
Keyword(s):  
Neural Network ◽  
Machine Learning ◽  
Privacy Protection ◽  
Privacy Preservation ◽  
Graphics Processing Unit ◽  
Processing Unit ◽  
Trained Neural Network ◽  
Brute Force Attack ◽  
Graphics Processing ◽  
3Rd Generation Partnership Project

The 3rd Generation Partnership Project (3GPP) standard for 5G telecommunications specifies privacy protection schemes to cryptographically encrypt and conceal permanent identifiers of subscribers to prevent them from being exposed and tracked by over-the-air eavesdroppers. However, conventional privacy-preserving protocols and architectures alone are insufficient to protect subscriber privacy as they are vulnerable to new types of attacks due to the utilization of the emerging technologies such artificial intelligence (AI). A conventional brute force attack to unmask concealed 5G identity using a CPU would require ~877 million years. This paper presents an apparatus using machine learning (ML) and a graphics processing unit (GPU) that is able to unmask a concealed 5G identity in ~12 minutes with an untrained neural-network, or ~0.015 milliseconds with a pre-trained neural-network. The 5G concealed identities are effectively identified without requiring decryption, hence severely diminishing the level of privacy-preservation. Finally, several ML defence countermeasures are proposed to re-establish privacy protection in 5G identity.

scholarly journals Security and Privacy Issues of IoT at Fog Layer Architecture

2021 ◽  
Author(s):  
Vinay Michael
Keyword(s):  
Data Encryption ◽  
Security And Privacy ◽  
Delivery Ratio ◽  
User Privacy ◽  
Sensitive Data ◽  
Limited Bandwidth ◽  
Cipher Text ◽  
Computational Overhead ◽  
Encryption And Decryption ◽  
Encryption Decryption

Abstract Internet of Things (IoT) based applications and systems are gaining attention in the recent days because of their vast benefits such as efficient utilization of resources, enhanced data collection, improved security, lesser human efforts and reduced time. Security of sensitive data in IoT based fog environments is inevitable to prevent those data to be misused by the attackers. In this study, we present an improved hybrid algorithm termed as HQCP-ABE (Hybrid Quantum key Cipher text Policy Attribute based Encryption with Cipher text update) that integrates highly effective algorithms such as CP-ABE, Quantum key cryptography and cipher text update. The proposed algorithm eliminates the need of costly pairing during decryptions and efficiently performs data encryption, decryption and user authorization. The proposed protocol is demonstrated to be highly efficient in terms of encryption and decryption while compared to other existing methods. It also achieves lesser packet loss, reduced control overheads, reduced computational overhead during encryption and decryption processes, lesser delay, improved security, packet delivery ratio, throughput, network lifetime with limited bandwidth and user privacy. We further considered energy consumption in this study. The proposed HQCP-ABE method is demonstrated using ns3 simulation and compared with existing CP-ABE and PA-CPABE methods.

Certification and Security Issues in Biomedical Grid Portals

2013 ◽  
pp. 1377-1399
Author(s):  
Charalampos Doukas ◽  
Ilias Maglogiannis ◽  
Aristotle Chatziioannou
Keyword(s):  
Web Service ◽  
User Authentication ◽  
Data Encryption ◽  
Proper Function ◽  
Sensitive Data ◽  
Web Based ◽  
Security Issues ◽  
Web Service Security ◽  
Security Infrastructure ◽  
Secure Authentication

User authentication and data security are very important aspects for the deployment and proper function of biomedical grid portals, since both sensitive data issues and controlled access to grid resources must be addressed. This chapter discusses certification and security issues in biomedical grid portals and presents the security infrastructure of GRISSOM (Grids for In Silico Systems biology and Medicine) platform. The platform consists of a web-based portal and a Web Service that enables statistical analysis of microarray cDNA data with the use of EGEE Grid infrastructure. The security infrastructure addresses user authentication and access issues, data encryption, Grid secure access and Web Service Security. The appendix of the chapter contains code snapshots on how to implement secure authentication in Web Services and create user SSL certificates on demand.

PARTIALLY PIPELINED VLSI IMPLEMENTATION OF BLOWFISH ENCRYPTION/DECRYPTION ALGORITHM

2010 ◽  
Vol 10 (03) ◽  
pp. 327-341 ◽  
Author(s):  
P. KARTHIGAIKUMAR ◽  
K. BASKARAN
Keyword(s):  
Scenario Analysis ◽  
Hardware Implementation ◽  
Third Party ◽  
Brute Force ◽  
Case Scenario ◽  
Worst Case ◽  
Quantum Transmission ◽  
Cryptographic Algorithm ◽  
Encryption Decryption ◽  
Brute Force Attack

Information security has always been important in all aspects of life as technology controls various operations. Cryptography provides a layer of security in cases where the medium of transmission is susceptible to interception, by translating a message into a form that cannot be read by an unauthorized third party. All non-quantum transmission media known today are capable of being intercepted in one way or another. This paper seeks to implement a novel partial pipelined, robust architecture of Blowfish algorithm in hardware. Blowfish algorithm has no known cryptanalysis. The best proven attack against Blowfish till date is an exhaustive brute-force attack. This makes Blowfish an attractive cryptographic algorithm since it is not susceptible to any reasonable attack. The hardware implementation of Blowfish would be a powerful tool for any mobile device, or any technology requiring strong encryption. The proposed design uses the core_slow library for worst-case scenario analysis and attains an incredible encryption speed of 2670 MBits/sec and decryption speed of 2642 MBits/sec. The area is 5986 LUT's and the power is a mere 77 mW.

scholarly journals Implementation of Security Enhancement in AES by Inducting Dynamicity in AES S-Box

2019 ◽  
Vol 8 (11) ◽  
pp. 2364-2373
Keyword(s):  
Block Cipher ◽  
Data Encryption ◽  
The Novel ◽  
Brute Force ◽  
Avalanche Effect ◽  
Security Enhancement ◽  
Aes Algorithm ◽  
Dispersion Technique ◽  
Brute Force Attack ◽  
High Computational Complexity

Advance Encryption Standard (AES) supersedes Data Encryption Standard (DES) and is the best known and most widely used block cipher. As for now, there are no known practical attacks that would allow anyone to read correctly implemented AES encrypted data. However, several theoretical attacks have been announced until now. A theoretical attack called Biclique Attack is known to have broken Full AES and requires 2126.1 , 2189.7 , 2254.4 operations to recover an AES-128, AES-192, AES-256 respectively. Biclique Attack is faster than Brute force attack by a factor of four. As such, these theoretical attacks are of high computational complexity; they do not threaten the practical use of AES in any way. However, attacks always get better; they never get worse. As the technology evolves, successful attacks (using Quantum Computing and faster GPU) against AES may turn up, and they may be difficult to ignore. In this study, we aim to enhance the security prospects of AES with the inclusion of Dynamicity character in AES S-Box for increased resilience against Brute Force Attack and Biclique Attack, and hashing technique is combined with AES algorithm to achieve variance in security using MD4, SHA3 or SHA5. The novel key dispersion technique is introduced to increase the avalanche effect of AES algorithm.

scholarly journals Implementing IoT Lottery on Data Encryption Standard

2020 ◽  
pp. 735-740
Author(s):  
Mohammed M. Alani ◽  
◽  
Muath Alrammal ◽  
Munir Naveed
Keyword(s):  
Cluster Size ◽  
Data Encryption ◽  
Brute Force ◽  
Data Encryption Standard ◽  
The Past ◽  
Security Challenges ◽  
Iot Devices ◽  
Brute Force Attack

As the number of IoT devices grow rapidly, and soon to exceed 40 billion, security challenges grow rapidly as well. One challenge proven to wreak havoc in the past few years is the use of IoT devices as attacking tools. This paper presents the results of implementing a brute-force attack on Data Encryption Standard using clusters of IoT devices. The implementation presented was successful. Results have shown that a cluster size of 200 IoT devices was able on average to find the key within 350 seconds. Another experiment of a cluster of 2000 IoT devices succeeded in finding the key within 0.015 seconds.

scholarly journals Research and Development of User Authentication using Graphical Passwords: A Prospective Methodology

2019 ◽  
Vol 8 (9S3) ◽  
pp. 385-390
Keyword(s):  
User Authentication ◽  
Brute Force ◽  
Computer User ◽  
Dictionary Attack ◽  
Password Authentication ◽  
Graphical Password ◽  
Graphical Passwords ◽  
A New Technique ◽  
Guessing Attack ◽  
Brute Force Attack

Nowadays in information security user authentication is a very important task. In most of the computer, user authentication depends on the alphanumeric username and password. It means text-based password. But, this is not highly secure because of hackers can easily break the password. Brute force attack, dictionary attack, guessing attack etc. these all are some possible attacks on the password. If the user chooses a difficult password to prevent the system from the attackers which is very much harder for the user to remember such a difficult password. So, to resolve this problem introduced a new technique called graphical password authentication. This paper presents a detailed survey of user authentication techniques using a graphical password. It contains basically two type approaches. They are recognition-based and recall-based approaches. This survey discusses the different techniques about Graphical password authentication and their advantages and limitations. The survey provides a roadmap for the development of new graphical authentication scheme.

Certification and Security Issues in Biomedical Grid Portals

2011 ◽  
pp. 174-196
Author(s):  
Charalampos Doukas ◽  
Ilias Maglogiannis ◽  
Aristotle Chatziioannou
Keyword(s):  
Web Service ◽  
User Authentication ◽  
Data Encryption ◽  
Proper Function ◽  
Sensitive Data ◽  
Web Based ◽  
Security Issues ◽  
Web Service Security ◽  
Security Infrastructure ◽  
Secure Authentication

User authentication and data security are very important aspects for the deployment and proper function of biomedical grid portals, since both sensitive data issues and controlled access to grid resources must be addressed. This chapter discusses certification and security issues in biomedical grid portals and presents the security infrastructure of GRISSOM (Grids for In Silico Systems biology and Medicine) platform. The platform consists of a web-based portal and a Web Service that enables statistical analysis of microarray cDNA data with the use of EGEE Grid infrastructure. The security infrastructure addresses user authentication and access issues, data encryption, Grid secure access and Web Service Security. The appendix of the chapter contains code snapshots on how to implement secure authentication in Web Services and create user SSL certificates on demand.

Sign in / Sign up

Export Citation Format

Share Document