The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization...The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization implementation of the S-box is proposed based on the composite field inverse operation in this paper. This proposed S-box implementation is modeled using Verilog language and synthesized using Design Complier software under the premise of ensuring the correctness of the simulation result. The synthesis results show that, compared to several current S-box implementation schemes, the proposed implementation of the S-box significantly reduces the area overhead and critical path delay, then gets higher hardware efficiency. This provides strong support for realizing efficient and compact S-box ASIC designs.展开更多
In an advancement of communication field, wireless technology plays a predominant role in data transmission. In the timeline of wireless domain, Wi-Fi, Bluetooth, zigbee etc are some of the standards, which are being ...In an advancement of communication field, wireless technology plays a predominant role in data transmission. In the timeline of wireless domain, Wi-Fi, Bluetooth, zigbee etc are some of the standards, which are being used in today’s wireless medium. In addition, the WiMax is introduced by IEEE in IEEE 802.16 for long distance communication, specifically 802.16e standard for mobile WiMax. It is an acronym of Worldwide Interoperability for Microwave Access. It is to be deliver wireless transmission with high quality of service in a secured environment. Since, security becomes dominant design aspect of every communication, a new technique has been proposed in wireless environment. Privacy across the network and access control management is the goal in the predominant aspects in the WiMax protocol. Especially, MAC sub layer should be evaluated in the security architecture. It has been proposed on cryptography algorithm AES that require high cost. Under this scenario, we present the optimized AES 128 bit counter mode security algorithm for MAC layer of 802.16e standards. To design a efficient MAC layer, we adopt the modification of security layers data handling process. As per the efficient design strategy, the power and speed are the dominant factors in mobile device. Since we concentrate mobile WiMax, efficient design is needed for MAC Security layer. Our proposed model incorporates the modification of AES algorithm. The design has been implemented in Xilinx virtex5 device and power has been analyzed using XPower analyzer. This proposed system consumes 41% less power compare to existing system.展开更多
The IEC60870-5-104 protocol lacks an integrated authentication mechanism during plaintext transmission, and is vulnerable to security threats, monitoring, tampering, or cutting off communication connections. In order ...The IEC60870-5-104 protocol lacks an integrated authentication mechanism during plaintext transmission, and is vulnerable to security threats, monitoring, tampering, or cutting off communication connections. In order to verify the security problems of 104 protocol, the 104 master-slave communication implemented DoS attacks, ARP spoofing and Ettercap packet filtering and other man-in-the-middle attacks. DoS attacks may damage the network functions of the 104 communication host, resulting in communication interruption. ARP spoofing damaged the data privacy of the 104 protocol, and Ettercap packet filtering cut off the communication connection between the master and the slave. In order to resist the man-in-the-middle attack, the AES and RSA hybrid encryption signature algorithm and the national secret SM2 elliptic curve algorithm are proposed. AES and RSA hybrid encryption increases the security strength of communication data and realizes identity authentication. The digital signature implemented by the SM2 algorithm can realize identity verification, ensure that the data has not been tampered with, and can ensure the integrity of the data. Both of them improve the communication security of the 104 protocol.展开更多
In order to improve the comprehensive defense capability of data security in digital twins(DTs),an information security interaction architecture is proposed in this paper to solve the inadequacy of data protection and...In order to improve the comprehensive defense capability of data security in digital twins(DTs),an information security interaction architecture is proposed in this paper to solve the inadequacy of data protection and transmission mechanism at present.Firstly,based on the advanced encryption standard(AES)encryption,we use the keystore to expand the traditional key,and use the digital pointer to avoid the key transmission in a wireless channel.Secondly,the identity authentication technology is adopted to ensure the data integrity,and an automatic retransmission mechanism is added for the endogenous properties of the wireless channel.Finally,the software defined radio(SDR)platform composed of universal software radio peripheral(USRP)and GNU radio is used to simulate the data interaction between the physical entity and the virtual entity.The numerical results show that the DTs architecture can guarantee the encrypted data transmitted completely and decrypted accurately with high efficiency and reliability,thus providing a basis for intelligent and secure information interaction for DTs in the future.展开更多
Working with files and the safety of information has always been relevant, especially in financial institutions where the requirements for the safety of information and security are especially important. And in today...Working with files and the safety of information has always been relevant, especially in financial institutions where the requirements for the safety of information and security are especially important. And in today’s conditions, when an earthquake can destroy the floor of a city in an instant, or when a missile hits an office and all servers turn into scrap metal, the issue of data safety becomes especially important. Also, you can’t put the cost of the software and the convenience of working with files in last place. Especially if an office worker needs to find the necessary information on a client, a financial contract or a company’s financial product in a few seconds. Also, during the operation of computer equipment, failures are possible, and some of them can lead to partial or complete loss of information. In this paper, it is proposed to create another level of abstraction for working with the file system, which will be based on a relational database as a storage of objects and access rights to objects. Also considered are possible protocols for transferring data to other programs that work with files, these can be both small sites and the operating system itself. This article will be especially interesting for financial institutions or companies operating in the banking sector. The purpose of this article is an attempt to introduce another level of abstraction for working with files. A level that is completely abstracted from the storage medium.展开更多
Securing digital data from unauthorized access throughout its entire lifecycle has been always a critical concern.A robust data security system should protect the information assets of any organization against cybercr...Securing digital data from unauthorized access throughout its entire lifecycle has been always a critical concern.A robust data security system should protect the information assets of any organization against cybercriminal activities.The Twofish algorithm is one of the well-known symmetric key block cipher cryptographic algorithms and has been known for its rapid convergence.But when it comes to security,it is not the preferred cryptographic algorithm to use compared to other algorithms that have shown better security.Many applications and social platforms have adopted other symmetric key block cipher cryptographic algorithms such as the Advanced Encryption Standard(AES)algorithm to construct their main security wall.In this paper,a new modification for the original Twofish algorithm is proposed to strengthen its security and to take advantage of its fast convergence.The new algorithm has been named Split-n-Swap(SnS).Performance analysis of the new modification algorithm has been performed using different measurement metrics.The experimental results show that the complexity of the SnS algorithm exceeds that of the original Twofish algorithm while maintaining reasonable values for encryption and decryption times as well as memory utilization.A detailed analysis is given with the strength and limitation aspects of the proposed algorithm.展开更多
Data security plays a vital role in the current scenario due to the advanced and sophisticated data access techniques. Present development in data access is always a threat to data that are stored in electronic device...Data security plays a vital role in the current scenario due to the advanced and sophisticated data access techniques. Present development in data access is always a threat to data that are stored in electronic devices. Among all the forms of data, image is an important aspect that still needs methodologies to be stored securely. This work focuses on a novel technique to secure images using inter block difference and advanced encryption standard (AES). The AES algorithm is chosen for encryption since there is no prevalent attack that is successful in analyzing it. Instead of encrypting the entire image, only a part of the image is encrypted. The proposed work is found to reduce the encryption overhead in a significant way and at the same time preserves the safety of the image. It is also observed that the decryption is done in an efficient and time preserving manner.展开更多
Due to its provable security and remarkable device-independence,masking has been widely accepted as a noteworthy algorithmic-level countermeasure against side-channel attacks.However,relatively high cost of masking se...Due to its provable security and remarkable device-independence,masking has been widely accepted as a noteworthy algorithmic-level countermeasure against side-channel attacks.However,relatively high cost of masking severely limits its applicability.Considering the high tackling complexity of non-linear operations,most masked AES implementations focus on the security and cost reduction of masked S-boxes.In this paper,we focus on linear operations,which seems to be underestimated,on the contrary.Specifically,we discover some security flaws and redundant processes in popular first-order masked AES linear operations,and pinpoint the underlying root causes.Then we propose a provably secure and highly efficient masking scheme for AES linear operations.In order to show its practical implications,we replace the linear operations of state-of-the-art first-order AES masking schemes with our proposal,while keeping their original non-linear operations unchanged.We implement four newly combined masking schemes on an Intel Core i7-4790 CPU,and the results show they are roughly 20%faster than those original ones.Then we select one masked implementation named RSMv2 due to its popularity,and investigate its security and efficiency on an AVR ATMega163 processor and four different FPGA devices.The results show that no exploitable first-order side-channel leakages are detected.Moreover,compared with original masked AES implementations,our combined approach is nearly 25%faster on the AVR processor,and at least 70%more efficient on four FPGA devices.展开更多
With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on th...With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.展开更多
文摘The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization implementation of the S-box is proposed based on the composite field inverse operation in this paper. This proposed S-box implementation is modeled using Verilog language and synthesized using Design Complier software under the premise of ensuring the correctness of the simulation result. The synthesis results show that, compared to several current S-box implementation schemes, the proposed implementation of the S-box significantly reduces the area overhead and critical path delay, then gets higher hardware efficiency. This provides strong support for realizing efficient and compact S-box ASIC designs.
文摘In an advancement of communication field, wireless technology plays a predominant role in data transmission. In the timeline of wireless domain, Wi-Fi, Bluetooth, zigbee etc are some of the standards, which are being used in today’s wireless medium. In addition, the WiMax is introduced by IEEE in IEEE 802.16 for long distance communication, specifically 802.16e standard for mobile WiMax. It is an acronym of Worldwide Interoperability for Microwave Access. It is to be deliver wireless transmission with high quality of service in a secured environment. Since, security becomes dominant design aspect of every communication, a new technique has been proposed in wireless environment. Privacy across the network and access control management is the goal in the predominant aspects in the WiMax protocol. Especially, MAC sub layer should be evaluated in the security architecture. It has been proposed on cryptography algorithm AES that require high cost. Under this scenario, we present the optimized AES 128 bit counter mode security algorithm for MAC layer of 802.16e standards. To design a efficient MAC layer, we adopt the modification of security layers data handling process. As per the efficient design strategy, the power and speed are the dominant factors in mobile device. Since we concentrate mobile WiMax, efficient design is needed for MAC Security layer. Our proposed model incorporates the modification of AES algorithm. The design has been implemented in Xilinx virtex5 device and power has been analyzed using XPower analyzer. This proposed system consumes 41% less power compare to existing system.
文摘The IEC60870-5-104 protocol lacks an integrated authentication mechanism during plaintext transmission, and is vulnerable to security threats, monitoring, tampering, or cutting off communication connections. In order to verify the security problems of 104 protocol, the 104 master-slave communication implemented DoS attacks, ARP spoofing and Ettercap packet filtering and other man-in-the-middle attacks. DoS attacks may damage the network functions of the 104 communication host, resulting in communication interruption. ARP spoofing damaged the data privacy of the 104 protocol, and Ettercap packet filtering cut off the communication connection between the master and the slave. In order to resist the man-in-the-middle attack, the AES and RSA hybrid encryption signature algorithm and the national secret SM2 elliptic curve algorithm are proposed. AES and RSA hybrid encryption increases the security strength of communication data and realizes identity authentication. The digital signature implemented by the SM2 algorithm can realize identity verification, ensure that the data has not been tampered with, and can ensure the integrity of the data. Both of them improve the communication security of the 104 protocol.
基金supported in part by the Intergovernmental International Cooperation in Science and Technology Innovation Program under Grants 2019YFE0111600in part by National Natural Science Foundation of China under Grants 62122069,62072490,62201507,and 62071431+2 种基金in part by Science and Technology Development Fund of Macao SAR under Grants 0060/2019/A1 and 0162/2019/A3in part by FDCT-MOST Joint Project under Grant 0066/2019/AMJin part by Research Grant of University of Macao under Grant MYRG2020-00107IOTSC。
文摘In order to improve the comprehensive defense capability of data security in digital twins(DTs),an information security interaction architecture is proposed in this paper to solve the inadequacy of data protection and transmission mechanism at present.Firstly,based on the advanced encryption standard(AES)encryption,we use the keystore to expand the traditional key,and use the digital pointer to avoid the key transmission in a wireless channel.Secondly,the identity authentication technology is adopted to ensure the data integrity,and an automatic retransmission mechanism is added for the endogenous properties of the wireless channel.Finally,the software defined radio(SDR)platform composed of universal software radio peripheral(USRP)and GNU radio is used to simulate the data interaction between the physical entity and the virtual entity.The numerical results show that the DTs architecture can guarantee the encrypted data transmitted completely and decrypted accurately with high efficiency and reliability,thus providing a basis for intelligent and secure information interaction for DTs in the future.
文摘Working with files and the safety of information has always been relevant, especially in financial institutions where the requirements for the safety of information and security are especially important. And in today’s conditions, when an earthquake can destroy the floor of a city in an instant, or when a missile hits an office and all servers turn into scrap metal, the issue of data safety becomes especially important. Also, you can’t put the cost of the software and the convenience of working with files in last place. Especially if an office worker needs to find the necessary information on a client, a financial contract or a company’s financial product in a few seconds. Also, during the operation of computer equipment, failures are possible, and some of them can lead to partial or complete loss of information. In this paper, it is proposed to create another level of abstraction for working with the file system, which will be based on a relational database as a storage of objects and access rights to objects. Also considered are possible protocols for transferring data to other programs that work with files, these can be both small sites and the operating system itself. This article will be especially interesting for financial institutions or companies operating in the banking sector. The purpose of this article is an attempt to introduce another level of abstraction for working with files. A level that is completely abstracted from the storage medium.
文摘Securing digital data from unauthorized access throughout its entire lifecycle has been always a critical concern.A robust data security system should protect the information assets of any organization against cybercriminal activities.The Twofish algorithm is one of the well-known symmetric key block cipher cryptographic algorithms and has been known for its rapid convergence.But when it comes to security,it is not the preferred cryptographic algorithm to use compared to other algorithms that have shown better security.Many applications and social platforms have adopted other symmetric key block cipher cryptographic algorithms such as the Advanced Encryption Standard(AES)algorithm to construct their main security wall.In this paper,a new modification for the original Twofish algorithm is proposed to strengthen its security and to take advantage of its fast convergence.The new algorithm has been named Split-n-Swap(SnS).Performance analysis of the new modification algorithm has been performed using different measurement metrics.The experimental results show that the complexity of the SnS algorithm exceeds that of the original Twofish algorithm while maintaining reasonable values for encryption and decryption times as well as memory utilization.A detailed analysis is given with the strength and limitation aspects of the proposed algorithm.
文摘Data security plays a vital role in the current scenario due to the advanced and sophisticated data access techniques. Present development in data access is always a threat to data that are stored in electronic devices. Among all the forms of data, image is an important aspect that still needs methodologies to be stored securely. This work focuses on a novel technique to secure images using inter block difference and advanced encryption standard (AES). The AES algorithm is chosen for encryption since there is no prevalent attack that is successful in analyzing it. Instead of encrypting the entire image, only a part of the image is encrypted. The proposed work is found to reduce the encryption overhead in a significant way and at the same time preserves the safety of the image. It is also observed that the decryption is done in an efficient and time preserving manner.
基金National Natural Science Foundation of China(No.61632020,No.U1936209 and No.62002353)Beijing Natural Science Foundation(No.4192067).
文摘Due to its provable security and remarkable device-independence,masking has been widely accepted as a noteworthy algorithmic-level countermeasure against side-channel attacks.However,relatively high cost of masking severely limits its applicability.Considering the high tackling complexity of non-linear operations,most masked AES implementations focus on the security and cost reduction of masked S-boxes.In this paper,we focus on linear operations,which seems to be underestimated,on the contrary.Specifically,we discover some security flaws and redundant processes in popular first-order masked AES linear operations,and pinpoint the underlying root causes.Then we propose a provably secure and highly efficient masking scheme for AES linear operations.In order to show its practical implications,we replace the linear operations of state-of-the-art first-order AES masking schemes with our proposal,while keeping their original non-linear operations unchanged.We implement four newly combined masking schemes on an Intel Core i7-4790 CPU,and the results show they are roughly 20%faster than those original ones.Then we select one masked implementation named RSMv2 due to its popularity,and investigate its security and efficiency on an AVR ATMega163 processor and four different FPGA devices.The results show that no exploitable first-order side-channel leakages are detected.Moreover,compared with original masked AES implementations,our combined approach is nearly 25%faster on the AVR processor,and at least 70%more efficient on four FPGA devices.
基金This work was partially supported by the National Natural Science Foundation of China(Nos.61872243 and U1713212)Guangdong Basic and Applied Basic Research Foundation(No.2020A1515011489)+1 种基金the Natural Science Foundation of Guangdong Province-Outstanding Youth Program(No.2019B151502018)Shenzhen Science and Technology Innovation Commission(No.R2020A045).
文摘With the large scale adoption of Internet of Things(IoT)applications in people’s lives and industrial manufacturing processes,IoT security has become an important problem today.IoT security significantly relies on the security of the underlying hardware chip,which often contains critical information,such as encryption key.To understand existing IoT chip security,this study analyzes the security of an IoT security chip that has obtained an Arm Platform Security Architecture(PSA)Level 2 certification.Our analysis shows that the chip leaks part of the encryption key and presents a considerable security risk.Specifically,we use commodity equipment to collect electromagnetic traces of the chip.Using a statistical T-test,we find that the target chip has physical leakage during the AES encryption process.We further use correlation analysis to locate the detailed encryption interval in the collected electromagnetic trace for the Advanced Encryption Standard(AES)encryption operation.On the basis of the intermediate value correlation analysis,we recover half of the 16-byte AES encryption key.We repeat the process for three different tests;in all the tests,we obtain the same result,and we recover around 8 bytes of the 16-byte AES encryption key.Therefore,experimental results indicate that despite the Arm PSA Level 2 certification,the target security chip still suffers from physical leakage.Upper layer application developers should impose strong security mechanisms in addition to those of the chip itself to ensure IoT application security.
