Enhancement of Security of Diffie-Hellman Key Exchange Protocol using RSA Cryptography.

Cryptography is related and referred to as the secured transmission of messages amongst the sender and the intended receiver by ensuring confidentiality, integrity, and authentication. Diffie – Hellman (DH) key exchange protocol is a well-known algorithm that would generate a shared secret key among the sender and the intended receiver, and the basis of cryptosystems for using public and private key for encryption and decryption process. But it is severely affected by the Man in the Middle (MITM) attack that would intercept and manipulate thus eavesdropping the shared secret key. This paper proposes a model of integrating the public-key RSA cryptography system with the DH key exchange to prevent the MITM attack. The performance of the proposed work has been compared to the DH Key Exchange algorithm as well as RSA Cryptosystem to conclude for effectiveness of the proposed model.

MAKE: A matrix action key exchange

We offer a public key exchange protocol based on a semidirect product of two cyclic (semi)groups of matrices over Z p {{\mathbb{Z}}}_{p} . One of the (semi)groups is additive, and the other one is multiplicative. This allows us to take advantage of both operations on matrices to diffuse information. We note that in our protocol, no power of any matrix or of any element of Z p {{\mathbb{Z}}}_{p} is ever exposed, so standard classical attacks on Diffie–Hellman-like protocols are not applicable.

Một giải pháp quản lý kết nối mật cho IPSec trên FPGA

Tóm tắt—IPSec (Internet Protocol Security) là bộ giao thức an toàn nhằm bảo vệlưu lượng dữ liệu qua mạng Internet. Mỗi kết nối mật trong mô hình triển khai IPSec có một bộ thuật toán, tham số bảo mật riêng. Để đảm bảo các kết nối mật hoạt động ổn định trong môi trường truyền tin với băng thông lớn, việc quản lý nhiều kết nối mật đồng thời trên thiết bị IPSec đóng vai trò vô cùng quan trọng. Do tính phức tạp của quá trình quản lý, thông thường vấn đề này được thực hiện bằng phần mềm trên hệđiều hành. Giải pháp này bị hạn chế do quá trình trao đổi dữ liệu giữavi mạch Field Programmable Gate Array (FPGA) và bộ vi xử lý. Trong bài viết này, nhóm tác giả đưa ra một giải pháp tổ chức, quản lý kết nối mật sau khi sử dụng giao thức Internet Key Exchange (IKE) để trao đổi khóa cho IPSec trên FPGA sử dụng ngôn ngữ mô tả phần cứng, nhằm đáp ứng yêu cầu tốc độ cao với nhiều kết nối.Abstract—IPSec (Internet Protocol Security) is a secure protocol aiming to protect data traffic via the Internet. There is a separate set of algorithms and security parameters in each secure connection in the IPSec deployment model. In order to ensure stable connections in high-bandwidth environments, managing multiple secure connections simultaneously on IPSec devices holds a significant role. Due to the complexity of the management process, this is commonly done by software on the operating system. This solution is restricted due to data exchange between field-programmable gate array (FPGA) and microprocessor. In this article, a solution was proposed to organize and manage a confidential connection after using Internet Key Exchange (IKE) to exchange keys for IPSec directly using hardware description language on FPGA, aiming to meet high-speed requirements with many connections.

Xây dựng giải pháp trao đổi khóa IKEv2 sử dụng NIOS II trên FPGA

Tóm tắt—Giao thức Internet Key Exchange (IKE) là một giao thức thực hiện quá trình trao đổi khóa và thỏa thuận trong chế độ bảo mật IPSec. Để thực thi giao thức bảo mật IPSec tốc độ cao thì thường kết hợp giữa phần mềm và phần cứng trên vi mạch Field Programmable Gate Array (FPGA) [7], [8]. Trong đó, các thao tác mật mã, đóng gói và bóc tách gói tin được thực hiện bằng FPGA để đảm bảo thực hiện hệ thống IPSec tốc độ cao; giao thức trao đổi khóa IKE được thực hiện bằng phần mềm sử dụng hệ điều hành Linux nhúng. Trong bài báo này, nhóm tác giả giới thiệu giải pháp thực hiện giải thuật trao đổi khóa IKE sử dụng Nios II trên FPGA. Với cách tiếp cận này, nhóm tác giả đã tự tổ chức, xây dựng chương trình trên bộ vi xử lý, nhờ đó kiểm soát được toàn bộ dòng dữ liệu. Abstract—IKE (Internet Key Exchange) is a protocol that performs key exchange and agreement process in IPSec security mode. To implement high speed IPSec security protocol, it is often combined software and hardware on Field Programmable Gate Array (FPGA) [7], [8]. Therein, encryption, packet encapsulation and extraction operations will be performed by FPGA to ensure high speed IPSec system implementation; the IKE protocol is implemented by software using an embed Linux operating system. In this paper, the authors introduce the solution of implementing IKE key exchange algorithm using Nios II on FPGA. With this approach, the authors have organized and built the program on the microprocessor by themselves, therefore the entire data stream is controlled.

Some new semiring structures

In this paper, we introduce some new semiring structures by considering the prime factors, sum of divisors and the number of relatively prime positive divisors of a pair of non-negative integers and solve a variety of system of linear equations over one of these semirings. We then discuss the properties of these structures and how they compare with classical algebra. The paper is concluded by providing a key-exchange scheme using one of the newly discovered semirings.

From Cold Resistor to Secure Key Exchanger

Utilizing a formerly published cold resistor circuitry, a secure key exchange system is conceived and explored. A circuit realization of the system is constructed and simulated. Similar to the Pao-Lo key exchanger, this system is secure in the steady-state limit but crackable in the transient situations.

Constructing efficient and secure batch signature schemes

In ordinary signature schemes, such as RSA, DSA, ECDSA, the signing process is performed only for a single message. Due to performance issues, in some contexts, the above solutions will become unsuitable if a party needs to sign multiple messages simultaneously. For example, in the authenticated key exchange protocols based on signatures between client and server, the server is expected to handle multiple key exchange requests from different clients simultaneously. Batch signing is a solution that generates signatures for multi-messages simultaneously with a single (ordinary) signature generation. In this article, we will consider some of the existing batch signing solutions and point out a few of their weakness. To deal with these problems, the paper also proposes two secure types of batch signature schemes, but still ensures the same efficiency as the existing batch signing solution.

Lightweight and Secure Elliptical Curve Cryptography (ECC) Key Exchange for Mobile Phones

Open networks enable data communication between different types of mobile devices that showcase the need to enforce elevated security measures. Securing sensitive or confidential data in mobile phones is accomplished by implementing a diverse range of cryptographic techniques. While encryption algorithms, such as Rivest–Shamir–Adleman (RSA) may offer secure solutions that are often difficult to compromise, these in turn prerequisite high speed computational resources for effective operation. Elliptical curve cryptography (ECC) is well thought-out standard that offers a workable and feasible methods of encryption/decryption, whilst being applicable to resource constraint devices. This paper implements a novel key exchange mechanism that helps to secure exchange of data between the communicating mobile devices. The study aims to address the limitation of Elliptic Curve Deffie Hellman, which is susceptible to Man-in-the-Middle attack and proposes an enhanced Elliptic Curve Deffie Hellman (ECDH) technique for secure data communication in open networks. The study results reveal, how the implementation of ECDH allows exchange of keys between the two communicating devices with limited resources.