Corrigendum: Concise and tight security analysis of the Bennett-Brassard 1984 protocol with finite key lengths (2012 New J. Phys.14 093014)

The paper (2012 New J. Phys.14 093014) contains an error at the definition of $g_t(x)$ in Section 5.3 while $g_t(x)$ is used for the second order asymptotic expansion for the sacrifice bit. This corrigendum corrects this error and shows its derivation.

A Pairing-Free Identity-Based Identification Scheme with Tight Security Using Modified-Schnorr Signatures

The security of cryptographic schemes is proven secure by reducing an attacker which breaks the scheme to an algorithm that could be used to solve the underlying hard assumption (e.g., Discrete Logarithm, Decisional Diffie–Hellman). The reduction is considered tight if it results in approximately similar probability bounds to that of solving the underlying hard assumption. Tight security is desirable as it improves security guarantees and allows the use of shorter parameters without the risk of compromising security. In this work, we propose an identity-based identification (IBI) scheme with tight security based on a variant of the Schnorr signature scheme known as TNC signatures. The proposed IBI scheme enjoys shorter parameters and key sizes as compared to existing IBI schemes without increasing the number of operations required for its identification protocol. Our scheme is suitable to be used for lightweight authentication in resource-constrained Wireless Sensor Networks (WSNs) as it utilizes the lowest amount of bandwidth when compared to other state-of-the-art symmetric key lightweight authentication schemes. Although it is costlier than its symmetric key counterparts in terms of operational costs due to its asymmetric key nature, it enjoys other benefits such as decentralized authentication and scalable key management. As a proof of concept to substantiate our claims, we perform an implementation of our scheme to demonstrate its speed and memory usage when it runs on both high and low-end devices.

Security of Personal Data in Social Networks

The Information Society has created different possibilities for remote access to distributed information resources and communications between users (virtual environments, cloud services, social media, etc.). With millions of users’ data (or billions, in the case of Facebook) floating around the web, the need for tight security from social media platforms is obvious. The wide age range and technology experience level of social media users makes security management even more complex. A social platform needs to not only combat hackers, but also has to protect users whose personal security practices might be elementary.

On Length Independent Security Bounds for the PMAC Family

At FSE 2017, Gaži et al. demonstrated a pseudorandom function (PRF) distinguisher (Gaži et al., ToSC 2016(2)) on PMAC with Ω(lq2/2n) advantage, where q, l, and n, denote the number of queries, maximum permissible query length (in terms of n-bit blocks), and block size of the underlying block cipher. This, in combination with the upper bounds of Ο(lq2/2n) (Minematsu and Matsushima, FSE 2007) and Ο(qσ/2n) (Nandi and Mandal, J. Mathematical Cryptology 2008(2)), resolved the long-standing problem of exact security of PMAC. Gaži et al. also showed that the dependency on l can be dropped (i.e. O(q2/2n) bound up to l ≤ 2n/2) for a simplified version of PMAC, called sPMAC, by replacing the Gray code-based masking in PMAC with any 4-wise independent universal hash-based masking. Recently, Naito proposed another variant of PMAC with two powering-up maskings (Naito, ToSC 2019(2)) that achieves l-free bound of O(q2/2n), provided l ≤ 2n/2. In this work, we first identify a flaw in the analysis of Naito’s PMAC variant that invalidates the security proof. Apparently, the flaw is not easy to fix under the existing proof setup. We then formulate an equivalent problem which must be solved in order to achieve l-free security bounds for this variant. Second, we show that sPMAC achieves O(q2/2n) bound for a weaker notion of universality as compared to the earlier condition of 4-wise independence. Third, we analyze the security of PMAC1 (a popular variant of PMAC) with a simple modification in the linear combination of block cipher outputs. We show that this simple modification of PMAC1 has tight security O(q2/2n) provided l ≤ 2n/4. Even if l < 2n/4, we still achieve same tight bound as long as total number of blocks in all queries is less than 22n/3.

Secured Novel Lightweight IoT End Device Architecture using Confidentiality, Integrity, Authenticity & Availability based tight security approach

IoT end devices essential security parameters are Confidentiality, Integrity, Authenticity and Availability(CIAA). Breach of any of these security parameters means compromise with security thus collapsing the device. Even partial breach in security refers to loop holes in security hence unsecure IoT end device. Due to wearable nature of IoT end devices implementing security and maintaining lightweight is a challenge. Conventional security algorithms incur memory and processing overheads in wearable IoT end devices therefore lightweight security algorithms is compulsory. The existing architectures merely consider security enhancement using conventional security algorithm without focusing on lightweight therefore this paper analyzes existing IoT end device architectures and concludes that all are overarchitectured. Due to over- architecture the components of existing architectures are more visible to the external world and invites more attacks hence unsecured. On the other hand lightweight IoT end device resources ensure less complexity hence less internal bugs, less attack surface area, less visibility to external world thus more secure. Mandatory security requirements in wearable IoT end devices are still an extensive research issue. Therefore this paper focuses on mandatory boot process security requirements, software security requirements and security requirements during communication. Our proposed architecture is implemented over ESP32 microcontroller with the application of Arduino IDE. Lightweight secured internet of things (SIT) algorithm was implemented for lightweight CIAA due to light security requirements in wearable devices. Finally this paper compares the latest lightweight and secure architecture with the proposed lightweight and secure architecture and concludes that proposed architecture is robust in terms of lightweight and security.

On the Tight Security of TLS 1.3: Theoretically Sound Cryptographic Parameters for Real-World Deployments

We consider the theoretically sound selection of cryptographic parameters, such as the size of algebraic groups or RSA keys, for TLS 1.3 in practice. While prior works gave security proofs for TLS 1.3, their security loss is quadratic in the total number of sessions across all users, which due to the pervasive use of TLS is huge. Therefore, in order to deploy TLS 1.3 in a theoretically sound way, it would be necessary to compensate this loss with unreasonably large parameters that would be infeasible for practical use at large scale. Hence, while these previous works show that in principle the design of TLS 1.3 is secure in an asymptotic sense, they do not yet provide any useful concrete security guarantees for real-world parameters used in practice. In this work, we provide a new security proof for the cryptographic core of TLS 1.3 in the random oracle model, which reduces the security of TLS 1.3 tightly (that is, with constant security loss) to the (multi-user) security of its building blocks. For some building blocks, such as the symmetric record layer encryption scheme, we can then rely on prior work to establish tight security. For others, such as the RSA-PSS digital signature scheme currently used in TLS 1.3, we obtain at least a linear loss in the number of users, independent of the number of sessions, which is much easier to compensate with reasonable parameters. Our work also shows that by replacing the RSA-PSS scheme with a tightly secure scheme (e.g., in a future TLS version), one can obtain the first fully tightly secure TLS protocol. Our results enable a theoretically sound selection of parameters for TLS 1.3, even in large-scale settings with many users and sessions per user.