Suchergebnisse

Today, cryptographic applications are used in nearly all areas of our lives, including the economy, health, military, and entertainment. Without them, society would change in ways we can hardly imagine. Since the publication of Shor's algorithm in 1994, however, we know that those cryptographic applications based on the problems of factoring and discrete logarithm are threatened by quantum computer attacks. Most current applications belong to this category. Code-based cryptography is conjectured to be secure against quantum computer attacks, and it has several other advantages. Firstly, it exhibits advanced security properties: for example, binary Goppa codes are considered a secure choice for many schemes, and the McEliece encryption scheme has not been broken in over 30 years since its publication (merely an adjustment of the parameters was necessary). Secondly, since code-based cryptosystems are based on linear algebra instead of, for example, arithmetic using floating-point numbers, they are usually very fast and can be implemented on devices with a low computing power and without cryptographic co-processor. Finally, the complexity of attacks against code-based schemes can usually be estimated accurately in the expected number of binary operations instead of relying on the asymptotic O-notation. This allows a precise computation of the security level a scheme provides. The major drawback of most code-based schemes is their large key size. This thesis contributes to two important aspects in the development of cryptographic applications. The first concerns the use of secure cryptographic primitives. While schemes like the McEliece and Niederreiter encryption schemes have been studied for a long time and are considered secure, new schemes or variants of existing ones are constantly being developed. The objectives are to decrease the key size, create schemes with new properties, or to introduce other improvements. In order to assess the security of these schemes, they have to be subjected to all relevant attacks. We contribute to this aspect by introducing a new type of attack, a broadcast attack, and by improving and generalizing existing attacks. Secondly, once a secure primitive has been found, appropriate code parameters have to be selected. This choice needs to reflect several constraints. Most importantly, the parameters have to provide a sufficient security level. Other constraints concern different aspects of efficiency, e.g. encryption or decryption time, required bandwidth, memory size etc. Our contribution is the selection of optimal parameters for the McEliece cryptosystem and the QD-CFS signature scheme by applying Lenstra and Verheul's framework.

Abstrak Voting telah menjadi bagian penting dari demokrasi. Terdapat beberapa faktor yang harus dipenuhi agar proses voting dapat dilaksanakan dengan baik. Misalnya, otentikasi pengguna, yaitu hanya mereka yang benar-benar memenuhi syarat saja yang boleh mengikuti proses voting tersebut; keamanan data, yaitu data yang dikirimkan untuk proses voting harus bersifat rahasia. Sistem voting secara manual bisa memenuhi persyaratan tersebut, akan tetapi penggunaan sistem voting secara elektronik (e-voting) bisa menjadi suatu alternatif. Dengan penggunaan e-voting, diharapkan proses yang dilakukan bisa lebih transparan dan bisa lebih mudah untuk memenuhi persyaratan yang ada. Dalam makalah ini, kami mengusulkan penggunaan biometrik, khususnya sidik jari, sebagai media untuk melakukan otentikasi; dan kriptografi kombinasi kunci privat dan publik untuk menjada kerahasiaan data. Tidak seperti PIN (personal identification number) atau kata sandi (password), sidik jari relatif sulit dipindahtangankan atau bahkan dipalsukan. Di sisi yang lain, kriptografi kunci privat digunakan untuk menjaga kerahasiaan data, sedangkan kriptografi kunci publik digunakan untuk menjaga kerahasiaan kunci privat. Selain itu, desain arsitektur e-voting juga diusulkan. Evaluasi dilakukan, terutama untuk mengetahui tingkat akurasi proses otentikasi dan juga waktu yang diperlukan untuk melakukan otentikasi, enkripsi dan dekripsi terhadap data. Berdasarkan uji coba yang dilakukan, didapatkan bahwa waktu yang diperlukan relatif tinggi, yang dipengaruhi oleh banyak faktor, seperti spesifikasi komputer yang digunakan. Kata Kunci: keamanan data, otentikasi, kriptografi Abstract Voting has played an important role in the democracy. There are some factors must be met to make the voting process running well. For example, the authenticity of the users, this means that only they who fulfill the requirements are granted access to participate in the voting process; data security, which means that the data sent during voting process must be protected. A manual voting system may be able to meet those requirements, however, an electronic voting (e-voting) system can be an alternative. By implementing e-voting, the process may be more transparent and makes it easier to fulfill the requirements. In this paper, we propose to use biometrics, particularly fingerprint, to be a medium for authenticating users; and private and public key cryptography for securing the data confidentiality. It is more difficult for attackers to transfer, distribute or even forge fingerprint than PIN (personal identification number) or password. In addition, private key cryptography is used for protecting the data, while public key cryptography is for securing the key of the private cryptography. Furthermore, architecture of e-voting is also presented. The evaluation is performed, especially to measure the acccuracy level of the authentication; and the time taken for this authentication process as well as encryption and decryption of the data. According to the experimental result, it can be inferred that the time taken is relatively high. In fact, it is affected by various factors, for example, the specification of the computer being used. Keywords: data security, authentication, cryptography.

In this paper we propose a new secure E-Voting protocol based on public-key encryption cryptosystem. This protocol is summarized in three processes: firstly, access control process which involves the identification and authentication phases for the applied citizens. Secondly, the voting process which will be done by ciphering the voter information using public-key encryption cryptosystem (RSA), to be submitted over an insecure network to the specified government election server. Finally, the election server administrator will sort the final result by deciphering the received encrypted information using RSA private key. Actually, this E-Voting protocol is more efficient than others E-Voting protocols since the voter can vote from his/her own personal computer (PC) without any extra cost and effort. The RSA public-key encryption system ensures the security of the proposed protocol. However, to prevent a brute force attack, the choice of the key size becomes crucial.

La crescita incontrollata di dati prodotti da molte sorgenti, eterogenee e di- namiche, spinge molti possessori di tali dati a immagazzinarli su server nel cloud, anche al fine di condividerli con terze parti. La condivisione di dati su server (possibilmente) non fidati fonte di importanti e non banali questioni riguardanti sicurezza, privacy, confidenzialit e controllo degli accessi. Al fine di prevenire accessi incontrollati ai dati, una tipica soluzione consiste nel cifrare i dati stessi. Seguendo tale strada, la progettazione e la realizzazione di politiche di accesso ai dati cifrati da parte di terze parti (che possono avere differenti diritti sui dati stessi) un compito complesso, che impone la presenza di un controllore fidato delle politiche. Una possibile soluzione l'impiego di un meccanismo per il controllo degli accessi basato su schemi di cifratura attribute-base (ABE ), che permette al possessore dei dati di cifrare i dati in funzione delle politiche di accesso dei dati stessi. Di contro, l'adozione di tali meccanismi di controllo degli accessi presentano due problemi (i) privacy debole: le politiche di accesso sono pubbliche e (ii) inefficienza: le politiche di accesso sono statiche e una loro modifica richiede la ricifratura (o la cifratura multipla) di tutti i dati. Al fine di porre rimedio a tali problemi, il lavoro proposto in questa tesi prende in con- siderazione un particolare schema di cifratura attribute-based, chiamato inner product encryption (IPE, che gode della propriet attribute-hiding e pertanto riesce a proteggere la privatezza delle politiche di accesso) e lo combina con le tecniche di proxy re-encryption, che introducono una maggiore flessibilit ed efficienza. La prima parte di questa tesi discute l'adeguatezza dell'introduzione di un meccanismo di controllo degli accessi fondato su schema basato su inner product e proxy re-encryption (IPPRE ) al fine di garantire la condivisione sicura di dati immagazzinati su cloud server non fidati. Pi specificamente, proponiamo due proponiamo due versioni di IPE : in prima istanza, presentiamo una versione es- tesa con proxy re-encryption di un noto schema basato su inner product [1]. In seguito, usiamo tale schema in uno scenario in cui vengono raccolti e gestiti dati medici. In tale scenario, una volta che i dati sono stati raccolti, le politiche di ac- cesso possono variare al variare delle necessit dei diversi staff medici. Lo schema proposto delega il compito della ricifratura dei dati a un server proxy parzial- mente fidato, che pu trasformare la cifratura dei dati (che dipende da una polit- ica di accesso) in un'altra cifratura (che dipende da un'altra politica di accesso) senza per questo avere accesso ai dati in chiaro o alla chiave segreta utilizzata dal possessore dei dati. In tal modo, il possessore di una chiave di decifratura corrispondente alla seconda politica di accesso pu accedere ai dati senza intera- gire con il possessore dei dati (richiedendo cio una chiave di decifratura associata alla propria politica di accesso). Presentiamo un'analisi relativa alle prestazioni di tale schema implementato su curve ellittiche appartenenti alle classi SS, MNT e BN e otteniamo incoraggianti risultati sperimentali. Dimostriamo inoltre che lo schema proposto sicuro contro attacchi chosen plaintext sotto la nota ipotesi DLIN. In seconda istanza, presentiamo una versione ottimizzata dello schema proposto in precedenza (E-IPPRE ), basata su un ben noto schema basato suinner product, proposto da Kim [2]. Lo schema E-IPPRE proposto richiede un numero costante di operazioni di calcolo di pairing e ci garantisce che gli oggetti prodotti dall esecuzione dello schema (chiavi di decifratura, chiavi pubbliche e le cifrature stesse) sono di piccole rispetto ai parametri di sicurezza e sono efficientemente calcolabili. Testiamo sperimentalmente l'efficienza dello schema proposto e lo proviamo (selettivamente nei confronti degli attributi) sicuro nei confronti di attacchi chosen plaintext sotto la nota ipotesi BDH. In altri termini, lo schema proposto non rivela alcuna informazione riguardante le politiche di accesso. La seconda parte di questa tesi presenta uno schema crittografico per la condivisione sicura dei dati basato su crittografia attribute-based e adatto per scenari basati su IoT. Come noto, il problema principale in tale ambito riguarda le limitate risorse computazionali dei device IoT coinvolti. A tal proposito, proponiamo uno schema che combina la flessibilit di E-IPPRE con l'efficienza di uno schema di cifratura simmetrico quale AES, ottenendo uno schema di cifratura basato su inner product, proxy-based leggero (L-IPPRE ). I risultati sperimentali confermano l'adeguatezza di tale schema in scenari IoT.Riferimenti [1] Jong Hwan Park. Inner-product encryption under standard assumptions. Des. Codes Cryptography, 58(3):235–257, March 2011. [2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi- cient predicate encryption with constant pairing computations and minimum costs. IEEE Trans. Comput., 65(10):2947–2958, October 2016. ; With the ever-growing production of data coming from multiple, scattered, and highly dynamical sources, many providers are motivated to upload their data to the cloud servers and share them with other persons for different purposes. However, storing data on untrusted cloud servers imposes serious concerns in terms of security, privacy, data confidentiality, and access control. In order to prevent privacy and security breaches, it is vital that data is encrypted first before it is outsourced to the cloud. However, designing access control mod- els that enable different users to have various access rights to the shared data is the main challenge. To tackle this issue, a possible solution is to employ a cryptographic-based data access control mechanism such as attribute-based encryption (ABE ) scheme, which enables a data owner to take full control over data access. However, access control mechanisms based on ABE raise two chal- lenges: (i) weak privacy: they do not conceal the attributes associated with the ciphertexts, and therefore they do not satisfy attribute-hiding security, and (ii) inefficiency: they do not support efficient access policy change when data is required to be shared among multiple users with different access policies. To address these issues, this thesis studies and enhances inner-product encryption (IPE ), a type of public-key cryptosystem, which supports the attribute-hiding property as well as the flexible fine-grained access control based payload-hiding property, and combines it with an advanced cryptographic technique known as proxy re-encryption (PRE ). The first part of this thesis discusses the necessity of applying the inner- product proxy re-encryption (IPPRE ) scheme to guarantee secure data sharing on untrusted cloud servers. More specifically, we propose two extended schemes of IPE : in the first extended scheme, we propose an inner-product proxy re- encryption (IPPRE ) protocol derived from a well-known inner-product encryp- tion scheme [1]. We deploy this technique in the healthcare scenario where data, collected by medical devices according to some access policy, has to be changed afterwards for sharing with other medical staffs. The proposed scheme delegates the re-encryption capability to a semi-trusted proxy who can transform a dele- gator's ciphertext associated with an attribute vector to a new ciphertext associ- ated with delegatee's attribute vector set, without knowing the underlying data and private key. Our proposed policy updating scheme enables the delegatee to decrypt the shared data with its own key without requesting a new decryption key. We analyze the proposed protocol in terms of its performance on three dif- ferent types of elliptic curves such as the SS curve, the MNT curve, and the BN curve, respectively. Hereby, we achieve some encouraging experimental results. We show that our scheme is adaptive attribute-secure against chosen-plaintext under standard Decisional Linear (D-Linear ) assumption. To improve the per- formance of this scheme in terms of storage, communication, and computation costs, we propose an efficient inner-product proxy re-encryption (E-IPPRE ) scheme using the transformation of Kim's inner-product encryption method [2]. The proposed E-IPPRE scheme requires constant pairing operations for its al- gorithms and ensures a short size of the public key, private key, and ciphertext,making it the most efficient and practical compared to state of the art schemes in terms of computation and communication overhead. We experimentally as- sess the efficiency of our protocol and show that it is selective attribute-secure against chosen-plaintext attacks in the standard model under Asymmetric De- cisional Bilinear Diffie-Hellman assumption. Specifically, our proposed schemes do not reveal any information about the data owner's access policy to not only the untrusted servers (e.g, cloud and proxy) but also to the other users. The second part of this thesis presents a new lightweight secure data sharing scheme based on attribute-based cryptography for a specific IoT -based health- care application. To achieve secure data sharing on IoT devices while preserving data confidentiality, the IoT devices encrypt data before it is outsourced to the cloud and authorized users, who have corresponding decryption keys, can ac- cess the data. The main challenge, in this case, is on the one hand that IoT devices are resource-constrained in terms of energy, CPU, and memory. On the other hand, the existing public-key encryption mechanisms (e.g., ABE ) require expensive computation. We address this issue by combining the flexibility and expressiveness of the proposed E-IPPRE scheme with the efficiency of symmet- ric key encryption technique (AES ) and propose a light inner-product proxy re-encryption (L-IPPRE ) scheme to guarantee secure data sharing between dif- ferent entities in the IoT environment. The experimental results confirm that the proposed L-IPPRE scheme is suitable for resource-constrained IoT scenar- ios.References [1] Jong Hwan Park. Inner-product encryption under standard assumptions. Des. Codes Cryptography, 58(3):235–257, March 2011. [2] Intae Kim, Seong Oun Hwang, Jong Hwan Park, and Chanil Park. An effi- cient predicate encryption with constant pairing computations and minimum costs. IEEE Trans. Comput., 65(10):2947–2958, October 2016.

International Journal of Advanced Research in Artificial Intelligence(IJARAI), 3(10), 2014 ; Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tends to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. This paper also demonstrates the feasibility of using finite-state machines as a formal method to analyse the proposed protocols. Finally we showed how Petri Nets could be used to simulate the communication patterns between the server and client as well as to validate the protocol functionality. ; http://thesai.org/Downloads/IJARAI/Volume3No10/Paper_5-Modelling_and_Simulation.pdf

The world has already witnessed many epidemic diseases in the past years, like H1N1, SARS, and Ebola etc. Now, Covid-19 has also been added to list, which is declared as pandemic by World Health Organization. One of the most commonly used method to tackle the spread of such diseases is using mobile applications to perform contact tracing of the infected person. However, contact tracing applications involve transmitting sensitive location based data of the infected person to the government servers. Therefore, recently this has raised a lot of concerns regarding privacy of the infected persons. This work proposes a light-weight and secure encryption scheme, based on location based encryption which can be used to transfer the location data to the server without compromising its security. The main aim of the work is design an algorithm in such a way that the encrypted transferred data can only be decrypted at the server and in-between data leakage can be prevented. This work proposes to use location based encryption combined with Learning with Errors problems in Lattices, which can provide a solution to privacy concerns in contact tracing, which will even be applicable in the post quantum period.

This article represents a dual security mechanism based on compressive sensing, quantum chaos map, random pixel exchange, and frequency division approach. It also provides the digital data authentication system based on combined approach of DWT and SVD. Two watermarks are used for dual authentication purposes and compressive sensing is used to provide parallel compression and data encryption. The detail algorithm and approach is explained in the next section. This approach is more effective than other conventional approachs and takes less time and space complexity to the others i.e. AES, DES RSA type data encryption mechanism. This article also provides the parallel compression mechanism which reduced the required memory size. This mechanism also provides the parallel digital data security as well as authentication system which provided more secure communication on the social network and also provides a secure authentication mechanism based on frequency division, compressive sensing, random pixel exchange, etc. The results are shown in the form of images and tables.