Revisiting silk: a lens-free optical physical unclonable function

For modern security, devices, individuals, and communications require unprecedentedly unique identifiers and cryptographic keys. One emerging method for guaranteeing digital security is to take advantage of a physical unclonable function. Surprisingly, native silk, which has been commonly utilized in everyday life as textiles, can be applied as a unique tag material, thereby removing the necessary apparatus for optical physical unclonable functions, such as an objective lens or a coherent light source. Randomly distributed fibers in silk generate spatially chaotic diffractions, forming self-focused spots on the millimeter scale. The silk-based physical unclonable function has a self-focusing, low-cost, and eco-friendly feature without relying on pre-/post-process for security tag creation. Using these properties, we implement a lens-free, optical, and portable physical unclonable function with silk identification cards and study its characteristics and reliability in a systemic manner. We further demonstrate the feasibility of the physical unclonable functions in two modes: authentication and data encryption.

An analysis of the possibility of realization steganography in C#

The computing power of modern computers is sufficient to break many cryptographic keys, therefore it is necessary to create an additional security layer which hides the very fact of transmitting a secret message. For this purpose, steganographic methods can be used. The article is devoted to the analysis of the possibility of implementing digital images steganography with the use of the C # programming language. Firstly, existing libraries and mathematical transformations which can help with performing steganography were found. Also, own code solutions were implemented. In order to objectively evaluate the methods of data hiding, the parameters describing the degree of distortion of transforms and hidden images were calculated. Subsequently, optimal solutions for specific problems were identified and demonstrational data hiding was performed. Based on the obtained results, it can be concluded that it is possible to successfully implement steganography in the C # language. There are many ready-made libraries and tools, the effectiveness of which has been verified in the conducted analysis. Due to the contradictory of stenographic requirements, it is not possible to meet all of them optimally, i.e. undetectability, resistance to destruction and information capacity. For this reason, it is not possible to clearly indicate the best solutions. In order to achieve satisfactory results, one should look for compromises between the set requirements.

Computational Cryptography

The area of computational cryptography is dedicated to the development of effective methods in algorithmic number theory that improve implementation of cryptosystems or further their cryptanalysis. This book is a tribute to Arjen K. Lenstra, one of the key contributors to the field, on the occasion of his 65th birthday, covering his best-known scientific achievements in the field. Students and security engineers will appreciate this no-nonsense introduction to the hard mathematical problems used in cryptography and on which cybersecurity is built, as well as the overview of recent advances on how to solve these problems from both theoretical and practical applied perspectives. Beginning with polynomials, the book moves on to the celebrated Lenstra–Lenstra–Lovász lattice reduction algorithm, and then progresses to integer factorization and the impact of these methods to the selection of strong cryptographic keys for usage in widely used standards.

Lessons Learned: Analysis of PUF-based Authentication Protocols for IoT

The service of authentication constitutes the spine of all security properties. It is the phase where entities prove their identities to each other and generally establish and derive cryptographic keys to provide confidentiality, data integrity, non-repudiation, and availability. Due to the heterogeneity and the particular security requirements of IoT (Internet of Things), developing secure, low-cost, and lightweight authentication protocols has become a serious challenge. This has excited the research community to design and develop new authentication protocols that meet IoT requirements. A recent technology, called PUFs (Physical Unclonable Functions), has been the subject of many subsequent publications on lightweight, low-cost, and secure-by-design authentication protocols. This has turned our attention to investigate the most recent PUF-based authentication protocols for IoT. In this paper, we review the security of these protocols. We first provide the necessary background on PUFs, their types, and related attacks. Also, we discuss how PUFs are used for authentication. Then, we analyze the security of PUF-based authentication protocols to identify and report common security issues and design flaws, as well as to provide recommendations for future authentication protocol designers.

Participative Decision Making and the Sharing of Benefits: Laws, ethics, and data protection for building extended global communities

Transdisciplinary and cross-cultural cooperation and collaboration are needed to build extended, densely interconnected information resources. These are the prerequisites for the successful implementation and execution of, for example, an ambitious monitoring framework accompanying the post-2020 Global Biodiversity Framework (GBF) of the Convention on Biological Diversity (CBD; SCBD 2021). Data infrastructures that meet the requirements and preferences of concerned communities can focus and attract community involvement, thereby promoting participatory decision making and the sharing of benefits. Community acceptance, in turn, drives the development of the data resources and data use. Earlier this year, the alliance for biodiversity knowledge (2021a) conducted forum-based consultations seeking community input on designing the next generation of digital specimen representations and consequently enhanced infrastructures. The multitudes of connections that arise from extending the digital specimen representations through linkages in all “directions” will form a powerful network of information for research and application. Yet, with the power of an extended, accessible data network comes the responsibility to protect sensitive information (e.g., the locations of threatened populations, culturally context-sensitive traditional knowledge, or businesses’ fundamental data and infrastructure assets). In addition, existing legislation regulates access and the fair and equitable sharing of benefits. Current negotiations on ‘Digital Sequence Information’ under the CBD suggest such obligations might increase and become more complex in the context of extensible information networks. For example, in the case of data and resources funded by taxpayers in the EU, such access should follow the general principle of being “as open as possible; as closed as is legally necessary” (cp. EC 2016). At the same time, the international regulations of the CBD Nagoya Protocol (SCBD 2011) need to be taken into account. Summarizing main outcomes from the consultation discussions in the forum thread “Meeting legal/regulatory, ethical and sensitive data obligations” (alliance for biodiversity knowledge 2021b), we propose a framework of ten guidelines and functionalities to achieve community building and drive application: Substantially contribute to the conservation and protection of biodiversity (cp. EC 2020). Use language that is CBD conformant. Show the importance of the digital and extensible specimen infrastructure for the continuing design and implementation of the post-2020 GBF, as well as the mobilisation and aggregation of data for its monitoring elements and indicators. Strive to openly publish as much data and metadata as possible online. Establish a powerful and well-thought-out layer of user and data access management, ensuring security of ‘sensitive data’. Encrypt data and metadata where necessary at the level of an individual specimen or digital object; provide access via digital cryptographic keys. Link obligations, rights and cultural information regarding use to the digital key (e.g. CARE principles (Carroll et al. 2020), Local Context-labels (Local Contexts 2021), licenses, permits, use and loan agreements, etc.). Implement a transactional system that records every transaction. Amplify workforce capacity across the digital realm, its work areas and workflows. Do no harm (EC 2020): Reduce the social and ecological footprint of the implementation, aiming for a long-term sustainable infrastructure across its life-cycle, including development, implementation and management stages. Substantially contribute to the conservation and protection of biodiversity (cp. EC 2020). Use language that is CBD conformant. Show the importance of the digital and extensible specimen infrastructure for the continuing design and implementation of the post-2020 GBF, as well as the mobilisation and aggregation of data for its monitoring elements and indicators. Strive to openly publish as much data and metadata as possible online. Establish a powerful and well-thought-out layer of user and data access management, ensuring security of ‘sensitive data’. Encrypt data and metadata where necessary at the level of an individual specimen or digital object; provide access via digital cryptographic keys. Link obligations, rights and cultural information regarding use to the digital key (e.g. CARE principles (Carroll et al. 2020), Local Context-labels (Local Contexts 2021), licenses, permits, use and loan agreements, etc.). Implement a transactional system that records every transaction. Amplify workforce capacity across the digital realm, its work areas and workflows. Do no harm (EC 2020): Reduce the social and ecological footprint of the implementation, aiming for a long-term sustainable infrastructure across its life-cycle, including development, implementation and management stages. Balancing the needs for open access, as well as protection, accountability and sustainability, the framework is designed to function as a robust interface between the (research) infrastructure implementing the extensible network of digital specimen representations, and the myriad of applications and operations in the real world. With the legal, ethical and data protection layers of the framework in place, the infrastructure will provide legal clarity and security for data providers and users, specifically in the context of access and benefit sharing under the CBD and its Nagoya Protocol. Forming layers of protection, the characteristics and functionalities of the framework are envisioned to be flexible and finely-grained, adjustable to fulfill the needs and preferences of a wide range of stakeholders and communities, while remaining focused on the protection and rights of the natural world. Respecting different value systems and national policies, the framework is expected to allow a divergence of views to coexist and balance differing interests. Thus, the infrastructure of the digital extensible specimen network is fair and equitable to many providers and users. This foundation has the capacity and potential to bring together the diverse global communities using, managing and protecting biodiversity.

An Implementation Suite for a Hybrid Public Key Infrastructure

Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

A Configurable RO-PUF for Securing Embedded Systems Implemented on Programmable Devices

Improving the security of electronic devices that support innovative critical services (digital administrative services, e-health, e-shopping, and on-line banking) is essential to lay the foundations of a secure digital society. Security schemes based on Physical Unclonable Functions (PUFs) take advantage of intrinsic characteristics of the hardware for the online generation of unique digital identifiers and cryptographic keys that allow to ensure the protection of the devices against counterfeiting and to preserve data privacy. This paper tackles the design of a configurable Ring Oscillator (RO) PUF that encompasses several strategies to provide an efficient solution in terms of area, timing response, and performance. RO-PUF implementation on programmable logic devices is conceived to minimize the use of available resources, while operating speed can be optimized by properly selecting the size of the elements used to obtain the PUF response. The work also describes the interface added to the PUF to facilitate its incorporation as hardware Intellectual Property (IP)-modules into embedded systems. The performance of the RO-PUF is proven with an extensive battery of tests, which are executed to analyze the influence of different test strategies on the PUF quality indexes. The configurability of the proposed RO-PUF allows establishing the most suitable “cost/performance/security-level” trade-off for a certain application.

Extracting Cryptographic Keys from .NET Applications

In the absence of specialized encryption hardware,cryptographic operations must be performed in main memory.As such,it is common place for cyber criminals to examine the content of main memory with a view to retrieving high-value data in plaintext form and/or the associated decryption key.In this paper,the author presents a number of simple methods for identifying and extracting cryptographic keys from memory dumps of software applications that utilize the Microsoft .NET Framework,as well as sourcecode level countermeasures to protect against same.Given the EXE file of an application and a basic knowledge of the cryptographic libraries utilized in the .NET Framework,the author shows how to create a memory dump of a running application and how to extract cryptographic keys from same using WinDBG - without any prior knowledge of the cryptographic key utilized.Whilst the proof-of-concept application utilized as part of this paper uses an implementation of the DES cipher,it should be noted that the steps shown can be utilized against all three generations of symmetric and asymmetric ciphers supported within the .NET Framework.