Defeating MITM Attacks on Cryptocurrency Exchange Accounts with Individual User Keys

Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks on cryptocurrency exchange accounts. In this scheme, a separate public and private key pair is assigned to every account and the public key is shifted either forward or backward on the elliptic curve by a difference of the account user’s password. When a user logs into his account, the server sends the shifted public key of his account. The user computes the actual public key of his account by reverse shifting the shifted public key exactly by a difference of his password. Alternatively, shifting can be applied to the user’s generator instead of the public key. Described in detail is as to how aman-in-the-middle attack takes place and how the proposed scheme defeats the attack. Provided detailed security analysis in both the cases of publickey shifting and generator shifting. Further, compared the effectiveness of another three authentication schemes in defending passwords against MITM attacks.

Download Full-text

A CUBIC EL-GAMAL ENCRYPTION SCHEME BASED ON LUCAS SEQUENCE AND ELLIPTIC CURVE

Advances in Mathematics: Scientific Journal ◽

10.37418/amsj.10.11.5 ◽

2021 ◽

Vol 10 (11) ◽

pp. 3439-3447

Author(s):

T. J. Wong ◽

L. F. Koo ◽

F. H. Naning ◽

A. F. N. Rasedee ◽

M. M. Magiman ◽

...

Keyword(s):

Elliptic Curve ◽

Elliptic Curve Cryptography ◽

Mathematical Problem ◽

Public Key ◽

Public Key Cryptosystem ◽

Encryption Scheme ◽

Secret Key ◽

Chosen Plaintext Attack ◽

The Public ◽

Lucas Sequence

The public key cryptosystem is fundamental in safeguard communication in cyberspace. This paper described a new cryptosystem analogous to El-Gamal encryption scheme, which utilizing the Lucas sequence and Elliptic Curve. Similar to Elliptic Curve Cryptography (ECC) and Rivest-Shamir-Adleman (RSA), the proposed cryptosystem requires a precise hard mathematical problem as the essential part of security strength. The chosen plaintext attack (CPA) was employed to investigate the security of this cryptosystem. The result shows that the system is vulnerable against the CPA when the sender decrypts a plaintext with modified public key, where the cryptanalyst able to break the security of the proposed cryptosystem by recovering the plaintext even without knowing the secret key from either the sender or receiver.

Download Full-text

Multimedia Transcoding in Wireless and Mobile Networks

Multimedia Transcoding in Mobile and Wireless Networks ◽

10.4018/978-1-59904-984-7.ch015 ◽

2011 ◽

pp. 281-306

Author(s):

Shadi R. Masadeh ◽

Walid K. Salameh

Keyword(s):

Mobile Networks ◽

Data Exchange ◽

Public Key Cryptography ◽

Public Key ◽

Public And Private ◽

The Public ◽

Private Key ◽

Communications Systems ◽

Free Air ◽

Intended Receiver

This chapter presents a keyless self-encrypting/decrypting system to be used in various communications systems. In the world of vast communications systems, data flow through various kinds of media, including free air. Thus the information transmitted is free to anyone who can peer it, which means that there should be a guarding mechanism so the information is transmitted securely over the medium from the sender to the intended receiver, who is supposed to get it in the first place and deter the others from getting the information sent. Many encryption systems have been devised for this purpose, but most of them are built around Public Key Infrastructure (PKI) wherein public key cryptography, a public and private key, is created simultaneously using the same algorithm (a popular one is known as RSA) by a certificate authority (CA). The private key is given only to the requesting party, and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the medium. All of the commonly used encryption systems exchange keys that need to be generated using complex mathematical operations that take noticeable time, which is sometimes done once, and exchanged openly over unsecured medium. We are proposing an expandable keyless self-encrypting/decrypting system, which does not require the use of keys in order o minimize the chances of breaching data exchange security and enhance the data security of everyday communications devices that are otherwise insecured.

Download Full-text

Factorization Hack of RSA Secret Numbers

10.31227/osf.io/xmhpy ◽

2017 ◽

Author(s):

Andysah Putera Utama Siahaan

Keyword(s):

Factorization Method ◽

Prime Numbers ◽

Public Key ◽

Public And Private ◽

The Public ◽

Private Key

RSA always uses two big prime numbers to deal with the encryption process. The public key is obtained from the multiplication of both figures. However, we can break it by doing factorization to split the public key into two individual numbers. Cryptanalysis can perform the public key crack by knowing its value. The private key will be soon constructed after the two numbers retrieved. The public key is noted as “N”, while "N = P * Q". This technique is unclassified anymore to solve the RSA public and private key. If it is successfully factored into p and q then ɸ (N) = (P-1) * (Q-1) can be further calculated. By having the public key e, the private key d will be solved. Factorization method is the best way to do the demolition. This study concerns to numbers factorization. GCD calculation will produce the encryption "E" and decryption "D" keys, but it depends on the computer speed.

Download Full-text

An Anonymous and Efficient ECC-Based Authentication Scheme for SIP

Wireless Communications and Mobile Computing ◽

10.1155/2020/8886585 ◽

2020 ◽

Vol 2020 ◽

pp. 1-11

Author(s):

Yousheng Zhou ◽

Xinyun Chen

Keyword(s):

Performance Analysis ◽

Elliptic Curve ◽

Elliptic Curve Cryptography ◽

Mutual Authentication ◽

Security Analysis ◽

Impersonation Attack ◽

Authentication Schemes ◽

And Performance ◽

Secure Authentication ◽

Key Compromise Impersonation

Session initiation protocol (SIP), a widely used signal protocol for controlling multimedia communication sessions, is under numerous attacks when performing the authentication steps between the user and server. So secure authentication schemes are needed to be presented for SIP. Recently, Arshad et al. advanced novel schemes for SIP using elliptic curve cryptography (ECC) and claimed their schemes can resist various attacks. However, Lu et al. found that Arshad et al.’s scheme cannot resist trace and key-compromise impersonation attacks; hence, it cannot provide proper mutual authentication. Meanwhile, an enhanced scheme was advanced by Lu et al. and they stated that their scheme can stand up to possible known attacks. Nevertheless, in this paper, we conclude that Arshad and Nikooghadam’s scheme is insecure against impersonation attack and Lu et al.’s scheme is still vulnerable to impersonation attack. To overcome these weaknesses of their schemes, we present a novel anonymous ECC-based scheme for SIP. Security analysis and performance analysis show that our proposed scheme can resist various known attacks and efficient in the meantime.

Download Full-text

A CUBIC EL-GAMAL ENCRYPTION SCHEME BASED ON LUCAS SEQUENCE AND ELLIPTIC CURVE

Advances in Mathematics: Scientific Journal ◽

10.37418/amsj.10.111.5 ◽

2021 ◽

Vol 10 (11) ◽

pp. 3439-3447

Author(s):

T. J. Wong ◽

L. F. Koo ◽

F. H. Naning ◽

A. F. N. Rasedee ◽

M. M. Magiman ◽

...

Keyword(s):

Elliptic Curve ◽

Elliptic Curve Cryptography ◽

Mathematical Problem ◽

Public Key ◽

Public Key Cryptosystem ◽

Encryption Scheme ◽

Secret Key ◽

Chosen Plaintext Attack ◽

The Public ◽

Lucas Sequence

Download Full-text

Penerapan Kriptografi RSA Dalam Mengamankan File Teks Berbasis PHP

JURNAL TEKNOLOGI INFORMASI ◽

10.36294/jurti.v2i1.407 ◽

2018 ◽

Vol 2 (1) ◽

pp. 45

Author(s):

Dicky Apdilah ◽

Heru Swanda

Keyword(s):

Data Storage ◽

Prime Numbers ◽

Public Key ◽

Random Numbers ◽

Public And Private ◽

The Public ◽

Human Needs ◽

Private Key ◽

Use Of Technology ◽

Linear Congruential

Abstract - Along with the development of communication technology human needs in the use of technology are increasing, especially in data storage. One way to improve security for data is by using cryptographic methods. RSA Algorithm (Rivest Shamir Adleman) is one method in the branch of cryptography, where RSA is a type of asymmetric cryptography that uses 2 keys, namely public and private keys. The problem of increasing the security of the public key and private key in RSA (Rivest Shamir Adlema) is that the Linear Congruential Generator (LCG) method is needed, LCG is used to generate a set of random numbers to n, where a set of random numbers will be taken that have a number value prime. One method for generating prime numbers is The Sieve Of Eratosthenes algorithm, The Sieve Of Eratosthenes algorithm is a classic algorithm for determining all prime numbers until the n-number is specified. The way the The Sieve Of Eratosthenes method works is to eliminate numbers that are not prime numbers, resulting in a collection of prime numbers. The prime number generated by the The Sieve Of Eratosthenes algorithm will be used for the public key and private key in the RSA criterion. Keywords - RSA, LCG, The Sieve of Eratosthenes.

Download Full-text

Implementation Methodology of ECC to Overcome Side Channel Attacks

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.27.17989 ◽

2018 ◽

Vol 7 (3.27) ◽

pp. 421

Author(s):

M Maheswari ◽

R A. Karthika ◽

Anuska Chatterjee

Keyword(s):

Elliptic Curve ◽

Elliptic Curve Cryptography ◽

Public Key Cryptography ◽

Public Key ◽

Side Channel ◽

Side Channel Attacks ◽

Private Key ◽

Wide Range ◽

Cryptographic Algorithms ◽

Implementation Methodology

Elliptic Curve Cryptography (ECC) is a form of public-key cryptography. This implies that there is the involvement of a private key and a public key for the purpose of cryptography. ECC can be used for a wide range of applications. The keys used are much smaller than the non-ECC cryptographic algorithms. 256 bit and 384 bit ECC are used by NSA for storage of classified intel as ECC is considered to be a part of suit B cryptography by the NSA. When it comes to normal usage, other versions of ECC are used. So, many of the applications protected by ECC are vulnerable to side channel attacks. So, the objective is to modify the existing method of implementation of ECC is some regular domains like media, smart grid, etc., such that the side-channel attacks [7], [3] vulnerabilities are fixed.

Download Full-text

ENKRIPSI DATA MENGGUNAKAN ADVANCED ENCRYPTION STANDART 256

Kilat ◽

10.33322/kilat.v7i2.352 ◽

2018 ◽

Vol 7 (2) ◽

pp. 91-99

Author(s):

Yudi Wiharto ◽

Ari Irawan

Keyword(s):

Data Security ◽

Computer Network ◽

Public Key ◽

Network Access ◽

Important Data ◽

Public And Private ◽

The Public ◽

Private Key ◽

Aes Algorithm ◽

Encryption And Decryption

Cryptography is important in securing data and information. Confidential, important information may not be publicly or otherwise protected. It is not impossible for anyone to see, damage, steal or misuse important data from an agency or company through a computer network. The solution is with cryptography or a method of data security that can maintain the confidentiality and authenticity of a data or information. This method is intended for confidential information when sent through network access, such as LAN or internet, cannot be utilized by unauthorized parties. Cryptography supports the aspect of information security, namely protection of confidentiality. Therefore the need to maintain the confidentiality of data and information is a cryptographic application. The process in the form of encryption and decryption used by the user to secure the data without changing the contents of the data. This application has a 32-character key but in its use is made into 2 keys, namely public and private key where the public key is the key filled by the user in accordance with the desire, while the private key is the default key entered by the application at random to meet the length of 32 characters. The AES algorithm used is the AES256 algorithm where this algorithm uses the principle with the number of rounds by key.

Download Full-text

On Security Analysis of Recent Password Authentication and Key Agreement Schemes Based on Elliptic Curve Cryptography

Journal of Technology Management for Growing Economies ◽

10.15415/jtmge.2015.61004 ◽

2015 ◽

Vol 6 (1) ◽

pp. 39-52

Author(s):

Prabhdeep Kaur ◽

Sheetal Kalra

Keyword(s):

Elliptic Curve ◽

Elliptic Curve Cryptography ◽

Smart Grids ◽

Key Agreement ◽

Mutual Authentication ◽

Security Analysis ◽

Public Key ◽

Attractive Alternative ◽

Successful Implementation ◽

Authentication And Key Agreement

Secure and efficient mutual authentication and key agreement schemes form the basis for any robust network communication system. Elliptic Curve Cryptography (ECC) has emerged as one of the most successful Public Key Cryptosystem that efficiently meets all the security challenges. Comparison of ECC with other Public Key Cryptosystems (RSA, Rabin, ElGamal) shows that it provides equal level of security for a far smaller bit size, thereby substantially reducing the processing overhead. This makes it suitable for constrained environments like wireless networks and mobile devices as well as for security sensitive applications like electronic banking, financial transactions and smart grids. With the successful implementation of ECC in security applications (e-passports, e-IDs, embedded systems), it is getting widely commercialized. ECC is simple and faster and is therefore emerging as an attractive alternative for providing security in lightweight device, which contributes to its popularity in the present scenario. In this paper, we have analyzed some of the recent password based authentication and key agreement schemes using ECC for various environments. Furthermore, we have carried out security, functionality and performance comparisons of these schemes and found that they are unable to satisfy their claimed security goals.

Download Full-text

BESTIE: Broadcast Encryption Scheme for Tiny IoT Equipment

Electronics ◽

10.3390/electronics9091389 ◽

2020 ◽

Vol 9 (9) ◽

pp. 1389

Author(s):

Jiwon Lee ◽

Jihye Kim ◽

Hyunok Oh

Keyword(s):

The Other ◽

Public Key ◽

Broadcast Encryption ◽

Encryption Scheme ◽

The Public ◽

Private Key ◽

Diffie Hellman ◽

The Standard Model ◽

Encryption Decryption ◽

Subset Difference

In public key broadcast encryption, anyone can securely transmit a message to a group of receivers such that privileged users can decrypt it. The three important parameters of the broadcast encryption scheme are the length of the ciphertext, the size of private/public key, and the performance of encryption/decryption. It is suggested to decrease them as much as possible; however, it turns out that decreasing one increases the other in most schemes. This paper proposes a new broadcast encryption scheme for tiny Internet of Things (IoT) equipment (BESTIE), minimizing the private key size in each user. In the proposed scheme, the private key size is O(logn), the public key size is O(logn), the encryption time per subset is O(logn), the decryption time is O(logn), and the ciphertext text size is O(r), where n denotes the maximum number of users, and r indicates the number of revoked users. The proposed scheme is the first subset difference-based broadcast encryption scheme to reduce the private key size O(logn) without sacrificing the other parameters. We prove that our proposed scheme is secure under q-Simplified Multi-Exponent Bilinear Diffie-Hellman (q-SMEBDH) in the standard model.

Download Full-text