Symmetric encryption algorithms learned by the previous proposed end-to-end adversarial network encryption communication systems are deterministic.With the same key and same plaintext,the deterministic algorithm will ...Symmetric encryption algorithms learned by the previous proposed end-to-end adversarial network encryption communication systems are deterministic.With the same key and same plaintext,the deterministic algorithm will lead to the same ciphertext.This means that the key in the deterministic encryption algorithm can only be used once,thus the encryption is not practical.To solve this problem,a nondeterministic symmetric encryption end-to-end communication system based on generative adversarial networks is proposed.We design a nonce-based adversarial neural network model,where a“nonce”standing for“number used only once”is passed to communication participants,and does not need to be secret.Moreover,we optimize the network structure through adding Batch Normalization(BN)to the CNNs(Convolutional Neural Networks),selecting the appropriate activation functions,and setting appropriate CNNs parameters.Results of experiments and analysis show that our system can achieve non-deterministic symmetric encryption,where Alice encrypting the same plaintext with the key twice will generate different ciphertexts,and Bob can decrypt all these different ciphertexts of the same plaintext to the correct plaintext.And our proposed system has fast convergence and the correct rate of decryption when the plaintext length is 256 or even longer.展开更多
In this paper, we propose a new notion of secure disguisable symmetric encryption schemes, which captures the idea that the attacker can decrypt an encrypted fie to different meaningful values when different keys are ...In this paper, we propose a new notion of secure disguisable symmetric encryption schemes, which captures the idea that the attacker can decrypt an encrypted fie to different meaningful values when different keys are put to the decryption algorithm. This notion is aimed for the following anti-forensics purpose: the attacker can cheat the forensics investigator by decrypting an encrypted file to a meaningful file other than that one he encrypted, in the case that he is caught by the forensics investigator and ordered to hand over the key for decryption. We then present a construction of secure disguisable symmetric encryption schemes.展开更多
Data outsourcing has become an industry trend with the popularity of cloud computing.How to search data securely and efficiently has received unprecedented attention.Dynamic Searchable Symmetric Encryption(DSSE)is an ...Data outsourcing has become an industry trend with the popularity of cloud computing.How to search data securely and efficiently has received unprecedented attention.Dynamic Searchable Symmetric Encryption(DSSE)is an effective method to solve this problem,which supports file updates and keyword-based searches over encrypted data.Unfortunately,most existing DSSE schemes have privacy leakages during the addition and deletion phases,thus proposing the concepts of forward and backward privacy.At present,some secure DSSE schemes with forward and backward privacy have been proposed,but most of these DSSE schemes only achieve single-keyword query in the single-client setting,which seriously limits the application in practice.To solve this problem,we propose a multi-client and multikeyword searchable symmetric encryption scheme with forward and backward privacy(MMKFB).Our scheme focuses on the multi-keyword threshold queries in the multi-client setting,which is a new pattern of multi-keyword search realized with the help of additive homomorphism.And performance analysis and experiments demonstrate that our scheme is more practical for use in small and medium size databases.Especially when a large number of files are updated at once,our scheme has advantages over some existing DSSE schemes in terms of computational efficiency and client storage overhead.展开更多
This paper introduces a novel lightweight colour image encryption algorithm,specifically designed for resource-constrained environments such as Internet of Things(IoT)devices.As IoT systems become increasingly prevale...This paper introduces a novel lightweight colour image encryption algorithm,specifically designed for resource-constrained environments such as Internet of Things(IoT)devices.As IoT systems become increasingly prevalent,secure and efficient data transmission becomes crucial.The proposed algorithm addresses this need by offering a robust yet resource-efficient solution for image encryption.Traditional image encryption relies on confusion and diffusion steps.These stages are generally implemented linearly,but this work introduces a new RSP(Random Strip Peeling)algorithm for the confusion step,which disrupts linearity in the lightweight category by using two different sequences generated by the 1D Tent Map with varying initial conditions.The diffusion stage then employs an XOR matrix generated by the Logistic Map.Different evaluation metrics,such as entropy analysis,key sensitivity,statistical and differential attacks resistance,and robustness analysis demonstrate the proposed algorithm's lightweight,robust,and efficient.The proposed encryption scheme achieved average metric values of 99.6056 for NPCR,33.4397 for UACI,and 7.9914 for information entropy in the SIPI image dataset.It also exhibits a time complexity of O(2×M×N)for an image of size M×N.展开更多
Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabli...Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabling updates and retrievals of ciphertext on untrusted cloud server while ensuring data privacy.However,previous research on DSSE mostly focused on single keyword search,which limits its practical application in cloud-based IoT systems.Recently,Patranabis(NDSS 2021)[1]proposed a groundbreaking DSSE scheme for conjunctive keyword search.However,this scheme fails to effectively handle deletion operations in certain circumstances,resulting in inaccurate query results.Additionally,the scheme introduces unnecessary search overhead.To overcome these problems,we present CKSE,an efficient conjunctive keyword DSSE scheme.Our scheme improves the oblivious shared computation protocol used in the scheme of Patranabis,thus enabling a more comprehensive deletion functionality.Furthermore,we introduce a state chain structure to reduce the search overhead.Through security analysis and experimental evaluation,we demonstrate that our CKSE achieves more comprehensive deletion functionality while maintaining comparable search performance and security,compared to the oblivious dynamic cross-tags protocol of Patranabis.The combination of comprehensive functionality,high efficiency,and security makes our CKSE an ideal choice for deployment in cloud-based IoT systems.展开更多
Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is hon...Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is honest but curious,while the server may be trustless in the real world.Considering a malicious server not honestly performing the queries,verifiable SSE(VSSE)schemes are constructed to ensure the verifiability of the search results.However,existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification.To address this challenge,we present an efficient VSSE scheme,built on OXT protocol(Cash et al.,CRYPTO 2013),for conjunctive keyword queries with sublinear search overhead.The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator,by leveraging a well-established cryptographic primitive,Symmetric Hidden Vector Encryption(SHVE).Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations,thus greatly reducing the computational cost in the verification process.Besides,the proposed VSSE scheme can still provide a proof when the search result is empty.Finally,the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.展开更多
In the digital age, the data exchanged within a company is a wealth of knowledge. The survival, growth and influence of a company in the short, medium and long term depend on it. Indeed, it is the lifeblood of any mod...In the digital age, the data exchanged within a company is a wealth of knowledge. The survival, growth and influence of a company in the short, medium and long term depend on it. Indeed, it is the lifeblood of any modern company. A companys operational and historical data contains strategic and operational knowledge of ever-increasing added value. The emergence of a new paradigm: big data. Today, the value of the data scattered throughout this mother of knowledge is calculated in billions of dollars, depending on its size, scope and area of intervention. With the rise of computer networks and distributed systems, the threats to these sensitive resources have steadily increased, jeopardizing the existence of the company itself by drying up production and losing the interest of customers and suppliers. These threats range from sabotage to bankruptcy. For several decades now, most companies have been using encryption algorithms to protect and secure their information systems against the threats and dangers posed by the inherent vulnerabilities of their infrastructure and the current economic climate. This vulnerability requires companies to make the right choice of algorithms to implement in their management systems. For this reason, the present work aims to carry out a comparative study of the reliability and effectiveness of symmetrical and asymmetrical cryptosystems, in order to identify one or more suitable for securing academic data in the DRC. The analysis of the robustness of commonly used symmetric and asymmetric cryptosystems will be the subject of simulations in this article.展开更多
Due to the rapid growth of telemedicine and healthcare services,color medical image security applications have been expanded precipitously.In this paper,an asymmetric PTFrFT(Phase Truncated Fractional Fourier Transfor...Due to the rapid growth of telemedicine and healthcare services,color medical image security applications have been expanded precipitously.In this paper,an asymmetric PTFrFT(Phase Truncated Fractional Fourier Transform)-based color medical image cryptosystem is suggested.Two different phases in the fractional Fourier and output planes are provided as deciphering keys.Accordingly,the ciphering keys will not be employed for the deciphering procedure.Thus,the introduced PTFrFT algorithm comprises asymmetric ciphering and deciphering processes in contrast to the traditional optical symmetric OSH(Optical Scanning Holography)and DRPE(Double Random Phase Encoding)algorithms.One of the principal impacts of the introduced asymmetric cryptosystem is that it eliminates the onedimensionality aspects of the related symmetric cryptosystems due to its remarkable feature of phase nonlinear truncation components.More comparisons on various colormedical images are examined and analyzed to substantiate the cryptosystem efficacy.The achieved experimental outcomes ensure that the introduced cryptosystem is robust and secure.It has terrific cryptography performance compared to conventional cryptography algorithms,even in the presence of noise and severe channel attacks.展开更多
Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal ...Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model (ICM); we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge functions. Our main idea is to introduce a universal hash function (UHF) h as a random value for each encrypfion, and then use s = h(sk) as the key of the ideal cipher F, where sk is the private key of our symmetric encryption scheme. Although many other schemes that are secure against KDM attacks have already been proposed, in both the ideal standard models, the much more significance of our paper is the simplicity in which we implement KDM security against active attacks.展开更多
The 3PAKE(Three-Party Authenticated Key Exchange)protocol is a valuable cryptographic method that offers safe communication and permits two diverse parties to consent to a new safe meeting code using the trusted serve...The 3PAKE(Three-Party Authenticated Key Exchange)protocol is a valuable cryptographic method that offers safe communication and permits two diverse parties to consent to a new safe meeting code using the trusted server.There have been explored numerous 3PAKE protocols earlier to create a protected meeting code between users employing the trusted server.However,existing modified 3PAKE protocols have numerous drawbacks and are incapable to provide desired secrecy against diverse attacks such as manin-the-middle,brute-force attacks,and many others in social networks.In this article,the authors proposed an improved as well as safe 3PAKE protocol based on the hash function and the symmetric encryption for the social networks.The authors utilized a well-acknowledged AVISPA tool to provide security verification of the proposed 3PAKE technique,and findings show that our proposed protocol is safer in opposition to active as well as passive attacks namely the brute-force,man-in-the-middle,parallel attack,and many more.Furthermore,compared to other similar schemes,the proposed protocol is built with a reduced computing cost as our proposed protocol consumes less time in execution and offers high secrecy in the social networks with improved accuracy.As a result,this verified scheme is more efficient as well as feasible for implementation in the social networks in comparison to previous security protocols.Although multifarious authors carried out extensive research on 3PAKE protocols to offer safe communication,still there are vital opportunities to explore and implement novel improved protocols for higher safety in the social networks and mobile commerce environment in the future in opposition to diverse active as well as passive attacks.展开更多
A modification of the Hill cipher algorithm was recently proposed by Ismail et al.(2006),who claimed that their new scheme could offer more security than the original one due to an extra non-linearity layer introduced...A modification of the Hill cipher algorithm was recently proposed by Ismail et al.(2006),who claimed that their new scheme could offer more security than the original one due to an extra non-linearity layer introduced via an elaborated key gen-eration mechanism.That mechanism produces one different encryption key for each one of the plaintext blocks.Nevertheless,we show in this paper that their method still has severe security flaws whose weaknesses are essentially the same as that already found in the original Hill cipher scheme.展开更多
In a secure group communication system, messages must be encrypted before being transmitted to group members to prevent unauthorized access. In many secure group communication schemes, whenever a member leaves or join...In a secure group communication system, messages must be encrypted before being transmitted to group members to prevent unauthorized access. In many secure group communication schemes, whenever a member leaves or joins the group, group center (GC) immediately changes the common encryption key and sends the new key to all valid members for forward and backward secrecy. If valid members are not on-line, they will miss the re-keying messages and will not be able to decrypt any ciphertext. Therefore, group members must be able to store the state of the system. In some applications, like global positioning systems (GPS) or pay-per-view systems, it is not reasonable to ask group members to stay on-line all the time and save the changes to the system. A hierarchical binary tree-based key management scheme are proposed for a secure group communication. This scheme reduces the key storage requirement of GC to a constant size and the group members are not required to be on-line constantly (stateless).展开更多
To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication sch...To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.展开更多
Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.Howeve...Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.展开更多
The prosperity of network function virtualization(NFV)pushes forward the paradigm of migrating in-house middleboxes to third-party providers,i.e.,software(virtualized)middlebox services.A lot of enterprises have outso...The prosperity of network function virtualization(NFV)pushes forward the paradigm of migrating in-house middleboxes to third-party providers,i.e.,software(virtualized)middlebox services.A lot of enterprises have outsourced traffic processing such as deep packet inspection(DPI),traffic classification,and load balancing to middleboxes provided by cloud providers.However,if the traffic is forwarded to the cloud provider without careful processing,it will cause privacy leakage,as the cloud provider has all the rights to access the data.To solve the security issue,recent efforts are made to design secure middleboxes that can directly conduct network functions over encrypted traffic and middlebox rules.However,security concerns from dynamic operations like dynamic DPI and rule updates are still not yet fully addressed.In this paper,we propose a privacy-preserving dynamic DPI scheme with forward privacy for outsourced middleboxes.Our design can enable cloud side middlebox to conduct secure packet inspection over encrypted traffic data.Besides,the middlebox providers cannot analyze the relationship between the newly added rules and the previous data.Several recent papers have proven that it is a strong property that resist adaptive attacks.Furthermore,we design a general method to inspect stateful packets while still ensuring the state privacy protection.We formally define and prove the security of our design.Finally,we implement a system prototype and analyze the performance from experimental aspects.The evaluation results demonstrate our scheme is effective and efficient.展开更多
A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyr...A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.展开更多
基金supported by The National Defense Innovation Project(No.ZZKY20222411)Natural Science Basic Research Plan in Shaanxi Province of China(No.2024JC-YBMS-546).
文摘Symmetric encryption algorithms learned by the previous proposed end-to-end adversarial network encryption communication systems are deterministic.With the same key and same plaintext,the deterministic algorithm will lead to the same ciphertext.This means that the key in the deterministic encryption algorithm can only be used once,thus the encryption is not practical.To solve this problem,a nondeterministic symmetric encryption end-to-end communication system based on generative adversarial networks is proposed.We design a nonce-based adversarial neural network model,where a“nonce”standing for“number used only once”is passed to communication participants,and does not need to be secret.Moreover,we optimize the network structure through adding Batch Normalization(BN)to the CNNs(Convolutional Neural Networks),selecting the appropriate activation functions,and setting appropriate CNNs parameters.Results of experiments and analysis show that our system can achieve non-deterministic symmetric encryption,where Alice encrypting the same plaintext with the key twice will generate different ciphertexts,and Bob can decrypt all these different ciphertexts of the same plaintext to the correct plaintext.And our proposed system has fast convergence and the correct rate of decryption when the plaintext length is 256 or even longer.
文摘In this paper, we propose a new notion of secure disguisable symmetric encryption schemes, which captures the idea that the attacker can decrypt an encrypted fie to different meaningful values when different keys are put to the decryption algorithm. This notion is aimed for the following anti-forensics purpose: the attacker can cheat the forensics investigator by decrypting an encrypted file to a meaningful file other than that one he encrypted, in the case that he is caught by the forensics investigator and ordered to hand over the key for decryption. We then present a construction of secure disguisable symmetric encryption schemes.
基金supports in part by the National Key R&D Program of China(No.2020YFA0712300)in part by the National Natural Science Foundation of China(Grant Nos.62132005 and 62172162).
文摘Data outsourcing has become an industry trend with the popularity of cloud computing.How to search data securely and efficiently has received unprecedented attention.Dynamic Searchable Symmetric Encryption(DSSE)is an effective method to solve this problem,which supports file updates and keyword-based searches over encrypted data.Unfortunately,most existing DSSE schemes have privacy leakages during the addition and deletion phases,thus proposing the concepts of forward and backward privacy.At present,some secure DSSE schemes with forward and backward privacy have been proposed,but most of these DSSE schemes only achieve single-keyword query in the single-client setting,which seriously limits the application in practice.To solve this problem,we propose a multi-client and multikeyword searchable symmetric encryption scheme with forward and backward privacy(MMKFB).Our scheme focuses on the multi-keyword threshold queries in the multi-client setting,which is a new pattern of multi-keyword search realized with the help of additive homomorphism.And performance analysis and experiments demonstrate that our scheme is more practical for use in small and medium size databases.Especially when a large number of files are updated at once,our scheme has advantages over some existing DSSE schemes in terms of computational efficiency and client storage overhead.
基金Türkiye Bilimsel ve Teknolojik Arastırma Kurumu。
文摘This paper introduces a novel lightweight colour image encryption algorithm,specifically designed for resource-constrained environments such as Internet of Things(IoT)devices.As IoT systems become increasingly prevalent,secure and efficient data transmission becomes crucial.The proposed algorithm addresses this need by offering a robust yet resource-efficient solution for image encryption.Traditional image encryption relies on confusion and diffusion steps.These stages are generally implemented linearly,but this work introduces a new RSP(Random Strip Peeling)algorithm for the confusion step,which disrupts linearity in the lightweight category by using two different sequences generated by the 1D Tent Map with varying initial conditions.The diffusion stage then employs an XOR matrix generated by the Logistic Map.Different evaluation metrics,such as entropy analysis,key sensitivity,statistical and differential attacks resistance,and robustness analysis demonstrate the proposed algorithm's lightweight,robust,and efficient.The proposed encryption scheme achieved average metric values of 99.6056 for NPCR,33.4397 for UACI,and 7.9914 for information entropy in the SIPI image dataset.It also exhibits a time complexity of O(2×M×N)for an image of size M×N.
基金supported in part by the Major Science and Technology Projects in Yunnan Province(202202AD080013)King Khalid University for funding this work through Large Group Project under grant number RGP.2/373/45.
文摘Data privacy leakage has always been a critical concern in cloud-based Internet of Things(IoT)systems.Dynamic Symmetric Searchable Encryption(DSSE)with forward and backward privacy aims to address this issue by enabling updates and retrievals of ciphertext on untrusted cloud server while ensuring data privacy.However,previous research on DSSE mostly focused on single keyword search,which limits its practical application in cloud-based IoT systems.Recently,Patranabis(NDSS 2021)[1]proposed a groundbreaking DSSE scheme for conjunctive keyword search.However,this scheme fails to effectively handle deletion operations in certain circumstances,resulting in inaccurate query results.Additionally,the scheme introduces unnecessary search overhead.To overcome these problems,we present CKSE,an efficient conjunctive keyword DSSE scheme.Our scheme improves the oblivious shared computation protocol used in the scheme of Patranabis,thus enabling a more comprehensive deletion functionality.Furthermore,we introduce a state chain structure to reduce the search overhead.Through security analysis and experimental evaluation,we demonstrate that our CKSE achieves more comprehensive deletion functionality while maintaining comparable search performance and security,compared to the oblivious dynamic cross-tags protocol of Patranabis.The combination of comprehensive functionality,high efficiency,and security makes our CKSE an ideal choice for deployment in cloud-based IoT systems.
基金supported by the National Natural Science Foundation of China (Grant Nos.61932010 and 62072357)the Zhuhai Top Discipline-Information Securitysupported by the China Scholarship Council (CSC)and the Australian Research Council (ARC).
文摘Searchable symmetric encryption(SSE)has been introduced for secure outsourcing the encrypted database to cloud storage,while maintaining searchable features.Of various SSE schemes,most of them assume the server is honest but curious,while the server may be trustless in the real world.Considering a malicious server not honestly performing the queries,verifiable SSE(VSSE)schemes are constructed to ensure the verifiability of the search results.However,existing VSSE constructions only focus on single-keyword search or incur heavy computational cost during verification.To address this challenge,we present an efficient VSSE scheme,built on OXT protocol(Cash et al.,CRYPTO 2013),for conjunctive keyword queries with sublinear search overhead.The proposed VSSE scheme is based on a privacy-preserving hash-based accumulator,by leveraging a well-established cryptographic primitive,Symmetric Hidden Vector Encryption(SHVE).Our VSSE scheme enables both correctness and completeness verifiability for the result without pairing operations,thus greatly reducing the computational cost in the verification process.Besides,the proposed VSSE scheme can still provide a proof when the search result is empty.Finally,the security analysis and experimental evaluation are given to demonstrate the security and practicality of the proposed scheme.
文摘In the digital age, the data exchanged within a company is a wealth of knowledge. The survival, growth and influence of a company in the short, medium and long term depend on it. Indeed, it is the lifeblood of any modern company. A companys operational and historical data contains strategic and operational knowledge of ever-increasing added value. The emergence of a new paradigm: big data. Today, the value of the data scattered throughout this mother of knowledge is calculated in billions of dollars, depending on its size, scope and area of intervention. With the rise of computer networks and distributed systems, the threats to these sensitive resources have steadily increased, jeopardizing the existence of the company itself by drying up production and losing the interest of customers and suppliers. These threats range from sabotage to bankruptcy. For several decades now, most companies have been using encryption algorithms to protect and secure their information systems against the threats and dangers posed by the inherent vulnerabilities of their infrastructure and the current economic climate. This vulnerability requires companies to make the right choice of algorithms to implement in their management systems. For this reason, the present work aims to carry out a comparative study of the reliability and effectiveness of symmetrical and asymmetrical cryptosystems, in order to identify one or more suitable for securing academic data in the DRC. The analysis of the robustness of commonly used symmetric and asymmetric cryptosystems will be the subject of simulations in this article.
基金This research was funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University through the Fast-track Research Funding Program to support publication in the top journal(Grant no.42-FTTJ-12).
文摘Due to the rapid growth of telemedicine and healthcare services,color medical image security applications have been expanded precipitously.In this paper,an asymmetric PTFrFT(Phase Truncated Fractional Fourier Transform)-based color medical image cryptosystem is suggested.Two different phases in the fractional Fourier and output planes are provided as deciphering keys.Accordingly,the ciphering keys will not be employed for the deciphering procedure.Thus,the introduced PTFrFT algorithm comprises asymmetric ciphering and deciphering processes in contrast to the traditional optical symmetric OSH(Optical Scanning Holography)and DRPE(Double Random Phase Encoding)algorithms.One of the principal impacts of the introduced asymmetric cryptosystem is that it eliminates the onedimensionality aspects of the related symmetric cryptosystems due to its remarkable feature of phase nonlinear truncation components.More comparisons on various colormedical images are examined and analyzed to substantiate the cryptosystem efficacy.The achieved experimental outcomes ensure that the introduced cryptosystem is robust and secure.It has terrific cryptography performance compared to conventional cryptography algorithms,even in the presence of noise and severe channel attacks.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant Nos. 61173151, 61173152) and the Fundamental Research Funds for the Central Universities (K5051270003).
文摘Key-dependent message (KDM) security is an important security issue that has attracted much research in recent years. In this paper, we present a new construction of the symmetric encryption scheme in the the ideal cipher model (ICM); we prove that our scheme is KDM secure against active attacks with respect to arbitrary polynomialtime challenge functions. Our main idea is to introduce a universal hash function (UHF) h as a random value for each encrypfion, and then use s = h(sk) as the key of the ideal cipher F, where sk is the private key of our symmetric encryption scheme. Although many other schemes that are secure against KDM attacks have already been proposed, in both the ideal standard models, the much more significance of our paper is the simplicity in which we implement KDM security against active attacks.
基金This project was funded by the Taif University Researchers Supporting Project Number(TURSP-2020/347),Taif Unversity,Taif,Saudi Arabia.
文摘The 3PAKE(Three-Party Authenticated Key Exchange)protocol is a valuable cryptographic method that offers safe communication and permits two diverse parties to consent to a new safe meeting code using the trusted server.There have been explored numerous 3PAKE protocols earlier to create a protected meeting code between users employing the trusted server.However,existing modified 3PAKE protocols have numerous drawbacks and are incapable to provide desired secrecy against diverse attacks such as manin-the-middle,brute-force attacks,and many others in social networks.In this article,the authors proposed an improved as well as safe 3PAKE protocol based on the hash function and the symmetric encryption for the social networks.The authors utilized a well-acknowledged AVISPA tool to provide security verification of the proposed 3PAKE technique,and findings show that our proposed protocol is safer in opposition to active as well as passive attacks namely the brute-force,man-in-the-middle,parallel attack,and many more.Furthermore,compared to other similar schemes,the proposed protocol is built with a reduced computing cost as our proposed protocol consumes less time in execution and offers high secrecy in the social networks with improved accuracy.As a result,this verified scheme is more efficient as well as feasible for implementation in the social networks in comparison to previous security protocols.Although multifarious authors carried out extensive research on 3PAKE protocols to offer safe communication,still there are vital opportunities to explore and implement novel improved protocols for higher safety in the social networks and mobile commerce environment in the future in opposition to diverse active as well as passive attacks.
文摘A modification of the Hill cipher algorithm was recently proposed by Ismail et al.(2006),who claimed that their new scheme could offer more security than the original one due to an extra non-linearity layer introduced via an elaborated key gen-eration mechanism.That mechanism produces one different encryption key for each one of the plaintext blocks.Nevertheless,we show in this paper that their method still has severe security flaws whose weaknesses are essentially the same as that already found in the original Hill cipher scheme.
文摘In a secure group communication system, messages must be encrypted before being transmitted to group members to prevent unauthorized access. In many secure group communication schemes, whenever a member leaves or joins the group, group center (GC) immediately changes the common encryption key and sends the new key to all valid members for forward and backward secrecy. If valid members are not on-line, they will miss the re-keying messages and will not be able to decrypt any ciphertext. Therefore, group members must be able to store the state of the system. In some applications, like global positioning systems (GPS) or pay-per-view systems, it is not reasonable to ask group members to stay on-line all the time and save the changes to the system. A hierarchical binary tree-based key management scheme are proposed for a secure group communication. This scheme reduces the key storage requirement of GC to a constant size and the group members are not required to be on-line constantly (stateless).
基金Project supported by NSFC(Grant Nos.U1836205,61702040)the Major Scientific and Technological Special Project of Guizhou Province(Grant No.20183001)+2 种基金the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(Grant No.2018BDKFJJ016)the Foundation of State Key Laboratory of Public Big Data(Grant No.2018BDKFJJ018)Beijing Natural Science Foundation(Grant No.4174089).
文摘To ensure the security during the communication,we often adopt different ways to encrypt the messages to resist various attacks.However,with the computing power improving,the existing encryption and authentication schemes are being faced with big challenges.We take the message authentication as an example into a careful consideration.Then,we proposed a new message authentication scheme with the Advanced Encryption Standard as the encryption function and the new quantum Hash function as the authentication function.Firstly,the Advanced Encryption Standard algorithm is used to encrypt the result of the initial message cascading the corresponding Hash values,which ensures that the initial message can resist eavesdropping attack.Secondly,utilizing the new quantum Hash function with quantum walks can be much more secure than traditional classical Hash functions with keeping the common properties,such as one-wayness,resisting different collisions and easy implementation.Based on these two points,the message authentication scheme can be much more secure than previous ones.Finally,it is a new way to design the message authentication scheme,which provides a new thought for other researchers in the future.Our works will contribute to the study on the new encryption and authentication functions and the combination of quantum computing with traditional cryptology in the future.
基金This work is supported by Guangxi Cooperative Innovation Center of Cloud Computing and Big Data(No.YD16506)。
文摘Cloud computing facilitates convenient and on-demand network access to a centralized pool of resources.Currently,many users prefer to outsource data to the cloud in order to mitigate the burden of local storage.However,storing sensitive data on remote servers poses privacy challenges and is currently a source of concern.SE(Searchable Encryption)is a positive way to protect users sensitive data,while preserving search ability on the server side.SE allows the server to search encrypted data without leaking information in plaintext data.The two main branches of SE are SSE(Searchable Symmetric Encryption)and PEKS(Public key Encryption with Keyword Search).SSE allows only private key holders to produce ciphertexts and to create trapdoors for search,whereas PEKS enables a number of users who know the public key to produce ciphertexts but allows only the private key holder to create trapdoors.This article surveys the two main techniques of SE:SSE and PEKS.Different SE schemes are categorized and compared in terms of functionality,efficiency,and security.Moreover,we point out some valuable directions for future work on SE schemes.
基金supported by the Fundamental Research Funds for the Central Universities under grants 310421108.
文摘The prosperity of network function virtualization(NFV)pushes forward the paradigm of migrating in-house middleboxes to third-party providers,i.e.,software(virtualized)middlebox services.A lot of enterprises have outsourced traffic processing such as deep packet inspection(DPI),traffic classification,and load balancing to middleboxes provided by cloud providers.However,if the traffic is forwarded to the cloud provider without careful processing,it will cause privacy leakage,as the cloud provider has all the rights to access the data.To solve the security issue,recent efforts are made to design secure middleboxes that can directly conduct network functions over encrypted traffic and middlebox rules.However,security concerns from dynamic operations like dynamic DPI and rule updates are still not yet fully addressed.In this paper,we propose a privacy-preserving dynamic DPI scheme with forward privacy for outsourced middleboxes.Our design can enable cloud side middlebox to conduct secure packet inspection over encrypted traffic data.Besides,the middlebox providers cannot analyze the relationship between the newly added rules and the previous data.Several recent papers have proven that it is a strong property that resist adaptive attacks.Furthermore,we design a general method to inspect stateful packets while still ensuring the state privacy protection.We formally define and prove the security of our design.Finally,we implement a system prototype and analyze the performance from experimental aspects.The evaluation results demonstrate our scheme is effective and efficient.
基金Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant Nos. 61003244, 61100224), Doctoral Fund of Ministry of Education of China (20120171110027).Fundamental Research Funds for the Central Universities (1 11gpy71).
文摘A non-delegatable strong designated verifier signature (NSDVS) enforces verification of a signature by a designated verifier only. The concept is useful in various commercial cryptographic applications such as copyright protection, e-voting, and e-libraries. This paper reports the shortest NSDVS so far that consists of only two elements. The scheme is inspired by an identification scheme and Cramer et al.'s OR-proof technique where a prover can prove that he knows at least one out two secrets. It is solidified by a symmetric key based group to group encryption algorithm. Two implementations of the algorithm are reported. The scheme is provably secure with respect to its properties of unforgeability, non-transferability, privacy of signer's identity, and non-delegatability.
