Desired Level Of Security Research Articles

Enhancing privacy and security in smart healthcare: A blockchain-powered decentralized data dissemination scheme

Dissemination of health data in smart healthcare allows a patient’s health information to be accessible across healthcare communities for the improvement of patients’ care services. In our work, data collected from a patient’s automated health device is distributed to the communities through the blockchain network. Blockchain technology paves the way for the health sector to run in a decentralized system. To achieve a secure decentralized data dissemination, the transmitted health data must be reliable, that is, data is assured originated from a legitimate device without unlawful alteration. However, verification of such reliability may jeopardize a patient’s privacy. In healthcare, privacy is of the utmost importance to protect sensitive health data. At the same time, should misbehavior arise, malicious entities should be held accountable. We satisfy these conflicting requirements of reliability, privacy and accountability with our proposed secure decentralized data dissemination scheme for smart healthcare that integrates a certificate-based signcryption with a proxy re-encryption (Sign-Proxy) scheme and an Improved Delegated Proof-of-Stake (DPoS) consensus protocol for the system construction. The Sign-Proxy provides users a desirable level of security while delivering lightweight computation for limited computing capabilities of automated health devices. In parallel, the Improved DPoS facilitates the streamlined and secure adoption of a consortium blockchain framework. The security and performance analysis indicate that the proposed scheme is resilience against adversarial attacks, achieves overall efficiency, and feasible for real-world deployment.

A novel pseudo-random number generator based on multivariable optimization for image-cryptographic applications

Pseudo-random number generators (PRNGs) play an important role to ensure the security and confidentiality of image cryptographic algorithms. Their primary function is to generate a sequence of numbers that possesses unpredictability and randomness, which is crucial for the algorithms to work effectively and provide the desired level of security. However, traditional PRNGs frequently encounter limitations like insufficient randomness, predictability, and vulnerability to cryptanalysis attacks. To overcome these limitations, we propose a novel method namely an elliptic curve genetic algorithm (ECGA) for the construction of an image-dependent pseudo-random number generator (IDPRNG) that merges elliptic curves (ECs) and a genetic algorithm (GA). The ECGA consists of two primary stages. First, we generate an EC-based initial sequence of random numbers using pixels of a plain-image and parameters of an EC that depart from traditional methods of population initialization. In our proposed approach, the image itself serves as the seed for the initial population in the genetic algorithm optimization, taking into account the image-dependent nature of cryptographic applications. This allows the PRNG to adapt its behavior to the unique characteristics of the input image, leading to enhanced security and improved resistance against differential attacks. Furthermore, the use of a good initial population reduces the number of generations required by a genetic algorithm which results in decreased computational cost. In the second stage, we use well-known operations of a genetic algorithm to optimize the generated sequence by maximizing a multi-variable fitness function that is based on both the information entropy and the period of the PRNG. By combining elliptic curves and genetic algorithms, we enhance the randomness and security of the ECGA. To evaluate the effectiveness and security of our generator, we conducted comprehensive experiments using various benchmark images and applied several standard tests, including the National Institute of Standards and Technology (NIST) test suite. We then compared the results with the state-of-the-art PRNGs. The experimental results demonstrate that the ECGA outperforms the state-of-the-art PRNGs in terms of uniformity, randomness, and cryptographic strength.

Efficient dynamic multi-client searchable encryption supporting fuzzy search

Searchable symmetric encryption (SSE) enables the client to outsource its encrypted database to the untrusted server, while maintaining the ability to efficiently search over it. However, most of the existing solutions focus mainly on exact keyword search. That is, it will fail to fetch the desired result even though mild typos. To this end, SSE with fuzzy keyword search has attracted considerable concerns in the literature. We note that the current works support merely single-client setting. How to design fuzzy keyword search-based SSE scheme in the multi-client setting is still open. In this work, we first introduce a dynamic multi-client fuzzy keyword search scheme by employing Intel SGX, which can achieve forward privacy at the expense of multiple trapdoors communication. The proposed construction can reduce client-side computation and communication overload with the aid of Intel SGX. Furthermore, we present an enhanced multi-client fuzzy keyword search scheme that achieves forward privacy even in the presence of the corrupted user. The evaluation of security and efficiency indicates that our schemes are capable of meeting the desired security level and are well-suited for real-world applications.

PROLEAD_SW

A decisive contribution to the all-embracing protection of cryptographic software, especially on embedded devices, is the protection against Side-Channel Analysis (SCA) attacks. Masking countermeasures can usually be integrated into the software during the design phase. In theory, this should provide reliable protection against such physical attacks. However, the correct application of masking is a non-trivial task that often causes even experts to make mistakes. In addition to human-caused errors, micro-architectural Central Processing Unit (CPU) effects can lead even a seemingly theoretically correct implementation to fail to satisfy the desired level of security in practice. This originates from different components of< the underlying CPU which complicates the tracing of leakage back to a particular source and hence avoids making general and device-independent statements about its security.PROLEAD has recently been presented at CHES 2022 and has originally been developed as a simulation-based tool to evaluate masked hardware designs. In this work, we adapt PROLEAD for the evaluation of masked software, and enable the transfer of the already known benefits of PROLEAD into the software world. These include (1) evaluation of larger designs compared to the state of the art, e.g. a full Advanced Encryption Standard (AES) masked implementation, and (2) formal verification under our new generic leakage model for CPUs. Concretely, we formalize leakages, observed across different CPU architectures, into a generic abstraction model that includes all these leakages and is therefore independent of a specific CPU design. Our resulting tool PROLEAD_SW allows to provide a formal statement on the security based on the derived generic model. As a concrete result, using PROLEAD_SW we evaluated the security of several publicly available masked software implementations in our new generic leakage model and reveal multiple vulnerabilities.

Applying Agility for Sustainable Security

ABSTRACTSystems engineering faces ongoing challenges due to the pace of change in technology and needs as well as the complexity, resilience, and adaptability demanded of solutions. System security needs and challenges are a prominent factor in the increasing demands placed on solutions and the systems engineers who design and develop them. The adoption of program level agile execution is one strategy for addressing these escalating challenges. In this article we describe how the broadly adopted technical processes from the ISO/IEEE/IEC 15288:2015 standard can be executed using agile methods to realize a large complex solution. In addition, we provide specific recommendations for executing these processes in a manner that enables systems to be sustainably secure – that is, to retain the desired level of security throughout the life cycle.

VOLUNTEERING AS A COMPONENT OF THE TRAINING OF THE FUTURE SOCIAL WORKER (SOCIAL AND CULTURAL WORK)

The social security of the state, namely the social security of people, is a key factor in its stability and further development. However, limited resources, existing state structures and organizations cannot always fully ensure and support the desired level of social security in the state. That is why the search and use of new approaches to ensuring social security is an important task of state policy. Volunteering can be an important component of social security of the state in the conditions of today's challenges, and young people are the most active category in the process of volunteering.The concept of volunteering and involvement of volunteers is revealed, the state of volunteering among young people in Vinnytsia region and in Ukraine in general is highlighted. The spontaneous growth of volunteering in the student community determines the recognition of volunteering as an effective tool for socialization and self-realization; Volunteer activity provides the most valuable practical experience, meeting new people and new interesting places. Participation in volunteer projects, exhibitions, seminars-workshops, cultural and artistic events helps to improve a wide variety of skills – professional, the ability to manage projects, be communicative and stress-resistant, solve tasks in a team, form emotional intelligence, competitiveness and leadership qualities of young people. In order to find effective ways of involving young people in volunteering, legislative documents, theoretical and practical materials were analyzed. The article analyzes the theoretical aspects of the development of the volunteer movement, the formation of social work as a separate branch of science, the creation and implementation of the idea of expanding the social sphere, building a civil society which involves focusing on the priorities of spirituality and morality. The experience of training young people for volunteer work in the Vinnytsia Regional Center for Folk Art was revealed.

Optimization of the multivariate polynomial public key for quantum safe digital signature

Kuang, Perepechaenko, and Barbeau recently proposed a novel quantum-safe digital signature algorithm called Multivariate Polynomial Public Key or MPPK/DS. The key construction originated with two univariate polynomials and one base multivariate polynomial defined over a ring. The variable in the univariate polynomials represents a plain message. All but one variable in the multivariate polynomial refer to noise used to obscure private information. These polynomials are then used to produce two multivariate product polynomials, while excluding the constant term and highest order term with respect to the message variable. The excluded terms are used to create two noise functions. Then four produced polynomials, masked with two randomly chosen even numbers over the ring, form the Public Key. The two univariate polynomials and two randomly chosen numbers, behaving as an encryption key to obscure public polynomials, form the Private Key. The verification equation is derived from multiplying all of the original polynomials together. MPPK/DS uses a special safe prime to prevent private key recovery attacks over the ring, forcing adversaries to solve for private values over a sub-prime field and lift the solutions to the original ring. Lifting entire solutions from the sub-prime field to the ring is designed to be difficult based on security requirements. This paper intends to optimize MPPK/DS to reduce the signature size by a fifth. We added extra two private elements to further increase the complexity of the private key recovery attack. However, we show in our newly identified optimal attack that these extra private elements do not have any effect on the complexity of the private recovery attack due to the intrinsic feature of MPPK/DS. The optimal key-recovery attack reduces to a Modular Diophantine Equation Problem or MDEP with more than one unknown variables for a single equation. MDEP is a well-known NP-complete problem, producing a set with many equally-likely solutions, so the attacker would have to make a decision to choose the correct solution from the entire list. By purposely choosing the field size and the order of the univariate polynomials, we can achieve the desired security level. We also identified a new deterministic attack on the coefficients of two univariate private polynomials using intercepted signatures, which forms a overdetermined set of homogeneous cubic equations. To the best of our knowledge, the solution to such a problem is to brute force search all unknown variables and verify the obtained solutions. With those optimizations, MPPK/DS can offer extra security of 384 bit entropy at 128 bit field with a public key size being 256 bytes and signature size 128 or 256 bytes using SHA256 or SHA512 as the hash function respectively.

Secure personal authentication in fog devices via multimodal rank‐level fusion

SummaryIn recent years, Fog and edge computing have gained enormous increases and usage of Internet of Things (IoT) devices in research and development even though it provides challenges such as security and privacy. One way to ensure this is a fusion of multimodal biometrics authentication systems, which offer highly reliable biometric authentication solutions to reduce the failure to enroll rate, increase the degree of freedom, and deter spoof attacks. Since unimodal biometric systems often face significant limitations due to sensitivity to noise, data quality, non‐universality, and illumination variations. In this research, we propose management of access control to ensure the desired level of security, a Rank level fusion integration method. ORL, GT, CASIA, and VGG‐face databases were used for testing and evaluating the implemented system. Thus, using the LDA with SCE based feature selection approach, the average GAR percent for the facial, hearing, and palm vein is 3.25% for the facial and muffs pulse and 8.55% for the head and palm vein result was the overall performance of the biometric system even in the presence of low‐quality data in the Fog environment.

A Format Compliant Encryption Method for 3D Objects Allowing Hierarchical Decryption

With the increasing popularity of 3D objects in industry and everyday life, 3D object security has become essential. While there exists methods for 3D selective encryption, where a clear 3D object is encrypted so that the result has the desired level of visual security, to our knowledge, no method exists for decrypting encrypted 3D objects hierarchically. In this paper, we are the first to propose propose a method which allows us to hierarchically decrypt an encrypted 3D object according to a generated ring of keys. This ring consists of a set of keys that allow a stronger or weaker decryption of the encrypted 3D object. Each hierarchically decrypted 3D object has a different visual security level, where the 3D object is more or less visually accessible. Based on a master key, these hierarchical keys are generated using our method during the encryption process. Our method is essential when it comes to preventing trade secrets from being leaked from within a company or by exterior attackers. It is also ecologically friendly and more secure than traditional selective encryption methods.

Optimal Controller and Security Parameter for Encrypted Control Systems Under Least Squares Identification

Encrypted control is a framework for the secure outsourcing of controller computation using homomorphic encryption that allows to perform arithmetic operations on encrypted data without decryption. In a previous study, the security level of encrypted control systems was quantified based on the difficulty and computation time of system identification. This study investigates an optimal design of encrypted control systems when facing an attack attempting to estimate a system parameter by the least squares method from the perspective of the security level. This study proposes an optimal H2 controller that maximizes the difficulty of estimation and an equation to determine the minimum security parameter that guarantee the security of an encrypted control system as a solution to the design problem. The proposed controller and security parameter are beneficial for reducing the computation costs of an encrypted control system, while achieving the desired security level. Furthermore, the proposed design method enables the systematic design of encrypted control systems.

The formation of strategic portfolio of the development of risk management in telecommunications enterprises during martial law and post-war conditions

The object of research is the processes of interaction of components of the strategic portfolio of development of telecommunications enterprises, which are subject to the principles of economic security and highlight risk management measures, in terms of overcoming the negative consequences of any changes, conflicts, crises, management problems, and stresses from external influences on the development of telecommunications enterprises. One of the most problematic areas is to determine the actual risks of strategic development of telecommunications enterprises caused by threats and challenges due to the war in Ukraine, which resulted in the destruction of infrastructure, reconstruction works, demining, migration of personnel, reduced solvency of the population, investment risks. This requires an adequate response to preserve positions or minimize destruction. At the same time, an important task is the formation of strategic imperatives for the economic security of telecommunications enterprises. In addition, it is important not only to establish a list of such components, but also to substantiate the principles of ensuring the organisational and managerial stability and competitiveness of the telecommunications enterprise by forming a strategic portfolio for the development of risk management in conditions of instability and uncertainty during martial law and post-war conditions and the dynamism of the external environment. In the course of the study, methods of detailed analysis of the current state of the problem, based on information search and methods of empirical research (observation, comparison) were used. As well as the method of synthesis and structural-genetic method (extraction from a complex phenomenon of such elements that significantly affect the rest of the research object, in the case of sustainable development tools). At the same time different sources of information, databases, secondary sources of information, company websites and analytical reports were used. As well as primary sources - interviews of company representatives. The scientific and practical value of the study lies in the formation of the theoretical and methodological foundations of strategic risk management aimed at avoiding or reducing them and at the same time ensuring the desired level of economic security of the telecommunications enterprise. This will allow clearly building the management process in the risk management system in the long term and ensuring the desired level of economic security of the telecommunications enterprise. This allows a reasonable approach to building a business, contributes to the improvement of strategic plans through the relationship with risk management, namely: – possibility of in-depth goal setting to achieve the ultimate goal; – development of the least risky strategic set and an effective system of performance indicators; – improving the efficiency of risk management; – adaptation to changes in the external and internal environment; – increasing the flexibility of the business model.

Blockchain-based decentralized data dissemination scheme in smart transportation

Data dissemination of safety messages in smart transportation allows vehicles to broadcast safety-related information about their surroundings to other vehicles within their proximity for early warnings of endangering events. Safety can only be achieved if the data transmitted are reliable. However, this may violate the privacy of a vehicle. At the same time, malicious or defective vehicles should be held accountable when misbehavior occurs. Utilizing blockchain technology, we propose a secure data dissemination scheme for smart transportation that solves the conflicting security requirements of reliability, privacy and accountability simultaneously, which provides a desirable level of security through its decentralized system. The analysis evaluation and simulation experiments signify our proposed scheme achieves security and performance efficiency, robust against adversarial attacks and practical for real world deployment.

Proportional–Integral Observer Design for Uncertain Time-Delay Systems Subject to Deception Attacks: An Outlier-Resistant Approach

This article deals with the proportional–integral observer (PIO) design problem for a class of linear systems with distributed time delays and randomly occurring parameter uncertainties. The measurement signals, transmitted from the sensors to the observer, might suffer from the randomly occurring deception attacks. The random occurrences of parameter uncertainties and deception attacks are governed by two series of Bernoulli random variables with known probability distributions. An outlier-resistant PIO is developed by introducing an innovation saturation mechanism for the sake of alleviating the adverse effects induced by the deception attacks on the estimation performance. The purpose of the addressed problem is to design a PIO that is capable of guaranteeing the mean-square boundedness of the estimation errors while achieving the desired security level. The desired PIO gain is designed by solving a matrix inequality and the validity of the results obtained is shown by a numerical simulation example.

A 3D Visual Security (3DVS) score to measure the visual security level of selectively encrypted 3D objects

Today, 3D objects are becoming more commonly used across many domains. However, it is necessary to secure them during their transmission over networks or when archiving them in the cloud. Encryption is a smart solution to protect 3D objects while remaining format compliant. While there exist many methods proposed for 3D quality evaluation, very few have been developed to evaluate the visual security level of encrypted 3D objects. In this paper, we propose an efficient metric, called 3D Visual Security (3DVS) score, to evaluate the visual security level of selectively encrypted 3D objects. First we present a new dataset composed of selectively encrypted 3D objects that have all been evaluated by more than 50 observers in terms of visual security. Secondly, we propose a model to determine the security parameters according to a desired security level. Finally, we detail our proposed 3DVS score which is based on full reference 3D metrics and serves to measure the visual security level of selectively encrypted 3D objects.

ANS-based compression and encryption with 128-bit security

The bulk of Internet interactions is highly redundant and also security sensitive. To reduce communication bandwidth and provide a desired level of security, a data stream is first compressed to squeeze out redundant bits and then encrypted using authenticated encryption. This generic solution is very flexible and works well for any pair of (compression, encryption) algorithms. Its downside, however, is the fact that the two algorithms are designed independently. One would expect that designing a single algorithm that compresses and encrypts (called compcrypt) should produce benefits in terms of efficiency and security. The work investigates how to design a compcrypt algorithm using the ANS entropy coding. First, we examine basic properties of ANS and show that a plain ANS with a hidden encoding table can be broken by statistical attacks. Next, we study ANS behavior when its states are chosen at random. Our compcrypt algorithm is built using ANS with randomized state jumps and a sponge MonkeyDuplex encryption. Its security and efficiency are discussed. The design provides 128-bit security for both confidentiality and integrity/authentication. Our implementation experiments show that our compcrypt algorithm processes symbols with a rate up to 269 MB/s (with a slight loss of compression rate) 178 MB/s.

The DRACO Stream Cipher

Stream ciphers are vulnerable to generic time-memory-data tradeoff attacks. These attacks reduce the security level to half of the cipher’s internal state size. The conventional way to handle this vulnerability is to design the cipher with an internal state twice as large as the desired security level. In lightweight cryptography and heavily resource constrained devices, a large internal state size is a big drawback for the cipher. This design principle can be found in the eSTREAM portfolio members Grain and Trivium.Recently proposals have been made that reduce the internal state size. These ciphers distinguish between a volatile internal state and a non-volatile internal state. The volatile part would typically be updated during a state update while the non-volatile part remained constant. Cipher proposals like Sprout, Plantlet, Fruit and Atom reuse the secret key as non-volatile part of the cipher. However, when considering indistinguishability none of the ciphers mentioned above provides security beyond the birthday bound with regard to the volatile internal state. Partially this is due to the lack of a proper proof of security.We present a new stream cipher proposal called Draco which implements a construction scheme called CIVK. In contrast to the ciphers mentioned above, CIVK uses the initial value and a key prefix as its non-volatile state. Draco builds upon CIVK and uses a 128-bit key and a 96-bit initial value and requires 23 % less area and 31 % less power than Grain-128a at 10 MHz. Further, we present a proof that CIVK provides full security with regard to the volatile internal state length against distinguishing attacks. This makes Draco a suitable cipher choice for ultra-lightweight devices like RFID tags.

Machine Learning Methods to Detect Voltage Glitch Attacks on IoT/IIoT Infrastructures.

A majority of modern IoT/IIoT digital systems rely on cryptographic implementations to provide satisfactory levels of security. Hardware attacks such as side-channel analysis attacks or fault injection attacks can significantly degrade and even eliminate the desired level of security of the infrastructure in question. One of the most dangerous attacks of this type is voltage glitch attacks (VGAs), which can change the intended behavior of a system. By effectively manipulating the voltage at a specific time, an error can be injected that can change the intentional conduct and bypass system security features or even extract confidential information such as encryption keys by analyzing incorrect outputs of the firmware. This study proposes an innovative VGAs detection system based on advanced machine learning. Specifically, an innovative semisupervised learning methodology is used that utilizes a hybrid combination of algorithms. Specifically, a heuristic clustering method is used based on a linear fragmentation of group classes. In contrast, the ELM methodology is used as an algorithm for retrieving hidden variables through convex optimization.

Network coding and MPTCP: Enhancing security and performance in an SDN environment

Recently, several attempts have been made to jointly secure end-to-end network communication systems against various malicious attacks, and enhance its performance level. Network coding, which is a step forward towards realizing these systems, promises many advantages such as increased throughput and enhanced reliability. However, several security concerns remain an open issue. A major limitation is the unreliable broadcast nature of network channels. One possible solution is to leverage MPTCP (Multi-Path Transmission Control Protocol), and to utilize a secure variant of the Network Coding (NC) technique to secure reliable data transmission over multiple paths. Such a system is possible when integrated in a Software Defined Networking (SDN) environment. In this paper, the conventional Random Linear Network Coding (RLNC) technique is modified and employed in a secure MPTCP-enabled end-to-end system. This variant is referred to as secret coding, where communicating entities multiply the transmitted data with invertible secret coding matrices to achieve data confidentiality and data availability, while maintaining the desired system performance. Each user will separately derive the coding coefficients of the secret coding matrices from the channel and a common secret, which significantly reduces the communication overhead. The proposed solution exhibits several properties such as high efficiency, flexibility, low error propagation and low execution time. In order to further improve the security and performance of the proposed scheme, the SDN controller is programmed to provide independent paths between the communicating MPTCP users. The obtained results prove that the proposed solution is able to achieve both the desired security level and performance.

THEORETICAL AND METHODOLOGICAL PRINCIPLES OF FORMATION AND USE OF THE MANAGEMENT MECHANISM FOR ENSURING THE FINANCIAL AND ECONOMIC SECURITY OF INDUSTRIAL ENTERPRISES

The functioning and development of enterprises takes place under the condition of changes in the influence of external environmental factors, the emergence of crisis phenomena, threats that have a negative impact on the financial condition, the results of operations, can cause a sharp reduction in indicators. It is various threats and crisis phenomena that can lead to inefficient use of financial resources and the emergence of bankruptcy at enterprises. It was determined that economic security plays an important role for enterprises, which guarantees their protection from the negative impact of internal and external environmental factors, minimizes their impact, and allows to eliminate identified threats. Along with economic, an important role is played by financial security, which is aimed at ensuring the rational use of financial resources, reducing costs, and improving the financial situation. All this determines the importance of ensuring the financial and economic security of enterprises, which is possible by using a set of tools. The need to introduce an improved management mechanism for ensuring financial and economic security, which has theoretical and practical significance, will allow the formation of measures to neutralize the influence of market environment factors, threats, guarantee a high level of security, restore performance indicators, determine the sequence of actions to ensure the desired level of security, methods of countermeasures crisis phenomena. The management mechanism for ensuring the financial and economic security of enterprises consists of interconnected stages, elements, is implemented by following approaches that allow it to be used successfully and achieve the established goal. As part of the mechanism, measures are proposed to neutralize threats, risks, and ways to restore the level of financial and economic security of enterprises, which will guarantee successful functioning in the short and long term.

Traceable Scheme of Public Key Encryption with Equality Test.

Public key encryption supporting equality test (PKEwET) schemes, because of their special function, have good applications in many fields, such as in cloud computing services, blockchain, and the Internet of Things. The original PKEwET has no authorization function. Subsequently, many PKEwET schemes have been proposed with the ability to perform authorization against various application scenarios. However, these schemes are incapable of traceability to the ciphertexts. In this paper, the ability of tracing to the ciphertexts is introduced into a PKEwET scheme. For the ciphertexts, the presented scheme supports not only the equality test, but also has the function of traceability. Meanwhile, the security of the proposed scheme is revealed by a game between an adversary and a simulator, and it achieves a desirable level of security. Depending on the attacker’s privileges, it can resist OW-CCA security against an adversary with a trapdoor, and can resist IND-CCA security against an adversary without a trapdoor. Finally, the performance of the presented scheme is discussed.