Key Management System Research Articles

(OFC 2024) Comparison of Distributed and Centralized Quantum Key Management Systems for Meshed QKD Networks

(OFC 2024) Comparison of Distributed and Centralized Quantum Key Management Systems for Meshed QKD Networks

On the Proof of Ownership of Digital Wallets

With the widespread adoption and increasing application of blockchain technology, cryptocurrency wallets used in Bitcoin and Ethereum play a crucial role in facilitating decentralized asset management and secure transactions. However, wallet security relies heavily on private keys, with insufficient attention to the risks of theft and exposure. To address this issue, Chaum et al. (ACNS’21) proposed a “proof of ownership” method using a “backup key” to prove ownership of private keys even when exposed. However, their interactive proof approach is inefficient in large-scale systems and vulnerable to side-channel attacks due to the long key generation time. Other related schemes also suffer from low efficiency and complex key management, increasing the difficulty of securely storing backup keys. In this paper, we present an efficient, non-interactive proof generation approach for ownership of secret keys using a single backup key. Our approach leverages non-interactive zero-knowledge proofs and symmetric encryption, allowing users to generate multiple proofs with one fixed backup key, simplifying key management. Additionally, our scheme resists quantum attacks and provides a fallback signature. Our new scheme can be proved to capture unforgeability under the computational indistinguishability from the Uniformly Random Distribution property of a proper hash function and soundness in the quantum random oracle model. Experimental results indicate that our approach achieves a short key generation time and enables an efficient proof generation scheme in large-scale decentralized systems. Compared with state-of-the-art schemes, our approach is applicable to a broader range of scenarios due to its non-interactive nature, short key generation time, high efficiency, and simplified key management system.

Real-Time Diagnostics on a QKD Link via QBER Time-Series Analysis.

The integration of QKD systems in metro optical networks raises challenges that cannot be fully resolved with current technological means. In this work, we devised a methodology for identifying different types of impairments for a QKD link embedded in a communication network. Identification occurs in real time using a supervised machine learning model designed for this purpose. The model takes only QBER and SKR time-series data as the input, making its applicability not restricted to any specific QKD protocol or system. The output of the model specifies the working conditions for the QKD link, which is information that can be valuable for users and key management systems.

A Trust Establishment and Key Management Architecture for Hospital-at-Home

The landscape of healthcare is experiencing a digitalization shift, transferring many medical activities to the patients’ homes, a phenomenon commonly referred to as Hospital-at-Home. While Internet of Things (IoT) devices facilitate the building of such systems, there is a need for powerful middleware that encapsulates device-to-device communication, and enables the construction of user-friendly, secure, and robust Hospital-at-Home systems. A key challenge for such middleware is to build a trustworthy and lightweight key management system allowing different devices in the system to exchange messages securely. In this paper we present a simple, easily manageable and scalable such architecture which, in addition, supports long term data protection using post-quantum cryptographic primitives. Our proposed solution utilizes a Merkle tree to enable the IoT devices to establish trust between each other automatically, even in the absence of Internet connection. We have implemented the architecture and present performance figures as well as a security analysis of our approach.

Financial flow management of trading companies based on business process modeling

The issues of process approach implementation in enterprise financial flows management system have been highlighted. The stages of financial flows management within the framework of business processes model have been defined. The advantages of the balanced scorecard have been revealed. The approach to financial flows management based on business process models and their optimization methods has been proposed. The approach to enterprise process management is based on the Deming-Shewhart cycle. The strategic map has been considered as tools for process management and metrics control. The composition of balanced scorecard has been proposed, reflecting the dependence of profit, accounts receivable, and equity turnover rate on the key indicators of cost, fragmentation. and time of fulfilling tasks of the AS-IS and TO-BE business process models. The cause-and-effect relationships between the business processes tasks and a company’s financial performance have been considered. The paper presents the results of the analysis and visualization of the dynamics of change in indicators depending on business process model transformation. In order to reduce risks and increase the efficiency of implementing process optimization results, a number of simulation experiments have been conducted for a company actively developing online sales channels. Practical recommendations have been developed and changes in the key business process management system justified. The system effect from simulation modeling results implementation has been obtained.

Use of Blockchain Technology for Management of Guest Room Keys

Purpose of the study: The hospitality industry is undergoing a transformation with the advent of blockchain technology, especially in hotel keys management. This chapter explores the use of blockchain to manage hotel guest room keys, focusing on its applications, benefits, and future ramifications. Methodology: The chapter begins by clarifying the basic concepts of blockchain, outlining its functionality as a decentralized distributed ledger system and then explores the challenges of traditional core system design and introduces blockchain-based key management solutions. This solution uses cryptographic encryption and decentralized access control mechanisms, integrating smart contracts to automate processes. Main Findings: Blockchain-based key management systems generate and distribute secure digital keys to guest smartphones, protecting it from unauthorized access and tampering blockchain’s immutable recordkeeping for a tamper-proof audit trail, enhancing security and accountability. Hotel networks allow guests to use digital keys in multiple ways, and connecting IoT devices allows for remote control and personalized experiences. Applications of the study: Blockchain technology provides a robust alternative to traditional hotel key management systems, improving security, transparency, and operational efficiency. Future trends, including artificial intelligence and machine learning, promise new innovations. A strategic and collaborative approach is recommended to maximize the benefits of blockchain in the hospitality industry. Novelty/Originality of the study: This chapter provides valuable insights for practitioners and researchers aiming to harness the transformative power of blockchain.

Advancements in Securing Cloud-Stored Data and Managing Sensitive Information: A Comprehensive Review of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Techniques

Abstract—The exploring comprehensive review of cutting-edge techniques for securing cloud-stored data and managing sensitive information in the context of smart cities through the application of Ciphertext-Policy Attribute-Based Encryption (CP-ABE). It highlights the innovative integration of blockchain technology with CP-ABE, which introduces a decentralized and tamper- resistant key management system, thereby enhancing the overall security framework in cloud environments where data sharing is prevalent. Introducing an online/offline multi-authority CP- ABE scheme, characterized by hidden policies, offers significant advancements in protecting user attributes and access structures, ensuring that sensitive information remains confidential even during encryption and decryption processes. This dual approach not only fortifies security but also optimizes the efficiency of data- sharing mechanisms. Furthermore, the paper delves into imple- menting hidden sensitive policies and keyword search techniques within smart city infrastructures, which are designed to facilitate secure and efficient data retrieval. These techniques ensure that while data remains accessible to authorized users, privacy is rigorously maintained. Collectively, these approaches represent significant strides in bolstering the security and confidentiality of data in both cloud-based and smart city applications, addressing the growing demand for robust and efficient data management solutions in increasingly interconnected environments. Index Terms—Ciphertext-Policy Attribute-Based Encryption (CP-ABE), Blockchain, Key Management, Decentralized Secu- rity, Cloud-Stored Data, Yolo V7, Explainable AI (XAI), On- line/Offline Multi-Authority Scheme, Hidden policies, Privacy Preservation, Data Protection, Secure Data Management

An Efficient Image Encryption Scheme for Medical Image Security

In the contemporary landscape of digital healthcare, the confidentiality and integrity of medical images have become paramount concerns, necessitating the development of robust security measures. This research endeavors to address these concerns by proposing an innovative image encryption scheme tailored specifically for enhancing medical image security. The proposed scheme integrates a sophisticated blend of symmetric and asymmetric encryption techniques, complemented by a novel key management system, to fortify the protection of medical image data against unauthorized access and malicious tampering. The proposed DNA-based encryption algorithm leverages the unique properties of DNA encoding to securely scramble image data, providing an added layer of protection. By utilizing DNA sequences in the encryption and decryption processes, the scheme achieves a high level of data confusion and diffusion, significantly enhancing security. The efficacy of the proposed encryption scheme is validated through comprehensive experimental evaluations, which demonstrate its proficiency in ensuring data security while maintaining computational efficiency. The scheme's compatibility with existing medical imaging systems is also examined, affirming its seamless integration into contemporary healthcare infrastructures. This research contributes to the advancement of medical image security by proposing an efficient encryption scheme that strikes a balance between stringent security requirements and practical implementation considerations. The primary contributions include the development of a DNA-based encryption algorithm and a novel key management system, both of which significantly enhance the security of medical images. This research contributes to the advancement of medical image security by proposing an efficient encryption scheme that strikes a balance between stringent security requirements and practical implementation considerations. By safeguarding the confidentiality and integrity of medical images, the proposed scheme empowers healthcare providers to uphold patient privacy and trust in the digital age. Experimental results show that this approach ensures robust encryption without compromising image quality, making it suitable for sensitive medical imaging applications.

Protecting Instant Messaging Notifications against Physical Attacks: A Novel Instant Messaging Notification Protocol Based on Signal Protocol

Over the years, there has been a significant surge in the popularity of instant messaging applications (IMAs). However, the message notification functionality in IMAs exhibits certain limitations. Some IMAs fail to alert users about new messages after their phone restarts unless they unlock the phone. This is a consequence of end-to-end encryption (E2EE) and the app not knowing the message is in the queue until the app decrypts it. This approach using E2EE is used to prevent offline attacks, as the key is unavailable to decrypt the notification messages. In this paper, we introduce a novel design and implementation of a message notification protocol for IMAs based on the Signal protocol. The proposed protocol aims to securely display notifications on a locked device and ensures that cryptographic keys are stored in a location that is isolated from the user’s device to prevent offline attacks. This approach enhances the security of private key storage, safeguarding private keys against various external threats. The innovative design strengthens the off-site key management system, rendering it resilient against offline attacks and mitigating the risk of key compromise. Additionally, the proposed protocol is highly efficient, requiring no specialized hardware for implementation. It offers confidentiality of cryptographic keys and protection against offline attacks, further enhancing the overall security of the system. We evaluate the protocol’s effectiveness by analyzing multiple independent implementations that pass a suite of formal tests via ProVerif.

A Secure Protocol Authentication Method Based on the Strand Space Model for Blockchain-Based Industrial Internet of Things

The rapid development of the Industrial Internet of Things (IIoT) and its application across various sectors has led to increased interconnectivity and data sharing between devices and sensors. While this has brought convenience to users, it has also raised concerns about information security, including data security and identity authentication. IIoT devices are particularly vulnerable to attacks due to their lack of robust key management systems, efficient authentication processes, high fault tolerance, and other issues. To address these challenges, technologies such as blockchain and the formal analysis of security protocols can be utilized. And blockchain-based Industrial Internet of Things (BIIoT) is the new direction. These technologies leverage the strengths of cryptography and logical reasoning to provide secure data communication and ensure reliable identity authentication and verification, thereby becoming a crucial support for maintaining the security of the Industrial Internet. In this paper, based on the theory of the strand space attack model, we improved the Fiber Channel Password Authentication Protocol (FACP) security protocol in the network environment based on symmetric cryptography and asymmetric cryptography. Specifically, in view of the problem that the challenge value cannot reach a consensus under the symmetric cryptography system, and the subject identity cannot reach a consensus under the asymmetric cryptography system, an improved protocol is designed and implemented to meet the authentication requirements, and the corresponding attack examples are shown. Finally, the effectiveness and security of the protocol were verified by simulating different networking environments. The improved protocol has shown an increase in efficiency compared with the original protocol across three different network configurations. There was a 6.43% increase in efficiency when centralized devices were connected to centralized devices, a 5.81% increase in efficiency when centralized devices were connected to distributed devices, and a 6.32% increase in efficiency when distributed devices were connected to distributed devices. Experimental results show that this protocol can enhance the security and efficiency of communication between devices and between devices and nodes (servers, disks) in commonly used Ethernet passive optical network (EPON) environments without affecting the identity authentication function.

Analisis Pengaruh Keterlibatan Pengguna, Dukungan Manajemen Puncak terhadap Kinerja Sistem Informasi Akuntansi

The use of a computerized accounting information system can help in the processing of company data so that from this data it will produce information that is useful for the company. This study uses a systematic approach to review the literature. The results of this research aim to determine the influence of formalization of system development, the involvement of AIS users, to provide real experience about the use of computerized information systems can help organize business information in such a way that it produces useful information for business. This study uses a systematic literature review. The results to find out the research aimed at the results of system development, the role of users of accounting information systems, analyze the impact of accounting system performance and the user's ability to work on projects, and provide empirical evidence. This research method uses the systematic review method (SLR) to analyze journals and articles. In addition, the purpose of this study is to determine the impact of user understanding level, peak management support, and user interest in performance. By analyzing journals and articles published between 2015 and 2024, the study focuses on the impact of key management systems that help users participate in the performance of accounting systems. Fifty journals are used as sources in this journal research. The impact of the accounting information system and the user's ability depends on the business's motivation for the process. This research method uses the systematic review method (SLR) to analyze journals and articles. In addition, the purpose of this study is to determine the impact of user understanding level, peak management support, and user interest in performance. An analysis of journals and articles published between 2015 and 2024, focusing on the influence of senior management on user participation in the performance of accounting systems, Fifty journals were used as sources in this journal study.

Considerations for Decision Makers and Developers Toward the Adoption of Decentralized Key Management Systems Technology in Emerging Applications

Considerations for Decision Makers and Developers Toward the Adoption of Decentralized Key Management Systems Technology in Emerging Applications

Study of Network Security Based on Key Management System for In-Vehicle Ethernet

Study of Network Security Based on Key Management System for In-Vehicle Ethernet

Distributed Group Key Management Based on Blockchain

Against the backdrop of rapidly advancing cloud storage technology, as well as 5G and 6G communication technologies, group key management faces increasingly daunting challenges. Traditional key management encounters difficulties in key distribution, security threats, management complexity, and issues of trustworthiness. Particularly in scenarios with a large number of members or frequent member turnover within groups, this may lead to security vulnerabilities such as permission confusion, exacerbating the security risks and management complexity faced by the system. To address these issues, this paper utilizes blockchain technology to achieve distributed storage and management of group keys. This solution combines key management with the distributed characteristics of blockchain, enhancing scalability, and enabling tracking of malicious members. Simultaneously, by integrating intelligent authentication mechanisms and lightweight data update mechanisms, it effectively enhances the security, trustworthiness, and scalability of the key management system. This provides important technical support for constructing a more secure and reliable network environment.

DATA FINDING, SHARING AND DUPLICATION REMOVAL IN THE CLOUD

Deduplication involves eliminating duplicate or redundant data to reduce stored data volume, commonly used in data backup, network optimization, and storage management. However, traditional deduplication methods have limitations with encrypted data and security. The primary objective of this project is to develop new distributed deduplication systems that offer increased reliability. In these systems, data chunks are distributed across the Hadoop Distributed File System (HDFS), and a robust key management system is utilized to ensure secure deduplication with slave nodes. Instead of having multiple copies of the same content, deduplication removes redundant data by retaining only one physical copy and referring other instances to that copy. The granularity of deduplication can vary, ranging from an entire file to a data block. The MD5 and 3DES algorithms are used to enhance the deduplication process. The proposed approach in this project is the Proof of Ownership (POF) of the file. With this method, deduplication can effectively address the issues of reliability and label consistency in HDFS storage systems. The proposed system has successfully reduced the cost and time associated with uploading and downloading data, while also optimizing storage space. Key Words: Cloud computing, data storage, file checksum algorithms, computational infrastructure, duplication.

CLOUD BASED DUPLICATION REMOVAL SYSTEM

Deduplication involves eliminating duplicate or redundant data to reduce stored data volume, commonly used in data backup, network optimization, and storage management. However, traditional deduplication methods have limitations with encrypted data and security. The primary objective of this project is to develop new distributed deduplication systems that offer increased reliability. In these systems, data chunks are distributed across the Hadoop Distributed File System (HDFS), and a robust key management system is utilized to ensure secure deduplication with slave nodes. Instead of having multiple copies of the same content, deduplication removes redundant data by retaining only one physical copy and referring other instances to that copy. The granularity of deduplication can vary, ranging from an entire file to a data block. The MD5 and 3DES algorithms are used to enhance the deduplication process. The proposed approach in this project is the Proof of Ownership (POF) of the file. With this method, deduplication can effectively address the issues of reliability and label consistency in HDFS storage systems. The proposed system has successfully reduced the cost and time associated with uploading and downloading data, while also optimizing storage space. Key Words: Cloud computing, data storage, file checksum algorithms, computational infrastructure, duplication.

Management Information Systems and Correlation Between E-Business and Information Security from a Business Intelligence Perspective

The research focus was motivated by the emergence of electronic business which increased during and after the COVID-19 pandemic. The research is a literature review and its purpose is to build awareness about the importance of information security and to analyze the correlation between information security and electronic business in an environment where electronic business is emerging and the gap between electronic business and information security is enlarging. The research is a review of peer-reviewed articles retrieved from case studies, empirical research, case analysis, literature reviews, comparative studies, systematic reviews, and conceptual analysis dating from the years of 2018 to 2023. This literature review defines four business intelligence concepts: management information systems, value driven business, electronic business, and information security. This literature review also reveals the effects of all four business intelligence concepts on organizations’ decision-making and financial objectives. Findings of this literature review revealed that electronic businesses need a stronger risk management approach regarding information security. The conclusion shows that the current technological approach and information security tools such as encryption key management, mantraps, and network intrusion detection systems do not ensure trust and/or eliminate digital security risks.

Enhancing IoT security using lightweight key management with PRESENT for resource-constrained devices

The increasing number of Internet of Things (IoT) devices in different areas has led to worries about their susceptibility to security risks because of their limited resources. This study aims to improve IoT security by utilizing a streamlined key management system based on the PRESENT block cipher algorithm. The proposed method is compared to TinyIKE and Elliptic Curve Diffie-Hellman (ECDH) using key parameters like Encryption Time, Decryption Time, Storage Usage, Energy Consumption, and Key Entropy. The paper’s introduction contextualizes the importance of securing IoT devices, highlighting the difficulties caused by their restricted computational capabilities. The research proposes using the PRESENT algorithm for key management systems because of its lightweight characteristics and compatibility with resource-limited environments. The proposed method will be thoroughly analyzed across different parameters to evaluate its performance in comparison to current solutions. The research shows that the suggested lightweight key management scheme using PRESENT is more effective than TinyIKE and ECDH in Encryption Time, Decryption Time, Storage Usage, Energy Consumption, and Key Entropy. The results demonstrate the effectiveness of the suggested approach in meeting the particular security needs of IoT devices with limited resources. This research enhances IoT security by proposing a lightweight key management method that efficiently tackles the issues caused by resource-limited devices. The comparative analysis demonstrates that the proposed method outperforms others, indicating its potential as an effective solution for securing IoT ecosystems in practical scenarios.

A Hybrid Key Management Approach for enhancing Data Sharing Security with Insider Threat Detection

The secure sharing of group data in cloud environments poses challenges, particularly when attempting to identify individuals engaging in fraudulent behaviors. While existing studies have touched upon this issue, this research introduces a novel key management strategy that prioritizes crucial features such as performance, accuracy, and trustworthiness. In the context of cloud data sharing, several key points are considered, including the precise assignment of privileges to groups, the tracking of reports containing sensitive user information, the monitoring of user or group misconduct using an innovative key management technique, and timely alerting of the cloud owner. The proposed novel key management technique adopts a level-wise authorization process, diligently recording all actions based on the rights assigned to perform specific tasks. Performance, accuracy, and trustworthiness metrics are then evaluated against a set of well-defined strategies, and the results are effectively visualized. The efficiency of this approach is assessed and visualized in results. This ensures the approach's robustness and suitability for various cloud environments. By addressing the challenges associated with identifying misbehaving attitudes in cloud settings, an efficient and trustworthy key management system is ensured. The proposed approach enhances data security and the integrity of information sharing in the cloud, benefiting individual users and businesses alike. Ultimately, this innovative solution contributes to creating a safer and more reliable cloud computing environment, fostering seamless collaboration and information sharing among users while safeguarding their valuable data.

A NavCom Signal Authentication Scheme Based on Twice Two-Way Satellite Time Transfer

Low Earth Orbit (LEO) satellite communication systems typically achieve identity authentication through the encryption and decryption of two-way information, which requires complex key management systems. In contrast, the integration of navigation and communication (NavCom) signals provides novel opportunities for physical observation and authentication solutions due to its measurement functions. This paper introduces a novel signal authentication scheme based on twice two-way satellite time transfer (TWSTT) for LEO satellite systems. It leverages the non-mutated nature of the clock difference to ascertain the legitimacy of the signal by measuring the clock difference of signals at different instances. Unlike traditional authentication methods, this approach directly exploits the temporal and spatial characteristics of the signal, negating the necessity for intricate authorization key systems. Additionally, it adeptly tackles the challenges posed by spoofing interference. The performance analysis indicates that this scheme can achieve a high detection probability for the repeater spoofing signal in the low carrier-to-noise ratio conditions.