Evaluation of Computational Approaches of Short Weierstrass Elliptic Curves for Cryptography

The survey presents the evolution of Short Weierstrass elliptic curves after their introduction in cryptography. Subsequently, this evolution resulted in the establishment of present elliptic curve computational standards. We discuss the chronology of attacks on Elliptic Curve Discrete Logarithm Problem (ECDLP) and investigate their countermeasures to highlight the evolved selection criteria of cryptographically safe elliptic curves. Further, two popular deterministic and random approaches for selection of Short Weierstrass elliptic curve for cryptography are evaluated from computational, security and trust perspectives and a trend in existent computational standards is demonstrated. Finally, standard and non-standard elliptic curves are analysed to add a new insight into their usability. There is no such survey conducted in past to the best of our knowledge.

Quantum-Resistant Network for Classical Client Compatibility

Quantum computing is no longer a thing of the future. Shor’s algorithm proved that a quantum computer couldtraverse key of factoring problems in polynomial time. Because the time-complexity of the exhaustive keysearch for quantum computing has not reliably exceeded the reasonable expiry of crypto key validity, it is believedthat current cryptography systems built on top of computational security are not quantum-safe. Quantumkey distribution fundamentally solves the problem of eavesdropping; nevertheless, it requires quantumpreparatory work and quantum-network infrastructure, and these remain unrealistic with classical computers.In transitioning to a mature quantum world, developing a quantum-resistant mechanism becomes a stringentproblem. In this research, we innovatively tackled this challenge using a non-computational difficulty schemewith zero-knowledge proof in order to achieve repellency against quantum computing cryptanalysis attacks foruniversal classical clients.

Security Analysis of Out-of-Band Device Pairing Protocols: A Survey

Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. We present a systematic description of the protocol assumptions, the adopted verification model, and an assessment of the verification results. In addition, we normalize the used taxonomy in order to enhance the understanding of these security validations. Furthermore, we refine the adversary capabilities on the out-of-band channel by redefining the replay capability and by introducing a new notion of delay that is dependent on the protocol structure that is more adequate for the ad hoc pairing context. Also, we propose a classification of a number of out-of-band channels based on their security properties and under our refined adversary model. Our work motivates the future SDP protocol designer to conduct a formal or a computational security assessment to allow the comparability between these pairing techniques. Furthermore, it provides a realistic abstraction of the adversary capabilities on the out-of-band channel which improves the modeling of their security characteristics in the protocol verification tools.

One-time-pad cipher algorithm based on confusion mapping and DNA storage technology

In order to solve the problems of low computational security in the encoding mapping and difficulty in practical operation of biological experiments in DNA-based one-time-pad cryptography, we proposed a one-time-pad cipher algorithm based on confusion mapping and DNA storage technology. In our constructed algorithm, the confusion mapping methods such as chaos map, encoding mapping, confusion encoding table and simulating biological operation process are used to increase the key space. Among them, the encoding mapping and the confusion encoding table provide the realization conditions for the transition of data and biological information. By selecting security parameters and confounding parameters, the algorithm realizes a more random dynamic encryption and decryption process than similar algorithms. In addition, the use of DNA storage technologies including DNA synthesis and high-throughput sequencing ensures a viable biological encryption process. Theoretical analysis and simulation experiments show that the algorithm provides both mathematical and biological security, which not only has the difficult advantage of cracking DNA biological experiments, but also provides relatively high computational security.

Auditable Blockchain Randomization Tool

Randomization is an integral part of well-designed statistical trials, and is also a required procedure in legal systems. Implementation of honest, unbiased, understandable, secure, traceable, auditable and collusion resistant randomization procedures is a mater of great legal, social and political importance. Given the juridical and social importance of randomization, it is important to develop procedures in full compliance with the following desiderata: (a) Statistical soundness and computational efficiency; (b) Procedural, cryptographical and computational security; (c) Complete auditability and traceability; (d) Any attempt by participating parties or coalitions to spuriously influence the procedure should be either unsuccessful or be detected; (e) Open-source programming; (f) Multiple hardware platform and operating system implementation; (g) User friendliness and transparency; (h) Flexibility and adaptability for the needs and requirements of multiple application areas (like, for example, clinical trials, selection of jury or judges in legal proceedings, and draft lotteries). This paper presents a simple and easy to implement randomization protocol that assures, in a formal mathematical setting, full compliance to the aforementioned desiderata for randomization procedures.

Soluciones administrativas y técnicas para proteger los recursos computacionales de personal interno-insiders

Key words: Administrative solutions, computational security, culture of security, protection tools, technical solutionsAbstract. Nowadays the organizations know that the computational security in logical, physical, environment security of hardware, software, process of business, data bases, telecommunications, butt in other, are essential not solely for the continuity of the daily operations of the businesses, but also to obtain strategic advantages. If the organization does not worry to place policies of computational security, that does not have control computational security, that does not invest in protection tools, does not update itself in the new problems ofinternal attacks and that a culture in computational security does not foment, among other aspects, more likely this in a high risk of which some computational resource can be affected by internal personnel and in consequence part or all the Business can let operate. It is necessary to remember that the internal personnel of the areas of information technology or systems intentional business or not intentionally they can damage the computational resources since they have knowledge of the vulnerabilities that have the computationalresources. I am made east summary with the purpose of which the people who read it have This paper has the aim to create a TI Resources Security Culture and to present some administrative and technical elements to protect the computational resources of from internalinsiders personnel.Palabras claves: Cultura de seguridad, herramientas de protección, seguridadcomputacional, soluciones administrativas, soluciones técnicasResumen. Hoy en día las organizaciones aceptan que los controles en seguridadcomputacional – lógica, física y ambiental en hardware, software, procesos de negocio, bases de datos, telecomunicaciones, entre otros - son esenciales para darle continuidad a las operaciones diarias de los negocios, así como y también para obtener ventajas estratégicas. Una organización que no se preocupa por aplicar políticas de seguridad computacional, establecer controles de seguridad, invertir en herramientas de protección, actualizarse en los nuevos problemas de ataques internos fomentar una cultura en seguridad computacional, etcétera, tiene mayor probabilidad de correr un alto riesgo, porque algún recurso computacional puede ser afectado por personal interno y en consecuencia una parte o todo el negocio puede dejar de operar, trayendo como consecuencia que la imagen de éste pueda ser dañada y que sus clientes pierdan la confianza. Hay que recordar que el personal interno de las áreas de tecnología de información o sistemas pueden dañar los recursos computacionales ya que ellos poseen conocimiento de las vulnerabilidades que poseen éstos últimos; también los usuarios de las diferentes áreas de forma intencional o no pueden también hacer daño. Por lo anterior, se proponen presentan en este artículo la implementación de una Cultura en Seguridad Computacional, así como soluciones administrativas y técnicas con la finalidad de disminuir los riesgos computacionales contra ataques internos