Search Results (156)

In distributed computing, data trading mechanisms are essential for ensuring the sharing of data across multiple computing nodes. Nevertheless, they currently encounter considerable obstacles, including low accuracy in matching trading parties, ensuring fairness in transactions, and safeguarding data privacy throughout the trading process. In order to address these issues, we put forward a data trading security scheme based on zero-knowledge proofs and smart contracts. In the phase of preparing the security parameters, the objective is to reduce the complexity of generating non-interactive zero-knowledge proofs and to enhance the efficiency of data trading. In the pre-trading phase, we devise attribute atomic matching smart contracts based on precise data property alignment, with the objective of achieving fine-grained matching of data attributes between trading parties. In the trading execution phase, lightweight cryptographic algorithms based on elliptic curve cryptography (ECC) and non-interactive zero-knowledge proofs are employed for the dual encryption of trading data and the generation of attribute proof contracts, thus ensuring the security and privacy of the data. The results of experiments conducted on the Ethereum platform in an industrial IoT scenario demonstrate that our scheme maintains stable and low-cost consumption while ensuring accuracy in matching and privacy protection. Full article

The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT’s security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes. Full article

Traditional cryptographic methods often need complex designs that require substantial memory and battery power, rendering them unsuitable for small handheld devices. As the prevalence of these devices continues to rise, there is a pressing need to develop smart, memory-efficient cryptographic protocols that provide both high speed and robust security. Current solutions, primarily dependent on dynamic permutations, fall short in terms of encryption and decryption speeds, the cryptographic strength, and the memory efficiency. Consequently, the evolution of lightweight cryptographic algorithms incorporating randomised substitution properties is imperative to meet the stringent security demands of handheld devices effectively. In this paper, we present an advanced design of lightweight block ciphers that enhances traditional dynamic permutations with innovative randomised substitutions. This design utilises straightforward randomized encryption methods such as XOR, nibble swap, count ones, and left shift. The cryptographic robustness of our proposed block cipher has been rigorously tested through several standardised statistical tests, as recommended by the National Institute of Standards and Technology (NIST). These evaluations confirm that our algorithm maintains strong cryptographic properties with randomised substitutions and outperforms existing models in several key aspects. Moreover, comparative assessments reveal that our algorithm achieves a throughput of 853.31 Kbps while consuming only 1510 bytes of memory and demonstrating over 60% avalanche properties, significantly outperforming other solutions in terms of CPU utilisation and memory consumption. These results underscore the efficacy of our approach in fulfilling the advanced security requirements of modern handheld devices. Full article

As information systems become more widespread, data security becomes increasingly important. While traditional encryption methods provide effective protection against unauthorized access, they often struggle with multimedia data like images and videos. This necessitates specialized image encryption approaches. With the rise of mobile and Internet of Things (IoT) devices, lightweight image encryption algorithms are crucial for resource-constrained environments. These algorithms have applications in various domains, including medical imaging and surveillance systems. However, the biggest challenge of lightweight algorithms is balancing strong security with limited hardware resources. This work introduces a novel nonlinear matrix permutation approach applicable to both confusion and diffusion phases in lightweight image encryption. The proposed method utilizes three different chaotic maps in harmony, namely a 2D Zaslavsky map, 1D Chebyshev map, and 1D logistic map, to generate number sequences for permutation and diffusion. Evaluation using various metrics confirms the method’s efficiency and its potential as a robust encryption framework. The proposed scheme was tested with 14 color images in the SIPI dataset. This approach achieves high performance by processing each image in just one iteration. The developed scheme offers a significant advantage over its alternatives, with an average NPCR of 99.6122, UACI of 33.4690, and information entropy of 7.9993 for 14 test images, with an average correlation value as low as 0.0006 and a vast key space of $2^{800}$. The evaluation results demonstrated that the proposed approach is a viable and effective alternative for lightweight image encryption. Full article

Quantum-secure cryptography is a dynamic field due to its crucial role in various domains. This field aligns with the ongoing efforts in data security. Post-quantum encryption (PQE) aims to counter the threats posed by future quantum computers, highlighting the need for further improvement. Based on the learning with error (LWE) system, this paper introduces a novel asymmetric encryption technique that encrypts entire messages of n bits rather than just 1 bit. This technique offers several advantages including an additive homomorphic cryptosystem. The robustness of the proposed lightweight public key encryption method, which is based on a new version of LWE, ensures that private keys remain secure and that original data cannot be recovered by an attacker from the ciphertext. By improving encryption and decryption execution time—which achieve speeds of 0.0427 ms and 0.0320 ms, respectively—and decreasing ciphertext size to 708 bits for 128-bit security, the obtained results are very promising. Full article

With the development of mobile communication, digital signatures with low latency, low area, and high security are in increasing demand. Elliptic curve cryptography (ECC) is widely used because of its security and lightweight. Elliptic curve scalar multiplication (ECSM) is the basic arithmetic in ECC. Based on this background information, we propose our own research objectives. In this paper, a low-latency and low-area ECSM architecture based on the comb algorithm is proposed. The detailed methodology is as follows. The recoding-k algorithm and randomization-Z algorithm are used to improve security, which can resist sample power analysis (SPA) and differential power analysis (DPA). A low-area multi-functional architecture for comb is proposed, which takes into account different stages of the comb algorithm. Based on this, the data dependency is considered and the comb architecture is optimized to achieve a uniform and efficient execution pattern. The interleaved modular multiplication algorithm and modified binary inverse algorithm are used to achieve short clock cycle delay and high frequency while taking into account the need for a low area. The proposed architecture has been implemented on Xilinx Virtex-7 series FPGA to perform ECSM on 256-bits prime field $GF\left(p\right)$. In the hardware architecture with only 7351 slices of resource usage, a single ECSM only takes 0.74 ms, resulting in an area-time product (ATP) of 5.41. The implementation results show that our design can compete with the existing state-of-the-art engineering in terms of performance and has higher security. Our design is suitable for computing scenarios where security and computing speed are required. The implementation of the overall architecture is of great significance and inspiration to the research community. Full article

One of the main security challenges when federating separate Internet of Things (IoT) administrative domains is effective Identity and Access Management, which is required to establish trust and secure communication between federated IoT devices. The primary goal of the work is to develop a “lightweight” protocol to enable authentication and authorization of IoT devices in federated environments and ensure the secure communication of IoT devices. We propose a novel Lightweight Authentication and Authorization Framework for Federated IoT (LAAFFI) which takes advantage of the unique fingerprint of IoT devices based on their configuration and additional hardware modules, such as Physical Unclonable Function, to provide flexible authentication and authorization based on Distributed Ledger technology. Moreover, LAAFFI supports IoT devices with limited computing resources and devices not equipped with secure storage space. We implemented a prototype of LAAFFI and evaluated its performance in the Hyperledger Fabric-based IoT framework. Three main metrics were evaluated: latency, throughput (number of operations or transactions per second), and network resource utilization rate (transmission overhead introduced by the LAAFFI protocol). The performance tests conducted confirmed the high efficiency and suitability of the protocol for federated IoT environments. Also, all LAAFFI components are scalable as confirmed by tests. We formally evaluated LAAFFI security using Verifpal as a formal verification tool. Based on the models developed for Verifpal, we validated their security properties, such as message secrecy, authenticity, and freshness. Our results show that the proposed solution can improve the security of federated IoT environments while providing zero-day interoperability and high scalability. Compared to existing solutions, LAAFFI is more efficient due to the use of symmetric cryptography and algorithms adapted for operations involving IoT devices. LAAFFI supports multiple authorization mechanisms, and since it also offers authentication and accountability, it meets the requirements of Authentication, Authorization and Accounting (AAA). It uses Distributed Ledger (DL) and smart contracts to ensure that the request complies with the policies agreed between the organizations. LAAFFI offers authentication of devices belonging to a single organization and different organizations, with the assurance that the encryption key will be shared with another device only if the appropriate security policy is met. The proposed protocol is particularly useful for ensuring the security of federated IoT environments created ad hoc for special missions, e.g., operations conducted by NATO countries and disaster relief operations Humanitarian Assistance and Disaster Relief (HADR) involving military forces and civilian services, where immediate interoperability is required. Full article

The smart grid (SG) is an efficient and reliable framework capable of controlling computers, automation, new technologies, and devices. Advanced metering infrastructure (AMI) is a crucial part of the SG, facilitating two-way communication between users and service providers (SPs). Computation, storage, and communication are extremely limited as the AMI’s device is typically deployed outdoors and connected to an open network. Therefore, an authentication and key agreement protocol is necessary to ensure the security and confidentiality of communications. Existing research still does not meet the anonymity, perfect forward secrecy, and resource-limited requirements of the SG environment. To address this issue, we advance a lightweight authentication and key agreement scheme based on elliptic curve cryptography (ECC). The security of the proposed protocol is rigorously proven under the random oracle model (ROM), and was verified by a ProVerif tool. Additionally, performance comparisons validate that the proposed protocol provides enhanced security features at the lowest computation and communication costs. Full article

The Military Internet of Things (MIoT) has emerged as a new research area in military intelligence. The MIoT frequently has to constitute a federation-capable IoT environment when the military needs to interact with other institutions and organizations or carry out joint missions as part of a coalition such as in NATO. One of the main challenges of deploying the MIoT in such an environment is to acquire, analyze, and merge vast amounts of data from many different IoT devices and disseminate them in a secure, reliable, and context-dependent manner. This challenge is one of the main challenges in a federated environment and forms the basis for establishing trusting relationships and secure communication between IoT devices belonging to different partners. In this work, we focus on the problem of fulfillment of the data-centric security paradigm, i.e., ensuring the secure management of data along the path from its origin to the recipients and implementing fine-grained access control mechanisms. This problem can be solved using innovative solutions such as applying attribute-based encryption (ABE). In this work, we present a comprehensive solution for secure data dissemination in a federated MIoT environment, enabling the use of distributed registry technology (Hyperledger Fabric), a message broker (Apache Kafka), and data processing microservices implemented using the Kafka Streams API library. We designed and implemented ABE cryptography data access control methods using a combination of pairings-based elliptic curve cryptography and lightweight cryptography and confirmed their suitability for the federations of military networks. Experimental studies indicate that the proposed cryptographic scheme is viable for the number of attributes typically assumed to be used in battlefield networks, offering a good trade-off between security and performance for modern cryptographic applications. Full article

With the outstanding growth of Internet of Things (IoT) devices, security and power efficiency of integrated circuits can no longer be overlooked. Current approved standards for cryptographic algorithms are not suitable for constrained environments. In this context, the National Institute of Standards and Technology (NIST) started a lightweight cryptography (LWC) competition to develop new algorithm standards that can be fit into small devices. In 2023, NIST has decided to standardize the Ascon family for LWC. This algorithm has been designed to be more resilient to side-channel and fault-based analysis. Nonetheless, hardware implementations of Ascon have been broken by multiple statistical fault analysis and power analysis. These attacks have underlined the necessity to develop adapted countermeasures to side-channel and perturbation-based attacks. However, existing countermeasures are power and area consuming. In this article, we propose a new countermeasure for the Ascon cipher that does not significantly increase the area and power consumption. Our architecture relies on the nonvolatile feature of the Magnetic Tunnel Junction (MTJ) that is the single element of the emerging Magnetic Random Access Memories (MRAM). The proposed circuit removes the bias exploited by statistical attacks. In addition, we have duplicated and complemented the permutation of Ascon to enhance the power analysis robustness of the circuit. Besides the security aspect, our circuit can save current manipulated data, ensuring energy saving from 11% to 32.5% in case of power failure. The area overhead, compared to an unprotected circuit, is $\times 2.43$. Full article

With the exponential growth of the Internet of Things (IoT), ensuring robust end-to-end encryption is paramount. Current cryptographic accelerators often struggle with balancing security, area efficiency, and power consumption, which are critical for compact IoT devices and system-on-chips (SoCs). This work presents a novel approach to designing substitution boxes (S-boxes) for Advanced Encryption Standard (AES) encryption, leveraging dual quad-bit structures to enhance cryptographic security and hardware efficiency. By utilizing Algebraic Normal Forms (ANFs) and Walsh–Hadamard Transforms, the proposed Register Transfer Level (RTL) circuitry ensures optimal non-linearity, low differential uniformity, and bijectiveness, making it a robust and efficient solution for ASIC implementations. Implemented on 65 nm CMOS technology, our design undergoes rigorous statistical analysis to validate its security strength, followed by hardware implementation and functional verification on a ZedBoard. Leveraging Cadence EDA tools, the ASIC implementation achieves a central circuit area of approximately 199 μm². The design incurs a hardware cost of roughly 80 gate equivalents and exhibits a maximum path delay of 0.38 ns. Power dissipation is measured at approximately 28.622 μW with a supply voltage of 0.72 V. According to the ASIC implementation on the TSMC 65 nm process, the proposed design achieves the best area efficiency, approximately 66.46% better than state-of-the-art designs. Full article

The large and interconnected nature of the Internet of Things (IoT) presents unique security challenges, even as it revolutionizes various sectors. With numerous devices, often limited in resources, traditional perimeter-based security methods struggle to keep pace. The “never trust, always verify” principle of zero trust security offers a viable solution. Zero trust security is a concept that has become increasingly popular, using key exchange techniques to ensure secure and authenticated communication within the network, especially in managing risks in critical infrastructure. Authentication is a process to identify an entity, a prerequisite for authorization, and essential for granting access control. It fundamentally relies on trust management and various methods to generate and manage cryptographic keys for authentication. The aim of this study is to enhance zero trust security in the context of the Internet of Things by investigating authentication methods and discussing several potential solutions for successful implementation. This study also presents the performance evaluation criteria for authentication in IoT and introduces advanced approaches for different scenarios, including lightweight cryptography, mutual authentication, and blockchain technology. Finally, we address challenges related to implementation and future directions for research. Full article

In resource-intensive Internet of Things applications, Lightweight Stream Ciphers (LWSCs) play a vital role in influencing both the security and performance of the system. Numerous LWSCs have been proposed, each offering certain properties and trade-offs that carefully balance security and performance requirements. This paper presents a comprehensive evaluation of prominent LWSCs, with a focus on their performance and resource consumption, providing insights into efficiency, efficacy, and suitability in the real-world application of resource-intensive live video feed encryption on an ARM processor. The study involves the development of a benchmarking tool designed to evaluate key metrics, including encryption frame rate, throughput, processing cycles, memory footprint, ROM utilization, and energy consumption. In addition, we apply the E−Rank metric, which combines key performance and resource metrics to derive a unified comparative measure for overall software performance. Full article

In the modern era of the Internet of Things (IoT), especially with the rapid development of quantum computers, the implementation of postquantum cryptography algorithms in numerous terminals allows them to defend against potential future quantum attack threats. Lattice-based cryptography can withstand quantum computing attacks, making it a viable substitute for the currently prevalent classical public-key cryptography technique. However, the algorithm’s significant time complexity places a substantial computational burden on the already resource-limited chip in the IoT terminal. In lattice-based cryptography algorithms, the polynomial multiplication on the finite field is well known as the most time-consuming process. Therefore, investigations into efficient methods for calculating polynomial multiplication are essential for adopting these quantum-resistant lattice-based algorithms on a low-profile IoT terminal. Number theoretic transform (NTT), a variant of fast Fourier transform (FFT), is a technique widely employed to accelerate polynomial multiplication on the finite field to achieve a subquadratic time complexity. This study presents an efficient FPGA-based implementation of number theoretic transform for the CRYSTAL Kyber, a lattice-based public-key cryptography algorithm. Our hybrid design, which supports both forward and inverse NTT, is able run at high frequencies up to 417 MHz on a low-profile Artix7-XC7A100T and achieve a low latency of $1.10\mathsf{\mu }$s while achieving state-of-the-art hardware efficiency, consuming only 541-LUTs, 680 FFs, and four 18 Kb BRAMs. This is made possible thanks to the newly proposed multilevel pipeline butterfly unit architecture in combination with employing an effective coefficient accessing pattern. Full article

The lack of an S-Box in some lightweight cryptography algorithms, like Speck and Tiny Encryption Algorithm, or the presence of a fixed S-Box in others, like Advanced Encryption Standard, makes them more vulnerable to attacks. This proposal presents a novel approach to creating two dynamic 8-bit S-Boxes (16 × 16). The generation process for each S-Box consists of two phases. Initially, the number initialization phase involves generating sequence numbers 1, sequence numbers 2, and shift values for S-Box1 using the 2D Tinkerbell map. Additionally, sequence numbers 3, sequence numbers 4, and shift values for S-Box2 are generated using the 2D Duffing map. Subsequently, the S-Box construction phase involves the construction of S-Box1 and S-Box2. The effectiveness of the newly proposed S-Boxes was evaluated based on various criteria, including the bijective property, balance, fixed points, and strict avalanche criteria. It was observed that S-Box1 achieved a remarkable linear and differential branch number of 4, surpassing any previous studies. Furthermore, it exhibited a non-linearity of 105.50, a differential uniformity of 12, and an algebraic degree of 7. Similarly, S-Box2 also achieved a linear and differential branch number of 4, a non-linearity of 105.25, a differential uniformity of 14, and an algebraic degree of 7. Moreover, the reduction in the number of linear and nonlinear operations for both S-Boxes makes them suitable for lightweight algorithms. The architecture of the proposed S-Boxes demonstrates robustness, with a total of 3.35 × 10⁵⁰⁴ possible S-Boxes, providing protection against algebraic attacks. Full article