Asymmetric Cryptographic Schemes Research Articles

Classification and analysis of vulnerabilities of modern information systems from classical and quantum attacks

Recent advances in quantum technology and the potential that practical quantum computers may become a reality in the future have led to renewed interest in developing cryptographic technologies that are secure against conventional and quantum attacks. Currently, virtually all asymmetric cryptographic schemes in use are threatened by the potential development of powerful quantum computers. Post-quantum cryptography is one of main the ways to combat this threat. Its security is based on the complexity of mathematical problems that are currently considered unsolvable efficiently, even with the help of quantum computers. The security of information systems is ensured through protection against various threats that use system vulnerabilities. Security protocols are the building blocks of secure communication. They implement security mechanisms to provide security services. Security protocols are considered abstract when analyzed, but may have additional vulnerabilities in implementation. This work contains a holistic study of security protocols. Basics of security protocols, taxonomy of attacks on security protocols and their implementation are considered, as well as various methods and models of protocol security analysis. In particular, the differences between information-theoretic and computational security, computational and symbolic models are specified. In addition, an overview of the computational security models for Authenticated Key Exchange (AKE) and Password Authentication Key Exchange (PAKE) protocols is provided. The most important security models for the AKE and PAKE protocols were also described. With the emergence of new technologies that may have different security requirements, as well as with increased opportunities for competition, there is always a need to develop new protocols. Thus, the purpose of this article is to review, classify, analyze, and research the vulnerabilities of information systems from classical, quantum, and special attacks, performed taking into account the forecast regarding the possibilities of attacks on post-quantum cryptographic transformations; studying security assessment models for existing cryptographic protocols, as well as reviewing and benchmarking security models and providing suggestions for protection against existing potential attacks.

Analysis of views of the European Union on quantum-post-quantum limitations

Virtually all asymmetric cryptographic schemes currently in use are threatened by the potential development of powerful quantum computers. Although there is currently no definite answer and it is very unclear when or even if CRQC will ever be built and the gap between modern quantum computers and the envisioned CRQC is huge, the risk of creating CRQC means that currently deployed public key cryptography must be replaced by quantum-resistant ones alternatives. For example, information encrypted using modern public key cryptography can be recorded by cryptanalysts and then attacked if a QRQC can be created. The potential harm that CRQC could cause is the basis of the motivation to seek countermeasures, even though we have uncertainties about when and if these computers can be built. Deployed systems that use public key cryptography can also take years to update. Post-quantum cryptography is one way to combat quantum computer threats. Its security is based on the complexity of mathematical problems that are currently considered unsolvable efficiently – even with the help of quantum computers. Post-quantum cryptography deals with the development and research of asymmetric cryptosystems, which, according to current knowledge, cannot be broken even by powerful quantum computers. These methods are based on mathematical problems for the solution of which neither efficient classical algorithms nor efficient quantum algorithms are known today. Various approaches to the implementation of post-quantum cryptography are used in modern research, including: code-based cryptography, lattice-based cryptography, hashing-based cryptography, isogeny-based cryptography, and multidimensional cryptography. The purpose of this work is to review the computational model of quantum computers; quantum algorithms, which have the greatest impact on modern cryptography; the risk of creating cryptographically relevant quantum computers (CRQC); security of symmetric cryptography and public key cryptography in the presence of CRQC; NIST PQC standardization efforts; transition to quantum-resistant public-key cryptography; relevance, views and current state of development of quantum-resistant cryptography in the European Union. It also highlights the progress of the most important effort in the field: NIST's standardization of post-quantum cryptography.

A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments.

IoT systems differ from traditional Internet systems in that they are different in scale, footprint, power requirements, cost and security concerns that are often overlooked. IoT systems inherently present different fail-safe capabilities than traditional computing environments while their threat landscapes constantly evolve. Further, IoT devices have limited collective security measures in place. Therefore, there is a need for different approaches in threat assessments to incorporate the interdependencies between different IoT devices. In this paper, we run through the design cycle to provide a security-focused approach to the design of IoT systems using a use case, namely, an intelligent solar-panel project called Daedalus. We utilise STRIDE/DREAD approaches to identify vulnerabilities using a thin secure element that is an embedded, tamper proof microprocessor chip that allows the storage and processing of sensitive data. It benefits from low power demand and small footprint as a crypto processor as well as is compatible with IoT requirements. Subsequently, a key agreement based on an asymmetric cryptographic scheme, namely B-SPEKE was used to validate and authenticate the source. We find that end-to-end and independent stand-alone procedures used for validation and encryption of the source data originating from the solar panel are cost-effective in that the validation is carried out once and not several times in the chain as is often the case. The threat model proved useful not so much as a panacea for all threats but provided the framework for the consideration of known threats, and therefore appropriate mitigation plans to be deployed.

Key-recovery attacks on LED-like block ciphers

Asymmetric cryptographic schemes, represented by RSA, have been shown to be insecure under quantum computing conditions. Correspondingly, there is a need to study whether the symmetric cryptosystem can still guarantee high security with the advent of quantum computers. In this paper, based on the basic principles of classical slide attacks and Simon's algorithm, we take LED-like lightweight block ciphers as research objects to present a security analysis under both classical and quantum attacks, fully considering the influence on the security of the ciphers of adding the round constants. By analyzing the information leakage of round constants, we can introduce the differential of the round constants to propose a classical slide attack on full-round LED-64 with a probability of 1. The analysis result shows that LED-64 is unable to resist this kind of classical slide attack, but that attack method is not applicable to LED-128. As for quantum attacks, by improving on existing quantum attack methods we demonstrate a quantum single-key slide attack on LED-64 and a quantum related-key attack on LED- 128, and indicators of the two attack algorithms are analyzed in detail. The attack results show that adding round constants does not completely improve the security of the ciphers, and quantum attacks can provide an exponential speed-up over the same attacks in the classical model. It further illustrates that the block cipher that is proved to be safe under classical settings is not necessarily secure under quantum conditions.

Asymmetric cryptography with physical unclonable keys

Secure communication is of paramount importance in modern society. Asymmetric cryptography methods such as the widely used RSA cryptosystem allow secure exchange of information between parties who have never previously shared keys. However, the existing asymmetric cryptographic schemes rely on unproven mathematical assumptions for security. Further, the digital keys used in their implementation are susceptible to copying that might remain unnoticed. Here, we introduce a secure communication method based on Physical Unclonable Keys (PUKs), which we call PUK-Enabled Asymmetric Communication (PEAC). PEAC uses physical keys and thus overcomes the problem of unnoticed copying. As all the information about the PUK is allowed to be public, PEAC does not require the safekeeping of any digital information. Using optical PUKs realized in opaque scattering materials, we transmit messages in an error-corrected way employing off-the-shelf equipment. Information is transmitted as patterned wavefronts of few-photon wavepackets which can be successfully decrypted only with the receiver’s PUK. The security of PEAC assumes technological constraints in distinguishing between different few-photon wavefronts. A heuristic argument for the security of PEAC is outlined focusing on a specific attack, namely state estimation. We demonstrate secure transmission of messages over a 2 m free-space line-of-sight quantum channel. PEAC enables new directions for physical key based cryptography.

A cluster-based secured data transmission protocol for efficient data gathering in WSN

Nowadays, Wireless Sensor Networks (WSNs) are widely used in all surveillance and domestic applications. Secure data gathering is a major concern in WSN in the presence of intruders. In existing works, secured data transmission was achieved through symmetric or asymmetric cryptographic schemes. However, it has high overhead and less confidentiality. In the proposed research, Cluster-based Secured Data Transmission Protocol (CSDTP) is developed to provide efficient data gathering. This protocol contains three modules. In the first module, cluster-based secure routing is implemented by route request, route reply and route assign phase. In the second module, data transmission is initiated. High packet delivery is achieved during this module. In the third module, secure data gathering is implemented using symmetric key encryption and decryption algorithm. The results of the simulation show that the CSDTP provides high data gathering ratio, more packet delivery ratio, less end to end delay, high packet integrity ratio and less overhead than existing schemes.

Accelerated precomputation points–based scalar reduction on elliptic curve cryptography for wireless sensor networks

SummarySensor devices are limited resource power and energy, thus providing security services for sensor networks is very difficult. Elliptic curve cryptography (ECC) is one of the most famous asymmetric cryptographic schemes, which offers the same level of security with much shorter keys compared to the other widely used asymmetric cryptographic algorithm, RSA (Rivest, Shamir, and Adleman). In ECC, the main and most‐heavily used operation is the scalar multiplication kP, where the scalar value k is a private integer and must be secured. In this work, we present a new approach to accelerate the main scalar multiplication on ECC over prime fields for sensor networks. This approach uses an equivalent representation of points and can act as a support for existing schemes in a selected interval. The simulation results showed that the proposed technique increases the efficiency of the computation time. For example, on this scalar multiplication, we obtain a gain of 4 bits in 161 bits for 6.25% of the scalars. This gain can sometimes reach 100% in some cases. After this significant reduction of the scalar k, we present a fast precomputation algorithm in a distributed scalar multiplication on kP to avoid storage of precomputation points, which requires extra memory.

Towards Efficient Application of Cryptographic Schemes on Constrained Microcontrollers

This work deals with the application of cryptographic schemes and primitives on the computational and memory-restricted microcontrollers. The efficient implementation of proper cryptographic schemes on these devices improves the security and performance of many applications and communication services in wireless sensor networks, Internet of Things, embedded systems and home automation and other systems which employ constrained devices. In this work, we experimentally implement well-known and widely used cryptographic schemes on the MSP430FX family of microcontrollers and study their performance and memory demands. On these microcontrollers, we evaluate 10 symmetric ciphers, 8 hash functions, modular arithmetic operations and asymmetric cryptographic schemes. Based on obtained results we propose a lightweight cryptographic solution which provides authentication and secure data communication. Our solution has two versions which are designed for applications that must use memory-constrained microcontrollers and for real-time applications that require efficiency and security. We believe that our proposal and results can help engineers and developers to improve the security or performance in their applications that employ constrained devices.

Area–time efficient hardware architecture for factoring integers with the elliptic curve method

Since the introduction of public key cryptography, the problem of factoring large composites has been of increased interest. The security of the most popular asymmetric cryptographic scheme RSA depends on the hardness of factoring large numbers. The best known method for factoring large integers is the general number field sieve (GNFS). One important step within the GNFS is the factorisation of mid-size numbers for smoothness testing, an efficient algorithm for which is the elliptic curve method (ECM). Since smoothness testing is also suitable for parallelisation, the implementation of ECM in hardware is promising. We show that massive parallel and cost-efficient ECM hardware engines can improve the area–time product of the RSA moduli factorisation via the GNFS considerably. The computation of ECM is a classic example of an algorithm that can be significantly accelerated through special-purpose hardware. The authors thoroughly analyse the prerequisites for an area–time efficient hardware architecture for ECM. The authors present an implementation of ECM to factor numbers up to 200 bits, which is also scalable to other bit lengths. ECM is realised as a software–hardware co-design on a field-programmable gate array (FPGA) and an embedded microcontroller (system-on-chip). Furthermore, the authors provide estimates for state-of-the-art CMOS implementation of the design and for the application of massive parallel ECM engines to the GNFS. This appears to be the first publication of a realised hardware implementation of ECM, and the first description of GNFS acceleration through hardware-based ECM.