Cryptography, Volume 6, Issue 2 (June 2022) – 17 articles

Transport Layer Security (TLS) provides a secure channel for end-to-end communications in computer networks. The ChaCha20–Poly1305 cipher suite is introduced in TLS 1.3, mitigating the sidechannel attacks in the cipher suites based on the Advanced Encryption Standard (AES). However, the few implementations cannot provide sufficient speed compared to other encryption standards with Authenticated Encryption with Associated Data (AEAD). This paper shows ChaCha20 and Poly1305 primitives. In addition, a compatible ChaCha20–Poly1305 AEAD with TLS 1.3 is implemented with a fault detector to reduce the problems in fragmented blocks. The AEAD implementation reaches 1.4-cycles-per-byte in a standalone core. Additionally, the system implementation presents 11.56-cycles-per-byte in an RISC-V environment using a TileLink bus. The implementation in Xilinx Virtex-7 XC7VX485T Field-Programmable Gate-Array (FPGA) denotes 10,808 Look-Up Tables (LUT) and 3731 Flip-Flops (FFs), represented in 23% and 48% of ChaCha20 and Poly1305, respectively. Finally, the hardware implementation of ChaCha20–Poly1305 AEAD demonstrates the viability of using a different option from the conventional cipher suite based on AES for TLS 1.3. Full article

The Lightning Network (LN) has emerged as one of the prominent solutions to overcome the biggest limit of blockchain based on PoW: scalability. LN allows for creating a layer on top of an existing blockchain where users can send payments and micro-payments without waiting long confirmation times. One of the key features of LN is that payments can also be sent towards nodes that are not directly connected. From the routing perspective, the balance of an edge that connects two nodes is known, but the distribution between the two involved ends is unknown. Thus, the process of sending payments is based on a trial and error approach, and the routing can be considered probabilistic. Probabilistic Logic Programming (PLP) is a powerful formalism that allows the representation of complex relational domains characterized by uncertainty. In this paper, we study the problem of reasoning about the existence of a path between two nodes that can route a payment of a given size leveraging multiple models based on PLP. We adopt some recently proposed extensions of PLP and develop several models that can be adapted to represent multiple scenarios. Full article

Due to great interest in the secure storage and transmission of color images, the necessity for an efficient and robust RGB image encryption technique has grown. RGB image encryption ensures the confidentiality of color images during storage and transmission. In the literature, a large number of chaotic-based image encryption techniques have been proposed, but there is still a need for a robust, efficient and secure technique against different kinds of attacks. In this paper, a novel RGB image encryption technique is proposed for encrypting individual pixels of RGB images using chaotic systems and $16$ rounds of DNA encoding, transpositions and substitutions. First, round keys are generated randomly using a logistic chaotic function. Then, these keys are used across different rounds to alter individual pixels using a nonlinear randomly generated $16\times 16$ DNA Playfair matrix. Experimental results show the robustness of the proposed technique against most attacks while reducing the consumed time for encryption and decryption. The quantitative metrics show the ability of the proposed technique to maintain reference evaluation values while resisting statistical and differential attacks. The obtained horizontal, vertical and diagonal correlation is less than 0.01, and the NPCR and UACI are larger than 0.99 and 0.33, respectively. Finally, NIST analysis is presented to evaluate the randomness of the proposed technique. Full article

Public-key cryptography provides security for digital systems and communication. Traditional cryptographic solutions are constantly improved, e.g., to suppress brute-force attacks. However, Shor’s algorithm suited for quantum computers can break the bedrock of most currently used systems, i.e., the RSA problem and discrete logarithm problem. Post-quantum cryptography can withstand attacks carried out by quantum computers. Several families of post-quantum systems exist; one of them is isogeny-based cryptography. As a main contribution, in this paper, we provide a survey of chosen, fundamental isogeny-based schemes. The target audience of this review is researchers interested in practical aspects of this field of cryptography; therefore the survey contains exemplary implementations. Our goal was not to develop an efficient implementation, but to provide materials that make it easier to analyze isogeny-based cryptography. Full article

Side channel attacks provide an effective way to extract secret information from the execution of cryptographic algorithms run on a variety of computing devices. One of the crucial steps for a side channel attack to succeed is the capability to locate the time instant in which the cryptographic primitive being attacked is effectively leaking information on the side channel itself, and synchronize the data obtained from the measurements on that instant. In this work, we propose an efficient and effective solution relying on the digital signal processing technique known as matched filters. We derive our matched filter with a small amount of profiling information which can be obtained from a device matching the one under attack. Our technique reliably identifies the cryptographic operation being computed, even when system interrupts or software multithreading are enabled on our target platform. We validate our approach through a successful attack against an unprotected AES implementation running on a Cortex-M4-based microcontroller. Full article

In cryptography, elliptic curve cryptography (ECC) is considered an efficient and secure method to implement digital signature algorithms (DSAs). ECC plays an essential role in many security applications, such as transport layer security (TLS), internet protocol security (IPsec), and wireless sensor networks (WSNs). The proposed designs of ECC hardware implementation only focus on a single ECC variant and use many resources. These proposals cannot be used for resource-constrained applications or for the devices that need to provide multiple levels of security. This work provides a multi-functional elliptic curve digital signature algorithm (ECDSA) and Edwards-curve digital signature algorithm (EdDSA) hardware implementation. The core can run multiple ECDSA/EdDSA algorithms in a single design. The design consumes fewer resources than the other single-functional design, and is not based on digital signal processors (DSP). The experiments show that the proposed core could run up to 112.2 megahertz with Virtex-7 devices while consuming only 10,259 slices in total. Full article

This paper introduces a novel detection method for phishing website attacks while avoiding the issues associated with the deficiencies of the knowledge-based representation and the binary decision. The suggested detection method was performed using Fuzzy Rule Interpolation (FRI). The FRI reasoning methods added the benefit of enhancing the robustness of fuzzy systems and effectively reducing the system’s complexity. These benefits help the Intrusion Detection System (IDS) to generate more realistic and comprehensive alerts in case of phishing attacks. The proposed method was applied to an open-source benchmark phishing website dataset. The results show that the proposed detection method obtained a 97.58% detection rate and effectively reduced the false alerts. Moreover, it effectively smooths the boundary between normal and phishing attack traffic because of its fuzzy nature. It has the ability to generate the required security alert in case of deficiencies in the knowledge-based representation. In addition, the results obtained from the proposed detection method were compared with other literature results. The results showed that the accuracy rate of this work is competitive with other methods. In addition, the proposed detection method can generate the required anti-phishing alerts even if one of the anti-phishing sparse rules does not cover some input parameters (observations). Full article

Consensus algorithms are the building block of any decentralized network where the risk of malicious users is high. These algorithms are required to be robust, scalable, and secure in order to operate properly. Localized state-change consensus (LSC) is a consensus algorithm that is specifically designed to handle state-change consensus, where the state value of given data points can dynamically change and the new value needs to be reflected in the system. LSC utilizes a trust measurement mechanism to validate messages and also enforce cooperation among users. Consensus algorithms, and specifically LSC, can be a practical solution for the immutable and secured communication of autonomous systems with limited computational resources. Indeed, distributed autonomous systems are growing rapidly and the integrity of their communication protocols for coordination and planning is still vulnerable because several units are required to act independently and securely. Therefore, this paper proposes a new localized consensus algorithm for immense and highly dynamic environments with validations through reputation values. The proposed solution can be considered as an efficient and practical consensus solution for any paradigms with resource-constrained devices where a regular encrypted communication method can negatively affect the system performance. Full article

Split manufacturing was introduced as a countermeasure against hardware-level security threats such as IP piracy, overbuilding, and insertion of hardware Trojans. However, the security promise of split manufacturing has been challenged by various attacks which exploit the well-known working principles of design tools to infer the missing back-end-of-line (BEOL) interconnects. In this work, we define the security of split manufacturing formally and provide the associated proof, and we advocate accordingly for a novel, formally secure paradigm. Inspired by the notion of logic locking, we protect the front-end-of-line (FEOL) layout by embedding secret keys which are implemented through the BEOL in such a way that they become indecipherable to foundry-based attacks. At the same time, our technique is competitive with prior art in terms of layout overhead, especially for large-scale designs (ITC’99 benchmarks). Furthermore, another concern for split manufacturing is its practicality (despite successful prototyping). Therefore, we promote an alternative implementation strategy, based on package-level routing, which enables formally secure IP protection without splitting at all, and thus, without the need for a dedicated BEOL facility. We refer to this as “poor man’s split manufacturing” and we study the practicality of this approach by means of physical-design exploration. Full article

Binary PN-sequences generated by LFSRs exhibit good statistical properties; however, due to their intrinsic linearity, they are not suitable for cryptographic applications. In order to break such a linearity, several approaches can be implemented. For example, one can interleave several PN-sequences to increase the linear complexity. In this work, we present a deep randomness study of the resultant sequences of interleaving binary PN-sequences coming from different characteristic polynomials with the same degree. We analyze the period and the linear complexity, as well as many other important cryptographic properties of such sequences. Full article

Vehicular Ad-hoc NETworks (VANETs), a special kind of Mobile Ad-hoc NETworks (MANETs), play an important role in Intelligent Transportation Systems (ITS). Via wireless technology, vehicles exchange information related to road conditions and their status, and, thereby, VANETs enhance transportation safety and efficiency. A critical aspect of VANETs is providing privacy for the vehicles. The employment of pseudonym certificates is a well-known solution to the privacy problems in VANETs. However, certificate management faces challenges in renewing certificates and revoking vehicles. The centralized certificate management, especially resulting in the delay of the revocation process, harms the nodes of VANETs. This paper proposes a blockchain structure-based certificate management for VANETs and voting-based revocation to halt misbehaving vehicles’ actions. Moreover, this paper presents extended privacy for the participants of the voting process using ring signatures. Full article

In the vulnerability analysis of System on Chips, memory hierarchy is considered among the most valuable element to protect against information theft. Many first-order side-channel attacks have been reported on all its components from the main memory to the CPU registers. In this context, memory hierarchy encryption is widely used to ensure data confidentiality. Yet, this solution suffers from both memory and area overhead along with performance losses (timing delays), which is especially critical for cache memories that already occupy a large part of the spatial footprint of a processor. In this paper, we propose a secure and lightweight scheme to ensure the data confidentiality through the whole memory hierarchy. This is done by masking the data in cache memories with a lightweight mask generator that provides masks at each clock cycle without having to store them. Only 8-bit Initialization Vectors are stored for each mask value to enable further recomputation of the masks. The overall security of the masking scheme is assessed through a mutual information estimation that helped evaluate the minimum number of attack traces needed to succeed a profiling side-channel attack to 592 K traces in the attacking phase, which provides an acceptable security level in an analysis where an example of Signal to Noise Ratio of 0.02 is taken. The lightweight aspect of the generator has been confirmed by a hardware implementation that led to resource utilization of 400 LUTs. Full article

The primary purpose of this paper is to bridge the technology gap between Blockchain and Fintech applications. Blockchain technology is already being explored in a wide number of Fintech sectors. After creating a unique taxonomy for Fintech ecosystems, this paper outlines a number of implementation scenarios. For each of the industries in which blockchain is already in use and has established itself as a complementary technology to traditional systems, we give a taxonomy of use cases. In this procedure, we cover both public and private blockchains. Because it is still believed to be in its infancy, especially when it comes to financial use cases, blockchain has both positive and negative aspects. As a result, it is critical to be aware of all of the open research issues in this field. Our goal is to compile a list of open research challenges related to various aspects of the blockchain’s protocol and application layers. Finally, we will provide a clear understanding of the applications for which blockchain can be valuable, as well as the risks associated with its use in parallel. Full article

Stylometry is a well-known field, aiming to identify the author of a text, based only on the way she/he writes. Despite its obvious advantages in several areas, such as in historical research or for copyright purposes, it may also yield privacy and personal data protection issues if it is used in specific contexts, without the users being aware of it. It is, therefore, of importance to assess the potential use of stylometry methods, as well as the implications of their use for online privacy protection. This paper aims to present, through relevant experiments, the possibility of the automated identification of a person using stylometry. The ultimate goal is to analyse the risks regarding privacy and personal data protection stemming from the use of stylometric techniques to evaluate the effectiveness of a specific stylometric identification system, as well as to examine whether proper anonymisation techniques can be applied so as to ensure that the identity of an author of a text (e.g., a user in an anonymous social network) remains hidden, even if stylometric methods are to be applied for possible re-identification. Full article

In the 5G intelligent edge scenario, more and more accelerator-based single-board computers (SBCs) with low power consumption and high performance are being used as edge devices to run the inferencing part of the artificial intelligence (AI) model to deploy intelligent applications. In this paper, we investigate the inference workflow and performance of the You Only Look Once (YOLO) network, which is the most popular object detection model, in three different accelerator-based SBCs, which are NVIDIA Jetson Nano, NVIDIA Jetson Xavier NX and Raspberry Pi 4B (RPi) with Intel Neural Compute Stick2 (NCS2). Different video contents with different input resize windows are detected and benchmarked by using four different versions of the YOLO model across the above three SBCs. By comparing the inference performance of the three SBCs, the performance of RPi + NCS2 is more friendly to lightweight models. For example, the FPS of detected videos from RPi + NCS2 running YOLOv3-tiny is 7.6 times higher than that of YOLOv3. However, in terms of detection accuracy, we found that in the process of realizing edge intelligence, how to better adapt a AI model to run on RPi + NCS2 is much more complex than the process of Jetson devices. The analysis results indicate that Jetson Nano is a trade-off SBCs in terms of performance and cost; it achieves up to 15 FPSs of detected videos when running YOLOv4-tiny, and this result can be further increased by using TensorRT. Full article

The development of increasingly sophisticated quantum computers poses a long-term threat to current cryptographic infrastructure. This has spurred research into both quantum-resistant algorithms and how to safely transition real-world implementations and protocols to quantum-resistant replacements. This transition is likely to be a gradual process due to both the complexity and cost associated with transitioning. One method to ease the transition is the use of classical–quantum hybrid schemes, which provide security against both classical and quantum adversaries. We present a new combiner for creating hybrid encryption schemes directly from traditional encryption schemes. Our construction is the only existing proposal in the literature with $\mathsf{IND}\text{-}\mathsf{CCA}$-security in the classical and quantum random oracle models, respectively. Full article

Mobile banking, shopping, and in-app purchases utilize persistent authentication states for access to sensitive data. One-shot authentication permits access for a fixed time period. For instance, a username/password-based authentication allows a user access to all the shopping and payments data in the Amazon shopping app. Traditional user passwords and lock screens are easily compromised. Snooping attacks—observing an unsuspecting user entering passwords—and smudge attacks—examining touchscreen finger oil residue—enable compromised user authentication. Mobile device interactions provide robust human and device identity data. Such biometrics enhance authentication. In this paper, behavioral attributes during user input constitute the password. Adversary password reproduction difficulty increases since pure observation is insufficient. Current mobile continuous authentication schemes use, among others, touchscreen–swipe interactions or keyboard input timing. Many of these methods require cumbersome training or intrusive authentication. Software keyboard interactions provide a consistent biometric data stream. We develop biometric profiles using touch pressure, location, and timing. New interactions authenticate against a profile using a divergence measure. In our limited user–device data sets, the classification achieves virtually perfect accuracy. Full article