Your search keyword '"nist"' showing total 997 results

1. Cutting-Edge Amalgamation of Web 3.0 and Hybrid Chaotic Blockchain Authentication for Healthcare 4.0.

Author

Kumar, Ajay, Abhishek, Kumar, Khan, Surbhi Bhatia, Alzahrani, Saeed, and Alojail, Mohammed

Subjects

*DATA privacy, *SECURITY systems, *TELECOMMUNICATION systems, *DATA security failures, *PATIENT safety

Abstract

Healthcare 4.0 is considered the most promising technology for gathering data from humans and strongly couples with a communication system for precise clinical and diagnosis performance. Though sensor-driven devices have largely made our everyday lives easier, these technologies have been suffering from various security challenges. Because of data breaches and privacy issues, this heightens the demand for a comprehensive healthcare solution. Since most healthcare data are sensitive and valuable and transferred mostly via the Internet, the safety and confidentiality of patient data remain an important concern. To face the security challenges in Healthcare 4.0, Web 3.0 and blockchain technology have been increasingly deployed to resolve the security breaches due to their immutability and decentralized properties. In this research article, a Web 3.0 ensemble hybrid chaotic blockchain framework is proposed for effective and secure authentication in the Healthcare 4.0 industry. The proposed framework uses the Infura Web API, Web 3.0, hybrid chaotic keys, Ganache interfaces, and MongoDB. To allow for more secure authentication, an ensemble of scroll and Henon maps is deployed to formulate the high dynamic hashes during the formation of genesis blocks, and all of the data are backed in the proposed model. The complete framework was tested in Ethereum blockchain using Web 3.0, in which Python 3.19 is used as the major programming tool for developing the different interfaces. Formal analysis is carried out with Burrows–Abadi–Needham Logic (BAN) to assess the cybersecurity reliability of the suggested framework, and NIST standard tests are used for a thorough review. Furthermore, the robustness of the proposed blockchain is also measured and compared with the other secured blockchain frameworks. Experimental results demonstrate that the proposed model exhibited more defensive characteristics against multiple attacks and outperformed the other models in terms of complexity and robustness. Finally, the paper gives a panoramic view of integrating Web 3.0 with the blockchain and the inevitable directions of a secured authentication framework for Healthcare 4.0. [ABSTRACT FROM AUTHOR]

Published

2024

2. ProtectingSmall and Medium Enterprises: A Specialized Cybersecurity Risk Assessment Framework and Tool.

Author

El-Hajj, Mohammed and Mirza, Zuhayr Aamir

Subjects

SMALL business, RISK assessment, INTERNATIONAL organization, INTERNET security, CYBERTERRORISM

Abstract

As the number of Small and Medium Enterprises (SMEs) rises in the world, the amount of sensitive data used also increases, making them targets for cyberattacks. SMEs face a host of issues such as a lack of resources and poor cybersecurity talent, resulting in multiple vulnerabilities that increase overall risk. Cybersecurity risk assessment frameworks have been developed by multiple organizations such as the National Institute of Science and Technology (NIST) and the International Organization for Standardization (ISO), but they are complicated to understand and challenging to implement. This research aimed to create an effective cybersecurity risk assessment framework specifically for SMEs while considering their limitations. This was achieved by first identifying common threats and vulnerabilities and categorizing them according to their importance and risk. Secondly, popular frameworks like the NIST CSF and ISO 27001/2 were analyzed for their proficiencies and deficiencies while identifying relevant areas for SMEs. Finally, novel techniques catered to SMEs were explored and incorporated to create an effective framework for SMEs. This framework was also developed in the form of a tool, providing an interactive and dynamic environment. The tool was effective, and the framework is a promising start but requires more quantitative analysis. [ABSTRACT FROM AUTHOR]

Published

2024

3. Crypto-Coding Scheme via Dynamic Interleaver for New Communication Standards.

Author

Lopresti, Raul Eduardo, Moreira, Jorge Castineira, and Micco, Luciana De

Abstract

Emerging communication standards prioritize both the assurance of secure and reliable communications as well as the reduction of transmission delay and latency. Nevertheless, the task of achieving these objectives presents a complex and demanding challenge. Ensuring secure transmissions while simultaneously minimizing error rates requires the implementation of multistage information processing techniques that integrate coding and encryption methods, which may unfortunately lead to an undesired increase in transmission delay and latency. This letter presents an innovative crypto-coding framework capable of concurrently achieving essential encryption and coding within a single, streamlined process. By leveraging this approach, we aim to address the tradeoff between security, efficiency, and transmission delay, thus contributing to the advancement of secure and efficient communication standards. In this letter, we present a comprehensive evaluation of the proposed scheme, assessing its impact on final system error probability, encryption efficacy, and the complexity of hardware implementation. Our findings shed light on the potential benefits of this approach for future communication standards. [ABSTRACT FROM AUTHOR]

Published

2024

4. ДВОРІВНЕВА КОНЦЕПЦІЯ ДЛЯ МОДЕЛЮВАННЯ ЄДИНОЇ ЗАВАДОСТІЙКОЇ ПЕРЕДАЧІ ЦИФРОВИХ ДАНИХ

Author

Vladyslav Sharov and Olena Nikulina

Subjects

завадостійкість, завадостійкі коди, безпека даних, канали передачі даних, vpn, cia, nist, owasp, Technology

Abstract

У статті формалізується, створюється та надається для розглядання концепція єдиного безпечного завадостійкого каналу передачі цифрових даних. У сучасній теорії та практиці з кібербезпеки існує набір рекомендацій по зниженню ризиків для організацій NIST Cybersecurity Framework. Для того, щоб дані високого рівня були безпечними, висуваються вимоги для СІА-тріади, а саме до конфіденційності, цілісності та доступності інформації. Тому, у подальшому доцільність роботи та її результат напряму будуть залежати від задоволення виконання СІА-умов. Як відомо, дані високого рівня: як e-mail, візуальні дані у GUI різних додатків, тощо, передаються по каналам зв’язку низького рівня: як кабелі, бездротові канали радіозв’язку та інші. На кожному з рівнів для безпечної передачі інформації існують специфічні шкідники. На високих рівнях основною загрозою для інформації є людина та людський фактор. Чим нижче стає рівень передачі інформації, тим більше починає впливати природа, натуральні перепони і випадкові короткі явища. Для того, щоб користувач міг без загрози для конфіденційності, цілісності та доступності інформації користуватись різноманітними приладами, необхідно активно і безперебійно розробляти, вдосконалювати та покращувати вже існуючі способи захисту, відновлення, передачі та зберігання даних. Кожний аспект у цій боротьбі за безпеку є як і перевагою так і недоліком: надлишкова безпечність не доцільна для масового трафіку, складність не завжди надає відповідну захищеність і так далі. Тому важливим фактором постає оптимальність і доцільність методів, що використовуються для передачі даних. З цих причин, у роботі пропонується відносно простий, але не менш ефективний від того підхід для збереження СІА-вимог.

Published

2024

5. Reconfigurable Image Confusion Scheme Using Large Period Pseudorandom Bit Generator Based on Coupled-Variable Input LCG and Clock Divider.

Author

Gupta, Mangal Deep and Chauhan, R. K.

Subjects

*FIELD programmable gate arrays, *FREQUENCY dividers, *ALGORITHMS, *CRYPTOGRAPHY, *TIME management

Abstract

This paper presents a reconfigurable image confusion scheme, which uses Linear Congruential Generators (LCGs)-based Pseudorandom Bits Generator (PRBG). The PRBG is based on the variable input-coupled LCG with a reconfigurable clock divider. The proposed algorithm encrypts the input image up to four times successively using different random sequences in every attempt. This new scheme aims to efficiently extract statistically strong pseudorandom sequences from a proposed PRBG with a large keyspace and simultaneously increase the security level of the encrypted image. This PRBG was initially designed on Virtex-5 (XC5VLX110T), Virtex-7 (XC7VX330T) and Artix-7 (XC7A100T) Field Programmable Gate Arrays (FPGAs). The statistical properties of the proposed PRBG for four different configurations are verified by the National Institute of Standards and Technology (NIST) tests. Thereafter, a reconfigurable encryption/decryption algorithm that uses the proposed PRBG is developed for secure image encryption. The encryption process was accomplished using the MATLAB tool after obtaining the PRBG keys from the FPGA. To show the quality and strength of the encryption process, security analysis [correlations and Number of Pixels Change Rate (NPCR)] is performed. Security analysis results are compared with the conventional encryption algorithm to show that the developed reconfigurable encryption scheme provides better results in security tests. [ABSTRACT FROM AUTHOR]

Published

2024

6. Preimage attacks on reduced-round Ascon-Xof.

Author

Baek, Seungjun, Kim, Giyoon, and Kim, Jongsung

Subjects

GREEDY algorithms, PERMUTATIONS, CRYPTOGRAPHY, POLYNOMIALS

Abstract

Ascon, a family of algorithms that supports authenticated encryption and hashing, has been selected as the new standard for lightweight cryptography in the NIST Lightweight Cryptography Project. Ascon's permutation and authenticated encryption have been actively analyzed, but there are relatively few analyses on the hashing. In this paper, we concentrate on preimage attacks on Ascon-Xof. We focus on linearizing the polynomials leaked by the hash value to find its inverse. In an attack on 2-round Ascon-Xof, we carefully construct the set of guess bits using a greedy algorithm in the context of guess-and-determine. This allows us to attack Ascon-Xof more efficiently than the method in Dobraunig et al., and we fully implement our attack to demonstrate its effectiveness. We also provide the number of guess bits required to linearize one output bit after 3- and 4-round Ascon's permutation, respectively. In particular, for the first time, we connect the result for 3-round Ascon to a preimage attack on Ascon-Xof with a 64-bit output. Our attacks primarily focus on analyzing weakened versions of Ascon-Xof, where the weakening involves setting all the IV values to 0 and omitting the round constants. Although our attacks do not compromise the security of the full Ascon-Xof, they provide new insights into their security. [ABSTRACT FROM AUTHOR]

Published

2024

7. Advancing cryptography: a novel hybrid cipher design merging Feistel and SPN structures.

Author

Venkataramanna, Ramya Kothur, Sriram, Manjunatha Reddy Hosur, and Reddy, Bharathi Chowda

Subjects

DATA encryption, CIPHERS, CRYPTOGRAPHY, RECTANGLES

Abstract

In the dynamic field of cryptography, lightweight ciphers play a pivotal role in overcoming resource constraints in modern applications. This paper introduces a lightweight cryptographic algorithm by seamlessly merging the proven characteristics of the Feistel cipher CLEFIA with the advanced substitution-permutation network (SPN) framework of RECTANGLE for key generation. The algorithm incorporates a specially optimized feather S-box, balancing efficiency and security in both CLEFIA and RECTANGLE components. The RECTANGLE key generation, vital for the proposed lightweight technique, enhances overall cryptographic security and efficiency. Meticulous consideration of resource limitations maintains the algorithm's lightweight nature, making it well-suited for applications with restricted computational resources. To validate the efficacy of the lightweight algorithm, extensive evaluation on encrypted data is conducted using National Institute of Standards and Technology (NIST) tools, known for assessing cryptographic algorithm quality. Results reveal a high degree of randomness, indicative of robust resistance against cryptographic attacks. This manuscript provides a comprehensive examination of the lightweight algorithm, emphasizing key attributes, security enhancements, and successful integration of the optimized feather S-box. Rigorous testing, particularly NIST tool-based randomness analysis, offers empirical evidence of the algorithm's resilience against attacks, establishing its suitability for secure data encryption in resource-limited environments. [ABSTRACT FROM AUTHOR]

Published

2024

8. Blockchain-Inspired Lightweight Dynamic Encryption Schemes for a Secure Health Care Information Exchange System.

Author

Aruna, Etikala and Sahayadhas, Arun

Subjects

HEALTH information exchanges, DATA privacy, INTERNET of things, DATA security failures, BLOCKCHAINS

Abstract

The telemedicine sector has entered a new phase marked by the integration of Internet of Things (IoT) devices to identify and then send patient health data to medical terminals for additional diagnostic and therapeutic procedures. Today, patients can receive prompt and expert medical care at home in comfortable settings. Due to the unique nature of these services, it is essential to verify patient healthcare data, as it contains a greater amount of personal information that is vulnerable to privacy violations and data breaches. Blockchain technology has attracted interest in addressing security concerns due to its decentralized, immutable, shared, and distributed characteristics. This study proposes lightweight dynamic blockchain-enabled encryption schemes to secure physiological data during authentication and exchange processes. The proposed scheme introduces the logistic Advanced Encryption Scheme (AES) that combines chaotic logistic maps to secure the data in the blockchain network and mitigate different attacks. The model was deployed on the Ethereum blockchain and performance metrics, such as computation and transaction time, were calculated and compared with other current blockchain-inspired encryption models. Furthermore, the NIST test was conducted to prove the strength of the proposed scheme. The proposed model exhibits high security and a shorter transaction time (0.964 s) than other existing schemes. Finally, the proposed model generates high-dynamic keys that are suitable for defending against unpredictable attacks on blockchain. [ABSTRACT FROM AUTHOR]

Published

2024

9. Behind the Code: Identifying Zero-Day Exploits in WordPress.

Author

Mohamed Mohideen, Mohamed Azarudheen, Nadeem, Muhammad Shahroz, Hardy, James, Ali, Haider, Tariq, Umair Ullah, Sabrina, Fariza, Waqar, Muhammad, and Ahmed, Salman

Subjects

COMPUTER security vulnerabilities, PLUG-ins (Computer programs), SECURITY systems, MALWARE, SCRIPTS

Abstract

The rising awareness of cybersecurity among governments and the public underscores the importance of effectively managing security incidents, especially zero-day attacks that exploit previously unknown software vulnerabilities. These zero-day attacks are particularly challenging because they exploit flaws that neither the public nor developers are aware of. In our study, we focused on dynamic application security testing (DAST) to investigate cross-site scripting (XSS) attacks. We closely examined 23 popular WordPress plugins, especially those requiring user or admin interactions, as these are frequent targets for XSS attacks. Our testing uncovered previously unknown zero-day vulnerabilities in three of these plugins. Through controlled environment testing, we accurately identified and thoroughly analyzed these XSS vulnerabilities, revealing their mechanisms, potential impacts, and the conditions under which they could be exploited. One of the most concerning findings was the potential for admin-side attacks, which could lead to multi-site insider threats. Specifically, we found vulnerabilities that allow for the insertion of malicious scripts, creating backdoors that unauthorized users can exploit. We demonstrated the severity of these vulnerabilities by employing a keylogger-based attack vector capable of silently capturing and extracting user data from the compromised plugins. Additionally, we tested a zero-click download strategy, allowing malware to be delivered without any user interaction, further highlighting the risks posed by these vulnerabilities. The National Institute of Standards and Technology (NIST) recognized these vulnerabilities and assigned them CVE numbers: CVE-2023-5119 for the Forminator plugin, CVE-2023-5228 for user registration and contact form issues, and CVE-2023-5955 for another critical plugin flaw. Our study emphasizes the critical importance of proactive security measures, such as rigorous input validation, regular security testing, and timely updates, to mitigate the risks posed by zero-day vulnerabilities. It also highlights the need for developers and administrators to stay vigilant and adopt strong security practices to defend against evolving threats. [ABSTRACT FROM AUTHOR]

Published

2024

10. Enhancing the Security of Classical Communication with Post-Quantum Authenticated-Encryption Schemes for the Quantum Key Distribution.

Author

Ghashghaei, Farshad Rahimi, Ahmed, Yussuf, Elmrabit, Nebrase, and Yousefi, Mehdi

Subjects

QUANTUM cryptography, QUANTUM computing, QUANTUM communication, CRYPTOGRAPHY, PROBLEM solving, RSA algorithm

Abstract

This research aims to establish a secure system for key exchange by using post-quantum cryptography (PQC) schemes in the classic channel of quantum key distribution (QKD). Modern cryptography faces significant threats from quantum computers, which can solve classical problems rapidly. PQC schemes address critical security challenges in QKD, particularly in authentication and encryption, to ensure the reliable communication across quantum and classical channels. The other objective of this study is to balance security and communication speed among various PQC algorithms in different security levels, specifically CRYSTALS-Kyber, CRYSTALS-Dilithium, and Falcon, which are finalists in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization project. The quantum channel of QKD is simulated with Qiskit, which is a comprehensive and well-supported tool in the field of quantum computing. By providing a detailed analysis of the performance of these three algorithms with Rivest–Shamir–Adleman (RSA), the results will guide companies and organizations in selecting an optimal combination for their QKD systems to achieve a reliable balance between efficiency and security. Our findings demonstrate that the implemented PQC schemes effectively address security challenges posed by quantum computers, while keeping the the performance similar to RSA. [ABSTRACT FROM AUTHOR]

Published

2024

11. Various pseudo random number generators based on memristive chaos map model.

Author

Moussa, Karim H., Mohy El Den, Ahmed M., Mohamed, Islam Abd Ellattif, and Abdelrassoul, Roshdy A.

Subjects

RANDOM number generators, SPREAD spectrum communications, MULTIMEDIA systems, LINEAR network coding, FLOATING-point arithmetic, TELECOMMUNICATION, IMAGE encryption, RANDOM numbers

Abstract

The telecommunications industry has made huge strides, and multimedia information transmission is exploding. Text, sound, and video can all be used to create multimedia data. As a result, having systems in place to protect private or sensitive data and keep its security is critical. In this article, completely random numbers were generated in two different ways, and the extent of their randomness was tested in many ways to ensure their suitability for use in different cryptographic applications. The proposed models in this article depend on a chaos based Pseudo-random number generators (PRNGs). PRNGs, which create bit sequences, have evolved into a critical component in many industries, including encrypted communication, Wireless communication using a spread spectrum, computational simulations, RF identification networks, and coding for error correction. The PRNGs is designed by combining the memristor that is discrete with the logistic map and the memristor that is discrete with sine map both separately to construct the novel algorithms called a two-dimensional memristive logistic map (2D-MLM) and two dimensional memristive sine map (2D-MSM) and each cycle yields a sequence of 32 random bits. The binary64 dual precision format is employed for arithmetic using floating-point in accordance with the IEEE 754-2008 standard. To assess the generator's performance, several statistical analyses are utilized. The results of the tests that evaluated the presented algorithms showed that the space key was improved and increased by 3.2% compared to other generators, and the performance speed was increased by 12.22%. The findings reveal that the sequences that are created have an elevated degree of unpredictability and a high level of security, which renders them excellent for cryptographic use in terms of the speed, the large key space, and high data rate. [ABSTRACT FROM AUTHOR]

Published

2024

12. IMPROVING PROTECTION OF FALCON ELECTRONIC SIGNATURE SOFTWARE IMPLEMENTATIONS AGAINST ATTACKS BASED ON FLOATING POINT NOISE.

Author

Kachko, Olena, Gorbenko, Yurii, Kandii, Serhii, and Kaptol, Yevhenii

Subjects

FLOATING-point arithmetic, CRYPTOGRAPHY, INFORMATION storage & retrieval systems, COMPUTER software, NOISE

Abstract

The object of this study is digital signatures. The Falcon digital signature scheme is one of the finalists in the NIST post-quantum cryptography competition. Its distinctive feature is the use of floating-point arithmetic, which leads to the possibility of a key recovery attack with two non-matching signatures formed under special conditions. The work considers the task to improve the Falcon in order to prevent such attacks, as well as the use of fixed-point calculations instead of floating-point calculations in the Falcon scheme. The main results of the work are proposals for methods on improving Falcon's security against attacks based on the use of floating-point calculations. These methods for improving security differ from others in the use of fixed-point calculations with specific experimentally determined orders of magnitude in one case and proposals for modifying procedures during the execution of which the conditions for performing an attack on implementation level arise in the second case. As a result of the analysis, the probability of a successful attack on the recovery of the secret key for the reference implementation of the Falcon was clarified. Specific places in the code that make the attack possible have been localized and code modifications have been suggested that make the attack impossible. In addition, the necessary scale for fixed-point calculations was determined, at which it is possible to completely get rid of floating-point calculations. The results could be used to qualitatively improve the security of existing digital signatures. This will make it possible to design more reliable and secure information systems using digital signatures. In addition, the results could be implemented in existing systems to ensure their resistance to modern threats. [ABSTRACT FROM AUTHOR]

Published

2024

13. Securing Data Exchange with Elliptic Curve Cryptography: A Novel Hash-Based Method for Message Mapping and Integrity Assurance.

Author

Lahraoui, Younes, Lazaar, Saiida, Amal, Youssef, and Nitaj, Abderrahmane

Subjects

*ELLIPTIC curve cryptography, *PUBLIC key cryptography, *CRYPTOGRAPHY, *DATA security, *ELLIPTIC curves, *IMAGE encryption, *DATA integrity

Abstract

To ensure the security of sensitive data, elliptic curve cryptography (ECC) is adopted as an asymmetric method that balances security and efficiency. Nevertheless, embedding messages into elliptic curve (EC) points poses a significant challenge. The intricacies of this process can greatly affect the overall security and efficiency of the cryptosystem, reflecting security vulnerabilities observed in many existing schemes that utilize ElGamal ECC-based encryption. In this paper, we introduce an innovative hash-based technique for securely embedding messages into EC points before encryption. A random parameter and a shared secret point generated through the EC Diffie–Hellman protocol are used to bolster the scheme's security. The security of the proposed method is evaluated against various attack models; moreover, the complexity, and sensitivity of the encryption scheme, as well as its inputs, are analyzed. The randomness assessment of the ciphertext was performed using the NIST statistical test suite. Additionally, we propose a mechanism to ensure the integrity of the message by securely appending a tag to the ciphertext. As a consequence, a comprehensive analysis of our scheme demonstrates its effectiveness in maintaining data security and integrity against various attack models. The algorithm also meets more criteria such as the strict avalanche criterion, linear complexity, and operability. [ABSTRACT FROM AUTHOR]

Published

2024

14. Differential fault attack on SPN-based sponge and SIV-like AE schemes.

Author

Jana, Amit and Paul, Goutam

Abstract

This paper presents the first instance of a successful differential fault attack (DFA) on the nonce-based authentication scheme PHOTON-BEETLE, which was a finalist but not the winner of the NISTLwC competition. Furthermore, the paper also reveals the first differential fault attacks on several other NISTLwC schemes, including ORANGE, SIV-TEM-PHOTON, and ESTATE, which are based on sponge and SIV techniques. In general, it is a challenging task to perform DFA for any nonce-based sponge/SIV-based AE because of a unique nonce in the encryption query. However, the decryption procedure (with a fixed nonce) is still susceptible to DFA. We propose different fault attack models, and also give theoretical estimates of the number of faulty queries to get multiple forgeries. Our simulated values corroborate closely the theoretical estimates. Finally, we devise an algorithm to recover the state based on the collected forgeries. Under the random fault attack model, to retrieve the secret key, we need approximately 2 37.15 number of faulty queries. Also, the offline time and memory complexities of this attack are respectively 2 16 and 2 10 nibbles. Whereas, under the random bit fault attack model, around 2 11.5 number of faulty queries are required to retrieve the key for PHOTON-based schemes and 2 13.1 for AES-based scheme ESTATE. In the known fault attack model, we need around 2 11.05 number of faulty queries to retrieve the secret key for PHOTON-based schemes and 2 13.01 for AES-based scheme ESTATE. The time and memory complexities of the state recovery attack (for PHOTON-based schemes) are respectively 2 11 and 2 9 nibbles. Further, we have reduced the number of faulty queries to 2 9.32 under the precise bit-flip fault model. [ABSTRACT FROM AUTHOR]

Published

2024

15. Efficient error-correcting codes for the HQC post-quantum cryptosystem

Author

Aguilar-Melchor, Carlos, Aragon, Nicolas, Deneuville, Jean-Christophe, Gaborit, Philippe, Lacan, Jérôme, and Zémor, Gilles

Published

2024

16. Design of a New Neuro-Generator with a Neuronal Module to Produce Pseudorandom and Perfectly Pseudorandom Sequences.

Author

Rivas Becerra, María de Lourdes, Panduro, Juan José Raygoza, Ortega Cisneros, Susana, Becerra Álvarez, Edwin Christian, and Rios Arrañaga, Jaime David

Subjects

FIELD programmable gate arrays, SHIFT registers, BIOLOGICAL systems

Abstract

This paper presents the design of a new neuro-generator of pseudorandom number type PRNG Pseudorandom Number Generator, which produces complex sequences with an adequate bit distribution. The circuit is connected to a neuronal module with six impulse neurons with different behaviors: spike frequency adaptation, phasic spiking, mixed mode, phasic bursting, tonic bursting and tonic spiking. This module aims to generate a non-periodic signal that becomes the clock signal for one of the LFSRs Linear Feedback Shift Register that the neuro-generator has. To verify its correct operation, the neuro-generator was subjected to a series of tests where the frequencies of the impulse neurons were modified. This modification allows the generation of a greater number of pulses at the output of the neuronal module, to obtain sequences with different characteristics that pass different NIST statistical tests (National Institute of Standards and Technology of U.S.). The results show that the new neuro-generator maintains pseudo-randomness in the sequences obtained with different frequencies and it can be implemented on a reconfigurable FPGA Field Programmable Gate Array Virtex 7 xc7vx485t-2ffg1761 device. Therefore, it can be used for applications such as biological systems. [ABSTRACT FROM AUTHOR]

Published

2024

17. A novel TT-SHO QoS aware and secured Vehicular Adhoc Network (VANET) routing protocol for smart intelligent transportation.

Author

Praba, M. S. Bennet and Ramesh, S. S. Subhaska

Abstract

Vehicular Ad-hoc Networks (VANET) has attracted many researchers in recent days because of its inevitable applications in smart transportation structure, autonomous vehicles and Internet of Vehicles (IoV). Establishing and maintaining secured end to end connections in a VANET is challenging due to the dynamic changing environment and due to malicious vehicles. To overcome this problem, this paper proposes novel secured protocol TT-SHO which integrates the Tent Tuned Spotted Hyena Optimization (TT-SHO) for routing algorithm and Hybrid Chaotic Encryption for secured data transmission. The proposed routing protocol adopts the TT-SHO for shortest path optimization and transmits the chaotic encrypted data in the shortest path by maintaining the Quality of Services (QoS). The experimentation is carried out in terms of latency (5 ms), Packet Delivery Ratio (PDR) (90), throughput (1 bps) and also compared with existing frameworks. Final results proved that the proposed TT-SHO with Hybrid Chaotic Encryption is suitable for VANET environment by providing safe, reliable and robust data transmission. And the model proves that it provides more reliable secured data transmission by maintaining QoS. [ABSTRACT FROM AUTHOR]

Published

2024

18. TinyJAMBU Hardware Implementation for Low Power

Author

Carlos Fernandez-Garcia, J. M. Mora-Gutierrez, and Carlos J. Jimenez-Fernandez

Subjects

AEAD, lightweight cryptography, NIST, TinyJAMBU, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

In this paper, we present hardware implementations of the lightweight TinyJAMBU cipher with reduced power consumption using a mechanism based on shift register parallelization. The power consumption in digital circuits depends linearly on the switching activity of the logic gates. The parallelization technique reduces the number of switches per clock cycle of the shift registers, which can significantly reduce power consumption. This technique has been applied to the TinyJAMBU cipher, a finalist in the NIST lightweight cryptography standardization process with the lowest resource and power consumption. The implementations we present use the logical parallelization technique in the cipher’s NLFSR, which is the basic block of TinyJAMBU, and in the key register. Measurements with data from various post-place and route simulations, performed for the Xilinx 7-Series family of FPGAs, are presented to demonstrate the effectiveness of the proposed technique in reducing power consumption, achieving a reduction of more than 30% in dynamic power consumption compared to the standard implementation, with almost no increase in resource consumption. Therefore, the ciphers hardware implementations proposed in this paper are highly suitable for use as hardware peripherals in applications with severe constraints on available resources and power, such as low-power microcontrollers that are widely used in the IoT field.

Published

2024

19. A Novel Approach Based on Machine Learning, Blockchain, and Decision Process for Securing Smart Grid

Author

Nabil Tazi Chibi, Omar Ait Oualhaj, Wassim Fassi Fihri, and Hassan El Ghazi

Subjects

Smart grid, cybersecurity, NIST, vulnerabilities, Markov decision process, blockcahin, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Smart Grids (SGs) rely on advanced technologies, generating significant data traffic across the network, which plays a crucial role in various tasks such as electricity consumption billing, actuator activation, resource optimization, and network monitoring. This paper presents a new approach that integrates Machine Learning (ML), Blockchain Technology (BT), and Markov Decision Process (MDP) to improve the security of SG networks while ensuring accurate storage of events reported by various network devices through BT. The enhanced version of the Proof of Work (PoW) consensus mechanism ensures data integrity by preventing tampering and establishing the reliability of known and unknown attack detection. The proposed versions of PoW, namely GPoW 1.0 and GPoW 2.0, aim to make the consensus process more environmentally friendly.

Published

2024

20. Cutting-Edge Amalgamation of Web 3.0 and Hybrid Chaotic Blockchain Authentication for Healthcare 4.0

Author

Ajay Kumar, Kumar Abhishek, Surbhi Bhatia Khan, Saeed Alzahrani, and Mohammed Alojail

Subjects

Healthcare 4.0, Web 3.0, hybrid chaotic keys, Ethereum, BAN, NIST, Mathematics, QA1-939

Abstract

Healthcare 4.0 is considered the most promising technology for gathering data from humans and strongly couples with a communication system for precise clinical and diagnosis performance. Though sensor-driven devices have largely made our everyday lives easier, these technologies have been suffering from various security challenges. Because of data breaches and privacy issues, this heightens the demand for a comprehensive healthcare solution. Since most healthcare data are sensitive and valuable and transferred mostly via the Internet, the safety and confidentiality of patient data remain an important concern. To face the security challenges in Healthcare 4.0, Web 3.0 and blockchain technology have been increasingly deployed to resolve the security breaches due to their immutability and decentralized properties. In this research article, a Web 3.0 ensemble hybrid chaotic blockchain framework is proposed for effective and secure authentication in the Healthcare 4.0 industry. The proposed framework uses the Infura Web API, Web 3.0, hybrid chaotic keys, Ganache interfaces, and MongoDB. To allow for more secure authentication, an ensemble of scroll and Henon maps is deployed to formulate the high dynamic hashes during the formation of genesis blocks, and all of the data are backed in the proposed model. The complete framework was tested in Ethereum blockchain using Web 3.0, in which Python 3.19 is used as the major programming tool for developing the different interfaces. Formal analysis is carried out with Burrows–Abadi–Needham Logic (BAN) to assess the cybersecurity reliability of the suggested framework, and NIST standard tests are used for a thorough review. Furthermore, the robustness of the proposed blockchain is also measured and compared with the other secured blockchain frameworks. Experimental results demonstrate that the proposed model exhibited more defensive characteristics against multiple attacks and outperformed the other models in terms of complexity and robustness. Finally, the paper gives a panoramic view of integrating Web 3.0 with the blockchain and the inevitable directions of a secured authentication framework for Healthcare 4.0.

Published

2024

21. Image Steganography Using Fractal Cover and Combined Chaos-DNA Based Encryption

Author

Durafe, Asha and Patidar, Vinod

Published

2024

22. Improving the performance of authentication protocols using efficient modular multi exponential technique.

Author

Tiwari, Utkarsh, Vollala, Satyanarayana, N, Ramasubramanian, and Begum, Shameedha

Subjects

BIOMETRIC identification, EXPONENTIATION, INFORMATION sharing, MULTIPLICATION, PUBLIC key cryptography

Abstract

Efficient and secure authentication of the user in today's world, where most of the multimedia data is shared over the public network, is essential. The verification step of the multi-user applications like OTT(over-the-top) platforms has modular-multi exponentiation(MME) as its vital operation. This article presents an efficient MME which uses Multiplication and Forwarding technique (MFW). MFW technique efficiently computes the MME and also avoids side-channel attacks (SCAs) using the integrated multi-level confusion mechanisms. Mostly, SCAs are secured by hardware means only. This article presents a novel algorithmic way of counteracting the SCAs. The proposed technique is more efficient (efficiency 1.109) than the state-of-the-art. Another advantage of the designed MFW MME technique is that it is directly implementable in hardware. We have implemented the techniques on FPGA using Vivado 21.2 on Virtex-7 evaluation boards. The compatibility has also been verified using Cadence for ASIC. [ABSTRACT FROM AUTHOR]

Published

2024

23. Key Reuse Attacks on Post-quantum Cryptosystems, Revisited.

Author

Wang, Ke, Zhang, Zhenfeng, Jiang, Haodong, Xie, Huiqin, Li, Yanjun, Sun, Ying, and Han, Lidong

Abstract

The National Institute of Standards and Technology (NIST) has been working on standardization of post-quantum cryptography and is approaching the end of round-3 evaluation of algorithms. Key reuse security evaluation is an important part of algorithm evaluation. In order to evaluate the key reuse security of candidate IND-CPA PKEs, at Eurocrypt'19, B |$\breve{\text{a}}$| etu et al. proposed a classical key recovery under plaintext checking attack (KR-PCA) which can recover the reused secret keys by querying an oracle thousands of times. However, the method does not work for cryptosystems which shorten ciphertexts by rounding off the low bits, such as round-3 finalists Kyber and Saber. Subsequently, Dumittan and Vaudenay (ACNS'20) and Qin et al. (ASIACRYPT'21) came up with new effective methods, which require carefully constructed queries. In this paper, we propose an automatic method to recover the reused secret keys of IND-CPA PKEs in Kyber and Saber. Instead of constructing queries carefully, our method uses automated search combined with an optimized bruteforce. The effect and cost of the method depend on the specific parameters. In particular, we can recover the secret keys after thousands of queries in all parameter sets, which is comparable with the current best result. [ABSTRACT FROM AUTHOR]

Published

2024

24. RATIONALE FOR IMPROVING AUTHENTICATION PROTOCOLS IN THE CONDITIONS OF POST-QUANTUM CRYPTOGRAPHY.

Author

Havrylova, Alla, Aksonova, Iryna, Khokhlachova, Yuliia, Milevska, Tetiana, and Dunaiev, Sergii

Subjects

QUANTUM cryptography, INTERNET traffic, TELECOMMUNICATION systems, INTERNET exchange points, INFORMATION networks, CRYPTOGRAPHY, DIGITAL signatures, SECURE Sockets Layer (Computer network protocol)

Abstract

The paper studies the relevance of the issues of encrypting confidential data for their transmission over unsecured channels of information and communication networks. An analysis of encrypted information exchange on the Internet based on the Google service was carried out in terms of the volume of encrypted web traffic. It is concluded that the difference in traffic volumes between countries is due to the popularity of the types of devices used, the geographic access infrastructure, as well as the availability of software that provides modern types of encryptions. The role of the HTTPS protocol in ensuring the security of working with resources on the Internet is substantiated. The NIST security requirements for modern information and communication systems in the post-quantum period are analyzed. It is determined that within a short period of time the power of computing devices increases exponentially, which entails an increase in the implementation of both already known and new attacks on cryptographic algorithms that ensure the strength of security services in networks. Based on the results of this study, the results of a comparative analysis of the complexity of classical and quantum algorithms were demonstrated. The classification of special attacks was considered according to the signs of influence on computing processes, according to access to systems and means, as well as according to the specifics of the attacks themselves. Solutions submitted for participation in the NIST competition for the definition of security standards through electronic digital signature mechanisms, encryption algorithms and key encapsulation are analyzed. The results of the analysis are presented in the form of a scheme of security and stability of the proposed protocols and algorithms. It is recommended to use TLS protocols to ensure the integrity and authenticity of users when establishing communication sessions with websites. A scheme of the process of authenticated encryption and authentication of an encrypted message transmitted over a TLS connection has been developed. A process scheme has been developed for authentication encryption and decryption of information when establishing a communication session in TLS protocols. A comparative analysis of the characteristics of the TLS 1.3 and TLS 1.2 protocols was carried out. [ABSTRACT FROM AUTHOR]

Published

2024

25. NIST CSF 2.0: НОВИЙ ФРЕЙМВОРК З КІБЕРБЕЗПЕКИ ВІД НАЦІОНАЛЬНОГО ІНСТИТУТУ СТАНДАРТІВ І ТЕХНОЛОГІЙ США.

Author

Жилін, Артем, Бєлявський, Владислав, and Бакалинський, Олександр

Abstract

This article provides an in-depth analysis of the Cybersecurity Framework version 2.0, introduced by the National Institute of Standards and Technology (NIST) in early 2024. CSF 2.0 is designed to facilitate effective management and mitigation of cybersecurity risks for diverse organizations, regardless of their size and industry. The article explores key components of the framework, such as the Core (CSF Core), Organizational Profiles (CSF Organizational Profiles), Security Tiers (CSF Tiers), and provides insights into their utilization for enhancing organizational cybersecurity practices. Emphasis is placed on the flexibility of the framework, allowing organizations to adapt their approaches to cybersecurity management according to their unique risks and needs. CSF 2.0 is considered a crucial tool aimed at promoting cybersecurity improvement across all organizational levels, irrespective of their technical maturity. The article also offers a comprehensive overview of the potential uses of CSF resources for enhancing cybersecurity practices and underscores the importance of continuously refining cybersecurity management strategies to effectively counter growing cyber threats. [ABSTRACT FROM AUTHOR]

Published

2024

26. Critical Analysis of Beta Random Variable Generation Methods.

Author

Almaraz Luengo, Elena and Gragera, Carlos

Subjects

*CRITICAL analysis, *SELECTION (Plant breeding), *SUPPLY & demand, *FORTRAN, *RANDOM variables, *UNIFORMITY

Abstract

The fast generation of values of the beta random variable is a subject of great interest and multiple applications, ranging from purely mathematical and statistical ones to applications in management and production, among others. There are several methods for generating these values, with one of the essential points for their design being the selection of random seeds. Two interesting aspects converge here: the use of sequences as inputs (and the need for them to verify properties such as randomness and uniformity, which are verified through statistical test suites) and the design of the algorithm for the generation of the variable. In this paper, we analyse, in detail, the algorithms that have been developed in the literature, both from a mathematical/statistical and computational point of view. We also provide empirical development using R software, which is currently in high demand and is one of the main novelties with respect to previous comparisons carried out in FORTRAN. We establish which algorithms are more efficient and in which contexts, depending on the different values of the parameters, allowing the user to determine the best method given the experimental conditions. [ABSTRACT FROM AUTHOR]

Published

2023

27. NIST Test Validation for Lorenz Chaotic Random Generator CRN.

Author

AbdelFattah Youssef, Amr Sayed

Subjects

*DATA privacy, *SECURITIES trading, *TELECOMMUNICATION systems, *STOCHASTIC processes, *IMAGE encryption

Abstract

The necessity of developing a secure communication system that safeguards privacy and sensitive data against hacker attacks and eavesdroppers is now widely acknowledged. This necessitates the creation of solutions that not only deal with security issues but also shouldn't slow down our system. Most security systems rely on randomness generators to establish safe communication; more randomness equals more security. Random generators are essential to the encryption process. In this research, a design and implementation process for a novel random generator based upon Lorenz chaotic signals is presented. NIST's Statistical Test Suite for Random and Pseudorandom Generators for Cryptographic Applications has been used to evaluate the proposed chaotic random generator CRN, and the findings have been reviewed. [ABSTRACT FROM AUTHOR]

Published

2023

28. Implementation Framework National Institute of Standards and Technology (Nist) Evidence Digital In The Forensic Process Social Media.

Author

Abubakar, Radika Muzdalifa, Ahmad, Muhammad Sabri, Kapita, Syarifuddin N., and Fuad, Ahmad

Subjects

SOCIAL media, STANDARDS, TECHNOLOGY, ELECTRONIC evidence, FORENSIC sciences

Abstract

Many people carry out social media activities which are not only positive activities but also activities that have a negative impact, such as crimes in cyberspace. especially forensics mobile in assisting the resolution of crime cases through social media Instagram with media access smartphone. The biggest problem in the data retrieval process is that the perpetrator deletes or tries to eliminate digital evidence on a smartphone so this research aims to implement the framework National Institute of Standards and Technology to investigate data forensic evidence on social media Instagram accessed via smartphone Android by using tools mobile Edit forensic in data extraction on a smartphone with workflow stages collection, - reporting. This study uses a conversation scenario on the Instagram feature direct message (DM) with conditions including deleting data on the Instagram application. The method used in handling cybercrime with media evidence smartphones is the method National Institute of Standards and Technology (NIST). The results of this study are in collecting data in the form of 25 conversations (chat), 206 images, 86 videos, 5 audio, and 4 call logs on smartphones. However tools MOBILEdit Forensic in returning digital evidence are unable to recover conversations and call logs as a whole. [ABSTRACT FROM AUTHOR]

Published

2023

29. Comparative Study of Cloud Forensic Investigation Using ADAM And NIST 800-86 Methods in Private Cloud Computing

Author

Reza Febriana and Ahmad Luthfi

Subjects

framework, adam, nist, cloud, comparison, Systems engineering, TA168, Information technology, T58.5-58.64

Abstract

As information technology advances, associated risks also increase, particularly in the field of private cloud computing services. These services are subject to potential internal abuse risks, either due to system vulnerabilities or other factors. However, the investigation of these incidents in private cloud computing varies greatly due to the different frameworks and unique characteristics of each cloud service. The lack of a standardized approach to analyzing and assessing investigative processes in cloud computing services has been a persistent problem. This lack of consensus affects the accuracy, efficiency, and data acquisition process when dealing with digital evidence in each method, causing concern among researchers. To overcome this, a comparative study was carried out with a focus on the ADAM (The Advanced Data Acquisition Model) method and the NIST (National Institute of Standards and Technology) method. The goal is to identify the most effective investigative process to deal with cyber attack incidents on both the server and client side of cloud computing services. By testing these methods in a network that is built on private cloud computing services, then the results from this research include the weaknesses and strengths of the ADAM and NIST methods are found when applied to cloud computing case studies and these have not been identified in previous research, then produce recommendations for investigators when conducting investigations on case studies on cloud computing, and in this study managed to find a bug in the ownCloud application version 10.9.1. Then this study also aims to provide researchers with valuable references to carry out analysis and assessment in the investigative process, where standardization is still an unresolved issue.

Published

2023

30. An Analysis of Cloud Security Frameworks, Problems and Proposed Solutions

Author

Milan Chauhan and Stavros Shiaeles

Subjects

cloud security, security frameworks, NIST, COBIT, ISO, AWS, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

The rapidly growing use of cloud computing raises security concerns. This study paper seeks to examine cloud security frameworks, addressing cloud-associated issues and suggesting solutions. This research provides greater knowledge of the various frameworks, assisting in making educated decisions about selecting and implementing suitable security measures for cloud-based systems. The study begins with introducing cloud technology, its issues and frameworks to secure infrastructure, and an examination of the various cloud security frameworks available in the industry. A full comparison is performed to assess the framework’s focus, scope, approach, strength, limitations, implementation steps and tools required in the implementation process. The frameworks focused on in the paper are COBIT5, NIST (National Institute of Standards and Technology), ISO (International Organization for Standardization), CSA (Cloud Security Alliance) STAR and AWS (Amazon Web Services) well-architected framework. Later, the study digs into identifying and analyzing prevalent cloud security issues. This contains attack vectors that are inherent in cloud settings. Plus, this part includes the risk factor of top cloud security threats and their effect on cloud platforms. Also, it presents ideas and countermeasures to reduce the observed difficulties.

Published

2023

31. Enhancing the Security of Classical Communication with Post-Quantum Authenticated-Encryption Schemes for the Quantum Key Distribution

Author

Farshad Rahimi Ghashghaei, Yussuf Ahmed, Nebrase Elmrabit, and Mehdi Yousefi

Subjects

post-quantum cryptography, quantum key distribution, NIST, CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, Electronic computers. Computer science, QA75.5-76.95

Abstract

This research aims to establish a secure system for key exchange by using post-quantum cryptography (PQC) schemes in the classic channel of quantum key distribution (QKD). Modern cryptography faces significant threats from quantum computers, which can solve classical problems rapidly. PQC schemes address critical security challenges in QKD, particularly in authentication and encryption, to ensure the reliable communication across quantum and classical channels. The other objective of this study is to balance security and communication speed among various PQC algorithms in different security levels, specifically CRYSTALS-Kyber, CRYSTALS-Dilithium, and Falcon, which are finalists in the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization project. The quantum channel of QKD is simulated with Qiskit, which is a comprehensive and well-supported tool in the field of quantum computing. By providing a detailed analysis of the performance of these three algorithms with Rivest–Shamir–Adleman (RSA), the results will guide companies and organizations in selecting an optimal combination for their QKD systems to achieve a reliable balance between efficiency and security. Our findings demonstrate that the implemented PQC schemes effectively address security challenges posed by quantum computers, while keeping the the performance similar to RSA.

Published

2024

32. Distributed private preserving learning based chaotic encryption framework for cognitive healthcare IoT systems

Author

Shaik Abdul Nabi, Ponugoti Kalpana, N. Subhash Chandra, L. Smitha, K. Naresh, Absalom E. Ezugwu, and Laith Abualigah

Subjects

Cognitive health care, Internet of things, Privacy and security breaches, Distributed learning, Federated learning libraries, NIST, Computer applications to medicine. Medical informatics, R858-859.7

Abstract

In the field of cognitive healthcare Internet of Things (CH-IoT), there is a strong demand for reliable and minimally intrusive smart gadgets that consistently acquire, analyse, and obtain the confidential health details of the individual. In fact, CH-IoT is empowered with artificial intelligence (AI) to transmute a fewer operational inputs into actionable, intelligent actions through the digitization of medical healthcare data. However, these systems consume more network complexity, interaction, and overhead costs, while inducing a blend of susceptibility and confidentiality issues. In support of this complexity, these cognitive systems need centralised data collection and to be gathered and analysed, which affects scalability issues and adds fuel to privacy and security breaches. Even though it possesses greater intricacy in its potential application, a substantial factor is maintaining the private preservation of healthcare data against the growing attacks. Thus, this paper presents a distributed privacy-preserving, chaotic encryption-based framework that can be deployed for CH-IoT systems to safeguard sensitive data against message modification, denial of service (DoS), and man-in-the-middle attacks (MIM), guaranteeing privacy and data integrity. The proposed framework integrated the federated learning layered hybrid chaotic encryption strategies by investigating through examination the learning infrastructure of convolutional neural networks (CNN). In the examination, the complete framework was carried out in the Tensorflow Federated Learning Libraries (FLL), and numerous performance metrics such as accuracy, precision, recall, f1-score, transmission efficiency, and overhead ratio were measured and contrasted with the various existing frameworks. For the intensive analysis, formal and informal security experiments were also conducted by NIST (National Institute of Science and Technology). The analytical results illustrate the importance of the proposed framework by achieving better security performance and outperforming the other existing models. Lastly, the proposed framework has more potential than the other existing frameworks and finds its place in real-time healthcare systems, but it needs to be improvised for real-time datasets.

Published

2024

33. A Lightweight Image Encryption Algorithm Based on Elliptic Curves and a 5D Logistic Map.

Author

Rashid, Abdullah A. and Hussein, Khalid A.

Subjects

*IMAGE encryption, *ELLIPTIC curves, *VISUAL cryptography, *ELLIPTIC curve cryptography, *SMART cards, *ALGORITHMS, *COMPUTER network security

Abstract

Cryptography can be thought of as a toolbox, where potential attackers gain access to various computing resources and technologies to try to compute key values. In modern cryptography, the strength of the encryption algorithm is only determined by the size of the key. Therefore, our goal is to create a strong key value that has a minimum bit length that will be useful in light encryption. Using elliptic curve cryptography (ECC) with Rubik's cube and image density, the image colors are combined and distorted, and by using the Chaotic Logistics Map and Image Density with a secret key, the Rubik's cubes for the image are encrypted, obtaining a secure image against attacks. ECC itself is a powerful algorithm that generates a pair of public and private elements, and we generate secret key values with the help of the above key pair. This algorithm is applied to smart cards, sensors, and wireless network security. Whereas, the test results indicate that the highest value for PSNR is 7.9641, while the highest values for UACI and NPCR are 35.3721 and 99.9992, respectively. The encoding and decoding speeds reach 0.1561 and 0.1532 seconds, respectively. [ABSTRACT FROM AUTHOR]

Published

2023

34. Limit theorem for a smoothed version of the spectral test for testing the equiprobability of a binary sequence.

Author

Savelov, Maksim P.

Subjects

*BINARY sequences, *DISCRETE Fourier transforms, *RANDOM variables, *T-test (Statistics), *LIMIT theorems, *PROBLEM solving, *FOURIER transforms

Abstract

We consider the problem of testing the hypothesis that the tested sequence is a sequence of independent random variables that take values 1 and –1 with equal probability. To solve this problem, the Discrete Fourier Transform (spectral) test of the NIST package uses the statistic TFourier, the exact limiting distribution of which is unknown. In this paper a new statistic is proposed and its limiting distribution is established. This new statistic is a slight modification of TFourier. A hypothesis about the limit distribution of TFourier is formulated, which is confirmed by numerical experiments presented by Pareschi F., Rovatti R. and Setti G. [ABSTRACT FROM AUTHOR]

Published

2023

35. A Survey of Post-Quantum Cryptography: Start of a New Race.

Author

Dam, Duc-Thuan, Tran, Thai-Ha, Hoang, Van-Phuc, Pham, Cong-Kha, and Hoang, Trong-Thuc

Subjects

*PUBLIC key cryptography, *DATA encryption, *QUANTUM cryptography, *CRYPTOGRAPHY, *DIGITAL signatures, *DIGITAL technology

Abstract

Information security is a fundamental and urgent issue in the digital transformation era. Cryptographic techniques and digital signatures have been applied to protect and authenticate relevant information. However, with the advent of quantum computers and quantum algorithms, classical cryptographic techniques have been in danger of collapsing because quantum computers can solve complex problems in polynomial time. Stemming from that risk, researchers worldwide have stepped up research on post-quantum algorithms to resist attack by quantum computers. In this review paper, we survey studies in recent years on post-quantum cryptography (PQC) and provide statistics on the number and content of publications, including a literature overview, detailed explanations of the most common methods so far, current implementation status, implementation comparisons, and discussion on future work. These studies focused on essential public cryptography techniques and digital signature schemes, and the US National Institute of Standards and Technology (NIST) launched a competition to select the best candidate for the expected standard. Recent studies have practically implemented the public key encryption/key encapsulation mechanism (PKE/KEM) and digital signature schemes on different hardware platforms and applied various optimization measures based on other criteria. Along with the increasing number of scientific publications, the recent trend of PQC research is increasingly evident and is the general trend in the cryptography industry. The movement opens up a promising avenue for researchers in public key cryptography and digital signatures, especially on algorithms selected by NIST. [ABSTRACT FROM AUTHOR]

Published

2023

36. Resource guide for teaching post-quantum cryptography.

Author

Holden, Joshua

Subjects

*TEACHING guides, *CRYPTOGRAPHY, *ABSTRACT algebra, *NUMBER theory, *QUANTUM computers, *QUANTUM cryptography

Abstract

Public-key cryptography has become a popular way to motivate the teaching of concepts in elementary number theory, abstract algebra, and introduction to proof courses, as well as in cryptography courses. Unfortunately, many experts expect quantum computers to make common forms of public-key cryptography obsolete in the near future. Fortunately, there are several systems being evaluated to replace RSA and the other systems we currently use. While some of the systems are too complicated to be good examples in introductory courses, others are either quite manageable or have simplified versions that are manageable. This article gives a tour of the main types of systems under consideration and the teaching resources available for instructors who want to teach them. [ABSTRACT FROM AUTHOR]

Published

2023

37. An Analysis of Cloud Security Frameworks, Problems and Proposed Solutions.

Author

Chauhan, Milan and Shiaeles, Stavros

Subjects

WEB services, CLOUD computing, DECISION making

Abstract

The rapidly growing use of cloud computing raises security concerns. This study paper seeks to examine cloud security frameworks, addressing cloud-associated issues and suggesting solutions. This research provides greater knowledge of the various frameworks, assisting in making educated decisions about selecting and implementing suitable security measures for cloud-based systems. The study begins with introducing cloud technology, its issues and frameworks to secure infrastructure, and an examination of the various cloud security frameworks available in the industry. A full comparison is performed to assess the framework's focus, scope, approach, strength, limitations, implementation steps and tools required in the implementation process. The frameworks focused on in the paper are COBIT5, NIST (National Institute of Standards and Technology), ISO (International Organization for Standardization), CSA (Cloud Security Alliance) STAR and AWS (Amazon Web Services) well-architected framework. Later, the study digs into identifying and analyzing prevalent cloud security issues. This contains attack vectors that are inherent in cloud settings. Plus, this part includes the risk factor of top cloud security threats and their effect on cloud platforms. Also, it presents ideas and countermeasures to reduce the observed difficulties. [ABSTRACT FROM AUTHOR]

Published

2023

38. Performance Evaluation of Business Continuity Plan in Dealing With Threats and Risks In Cilegon Companies Use ISO 22301:2019 & NIST Sp 800-30 R1 Frameworks Case Study: PT. X.

Author

Hendaryatna, Firmansyah, Gerry, Tjahyono, Budi, and Widodo, Agung Mulyo

Subjects

PERFORMANCE evaluation, BUSINESS continuity planning, INDUSTRIAL management, RISK assessment, DECISION trees

Abstract

This research was conducted at PT.X which is located in Cilegon, Merak-Banten. Seeing the geographical location of PT.X which is in a disaster-prone area, the company must ensure an effective business continuity process. In accordance with government regulations on ElectronicBased Government Systems (SPBE) related to corporate and government business activities, companies must be able to ensure business continuity in every condition that poses a threat and risk, but with no specific obligation that is the basis for the company's business continuity if it does not have a Business Continuity Plan (BCP) process, it will get a sanction. The purpose of this research is to evaluate the existing BCP process at PT X Cilegon and provide recommendations for a standardized BCP framework in the company to ensure business continuity as the company's Business Continuity Management System (BCMS) to avoid all threats and risks. BCP has standards regulated in ISO 22301: 2019 as its framework, and in BCP there is a risk analysis process and in this research will be carried out using the NIST SP 800-30 Revision 1 method as its best practice. The evaluation results show that the previous BCP process at PT X Cilegon was not in accordance with the standards and the risk analysis carried out was still based on the ISO that the company had implemented but not ISO 31000 which is the risk management standard, so this study provides recommendations for a BCP framework that is in accordance with the standards and risk analysis with risk analysis methods that produce risk priorities. [ABSTRACT FROM AUTHOR]

Published

2023

39. Simulation of QTRNG on IBM’s Q Experience Using Rotation and Phase Quantum Gates.

Author

Kumar, Vaishnavi, R, Amirtharajan, R, John Bosco Balaguru, and Pravinkumar, Padmapriya

Abstract

True random numbers are crucial in many applications ranging from stochastic simulations to many other applications, especially cryptography. The quest for true randomness is, in general, considered to be impossible with only classical means. This insight enables the construction of various proposals for producing a good random number generator in realistic quantum scenarios. We presented a new fast 24 qubits quantum true random number generator (QTRNG) based on rotation and phase quantum gates on IBM’s cloud platform. It is a provable true random number since it is based on the quantum process and experimented with through QISKIT. The raw output of the generator reveals the foundational unpredictability of quantum mechanics inherent nature, which is different from classical physics. The achievable eminence of the numbers generated from a practical carrying out can differ from the theoretically promising solution. The proposed Quantum True Random Number Generation is accomplished through IBM quantum lab, and its architecture results also passed National Institute of Standards and Technology (NIST) statistical tests 800-90B and 800-22. This method is relatively efficient since it can be implemented locally on our devices. The offered methodology 224 bitstream data has higher certification randomness. The quality of the generated random bitstreams is investigated through restart analysis and autocorrelation analysis. The resulting output passes the NIST standard statistical test with a min-entropy value of 0.000712. [ABSTRACT FROM AUTHOR]

Published

2023

40. Model Manajemen Risiko Sistem Informasi Untuk Sistem Informasi Manajemen Kepegawaian.

Author

Yulisuyanti, Eka and Soewito, Benfano

Subjects

MANAGEMENT information systems, INFORMATION resources management, INFORMATION storage & retrieval systems, INFORMATION resources, DISASTER resilience

Abstract

Copyright of Techno.com is the property of Universitas Dian Nuswantoro, Fakultas Ilmu Komputer and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

41. Latent Fingerprint Recognition: Fusion of Local and Global Embeddings.

Author

Grosz, Steven A. and Jain, Anil K.

Abstract

One of the most challenging problems in fingerprint recognition continues to be establishing the identity of a suspect associated with partial and smudgy fingerprints left at a crime scene (i.e., latent prints or fingermarks). Despite the success of fixed-length embeddings for rolled and slap fingerprint recognition, the features learned for latent fingerprint matching have mostly been limited to local minutiae-based embeddings and have not directly leveraged global representations for matching. In this paper, we combine global embeddings with local embeddings for state-of-the-art latent to rolled matching accuracy with high throughput. The combination of both local and global representations leads to improved recognition accuracy across NIST SD 27, NIST SD 302, MSP, MOLF DB1/DB4, and MOLF DB2/DB4 latent fingerprint datasets for both closed-set (84.11%, 54.36%, 84.35%, 70.43%, 62.86% rank-1 retrieval rate, respectively) and open-set (0.50, 0.74, 0.44, 0.60, 0.68 FNIR at FPIR=0.02, respectively) identification scenarios on a gallery of 100K rolled fingerprints. Not only do we fuse the complimentary representations, we also use the local features to guide the global representations to focus on discriminatory regions in two fingerprint images to be compared. This leads to a multi-stage matching paradigm in which subsets of the retrieved candidate lists for each probe image are passed to subsequent stages for further processing, resulting in a considerable reduction in latency (requiring just 0.068 ms per latent to rolled comparison on an AMD EPYC 7543 32-Core Processor, roughly 15K comparisons per second). Finally, we show the generalizability of the fused representations for improving authentication accuracy across several rolled, plain, and contactless fingerprint datasets. [ABSTRACT FROM AUTHOR]

Published

2023

42. A cyber resilience analysis case study of an industrial operational technology environment.

Author

Perrett, Kirsty and Wilson, Ian David

Subjects

INFRASTRUCTURE (Economics), INTERNET security, INDUSTRIAL controls manufacturing

Abstract

Cyber resilience is an active research area offering a novel approach to Cyber Security. The term appeared due to the concerning number of cyber-attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) developed a framework to assist organisations with techniques and approaches to improving cyber resilience. However, there are a sparsity of case studies that speak to the adoption or measurement of these novel approaches within a complex industrial control environment. This paper presents a case study analysis of a manufacturing plant assessment drawing on key themes from the NIST literature. The paper presents how well NIST constructs can be adopted to find cyber-resilient enhancement opportunities and to decide if an evaluation of the results could supply a quantitative baseline measure of an organisation's overall resilience. Conclusions drawn show that although the framework did partially aid with the analysis process, the frameworks ease of adoption assume an organisation has a conventional cyber security foundation; NIST should make this clear within their guidance. Furthermore, the accompanying evaluation process was not sufficient to quantitatively measure the overall cyber resilience maturity for this case study. [ABSTRACT FROM AUTHOR]

Published

2023

43. CYBERSECURITY POSTURE RESEARCH IN SMALL ORGANIZATIONS.

Author

TRAJCHEVSKI, Neven and STEVANOSKI, Goce

Subjects

INTERNET security, CYBERTERRORISM, POSTURE, PROSPECT theory, ORGANIZATIONAL research, EMPIRICAL research

Abstract

This study presents the results of empirical research of cybersecurity posture of small organizations in North Macedonia. The results are present as quantitative determined value within a defined taxonomy based on the theoretical foundation of prospect theory and status quo bias. The analyzed quantity is a relation between two key parameters of the cybersecurity posture of an organization, the cybersecurity readiness and the decision makers' perceived risk of cyber-attack. The study also consists of a comparative analysis between these results and the gained results during other studies in EU and USA. [ABSTRACT FROM AUTHOR]

Published

2023

44. Codesign for Generation of Large Random Sequences on Zynq FPGA.

Author

Hernandez-Morales, Brenda Mariana, Diaz-Santiago, Sandra, and Mancillas-Lopez, Cuauhtemoc

Abstract

This work presents two codesign implementations of a true random number generation mechanism. Physical components provided by the programmable logic of FPGA are used for true random seed generation. The seed conditioning and generation of the large sequences were implemented using the block cipher Advanced Encryption Standard (AES) implemented on the Cortex-A9 processor (embedded in the Zynq FPGA) or specific AESNI instructions in modern processors. Our implementations use less than 10% of the available resources on the target FPGAs and pass all the National Institute of Standards and Technology (NIST) tests for random generators. [ABSTRACT FROM AUTHOR]

Published

2023

45. Key Generation Technique Based on Channel Characteristics for MIMO-OFDM Wireless Communication Systems

Author

Dinh Van Linh and Vu Van Yem

Subjects

Secret key, reciprocity, channel state information, complex impulse response, NIST, randomness, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Dynamic secret key generation from wireless channel characteristics is a promising technique for physical layer security. One of the important issues in this field is extending the secret key’s length while preserving its uniformity and randomness. This paper proposes a key generation method based on time-varying and the reciprocity of wireless channels for Multiple-Input Multiple-Output Orthogonal Frequency Division Multiplexing (MIMO-OFDM) wireless communication systems. In the proposed technique, the complex impulse response (CIR) of the estimated channel state information (CSI) is extracted, and a quantization algorithm is designed to convert the maximum peaks of the CIR into secret key bits. The effectiveness of the proposed key generation technique is assessed in terms of the randomness of the produced key bits with different key lengths by using a statistical test suite of the National Institute of Standards and Technology (NIST). The proposed technique is employed in the MIMO-OFDM systems with different modulation schemes through Additive White Gaussian Noise (AWGN) and Rayleigh channels. The simulation results show that the secret keys with various key lengths generated from the proposed technique for the MIMO-OFDM systems guarantee randomness. Moreover, the proposed CSI-based key generation technique provides better effectiveness in terms of security when compared to some existing techniques.

Published

2023

46. Statistical Characteristics Improvement of a Hardware Random Number Generator by a Software Method

Author

M. O. Pikuza

Subjects

hardware random number generator, noise diode, statistical test suite, nist, diehard, high-order finite difference, Electronics, TK7800-8360

Abstract

As a source of random numbers, hardware random number generators are often used, the operation of which is based on randomly changing parameters of various physical processes. The statistical characteristics of such generators do not always allow their use in the field of information security. To improve the statistical characteristics, various software tools for processing the output data of the generator are used. The purpose of this work is to study the possibility to improve the statistical characteristics of a hardware random number generator by software. The investigated hardware random number generator is based on the ND103L noise diode and has a random digital sequence of binary numbers at the output. To improve the statistical characteristics, the output stream of random numbers was processed using a software method based on the calculation of high-order finite differences. This method would allow one to get a more symmetrical distribution of random numbers, as well as increase the speed of their generation. After processing, the data from the generator under study have better statistical characteristics, which is confirmed by the NIST and Diehard tests, and the generation rate has also increased by more than 5 times. The results of this work may be useful to developers of hardware random number generators who need to improve the performance of the generator.

Published

2022

47. Quantum true random number generation on IBM’s cloud platform

Author

Vaishnavi Kumar, John Bosco Balaguru Rayappan, Rengarajan Amirtharajan, and Padmapriya Praveenkumar

Subjects

QTRNG, QCD, QISKIT, NIST, Hadamard gate, Electronic computers. Computer science, QA75.5-76.95

Abstract

Random numbers are the lifeline of any cryptographic operation in modern computing. Quantum True Random Number Generator (QTRNG) can yield real random data to replace random-looking periodic sequences. Here, we present the fastest QTRNG on factual Quantum Computational Devices (QCD) locally on our device to save time. To construct a random number generator, the IBM Q Experience called Qiskit is used. The ease of our source Hadamard gate pooled with its verifiably sole randomness is imperative for attaining quantum random number generators at no cost. The inner matrix product of the square of the Hadamard gate is proved to be identified in the quantum lab. Applying the H gate twice on the quantum register cancelled out the H gate pair. It acted as a single Hadamard gate that was practically visualised using the IMB Q experience. The 24-qubit random number is experimented with and investigated in this work. The min-entropy of such generated random numbers is 0.0007244 with the worst-case entropy value of 0.999507. Besides, subsequent verification of genuine randomness was confirmed by steering restart experimentation, & the statistical properties of TRNG were evaluated over autocorrelation study, National Institute of Standards and Technology (NIST) SP 800-90B & 800-22 tests.

Published

2022

48. Hyperchaotic Maps and the Single Neuron Model: A Novel Framework for Chaos-Based Image Encryption.

Author

Alexan, Wassim, Chen, Yen-Lin, Por, Lip Yee, and Gabr, Mohamed

Subjects

*IMAGE encryption, *PARALLEL processing, *NEURONS, *IMAGE transmission

Abstract

With the explosion of the generation, transmission and sharing of image data over the Internet and other unsecured networks, the need for and significance of the development of novel image encryption algorithms are unprecedented. In this research work, we propose a novel framework for image encryption that is based on two hyperchaotic maps utilized in conjunction with the single neuron model (SNM). The framework entails three successive stages, where in every stage a substitution box (S-box) is applied, then XORing with an encryption key is carried out. The S-boxes and the encryption keys are generated from the numerical solutions of the hyperchaotic maps and the SNM. The performance of the proposed framework is gauged through a number of metrics, reflecting superior performance and complete asymmetry between the plain images and their encrypted versions. The main advantages of this work are (1) vast key space and (2) high encryption efficiency. The superior key space of 22551 is the result of employing the two hyperchaotic maps, while the improved efficiency, resulting in an average encryption rate of 8.54 Mbps, is the result of using the SNM as well as the employment of optimized parallel processing techniques. In addition, the proposed encryption framework is shown to output encrypted images that pass the NIST SP 800 suite. Average achieved values for the metrics include MSE of 9626, PSNR of 8.3 dB, MAE of 80.99, entropy of 7.999, NPCR of 99.6% and UACI of 31.49%. [ABSTRACT FROM AUTHOR]

Published

2023

49. A Novel Strong S-Box Design Using Quantum Crossover and Chaotic Boolean Functions for Symmetric Cryptosystems.

Author

Alsaif, Haitham, Guesmi, Ramzi, Kalghoum, Anwar, Alshammari, Badr M., and Guesmi, Tawfik

Subjects

*CRYPTOSYSTEMS, *SYMMETRIC functions, *BOOLEAN functions, *QUBITS, *GENETIC techniques, *GENETIC algorithms, *GENERATING functions

Abstract

In this paper, we propose a new method for drawing a cryptographically strong substitution box using the Lorenz system and quantum genetic algorithm techniques. We used the chaotic function to generate an initial random sequence of bits and the quantum crossover to provide a new and improved substitution box with increased non-linearity. The aim of the proposed algorithm was to generate a strong and secure substitution box that can be utilized in symmetric cryptosystems. The use of chaotic Boolean functions, genetic algorithm techniques, and the quantum crossover helped achieve this goal, and statistical tests further confirmed the randomness and efficiency of the generated substitution box. The results of the statistical test suite showed that the substitution box produced by the proposed algorithm is a "pass" in terms of randomness and has strong cryptographic properties. The tests include a frequency (monobit) test, a frequency test within a block, a linear complexity test, an approximate entropy test, and a cumulative sums test among others. The p-values obtained in the tests indicate that the randomness of the generated substitution box meets the requirements of a cryptographically secure substitution box. [ABSTRACT FROM AUTHOR]

Published

2023

50. A comprehensive survey on machine translation for English, Hindi and Sanskrit languages.

Author

Sitender, Bawa, Seema, Kumar, Munish, and Sangeeta

Abstract

Transforming text from one language to another by using computer systems automatically or with little human interventions is known as Machine Translation System (MTS). Divergence among natural languages in a multilingual environment makes Machine Translation (MT) a difficult and challenging task. The purpose of this paper is to present a comprehensive survey of MTS in general and for English, Hindi and Sanskrit languages in particular. The state-of-the-art MT approach is Neural Machine Translation (NMT) which has been used by Google, Amazon, Facebook and Microsoft but it requires large corpus as well as high computing systems. The availability of MT language modeling tools, parsers data repositories and evaluation metrics has been tabulated in this article. The classification of MTS, evaluation methods and platforms has been done based on a well-defined set of criteria. The new research avenues have been explored in this survey article which will help in developing good quality MTS. Although several surveys have been done on MTS but none of them have followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) approach including tools and evaluation methods as done in this survey specifically for English, Hindi and Sanskrit languages. [ABSTRACT FROM AUTHOR]

Published

2023