key leakage
Recently Published Documents


TOTAL DOCUMENTS

57
(FIVE YEARS 19)

H-INDEX

9
(FIVE YEARS 2)

Cryptography ◽  
2022 ◽  
Vol 6 (1) ◽  
pp. 2
Author(s):  
Alfonso Labao ◽  
Henry Adorna

In recent years, several new notions of security have begun receiving consideration for public-key cryptosystems, beyond the standard of security against adaptive chosen ciphertext attack (CCA2). Among these are security against randomness reset attacks, in which the randomness used in encryption is forcibly set to some previous value, and against constant secret-key leakage attacks, wherein the constant factor of a secret key’s bits is leaked. In terms of formal security definitions, cast as attack games between a challenger and an adversary, a joint combination of these attacks means that the adversary has access to additional encryption queries under a randomness of his own choosing along with secret-key leakage queries. This implies that both the encryption and decryption processes of a cryptosystem are being tampered under this security notion. In this paper, we attempt to address this problem of a joint combination of randomness and secret-key leakage attacks through two cryptosystems that incorporate hash proof system and randomness extractor primitives. The first cryptosystem relies on the random oracle model and is secure against a class of adversaries, called non-reversing adversaries. We remove the random oracle oracle assumption and the non-reversing adversary requirement in our second cryptosystem, which is a standard model that relies on a proposed primitive called LM lossy functions. These functions allow up to M lossy branches in the collection to substantially lose information, allowing the cryptosystem to use this loss of information for several encryption and challenge queries. For each cryptosystem, we present detailed security proofs using the game-hopping procedure. In addition, we present a concrete instantation of LM lossy functions in the end of the paper—which relies on the DDH assumption.


2022 ◽  
pp. 88-106
Author(s):  
Priyanka Ahlawat ◽  
Ankit Attkan

Handling unpredictable attack vulnerabilities in self-proclaiming secure algorithms in WSNs is an issue. Vulnerabilities provide loop holes for adversary to barge in the privacy of the network. Attacks performed by the attacker can be active or passive. Adversary may listen to the sensitive information and exploit its confidentiality which is passive, or adversary may modify sensitive information being transferred over a WSN in case of active attacks. As Internet of things has basically three layers, middle-ware layer, Application layer, perceptron layer, most of the attacks are observed to happen at the perceptron layer in case of both wireless sensor network and RFID Tag implication Layer. Both are a major part of the perceptron layer that consist a small part of the IoT. Some of the major attack vulnerabilities are exploited by executing the attacks through certain flaws in the protocol that are difficult to identify and almost complex to identify in complicated bigger protocols. As most of the sensors are resource constrained in terms of memory, battery power, processing power, bandwidth and due to which implementation of complex cryptosystem to keep the data being transferred secure is a challenging phase. The three main objectives studied in this scenario are setting up the system, registering user and the sensors via multiple gateways. Generating a common key which can be used for a particular interaction session among user, gateway and the sensor network. In this paper, we address one or more of these objectives for some of the fundamental problems in authentication and mutual authentication phase of the WSN in IoT deployment. We prevent the leakage of sensitive information using the rabin cryptosystem to avoid attacks like Man-in-the-middle attack, sensor session key leakage, all session hi-jacking attack and sniffing attacks in which data is analyzed maliciously by the adversary. We also compare and prove the security of our protocol using proverif protocol verifier tool.


2021 ◽  
Vol 11 (4) ◽  
pp. 4440-4455
Author(s):  
Dr. Sabout Nagaraju ◽  
S.K.V. Jayakumar ◽  
C. Swetha Priya

Cloud computing has gained rapid growth in the development of different fields of science and engineering. However, due to the distributed nature of cloud computing, session key generation and establishment is the pressing issue. Session key management plays the utmost important role in the secure exchange of sensitive login credentials and transaction information. Moreover, conventional session key management mechanisms are inadequate and cannot be directly adopted in cloud-based environments. Hence, session key management is very much solely needed solution for reliable cloud-based service provisioning. In mutual authentication, bi-linear key pairing cryptosystem plays a critical role to generate and establish a session key. The existing mutual authentication schemes fail to support true mutual authentication in cloud-based environments as they are vulnerable to secret key leakage, perfect forward secrecy, and untraceability. To mitigate the effect of these attacks, this research develops an efficient multi-linear key pairing cryptosystem. In this cryptosystem, challenge-response messages are used for generating and establishing a one-time shared session key. Furthermore, the performance analysis of the proposed cryptosystem depicts a significant reduction of computation cost, authentication accuracy rates, and resistance to the aforementioned attacks.


Author(s):  
Max Hoffmann ◽  
Christof Paar

Hardware obfuscation is widely used in practice to counteract reverse engineering. In recent years, low-level obfuscation via camouflaged gates has been increasingly discussed in the scientific community and industry. In contrast to classical high-level obfuscation, such gates result in recovery of an erroneous netlist. This technology has so far been regarded as a purely defensive tool. We show that low-level obfuscation is in fact a double-edged sword that can also enable stealthy malicious functionalities.In this work, we present Doppelganger, the first generic design-level obfuscation technique that is based on low-level camouflaging. Doppelganger obstructs central control modules of digital designs, e.g., Finite State Machines (FSMs) or bus controllers, resulting in two different design functionalities: an apparent one that is recovered during reverse engineering and the actual one that is executed during operation. Notably, both functionalities are under the designer’s control.In two case studies, we apply Doppelganger to a universal cryptographic coprocessor. First, we show the defensive capabilities by presenting the reverse engineer with a different mode of operation than the one that is actually executed. Then, for the first time, we demonstrate the considerable threat potential of low-level obfuscation. We show how an invisible, remotely exploitable key-leakage Trojan can be injected into the same cryptographic coprocessor just through obfuscation. In both applications of Doppelganger, the resulting design size is indistinguishable from that of an unobfuscated design, depending on the choice of encodings.


2020 ◽  
Vol 2020 ◽  
pp. 1-12
Author(s):  
Ying Zou ◽  
Yanting Chai ◽  
Sha Shi ◽  
Lei Wang ◽  
Yunfeng Peng ◽  
...  

Due to the transparency of the wireless channel, users in multiple-key environment are vulnerable to eavesdropping during the process of uploading personal data and re-encryption keys. Besides, there is additional burden of key management arising from multiple keys of users. In addition, profile matching using inner product between vectors cannot effectively filter out users with ulterior motives. To tackle the above challenges, we first improve a homomorphic re-encryption system (HRES) to support a single homomorphic multiplication and arbitrarily many homomorphic additions. The public key negotiated by the clouds is used to encrypt the users’ data, thereby avoiding the issues of key leakage and key management, and the privacy of users’ data is also protected. Furthermore, our scheme utilizes the homomorphic multiplication property of the improved HRES algorithm to compute the cosine result between the normalized vectors as the standard for measuring the users’ proximity. Thus, we can effectively improve the social experience of users.


2020 ◽  
Vol 520 ◽  
pp. 15-30
Author(s):  
Chengyu Hu ◽  
Yuqin Xu ◽  
Pengtao Liu ◽  
Jia Yu ◽  
Shanqing Guo ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document