Cryptography and Security Systems

In this paper, we investigate a class of ciphers which can be described as a generalized Feistel scheme. Using the graph theory and the number theory, we provide upper and lower bounds for the maximum number of rounds when impossible differential technique is applicable for any cipher from the family. These estimations do not depend on the type of Feistel scheme and the number of non-linear functions.

This paper presents a method for combining the Huffman coding with encryption. The encryption is based on replacing Huffman code words, or symbols, pair-by-pair, in such a way that the sums of the code word lengths of an original pair and its substitute are equal. Thus our method preserves structures and lengths of bit streams that result from the Huffman encoding. This is advantageous if such a bit stream is embedded in a higher-level data container, like a multimedia file. The algorithm has been evaluated using text data and static Huffman dictionaries.

Let K be a commutative ring and K ⁿ be an affine space over K of dimension n. We illustrate the concept of a family of polynomially compressed multivariate maps f(n) by relations of degree k with invertible decomposition via presentation of the explicit construction. Such a construction is based on the edge transitive family of graphs D(n, K). It uses the equations of connected component of the graph. The walk on the graph can be given by the sequence of its edges. It induces a cubical bijective transformation E(n) of the flag space isomorphic to K ^n + 1. The transformations related edges of the walk form invertible decomposition of E(n) into simple multipliers. Knowledge of such decomposition allows to find the pre-image of E(n)(x) fast. The map E(n) is not suitable for a public map because its inverse is also cubical. The restriction of the map \(\tilde{E(n)}\) on the chosen connected component is a multivariate transformation of unbounded degree (compressed map). The public user has some additional compression rules which allow for fast computation of the value \(\tilde{E(n)}\) on a given flag. The key holder (Alice) knows E(n), special decompression rules allow her to decrypt fast. To hide the graph Alice deformates E(n), the compression and decompression rules by two special affine transformations τ ₁ and τ ₂. The usage of τ ₁ E(n)τ ₂ allows to get a more densely compressed map.

In this paper we describe how to apply identity based cryptography to credit card payments. This would help with reducing the possibility of credit card fraud that is prevalent on the Internet. Our method is founded on the identity-based cryptography and it secures the credit card transactions in such a way that many types of credit card fraud become either impossible or much more difficult for the attacker to perform simply by stealing the credit card number and some related information. Our method would require some changes to the functionality of the credit cards and thus it is not an immediate remedy. However, the decreasing costs of more advanced hardware and the fairly fast cycle of reissuing new credit cards make it possible to include identity-based cryptography methods to credit cards in the near future.

In the paper a cipher which uses transition graph in the encryption and decryption processes is presented. It is created based on some ideas of dynamic systems (symbolic dynamics). The introduced cipher is tested according to the suggestions of FIPS 140-2 standard and the results are presented in the paper.

We introduce new examples of Low Density Parity Check codes connected with the new families of regular graphs of bounded degree and increasing girth. Some new codes have an evident advantage in comparison with the D(n,q) based codes [9]. The new graphs are not edge transitive. So, they are not isomorphic to the Cayley graphs or those from the D(n,q) family, [14]. We use computer simulation to investigate spectral properties of graphs used for the construction of new codes. The experiment demonstrates existence of large spectral gaps in the case of each graph. We conjecture the existence of infinite families of Ramanujan graphs and expanders of bounded degree,existence of strongly Ramanujan graphs of unbounded degree. The lists of eigenvalues can be used for various practical applications of expanding graphs (Coding Theory, Networking, Image Processing). We show that new graphs can be used as a source of lists of cospectral pairs of graphs of bounded or unbounded degree.

Newscast is a model for information dissemination and membership management in large-scale, agent-based distributed systems. It deploys a simple, peer-to-peer data exchange protocol. The Newscast protocol forms an overlay network and keeps it connected by means of an epidemic algorithm, thus featuring a complex, spatially structured, and dynamically changing environment. It has recently become very popular due to its inherent resilience to node volatility as it exhibits strong self-healing properties. In this paper, we analyze the robustness of the data flow within the Newscast model against a set of vulnerabilities that have not been taken into account in previous analysis. In particular, we perform an attack based on a cache content corruption which is able to defeat the protocol by breaking the network connectivity. Concrete experiments are performed using a framework that implements both the protocol and the corruption model considered in this work.

In this paper, we propose an efficient verifiable multi-secret sharing protocol based on an identity based signature scheme, that uses identities for its participants. The scheme makes use of advantages of identity based signature scheme and hash function for the verifiability which does not require much computation. It checks either dealer or participant(s) honesty, that means a corrupted dealer may provide a fake secret or a participant may provide a fake share to the other participants in the reconstruction phase. In the previous proposed schemes, dealer [15] (or) participants [12,16] could communicate with each other securely before the secret distribution phase for sending secret shadows and they used exponential functions for verification. In our scheme, we do not require pre-secure communication between a dealer and participants, although we use a two-variable way for the distribution purpose but we do not prevent from any exponential functions for the verification phase. Our scheme resist a dealer/participant(s) cheating behaviour efficiently.

In this paper, a novel lightweight authentication protocol for RFID systems is proposed. The protocol is based on a non-linear feedback shift register sequences generated by the position digit algebra function, which has a large average period lengths. This function uses only the radix r additions (for some r ≥ 2), which makes it very efficient from a computational point of view, and suitable enough to be implemented in the RFID tags’ logic. The protocol appears to have good privacy and security properties.

In 2007, Bohli et al. introduced the concept of long-term security as resistance against attacks even if later, after completion of the protocol some security assumptions become invalid, and proposed a three-round long-term secure two-party key establishment protocol. Building on a two-party solution of Bohli et al., we present an authenticated two-round group key establishment protocol which remains secure if either a Computational Bilinear Diffie Hellman problem is hard or a server, who shares a symmetric key with each user, is uncorrupted.

Bitcoin is a “crypto currency”, a decentralized electronic payment scheme based on cryptography. It implements a particular type of peer-to-peer payment system. Bitcoin depends on well-known cryptographic standards such as SHA-256. In this paper we revisit the cryptographic process which allows one to make money by producing new bitcoins. We reformulate this problem as a specific sort of Constrained Input Small Output (CISO) hashing problem and reduce the problem to a pure block cipher problem, cf. Fig. 1. We estimate the speed of this process and we show that the amortized cost of this process is less than it seems and it depends on a certain cryptographic constant which is estimated to be at most 1.89. These optimizations enable bitcoin miners to save countless millions of dollars per year in electricity bills.

This paper reveals a possible attack on the well-known protocol for anonymous currency exchange by David Chaum et al. We show that there is a possibility to spend a single coin many times, so that the bank does not have absolute certainity about a real abuser. In such a case the bank can determine a small group of potential abusers, but cannot indicate a specific person. This potential situation has serious consequences and leads to the conclusion that the system should not be used for irreversible off-line transactions. We also present a modification which could prevent that kind of attacks and enable the protocol to be used for off-line transactions without regard to the reversability.

Mobility of users and information is an important feature of IT systems that must be considered during design of sensitive information protection mechanisms. This paper describes an architecture of MobInfoSec system for sharing documents with sensitive information using fine-grained access rules described by general access structures. However, the proper usage of general access structures requires trusted components and strong authentication protocols. They allow to establish secure communication channels between different system components. In the paper we propose a conference protocol based on Boyd’s ideas with key transport and key establishment mechanisms. We show that the protocol achieves three goals: (a) the key and participants’ mutual authentication, (b) the common secure communication channel, and (c) the personal secure communication channels between the protocol initializer and other protocol participants.

Designing secure communication protocols is not an easy task. Cryptography is often necessary but does not always guarantee the security of protocols as several famous examples attest in the literature. Moreover, in the context of Wireless Sensor Networks (WSNs) the design is even more difficult due to the limited resources of sensor nodes that add extra constraints to take into account. During the life time of a secure WSN, one of the first crucial steps is the key establishment between two nodes. In this paper we propose four secure multihop key establishment protocols based on elliptic curve cryptography (ECC). For each protocol, we make a formal security proof using the automatic tool Scyther. Then, in order to evaluate their performances, we implemented them on testbeds using TelosB motes and TinyOS. Results allow us to estimate the overhead of our key establishment methods.

Nowadays, security has become one of the most mandatory essences in the development and functioning of many software systems. For the reason of complexity of designing secure systems, distinct approaches that allow developers to focus on particular properties of the system of importance for their purpose are proposed. The majority of them are model-oriented since modeling helps show relationships between processes and can be used to predict the effects of changes in the land use. In the article we present and discuss PL/SQL, SecureUML and UMLsec in terms of the Quality of Protection modeling language (QoP-ML). We focus on their capabilities to model relevant information during various phases of security analysis. To assess and compare miscellaneous modeling systems we use a systematic methodology to point out their promiscuous aspects in context of the QoP-ML.

The purpose of this paper is to propose a context-aware secure routing protocol suitable for real-time services. Since such a protocol undergoes a number of independent constraints connected with: dynamic changes of the environment, security assumptions, network limitations and end-users personal requirements, the context factors need specific treatment to be real support for an optimal route selection. The proposed framework systemizes the roles of all actors in establishing optimal and secure network connection for real-time services. The most suitable routing scheme is selected dynamically from the available portfolio, basing on actual context factors. Optimally, in the case of absence of any routing scheme satisfying a specific criterion given by context, a new scheme can be created on-demand, using the multi-constrained optimal path selection technique. The framework supports also additional optimization techniques (like fast packet retransmission, redundant routing etc.). Also the necessary security mechanisms have been implemented. Besides standard hard-security mechanisms, like private key encryption, also soft security techniques (i.e. reputation management) for detecting and blocking malicious nodes are used.