No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Post‐quantum cryptography techniques for secure communication in resource‐constrained Internet of Things devices: A comprehensive survey
Abstract
As the number and characteristics of smart devices change, the concept of the Internet of Things (IoT) emerges. The IoT provides the connected devices with a variety of resources that enable effective communication. At this point, several security issues arise to get the sensitive information behind every communication in the IoT. To provide users with security and privacy, cryptographic schemes are adopted, the most popular being public key cryptographic systems (PKC). However, with the advent of quantum computing, the level of security that can be provided by the PKC schemes is a big question. Another important issue is that the IoT environment is resource‐constrained, which necessitates the implementation of lightweight cryptographic algorithms for better security. In response to these issues, the post‐quantum cryptographic (PQC) schemes are one of the significant developments contributing to IoT security in the post‐quantum world. This article examines the key security issues in the IoT environment and examines the effective solutions found in the literature. The problems in IoT in the quantum era are discussed and appropriate solutions by PKC schemes under limited resources in IoT are focused. As the lattice‐based cryptosystems are more effective, the importance of these schemes in the resource‐constrained IoT is highlighted. This survey also leads to feasible future directions that can support developers and researchers in this field.
... b) Post-Quantum Cryptography: Four survey papers are examined on this topic, covering different aspects. The work of Tan et al. [6] focuses on the challenges of implementing post-quantum digital signature algorithms in real-world applications, while the work by Kumari [7] covers the suitability of post-quantum cryptography techniques for securing communication in resource-constrained IoT devices. The work conducted by Hasija and other researchers [8] covers the thirdround candidates for post-quantum cryptography selected by NIST and their algorithmic structures, security properties, and implementation details. ...
... However, these surveys are also theory-focused but light on practical concerns. d) Formal Verification: Previous survey papers on cryptographic primitive and protocol verification have primarily focused on the blockchain field [14], while others have concentrated on specific areas such as IoT devices [7], [15], algorithms [16] and networks [17]. Matteo et al. [18] conducted a comprehensive analysis of various automated protocol provers used for classical cryptography. ...
... In addition to protocol provers, their survey paper also covered code generation approaches. Some survey papers toughed a bit on post-quantum cryptography; for instance, Kumari et al. [7] covered post-quantum cryptographic techniques but specific to the field of IoT devices. ...
In the quantum computing era, the imperative role of post-quantum cryptography in securing digital communications has led to the development of computer-aided cryptography verification tools. These tools simplify the verification of post-quantum cryptography primitives and protocols, alleviating the challenges associated with manual proofs. This paper systematically reviews research in four main areas: quantum computing , post-quantum cryptography, cryptanalysis, and verification, establishing a foundation for future research. Emphasising the significance of challenges in post-quantum cryptography, we outline the current state of research on cryptography primitives and protocols. Categorising state-of-the-art computer-aided cryptography verification tools based on assumptions, models, and application levels, our analysis delves into each tool's features, including modelling, adversary models, security properties, validation , and an in-depth analysis of their limitations. This comprehensive analysis offers insights into the nexus of post-quantum cryptography and computer-aided verification. Concluding with recommendations for researchers and practitioners, this paper explores potential future research directions.
... its widespread recognition, it is predicted that the number of IoT devices in use will reach 75 billion by 2025 [5] and is expected to grow to 125 billion by 2030 [6]. ...
... Many academics are working to meet IoT security requirements and prevent specific threats. Therefore, existing security solutions are being adapted for IoT, such as classical and quantum cryptography [5,8], besides the employment of emerging technologies like blockchain [9] and artificial intelligence [10]. The aim of these initiatives is to address further security challenges and establish a more secure environment for IoT. ...
... Kumari et al. [5] assessed different post-quantum cryptographic methods that are designed to withstand quantum attacks in resource-limited IoT environments. They explored the significance of these methods and the challenges that they pose. ...
The Internet of Things (IoT) is an important virtual network that allows remote users to access linked multimedia devices. The development of IoT and its ubiquitous application across various domains of everyday life has led to continuous research efforts. Security is a perceptual concern for researchers involved in IoT as it is a key factor in the acceptance of any innovative technology. Numerous research studies have been conducted concentrating on the level of IoT security on a particular mechanism, on specific applications, or on categorizing vulnerabilities, in order to address a defined situation of securing an IoT network. This present paper aims to comprehensively review potential solutions for securing IoT, between emerging and traditional mechanisms, such as blockchain, machine learning, cryptography, and quantum computing. This study provides a comparative analysis of related papers with their characteristics, pros and cons. Accordingly, it taxonomizes relevant solutions based on their achieved security requirements. Furthermore, the potential benefits and challenges of each of the four mechanisms are discussed.
... 4) PQC encryption: PQC encryption techniques are employed to protect the communication content during transit between multi-users and the cloud servers. PQC algorithms are resistant to attacks from quantum computers, ensuring the confidentiality and integrity of the transmitted data [53]. ...
... The proposed SSCA system is built around a hybridized MBRA with PQC-Blockchain cryptosystem, which serves as the core security mechanism. This advanced cryptographic system combines varying significant components, namely, MBRA for attack detection and optimal key generation, PQC and Blockchain for encryption, to provide robust security measures throughout the system [53]. By combining PQC and MBRA with blockchain methodology, the hybridized cryptosystem provides a strong foundation for secure communication, data storage, and access control in the cloud system. ...
Cloud computing has revolutionized organizational operations by providing convenient, on-demand access to resources. The emergence of the Internet of Things (IoT) has introduced a new paradigm for collaborative computing, leveraging sensors and devices that generate and process vast amounts of data, thereby resulting in challenges related to scalability and security, making the significance of conventional security methods even more pronounced. Consequently, in this paper, we propose a novel Scalable and Secure Cloud Architecture (SSCA) that integrates IoT and cryptographic techniques, aiming to develop scalable and trustworthy cloud systems, thus enabling multi-user systems and facilitating simultaneous access to cloud resources by multiple users. The design adopts a decentralized approach, utilizing multiple cloud nodes to handle user requests efficiently and incorporates Multicast and Broadcast Rekeying Algorithm (MBRA) to ensure the privacy and confidentiality of user information, utilizing a hybrid cryptosystem that combines MBRA, Post Quantum Cryptography (PQC) and blockchain technology. Leveraging IoT devices, the architecture gathers data from distributed sensing resources and ensures the security of collected information through robust MBRA-PQC encryption algorithms, while the blockchain ensures that the confidential data is stored in distributed and immutable records. The proposed approach is applied to several datasets and the effectiveness is validated through various performance metrics, including response time, throughput, scalability, security, and reliability. The results highlight the effectiveness of the proposed SSCA, showcasing a notable reduction in response time by 1.67 seconds and 0.97 seconds for 250 and 1000 devices, respectively, in comparison to the MHE-IS-CPMT. Likewise, SSCA demonstrated significant improvements in the AUC values, exhibiting enhancements of 6.30%, 6.90%, 7.60%, and 7.30% at the 25-user level, and impressive gains of 5.20%, 9.30%, 11.50%, and 15.40% at the 50-user level when compared to the MHE-IS-CPMT, EAM, SCSS, and SHCEF models, respectively.
... The proposed method employs a quantum circuit to implement a secure cloud access protocol that utilizes QKD to distribute a secret key between the cloud user and the service provider. Then, the secret key is used to encrypt and decrypt the access request and response messages between the parties [7,8]. ...
... Recently, quantum computing has garnered substantial attention due to its potential to revolutionize various fields, such as cryptography, optimization, simulation, and machine learning [6]. Furthermore, quantum computing provides several benefits over classical computing, such as performing intricate computations in a fraction of the time and creating unbreakable cryptographic techniques through QKD [7,8]. ...
This paper proposes an effective quantum computing method that integrates secure cloud access and quantum key distribution (QKD) to ensure secure access to cloud resources. The proposed method employs a quantum circuit to implement a secure cloud access protocol that utilizes QKD to distribute a secret key between the cloud user and the service provider. The secret key encrypts all parties’ access requests, response messages, and data. The security of the proposed method is analyzed against various types of attacks, including intercept-resend, man-in-the-middle, and eavesdropping. The simulation results indicate that the proposed method offers significant protection against such attacks. It can potentially provide a secure cloud access platform for various applications, including sensitive data storage, healthcare data management, and other applications that require a high level of security.
... Note that this paper does not aim to provide a comprehensive overview of the blockchain applications and systems for IoT. Several previous papers [5,7,3,6] presented similar reviews from several perspectives. Rather, we focus on the "lightweight" blockchain solutions for each of the five categories that we discussed and analyze each solution from the lightweight requirements perspective. ...
... • Post-quantum lightweight cryptography: securing the BC operations in a quantum world should be considered by researching the implementation aspects of lightweight post-quantum cryptographic primitives to make them ready for deployment on resourceconstrained devices like wireless sensor nodes. A survey of the post-quantum cryptography techniques for IoT was presented in [7]. ...
The proliferation of resource-constrained devices has become prevalent across various digital applications, including smart homes, healthcare, the Internet of Vehicles, and the Internet of Flying Things, among others. However, the integration of these devices brings many security issues. To address these concerns, Blockchain technology has been widely adopted due to its robust security characteristics, including immutability, cryptography, and distributed consensus. However, implementing the blockchain within these networks is highly challenging due to the limited resources of the employed devices and the resource-intensive requirements of the blockchain. To overcome these challenges, a multitude of researchers have proposed lightweight blockchain solutions specifically designed for resource-constrained networks. In this paper, we present a taxonomy of lightweight blockchain solutions proposed in the literature. More precisely, we identify five areas within the "lightweight" concept, namely, blockchain architecture, device authentication, cryptography model, consensus algorithm, and storage method. We discuss the various methods employed in each "lightweight" category, highlighting existing gaps and identifying areas for improvement. Our review highlights the missing points in existing systems and paves the way to building a complete lightweight blockchain solution for networks of resource-constrained devices.
... Among these, CRYSTALS-Dilithium and FALCON are lattice-based approaches relying on the hardness of lattice problems over module lattices [39]. Notably, FALCON is recognized for its smaller signature sizes compared to Dilithium [34]. On the other hand, SPHINCS+ adopts a hash-based signature approach, leveraging collision and pre-image resistant hash functions, alongside tree structures and one-time signature schemes, to maintain security levels against potential future attacks [16,26]. ...
In today’s era, numerous applications are evolving into smart applications by leveraging technologies like the Internet of Things (IoT), Artificial Intelligence (AI), and Big Data. The incorporation of advanced sensors, AI-driven embedded devices, and cloud-based remote control has significantly enhanced the efficiency and profitability of IoT applications in numerous eras. Ensuring the security of IoT applications is crucial, with authentication emerging as a top priority. Lack of proper authentication may lead to unauthorized and risky activities, potentially causing hazardous situations within IoT applications. The current cryptographic methods employed in IoT devices rely on public-key cryptographic primitives, which, unfortunately, are susceptible to future quantum attacks. Therefore, there is a need to develop an effective signature scheme that can authenticate IoT devices resiliently against potential quantum threats. Hash-based post-quantum signature scheme stood as the best candidate to design quantum-safe authentication mechanisms. This paper presents a practical client–server implementation scenario tailored for IoT applications, showcasing the utilization of hash-based post-quantum digital signatures. Highlighting the complexity and computational demands of these signatures, the model architecture is illustrated using Raspberry Pi 3 and Pi 0 as servers, complemented by the widely used ESP32 as client devices in IoT applications achieving 32.83% optimized memory usage.
... RLWE-based key exchange is secure with a small key size by post-quantum attacks. In 2022, Kumari et al. 45 gave the survey on post-quantum cryptography techniques for secure communication in resource-constrained internet of things device. Ding et al. 46 presented the authentication and key exchange technique using RLWE in 2019. ...
The smart healthcare system (SHS), a significant medical domain underpinning the Internet of Things (IoT), which collects and analyzes health data from many sources to provide better medical treatment. The smart healthcare system is a combination of hardware and software used in the medical care field, providing remote diagnosis and treatment via a patient‐based health data‐sharing system. To increase security, a large variety of authenticated techniques have been developed over the past several decades, most of which are based on conventional number‐theoretic assumptions such as discrete logarithms and integer factorization problems. However, Shor's method is capable of solving number‐theory‐based problems. As a result, Shor's technique might be used to resolve challenging number theory problems on a quantum computer effectively. Therefore, this article presents blockchain‐based healthcare record solutions with lattice RLWE‐based key exchange protocol using a smart card. Blockchain applications may correctly detect errors, including those that are risky, in the medical industry. It can also improve the efficiency, security, and transparency of transferring medical data throughout the healthcare protocol. The formal security of this protocol is shown under the ROM (random oracle model), and the informal security is also given in this article against well‐known attacks. The presented protocol outperforms related earlier mechanisms in terms of communication and computational cost overheads, according to the performance study.
... • Post-quantum lightweight cryptography: Securing the BC operations in a quantum world should be considered by researching the implementation aspects of lightweight post-quantum cryptographic primitives to make them ready for deployment on resource-constrained devices. A survey of the post-quantum cryptography techniques for resource-constrained networks was presented in [118]. • Need for cryptography standards for the lightweight BC: Systems proposed so far use various cryptography models that are efficient in certain applications but not suitable for others. ...
Abstract
The proliferation of resource-constrained devices has become prevalent across various digital applications, including smart homes, smart healthcare, and smart transportation, among others. However, the integration of these devices brings many security issues. To address these concerns, Blockchain technology has been widely adopted due to its robust security characteristics, including immutability, cryptography, and distributed consensus. However, implementing blockchain within these networks is highly challenging due to the limited resources of the employed devices and the resource-intensive requirements of the blockchain. To overcome these challenges, a multitude of researchers have proposed lightweight blockchain solutions specifically designed for resource-constrained networks. In this paper, we present a taxonomy of lightweight blockchain solutions proposed in the literature. More precisely, we identify five areas within the “lightweight” concept, namely, blockchain architecture, device authentication, cryptography model, consensus algorithm, and storage method. We discuss the various methods employed in each “lightweight” category, highlighting existing gaps and identifying areas for improvement. Our review highlights the missing points in existing systems and paves the way to building a complete lightweight blockchain solution for networks of resource-constrained devices.
... Quantum key distribution (QKD) utilizes the principles of quantum physics to facilitate the creation of shared secret keys between two parties via an untrusted channel. The key created via QKD is entirely safe from being intercepted since doing so would cause the key's quantum state to change, allowing for detection [26,27]. The fundamental principle of QKD is to encode information using quantum states, often photon polarization. ...
In today's advanced and technologically advanced world, cloud computing has emerged as a popular platform for managing and maintaining data, information, and services worldwide. Therefore, it is essential to deal with security concerns and develop sufficient procedures to protect the confidentiality and integrity of data. This study proposes a secure cloud data access paradigm that uses QKD and attribute-based encryption (ABE) to address these issues. The study uses ABE to encrypt user information and ensure its safety during transmission and storage. Moreover, the quantum key is used to access cloud-based information. In addition, the quantum channel ensures the safe transfer of keys between nodes. The proposed model is simulated using MATLAB. The results are compared to the current state of the art regarding various performance parameters like encryption and decryption time, key generation time, etc. The simulation results show that the suggested model is superior to the current state of the art.
... IoT allows these devices to communicate with each other using various resources [1]. However, due to limited resources within the IoT ecosystem, lightweight cryptographic algorithms have been implemented to enhance the system's overall security [2]. To face the shortage of IoT device resources, it's crucial to identify effective strategies to address and respond to these challenges. ...
It is imperative to note that post-quantum cryptography, such as supersingular isogeny Diffie-Hellman (SIDH), is essential for ensuring that Internet of Things (IoT) devices have a restricted amount of resources. The primary challenges in assuring the security of IoT devices are addressed by this work's analysis of SIDH implementations designed for field programmable gate array (FPGA) architecture. Extensive efforts towards implementing the architecture for a rapid and constant-time FPGA implementation of SIDH. This quantum-resistant cryptographic primitive is a crucial component for adhering to NIST's PQC standardization. Our goal with this paper is to demonstrate how FPGA architectures can enhance the parallelism of SIDH, making it a more practical option for securing resource-limited IoT devices. Our focus is on providing a reliable speed record for SIDH, which is crucial for ensuring the security of IoT devices. The design for isogeny computation was built over p434 in Xilinx Virtex 6 and produced 45ms for public key generation in addition to 35ms for secret key generation.
... It introduces post-quantum cryptography, a development in internet security technology. Similar optimizations may be made for post-quantum cryptography technology, literature, and algorithms [24]. Post-quantum cryptography technology has to be optimized in the context of constrained computation and storage resources, taking into account the resource limitations of Internet of Things (IoT) devices. ...
As a distributed database, the system security of the blockchain is of great significance to prevent tampering, protect privacy, prevent double spending, and improve credibility. Due to the decentralized and trustless nature of blockchain, the security defense of the blockchain system has become one of the most important measures. This paper comprehensively reviews the research progress of blockchain security threats and collaborative defense, and we first introduce the overview, classification, and threat assessment process of blockchain security threats. Then, we investigate the research status of single-node defense technology and multi-node collaborative defense technology and summarize the blockchain security evaluation indicators and evaluation methods. Finally, we discuss the challenges of blockchain security and future research directions, such as parallel detection and federated learning. This paper aims to stimulate further research and discussion on blockchain security, providing more reliable security guarantees for the use and development of blockchain technology to face changing threats and challenges through continuous updating and improvement of defense technologies.
... Also, they showed that low power IoT devices can use code based, isogeny based, and lattice based algorithms. In [10], Kumari et al. describe the major privacy concerns in the Internet of Things, and successful approaches to these concerns are analyzed. The importance of lattice based schemes in the context to the IoT environment is Proceedings of the 17 th INDIACom; INDIACom-2023; IEEE Conference ID: 57626 2023 10 th International Conference on "Computing for Sustainable Global Development", 15 th -17 th March, 2023 highlighted as shown in "Error! ...
Since the earliest times, cryptography has been used to safeguard the privacy of data or information during transmission and reception. Cryptographic studies have progressed from the ancient Caesar cipher to current cryptosystems depending on quantum computing methods, making traditional cryptography vulnerable to attacks. This paper outlines the numerous study avenues researched in post quantum cryptography and, more particularly, the various Code Based Cryptosystems (CBC) research aspects. An essential contribution of this research is the identification of unexplored prospective research avenues in CBC research from the viewpoint of codes. In addition, we investigated the applicability of these algorithms to IoT devices. We also briefly discussed the possible future aspects and challenges.
Cryptographic methods have been extensively employed in various systems to address security objectives, such as data confidentiality, authentication, and secure communication, to name a few. Keys are the most critical parts of any cryptographic system, safeguarding the whole underlying infrastructure. Based on the underlying algorithm design, there might be various stages of key generation, exchange, and storage to fulfill an algorithm requirement. In this research, we studied cryptographic techniques along with requirements and corresponding key management systems. Having scrutinized best practices, a taxonomy has been proposed for the key management systems based on the algorithm’s requirements, key stages, and applications. This study is a comprehensive literature review on cryptographic key management systems to provide a complete guideline in key management solutions.
The Internet has revolutionized the way we communicate. We are now able to connect to anyone across the globe with little or no effort. This revolution has empowered various technological inventions. The Internet has fixed numerous challenges that were difficult to address before. Today, even Vehicular Communication is possible due to the Internet. From providing situational vigilance to taking sound decisions, vehicles have traveled a smart journey. These technological marvels were possible due to the remarkable progress in the computational power of devices. Now, with the world moving towards quantum computing, we stare at future with an ocean of possibilities. Such capabilities in the hands of adversaries can lead to unpleasant consequences. Hence, it is important to determine whether our existing systems are safe against such powerful adversaries. Also, it is equally important to develop techniques that can defend vehicles from adversaries. In this paper, we have listed out various authentication schemes against quantum adversaries and presented our observations.KeywordsInternet of Vehicles (IoVs)VANETsQuantum computingPost quantum cryptographyVehicular communicationQuantum-resistantSecurity
We present new candidates for quantum-resistant public-key
cryptosystems based on the conjectured difficulty of finding isogenies
between supersingular elliptic curves. The main technical idea in our
scheme is that we transmit the images of torsion bases under the isogeny
in order to allow the parties to construct a shared commutative square
despite the non-commutativity of the endomorphism ring.
We give a precise formulation of the necessary computational assumptions
along with a discussion of their validity, and prove the
security of our
protocols under these assumptions. In addition, we present implementation
results showing that our protocols are multiple orders of magnitude faster
than previous isogeny-based cryptosystems over ordinary curves.
This paper is an extended version of
[Lecture Notes in Comput. Sci. 7071, Springer (2011), 19–34].
We add a new zero-knowledge identification scheme and detailed security proofs for
the protocols. We also present a new, asymptotically faster, algorithm
for key generation, a thorough study of its optimization, and new
experimental data.
In recent years, public-key cryptography and digital signature have become fundamental components of digital infrastructures. Such a scenario has to face a new and increasing threat, represented by quantum computers. It is well known that quantum computers in the next years will be able to run algorithms capable of breaking the security of currently widespread cryptographic schemes used for public-key encryption and digital signatures. Post-quantum cryptography aims to defining and executing algorithms on classical computer architectures, capable to withstand attacks from quantum computers. The National Institute of Standards and Technology is currently running a selection process to define one or more quantum-resistant public-key algorithms and lattice-based cryptographic constructions are considered one of the leading candidates. However, such algorithms require non-negligible computational resources to be executed. One viable solution is to accelerate them totally or partially in hardware, to alleviate the workload of the main processing unit. In this paper, we investigate a solution trading-off performances and complexity to execute the lattice-based algorithms CRYSTALS-Kyber and -Dilithium: we introduce a dedicated Post- Quantum Arithmetic Logic Unit, embedded directly in the pipeline of a RISC-V processor. This results in an almost negligible area overhead with a large impact on the algorithm speed-up and a consistent reduction in the energy required per single operation.
This article introduces a new class of physical unclonable functions (PUFs) based on the Fibonacci ring oscillator (FIRO). The research conducted here proves that before reaching the desired randomness, the oscillator shows a certain degree of repeatability and uniqueness in the initial sequence of internal state transitions. The use of an FIRO in conjunction with the restart method makes it possible to obtain a set of short boot sequences, which are processed with an innovative feature extraction algorithm that enables reliable device identification. This approach ensures the reuse of the existing random number generator (RNG), rather than multiplying ring oscillators in a dedicated structure. Moreover, the algorithm for the recovery of the device key from the boot set can be successfully implemented in the authorizing center, thus significantly releasing the resources of authorized low-complexity devices. The proposed methodology provides an easily obtainable key with identifiability, which was proven experimentally on FPGAs from different manufacturers.
The recent advance in the post-quantum cryptography (PQC) field has gradually shifted from the theory to the implementation of the cryptosystem, especially on the hardware platforms. Following this trend, in this paper, we aim to present efficient implementations of the finite field arithmetic (key component) for the binary Ring-Learning-with-Errors (BRLWE)-based PQC through a novel lookup-table (LUT)-like method. We have carried out four stages of interdependent efforts: (i) an algorithm-hardware co-design driven derivation of the proposed LUT-like method is provided detailedly for the key arithmetic of the BRLWE-based scheme; (ii) the proposed hardware architecture is then presented along with the internal structural description; (iii) we have also presented a novel hybrid size structure suitable for flexible operation, which is the first report in the literature; (iv) the final implementation and comparison processes have also been given, demonstrating that our proposed structures deliver significant improved performance over the state-of-the-art solutions. The proposed designs are highly efficient and are expected to be employed in many emerging applications. Index Terms-BRLWE based scheme, finite field arithmetic, hybrid size structure, lookup table, post-quantum cryptography
As we move into a new decade, the global world of Intelligent Infrastructure (II) services integrated into the Internet of Things (IoT) are at the forefront of technological advancements. With billions of connected devices spanning continents through interconnected networks, security and privacy protection techniques for the emerging II services become a paramount concern. In this paper, an up-to-date privacy method mapping and relevant use cases are surveyed for II services. Particularly, we emphasize on post-quantum cryptography techniques that may (or must when quantum computers become a reality) be used in the future through concrete products, pilots, and projects. The topics presented in this paper are of utmost importance as (1) several recent regulations such as Europe’s General Data Protection Regulation (GDPR) have given privacy a significant place in digital society, and (2) the increase of IoT/II applications and digital services with growing data collection capabilities are introducing new threats and risks on citizens’ privacy. This in-depth survey begins with an overview of security and privacy threats in IoT/IIs. Next, we summarize some selected Privacy-Enhancing Technologies (PETs) suitable for privacy-concerned II services, and then map recent PET schemes based on post-quantum cryptographic primitives which are capable of withstanding quantum computing attacks. This paper also overviews how PETs can be deployed in practical use cases in the scope of IoT/IIs, and maps some current projects, pilots, and products that deal with PETs. A practical case study on the Internet of Vehicles (IoV) is presented to demonstrate how PETs can be applied in reality. Finally, we discuss the main challenges with respect to current PETs and highlight some future directions for developing their post-quantum counterparts.
Over the past decades, quantum technology has seen consistent progress, with notable recent developments in the field of quantum computers. Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed. In this regard, viewing this technology as a resource for honest parties rather than adversaries, it may enhance not only the security, but also the performance of specific cryptographic schemes. While considerable effort has been devoted to the design of quantum-resistant and quantum-enhanced schemes, little effort has been made to understanding their physical security. Physical security deals with the design and implementation of security measures fulfilling the practical requirements of cryptographic primitives, which are equally essential for classic and quantum ones. This survey aims to draw greater attention to the importance of physical security, with a focus on secure key generation and storage as well as secure execution. More specifically, the possibility of performing side-channel analysis in the quantum world is discussed and compared to attacks launched in the classic world. Besides, proposals for quantum random number generation and quantum physically unclonable functions are compared to their classic counterparts and further analyzed to give a better understanding of their features, advantages, and shortcomings. Finally, seen from these three perspectives, this survey provides an outlook for future research in this direction.
The goal of physical layer security (PLS) is to make use of the properties of the physical layer—including the wireless communication medium and/or the transceiver hardware—to enable critical aspects of secure communications. In particular, PLS can be employed to provide (a) node authentication, (b) message authentication, and (c) message confidentiality. Unlike the corresponding classical cryptographic approaches which are all based on computational security, PLS’s added strength is that it is based on information theoretic security, in which no limitation with respect to the opponent’s computational power is assumed and is therefore inherently quantum resistant. In this survey, we review the aforementioned fundamental aspects of PLS, starting with node authentication, moving to the information theoretic characterization of message integrity, and finally, discussing message confidentiality both in the secret key generation from shared randomness and from the wiretap channel point of view. The aim of this review is to provide a comprehensive road-map on important relevant results by the authors and other contributors and discuss open issues on the applicability of PLS in sixth generation systems.
We present a novel code-based signature scheme called modified pqsigRM. This scheme is based on a modified Reed-Muller (RM) code, which reduces the signing complexity and key size compared with existing code-based signature schemes. In fact, it strengthens pqsigRM submitted to NIST for post-quantum cryptography standardization. The proposed scheme has the advantage of the pqsigRM decoder and uses public codes that are more difficult to distinguish from random codes. We use (U, U + V)-codes with the high-dimensional hull to overcome the disadvantages of code-based schemes. The proposed decoder samples from coset elements with small Hamming weight for any given syndrome and efficiently finds such an element. Using a modified RM code, the proposed signature scheme resists various known attacks on RM-code-based cryptography. For 128 bits of classical security, the signature size is 4096 bits, and the public key size is less than 1 MB.
Post-quantum cryptography (PQC) is currently a growing area of research and NIST PQC Round 2 schemes are being actively analyzed and optimized for both security and efficiency. In this work, we repurpose the cryptographic accelerators in an energy-efficient pre-quantum TLS crypto-processor to implement post-quantum key encapsulation schemes SIKE, Frodo and ThreeBears and signature scheme SPHINCS + . We utilize the modular arithmetic unit inside the elliptic curve cryptography accelerator to implement SIKE, while we use the AES-256 and SHA2-256 hardware primitives to substitute SHA3-256 and SHAKE-256 computations and accelerate the other three protocols. We accelerate the most computationally expensive components of these PQC protocols in hardware, thereby achieving up to an order of magnitude improvement in energy-efficiency over software implementations.
Unmanned aerial vehicles (UAVs) can be deployed to monitor very large areas without the need for network infrastructure. UAVs communicate with each other during flight and exchange information with each other. However, such communication poses security challenges due to its dynamic topology. To solve these challenges, the proposed method uses two phases to counter malicious UAV attacks. In the first phase, we applied a number of rules and principles to detect malicious UAVs. In this phase, we try to identify and remove malicious UAVs according to the behavior of UAVs in the network in order to prevent sending fake information to the investigating UAVs. In the second phase, a mobile agent based on a three-step negotiation process is used to eliminate malicious UAVs. In this way, we use mobile agents to inform our normal neighbor UAVs so that they do not listen to the data generated by the malicious UAVs. Therefore, the mobile agent of each UAV uses reliable neighbors through a three-step negotiation process so that they do not listen to the traffic generated by the malicious UAVs. The NS-3 simulator was used to demonstrate the efficiency of the SAUAV method. The proposed method is more efficient than CST-UAS, CS-AVN, HVCR, and BSUM-based methods in detection rate, false positive rate, false negative rate, packet delivery rate, and residual energy.
Conventional RSA algorithm, being a basis for several proposed cryptosystems, has remarkable security laps with respect to confidentiality and integrity over the internet which can be compromised by state-of-the-art attacks, especially, for different types of data generation, transmission, and analysis by IoT applications. This security threat hindrance is considered to be a hard problem to solve on classical computers. However, bringing quantum mechanics into account, the concept no longer holds true. So, this calls out for the modification of the conventional pre-quantum RSA algorithm into a secure post-quantum cryptographic-based RSA technique. In this research, we propose a post-quantum lattice-based RSA (LB-RSA) for IoT-based cloud applications to secure the shared data and information. The proposed work is validated by implementing it in 60-dimensions. The key size is about 1.152 × 10 5-bits and generation time is 0.8 hours. Furthermore, it has been tested with AVISPA, which confirms security in the presence of an intruder. Moreover, the proposed LB-RSA technique is compared with the existing state-of-the-art techniques. The empirical results advocate that the proposed lattice-based variant is not only safe but beats counterparts in terms of secured data sharing.
Conventional RSA algorithm, being a basis for several proposed cryptosystems, has remarkable security laps with respect to confidentiality and integrity over the internet which can be compromised by state-of-the-art attacks, especially, for different types of data generation, transmission, and analysis by IoT applications. This security threat hindrance is considered to be a hard problem to solve on classical computers. However, bringing quantum mechanics into account, the concept no longer holds true. So, this calls out for the modification of the conventional pre-quantum RSA algorithm into a secure post-quantum cryptographic-based RSA technique. In this research, we propose a post-quantum lattice-based RSA (LBRSA) for IoT applications in order to secure the shared data and information. The proposed work is validated by implementing it in 60-dimensions. The key size is about 1.152 × 105-bits and generation time is 0.8 hours. Furthermore, it has been tested with AVISPA, which confirms security in the presence of an intruder. Moreover, the proposed LB-RSA technique is compared with the existing state-of-the-art techniques. The empirical results advocate that the proposed lattice-based variant is not only safe but beats counterparts in terms of secured data sharing.
The Internet of Things (IoT) expected for infinite connectivity among various elements or “things”. It converges with interpersonal organizations, enabling individuals and gadgets to collaborate, and facilitating data sharing. However, security and protection issues are an incredible test for IoT, yet they are likewise empowering components to make a “trust environment”. The inherent vulnerabilities of IoT gadgets, with restricted assets and heterogeneous innovations, together with the absence of specifically planned IoT models, representable to reproduce ground for the development of specific digital dangers. In this paper, we begin with the three main key layers of the IoT system model: 1) perception; 2) network; and 3) application levels and continue on with information security-related challenges that IoT will encounter. Finally, as a result of the examination, authors will highlight the most critical issues with the point of managing future research directions.
Internet of Things (IoT) is becoming an emerging trend superseding other technologies and researchers considered it as the future of internet. As now the connectivity to the World Wide Web is becoming highly available cost is drastically decreasing so everyone can afford the technology. As Internet of Things provides a great opportunity to develop an important industrial systems and applications with the help of various kind of sensors that can sense out the environment using number of devices that is connected to the internet, usage of IoT is drastically increasing and becoming a common thing. With this sky-rocketed usage and the demand, Communication and storing of the information faces serious security issues as the security of IoT devices become just an afterthought when manufacturing most of the devices. This study tries to summarize this IoT security issues in terms of primary information security concepts confidentiality, integrity and availability with regards to its architecture.
Although quantum computing is still in its nascent age, its evolution threatens the most popular public-key encryp-tion systems. Such systems are essential for today's Internet security due to their ability for solving the key distribution problem and for providing high security in non-secure communications channels that allow for accessing websites or for exchanging e-mails, financial transactions, digitally-signed documents, military communications or medical data. Cryptosystems like RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography) or Diffie-Hellman have spread worldwide and are part of diverse key Internet standards like Transport Layer Security (TLS), which are used both by traditional computers and IoT devices. It is especially difficult to provide high security to IoT devices, mainly because many of them rely on batteries and are resource-constrained in terms of computational power and memory, what implies that specific energy-efficient and lightweight algorithms need to be designed and implemented for them. These restrictions become relevant challenges when implementing cryptosystems that involve intensive mathematical operations and demand substantial computational resources, which are often required in applications where data privacy has to be preserved for the long term, like IoT applications for Defense, mission-critical scenarios or smart healthcare. Quantum computing threatens such a long-term IoT device security and researchers are currently developing solutions to mitigate such a threat. This article provides a survey on what can be called post-quantum IoT systems (IoT systems protected from the currently known quantum computing attacks): the main post-quantum cryptosystems and initiatives are reviewed, the most relevant IoT architectures and challenges are analyzed, and the expected future trends are indicated. Thus, this paper is aimed at providing a wide view of post-quantum IoT security and give useful guidelines to the future post-quantum IoT developers.
Signcryption is a basic cryptographic primitive that simultaneously captures the functions of encryption and signature. To realize comprehensive information security against quantum computing attacks, lattice-based signcryption schemes have been successively proposed. However, the performance of signcryption schemes should be improved in the lattice setting. An efficient lattice-based signcryption scheme in the standard model is proposed in this paper. Under the ring learning with errors (RLWE) assumption and the ideal short integer solution (ISIS) assumption, the proposed signcryption scheme achieves indistinguishability against adaptive chosen ciphertext attacks (IND-CCA2) and existential unforgeability under an adaptive chosen-message attack (EUF-ACMA). Our scheme not only reduces the communication and computational overhead but also realizes a new design that combines the partitioning technique with the idea of tag-based key encapsulation. The performance analysis results show that our scheme is more efficient than previous lattice-based signcryption schemes in the standard model.
Diabetes patients suffer from abnormal blood glucose levels, which can cause diverse health disorders that affect their kidneys, heart and vision. Due to these conditions, diabetes patients have traditionally checked blood glucose levels through Self-Monitoring of Blood Glucose (SMBG) techniques, like pricking their fingers multiple times per day. Such techniques involve a number of drawbacks that can be solved by using a device called Continuous Glucose Monitor (CGM), which can measure blood glucose levels continuously throughout the day without having to prick the patient when carrying out every measurement. This article details the design and implementation of a system that enhances commercial CGMs by adding Internet of Things (IoT) capabilities to them that allow for monitoring patients remotely and, thus, warning them about potentially dangerous situations. The proposed system makes use of smartphones to collect blood glucose values from CGMs and then sends them either to a remote cloud or to distributed fog computing nodes. Moreover, in order to exchange reliable, trustworthy and cybersecure data with medical scientists, doctors and caretakers, the system includes the deployment of a decentralized storage system that receives, processes and stores the collected data. Furthermore, in order to motivate users to add new data to the system, an incentive system based on a digital cryptocurrency named GlucoCoin was devised. Such a system makes use of a blockchain that is able to execute smart contracts in order to automate CGM sensor purchases or to reward the users that contribute to the system by providing their own data. Thanks to all the previously mentioned technologies, the proposed system enables patient data crowdsourcing and the development of novel mobile health (mHealth) applications for diagnosing, monitoring, studying and taking public health actions that can help to advance in the control of the disease and raise global awareness on the increasing prevalence of diabetes.
Modern public key protocols, such as RSA and elliptic curve cryptography (ECC), will be rendered insecure by Shor's algorithm [1] when large-scale quantum computers are built. Therefore, cryptographers are working on quantum-resistant algorithms, and lattice-based cryptography has emerged as a prime candidate [1]. However, high computational complexity of these algorithms makes it challenging to implement lattice-based protocols on resource-constrained IoT devices, which need to secure data against both present and future adversaries. To address this challenge, we present a lattice cryptography processor with configurable parameters, which enables up to two orders of magnitude energy savings and 124K-gate reduction in system area through architectural optimizations. The ASIC demonstrates multiple lattice-based protocols proposed in Round 1 of the NIST post-quantum standardization process.
Industry 4.0 is a concept devised for improving the way modern factories operate through the use of some of the latest technologies, like the ones used for creating Industrial Internet of Things (IIoT), robotics or Big Data applications. One of such technologies is blockchain, which is able to add trust, security and decentralization to different industrial fields. This article focuses on analyzing the benefits and challenges that arise when using blockchain and smart contracts to develop Industry 4.0 applications. In addition, this paper presents a thorough review on the most relevant blockchain-based applications for Industry 4.0 technologies. Thus, its aim is to provide a detailed guide for future Industry 4.0 developers that allows for determining how blockchain can enhance the next generation of cybersecure industrial applications.
We propose the RLizard key encapsulation mechanism (KEM), whose security depends on the ring learning with errors (RLWE) and ring learning with rounding (RLWR) problems. Because RLizard operates on a special type of ring, it is more efficient in terms of both the clock cycles required for key generation and the key size compared to the original Lizard scheme. To demonstrate the superiority of the proposed method over other well-known KEMs, we compared their performances in the 32-bit ARM Internet of Things (IoT) environment. The performance analysis showed that the RLizard KEM requires the fewest clock cycles for key generation, encapsulation, and decapsulation when the parameters are set to support a security level comparable with that of AES-128. In summary, the RLizard KEM is expected to be used for secure communication and authentication between IoT endpoint devices, whose computational power is generally limited.
The latest Internet of Things (IoT) edge-centric architectures allow for unburdening higher layers from part of their computational and data processing requirements. In the specific case of fog computing systems, they reduce greatly the requirements of cloud-centric systems by processing in fog gateways part of the data generated by end devices, thus providing services that were previously offered by a remote cloud. Thanks to recent advances in System-on-Chip (SoC) energy efficiency, it is currently possible to create IoT end devices with enough computational power to process the data generated by their sensors and actuators while providing complex services, which in recent years derived into the development of the mist computing paradigm. To allow mist computing nodes to provide the previously mentioned benefits and guarantee the same level of security as in other architectures, end-to-end standard security mechanisms need to be implemented. In this paper, a high-security energy-efficient fog and mist computing architecture and a testbed are presented and evaluated. The testbed makes use of Transport Layer Security (TLS) 1.2 Elliptic Curve Cryptography (ECC) and Rivest-Shamir-Adleman (RSA) cipher suites (that comply with the yet to come TLS 1.3 standard requirements), which are evaluated and compared in terms of energy consumption and data throughput for a fog gateway and two mist end devices. The obtained results allow a conclusion that ECC outperforms RSA in both energy consumption and data throughput for all the tested security levels. Moreover, the importance of selecting a proper ECC curve is demonstrated, showing that, for the tested devices, some curves present worse energy consumption and data throughput than other curves that provide a higher security level. As a result, this article not only presents a novel mist computing testbed, but also provides guidelines for future researchers to find out efficient and secure implementations for advanced IoT devices.
Multimedia communication is revolutionizing all major spheres of human life. The advent of IoT and its applications in many fields like sensing, healthcare and industry, result exponential increase in multimedia data, that needs to be shared over insecure networks. IoT driven setups are however constrained in terms of resources as a result of their small size. From data security point of view a conventional algorithms cannot be used for data encryption on an IoT platform given the resource constraints. The work presented in this paper studies the performance of SIMON cryptographic algorithm and proposes a light-weight-cryptography algorithm based on SIMON for its possible use in an IoT driven setup. The focus is on speed enhancement benefitting from software prospective, making it different than common studies mostly reflecting hardware implementations. To achieve performance in practical prospective, the contribution looks into SIMON cipher’s characteristics considering utilizing it for internet of things (IoT) healthcare applications. The paper suggests further improvement to implement the original SIMON cryptography in order to reduce the encryption time and maintain the practical trade-off between security and performance. The proposed work has been compared to Advanced Encryption Standard (AES) and the original SIMON block cipher algorithms in terms of execution time, memory consumption. The results show that the proposed work is suitable for securing data in an IoT driven setup.
Due to its widespread popularity and usage in many applications (smart transport, energy management, e-healthcare, smart ecosystem and so on), the Internet of Things (IoT) has become popular among end users over the last few years. However, with an exponential increase in the usage of IoT technologies, we have been witnessing an increase in the number of cyber attacks on the IoT environment. An adversary can capture the private key shared between users and devices and can launch various attacks such as-IoT ransomware, Mirai botnet, man-in-the-middle, denial of service, chosen plaintext and chosen ciphertext. To mitigate these security attacks on the IoT environment, the traditional public key cryptographic primitives are inadequate because of their high computational and communication costs. Therefore, lattice based public key cryptosystem (LB-PKC) is a promising technique for secure communication. We discuss the taxonomy of two major problems namely, i.e., the shortest path and the closest path problems with respect to the applicability of lattice based cryptographic primitives for IoT devices. Moreover, we also discuss various LB-PKC techniques such as NTRU, learning with errors (LWE), and ring-LWE which are often used to solve shortest path and lattice NP-hard problems in a polynomial time. We further classify the ring-LWE into three categories namely, identity-based encryption, homomorphic encryption, and secure authentication key exchange. We describe the operations and algorithms adopted in each of these encryption mechanisms. Finally, we discuss the challenges, open issues, and future directions for applying LB-PKC in the IoT environment.
In this paper, we introduce Saber, a package of cryptographic primitives whose security relies on the hardness of the Module Learning With Rounding problem (Mod-LWR). We first describe a secure Diffie-Hellman type key exchange protocol, which is then transformed into an IND-CPA encryption scheme and finally into an IND-CCA secure key encapsulation mechanism using a post-quantum version of the Fujisaki-Okamoto transform. The design goals of this package were simplicity, efficiency and flexibility resulting in the following choices: all integer moduli are powers of 2 avoiding modular reduction and rejection sampling entirely; the use of LWR halves the amount of randomness required compared to LWE-based schemes and reduces bandwidth; the module structure provides flexibility by reusing one core component for multiple security levels. A constant-time AVX2 optimized software implementation of the KEM with parameters providing more than 128 bits of post-quantum security, requires only 101K, 125K and 129K cycles for key generation, encapsulation and decapsulation respectively on a Dell laptop with an Intel i7-Haswell processor.
Traditional and lightweight cryptography primitives and protocols are insecure against quantum attacks. Thus, a real‐time application using traditional or lightweight cryptography primitives and protocols does not ensure full‐proof security. Post‐quantum cryptography is important for the internet of things (IoT) due to its security against quantum attacks. This paper offers a broad literature analysis of post‐quantum cryptography for IoT networks, including the challenges and research directions to adopt in real‐time applications. The work draws focus towards post‐quantum cryptosystems that are useful for resource‐constraint devices. Further, those quantum attacks are surveyed, which may occur over traditional and lightweight cryptographic primitives.
Polynomial multiplication is one of the most costly operations of ideal lattice-based cryptosystems. In this work, we study its optimizations when one of the operands has coefficients close to 0. We focus on this structure since it is at the core of lattice-based Key Encapsulation Mechanisms submitted to the NIST call for post-quantum cryptography. In particular, we propose optimization of this operation for embedded devices by using a RSA/ECC coprocessor that provides efficient and secure large-integer arithmetic. In this context, we compare Kronecker Substitution, already studied in [AHH+19], with two specific algorithms that we introduce: KSV, a variant of this substitution, and an adaptation of the schoolbook multiplication, denoted Shift&Add. All these algorithms rely on the transformation of polynomial multiplication to large-integer arithmetic. Then, thanks to these algorithms, existing secure coprocessors dedicated to large-integer can be re-purposed in order to speed-up post-quantum schemes. The efficiency of these algorithms depends on the component specifications and the cryptosystem parameters set. Thus, we establish a methodology to determine which algorithm to use, for a given component, by only implementing basic large-integer operations. Moreover, the three algorithms are assessed on a chip ensuring that the theoretical methodology matches with practical results.
Post-quantum cryptography (PQC) refers to the cryptosystem that can resist the attacks launched from mature quantum computers in the not far future and has recently gained intensive attention from the research community as most of the existing public-key cryptosystems are vulnerable to attacks from quantum computers. Ring-Learning-with-Errors (Ring-LWE)-based scheme is an essential type of the lattice-based PQC due to its strong security proof and ease of implementation. As the latest variant of the Ring-LWE, the binary Ring-LWE (BRLWE)-based scheme possesses even smaller computational complexity and thus is more suitable for resource-constrained applications. However, the existing works have not well covered various aspects related to this new scheme, especially on the low-complexity hardware implementation. In this paper, we aim to present a novel implementation of the BRLWE-based scheme on the hardware platform with very low-complexity with this point of view. To carry out the specified work in a successful manner, we have proposed mainly four layers of coherent interdependent efforts: (i) we have provided the necessary algorithmic derivation process in detail to formulate the desired algorithm for the polynomial multiplication over hybrid fields, which is the major arithmetic component of the BRLWE scheme; (ii) we have presented the corresponding hardware architecture in a thorough format with sufficient description of the internal structures; (iii) we have also provided the complexity analysis and implementation-based comparison to demonstrate the superior performance of the proposed polynomial multiplication over the state-of-the-art design; (iv) finally, we have extended the proposed low-complexity polynomial multiplication to the major operational phase of the BRLWE scheme. We have shown that the proposed BRLWE structure involves significantly lower area-time complexities over the existing design, e.g., the proposed design has at least 66.01% less area-delay product (ADP) than the newly reported (Straix V device). Overall, the proposed design and implementation strategies are highly efficient, and the proposed BRLWE structure is desirable for many emerging applications.
Post-quantum cryptography has known a Cambrian explosion in the last decade. What started as a very theoretical and mathematical area has now evolved into a sprawling research field, complete with side-channel resistant embedded implementations, large scale deployment tests and standardization efforts. This study systematizes the current state of knowledge on post-quantum cryptography. Compared to existing studies, we adopt a transversal point of view and center our study around three areas: (i) paradigms, (ii) implementation, (iii) deployment. Our point of view allows to cast almost all classical and post-quantum schemes into just a few paradigms. We highlight trends, common methodologies, and pitfalls to look for and recurrent challenges.
Unauthorized or illegal access to confidential data belonging to an individual or corporation is the biggest threat in information security. Many approaches have been proposed by other researchers to prevent credential data and identity theft, i.e., cryptography, steganography, digital watermarking, and hybrid system. In mid-90s, Shor’s algorithm was introduced to be used in quantum computing. This algorithm could break the well-known cryptography or steganography. Shor’s algorithm has been cleverly used in the quantum computing as a new breakthrough in computer science to parallelly solve problems (NP-hard). However, it can be a threat for security system or cryptosystem. This research proposed a new hybrid approach by using post-quantum cryptography and advanced steganography. Nth degree truncated polynomial ring (NTRU) is one of the candidates of post-quantum cryptography that is claimed to be hard to break even with quantum computing. Least significant bit (LSB) is a spatial steganography technique done by replacing bit of the cover image with message bit. The result and comparison of the proposed approach with different existing cryptosystem proved that this approach is promising to be implemented in identity card, banking card, etc.
KeywordsIdentity theftPost-quantum cryptographyNTRUSteganographyLSBIdentity card
Digital signatures are important cryptographic primitive for authentication. To resist quantum attacks, many post-quantum signature schemes have been proposed. Among them, isogeny-based signature schemes, such as SeaSign, rapid development in recent years along with the proposed CSIDH construction. In this paper, inspired by the Fiat-Shamir transform, we construct the first identity-based signature scheme based on isogenies from the isogeny-based identification scheme. Then, we analyze its security in the random oracle model under the hardness of the isogeny problem, and demonstrate that it achieves the required security properties. Finally, we evaluate the performance and give the corresponding computational and storage costs.
The encryption schemes based on coding theory are one of the most accredited choices in post-quantum scenario, where QC-LDPC codes are usually employed to construct concrete schemes due to the well security and good efficiency. In this work, we introduce a new IND-CCA secure multi-instance framework for code-based hybrid encryption primitive in the random oracle model, which is derived from our new multi-instance KEM and DEM building modules.
We note that previous multi-instance KEM and DEM are usually derived from single-instance KEM and DEM, and hence suffers from large parameter sizes and security loss. Nevertheless, our multi-instance KEM is a direct construction based on a key generation function and a one-way trapdoor function, and our multi-instance DEM is constructed from a standard DEM and MAC with a tag in the input to achieve a tighter security loss. Finally, we present a IND-CCA secure multi-instance hybrid encryption scheme based on QC-LDPC codes in the random oracle model, where the scheme achieves small private key size and only consumes addition and multiplication operations over F2[x].
UAVNs (unmanned aerial vehicle networks) may become vulnerable to threats and attacks due to their characteristic features such as highly dynamic network topology, open-air wireless environments, and high mobility. Since previous work has focused on classical and metaheuristic-based approaches, none of these approaches have a self-adaptive approach. In this paper, the challenges and weaknesses of previous methods are examined in the form of a table. Furthermore, we propose an agent-based self-protective method (ASP-UAVN) for UAVNs that is based on the Human Immune System (HIS). In ASP-UAS, the safest route from the source UAV to the destination UAV is chosen according to a self-protective system. In this method, a multi-agent system using an Artificial Immune System (AIS) is employed to detect the attacking UAV and choose the safest route. In the proposed ASP-UAVN, the route request packet (RREQ) is initially transmitted from the source UAV to the destination UAV to detect the existing routes. Then, once the route reply packet (RREP) is received, a self-protective method using agents and the knowledge base is employed to choose the safest route and detect the attacking UAVs. The proposed ASP-UAVN has been validated and evaluated in two ways: simulation and theoretical analysis. The results of simulation evaluation and theory analysis showed that the ASP-UAS increases the Packet Delivery Rate (PDR) by more than 17.4, 20.8, and 25.91%, and detection rate by more than 17.2, 23.1, and 29.3%, and decreases the Packet Loss Rate (PLR) by more than 14.4, 16.8, and 20.21%, the false-positive and false-negative rate by more than 16.5, 25.3, and 31.21% those of SUAS-HIS, SFA and BRUIDS methods, respectively.
Today, with the advent of internet technology, we are looking for e-mechanisms such as e-voting, e-commerce, e-learning, etc., where electronic information are transferred between the entities via the public network. However, e-mechanisms require the support of integrity, authenticity and non-repudiability of the transmitted electronic information. The digital signature is a technique that allows users to attain these parameters during the transmission of information via the public channel. The existing number-theoretic assumption based digital signature schemes is vulnerable to quantum attacks due to the development in a quantum computer. Thus, there is a necessity of quantum computer resistant digital signature scheme, i.e., post-quantum digital signature. Multivariate Public Key Cryptography (MPKC) is one of the most promising candidates of post-quantum cryptography as the MPKC based constructions are computationally fast and need only modest computational resources. In the literature, there are few multivariate digital signature schemes based on Multivariate Quadratic (MQ) problem. However, the design of efficient constructions of digital signature schemes based on higher degree ( > 2) multivariate polynomials is still an open problem. Generally, the question relating to the multivariate polynomials of degree > 2 is expected to be equally or harder than the quadratic one. In this paper, we have designed a digital signature framework based on Multivariate Cubic (MC) problem to address the issue. The signature size in our scheme is less than all the existing MPKC based signature schemes under the same security assumptions.
In the 5G era, massive devices need to be securely connected to the edge of communication networks, while emerging quantum computers can easily crack the traditional public-key ciphers. Lattice-based cryptography (LBC) is one of the most promising types of schemes in all post-quantum cryptography (PQC) due to its security and efficiency. To meet the requirements of high-throughput and diverse application scenarios of 5G, we investigate the vectorization of kernel algorithms of several LBC candidates and thus present a domain-specific vector processor, VPQC, leveraging the extensible RISC-V architecture. To support the parallel computation of number theoretic transform (NTT) of different dimensions (from 64 to 2048), a vector NTT unit is implemented in VPQC. Besides, a vector sampler executing both uniform sampling and binomial sampling is also employed. Evaluated under TSMC 28nm technology, the vector coprocessor of VPQC consumes 942k equivalent logic gates and 12KB memories. Experimental results show that VPQC can speed up several typical key encapsulation mechanisms (NewHope, Kyber and LAC) by an order of magnitude compared with previous state-of-the-art hardware implementations.
Compared to traditional hardware development methodologies, High-Level Synthesis (HLS) offers a faster time-to-market and lower design cost at the expense of implementation efficiency. Although Software/Hardware Codesign has been used in many areas, its usability for benchmarking of candidates in cryptographic competitions has been largely unexplored. This paper provides a comparison of the HLS- and RTL-based design methodologies when applied to the hardware design of the Number Theoretic Transform (NTT) – a core arithmetic function of lattice-based Post-Quantum Cryptography (PQC). As a next step, we apply Software/Hardware Codesign approach to the implementation of three PQC schemes based on NTT. Then, we integrate our HLS implementation into the Xilinx SDSoC environment. We demonstrate that an overhead of SDSoC compared to traditional Bare Metal approach is acceptable. This paper also shows that an HLS implementation obtained by modeling a block diagram is typically much better than an implementation obtained by using design space exploration. We conclude that the HLS/SDSoC and RTL/Bare Metal approaches generate comparable results.
Internet of Things (IoT) ideates smart and inter-connected things capable of sharing their perceptions through the Internet. These devices are different from conventional Internet-connected devices in the sense that these are able to perform skill-full things on their own with minimal or no human interaction. Unfortunately, with the advent of amalgamate technologies, security has become a major concern for IoT networks. Recent efforts include re-inventing cryptographic solutions through the use of light-weight operations. However, after witnessing the growth of quantum computers, it can be inferred that the cryptographic techniques based on mathematical problems are not reliable enough. Therefore, there is need to develop solutions that can easily resist the adversarial effects and are suitable for the post-quantum world. In this paper, we perform in-depth analysis over the role of post-quantum cryptographic techniques for securing IoT networks and also explore ongoing research efforts in the field. In addition, we discuss the open research challenges and future research directions in the field.
It is regarded as a difficult task to design a secure MPKC fundamental schemes such as an encryption scheme. In this paper we introduce a new central trapdoor for multivariate quadratic (MQ) public-key cryptosystems that allows for encryption, in contrast to time-tested MQ primitives such as Unbalanced Oil and Vinegar or Rainbow which only allow for signatures. The same as UOV or Rainbow, our construction is single field scheme where the central polynomial system is chosen to have a particular structure that enables efficient inversion. After applying this transformation, the plaintext can be recovered by solving a linear system. Our new central trapdoor can use to replace the broken extension field calculation trapdoor and simple matrix encryption trapdoor, thereafter, we use the minus and plus modifiers to inoculate our scheme against known attacks. It is highlight that our encryption scheme is a good explore in the area of multivariate cryptography. Finally, a straightforward Magma implementation confirms the efficient operation of the public key algorithms.
Along with the resistance against quantum computers, isogeny-based cryptography offers attractive cryptosystems due to small key sizes and compatibility with the current elliptic curve primitives. While the state-of-the-art implementation uses Montgomery curves, which facilitates efficient elliptic curve arithmetic and isogeny computations, other forms of elliptic curves can be used to produce an efficient result. In this paper, we present the new hybrid method for isogeny-based cryptosystem using Edwards curves. Unlike the previous hybrid methods, we exploit Edwards curves for recovering the curve coefficients and Montgomery curves for other operations. To this end, we first carefully examine and compare the computational cost of Montgomery and Edwards isogenies. Then, we fine-tune and tailor Edwards isogenies in order to blend with Montgomery isogenies efficiently. Additionally, we present the implementation results of Supersingular Isogeny Diffie–Hellman (SIDH) key exchange using the proposed method. We demonstrate that our method outperforms the previously proposed hybrid method, and is as fast as Montgomery-only implementation. Our results show that proper use of Edwards curves for isogeny-based cryptosystem can be quite practical.
Internet of Things (IoT) has emerged from the proliferation of smart and inter-connected devices ranging from tiny sensors to complex Fog and Cloud nodes, various networking technologies, and communication protocols. These IoT devices permeate in our lives through various applications including smart homes, healthcare, defence, transportation, and so forth. Although IoT provides a way of interaction among the physical world objects and the Internet, these connected devices have created a new dimension of security challenges associated with the vulnerabilities present in them. These challenges can be tackled to some extent by deploying a rigid authentication and access control model. In this paper, we propose a novel light-weight authentication and authorization framework suitable for distributed IoT environment using Elliptical Curve Cryptography (ECC) and Message Queuing Telemetry Transport (MQTT). Moreover, we implement the scheme, and analyse and compare its various security and performance aspects with other schemes.
By exponential increase in applications of the internet of things (IoT), such as smart ecosystems or e-health, more security threats have been introduced. In order to resist known attacks for IoT networks, multiple security protocols must be established among nodes. Thus, IoT devices are required to execute various cryptographic operations such as public key encryption/decryption. However, classic public key cryptosystems such as RSA and ECC are computationally more complex to be efficiently implemented on IoT devices and are vulnerable regarding quantum attacks. Therefore, after complete development of quantum computing, these cryptosystems will not be secure and practical. In this paper, we propose InvRBLWE, an optimized variant for binary learning with errors over the ring (Ring-LWE) scheme that is proven to be secure against quantum attacks and is highly efficient for hardware implementations. We propose two architectures for InvRBLWE: 1) a high-speed architecture targeting edge and powerful IoT devices, 2) an ultra-lightweight architecture, which can be implemented on resource-constrained nodes in IoT. The proposed architectures are scalable regarding security levels and we provide experimental results for two versions of the InvRBLWE scheme providing 84 and 190 bits of classic security. Our implementation results on FPGA dominate the best of the classic and post-quantum previous implementations. Moreover, our two different ASIC implementations show improvement in terms of speed, area, power and/or energy. To the best of our knowledge, we are the first to implement LWE-based cryptosystems on ASIC platform.
Anonymous authentication is one of the most critical tools for the privacy protection in Internet-of-Things (IoT). The primitive of group signature has been widely applied to achieving anonymous authentication. Any mobile device is able to prove its privilege of the access control to a remote server which is an authenticated device with valid attestation. However, the traditional group signature schemes cannot support dynamic authentication efficiently. Furthermore, they are insecure against quantum attack. To tackle the abovementioned challenges, a new lattice-based dynamic group signature scheme is proposed. The new scheme allows any user to dynamically join the group while achieving efficient revocation. Furthermore, it is shown that the new scheme can achieve the security of non-frameability. The security of non-frameability guarantees that any user’s signature can not be forged by other users in the system. In addition, the scheme based on the hardness of lattice problem in the random oracle model is provably secure. The efficiency analysis demonstrates that the scheme is effective in practice.
Cyber Physical Systems (CPSs) will be deployed for decades, thus they should be secure against long-term attacks. Most CPSs adopt the Datagram Transport Layer security (DTLS), as the de facto security protocol. By using public key cryptography (PKC) based on traditional RSA or elliptic-curves (ECC), DTLS establishes secured communication channels between multiple parties. However, the foreseeable breakthrough of quantum computers represents a risk for many PKC ecosystems. Traditional PKC will be no longer considered secure. Therefore, the integration of post-quantum security is mandatory. Due to their limited resources, tight performance requirements and long-term life-cycles, this is especially challenging for CPSs. In this work we propose, implement and evaluate for the first time a post-quantum enhanced DTLS, able to establish secure communications of CPSs, even in the presence of quantum computers. An NTRU post-quantum solution was used to perform the key transport among the CPSs entities. We show that is feasible to integrate our post-quantum enhanced DTLS, together with the full Internet Engineering Task Force (IETF) protocol stack in highly constrained environments, such as the CPSs.
Organizations must understand their specific risks and plan for their systems to be resilient to quantum attacks. Assessment is based on three quantities: the security shelf life of the information assets, the migration time to systems designed to resist quantum attacks, and the time remaining before quantum computers break the security.
Ubiquitous computing facilitated by Internet of things (IoT) devices has made modern day life easier across many areas. It offers capabilities to measure parameters associated with the devices, to infer from their results, and to understand and control millions of such devices in various application domains. The enormous potential of IoT systems enables each and every device to communicate with each other, thereby providing more productivity. In this scenario, heterogeneity of technologies in use is expected to intensify the security threats. Policy enforcement for the assurance of privacy and security plays a key role in these systems. Fulfillment of privacy and security related requirements include confidentiality of data, user and device authentication, access control, and trust assurance among the things. However, recent reported events related to security attacks show colossal vulnerabilities among IoT devices capable of bringing security risks to the whole environment. One of the common uses of these devices by the attackers is to generate powerful distributed denial of service (DDoS) attacks. It is one of the most prominent attacking behaviors over a network by a group of geographically distributed zombie computers that interrupt and block legitimate users to use the network resources and hence, requires great attention. In this regard, the current work being novel in the field puts concentration on variants of DDoS attacks and their impact on IoT networks along with some of the existing countermeasures to defend against these attacks. The paper also discusses the detailed working mechanism of these attacks and highlights some of the commonly used tools that are deployed in such attack scenarios.
In this work, we investigate the feasibility of post-quantum cryptography in small and constrained devices such as those used for mobile and Internet-of-Things networks. We describe our experimental post-quantum cryptography implementations on small devices with different platforms. Then, we present and compare the performance results of chosen post-quantum key exchange schemes and their message sizes on selected ARM devices. In addition, we discuss the perspective types of post-quantum cryptographic schemes for various IoT systems with different requirements.
Improved quality of life has lead the healthcare industry to geographically expand and support real-time services. Following this trend, a surge of healthcare monitoring devices has substantially overgrown in the global market. These devices tend to generate data in humongous quantity that need real-time analysis with seamless and secure transmission to the computing nodes. The existing computing and networking infrastructures fall short to cater the services with desirable Quality of Service. Hence, to overcome these challenges, the proposed work presents a comprehensive platform referred as SDN Assisted Framework for Edge-Cloud Interplay in Secure Healthcare Ecosystem (SAFE). The objectives of SAFE include: i) an offloading scheme to support Edge- Cloud interplay, ii) an SDN assisted virtualized flow management scheme, and iii) a secure Lattice-based cryptosystem. Finally, the proposed scheme is validated on different performance parameters. Additionally, a security evaluation of the designed cryptosystem is also presented. IEEE