Computing Blindfolded on Data Homomorphically Encrypted under Multiple Keys: A Survey

With capability of performing computations on encrypted data without needing the secret key, homomorphic encryption (HE) is a promising cryptographic technique that makes outsourced computations secure and privacy-preserving. A decade after Gentry’s breakthrough discovery of how we might support arbitrary computations on encrypted data, many studies followed and improved various aspects of HE, such as faster bootstrapping and ciphertext packing. However, the topic of how to support secure computations on ciphertexts encrypted under multiple keys does not receive enough attention. This capability is crucial in many application scenarios where data owners want to engage in joint computations and are preferred to protect their sensitive data under their own secret keys. Enabling this capability is a non-trivial task. In this article, we present a comprehensive survey of the state-of-the-art multi-key techniques and schemes that target different systems and threat models. In particular, we review recent constructions based on Threshold Homomorphic Encryption (ThHE) and Multi-Key Homomorphic Encryption (MKHE). We analyze these cryptographic techniques and schemes based on a new secure outsourced computation model and examine their complexities. We share lessons learned and draw observations for designing better schemes with reduced overheads.

Shared Secret Key Generation by Exploiting Inaudible Acoustic Channels

To build a secure wireless networking system, it is essential that the cryptographic key is known only to the two (or more) communicating parties. Existing key extraction schemes put the devices into physical proximity and utilize the common inherent randomness between the devices to agree on a secret key, but they often rely on specialized hardware (e.g., the specific wireless NIC model) and have low bit rates. In this article, we seek a key extraction approach that only leverages off-the-shelf mobile devices, while achieving significantly higher key generation efficiency. The core idea of our approach is to exploit the fast varying inaudible acoustic channel as the common random source for key generation and wireless parallel communication for exchanging reconciliation information to improve the key generation rate. We have carefully studied and validated the feasibility of our approach through both theoretical analysis and a variety of measurements. We implement our approach on different mobile devices and conduct extensive experiments in different real scenarios. The experiment results show that our approach achieves high efficiency and satisfactory robustness. Compared with state-of-the-art methods, our approach improves the key generation rate by 38.46% and reduces the bit mismatch ratio by 42.34%.

PUF based Secure and Lightweight Authentication and Key-Sharing Scheme for Wireless Sensor Network

The deployment of wireless sensor networks (WSN) in an untended environment and the openness of the wireless channel bring various security threats to WSN. The resource limitations of the sensor nodes make the conventional security systems less attractive for WSN. Moreover, conventional cryptography alone cannot ensure the desired security against the physical attacks on sensor nodes. Physically unclonable function (PUF) is an emerging hardware security primitive that provides low-cost hardware security exploiting the unique inherent randomness of a device. In this article, we have proposed an authentication and key sharing scheme for the WSN integrating Pedersen’s verifiable secret sharing (Pedersen’s VSS) and Shamir’s secret sharing (Shamir’s SS) scheme with PUF which ensure the desired security with low overhead. The security analysis depicts the resilience of the proposed scheme against different active, passive and physical attacks. Also, the performance analysis shows that the proposed scheme possesses low computation, communication and storage overhead. The scheme only needs to store a polynomial number of PUF challenge-response pairs to the user node. The sink or senor nodes do not require storing any secret key. Finally, the comparison with the previous protocols establishes the dominance of the proposed scheme to use in WSN.

An Efficient Certificate-Based Aggregate Signature Scheme for Internet of Drones

Internet of drones (IoD) is a network of small drones that leverages IoT infrastructure to deliver real-time data communication services to users. On the one hand, IoD is an excellent choice for a number of military and civilian applications owing to key characteristics like agility, low cost, and ease of deployment; on the other hand, small drones are rarely designed with security and privacy concerns in mind. Intruders can exploit this vulnerability to compromise the security and privacy of IoD networks and harm the information exchange operation. An aggregate signature scheme is the best solution for resolving security and privacy concerns since multiple drones are connected in IoD networks to gather data from a certain zone. However, most aggregate signature schemes proposed in the past for this purpose are either identity-based or relied on certificateless cryptographic methods. Using these methods, a central authority known as a trusted authority (TA) is responsible for generating and distributing secret keys of every user. However, the key escrow problem is formulated as knowing the secret key generated by the TA. These methods are hampered by key distribution issues, which restrict their applicability in a variety of situations. To address these concerns, this paper presents a certificate-based aggregate signature (CBS-AS) scheme based on hyperelliptic curve cryptography (HECC). The proposed scheme has been shown to be both efficient in terms of computation cost and unforgeable while testing its toughness through formal security analysis.

Security Analysis of Continuous-Variable Measurement-Device-Independent Quantum Key Distribution Systems in Complex Communication Environments

Continuous-variable measure-device-independent quantum key distribution (CV-MDI QKD) is proposed to remove all imperfections originating from detection. However, there are still some inevitable imperfections in a practical CV-MDI QKD system. For example, there is a fluctuating channel transmittance in the complex communication environments. Here we investigate the security of the system under the effects of the fluctuating channel transmittance, where the transmittance is regarded as a fixed value related to communication distance in theory. We first discuss the parameter estimation in fluctuating channel transmittance based on these establishing of channel models, which has an obvious deviation compared with the estimated parameters in the ideal case. Then, we show the evaluated results when the channel transmittance respectively obeys the two-point distribution and the uniform distribution. In particular, the two distributions can be easily realized under the manipulation of eavesdroppers. Finally, we analyze the secret key rate of the system when the channel transmittance obeys the above distributions. The simulation analysis indicates that a slight fluctuation of the channel transmittance may seriously reduce the performance of the system, especially in the extreme asymmetric case. Furthermore, the communication between Alice, Bob and Charlie may be immediately interrupted. Therefore, eavesdroppers can manipulate the channel transmittance to complete a denial-of-service attack in a practical CV-MDI QKD system. To resist this attack, the Gaussian post-selection method can be exploited to calibrate the parameter estimation to reduce the deterioration of performance of the system.

Review of Physically Unclonable Functions (PUFs): Structures, Models, and Algorithms

Physically unclonable functions (PUFs) are now an essential component for strengthening the security of Internet of Things (IoT) edge devices. These devices are an important component in many infrastructure systems such as telehealth, commerce, industry, etc. Traditionally these devices are the weakest link in the security of the system since they have limited storage, processing, and energy resources. Furthermore they are located in unsecured environments and could easily be the target of tampering and various types of attacks. We review in this work the structure of most salient types of PUF systems such as static RAM static random access memory (SRAM), ring oscillator (RO), arbiter PUFs, coating PUFs and dynamic RAM dynamic random access memory (DRAM). We discuss statistical models for the five most common types of PUFs and identify the main parameters defining their performance. We review some of the most recent algorithms that can be used to provide stable authentication and secret key generation without having to use helper data or secure sketch algorithms. Finally we provide results showing the performance of these devices and how they depend on the authentication algorithm used and the main system parameters.

A Simple Image Encryption Based on Binary Image Affine Transformation and Zigzag Process

In this paper, we propose a new and simple method for image encryption. It uses an external secret key of 128 bits long and an internal secret key. The novelties of the proposed encryption process are the methods used to extract an internal key to apply the zigzag process, affine transformation, and substitution-diffusion process. Initially, an original gray-scale image is converted into binary images. An internal secret key is extracted from binary images. The two keys are combined to compute the substitution-diffusion keys. The zigzag process is firstly applied on each binary image. Using an external key, every zigzag binary image is reflected or rotated and a new gray-scale image is reconstructed. The new image is divided into many nonoverlapping subblocks, and each subblock uses its own key to take out a substitution-diffusion process. We tested our algorithms on many biomedical and nonmedical images. It is seen from evaluation metrics that the proposed image encryption scheme provides good statistical and diffusion properties and can resist many kinds of attacks. It is an efficient and secure scheme for real-time encryption and transmission of biomedical images in telemedicine.

Fuzzy Proximity based Robust Data Hiding Scheme with Interval Threshold

In 2020, Ashraf et al. proposed an interval type-2 fuzzy logic based block similarity calculation using color proximity relations of neighboring pixels in a steganographic scheme. Their method works well for detecting similarity, but it has drawbacks in terms of visual quality, imperceptibility, security, and robustness. Using Mamdani fuzzy logic to identify color proximity at the block level, as well as a shared secret key and post-processing system, this paper attempts to develop a robust data hiding scheme with similarity measure to ensure good visual quality, robustness, imperceptibility, and enhance the security. Further, the block color proximity is graded using an interval threshold. Accordingly, data embedding is processed in the sequence generated by the shared secret keys. In order to increase the quality and accuracy of the recovered secret message, the tampering coincidence problem is solved through a post-processing approach. The experimental analysis, steganalysis and comparisons clearly illustrate the effectiveness of the proposed scheme in terms of visual quality, structural similarity, recoverability and robustness.