An official website of the United States government
Name-based publish/subscribe systems using Information-Centric Networking (ICN) principles can provide a flexible and efficient framework for communication in disaster situations. Efficient, secure dissemination of information can play a critical role in disaster management. But, secure and authenticated group communications that maintain confidentiality and integrity remain a challenge. In this paper, we design a flexible and efficient encryption framework SAFE that leverages graph-based naming frameworks for providing role-based communication among first responders. We study the suitability of message-oriented encryption where the sender leverages the name hierarchy, and compare it with a key-oriented encryption scheme that requires the receiver to utilize appropriate keys to decrypt based on the publisher-targeted name for the message. Both encryption schemas can be built with attribute-based encryption (ABE) or public key encryption (PKE) implementations. We find message-oriented encryption provides the needed flexibility for dynamic environments when communicating with members changes frequently. With message-oriented encryption, we further address key revocation and support for infrastructure-less environments in disaster situations and consider the tradeoff between flexibility and optimization for large relatively static communication groups. We evaluate both encryption schemas built on top of ABE and PKE. We examine the key generation time, ciphertext length, encryption, and decryption time, and see that SAFE's design is the most suitable for large and dynamically changing groups.
more »
« less
A PUF Based CAN Security Framework
We propose a method to include security and reliability to the messages sent over the CAN bus. Our approach adheres to CAN standard ISO 11898-1. A reliable PUF response is used in key generation to create a unique shared AES-256 key between each ECU, allowing for all message paths to be encrypted. In addition, an HMAC system with a counter is implemented to help protect against replay attacks and message tampering within the network.
more »
« less
- Award ID(s):
- 1738662
- PAR ID:
- 10208143
- Date Published:
- Journal Name:
- 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)
- Page Range / eLocation ID:
- 602 to 603
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
We introduce the notion of a conditional encryption scheme as an extension of public key encryption. In addition to the standard public key algorithms (KG, Enc, Dec) for key generation, encryption and decryption, a conditional encryption scheme for a binary predicate P adds a new conditional encryption algorithm CEnc. The conditional encryption algorithm c=CEncpk (c1,m2,m3) takes as input the public encryption key pk, a ciphertext c1 = Encpk (m1) for an unknown message m1, a control message m2 and a payload message m3 and outputs a conditional ciphertext c. Intuitively, if P(m1,m2)=1 then the conditional ciphertext c should decrypt to the payload message m3. On the other hand if P(m1,m2) = 0 then the ciphertext should not leak any information about the control message m2 or the payload message m3 even if the attacker already has the secret decryption key sk. We formalize the notion of conditional encryption secrecy and provide concretely efficient constructions for a set of predicates relevant to password typo correction. Our practical constructions utilize the Paillier partially homomorphic encryption scheme as well as Shamir Secret Sharing. We prove that our constructions are secure and demonstrate how to use conditional encryption to improve the security of personalized password typo correction systems such as TypTop. We implement a C++ library for our practically efficient conditional encryption schemes and evaluate the performance empirically. We also update the implementation of TypTop to utilize conditional encryption for enhanced security guarantees and evaluate the performance of the updated implementation.more » « less
-
In a key-agreement protocol whose security is proven in the random oracle model (ROM), the parties and the eavesdropper can make bounded number of queries to a shared random function (an “oracle”). Such protocol are the alternative to key-agreement protocols whose security is based on “public-key assumptions”, assumptions that being more structured are presumingly more vulnerable to attacks. Barak and Mahmoody [Crypto ’09] (following Impagliazzo and Rudich [STOC ’89]) have shown the ROM key-agreement protocols can only guarantee limited secrecy: the key of any `l-query protocol can be revealed by an O(l^2 )-query adversary, a bound that matches the gap obtained by the Merkle’s Puzzles two-message protocol of Merkle [CACM ’78]. While this quadratic gap might not seem like much, if the honest parties are willing to work “hard enough” and given continuousness improvement in common hash functions evaluation time, this gap yields a good enough advantage (assuming the security of the protocol holds when initiating the random function with a fixed hash function). In this work we consider the communication complexity of ROM key-agreement protocols. In Merkle’s Puzzles, the honest parties need to exchange Ω(l) bits (ignoring logarithmic factors) to obtain secrecy against an eavesdropper that makes roughly l^2 queries, which makes the protocol unrealizable in many settings. We show that for protocols with certain natural properties, such high communication is unavoidable. Specifically, this is the case if the honest parties’ queries are independent and uniformly random, or alternatively if the protocol uses non-adaptive queries and has only two rounds. Since two-round key-agreement protocol are equivalent to public-key encryption scheme (seeing the first message as the public-key), the latter result bounds the public-key and encryption size of public-key encryption scheme whose security is proven in the ROM.more » « less
-
Machine learning is rapidly finding its way into the solving of everyday complex problems. One such application is in the area of chaotic encryption, where machine learning techniques can be used to improve the security and synchronization of encryption algorithms. Chaotic encryption is a technique that uses chaos theory to encrypt messages communicated between a transmitter and a receiver, making them extremely difficult to decipher without the correct decryption key. Here, we first discuss error correction for chaotic synchronization using conventional methods with an accuracy of 86%. We then use machine learning algorithms to reduce the error of the decrypted message extracted by learning patterns in the encrypted message and adjusting the encryption parameters accordingly. Using linear regression, k-mean, and DB-Scan, We present an increase in the original accuracy achieved by the decrypted message. Additionally, we use machine learning algorithms to detect anomalies in encrypted messages. The use of machine learning in chaotic encryption has the potential to greatly improve the security of encryption algorithms.more » « less
-
null; null (Ed.)At the core of Apple’s iMessage is a signcryption scheme that involves symmetric encryption of a message under a key that is derived from the message itself. This motivates us to formalize a primitive we call Encryption under Message-Derived Keys (EMDK). We prove security of the EMDK scheme underlying iMessage. We use this to prove security of the signcryption scheme itself, with respect to definitions of signcryption we give that enhance prior ones to cover issues peculiar to messaging protocols. Our provable-security results are quantitative, and we discuss the practical implications for iMessage.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/ISVLSI49217.2020.00094
