Innovative Security Solutions for Information Technology and Communications

We introduce new authenticated key exchange protocols which on one hand do not resort to standard public key setups with corresponding assumptions of computationally hard problems, but on the other hand are more efficient than distributing symmetric keys among the participants. To this end, we rely on a trusted central authority distributing key material which size is independent of the total number of users, and which allows the users to obtain shared secret keys. We analyze the security of our construction taking into account various attack models. Importantly, only symmetric primitives are needed in the protocol making it an alternative to quantum-safe key exchange protocols which rely on hardness assumptions.

In the digital world, public-key cryptography is ubiquitous. Current public-key crypto schemes like RSA or Diffie-Hellmann are in widespread use and they represent an indispensable asset of our technological toolbox. However, the discovery of Shor’s algorithm and the rapid progression in the field of quantum computers became a painful reminder of our alerting dependency on such technologies. At the same time, this realization started a demand for new cryptographic algorithms withstanding the power of quantum computers. The National Institute of Standards and Technology (NIST) aimed to satisfy this urge by initiating a standardization process in 2017 with a call for proposals of post-quantum key exchange mechanisms and signature algorithms. One of the submissions that made it to the second round is the key encapsulation mechanism BIKE.

This work investigates various techniques to achieve an efficient and secure implementation of BIKE on embedded devices. We show that it is possible for BIKE to run on a Cortex-M4 microcontroller using reduced data representation and adequate decoding algorithms. Our implementation achieves a performance of 6 million cycles for key generation, 7 million cycles for encapsulation, and 89 million cycles for decapsulation for BIKE-1.

Secure computation (i.e., performing computation while keeping privacy of the inputs) is a fundamental research area in cryptography and a fundamental capability in the theory of computing. Deterministic automata evaluation is a fundamental computation problem, with numerous application areas, including regular expressions, string matching, constant-space computations.

In this paper, we investigate the complexity of achieving secure 2-party deterministic automata evaluation protocols. We show black-box reductions between this problem and the problem of constructing secure 2-party information retrieval protocols, and viceversa. Using previous results, this implies various interesting consequences: completeness of secure deterministic automata evaluation in the class of problems having 2-party and multi-party secure function evaluation protocols (previously, only 2 less natural problems were showed to be complete, or non-constructive characterizations of complete problems were given), and, under standard cryptographic assumptions, a communication-efficient secure protocol for automata evaluation (no such problem was given in the literature) and a time-efficient secure protocol faster than applying Yao’s benchmark general solution.

With the development of the Internet, web content is exponentially increasing. Along with this, web-based attacks such as drive-by download attacks and phishing have grown year on year. To prevent such attacks, URL blacklists are widely used. However, URL blacklists are not enough because they lack the ability to detect newly generated malicious URLs. In this paper, we propose an automatic query template generation method to detect malicious websites. Our method focus on URL query strings that contained similarities on malicious website groups. Additionally, we evaluate our proposed method with large-scale dataset and verify effectiveness. Consequently, our proposed method can grasp the characteristics of malicious campaigns; it can detect 11,292 malicious unique domains not detected by Google Safe Browsing. Moreover, our method achieved high precision in the seven months of experiments.

In this paper, we describe an efficient implementation in Sage of the Tate pairing over ordinary hyperelliptic curves of type \( y^2 = x^5 +a \, x\). First, we describe a method of construction of these curves according to Kawazoe and Takahashi [8]. Then, we describe an efficient formula for computing pairings on such curves over prime fields, and develop algorithms to compute Tate pairing. We provide a faster optimisation of the final exponentiation in particular for the embedding degree \(k = 28\).

Most of the cryptographic constructions deployed in practical systems today, in particular digital signatures and key-establishment schemes, are vulnerable to attacks using quantum computers. Post-quantum cryptography (PQC) deals with the design and implementation of cryptographic algorithms that are resistant to these attacks. In this paper, we evaluate the NIST’s PQC competition candidates with respect to their suitability for the implementation on special hardware platforms. In particular, we focus on the implementability on constrained platforms (e.g., smart cards, small single-board computers) on one side and on the performance on very fast hardware-accelerated platforms (i.e., field-programmable gate arrays - FPGAs) on the other side. Besides the analysis of the candidates’ design features affecting the performance on these devices and security aspects, we present also the practical results from the existing implementation on contemporary hardware.

In this paper, we address the problem of tracing traitors in the white-box model. A traitor tracing system generally comes with a broadcast encryption scheme where each user is equipped with a secret that allows him to decrypt broadcast data. When a broadcast encryption scheme is provided with a tracing procedure, the user’s key is used to uniquely identify him. A white-box model refers to a context where an attacker shares the host with a software implementation of a cryptographic algorithm and controls the execution environment. Thus, a traditional broadcast encryption scheme will fail in this context since an adversary may steal the user’s decryption key and illegally decrypts broadcast contents. In this work, we describe a traitor tracing system where each user is provided with a distinct key generation function instead of a secret key. The key generator is made user-specific and enables to generate a content key which is used to decrypt the encrypted content. We use techniques of White-Box Cryptography to build the key generation function and use a collusion-secure code to derive the user-specific key generators. Finally, we prove that the system is collusion-resilient.

We recall a series of physical cryptography solutions and provide the reader with relevant security analyses. We mostly turn our attention to describing attack scenarios against schemes solving Yao’s millionaires’ problem, protocols for comparing information without revealing it and public key cryptosystems based on physical properties of systems.

Today’s integrated circuits are subject to a variety of attacks. Logic Locking is an area of hardware security that attempts to prevent reverse-engineering of integrated circuits based on a tamper-resistant memory. Despite significant attention from the research literature, no rigorous cryptographic modeling of logic locking and associated provable secure solutions have been proposed.

Based on the observation that logic locking can be seen as a special case of hardware-based cryptographic program obfuscation, we propose rigorous definitions, borrowing approaches from modern cryptography (and, specifically, cryptographic program obfuscation), for both tamper-proof memories and logic locking of boolean circuits. We then prove two positive results: (1) the existence of a circuit computationally indistinguishable from a random oracle, assuming the existence of a pseudo-random function and of a tamper-proof memory, and (2) logic locking of general polynomial-size boolean circuits, assuming the existence of a pseudo-random generator and a tamper-proof memory.

Our paper shows the possibility of provably boosting the capability of constructing a physical memory with a suitable tamper-resistant property into hardware-based obfuscation of any boolean circuit, as well as a practical hardware-based realization of a random oracle.

Particular instantiations of the Offset Merkle Damgård authenticated encryption scheme (OMD) represent highly secure alternatives for AES-GCM. It is already a fact that OMD can be efficiently implemented in software. Given this, in our paper we focus on speeding-up OMD in hardware, more precisely on FPGA platforms. Thus, we propose a new OMD instantiation based on the compression function of BLAKE2b. Moreover, to the best of our knowledge, we present the first FPGA implementation results for the SHA-512 instantiation of OMD as well as the first architecture of an online authenticated encryption system based on OMD.

Mobile crowdsensing has emerged as a new paradigm in the IoT world, exploiting users’ mobility in conjunction with advanced capabilities and proliferation of mobile devices. Smartphones, tablets and smartwatches are now typically equipped with sensing and wireless capabilities, enabling them to produce and upload data for different IoT applications. The mobile crowdsensing approach has the advantage of being cost-effective, while also providing real-time data. However, a number of challenges should be addressed in order for mobile crowdsensing to reach its full potential. Security, privacy and reliability of the data provided by mobile devices are the most important ones. In this paper, we propose a security framework with a multi-layer architecture that addresses the trust evaluation of sensing devices based on reputation scores calculated using a naive Bayes algorithm.

Advanced electronic signatures are the main security mechanism used for assuring authentication, integrity and non-repudiation of electronic documents. Digitization on a large scale requires secure and flexible electronic signature systems. In E.U., the use of remote qualified electronic signatures has considerably increased after the adoption of the Regulation (EU) No 910/2014 (“eIDAS”). Thanks to the new legislative measures, owning a physical device to create a qualified electronic signature in no longer mandatory, so the user experience has been considerably improved. However, the full potential of remote qualified electronic signatures has not been reached yet. Our work supports the adoption of the remote digital signature in various fields by implementing an Android application that can apply qualified electronic signatures. To assure interoperability, the client-server communication follows a standard protocol: the Cloud Signature Consortium API. The main advantage of our approach is that the Android application is able to sign using certificates issued by different Trust Service Providers. This paper will analyze the current situation and will present the main challenges encountered when designing and developing a digital signature application that uses remote qualified digital certificates as well as the learned lessons that could be of tremendous help for others activating in this field.

In-vehicle buses and the Controller Area Network (CAN) in particular have been shown to be vulnerable to adversarial actions. We embed adversary models and intrusion detection systems (IDS) inside a CANoe based application. Based on real-world CAN traces collected from several vehicles we build attack traces that are subject to intrusion detection algorithms. We also take benefit from existing machine-learning support in MATLAB that is ported via C++ code in CANoe in order to integrate intrusion detection functionality. A unified framework for attacks and intrusion detection has the benefit of providing a testbed for various intrusion detection algorithms. CANoe integration makes the use of these functionalities ready for realistic testing as CANoe is an industry-standard tool in the automotive domain.