Computer Engineering Commons^™

Closing The Gap: Leveraging Aes-Ni To Balance Adversarial Advantage And Honest User Performance In Argon2i, Nicholas Harrell, Nathaniel Krakauer

CERIAS Technical Reports

The challenge of providing data privacy and integrity while maintaining efficient performance for honest users is a persistent concern in cryptography. Attackers exploit advances in parallel hardware and custom circuit hardware to gain an advantage over regular users. One such method is the use of Application-Specific Integrated Circuits (ASICs) to optimize key derivation function (KDF) algorithms, giving adversaries a significant advantage in password guessing and recovery attacks. Other examples include using graphical processing units (GPUs) and field programmable gate arrays (FPGAs). We propose a focused approach to close the gap between adversarial advantage and honest user performance by leveraging the …

Hashes Are Not Suitable To Verify Fixity Of The Public Archived Web, Mohamed Aturban, Martin Klein, Herbert Van De Sompel, Sawood Alam, Michael L. Nelson, Michele C. Weigle

Computer Science Faculty Publications

Web archives, such as the Internet Archive, preserve the web and allow access to prior states of web pages. We implicitly trust their versions of archived pages, but as their role moves from preserving curios of the past to facilitating present day adjudication, we are concerned with verifying the fixity of archived web pages, or mementos, to ensure they have always remained unaltered. A widely used technique in digital preservation to verify the fixity of an archived resource is to periodically compute a cryptographic hash value on a resource and then compare it with a previous hash value. If the …

An Optimized And Scalable Blockchain-Based Distributed Learning Platform For Consumer Iot, Zhaocheng Wang, Xueying Liu, Xinming Shao, Abdullah Alghamdi, Md. Shirajum Munir, Sujit Biswas

School of Cybersecurity Faculty Publications

Consumer Internet of Things (CIoT) manufacturers seek customer feedback to enhance their products and services, creating a smart ecosystem, like a smart home. Due to security and privacy concerns, blockchain-based federated learning (BCFL) ecosystems can let CIoT manufacturers update their machine learning (ML) models using end-user data. Federated learning (FL) uses privacy-preserving ML techniques to forecast customers' needs and consumption habits, and blockchain replaces the centralized aggregator to safeguard the ecosystem. However, blockchain technology (BCT) struggles with scalability and quick ledger expansion. In BCFL, local model generation and secure aggregation are other issues. This research introduces a novel architecture, emphasizing …

Design Of Secure Communication Schemes To Provide Authentication And Integrity Among The Iot Devices, Vidya Rao Dr.

Technical Collection

The fast growth in Internet-of-Things (IoT) based applications, has increased the number of end-devices communicating over the Internet. The end devices are made with fewer resources and are low battery-powered. These resource-constrained devices are exposed to various security and privacy concerns over publicly available Internet communication. Thus, it becomes essential to provide lightweight security solutions to safeguard data and user privacy. Elliptic Curve Cryptography (ECC) can be used to generate the digital signature and also encrypt the data. The method can be evaluated on a real-time testbed deployed using Raspberry Pi3 devices and every message transmitted is subjected to ECC. …

Application Of Huffman Data Compression Algorithm In Hashing Computation, Lakshmi Narasimha Devulapalli Venkata,

Masters Theses & Specialist Projects

Cryptography is the art of protecting information by encrypting the original message into an unreadable format. A cryptographic hash function is a hash function which takes an arbitrary length of the text message as input and converts that text into a fixed length of encrypted characters which is infeasible to invert. The values returned by the hash function are called as the message digest or simply hash values. Because of its versatility, hash functions are used in many applications such as message authentication, digital signatures, and password hashing [Thomsen and Knudsen, 2005].

The purpose of this study is to apply …

Cache-Timing Attacks Without A Profiling Phase, Ali̇ Can Atici, Cemal Yilmaz, Erkay Savaş

Turkish Journal of Electrical Engineering and Computer Sciences

Theoretically secure cryptographic algorithms can be vulnerable to attacks due to their implementation flaws. Bernstein's attack is a well-known cache-timing attack that uses execution times as the side-channel. The major drawback of this attack is that it needs an identical target machine to perform its profiling phase where the attacker models the cache timing-behavior of the target machine. This assumption makes the attack unrealistic in many circumstances. In this work, we present an effective method to eliminate the profiling phase. We propose a methodology to model the cache timing-behavior of the target machine by trying hypothetical cache behaviors exhaustively. Our …

Transferable Multiparty Computation, Michael R. Clark, Kenneth M. Hopkinson

AFIT Patents

A method and apparatus are provided for secure multiparty computation. A set of first parties is selected from a plurality of first parties for computation. Inputs for computation associated with each party in the set of first parties are divided into shares to be sent to other parties in the set of first parties. The computation on the shares is performed by the set of first parties using multiparty computation functions. In response to a trigger event, shares of the set of first parties are transferred to a set of second parties selected from a plurality of second parties. The …

On The Independence Of Statistical Randomness Tests Included In The Nist Test Suite, Fati̇h Sulak, Muhi̇ddi̇n Uğuz, Onur Koçak, Ali̇ Doğanaksoy

Turkish Journal of Electrical Engineering and Computer Sciences

Random numbers and random sequences are used to produce vital parts of cryptographic algorithms such as encryption keys and therefore the generation and evaluation of random sequences in terms of randomness are vital. Test suites consisting of a number of statistical randomness tests are used to detect the nonrandom characteristics of the sequences. Construction of a test suite is not an easy task. On one hand, the coverage of a suite should be wide; that is, it should compare the sequence under consideration from many different points of view with true random sequences. On the other hand, an overpopulated suite …

Mutual Correlation Of Nist Statistical Randomness Tests And Comparison Of Their Sensitivities On Transformed Sequences, Ali̇ Doğanaksoy, Fati̇h Sulak, Muhi̇ddi̇n Uğuz, Okan Şeker, Zi̇ya Akcengi̇z

Turkish Journal of Electrical Engineering and Computer Sciences

Random sequences are widely used in many cryptographic applications and hence their generation is one of the main research areas in cryptography. Statistical randomness tests are introduced to detect the weaknesses or nonrandom characteristics that a sequence under consideration may have. In the literature, there exist various statistical randomness tests and test suites, defined as a collection of tests. An efficient test suite should consist of a number of uncorrelated statistical tests each of which measures randomness from another point of view. `Being uncorrelated' is not a well-defined or well-understood concept in the literature. In this work, we apply Pearson's …

The Role Of Cryptography In Security For Electronic Commerce, Ann Murphy, David Murphy

The ITB Journal

Many businesses and consumers are wary of conducting business over the Internet due to a perceived lack of security. Electronic business is subject to a variety of threats such as unauthorised access, misappropriation, alteration and destruction of both data and systems. This paper explores the major security concerns of businesses and users and describes the cryptographic techniques used to reduce such risks.

Prevention And Detection Of Intrusions In Wireless Sensor Networks, Ismail Butun

USF Tampa Graduate Theses and Dissertations

Wireless Sensor Networks (WSNs) continue to grow as one of the most exciting and challenging research areas of engineering. They are characterized by severely constrained computational and energy

resources and also restricted by the ad-hoc network operational

environment. They pose unique challenges, due to limited power

supplies, low transmission bandwidth, small memory sizes and limited energy. Therefore, security techniques used in traditional networks cannot be directly adopted. So, new ideas and approaches are needed, in order to increase the overall security of the network. Security applications in such resource constrained WSNs with minimum overhead provides significant challenges, and is the …

Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel

Theses and Dissertations

Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …

Fast Software Multiplication In F_2[X] For Embedded Processors, Serdar Süer Erdem

Turkish Journal of Electrical Engineering and Computer Sciences

We present a novel method for fast multiplication of polynomials over F_2 which can be implemented efficiently in embedded software. Fast polynomial multiplication methods are needed for the efficient implementation of some cryptographic and coding applications. The proposed method follows a strategy to reduce the memory accesses for input data and intermediate values during computation. This strategy speeds up the binary polynomial multiplication significantly on typical embedded processors with limited memory bandwidth. These multiplications are usually performed by the comb method or the Karatsuba-based methods in embedded software. The proposed method has speed and memory advantages over these methods on …

A Secure On-Line Credit Card Transaction Method Based On Kerberos Authentication Protocol, Jung Eun Kim

UNLV Theses, Dissertations, Professional Papers, and Capstones

Nowadays, electronic payment system is an essential part of modern business. Credit cards or debit cards have been widely used for on-site or remote transactions, greatly reducing the need for inconvenient cash transactions. However, there have been a huge number of incidents of credit card frauds over the Internet due to the security weakness of electronic payment system. A number of solutions have been proposed in the past to prevent this problem, but most of them were inconvenient and did not satisfy the needs of cardholders and merchants at the same time.

In this thesis, we present a new secure …

On The Applications Of Deterministic Chaos For Encrypting Data On The Cloud, Jonathan Blackledge, Nikolai Ptitsyn

Conference papers

Cloud computing is expected to grow considerably in the future because it has so many advantages with regard to sale and cost, change management, next generation architectures, choice and agility. However, one of the principal concerns for users of the Cloud is lack of control and above all, data security. This paper considers an approach to encrypting information before it is ‘place’ on the Cloud where each user has access to their own encryption algorithm, an algorithm that is based on a set of Iterative Function Systems that outputs a chaotic number stream, designed to produce a cryptographically secure cipher. …

A New Multi-Tier Adaptive Military Manet Security Protocol Using Hybrid Cryptography And Signcryption, Atti̇la A. Yavuz, Fati̇h Alagöz, Emi̇n Anarim

Turkish Journal of Electrical Engineering and Computer Sciences

Mobile Ad-hoc NETworks (MANETs) are expected to play an important role in tactical military networks by providing infrastructureless communication. However, maintaining secure and instant information sharing is a difficult task especially for highly dynamic military MANETs. To address this requirement, we propose a new multi-tier adaptive military MANET security protocol using hybrid cryptography and signcryption. In our protocol, we bring novelties to secure military MANET communication for three main points: Cryptographic methods used in MANETs, hybrid key management protocols and structural organization of the military MANETs. As a new approach, we use hybrid cryptography mechanisms and Elliptic Curve Pintsov-Vanstone Signature …

Design And Performance Analysis Of A Secure Proces-Sor Scan-Sp With Crypto-Biometric Capabilities, Raghudeep Kannavara

Browse all Theses and Dissertations

Secure computing is gaining importance in recent times as computing capability is increasingly becoming distributed and information is everywhere. Prevention of piracy and digital rights management has become very important. Information security is mandatory rather than an additional feature. Numerous software techniques have been proposed to provide certain level of copyright and intellectual property protection. Techniques like obfuscation attempt to transform the code into a form that is harder to reverse engineer. Tamper-proofing causes a program to malfunction when it detects that it has been modified. Software watermarking embeds copyright notice in the software code to allow the owners of …

A Cryptanalysis Methodology For The Reverse Engineering Of Encrypted Information In Images, Allan Anthony Rwabutaza

Browse all Theses and Dissertations

Security is an important issue related to the storage and communication of data and information. In data and information security, cryptography and steganography are two of the most common security techniques. On one hand, there is cryptography, which is the secret communication between two parties by message scrambling on the sender's side and message unscrambling on the receiver's side so that only the intended receiver gets the secret message. On the other hand, there is steganography, which is the hiding of information in a medium in such a way that no one other than the sender or the intended receiver …

Implementation And Optimization Of The Advanced Encryption Standard Algorithm On An 8-Bit Field Programmable Gate Array Hardware Platform, Ryan J. Silva

Theses and Dissertations

The contribution of this research is three-fold. The first is a method of converting the area occupied by a circuit implemented on a Field Programmable Gate Array (FPGA) to an equivalent as a measure of total gate count. This allows direct comparison between two FPGA implementations independent of the manufacturer or chip family. The second contribution improves the performance of the Advanced Encryption Standard (AES) on an 8-bit computing platform. This research develops an AES design that occupies less than three quarters of the area reported by the smallest design in current literature as well as significantly increases area efficiency. …

Secured Network Model For Management Information System Based On Ip Security (Ipsec) Encryption Using Multilayered Approach Of Network Security, Dr. Amir Hassan Pathan, Muniza Irshad

International Conference on Information and Communication Technologies

Secured flow of information through the network and play important role in the management information systems. In this paper I describe Secured Network Model For Corporate & Business Organization In Based On Network Level IP Security (IPSec) Encryption & Its Physical Layout Using Multilayered Approach. I have four important considerations for adoption of secured network model as secured network model for management information system.