Insecure Network Research Articles

Performance Analysis of Cascaded Hybrid Symmetric Encryption Models

Over a few years, there is rapid increase of exchange of data over the net has brought data confidentiality and its privacy to the fore front. Data confidentiality can be achieved by implementing cryptography algorithms during transmission of data which confirms that data remains secure and protected over an insecure network channel. In order to ensure data confidentiality and privacy, cryptography service encryption is used which makes data in unreadable form while the reverse process rearranges data in readable form and known as decryption. All encryption algorithms are intended to provide confidentiality to data, but their performance varies depending on many variables such as key size, type, number of rounds, complexity and data size used. In addition, although some encryption algorithms outperform others, they have been found to be prone to particular attacks. This paper reviews and summarizes the various common hybrid cascaded n-tier encryption models. Additionally, this paper compares and analyzes the performance of common hybrid cascaded 2-tier and 3-tier encryption models obtained during simulation based on encryption/decryption time, avalanche effect and throughput. The models compared with AES are 2-tier models (AES-TWOFISH, AES-BLOWFISH, TWOFISH-AES, BLOWFISH-AES, AES-SERPENT and SERPENT-TWOFISH) and 3-tier models (DES-BLOWFISH-AES, AES-TWOFISH-SERPENT and SERPENT-TWOFISH-AES). The hybrid cascaded model like AES-TWOFISH, AES-BLOWFISH and SERPENT-TWOFISH-AES are better hybrid models with respect to throughput and avalanche effect.

A novel cross cosine map based medical image cryptosystem using dynamic bit-level diffusion

Development in networking technology has made the remote diagnosis and treatment of patients a reality through telemedicine. At the same time, storing and transmitting medical documents over an insecure network has always been a daunting challenge. Literature shows that the existing medical image cryptosystems suffer from serious shortcomings. The present work attempts to address this crucial area and propose a suitable solution. A novel hybrid 2-Dimensional Cross Cosine Map (2D-CCM) with an improved chaotic behaviour cryptosystem is proposed. Chaotic series generated by proposed 2D-CCM is utilized in confusion and diffusion architecture. A new dynamic Bit-Flipping in diffusion approach increases the complexity to achieve good encryption results. Simulation and security level assessment is carried out by executing Statistical and differential attack analysis, key sensitivity and exhaustive attack analysis. Robustness is evidenced by the result of noise and crop attack analysis. In addition, SHA-256 is utilized to feed the seed key value of 2D-CCM to resist plaintext attacks. All the assessment and comparison results illustrate that the cipher possesses enhanced security and efficiency than the existing state of the art. Hence the proposed cipher is absolutely apt for secure medical image communication.

Subtractive Gradient Boost Clustering for Mobile Node Authentication in Internet of Things Aware 5G Networks

The 5G mobile wireless network systems faces a lot of security issues due to the opening of network and its insecurity. The insecure network prone to various attacks and it disrupts secure data communications between legitimate users. Many works have addressed the security problems in 3G and 4G networks in efficient way through authentication and cryptographic techniques. But, the security in 5G networks during data communication was not improved. Subtractive Gradient Boost Clustered Node Authentication (SGBCNA) Method is introduced to perform secure data communication. The subtractive gradient boost clustering technique is applied to authenticate the mobile node as normal nodes and malicious nodes based on the selected features. The designed ensemble clustering model combines the weak learners to make final strong clustering results with minimum loss. Finally, the malicious nodes are eliminated and normal mobile nodes are taken for performing the secured communication in 5G networks. Simulation is carried out on factors such as authentication accuracy, computation overhead and security level with respect to a number of mobile nodes and data packets. The observed outcomes clearly illustrate that the SGBCNA Method efficiently improves node authentication accuracy, security level with minimum overhead than the state-of-the-art-methods.

Robust zero-watermarking scheme based on novel quaternion radial fractional Charlier moments

In this paper, we propose a zero-watermarking scheme based on a new set of quaternion moments called Quaternion Radial Fractional Charlier Moments (QRFrCMs) for the copyright protection of color medical images. The proposed moments are developed from a new type of discrete orthogonal polynomials called Fractional Charlier Polynomials (FrCPs) and from quaternion theory. The robustness of the proposed scheme is ensured thanks to robustness of the proposed quaternion moments against image processing attacks and geometric attacks where the BCR is greater than 98%. In addition, the scheme uses the fractional order of QRFrCMs and a chaotic system based on two-dimensional CML (2DCML) using mixed linear-nonlinear coupling to provide a high level of security. Experimental results show the superiority of the proposed scheme over other recent schemes in terms of robustness against geometric attacks and common image processing attacks. The proposed scheme can be used for the secure transmission of color medical images over insecure networks.

Encryption and Decryption of Images using GGH Algorithm: Proposed

Images are considered as important data used in many fields such as military operations, medical imaging, and astronomy researches. For sending images through an insecure network, it is necessary to develop a secure encryption algorithm when transmitting the images. Three main properties of security services (i.e., confidentiality, integrity, and availability), the confidentiality is the most essential feature for exchanging images. The Goldreich Goldwasser Halevi (GGH) algorithm can be a good method for encrypting images as both the algorithm and sensitive data are represented in numeric matrices. Additionally, the GGH algorithm does not increase the size of the image. However, one of the disadvantages of using the GGH algorithm is the attacking of GGH cryptosystem mainly relied on special properties of the lattice generated. This shortcoming of GGH algorithm has been taken to proposed lattice reduction algorithms. A lattice basis reduction algorithm to get a better basis which is used into encryption and decryption approach.

Multilayered highly secure authentic watermarking mechanism for medical applications

Telemedicine is a technology-based substitute for conventional health care facilities. It symbolizes the practice of medication via indirect means. The foremost requirement for such remote healthcare practices is the communication of highly sensitive data over insecure networks, which demands very high protection of different types of health-related information such as Electronic Patient Record (EPR) and Related Medical images. Consequently, there is a stern need to develop algorithms to secure all confidential information for overall well being. This paper is an effort to propose one multilayer protection mechanism, which not only secures the patient’s transcript but also protects associated medical Images. EPR is embedded in the original medical image resulting in a watermarked medical image, which is further hidden in the reference image. But these two relevant records are given multiple strata of security before concealing and exposed to the insecure channel. Compression and Quantum Encryption of EPR are done, which is then embed into LWT transformed Medical Image, followed by scrambling and compression of all the planes of a watermarked medical image before embedding in different bands of LWT (Lifting Wavelet Transform), transformed reference image. This stride of hiding image is mandatory because original and watermarked medical images are very similar, thus prone to attacks. In order to avoid this, an image steganography technique is used to change the watermarked medical image’s visual structure, which is also referred to as visually meaningful encryption, as popular encryption algorithms give noise-like textures that can attract attackers. For authentication on the accession of records, biometric-based detection along with hash algorithm is also incorporated. Overall results (implemented using MATLAB) show that the proposed mechanism provides a highly secure and authentic medical healthcare system.

A Novel Medical Image Encryption using Cyclic Coding in Covid-19 Pandemic Situation

During this Covid - 19 pandemic situation, encryption of medical images takes a major role in medical information systems as well as in telemedicine. However according to government rule, it is essential to hide the information of the patients. Recent development in computer network enhances a lot of facilities in communication area. Unfortunately, hackers are misusing this facility and always try to attack on the transmitted information in insecure network. For secure transmission of medical images, it is essential to encrypt the information before transmitting. In this communication, we are going to present a novel approach of medical image encryption using cyclic coding. We have proved that it is quite difficult to decrypt the original information from encoded data in one common mode of attacking-chosen ciphertext attack. Moreover, we have proved the effectiveness of the encryption using correlation coefficients. Our proposed scheme is suitable for efficient encoding of multiple medical images.

Efficient single round attribute-based authenticated key exchange protocol

ABSTRACT Attribute-Based Authenticated Key Exchange (ABAKE) protocols allow two or more users to establish a shared key and achieve mutual authentication over an insecure network, while providing fine-grained access control over transmitted data. The existing ABAKE protocols are very inefficient, requiring a large number (polynomial in the size of the access policies) of pairing and exponentiation operations. This presents a major hindrance in the real-world deployment of these protocols. In this work, we present a construction of ABAKE protocol where the number of pairing operations is constant (to be precise only 7) and the number of exponentiation operations is linear to the number of clauses in the disjunctive normal form representing the general access policies. To this end, we construct an Attribute-Based Signcryption (ABSC) scheme with constant number of pairings, and use it as the main building block in our ABAKE construction. This also gives the first construction of ABSC schemes with constant number of pairings for general purpose access policies in the standard model. Another important and desirable feature of our ABAKE construction is that it is round-optimal, i.e. it is a single round protocol. We analyse the security of our ABAKE construction in the Attribute-Based extended Canetti-Krawzyck (ABeCK) model, and prove its security assuming the hardness of a variant of the Bilinear Diffie-Hellman Exponent problem in the random oracle model.

An enhanced and provably secure authentication protocol using Chebyshev chaotic maps for multi-server environment

Multiserver authentication requires users to have only one-time registration for accessing different permissible services securely from various servers over an insecure network. To date, many multiserver authentication protocols have been presented in the literature. Most of them require the registration server’s participation at the time of authentication, leading to increased communication overhead and bandwidth overload of the registration server. Recently, Lee et al. introduced a multiserver authentication protocol using extended chaotic maps that permits registered users and servers to authenticate with each other directly. In this paper, we revisit Lee et al.’s protocol and find that it is insecure against user impersonation and session-specific temporary information attacks. Additionally, the protocol uses timestamps, which may cause serious time synchronization problems. The weaknesses of Lee et al.’s protocol prompted us to propose another protocol based on extended chaotic maps, which is free from serious time synchronization problems, more efficient in terms of computation and communication overheads, and more robust against all known attacks. Furthermore, our protocol adds extra functionality features such as considering the users’ registration expiration, server scalability, and inclusion of two new phases: a deregistration phase and a registration renewal phase for a registered user. Our protocol’s security has been validated using the automated tool ProVerif and proven through formal and informal analyses. With better security protection, fewer complexities, and additional features, the proposed protocol is more suitable for practical use than other related protocols.

On the key composition for post-quantum group messaging and file exchange

Advances in the development of quantum technologies force to create new methods of secure information transfer over insecure networks and channels. In this article, we analyze some important properties of secure group messaging resilient to quantum computer attacks: message authentication and asynchronous key update. We consider options for ensuring message authentication and detect the difference between the requirements for this property in group communications and point-to-point channels. We define the structure of key information and preshared key packages for the new protocol based on the classic X3DH protocol.

An e-healthcare authentication protocol employing cloud computing

Telecare medical information system (TMIS) provides a wide array of medical information to the respective participants (doctor/patient) over insecure networks. The patient medical data is extremely sensitive and confidential along with authentication. This paper presents an architecture for e-healthcare using TMIS system employing a cloud server to store the medical information of registered patients. In addition, the proposed secure authentication protocol comprises a mobile device to ensure secure communication between the participants and contributes a platform for proper communication. To proof authenticity, both formal and informal security analyses have been successfully executed to resist attacks. Moreover, the computation and communication costs of the reported scheme offered better results in comparison to existing literature.

A New Image Encryption Scheme Using Dual Chaotic Map Synchronization

Chaotic systems behavior attracts many researchers in the field of image encryption. The major advantage of using chaos as the basis for developing a crypto-system is due to its sensitivity to initial conditions and parameter tunning as well as the random-like behavior which resembles the main ingredients of a good cipher namely the confusion and diffusion properties. In this article, we present a new scheme based on the synchronization of dual chaotic systems namely Lorenz and Chen chaotic systems and prove that those chaotic maps can be completely synchronized with other under suitable conditions and specific parameters that make a new addition to the chaotic based encryption systems. This addition provides a master-slave configuration that is utilized to construct the proposed dual synchronized chaos-based cipher scheme. The common security analyses are performed to validate the effectiveness of the proposed scheme. Based on all experiments and analyses, we can conclude that this scheme is secure, efficient, robust, reliable, and can be directly applied successfully for many practical security applications in insecure network channels such as the Internet

A Fast Encryption Scheme Suitable for Video Surveillance Applications Using SHA-256 Hash Function and 1D Sine–Sine Chaotic Map

This paper proposes an image encryption technique which is fast and secure. The encryption scheme is designed for secure transmission of video surveillance data (keyframes) over insecure network. The image encryption technique employs 1D Sine–Sine system with better chaotic properties than its seed map and faster than higher-dimensional chaotic systems. Further, design of encryption scheme is based on two permutation rounds, which employs pixel swapping operation and diffusion operation which is simple and provides required security against plaintext, differential and various other attacks. Three separate chaotic sequences are generated using 1D Sine–Sine system which enhances the key space of the encryption scheme. Secret keys are updated dynamically with SHA-256 hash value obtained from plain image. Hash values of plain image are efficiently used without loss of any hash value information. This makes the encryption scheme plaintext sensitive and secure against plaintext attacks. Performance and security aspects of encryption scheme is analyzed both quantitatively using predefined security metrics and qualitatively by scrutinizing the internal working of encryption scheme. Computational complexity of encrypting a plain image of size [Formula: see text] is [Formula: see text] and is suitable for encrypting keyframes of video for secure surveillance applications.

Two-Round Password-Based Authenticated Key Exchange from Lattices

Password-based authenticated key exchange (PAKE) allows participants sharing low-entropy passwords to agree on cryptographically strong session keys over insecure networks. In this paper, we present two PAKE protocols from lattices in the two-party and three-party settings, respectively, which can resist quantum attacks and achieve mutual authentication. The protocols in this paper achieve two rounds of communication by carefully utilizing the splittable properties of the underlying primitive, a CCA (Chosen-Ciphertext Attack)-secure public key encryption (PKE) scheme with associated nonadaptive approximate smooth projection hash (NA-ASPH) system. Compared with other related protocols, the proposed two-round PAKE protocols have relatively less communication and computation overhead. In particular, the two-round 3PAKE is more practical in large-scale communication systems.

A highly nonlinear substitution-box (S-box) design using action of modular group on a projective line over a finite field.

Cryptography is commonly used to secure communication and data transmission over insecure networks through the use of cryptosystems. A cryptosystem is a set of cryptographic algorithms offering security facilities for maintaining more cover-ups. A substitution-box (S-box) is the lone component in a cryptosystem that gives rise to a nonlinear mapping between inputs and outputs, thus providing confusion in data. An S-box that possesses high nonlinearity and low linear and differential probability is considered cryptographically secure. In this study, a new technique is presented to construct cryptographically strong 8×8 S-boxes by applying an adjacency matrix on the Galois field GF(28). The adjacency matrix is obtained corresponding to the coset diagram for the action of modular group on a projective line PL(F7) over a finite field F7. The strength of the proposed S-boxes is examined by common S-box tests, which validate their cryptographic strength. Moreover, we use the majority logic criterion to establish an image encryption application for the proposed S-boxes. The encryption results reveal the robustness and effectiveness of the proposed S-box design in image encryption applications.

Development of an Improved Network Security System using Firewall for Securing Organisational Data

It is eminent that the Internet is far from being secure. Insecure networks have caused organizations to lose lots of money as a result of data loss or data corruption, and even worse, some organizations have also lost their reputation hence reduce the client’s confidence. Therefore, this research focused on the development of an improved network security system using a firewall that can secure both the internal and external network of an organization. The system was developed using both packet filtering and proxy server architectures to prevent unauthorized connection or access to the organization server or resources thereby reducing the risk of attacks to the network and loss of organizational data. The system was implemented using PHP and python programming languages and the backend was developed using MySQL as the database server; HTML, CSS, and JavaScript for the frontend layout. The implementation of this firewall system includes a monitoring admin interface from where most activities within the private network can be monitored and also this system can prevent or deny the unauthorized request of services either by an intruder from an external network or personnel within the network. Based on the findings of this study, the developed system is recommended for any organization that depends on computer networks for the running of their daily activities.

Privacy protection for fog computing and the internet of things data based on blockchain

With the development of the Internet of Things (IoT) field, more and more data are generated by IoT devices and transferred over the network. However, a large amount of IoT data is sensitive, and the leakage of such data is a privacy breach. The security of sensitive IoT data is a big issue, as the data is shared over an insecure network channel. Current solutions include symmetric encryption and access controls to secure the data transfer, but they have some drawbacks such as a single point of failure. Blockchain is a promising distributed ledger technology that can prevent the malicious tampering of data, offering reliable data storage. This paper proposes a distributed access control system based on blockchain technology to secure IoT data. The proposed mechanism is based on fog computing and the concept of the alliance chain. This method uses mixed linear and nonlinear spatiotemporal chaotic systems (MLNCML) and the least significant bit (LSB) to encrypt the IoT data on an edge node and then upload the encrypted data to the cloud. The proposed mechanism can solve the problem of a single point of failure of access control by providing the dynamic and fine-grained access control for IoT data. The experimental results of this method demonstrated that it can protect the privacy of IoT data efficiently.

Fuzzy Adaptive Event-Triggered Secure Control for Stochastic Nonlinear High-Order MASs Subject to DoS Attacks and Actuator Faults

This article investigates the adaptive event-triggered secure control design problem for a class of stochastic nonlinear high-order multiagent systems (MASs) subject to denial-of-service (DoS) attacks and actuator faults. The considered systems contain not only unknown random interference terms but also general nonlinear functions that are not required to be globally Lipschitz, in contrast to most of the existing results in the area. To solve the problem of wasted communication resources, the control signal with the relative threshold strategy is designed via the event-triggered control technique. As a class of cyber–physical systems, the securities of MASs are vulnerable to actuator faults and DoS attacks. When the system suffers from coupled DoS attacks and actuator failures, its performance will deteriorate rapidly and even the controlled system will collapse. To overcome this difficulty, a novel fault-tolerant and antiattack control method is proposed, which enables the system to achieve the security control objective even in an insecure network and physical environment. The stability analysis of the system is given by combining the adaptive backstepping recursive design process with stochastic Lyapunov stability theory. It is demonstrated that all the signals of the closed-loop systems are semiglobally uniformly ultimately bounded in probability. Finally, a simulation example is given to illustrate the effectiveness and advantages of the presented scheme.

A secure visual secret sharing (VSS) scheme with CNN-based image enhancement for underwater images

Nowadays, underwater images are being used to identify various important resources like objects, minerals, and valuable metals. Due to the wide availability of the Internet, we can transmit underwater images over a network. As underwater images contain important information, there is a need to transmit them securely over a network. Visual secret sharing (VSS) scheme is a cryptographic technique, which is used to transmit visual information over insecure networks. Recently proposed randomized VSS (RVSS) scheme recovers secret image (SI) with a self-similarity index (SSIM) of 60–80%. But, RVSS is suitable for general images, whereas underwater images are more complex than general images. In this paper, we propose a VSS scheme using super-resolution for sharing underwater images. Additionally, we have removed blocking artifacts from the reconstructed SI using convolution neural network (CNN)-based architecture. The proposed CNN-based architecture uses a residue image as a cue to improve the visual quality of the SI. The experimental results show that the proposed VSS scheme can reconstruct SI with almost 86–99% SSIM.

A Secure and Lightweight Protocol for Message Authentication in Wireless Sensor Networks

Securing messages and protecting them from tampering during transmission in wireless sensor networks is a challenging task. Using message authentication schemes provides security and authentication, but with a high computational and communication cost. Sensors are highly constrained in terms of computational capabilities and power consumption. Therefore, computation is divided into two phases: online (at the sensor) and offline (at a more powerful central node). Moreover, public keys are generated based on the identities to reduce communication overhead. In this article, we propose a message authentication scheme based on identity that uses online/offline signature. We prove that the scheme provides and protects the integrity of messages during the transmission of data over an insecure network. Our scheme is existential unforgeable against chosen message attack.