Pub Date : 2023-02-09DOI: 10.3390/cryptography7010007
Mehwish Tahir, Yuansong Qiao, N. Kanwal, Brian Lee, M. Asghar
The purpose of smart surveillance systems for automatic detection of road traffic accidents is to quickly respond to minimize human and financial losses in smart cities. However, along with the self-evident benefits of surveillance applications, privacy protection remains crucial under any circumstances. Hence, to ensure the privacy of sensitive data, European General Data Protection Regulation (EU-GDPR) has come into force. EU-GDPR suggests data minimisation and data protection by design for data collection and storage. Therefore, for a privacy-aware surveillance system, this paper targets the identification of two areas of concern: (1) detection of road traffic events (accidents), and (2) privacy preserved video summarization for the detected events in the surveillance videos. The focus of this research is to categorise the traffic events for summarization of the video content, therefore, a state-of-the-art object detection algorithm, i.e., You Only Look Once (YOLOv5), has been employed. YOLOv5 is trained using a customised synthetic dataset of 600 annotated accident and non-accident video frames. Privacy preservation is achieved in two steps, firstly, a synthetic dataset is used for training and validation purposes, while, testing is performed on real-time data with an accuracy from 55% to 85%. Secondly, the real-time summarized videos (reduced video duration to 42.97% on average) are extracted and stored in an encrypted format to avoid un-trusted access to sensitive event-based data. Fernet, a symmetric encryption algorithm is applied to the summarized videos along with Diffie–Hellman (DH) key exchange algorithm and SHA256 hash algorithm. The encryption key is deleted immediately after the encryption process, and the decryption key is generated at the system of authorised stakeholders, which prevents the key from a man-in-the-middle (MITM) attack.
自动检测道路交通事故的智能监控系统的目的是快速响应,最大限度地减少智慧城市的人员和经济损失。然而,随着监视应用程序的好处不言而喻,隐私保护在任何情况下仍然至关重要。因此,为了确保敏感数据的隐私性,欧盟通用数据保护条例(EU-GDPR)已经生效。EU-GDPR建议通过数据收集和存储的设计来实现数据最小化和数据保护。因此,对于隐私感知监控系统,本文针对两个关注领域的识别:(1)道路交通事件(事故)的检测,(2)对监控视频中检测到的事件进行隐私保护视频摘要。本研究的重点是对流量事件进行分类,以总结视频内容,因此,采用了最先进的对象检测算法,即You Only Look Once (YOLOv5)。YOLOv5使用600个带注释的事故和非事故视频帧的定制合成数据集进行训练。隐私保护分两步实现,首先使用合成数据集进行训练和验证,同时对实时数据进行测试,准确率在55%到85%之间。其次,提取实时汇总视频(视频时长平均减少到42.97%)并加密存储,避免对基于事件的敏感数据进行不可信访问。Fernet,一种对称加密算法与Diffie-Hellman (DH)密钥交换算法和SHA256哈希算法一起应用于总结的视频。加密密钥在加密过程结束后立即删除,解密密钥在授权涉众的系统中生成,从而防止密钥受到中间人(MITM)攻击。
{"title":"Privacy Preserved Video Summarization of Road Traffic Events for IoT Smart Cities","authors":"Mehwish Tahir, Yuansong Qiao, N. Kanwal, Brian Lee, M. Asghar","doi":"10.3390/cryptography7010007","DOIUrl":"https://doi.org/10.3390/cryptography7010007","url":null,"abstract":"The purpose of smart surveillance systems for automatic detection of road traffic accidents is to quickly respond to minimize human and financial losses in smart cities. However, along with the self-evident benefits of surveillance applications, privacy protection remains crucial under any circumstances. Hence, to ensure the privacy of sensitive data, European General Data Protection Regulation (EU-GDPR) has come into force. EU-GDPR suggests data minimisation and data protection by design for data collection and storage. Therefore, for a privacy-aware surveillance system, this paper targets the identification of two areas of concern: (1) detection of road traffic events (accidents), and (2) privacy preserved video summarization for the detected events in the surveillance videos. The focus of this research is to categorise the traffic events for summarization of the video content, therefore, a state-of-the-art object detection algorithm, i.e., You Only Look Once (YOLOv5), has been employed. YOLOv5 is trained using a customised synthetic dataset of 600 annotated accident and non-accident video frames. Privacy preservation is achieved in two steps, firstly, a synthetic dataset is used for training and validation purposes, while, testing is performed on real-time data with an accuracy from 55% to 85%. Secondly, the real-time summarized videos (reduced video duration to 42.97% on average) are extracted and stored in an encrypted format to avoid un-trusted access to sensitive event-based data. Fernet, a symmetric encryption algorithm is applied to the summarized videos along with Diffie–Hellman (DH) key exchange algorithm and SHA256 hash algorithm. The encryption key is deleted immediately after the encryption process, and the decryption key is generated at the system of authorised stakeholders, which prevents the key from a man-in-the-middle (MITM) attack.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"14 1","pages":"7"},"PeriodicalIF":0.0,"publicationDate":"2023-02-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74758885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-02-06DOI: 10.3390/cryptography7010006
Jamunarani Damodharan, Emalda Roslin Susai Michael, N. Shaikh-Husin
The Internet of Things (IoT) is an intelligent technology applied to various fields like agriculture, healthcare, automation, and defence. Modern medical electronics is also one such field that relies on IoT. Execution time, data security, power, and hardware utilization are the four significant problems that should be addressed in the data communication system between intelligent devices. Due to the risks in the implementation algorithm complexity, certain ciphers are unsuitable for IoT applications. In addition, IoT applications are also implemented on an embedded platform wherein computing resources and memory are limited in number. Here in the research work, a reliable lightweight encryption algorithm with PRESENT has been implemented as a hardware accelerator and optimized for medical IoT-embedded applications. The PRESENT cipher is a reliable, lightweight encryption algorithm in many applications. This paper presents a low latency 32-bit data path of PRESENT cipher architecture that provides high throughput. The proposed hardware architecture has been implemented and tested with XILINX XC7Z030FBG676-2 ZYNQ FPGA board 7000. This work shows an improvement of about 85.54% in throughput with a reasonable trade-off over hardware utilization.
{"title":"High Throughput PRESENT Cipher Hardware Architecture for the Medical IoT Applications","authors":"Jamunarani Damodharan, Emalda Roslin Susai Michael, N. Shaikh-Husin","doi":"10.3390/cryptography7010006","DOIUrl":"https://doi.org/10.3390/cryptography7010006","url":null,"abstract":"The Internet of Things (IoT) is an intelligent technology applied to various fields like agriculture, healthcare, automation, and defence. Modern medical electronics is also one such field that relies on IoT. Execution time, data security, power, and hardware utilization are the four significant problems that should be addressed in the data communication system between intelligent devices. Due to the risks in the implementation algorithm complexity, certain ciphers are unsuitable for IoT applications. In addition, IoT applications are also implemented on an embedded platform wherein computing resources and memory are limited in number. Here in the research work, a reliable lightweight encryption algorithm with PRESENT has been implemented as a hardware accelerator and optimized for medical IoT-embedded applications. The PRESENT cipher is a reliable, lightweight encryption algorithm in many applications. This paper presents a low latency 32-bit data path of PRESENT cipher architecture that provides high throughput. The proposed hardware architecture has been implemented and tested with XILINX XC7Z030FBG676-2 ZYNQ FPGA board 7000. This work shows an improvement of about 85.54% in throughput with a reasonable trade-off over hardware utilization.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"27 1","pages":"6"},"PeriodicalIF":0.0,"publicationDate":"2023-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80351146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-01-28DOI: 10.3390/cryptography7010004
N. Mohan, J. P. Anita
The chances of detecting a malicious reliability attack induced by an offshore foundry are grim. The hardware Trojans affecting a circuit’s reliability do not tend to alter the circuit layout. These Trojans often manifest as an increased delay in certain parts of the circuit. These delay faults easily escape during the integrated circuits (IC) testing phase, hence are difficult to detect. If additional patterns to detect delay faults are generated during the test pattern generation stage, then reliability attacks can be detected early without any hardware overhead. This paper proposes a novel method to generate patterns that trigger Trojans without altering the circuit model. The generated patterns’ ability to diagnose clustered Trojans are also analyzed. The proposed method uses only single fault simulation to detect clustered Trojans, thereby reducing the computational complexity. Experimental results show that the proposed algorithm has a detection ratio of 99.99% when applied on ISCAS’89, ITC’99 and IWLS’05 benchmark circuits. Experiments on clustered Trojans indicate a 46% and 34% improvement in accuracy and resolution compared to a standard Automatic Test Pattern Generator (ATPG)Tool.
{"title":"Early Detection of Clustered Trojan Attacks on Integrated Circuits Using Transition Delay Fault Model","authors":"N. Mohan, J. P. Anita","doi":"10.3390/cryptography7010004","DOIUrl":"https://doi.org/10.3390/cryptography7010004","url":null,"abstract":"The chances of detecting a malicious reliability attack induced by an offshore foundry are grim. The hardware Trojans affecting a circuit’s reliability do not tend to alter the circuit layout. These Trojans often manifest as an increased delay in certain parts of the circuit. These delay faults easily escape during the integrated circuits (IC) testing phase, hence are difficult to detect. If additional patterns to detect delay faults are generated during the test pattern generation stage, then reliability attacks can be detected early without any hardware overhead. This paper proposes a novel method to generate patterns that trigger Trojans without altering the circuit model. The generated patterns’ ability to diagnose clustered Trojans are also analyzed. The proposed method uses only single fault simulation to detect clustered Trojans, thereby reducing the computational complexity. Experimental results show that the proposed algorithm has a detection ratio of 99.99% when applied on ISCAS’89, ITC’99 and IWLS’05 benchmark circuits. Experiments on clustered Trojans indicate a 46% and 34% improvement in accuracy and resolution compared to a standard Automatic Test Pattern Generator (ATPG)Tool.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"176 1","pages":"4"},"PeriodicalIF":0.0,"publicationDate":"2023-01-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90231332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-01-18DOI: 10.3390/cryptography7010003
Cryptography Editorial Office
High-quality academic publishing is built on rigorous peer review [...]
高质量的学术出版建立在严格的同行评审的基础上[…]
{"title":"Acknowledgment to the Reviewers of Cryptography in 2022","authors":"Cryptography Editorial Office","doi":"10.3390/cryptography7010003","DOIUrl":"https://doi.org/10.3390/cryptography7010003","url":null,"abstract":"High-quality academic publishing is built on rigorous peer review [...]","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"40 1","pages":"3"},"PeriodicalIF":0.0,"publicationDate":"2023-01-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85318860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-01-10DOI: 10.3390/cryptography7010002
Iason Papadopoulos, Jiabo Wang
In modern society, the Internet is one of the most used means of communication. Thus, secure information transfer is inevitably of major importance. Computers nowadays use encryption methods based on arithmetic operations to turn messages into ciphertexts that are practically impossible for an attacker to reverse-engineer using a classical computer. Lately, it has been proven that this is possible in a post-quantum setting where quantum computers of considerable size are available to attackers. With the advance of technology of quantum computers, it is now more necessary than ever before to construct encryption schemes that cannot be broken either using a classical or a quantum computer. The National Institute of Technology and Standards (NIST) has orchestrated a competition, and numerous encryption schemes have been proposed. The NIST has identified one algorithm to be standardized for the post-quantum era. This algorithm is called CRYSTALS-Kyber and is based on module learning with errors (MLWE). This paper investigates how to apply error correcting codes in order to create some excess decryption failure rate (DFR) and to take advantage of that in order to re-tune Kyber’s parameters in the pursuit of higher security. By applying Polar Codes, Kyber’s security was managed to be increased by 54.4% under a new set of parameters, while keeping the decryption failure rate well below the upper acceptable bound set by the NIST.
{"title":"Polar Codes for Module-LWE Public Key Encryption: The Case of Kyber","authors":"Iason Papadopoulos, Jiabo Wang","doi":"10.3390/cryptography7010002","DOIUrl":"https://doi.org/10.3390/cryptography7010002","url":null,"abstract":"In modern society, the Internet is one of the most used means of communication. Thus, secure information transfer is inevitably of major importance. Computers nowadays use encryption methods based on arithmetic operations to turn messages into ciphertexts that are practically impossible for an attacker to reverse-engineer using a classical computer. Lately, it has been proven that this is possible in a post-quantum setting where quantum computers of considerable size are available to attackers. With the advance of technology of quantum computers, it is now more necessary than ever before to construct encryption schemes that cannot be broken either using a classical or a quantum computer. The National Institute of Technology and Standards (NIST) has orchestrated a competition, and numerous encryption schemes have been proposed. The NIST has identified one algorithm to be standardized for the post-quantum era. This algorithm is called CRYSTALS-Kyber and is based on module learning with errors (MLWE). This paper investigates how to apply error correcting codes in order to create some excess decryption failure rate (DFR) and to take advantage of that in order to re-tune Kyber’s parameters in the pursuit of higher security. By applying Polar Codes, Kyber’s security was managed to be increased by 54.4% under a new set of parameters, while keeping the decryption failure rate well below the upper acceptable bound set by the NIST.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"29 2 1","pages":"2"},"PeriodicalIF":0.0,"publicationDate":"2023-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77881509","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-01-05DOI: 10.3390/cryptography7010001
Janaka Alawatugoda
A two-party authenticated key exchange (AKE) protocol allows each of the two parties to share a common secret key over insecure channels, even in the presence of active adversaries who can actively control and modify the exchanged messages. To capture the malicious behaviors of the adversaries, there have been many efforts to define security models. Amongst them, the extended Canetti–Krawczyk (eCK) security model is considered one of the strongest security models and has been widely adopted. In this paper, we present a simple construction of a pairing-based eCK-secure AKE protocol in the standard model. Our protocol can be instantiated with a suitable signature scheme (i.e., an existentially unforgeable signature scheme against adaptive chosen message attacks). The underlying assumptions of our construction are the decisional bilinear Diffie–Hellman assumption and the existence of a pseudorandom function. Note that the previous eCK-secure protocol constructions either relied on random oracles for their security or used somewhat strong assumptions, such as the existence of strong-pseudorandom functions, target collision-resistant functions, etc., while our protocol construction uses fewer and more-standard assumptions in the standard model. Furthermore, preserving the same security argument, our protocol can be instantiated with any appropriate signature scheme that comes in the future with better efficiency.
{"title":"Authenticated Key Exchange Protocol in the Standard Model under Weaker Assumptions","authors":"Janaka Alawatugoda","doi":"10.3390/cryptography7010001","DOIUrl":"https://doi.org/10.3390/cryptography7010001","url":null,"abstract":"A two-party authenticated key exchange (AKE) protocol allows each of the two parties to share a common secret key over insecure channels, even in the presence of active adversaries who can actively control and modify the exchanged messages. To capture the malicious behaviors of the adversaries, there have been many efforts to define security models. Amongst them, the extended Canetti–Krawczyk (eCK) security model is considered one of the strongest security models and has been widely adopted. In this paper, we present a simple construction of a pairing-based eCK-secure AKE protocol in the standard model. Our protocol can be instantiated with a suitable signature scheme (i.e., an existentially unforgeable signature scheme against adaptive chosen message attacks). The underlying assumptions of our construction are the decisional bilinear Diffie–Hellman assumption and the existence of a pseudorandom function. Note that the previous eCK-secure protocol constructions either relied on random oracles for their security or used somewhat strong assumptions, such as the existence of strong-pseudorandom functions, target collision-resistant functions, etc., while our protocol construction uses fewer and more-standard assumptions in the standard model. Furthermore, preserving the same security argument, our protocol can be instantiated with any appropriate signature scheme that comes in the future with better efficiency.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"53 1","pages":"1"},"PeriodicalIF":0.0,"publicationDate":"2023-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91152066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-08DOI: 10.3390/cryptography6040065
Frederick Stock, Y. Peker, Alfredo J. Perez, Jarel Hearst
In this work we explore the use of blockchain with Internet of Things (IoT) devices to provide visitor authentication and access control in a physical environment. We propose the use of a “bracelet” based on a low-cost NodeMCU IoT platform that broadcasts visitor location information and cannot be removed without alerting a management system. We present the design, implementation, and testing of our system. Our results show the feasibility of implementing a physical access control system based on blockchain technology, and performance improvements over a similar system proposed in the literature.
{"title":"Physical Visitor Access Control and Authentication Using Blockchain, Smart Contracts and Internet of Things","authors":"Frederick Stock, Y. Peker, Alfredo J. Perez, Jarel Hearst","doi":"10.3390/cryptography6040065","DOIUrl":"https://doi.org/10.3390/cryptography6040065","url":null,"abstract":"In this work we explore the use of blockchain with Internet of Things (IoT) devices to provide visitor authentication and access control in a physical environment. We propose the use of a “bracelet” based on a low-cost NodeMCU IoT platform that broadcasts visitor location information and cannot be removed without alerting a management system. We present the design, implementation, and testing of our system. Our results show the feasibility of implementing a physical access control system based on blockchain technology, and performance improvements over a similar system proposed in the literature.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"126 1","pages":"65"},"PeriodicalIF":0.0,"publicationDate":"2022-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87667786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-07DOI: 10.3390/cryptography6040064
Quan Zhou, Zhikang Zeng, Kemeng Wang, Menglong Chen
Performing location-based services in a secure and efficient manner that remains a huge challenge for the Internet of Vehicles with numerous privacy and security risks. However, most of the existing privacy protection schemes are based on centralized location servers, which makes them all have a common drawback of a single point of failure and leaking user privacy. The employment of anonymity and cryptography is a well-known solution to the above problem, but its expensive resource consumption and complex cryptographic operations are difficult problems to solve. Based on this, designing a distributed and privacy-secure privacy protection scheme for the Internet of Vehicles is an urgent issue for the smart city. In this paper, we propose a privacy protection scheme for the Internet of Vehicles based on privacy set intersection. Specially, using privacy set intersection and blockchain techniques, we propose two protocols, that is, a dual authentication protocol and a service recommendation protocol. The double authentication protocol not only ensures that both communicating parties are trusted users, but also ensures the reliability of their session keys; while the service recommendation protocol based on pseudorandom function and one-way hash function can well protect the location privacy of users from being leaked. Finally, we theoretically analyze the security that this scheme has, i.e., privacy security, non-repudiation, and anti-man-in-the-middle attack.
{"title":"Privacy Protection Scheme for the Internet of Vehicles Based on Private Set Intersection","authors":"Quan Zhou, Zhikang Zeng, Kemeng Wang, Menglong Chen","doi":"10.3390/cryptography6040064","DOIUrl":"https://doi.org/10.3390/cryptography6040064","url":null,"abstract":"Performing location-based services in a secure and efficient manner that remains a huge challenge for the Internet of Vehicles with numerous privacy and security risks. However, most of the existing privacy protection schemes are based on centralized location servers, which makes them all have a common drawback of a single point of failure and leaking user privacy. The employment of anonymity and cryptography is a well-known solution to the above problem, but its expensive resource consumption and complex cryptographic operations are difficult problems to solve. Based on this, designing a distributed and privacy-secure privacy protection scheme for the Internet of Vehicles is an urgent issue for the smart city. In this paper, we propose a privacy protection scheme for the Internet of Vehicles based on privacy set intersection. Specially, using privacy set intersection and blockchain techniques, we propose two protocols, that is, a dual authentication protocol and a service recommendation protocol. The double authentication protocol not only ensures that both communicating parties are trusted users, but also ensures the reliability of their session keys; while the service recommendation protocol based on pseudorandom function and one-way hash function can well protect the location privacy of users from being leaked. Finally, we theoretically analyze the security that this scheme has, i.e., privacy security, non-repudiation, and anti-man-in-the-middle attack.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"8 1","pages":"64"},"PeriodicalIF":0.0,"publicationDate":"2022-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80728201","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-06DOI: 10.3390/cryptography6040063
Anant Sujatanagarjuna, Arne Bochem, Benjamin Leiding
Certificates are integral to the security of today’s Internet. Protocols like BlockVoke allow secure, timely and efficient revocation of certificates that need to be invalidated. ACME, a scheme used by the non-profit Let’s Encrypt Certificate Authority to handle most parts of the certificate lifecycle, allows automatic and seamless certificate issuance. In this work, we bring together both protocols by describing and formalizing an extension of the ACME protocol to support BlockVoke, combining the benefits of ACME’s certificate lifecycle management and BlockVoke’s timely and secure revocations. We then formally verify this extension through formal methods such as Colored Petri Nets (CPNs) and conduct a risk and threat analysis of the ACME/BlockVoke extension using the ISSRM domain model. Identified risks and threats are mitigated to secure our novel extension. Furthermore, a proof-of-concept implementation of the ACME/BlockVoke extension is provided, bridging the gap towards deployment in the real world.
{"title":"Formalizing and Safeguarding Blockchain-Based BlockVoke Protocol as an ACME Extension for Fast Certificate Revocation","authors":"Anant Sujatanagarjuna, Arne Bochem, Benjamin Leiding","doi":"10.3390/cryptography6040063","DOIUrl":"https://doi.org/10.3390/cryptography6040063","url":null,"abstract":"Certificates are integral to the security of today’s Internet. Protocols like BlockVoke allow secure, timely and efficient revocation of certificates that need to be invalidated. ACME, a scheme used by the non-profit Let’s Encrypt Certificate Authority to handle most parts of the certificate lifecycle, allows automatic and seamless certificate issuance. In this work, we bring together both protocols by describing and formalizing an extension of the ACME protocol to support BlockVoke, combining the benefits of ACME’s certificate lifecycle management and BlockVoke’s timely and secure revocations. We then formally verify this extension through formal methods such as Colored Petri Nets (CPNs) and conduct a risk and threat analysis of the ACME/BlockVoke extension using the ISSRM domain model. Identified risks and threats are mitigated to secure our novel extension. Furthermore, a proof-of-concept implementation of the ACME/BlockVoke extension is provided, bridging the gap towards deployment in the real world.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"36 1","pages":"63"},"PeriodicalIF":0.0,"publicationDate":"2022-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81437645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-05DOI: 10.3390/cryptography6040062
Sneha Chauhan, S. Gangopadhyay, Aditi Kar Gangopadhyay
The rapidly increasing use of the internet has led to an increase in new devices and technologies; however, attack and security violations have grown exponentially as well. In order to detect and prevent attacks, an Intrusion Detection System (IDS) is proposed using Logical Analysis of Data (LAD). Logical Analysis of Data is a data analysis technique that classifies data as either normal or an attack based on patterns. A pattern generation approach is discussed using the concept of Boolean functions. The IDS model is trained and tested using the Bot-IoT dataset. The model achieves an accuracy of 99.98%, and is able to detect new attacks with good precision and recall.
{"title":"Intrusion Detection System for IoT Using Logical Analysis of Data and Information Gain Ratio","authors":"Sneha Chauhan, S. Gangopadhyay, Aditi Kar Gangopadhyay","doi":"10.3390/cryptography6040062","DOIUrl":"https://doi.org/10.3390/cryptography6040062","url":null,"abstract":"The rapidly increasing use of the internet has led to an increase in new devices and technologies; however, attack and security violations have grown exponentially as well. In order to detect and prevent attacks, an Intrusion Detection System (IDS) is proposed using Logical Analysis of Data (LAD). Logical Analysis of Data is a data analysis technique that classifies data as either normal or an attack based on patterns. A pattern generation approach is discussed using the concept of Boolean functions. The IDS model is trained and tested using the Bot-IoT dataset. The model achieves an accuracy of 99.98%, and is able to detect new attacks with good precision and recall.","PeriodicalId":13186,"journal":{"name":"IACR Trans. Cryptogr. Hardw. Embed. Syst.","volume":"17 1","pages":"62"},"PeriodicalIF":0.0,"publicationDate":"2022-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90637380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: