Message Authentication Code Research Articles

Implementation of an Image Tampering Detection System with a CMOS Image Sensor PUF and OP-TEE

Since image recognition systems use image data acquired by image sensors for analysis by AI technology, an important security issue is guaranteeing the authenticity of data transmitted from image sensors to successfully perform inference using AI. There have been reports of physical attacks on image sensor interfaces by tampering with images to cause misclassifications in AI classification results. As a countermeasure against these attacks, it is effective to add authenticity to image data with a message authentication code (MAC). For the implementation of this, it is important to have technologies for generating MAC keys on image sensors and to create an environment for secure MAC verification on the host device. For MAC key generation, we used the CIS-PUF technology, which generates MAC keys from PUF responses and random numbers from CMOS image sensor variations. For the secure MAC verification, we used TEE technology, which executes security-critical processes in an environment isolated from the normal operating system. In this study, we propose and demonstrate an image tampering detection system based on MAC verification with CIS-PUF and OP-TEE in an open portable TEE on an ARM processor. In the experiments, we demonstrated a system that computed and transmitted MAC for captured images using the CIS-PUF key and then performed MAC verification in the secure world of the OP-TEE.

Secure and Efficient Authentication using Linkage for permissionless Bitcoin network

The cryptocurrency’s permissionless and large-scale broadcasting requirements prohibit the traditional authentication implementation on the blockchain’s underlying peer-to-peer (P2P) networking. Thus, blockchain networking implementations remain vulnerable to networking integrity threats such as spoofing or hijacking. We design Secure and Efficient Authentication using Linkage (SEAL) to build connection security for permissionless Bitcoin networking. SEAL uses the linkage between the packets for a symmetric operation, in contrast to the traditional authentication approach relying on identity-credential-based trust. To make it appropriate for cryptocurrency networking, SEAL utilizes the packet header, protects the end-to-end connection, and separates the online process and the offline process so that the real-time overhead is minimal for greater efficiency and practicality. We implement SEAL on a functioning Bitcoin node and demonstrate that SEAL operates efficiently with minimal overhead. Specifically, it reduces the hash rate by only 1.3% compared to an unsecured node. Additionally, we use a network simulator to emulate the Bitcoin Mainnet and analyze SEAL’s impact on block propagation delay. SEAL yields 2.04 times smaller delay and 1.25 times smaller delay in block propagation than HMAC and ChaCha20-Poly1305, respectively. The key advantage of SEAL is that it requires fewer hash computations and simpler mixing operations, resulting in significantly lower computational overhead compared to traditional authentication schemes based on message authentication codes (MACs).

Leveraging quantum uncertainty: Quantum randomness through the lens of classical communication networks

The generation of random numbers and the study of its properties have been an elusive field for a fair portion of the century. The application of random numbers is employed in many use cases such as cryptography, neural networks, numerical simulation, and gambling. The performance of each of these use cases is profoundly impacted by the employed random numbers; henceforth, the quality of randomness is of critical importance when it comes to their usage. A poorly generated random number can make a security system vulnerable, or any numerical or statistical evaluation misleading. Although various modes of classical random number generators exist and still function to provide strong cryptographic properties, emergence of quantum mechanical randomness has shed light on a novel path of generating certified randomness which supersedes the classical counterpart in terms of security. Harnessing quantum mechanical phenomena enables generation of true random numbers which can be certified and further implemented to elevate the net quality of the specific use cases. In this work, we generate and analyze random numbers from three different sources — 50: 50 beam splitter (BS), quantum key distribution (QKD) setup with classical post-processing scheme, and a commercially available quantum random number generator (QRNG) (ID Quantique (IDQ)). The quality of the generated random numbers from the various sources is checked in statistical tests and compared. Further on, we have developed a system which implements the QRNG-based random numbers to facilitate message authentication code (MAC) and one time password (OTP) protocols, demonstrating a communication network application. In this manner we discuss about a network which integrates quantum mechanics to the current classical networking approaches to enhance certain aspects of the networking protocol — in this case, the security.

BSSN-SDNs: A Blockchain-Based Security Service Negotiation for the SDN Interdomain

The security requirements for SDN (Software-Defined Network) cross-domain communication are diverse and dynamically changing; thus, a security service negotiation function is required for the SDN interdomain. However, the SDN interdomain distributed communication environment leads to a lack of trustworthiness and security. Therefore, this paper proposes a blockchain-based SDN interdomain security service negotiation mechanism, BSSN-SDNs, to provide automatic, secure, and trustworthy SDN interdomain security service negotiation. BSSN-SDNs proposes a three-layer reference architecture that enables joint on-chain and off-chain work by extending the security service negotiation module and blockchain client on the controller and deploying security service negotiation smart contracts on the blockchain. It especially adopts non-interactive key exchange and the message authentication code to ensure the confidentiality of the secure service negotiated on-chain. Finally, the timeliness as well as security and trustworthiness of BSSN-SDNs are analyzed, and the FISCO BCOS-based experiment results show that the delay of BSSN-SDNs is acceptable and is positively correlated with the number of policies and the number of SDN domains involved in negotiation.

A Quantum-Resistant Identity Authentication and Key Agreement Scheme for UAV Networks Based on Kyber Algorithm

Unmanned aerial vehicles (UAVs) play a critical role in various fields, including logistics, agriculture, and rescue operations. Effective identity authentication and key agreement schemes are vital for UAV networks to combat threats. Current schemes often employ algorithms like elliptic curve cryptography (ECC) and Rivest–Shamir–Adleman (RSA), which are vulnerable to quantum attacks. To address this issue, we propose LIGKYX, a novel scheme combining the quantum-resistant Kyber algorithm with the hash-based message authentication code (HMAC) for enhanced security and efficiency. This scheme enables the mutual authentication between UAVs and ground stations and supports secure session key establishment protocols. Additionally, it facilitates robust authentication and key agreement among UAVs through control stations, addressing the critical challenge of quantum-resistant security in UAV networks. The proposed LIGKYX scheme operates based on the Kyber algorithm and elliptic curve Diffie–Hellman (ECDH) key exchange protocol, employing the HMAC and pre-computation techniques. Furthermore, a formal verification tool validated the security of LIGKYX under the Dolev–Yao threat model. Comparative analyses on security properties, communication overhead, and computational overhead indicate that LIGKYX not only matches or exceeds existing schemes but also uniquely counters quantum attacks effectively, ensuring the security of UAV communication networks with a lower time overhead for authentication and communication.

A KEYED CAYLEY HASH FUNCTION USING DISCRETE HEISENBERG GROUP

We introduce a New Cryptographic Hash functions using Discrete Heisenberg Group by concatenating the key to it, which will give a new hashed values corresponding to the keyed generators.The new Keyed Hash functions using Discrete Heisenberg Group will enhance the security properties of the Cayley Hash Functions.

PENERAPAN ADVANCED ENCRYPTION STANDARD UNTUK SISTEM LOGIN DAN REGISTRASI PADA SISTEM INFORMASI PENJUALAN (STUDI KASUS:TOKO ILHAM BANJAR)

Data security in sales information systems has become a critical priority in today's digital era. Ilham Banjar Store needs a system that can effectively protect user data, especially in login and registration features, which are vulnerable to security threats. The lack of encryption mechanisms in the current system results in user data, such as passwords, being transmitted in plaintext, increasing the risk of unauthorized access and data modification. Therefore, this study aims to enhance the security of the Ilham Banjar Store's sales information system by implementing the Advanced Encryption Standard (AES) 256-bit Cipher Block Chaining (CBC) method in the login and registration processes. The research method used is Research and Development (RD), consisting of stages such as literature review, needs analysis, system design, implementation, testing, evaluation, and analysis. The implementation of the Advanced Encryption Standard (AES) involves the encryption processes of AddRoundKey, SubBytes, ShiftRows, and MixColumns, and the decryption processes are the inverse of these encryption steps. Testing includes measuring encryption and decryption times as well as verifying data integrity using HMAC (Hash-Based Message Authentication Code). The research results show that the performance testing indicates encryption and decryption times remain within acceptable limits, and the encrypted and decrypted data maintain their integrity. Thus, the new system meets both security and performance requirements.

Fast AES-Based Universal Hash Functions and MACs

Ultra-fast AES round-based software cryptographic authentication/encryption primitives have recently seen important developments, fuelled by the authenticated encryption competition CAESAR and the prospect of future high-profile applications such as post-5G telecommunication technology security standards. In particular, Universal Hash Functions (UHF) are crucial primitives used as core components in many popular modes of operation for various use-cases, such as Message Authentication Codes (MACs), authenticated encryption, wide block ciphers, etc. In this paper, we extend and improve upon existing design approaches and present a general framework for the construction of UHFs, relying only on the AES round function and 128-bit word-wide XORs. This framework, drawing inspiration from tweakable block ciphers design, allows both strong security arguments and extremely high throughput. The security with regards to differential cryptanalysis is guaranteed thanks to an optimized MILP modelling strategy, while performances are pushed to their limits with a deep study of the details of AES-NI software implementations. In particular, our framework not only takes into account the number of AES-round calls per message block, but also the very important role of XOR operations and the overall scheduling of the computations.We instantiate our findings with two concrete UHF candidates, both requiring only 2 AES rounds per 128-bit message block, and each used to construct two MACs. First, LeMac, a large-state primitive that is the fastest MAC as of today on modern Intel processors, reaching performances of 0.068 c/B on Intel Ice Lake (an improvement of 60% in throughput compared to the state-of-the-art). The second MAC construction, PetitMac, provides an interesting memory/throughput tradeoff, allowing good performances on many platforms.

Performance Evaluation of Genetic Algorithm-Driven Blockchain Encryption for EHR Management and Validation

In the realm of electronic health record (EHR) management, ensuring robust security and validation mechanisms is paramount due to the sensitive nature of healthcare data. This research focuses on the performance evaluation of a genetic algorithm-driven blockchain encryption approach for enhancing EHR security and validation. The proposed method leverages genetic algorithms to optimize encryption parameters within a blockchain framework, aiming to safeguard patient privacy and prevent unauthorized access. By integrating advanced cryptographic techniques like Elliptic Curve Cryptography (ECC) and Keyed-Hash Message Authentication Code (HMAC)-based authentication, along with machine learning for data classification. The evaluation of the approach holds significant promise in advancing secure EHR management practices, addressing critical challenges in data privacy and integrity within healthcare environments. Finally, as a result, this study presents a comparative analysis of cryptographic systems genetic algorithm-driven blockchain encryption (GADBE)+ECC and GADBE+ Advanced Encryption Standard (AES), focusing on the scaling of encryption and decryption times relative to key sizes and data volumes. Results show that both systems exhibit increasing times with larger key sizes and data sizes. ECC consistently demonstrates superior speed over AES, with decryption times ranging from 0.4 to 3.5 seconds for key sizes from 128 to 512 bits, indicating potential performance advantages of ECC in cryptographic applications.

Enhancing Efficiency and Security in MTC Environments: A Novel Strategy for Dynamic Grouping and Streamlined Management

This study presents a new strategy to improve security and efficiency in Machine-Type Communication (MTC) networks, addressing the drawbacks of the existing Adaptive Hierarchical Group-based Mutual Authentication and Key Agreement (AHGMAKA) protocol. The AHGMAKA protocol, crucial for securing communication within groups of devices with limited resources, has been found to cause significant operational delays and inefficiencies. Our proposed solution integrates advanced cryptographic methods, including an optimized Authenticated Message Authentication Code (AMAC) and lightweight encryption, sophisticated optimization algorithms for dynamic grouping, and an efficient, lightweight group management protocol. It also introduces adaptive network management strategies to customize performance according to the needs of MTC networks. The effectiveness of this approach has been validated through empirical analysis, showing considerable improvements in operational performance and energy efficiency. These improvements mark a significant step toward achieving an optimal balance between efficiency and security for MTC networks. However, the research acknowledges ongoing challenges, including the trade-off between security and efficiency and the issue of compatibility with older devices, suggesting these as areas for future study. The paper outlines potential research paths, including using machine learning for better group management, adopting post-quantum cryptographic methods, applying hardware acceleration, and pushing to standardize these technologies. This work significantly advances the field of secure and efficient communication in MTC, a critical component of the growing Internet of Things (IoT) landscape, setting the stage for future breakthroughs.

Authorization of Aadhar data using Diffie Helman key with enhanced security concerns

In today’s digital era, the security of sensitive data such as Aadhaar data is of utmost importance. To ensure the privacy and integrity of this data, a conceptual framework is proposed that employs the Diffie-Hellman key exchange protocol and Hash-based Message Authentication Code (HMAC) to enhance the security. The proposed system begins with the preprocessing phase, which includes removing noise, standardizing formats and validating the integrity of the data. Next, the data is segmented into appropriate sections to enable efficient storage and retrieval in the cloud. Each segment is further processed to extract meaningful features, ensuring that the relevant information is preserved while reducing the risk of unauthorized access. For safeguarding the stored Aadhaar data, the system employs the Diffie-Hellman key exchange protocol which allows the data owner and the cloud service provider to establish a shared secret key without exposing it to potential attackers. Additionally, HMAC is implemented to verify the identity of users during the login process. HMAC enhances security by leveraging cryptographic hash functions and a shared secret key to produce a distinct code for each login attempt. This mechanism effectively protects the confidentiality and integrity of stored data. The combination of Diffie-Hellman key exchange and HMAC authentication provides a robust security framework for Aadhaar data. It ensures that the data remains encrypted and inaccessible without the secret key, while also verifying the identity of users during the login process. This comprehensive approach helps preventing unauthorized access thereby protecting against potential attacks, instilling trust and confidence in the security of Aadhaar data stored in the cloud. Results of the article depict that the proposed scheme achieve 0.19 s of encryption time and 0.05 s of decryption time.

Hybrid Cryptographic Approach for Data Security Using Elliptic Curve Cryptography for IoT

The Internet of Things (IoT) technology has changed the contemporary digital world. Devices connected to the IoT have sensors embedded within them. All these devices are purposely connected to share data among them through the Internet. Data sharing among IoT devices needs some security protocols to maintain the privacy and confidentiality of information. IoT devices have less computing power to perform various operations of a cryptographic process. So, there is a need of cryptographic approach to reduce the computational complexity for resource-constrained devices and provide data security. However, storing data over the cloud server also reduces storage overhead, but data transmission via the cloud is not always secure. Data integrity and authentication can be compromised because the end user can only access the data with the help of a cloud server. To ensure the security and integrity of the data, various cryptographic techniques are used. Therefore, in this paper, we propose a secure and optimized hybrid cryptographic scheme for the secure sharing of data by combining Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC). To ensure authentication and data integrity, the proposed scheme primarily uses the Message Authentication Code (MAC). The encrypted messages are stored on a cloud server to reduce storage overhead. The experimental findings demonstrate that the proposed scheme is effective and produces superior results as compared to existing approaches.

PIoT-blockchain-enabled security framework for strengthening IoT device identity and data access

The Internet of Things (IoT) connects billions of devices, but concerns about data security and device identification have grown. This study introduces Proof of IoT (PIoT), a novel consensus method using blockchain-based smart contracts to ensure secure data transfer and device authentication in IoT networks. PIoT employs NuCypher-based security computations for authentication and data updating, ensuring only authorized parties access blockchain-recorded information. A reward-based filtering mechanism identifies malicious nodes, bolstering consensus integrity. Simulations demonstrate PIoT's superior performance compared to conventional methods, showing a 74.7% and 96.8% improvement over LPBFT and DAC4SH Consensus, respectively. PIoT enhances blockchain security under IoT by 15% compared to DAC4SH. Beyond facilitating secure IoT device communication, this approach mitigates various IoT attacks, offering a comprehensive solution to emerging IoT security challenges. ABBREVIATION: DAC4SH, Data access control scheme for smart home; DDoS, Distributed denial of service; DoS, Denial of Service; DTLS, Datagram Transport Layer Security; IoT, Internet of Things; LPBFT, Lightweight Particle Byzantine fault tolerance; MAC, Message authentication code; MITM, Man in the Middle; PBFT, Practical Byzantine Fault Tolerance; PIoT, Proof of IoT; TLS, Transport Layer Security

Fault-assisted side-channel analysis of HMAC-Streebog

Streebog is a family of hash functions defined in the Russian cryptographic standard GOST R 34.11–2012. HMAC-Streebog, which is defined in RFC 7836, is a Streebog-based message authentication code. It supports keys of size ranging from 256 bits to 512 bits. In this article, we present fault-assisted side channel attacks on HMAC-Streebog-256 and HMAC-Streebog-512 that can recover the keys in real-time with 2 12.98 and 2 14.97 average number of fault injections, respectively, to ensure 95% success. The attacker is assumed to be able to simultaneously flip at the most 181 chosen bits of the inner hash if it is a 256–bit variant and 361 chosen bits of the hash otherwise. In comparison to existing fault attacks on HMAC-Streebog, our attacks have a larger temporal window for fault injection, target a more accessible location, and cannot be mitigated with output redundancy countermeasures. Some of the latest hardware vulnerabilities make the HMAC-Streebog implementations vulnerable to our attacks.

Design of an Encryption Chat Application Based on ChaCha20-Poly1305

This study introduces the meticulous design and development of a chat application fortified with the robust ChaCha20-Poly1305 encryption algorithm. The selected cryptographic algorithm is renowned for its efficacy in ensuring top-notch security. In our application, ChaCha20 serves as the backbone for stream encryption, ensuring that the message content remains confidential and impenetrable to eavesdroppers. Simultaneously, Poly1305, an esteemed message authentication code, guarantees the integrity and authenticity of each chat message. It ensures that the messages sent are genuine and have not been tampered with during transit. Together, the integration of these two components constructs a fortified wall against potential security breaches, safeguarding user communications. This not only instills confidence in users regarding the privacy of their conversations but also sets a benchmark in chat application security. The overarching aim is to offer an impeccable blend of user-friendly experience and top-tier security, revolutionizing the way secure communications are perceived and utilized.

Enhancing Communication Security an In-Vehicle Wireless Sensor Network

Confronting the challenges of securing communication in-vehicle wireless sensor networks demands innovative solutions, particularly as vehicles become more interconnected. This paper proposes a tailored communication security framework for in-vehicle wireless sensor networks, addressing both scientific and technical challenges through effective encryption methods. It segments the local vehicle network into independent subsystems communicating via encrypted and authenticated tunnels, enhancing automotive system safety and integrity. The authors introduce a process for periodic cryptographic key exchanges, ensuring secure communication and confidentiality in key generation without disclosing parameters. Additionally, an authentication technique utilizing the sender’s message authentication code secures communication tunnels, significantly advancing automotive cybersecurity and interconnectivity protection. Through a series of steps, including key generation, sending, and cryptographic key exchange, energy costs were investigated and compared with DTLS and TLS methods. For cryptographic security, testing against brute-force attacks and analysis of potential vulnerabilities in the AES-CBC 128 encryption algorithm, HMAC authentication, and HKDF key derivation function were carried out. Additionally, an evaluation of the memory resource consumption of the DTLS and TLS protocols was compared with the proposed solution. This work is crucial for mitigating risks associated with in-vehicle communication compromises within smart cities.

Enhancing security mechanisms for robot-fog computing networks

<p>The evolution from conventional Internet usage to the internet of things (IoT) is reshaping communication norms significantly. Cloud computing, while prevalent, faces challenges like limited capacity, high latency, and network failures, especially when handling connected objects, leading to the emergence of fog computing as a more suitable approach for IoT. However, establishing secure connections among heterogeneous IoT entities is complex due to resource disparities and the unsuitability of existing security protocols for resource-constrained devices. This article explores fog computing's architecture, drawing comparisons with cloud computing while emphasizing its significance within the realm of IoT. Moreover, it delves into the practical application of fog computing within the context of the robot teacher project. Subsequently, our exploration introduces an advanced mutual authentication protocol, centered around hashed message authentication code (HMAC), aimed at enhancing the security infrastructure between the robot and the fog computing server.</p>

Single-Frame-Based Data Compression for CAN Security

To authenticate a controller area network (CAN) data frame, a message authentication code (MAC) must be sent along with the CAN frame, but there is no space reserved for the MAC in the CAN frame. Recently, difference-based compression (DBC) algorithms have been used to create a space inside the frame. DBC has the advantage of being very efficient, but its drawback is that, if an error occurs in one frame, the effects of that error propagate to subsequent frames. In this paper, a CAN data compression algorithm is proposed that compresses the current frame without relying on previous frames. Therefore, an error generated in one frame cannot be propagated to subsequent frames. In addition, a CAN signal grouping technique is proposed based on entropy analysis. To efficiently authenticate CAN frames, the length of the compressed data must be 4 bytes or less (4BL). Simulation shows that the 4BL-compression ratio of a Kia Sorento vehicle is 99.36% in the DBC method, but 100% in the proposed method. In an LS Mtron tractor, the 4BL-compression ratio is 98.58% in the DBC method, but 100% in the proposed method. In addition, the execution time of the proposed compression algorithm is only 27.39% of that of the DBC algorithm. The results show that the proposed algorithm has better compression characteristics for CAN security than the DBC algorithms.

Parallel Implementation of Lightweight Secure Hash Algorithm on CPU and GPU Environments

Currently, cryptographic hash functions are widely used in various applications, including message authentication codes, cryptographic random generators, digital signatures, key derivation functions, and post-quantum algorithms. Notably, they play a vital role in establishing secure communication between servers and clients. Specifically, servers often need to compute a large number of hash functions simultaneously to provide smooth services to connected clients. In this paper, we present highly optimized parallel implementations of Lightweight Secure Hash (LSH), a hash algorithm developed in Korea, on server sides. To optimize LSH performance, we leverage two parallel architectures: AVX-512 on high-end CPUs and NVIDIA GPUs. In essence, we introduce a word-level parallel processing design suitable for AVX-512 instruction sets and a data parallel processing design appropriate for the NVIDIA CUDA platform. In the former approach, we parallelize the core functions of LSH using AVX-512 registers and instructions. As a result, our first implementation achieves a performance improvement of up to 50.37% compared to the latest LSH AVX-2 implementation. In the latter approach, we optimize the core operation of LSH with CUDA PTX assembly and apply a coalesced memory access pattern. Furthermore, we determine the optimal number of blocks/threads configuration and CUDA streams for RTX 2080Ti and RTX 3090. Consequently, in the RTX 3090 architecture, our optimized CUDA implementation achieves about a 180.62% performance improvement compared with the initially ported LSH implementation to the CUDA platform. As far as we know, this is the first work on optimizing LSH with AVX-512 and NVIDIA GPU. The proposed implementation methodologies can be used alone or together in a server environment to achieve the maximum throughput of LSH computation.

Efficient First-price Sealed E-auction Protocol Under Secure Multi-party Computational Malicious Model

<p>To solve the problems of existing e-auction protocols such as semi-trustworthiness of outsourced third parties, collusive attacks among participants, unsatisfactory decentralized structure, and inability of public verification, we propose an efficient first-price sealed e-auction protocol under a secure multi-party computational malicious model. First, the protocol combines the additive homomorphism of the ElGamal cryptographic algorithm to achieve a decentralized structure and eliminate the problem of semi-trustworthiness of outsourced third parties; it uses (n, n) threshold encryption and decryption techniques to solve the problem of collusion attacks among participants and uses Hash-based Message Authentication Code (HMAC) technology to achieve public verifiability of auction results. Additionally, the protocol proposes a method to quickly find the maximum value of the data encoding, which can avoid multiple processing of confidential data and thus effectively reduce the number of communication rounds. The combination of zero-knowledge proof and ideal/realistic simulation paradigm proves that the protocol in this paper is resistant to up to n-1 party collusion attacks and satisfies the security of the secure multi-party computational malicious model. Finally, after theoretical analysis and simulation experiments, the protocol not only satisfies higher security performance but also has greater overall operational efficiency.</p> <p> </p>