مرتب سازی بر اساس: سال انتشار
(نزولی)
SN Computer Science (2662995X) 6(6)
The rise of cloud computing has transformed how we process and analyse data, particularly in the domain of machine learning as a service (MLaaS). Protecting data privacy and proprietary models has become paramount in this evolving landscape. The challenge lies in ensuring accurate and reliable inference while safeguarding sensitive elements such as model parameters (weights and biases) and client data. The security landscape has traditionally relied on cryptographic approaches, including garbled circuits (GC), homomorphic encryption (HE), and oblivious transfer (OT), to protect inference processes. However, the emergence of function secret sharing (FSS) has introduced a more streamlined approach, offering reduced computational and communicatio n complexity. While FSS has proven effective for secure inference under semi-honest threat models, it faces a significant limitation: its dependence on the assumption that the trusted third party (TTP) will not engage in collusion with other participants. This assumption represents a potential vulnerability in the system’s security framework. We thoroughly examine various secure inference schemes for neural networks (NNs). By examining and comparing the strengths and limitations of each scheme, we aim to provide researchers with valuable insights into artificial intelligence security. This comparative analysis is a resource for those working in related fields, particularly in neural networks, helping them make informed decisions about security implementations in their research and applications. © The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd. 2025.
Peer-to-Peer Networking and Applications (19366450) 18(4)
Mobile devices have become essential to our daily lives, leading to a growing need for robust security mechanisms in their communications. Ensuring secure interactions between these devices and central servers is vital to protect sensitive data. As a result, there is a significant demand for Authenticated Key Exchange (AKE) schemes. Schemes that rely on passwords for authentication and key exchange are known as Password Authenticated Key Exchange (PAKE). The development of Shor’s algorithm in 1994, along with recent advances in quantum computing, has led to researchers to propose schemes, including PAKE, that are secure against quantum attacks. Recently, Moony et al. introduced a lattice-based two-party authentication protocol for mobile devices. In this paper, we analyze the vulnerabilities of their scheme, focusing on key mismatch attack, forward secrecy violation, replay attack, Key Compromise Impersonation (KCI) attack, and offline password guessing attack. To address these issues, we propose a new reconciliation-based anonymous PAKE scheme based on RLWE, secure in the random oracle model. Our scheme is not only resistant to signal leakage and key mismatch attacks, which affect existing reconciliation-based RLWE key exchange protocols, but also uniquely ensures KCI resistance−a property that is not provided by prior anonymous PAKE schemes. The results show that while our scheme provides the strongest security, user-side computational complexity is reduced by about 5% compared to the most secure scheme, based on benchmark parameters suited for mobile environments. Additionally, it incurs approximately 11% higher communication overhead compared to most schemes. Despite these trade-offs, the significant security improvements make our scheme highly suitable for mobile applications, where user-side efficiency is critical. © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2025.
Jaberi, M. ,
Mala, H. ,
Sadat madani, S.M. ISeCure (20083076) 17(2)pp. 179-187
Today, the use of Multi-Server Authenticated Key Agreement (MAKA) schemes has become widespread. In the multi-server authenticated key agreement, each entity registers with a registration server, and the key agreement takes place. After that, based on the desired applications, the user communicates with the application servers and he/she does not need to register with these service providers anymore. There are many protocols introduced for MAKA in different environments such as the 5G and cloud service environments, each one could assure some security features such as confidentiality, authentication and privacy. However, some of these schemes are vulnerable to different attacks. In the current paper, we first study two well-known MAKA schemes called the Wang et al.’s protocol (Wang et al., 2022) and the Palit et al.’s protocol (Palit et al., 2023) and then we propose a server spoofing attack on Wang et al.’s protocol. On the other hand, we show that Palit et al.’s protocol is vulnerable to DoS and desynchronization attacks. We also propose some suggestions to make the schemes resistant to those attacks. © 2025 ISC. All rights reserved.
Journal of Computer Virology and Hacking Techniques (22638733) 21(1)
As the use of the internet and digital devices has grown rapidly, keeping digital communications secure has become very important. Authenticated Key Agreement (AKA) protocols play a vital role in securing digital communications. These protocols enable the communicating parties to mutually authenticate and securely establish a shared secret key. The emergence of quantum computers makes many existing AKA protocols vulnerable to their immense computational power. Consequently, designing new protocols that are resistant to quantum attacks has become essential. Extensive research in this area had led to the design of several post-quantum AKA schemes. In this paper, we analyze two post-quantum AKA schemes proposed by Dharminder et al. and Pursharthi and Mishra and demonstrate that these schemes are not secure against active adversaries. An adversary can impersonate an authorized user to the server. We then propose reliable solutions to prevent these attacks. © The Author(s), under exclusive licence to Springer-Verlag France SAS, part of Springer Nature 2025.
Expert Systems with Applications (09574174) 289
Function Secret Sharing (FSS) is a vital cryptographic primitive that facilitates the distributed evaluation of a function while ensuring that neither the function itself nor the inputs are disclosed to any individual party. FSS is an essential element for cryptographic protocols, enabling secure aggregation and privacy-preserving machine learning and data analysis. New FSS schemes that enhance efficiency, security, and functionality are developing. Recent studies have investigated efficient FSS for particular function classes, such as point functions and decision trees, and applied them in secure inference from neural networks. Deep neural networks (DNNs), composed of numerous layers that execute various linear and non-linear functions, can achieve secure inference if these functions are implemented securely. Homomorphic encryption (HE), oblivious transfer (OT), garbled circuits (GC), and secret sharing (SS) play crucial roles in this context. FSS schemes, in particular, provide a robust mechanism for securely sharing functions among participants, demonstrating superior performance in secure neural network inference compared to alternative approaches. To enhance computational efficiency, FSS schemes typically operate in two phases. During the offline phase, a trusted third party (TTP) generates and distributes keys to participants via a secure channel. In the subsequent online phase, participants utilise their private keys for local computations, minimising the need for extensive communication. The output of the secret function is then obtained by aggregating the individual outputs. However, most FSS schemes operate under the assumption of no collusion between the TTP and participants, an optimistic rather than realistic premise. Addressing this vulnerability could elevate the security framework of FSS schemes while preserving their computational efficiency. In this paper, we introduce algorithms designed to mitigate potential collusion between the TTP and participants, achieving this with a minimal increase in communication and computational complexity. © 2025 Elsevier Ltd
Journal of Supercomputing (15730484) 81(1)
With the fast development of cloud computing, clients without enough computational power can widely outsource their heavy computations to cloud service providers. One of the most widely used and costly operations in cryptographic protocols is modular exponentiation, which can be computed at a lower cost by enjoying advantages of cloud computing, however, at the same time we need to address new challenges such as data privacy and verification of results. In this paper, first, we propose a secure outsourcing of single modular exponentiation protocol with verifiability one. Although the proposed single exponentiation scheme has the same verifiability as Ren’2018, but our scheme requires one less modular multiplication. However, the main contribution of this paper is proposing a scheme for outsourcing of multiplications of several modular exponentiations, hereafter called as composite exponentiation, which to the best of our knowledge, and is the first outsourcing scheme with full verification for composite exponentiation. As the evaluation results show, the advantages of this scheme, in comparison with state of the art schemes, are evident in terms of performance and verifiability criteria. © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2024.
Cryptography (2410387X) 8(4)
With the rapid development of information technology from one side and the experience of the COVID-19 pandemic from the other side, people presently prefer to access healthcare services remotely. Telecare Medical Information System (TMIS) provides more flexible, faster, and more convenient e-healthcare services available to all people, particularly those who lack access to physicians due to their geographical restrictions. However, due to the sensitivity of medical information, preventing unauthorized access to patient data and preserving patient privacy is crucial. In this paper, we propose an authenticated key agreement scheme for TMIS to preserve the privacy of the patient’s identity from all internal (even the health server and the physician) and external entities. Moreover, the physician’s identity is kept secret from all external entities. Formal and informal security analysis of the proposed scheme indicates that it is secure against all attacks in the context. © 2024 by the authors.
In this paper, the control performance of a bilateral teleoperation system is studied in the presence of a data injection attack. It is shown that even a simple data injection attack has the potential to deteriorate the system's guaranteed stability. Hence, a high-gain observer algorithm is proposed to detect data injection attacks. The stability of the closed-loop system with the passivity-based control law of robot manipulators, together with the proposed observer-based attack detection scheme, is proven using the ISS approach and small gain theorem. Finally, simulation results are presented, to demonstrate the accuracy and effectiveness of the proposed method. © 2024 IEEE.
In the realm of password authenticated key exchange (PAKE) protocols, security and efficiency are of greatest importance. This article examines two modern PAKE schemes: the RLWE-SRP, a quantum-safe variant of the Secure Remote Password (SRP) protocol, and the ID-PAKE-PFS, an identity-based Password Authentication and Key Establishment scheme. Our analysis reveals specific vulnerabilities in both protocols: RLWE-SRP is susceptible to Denial of Service (DoS) attacks due to the lack of initial message validation, while ID-PAKE-PFS is vulnerable to password guessing attacks due to the inclusion of identities in ciphertexts. To address these vulnerabilities, we propose modifications for each of them: (1) For RLWE-SRP, we introduce a hash-based validation step in the authentication phase to verify the authenticity of initial messages. (2) For ID-PAKE-PFS, we suggest slight modification in how ciphertexts are calculated to prevent attackers from verifying password guesses. These modifications effectively strengthen both protocols against their respective vulnerabilities while maintaining their core functionalities in both classical and post-quantum environments. © 2024 IEEE.
Expert Systems with Applications (09574174) 244
Since responding to users’ needs, and also executing their transactions in public blockchains is very slow compared to the existing banking solutions, various methods have been presented with the purpose of increasing scalability in the recent years. One of these methods is commit-chain, in which transactions are done quickly and cheaply with the help of the commit-chain operator. But on the other hand, the privacy of users is reduced in this method. The main goal of this paper is to provide a solution for increasing users’ privacy in commit-chain via blind signature. Due to the necessity of the presence and the help of the operator in all transactions in commit-chain, In cases where the operator does not provide a suitable service, the user would be forced to leave the commit-chain. In the proposed solution, users can perform their transactions anonymously and almost without the help of the operator. To this end, some tokens are employed which can be used in all commit-chains formed on the same blockchain and can provide the possibility of disconnecting or reducing the connection between the user and the operator. Due to the use of blind signature in the structure of these tokens, users can perform all or some of their transactions anonymously in the commit-chain and protect their privacy. © 2023
International Journal of Information Technology (Singapore) (25112104)
Eigenvectors give many useful information about the data. One of the applications that benefits from eigenvectors is spectral clustering in which the nodes of a graph that can be a representation of a data set, will be clustered based on the spectrum (eigenvalues) of the Laplacian matrix. However, in scenarios where the data is distributed among multiple data owners, privacy of the data is an important concept. In the current paper, we propose a privacy-preserving protocol to compute eigenvectors of the distributed data using homomorphic encryption and Jacobi method with the aim of being employed in spectral clustering. We show that the computation overhead of each data owner in our iterative protocol is O(nf2N), where n is the number of iterations, N is the total number of data owners and f is the total number of data records, which means that increasing the number of data owners leads to decreasing the computation overhead of each single data owner. Moreover, the total communication complexity of the whole protocol is O(nf2). In comparison with previous known spectral clustering schemes PrivateGraph (Sharma in IEEE Trans Knowl Data Eng 31(5):981–995, 2018) and PrivGED (Wang et al. in IEEE Trans Knowl Data Eng, 2022), on one hand our proposed scheme only uses one computing server and on the other hand there is no single data user entity to get the final result and instead, all of the data owners get the result. The time consumption of our proposed protocol on “Parkinson Disease”, “Brain Networks”, “Cervical Cancer” and “Lung Cancer” data sets is 22.24 min, 18.38 min, 19.45 min and 3.84 min, respectively. © The Author(s), under exclusive licence to Bharati Vidyapeeth's Institute of Computer Applications and Management 2024.
Drones have evolved into sophisticated autonomous systems with a multitude of applications, including military operations, environmental monitoring, traffic oversight, data transmission, package delivery, fire targeting, and film production. As the Internet of Drones (IoD) ecosystem expands, ensuring secure and real-time access for authorized users becomes increasingly vital. User and drone authentication is crucial for this reason. In response to these challenges, Srinivas et al. proposed a lightweight three-factor authentication protocol designed for the IoD. While the authors assert that their protocol is resilient against known cyber threats, our research identifies critical vulnerabilities that challenge this claim. Although this scheme has already been cryptanalyzed in previous studies, in this paper we propose two new attacks on this scheme. Firstly, we present a concrete attack against the perfect forward secrecy of this scheme, and then we show that it is vulnerable to unauthorized access attack by a valid user to an unauthorized area's information. These weaknesses highlight the pressing need for the development of more secure authentication mechanisms in the IoD environment. Moving forward, addressing these vulnerabilities will be essential for fostering trust and ensuring the safe integration of drones into various applications, ultimately contributing to the advancement of IoD technology. © 2024 IEEE.
ISeCure (20083076) 15(3 Special Issue)pp. 117-128
Today, passive RFID tags have many applications in various fields such as healthcare, transportation, asset management, and supply chain management. In some of these applications, a group of tags need to prove they are present in the same place at the same time. To solve this problem, many protocols have been proposed so far, and each of them has been able to solve some security and performance problems, but unfortunately, many of these protocols have security vulnerabilities or do not have the necessary performance to run on passive RFID tags. In this study, a secure and lightweight protocol for RFID tags grouping proof called LSGPP is proposed. In this protocol, the reader is an untrusted entity, in other words, the protocol is secure even if the reader is hijacked by an attacker. This study shows that the LSGPP protocol is secure against tracking, eavesdropping, replay, concurrency, impersonation, desynchronization, denial of service (DoS), proof forgery, message integrity, man-in-the-middle, secret disclosure, denial of proof (DoP), and unlinkability attacks, and supports anonymity and forward secrecy features. Also, in this study, the notion of RFID reader compromised attack is introduced, and it is shown that, unlike its predecessors, the LSGPP protocol is also secure against this attack. Also, using the Proverif tool, it is shown that the proposed protocol provides confidentiality and authentication features. The LSGPP protocol uses lightweight operations affordable for passive RFID tags and is shown to be compliant with the EPC C1G2 standard. © 2023 ISC. All rights reserved.
Journal of Supercomputing (15730484) 79(13)pp. 14358-14387
Data mining has received many applications in diverse areas such as banking, marketing, healthcare and fraud detection. One of the valuable tools in data mining is principal component analysis (PCA). Computing PCA over data belonging to several data owners with respect to their privacy is a need in many industries such as healthcare. Here, we propose a privacy-preserving multi-party protocol to compute PCA over horizontally and vertically distributed data using QR matrix decomposition and homomorphic encryption. Our protocol is the first privacy-preserving PCA computation scheme which is applicable for both horizontally and vertically partitioned data and finds all of the principal components. Our protocol is secure against collusion of the data owners in the semi-honest security model. In the performance analysis, we show that in the horizontal settings increasing the number of data owners will decrease the computation overhead of each of data owners, but it will increase the communication and the computation overhead of the server. We also show that the time consumption of using our proposed scheme on Australian data set of size 690 × 14 , distributed horizontally among 50 data owners, is 4.38 s. On the Ionosphere data set of size 351 × 34 , distributed horizontally among 10 data owners, it takes 31.8 s. In the vertical distribution, the time consumption of using our scheme on Gait data set of size 48 × 321 distributed among 7 data owners and on Gastrointestinal Lesions data set of size 76 × 698 distributed among 10 data owners is 4.4 h and 15.7 h, respectively. © 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.
ISeCure (20083076) 15(2)pp. 162-175
In the last two decades, bilinear pairings have found many applications in cryptography. Meanwhile, identity-based cryptosystems based on bilinear pairings have received particular attention. The IEEE, IETF, and ISO organizations have been working on standardizing pairing-based cryptographic schemes. The Boneh-Franklin identity-based encryption and Sakai-Kasahara identity-based signature are the most well-known identity-based schemes that have been standardized. So far, researchers have proposed various schemes to reduce the computational overhead of pairing operations. All these schemes are trying to outsource pairing operations securely. However, besides pairing operations, there are other essential and costly operations in pairing-based cryptography and identity-based schemes, including scalar multiplication on elliptic curves. In this research, we outsource the Boneh-Franklin encryption in a more secure and efficient (in terms of computational and communication complexity) way than existing schemes. Also, we outsource the BLMQ signature (based on Sakai-Kasahara) scheme for the first time. The proposed schemes are secure in the OMTUP model. Also, unlike previous schemes, we considered communication channels insecure. Moreover, compared with the trivial solution, which outsources every single operation (such as pairing, scalar multiplication, and modular exponentiation) as a separate subroutine, our schemes offer less complexity by seamlessly outsourcing the whole encryption scheme for the first time. © 2020 ISC.
IEEE Transactions on Dependable and Secure Computing (15455971) 19(2)pp. 1407-1419
In a secure pattern matching scheme, a client learns only the locations where his private pattern matches a server's private text, while server learns nothing. In this article, we propose a secure pattern matching protocol for the semi-honest setting which is then enhanced to guarantee full simulation-based security in the presence of malicious parties. The proposed protocol supports exact pattern matching, approximate pattern matching and pattern matching with wildcards. It is analytically shown that the proposed protocol is considerably more efficient in the approximate matching with at most kk permitted mismatches while it has the same speed in the exact matching case comparing with the recent work in the literature. The achievements are also experimentally evaluated on a case of secure Desoxyribo-Nucleic Acid (DNA) search over the NCBI dataset of the United States national library of medicine. The results show efficiency of the proposed protocol and particularly confirm low computation overhead for the client. © 2004-2012 IEEE.
Adavoudi-jolfaei, A. ,
Mala, H. ,
Zarezadeh, M. Journal of Information Security and Applications (22142126) 65
Private set intersection cardinality (PSI-CA) is a useful cryptographic primitive for many data analysis techniques, e.g. in genomic computations and data mining. In the last few years, several classical multi-party PSI-CA protocols have been designed where parties jointly compute the PSI-CA and at the end of the protocol none of them learns more than their private input sets and the output. The computation complexity of these multi-party protocols is quadratic in the size of the input sets and linear in the number of the parties involved in the protocol. In addition, the communication complexity scales quadratically as the number of parties increases. With the advent of cloud computing, it is now necessary to gain the benefits of the computation and storage capabilities of the cloud for outsourcing private input sets and PSI-CA computation. For the first time, in this paper, we design an efficient outsourced private set intersection cardinality named EO-PSI-CA in the multi-party setting. This protocol computes PSI-CA by employing the Bloom filter (BF) technique and the exponential ElGamal cryptosystem over encrypted Bloom filters. In our protocol, two or more parties outsource their private input sets to the cloud and finally one of the parties requests the EO-PSI-CA value. Due to the use of Bloom filter, the size of the parties’ sets is independent of each other, and the computational and communication complexity of each party is independent of the total number of parties. We formally prove the security of our protocol in the semi-honest adversarial model and we claim that our scheme addresses the intersection size hiding. On a more positive note, our EO-PSI-CA is the first in its kind with linear complexity supporting outsourcing in a multi-party setting. © 2021
Aghili, S.F. ,
Mala, H. ,
Schindelhauer, C. ,
Shojafar, M. ,
Tafazolli, R. Information Processing and Management (18735371) 58(4)
Designers of smart environments based on radio frequency identification devices have a challenging task to build secure mutual authentication protocols. These systems are classified into two major factions which are traditional closed-loop systems, and open-loop systems. To the best of our knowledge, all of the mutual authentication protocols previously introduced for these two categories rely on a centralized database but they fail to address decentralized mutual authentication and their related attacks. Thanks to the blockchain technology, which is a novel distributed technology, in this paper, we propose two decentralized mutual authentication protocols for IoT systems. Our first scheme is utilized for traditional closed-loop RFID systems (called CLAB), and the second one applies to open-loop RFID systems (called OLAB). Meanwhile, we examine the security of the Chebyshev chaotic map-based authentication algorithm and confirm that this algorithm is unprotected against tag and reader impersonation attacks. Likewise, we present a denial of service (DoS), tag impersonation, and reader impersonation attacks against the Chebyshev chaotic-map based protocol when employed in open-loop IoT networks. Moreover, we discover a full secret recovery attack against a recent RFID mutual authentication protocol which is based on blockchain. Finally, we use the BAN-logic method to approve the security characteristics of our CLAB and OLAB proposals. © 2021
One of the basic operations over distributed data is to find the k-th greatest value among union of these numerical data. The challenge arises when the datasets are private and their owners cannot trust any third party. In this paper, we propose a new secure protocol to find the k-th greatest value by means of secure summation sub-protocol. We compare our proposed protocol with other similar protocols. Specially, we will show that our scheme is more efficient than the well-known protocol of Aggarwal et.al. (2004) in terms of computation and communication complexity. Specifically, in the case of Ti = 1 secret value for any party Pi our protocol has log m computation overhead and δ log m communication overhead for party Pi, where m and δ are the maximum acceptable value and communication overhead of the secure summation sub-protocol, respectively. The overheads of our protocol is exactly half of the overheads of Aggarwal's protocol. © 2021 IEEE.
In recent years pairing-based cryptographic protocols have attracted so much attention. Meanwhile identity-based cryptography based on bilinear pairings has received particular attention. The IEEE, IETF, and ISO organizations have been working on standardization of pairing-based cryptographic schemes. The Boneh-Franklin identity-based encryption is the most well-known identity-based scheme that has been standardized. So far, various schemes have been proposed to reduce the computational cost of pairing operations. All these schemes are trying to outsource pairing operations in a secure manner. But in addition to pairing operations, there are other basic and costly operations in pairing-based cryptography and identity-based schemes, including scalar multiplication on elliptic curves. In this research, we outsource the Boneh-Franklin encryption in a more secure and efficient (in terms of computational and communication complexity) way than existing schemes. The proposed scheme is secure in the OMTUP model. Also, unlike previous schemes, we considered communication channels insecure. Moreover, compared with the trivial solution which outsources every single operation (such as pairing, scalar multiplication and modular exponentiation) as a separate subroutine, our scheme offers less complexity by seamlessly outsourcing the whole encryption scheme for the first time. © 2021 IEEE.
The parameterized pattern matching (PPM) problem is seeking occurrences of one string in another, where both strings are given from two parameter and constant alphabet sets. In this matching paradigm, a consistent renaming of symbols from the parameter alphabet is allowed. The parameterized pattern matching is useful in problems in software engineering, computational biology, and other applications. In this paper, for the first time, we consider the problem of secure parameterized multi-pattern matching (SPMPM) that an owner of a set of patterns allows matching of his/her patterns against the text while pattern owner only learns matching results and the text owner learns nothing. In our setting, a pattern owner can find the matching locations in multiple texts in a privacy-preserving manner. The server only performs operations over encrypted values and cannot obtain any information about the text or the patterns. The proposed scheme is efficient for the pattern owner and every text owner. We prove the security of our scheme via the simulation-based paradigm. © 2021 IEEE.
Mobile commerce helps transactions to be done via mobile devices in a wireless environment. Several mobile payment protocols have already been developed trying to provide essential security requirements of users. So far, there has been low attention to fair-exchange requirement in mobile payment protocols while it is considered as an important factor in users' point of view. In most of mobile payment protocols, client must pay for the product before he delivers it. This is an unfair situation that is addressed in this paper by proposing a mobile payment protocol that not only provides the security requirements but also provides fairexchange feature. This protocol is based on the APSWPP protocol. In this protocol client receives committed product before paying and after paying for the product it can get the secret of committed product. Also to serve fair-exchange completely, some steps are added to main steps of this protocol. The security of our proposed protocol is validated by AVISPA tool. © 2020 IEEE.
Salimi, M. ,
Mala, H. ,
Martin, H. ,
Peris-lopez, P. IEEE Access (21693536) 8pp. 8821-8833
Multi-Party Non-Interactive Key Exchange (MP-NIKE) is a fundamental cryptographic primitive in which users register into a key generation centre and receive a public/private key pair each. After that, any subset of these users can compute a shared key without any interaction. Nowadays, IoT devices suffer from a high number and large size of messages exchanged in the Key Management Protocol (KMP). To overcome this, an MP-NIKE scheme can eliminate the airtime and latency of messages transferred between IoT devices. MP-NIKE schemes can be realized by using multilinear maps. There are several attempts for constructing multilinear maps based on indistinguishable obfuscation, lattices and the Chinese Remainder Theorem (CRT). Nevertheless, these schemes are inefficient in terms of computation cost and memory overhead. Besides, several attacks have been recently reported against CRT-based and lattice-based multilinear maps. There is only one modular exponentiation-based MP-NIKE scheme in the literature which has been claimed to be both secure and efficient. In this article, we present an attack on this scheme based on the Euclidean algorithm, in which two colluding users can obtain the shared key of any arbitrary subgroup of users. We also propose an efficient and secure MP-NIKE scheme. We show how our proposal is secure in the random oracle model assuming the hardness of the root extraction modulo a composite number. © 2013 IEEE.
Peer-to-Peer Networking and Applications (19366450) 13(1)pp. 207-218
With the advent of cloud computing, data owners are motivated to outsource their data to public clouds for decreasing the cost of management systems. For protecting data privacy, sensitive data must be encrypted before outsourcing. So, equipping cloud server with search service over encrypted data is an important issue. Considering the large number of data users and documents in the cloud, users may be interested to perform multi-keyword search and receive the most related data. In this paper, we investigate the Pasupuleti et al.’s scheme which is a multi-keyword ranked search over encrypted cloud data. Their scheme has problems in index construction, trapdoor generation and search procedures. We address these problems and suggest a multi-keyword ranked search over encrypted data on cloud storage. The proposed ranked searchable encryption scheme enhances system usability by ranking results instead of just sending undifferentiated results and ensures file retrieval accuracy. We also use the relevance score from information retrieval to build a secure searchable index, and apply an additive order-preserving encryption to protect the sensitive scores of files. Our scheme also guarantees access control of users during the data retrieval by attribute-based encryption. Analysis shows that our scheme is secure and efficient for cloud storage. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.
Journal of Computer Science and Technology (18604749) 35(4)pp. 863-874
In software-defined networking (SDN), controllers are sinks of information such as network topology collected from switches. Organizations often like to protect their internal network topology and keep their network policies private. We borrow techniques from secure multi-party computation (SMC) to preserve the privacy of policies of SDN controllers about status of routers. On the other hand, the number of controllers is one of the most important concerns in scalability of SMC application in SDNs. To address this issue, we formulate an optimization problem to minimize the number of SDN controllers while considering their reliability in SMC operations. We use Non-Dominated Sorting Genetic Algorithm II (NSGA-II) to determine the optimal number of controllers, and simulate SMC for typical SDNs with this number of controllers. Simulation results show that applying the SMC technique to preserve the privacy of organization policies causes only a little delay in SDNs, which is completely justifiable by the privacy obtained. © 2020, Institute of Computing Technology, Chinese Academy of Sciences.
Cluster Computing (13867857) 23(4)pp. 2835-2845
With the emergence of cloud computing paradigm in many scientific applications, outsourcing of computation has attracted a great amount of attention from the research community. Outsourcing of heavy computations such as multiplication of two large matrices has raised some security concerns. Data and the result of computation should be protected not only from attackers, but also from the cloud servers. Moreover, data owner should be able to verify the correctness of computation with complexity less than the original computation. The previous schemes either have expensive offline phase or do not support public verifiability. In this paper, first we find a security vulnerability in the Zhang-Lei’s scheme for outsourcing of matrix multiplication where the cloud server can forge the result and pass the verification phase. Then, we present a secure and efficient publicly verifiable outsourcing of matrix multiplication scheme which achieves privacy protection of outsourced data and result, unforgeability of result, public verifiability and high efficiency. Our analyses show that compared with the related work, the proposed scheme is superior in terms of functionality, computation, communication and storage overhead, especially in verification computation overhead. © 2020, Springer Science+Business Media, LLC, part of Springer Nature.
Information Sciences (00200255) 522pp. 299-316
Parameterized pattern matching (PPM) is the problem of matching between two given parameterized strings over two constant and parameter alphabets. PPM has special applications in software maintenance, information retrieval, computational biology, and so on. In some applications of PPM, preserving the privacy of the involved parties is essential. For example, a researcher holding an amino acid pattern needs to receive the parameterized matched locations of his/her input with the patterns in a biological database while the database owner has to obtain no information about the matching results and the pattern. In this paper, we define this problem as secure PPM (SPPM), present a scheme to resolve it in the semi-honest and malicious adversarial models, and prove the security of the proposed scheme in the universal composability (UC) framework. The proposed scheme supports wildcard and approximate PPM, too. We evaluate the security and performance of the proposed scheme. The proposed scheme is experimentally evaluated on a case of secure ribonucleic acid (RNA) search over the RNAcentral dataset. Implementation results show that the proposed scheme is secure and efficient for preserving privacy in contexts where PPM is applicable. © 2020 Elsevier Inc.
Peer-to-Peer Networking and Applications (19366450) 13(3)pp. 816-824
Design of ultralightweight authentication protocols for RFID systems conformed with the EPC Class-1 Generation-2 standard is still a challenging issue in RFID security. Recently, Maurya et al. proposed a CRC-based authentication protocol and claimed that their protocol resists against all attacks known in RFID systems. However, in this paper, we criticize employment of CRC function as a security primitive for authentication protocols by proposing two serious attacks against Maurya et al.’s protocol. These two effective and low-complexity attacks include a tag impersonation attack and a tag traceability attack. Our attacks use the linearity of the CRC function employed in this protocol. Our analyses show that the success probability of our attacks is “1” while the complexity is only one session eavesdropping, two XORs and one CRC computation. Moreover, we verify correctness of our attacks by simulating them. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.
Mobile Networks and Applications (1383469X) 24(3)pp. 903-912
Management of encryption keys is an essential task for establishing secure communication in a mobile ad hoc network (MANET). Any key management scheme must be equipped with a mechanism to revoke disclosed keys and keys of malicious nodes. In some key revocation schemes, including Liu et al.’s scheme (IEEE Trans Parallel Distrib Syst 24(2):239–249 2013), the key revocation procedure is applied based on the opinions of neighboring nodes. In this paper, we propose a new method to improve the performance of Liu et al.’s scheme in detecting the honesty of accuser nodes. This method considers the occurrence of the attacks based on a nonhomogeneous Poisson process. The accuser node is removed from warning list if the time interval between the reception of two consecutive accusation packets is less than a certain value. We find this threshold value by a mathematical model which is also verified by simulation results. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.
Wireless Networks (10220038) 25(8)pp. 4799-4814
Location-based services (LBSs) allow users to ask location-dependent queries and receive information based on their location. A group of users can send a group-nearest-neighbor (GNN) query in order to receive a Point Of Interest (POI). This POI in turn shows a point which is the minimum distance from all members of the group. To benefit from these services, it is important to preserve the location privacy of each group user from others in the group (Intragroup location privacy) as well as from anyone outside of the group, including the LBS, (Intergroup location privacy). It may also be necessary to protect the location privacy of the resulting POI from the LBS and other possible attackers. In this paper, we propose two different privacy-preserving protocols for finding the exact answer to a GNN query among a set of returned POIs. The first protocol assumes a semi-honest model while the second one works in a malicious model. The proposed protocols are based on the Anonymous Veto network and Burmester–Desmedt key establishment protocols. The security analysis shows that the proposed protocols provide both Intragroup and Intergroup location privacy; they also protect the location privacy of the resulting POI and are resistant to collusion and multi-point aggregate distance attacks. The performed analyses indicate that they incur a constant computation cost per user and are efficient in terms of computation and communication costs. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.
Aghili, S.F. ,
Mala, H. ,
Shojafar, M. ,
Peris-lopez, P. Future Generation Computer Systems (0167739X) 96pp. 410-424
The use of the Internet of Things (IoT) in the electronic health (e-health) management systems brings with it many challenges, including secure communications through insecure radio channels, authentication and key agreement schemes between the entities involved, access control protocols and also schemes for transferring ownership of vital patient information. Besides, the resource-limited sensors in the IoT have real difficulties in achieving this goal. Motivated by these considerations, in this work we propose a new lightweight authentication and ownership transfer protocol for e-health systems in the context of IoT (LACO in short). The goal is to propose a secure and energy-efficient protocol that not only provides authentication and key agreement but also satisfies access control and preserves the privacy of doctors and patients. Moreover, this is the first time that the ownership transfer of users is considered. In the ownership transfer phase of the proposed scheme, the medical server can change the ownership of patient information. In addition, the LACO protocol overcomes the security flaws of recent authentication protocols that were proposed for e-health systems, but are unfortunately vulnerable to traceability, de-synchronization, denial of service (DoS), and insider attacks. To avoid past mistakes, we present formal (i.e., conducted on ProVerif language) and informal security analysis for the LACO protocol. All this ensures that our proposed scheme is secure against the most common attacks in IoT systems. Compared to the predecessor schemes, the LACO protocol is both more efficient and more secure to use in e-health systems. © 2019 Elsevier B.V.
Journal of Information Security and Applications (22142126) 49
In recent years, researchers have proposed many authentication protocols for RFID tagged objects supporting tag ownership transfer. In this paper, first we present a tag traceability attack on a recent authentication protocol, called LSDARP+, proposed to enhance its predecessor, known as the LSDARP protocol. The LSDARP protocol is based on a sliding window mechanism with two important “authentication” and “ownership transfer” phases. We also show that LSDARP's ownership transfer phase fails to protect new owner privacy. Moreover, we present our proposal for improving the security of these protocols. The proposed protocol has two phases, the “authentication” phase which is based on the sliding window mechanism, and a dedicated “generating new shared keys for new owner” phase. Finally, we show that our proposed protocol is secure and lightweight enough for the EPC-C1G2 standard. © 2019 Elsevier Ltd
Aghili, S.F. ,
Mala, H. ,
Shojafar, M. ,
Conti, M. pp. 348-353
Internet of Things (IoT) holds great promise for many life-improving applications like health-care systems. In IoT systems, providing secure authentication and key agreement scheme that considers compromised entities is an important issue. State-of-the-arts tackle this problem, but they fail to address compromised entity attack and have high computation cost. Motivated by these considerations, in this paper, we propose an energy-efficient proactive authentication and key agreement scheme called PAKIT for IoT systems. The security of PAKIT scheme is validated using the ProVerif tool. Moreover, the efficiency of PAKIT is compared with the predecessor schemes proposed for IoT systems. The results of the experiments show that PAKIT is efficient and suitable for real-world IoT applications by utilizing lightweight functions, such as hash and XOR. © 2019 IEEE.
Aghili, S.F. ,
Mala, H. ,
Kaliyar, P. ,
Conti, M. Future Generation Computer Systems (0167739X) 101pp. 621-634
The safety of medical data and equipment plays a vital role in today's world of Medical Internet of Things (MIoT). These IoT devices have many constraints (e.g., memory size, processing capacity, and power consumption) that make it challenging to use cost-effective and energy-efficient security solutions. Recently, researchers have proposed a few Radio-Frequency Identification (RFID) based security solutions for MIoT. The use of RFID technology in securing IoT systems is rapidly increasing because it provides secure and lightweight safety mechanisms for these systems. More recently, authors have proposed a lightweight RFID mutual authentication (LRMI) protocol. The authors argue that LRMI meets the necessary security requirements for RFID systems, and the same applies to MIoT applications as well. In this paper, our contribution has two-folds, firstly we analyze the LRMI protocol's security to demonstrate that it is vulnerable to various attacks such as secret disclosure, reader impersonation, and tag traceability. Also, it is not able to preserve the anonymity of the tag and the reader. Secondly, we propose a new secure and lightweight mutual RFID authentication (SecLAP) protocol, which provides secure communication and preserves privacy in MIoT systems. Our security analysis shows that the SecLAP protocol is robust against de-synchronization, replay, reader/tag impersonation, and traceability attacks, and it ensures forward and backward data communication security. We use Burrows–Abadi–Needham (BAN) logic to validate the security features of SecLAP. Moreover, we compare SecLAP with the state-of-the-art and validate its performance through a Field Programmable Gate Array (FPGA) implementation, which shows that it is lightweight, consumes fewer resources on tags concerning computation functions, and requires less number of flows. © 2019 Elsevier B.V.
International Journal of Communication Systems (10991131) 32(3)
Nowadays, many people perform their commercial activities, such as electronic payment and electronic banking, through their mobile phones. Mobile commerce (m-commerce) refers to manipulating electronic commerce (e-commerce) by using mobile devices and wireless networks. Radio-frequency identification (RFID) is a technology which can be employed to complete payment functions on m-commerce. As an RFID subsystem is applied in m-commerce and supply chains, the related security concerns are very important. Recently, Fan et al. have proposed an ultra-lightweight RFID authentication scheme for m-commerce (ULRAS) and claimed that their protocol is efficient enough and provides a high level of security. In this paper, we show that their protocol is vulnerable to secret disclosure and reader impersonation attacks. Finally, we improve it to a protocol that is resistant to the attacks presented in this paper and the other known attacks in the context of RFID authentication. We further analyze the security of the improved protocol through the Burrows–Abadi–Needham logic (BAN-logic). Moreover, our proposed improvement does not impose any additional workload on the RFID tag. © 2018 John Wiley & Sons, Ltd.
Journal of Supercomputing (15730484) 74(1)pp. 509-525
In recent years, RFID (radio-frequency identification) systems are widely used in many applications. One of the most important applications for this technology is the Internet of things (IoT). Therefore, researchers have proposed several authentication protocols that can be employed in RFID-based IoT systems, and they have claimed that their protocols can satisfy all security requirements of these systems. However, in RFID-based IoT systems we have mobile readers that can be compromised by the adversary. Due to this attack, the adversary can compromise a legitimate reader and obtain its secrets. So, the protocol designers must consider the security of their proposals even in the reader compromised scenario. In this paper, we consider the security of the ultra-lightweight RFID mutual authentication (ULRMAPC) protocol recently proposed by Fan et al. They claimed that their protocol could be applied in the IoT systems and provide strong security. However, in this paper we show that their protocol is vulnerable to denial of service, reader and tag impersonation and de-synchronization attacks. To provide a solution, we present a new authentication protocol, which is more secure than the ULRMAPC protocol and also can be employed in RFID-based IoT systems. © 2017, Springer Science+Business Media, LLC.
Heterogeneous wireless sensor networks (HWSNs) are employed in many real-time applications, such as Internet of sensors (IoS), Internet of vehicles (IoV), healthcare monitoring, and so on. As wireless sensor nodes have constrained computing, storage and communication capabilities, designing energy-efficient authentication protocols is a very important issue in wireless sensor network security. Recently, Amin et al. presented an untraceable and anonymous three-factor authentication (3FA) scheme for HWSNs and argued that their protocol is efficient and can withstand the common security threats in this sort of networks. In this article, we show how their protocol is not immune to user impersonation, de-synchronization and traceability attacks. In addition, an adversary can disclose session key under the typical assumption that sensors are not tamper-resistant. To overcome these drawbacks, we improve the Amin et al.’s protocol. First, we informally show that our improved scheme is secure against the most common attacks in HWSNs in which the attacks against Amin et al.’s protocol are part of them. Moreover, we verify formally our proposed protocol using the BAN logic. Compared with the Amin et al.’s scheme, the proposed protocol is both more efficient and more secure to be employed which renders the proposal suitable for HWSN networks. © 2018 by the authors. Licensee MDPI, Basel, Switzerland.
Sajadieh, M. ,
Mirzaei, A. ,
Mala, H. ,
Rijmen, V. Designs, Codes, and Cryptography (09251022) 83(2)pp. 327-343
Security against differential and linear cryptanalysis is an essential requirement for modern block ciphers. This measure is usually evaluated by finding a lower bound for the minimum number of active S-boxes. The 128-bit block cipher AES which was adopted by National Institute of Standards and Technology (NIST) as a symmetric encryption standard in 2001 is a member of Rijndael family of block ciphers. For Rijndael, the block length and the key length can be independently specified to 128, 192 or 256 bits. It has been proved that for all variants of Rijndael the lower bound of the number of active S-boxes for any 4-round differential or linear trail is 25, and for 4r (r≥ 1) rounds 25r active S-boxes is a tight bound only for Rijndael with block length 128. In this paper, a new counting method is introduced to find tighter lower bounds for the minimum number of active S-boxes for several consecutive rounds of Rijndael with larger block lengths. The new method shows that 12 and 14 rounds of Rijndael with 192-bit block length have at least 87 and 103 active S-boxes, respectively. Also the corresponding bounds for Rijndael with 256-bit block are 105 and 120, respectively. Additionally, a modified version of Rijndael-192 is proposed for which the minimum number of active S-boxes is more than that of Rijndael-192. Moreover, we extend the method to obtain a better lower bound for the number of active S-boxes for the block cipher 3D. Our counting method shows that, for example, 20 and 22 rounds of 3D have at least 185 and 205 active S-boxes, respectively. © 2016, Springer Science+Business Media New York.
With the rapid growth of information and popularity of outsourced data, most of the IT companies are motivated to outsource their sensitive information on cloud servers. Since these servers are not fully trusted, for preserving privacy and security, these data must be encrypted before being outsourced. For searching on the encrypted data, searchable encryption method plays an important role. Recently, Tajiki et al. have proposed a new asymmetric searchable encryption called Secure Searchable Asymmetric Encryption (SSAE). They claimed their scheme is secure against forgery attack. In this paper, at first, we show that the security of SSAE is not complete by presenting a forgery attack on this scheme. After that we modify the SSAE to withstand this forgery attack. © 2017 IEEE.
Outsourcing computation to cloud server has recently become popular in cloud computing. Cloud computing technologies enable clients with limited computational resources to outsource their massive computations to powerful cloud servers. Outsourcing computation has some new concerns, such as outsourced data and result privacy, verifiability and efficiency. Matrix multiplication is one of the most basic computational problems. In this paper, we are motivated to design a secure and efficient protocol for outsourcing the massive matrix multiplication computations to the cloud server. The existing works are mostly under amortized model that have an expensive phase as offline mode. Our proposed scheme does not have any expensive phase. So the client can outsource its matrices in online mode in which the efficiency of outsourcing will be increased. In our scheme, the client encrypts two matrices and sends them to a semi-honest cloud server. The cloud server computes matrix multiplication and a proof. After that, it sends the encrypted result to the client and finally the client checks the validity of the computation and decrypts the result. Our proposed scheme achieves privacy protection of outsourced data and multiplication result, unforgeability of proof, verification and high efficiency. © 2017 IEEE.
Considering the development of mobile payment systems and feasibility and suitability of payment protocols we need to provide security requirements of users as well. In this paper we first introduce LMPP and MPCP protocols and show how these two protocols are unable to satisfy anonymity and unlinkability of merchant to issuer. Then we propose a lightweight mobile payment protocol that is based on LMPP protocol in which the mobile network operators are involved instead of financial institutions. To have a better performance in mobile networks, we employ symmetric key primitives in the proposed protocol. Moreover, our protocol provides anonymity and unlinkability of merchant to issuer as well as other main security requirements. © 2016 IEEE.
Internet of Things (IoT) is a network of objects which enables them to collect vital information. As a result, privacy and anonymity in IoT are the most important issues. So far, many protocols have been proposed to provide authentication mechanism in IoT networks. Recently, Amin et al proposed a three-factor authenticated protocol for IoT networks that is claimed to be secure. In this paper, we challenge this claim and show that this protocol is vulnerable against the replay attack and DoS attack. Moreover, inspired by this protocol, we propose a secure authenticated key exchange protocol with the same assumptions. Our analysis shows that our proposed protocol is more efficient than Amin et al protocol. © 2016 IEEE.
Radio Frequency Identification (RFID) systems are widely used today because of their low price, usability and being wireless. As RFID systems use wireless communication, they may encounter challenging security problems. Several lightweight encryption algorithms have been proposed so far to solve these problems. The RBS block cipher is one of these algorithms. In designing RBS, conventional block cipher elements such as S-box and P-box are not used. RBS is based on inserting redundant bits between altered plaintext bits using an encryption key Kenc. In this paper, considering not having a proper diffusion as the main defect of RBS, we propose a chosen ciphertext attack against this algorithm. The data complexity of this attack equals to N pairs of text and its time complexity equals to N decryptions, where N is the size of the encryption key Kenc. © 2016 IEEE.
Recently, many lightweight authentication schemes have been designed for RFID systems since the release of the EPC Class1 Generation2 (EPC-C1G2) standard. In 2013, Pang et al. proposed a novel secure RFID authentication protocol, named SRP+, and claimed that their scheme efficiently guarantees the tag privacy and satisfies the security requirements. But later, Wang et al. showed that SRP+ is vulnerable to de-synchronization attack and presented a simple disclosure attack which requires 216 off-line evaluations of a PRNG function. However, in this paper, we present another de-synchronization attack on the SRP+ based on toggling only one bit of the transferred random number. We also show that the attacker can retrieve all secret parameters at the cost of at most 24 CRC evaluations after eavesdropping two consecutive sessions. Given those secret parameters, it would be trivial to apply any other attack in the context of the protocol. To counteract such flaws, we revise the SRP+ to provide the claimed security properties. © 2015 IEEE.
International Journal of Communication Systems (10991131) 28(8)pp. 1401-1418
SummaryIn recent years, because of the security requirements of resource-constrained devices, design and analysis of lightweight block ciphers has received more attention. mCrypton is a lightweight block cipher that has been specifically designed for using in resource-constrained devices, such as low-cost radio-frequency identification tags and sensors. In this paper, we consider cryptanalysis of full-round mCrypton-64 using a new extension of biclique attack called non-isomorphic biclique cryptanalysis. As it is known, effectiveness of the biclique attack is highly dependent to the weakness of key schedule, and it does not seem to be appropriate for block ciphers with strong key scheduling. The non-isomorphic biclique attack, using an asymmetric key partitioning technique, provides more degrees of freedom to the attacker and makes it possible to use the diffusion layer properties of a block cipher for constructing longer bicliques. Results show that the attack on full-round mCrypton requires 233.9 chosen plaintexts and a time complexity of 262.67 encryptions. The computational complexity reduces to 262.3, 261.4, and 259.75 encryptions for 10, 8, and 6 rounds of mCrypton-64, respectively. We also have a discussion on the general form of the computational complexity for non-isomorphic biclique cryptanalysis. © 2014 John Wiley & Sons, Ltd.
Sajadieh, M. ,
Dakhilalian, M. ,
Mala, H. ,
Sepehrdad, P. Journal of Cryptology (14321378) 28(2)pp. 240-256
Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a very efficient new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear. We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer, which is an indication of the highest level of security with respect to linear and differential attacks. We try to extend our results for up to 8×8 words diffusion layers. The proposed diffusion layers only require simple operations such as word-level XORs, rotations, and they have simple inverses. They can replace the diffusion layer of several block ciphers and hash functions in the literature to increase their security, and performance. Furthermore, it can be deployed in the design of new efficient lightweight block ciphers and hash functions in future. © 2013, International Association for Cryptologic Research.
Computer Standards and Interfaces (09205489) 41pp. 72-78
The block cipher Crypton is a 128-bit block cipher was proposed by Lim as a candidate for the Advanced Encryption Standard (AES) competition. So far, a variety of cryptanalytic methods have been used to mount attacks on reduced-round versions of Crypton. Biclique attack is one of the most recent cryptanalytic techniques which brings new tools from the area of hash functions to the area of block cipher cryptanalysis. In this paper, using non-isomorphic biclique cryptanalysis, we propose a method to construct independent bicliques, up to five rounds, for cryptanalysis of full-round Crypton. © 2015 Elsevier B.V. All rights reserved.
Wireless Personal Communications (1572834X) 83(4)pp. 2607-2621
Due to the storage capacity and computational power restrictions of low-cost RFID tags based on the EPC-C1G2 standard, most of the existing authentication protocols seem too complicated to be appropriate for these tags; thus the design of authentication protocols compliant with the EPC-C1G2 standard is a big challenge. Recently, a lightweight mutual authentication protocol for RFID conforming to the EPC-C1G2 standard was proposed by Caballero-Gil et al. aiming to be used in VANETs. This scheme does not rely on RFID readers as they are portable. Instead, it bases security on trust in the server because all shared secrets are stored only by the tag and the server with no possible access by the reader at any time. In this paper, we prove that this scheme is vulnerable to de-synchronization attack and suffers from the information leakage with a complexity of about 216 offline PRNG evaluations which is completely affordable by a conventional adversary. In addition, we present a simple tag impersonation attack against this protocol. To counteract such flaws, we improve the Caballero-Gil et al. scheme to present a new RFID authentication protocol, entitled CG+, so that it provides the claimed security properties. © 2015, Springer Science+Business Media New York.
IET Information Security (17518709) 8(3)pp. 207-212
SQUARE, an eight-round substitution-permutation block cipher, is considered as a predecessor of the advanced encryption standard (AES). Recently, the concept of biclique-based key recovery of block ciphers was introduced and applied to full-round versions of three variants of AES. In this paper, this technique is applied to analyse the block cipher SQUARE. First, a biclique for three rounds of SQUARE using independent related-key differentials has been found. Then, an attack on this cipher is presented, with a data complexity of about 248 chosen plaintexts and a time complexity of about 2125.7 encryptions. The attack is the first successful attack on full-round SQUARE in the single-key scenario. © The Institution of Engineering and Technology 2014.
Wireless Personal Communications (1572834X) 77(3)pp. 2341-2358
Poor indoor coverage and high cost of cellular network operators are among the main motivations for the employment of femtocell networks. Since femto access points (FAPs) and macrocells share same spectrum resources, radio resource allocation is an important challenge in OFDMA femtocell networks. Mitigating interference and improving fairness among FAPs are the main objectives in previous resource allocation methods. However, the main drawback is that user level fairness has not been adequately addressed in the previous methods, and moreover, most of them suffer from inefficient utilization of radio resources. In this paper, modeling the problem as a graph multi-coloring, a centralized algorithm is proposed to obtain both user level fairness and spectrum efficiency. This method employs a priority-based greedy coloring algorithm in order to increase the reuse factor and consequently the spectrum efficiency. Moreover, in situations where the number of available OFDM resources is not sufficient, the proposed method employs a novel fairness index to fairly share those remaining resources among users of FAPs. The performance comparison between the proposed and previous methods shows that the proposed method improves the balance between user-level fairness and resource utilization. In addition, the presented analyses show that the time complexity of the proposed method is less than that of conventional methods. © 2014 Springer Science+Business Media New York.
Information Processing Letters (00200190) 114(5)pp. 252-255
Impossible differential cryptanalysis is one of the conventional methods in the field of cryptanalysis of block ciphers. In this paper, a general model of an impossible differential attack is introduced. Then, according to this model, the concept of an ideal impossible differential attack is defined and it is proven that the time complexity of an ideal attack only depends on the number of involved round key bits in the attack. © 2013 Elsevier B.V.
Blind signature is a kind of digital signature with significant applications in anonymous electronic voting and electronic payment. In this paper, first, we analyze a recently introduced blind signature scheme and show that, without obtaining the signing key, the attacker can forge a valid signature for any arbitrary message. In other words, Dameri et al.'s blind signature scheme is universally forgeable. Then, we propose a new blind signature scheme based on the discrete logarithm problem. Finally, we introduce an elliptic curve-based variant of the proposed scheme which has lower computational overhead. © 2013 IEEE.
International Journal of Communication Systems (10991131) 25(4)pp. 415-426
mCrypton is a 64-bit lightweight block cipher designed for use in low-cost and resource-constrained applications such as RFID tags and sensors in wireless sensor networks. In this paper, we investigate the strength of this cipher against related-key impossible differential cryptanalysis. First, we construct two 6-round related-key impossible differentials for mCrypton-96 and mCrypton-128. Then, using these distinguishers, we present 9-round related-key impossible differential attacks on these two versions. The attack on mCrypton-96 requires 2 59.9 chosen plaintexts, and has a time complexity of about 2 74.9 encryptions. The data and time complexities for the attack on mCrypton-128 are 2 59.7 chosen plaintexts and 2 66.7 encryptions, respectively. Copyright © 2011 John Wiley & Sons, Ltd.
Sajadieh, M. ,
Dakhilalian, M. ,
Mala, H. ,
Omoomi, B. Designs, Codes, and Cryptography (09251022) 64(3)pp. 287-308
Due to their remarkable application in many branches of applied mathematics such as combinatorics, coding theory, and cryptography, Vandermonde matrices have received a great amount of attention. Maximum distance separable (MDS) codes introduce MDS matrices which not only have applications in coding theory but also are of great importance in the design of block ciphers. Lacan and Fimes introduce amethod for the construction of an MDS matrix from two Vandermonde matrices in the finite field. In this paper, we first suggest a method that makes an involutory MDS matrix from the Vandermonde matrices. Then we propose another method for the construction of 2n × 2 n Hadamard MDS matrices in the finite field GF(2 q ). In addition to introducing this method, we present a direct method for the inversion of a special class of 2 n × 2 n Vandermonde matrices. © 2011 Springer Science+Business Media, LLC.
Sajadieh, M. ,
Dakhilalian, M. ,
Mala, H. ,
Sepehrdad, P. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (03029743) 7549pp. 385-401
Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers. In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear. We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4 x 4 words diffusion layer. The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses. They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively. Finally, we try to extend our results for up to 8 x 8 words diffusion layers. © 2012 Springer-Verlag.
Journal of Computer Science and Technology (18604749) 26(4)pp. 744-750
CLEFIA, a new 128-bit block cipher proposed by Sony Corporation, is increasingly attracting cryptanalysts' attention. In this paper, we present two new impossible differential attacks on 13 rounds of CLEFIA-128. The proposed attacks utilize a variety of previously known techniques, in particular the hash table technique and redundancy in the key schedule of this block cipher. The first attack does not consider the whitening layers of CLEFIA, requires 2109:5 chosen plaintexts, and has a running time equivalent to about 2112:9 encryptions. The second attack preserves the whitening layers, requires 2 117:8 chosen plaintexts, and has a total time complexity equivalent to about 2121:2 encryptions. © 2011 Springer Science+Business Media, LLC & Science Press, China.
IET Information Security (17518709) 5(3)pp. 129-134
Camellia, a 128-bit block cipher that has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this study, the authors present a new impossible differential attack on a reduced version of Camellia-256 without FL/FL-1 functions and whitening. First, the authors introduce a new extension of the hash table technique and then exploit it to attack 16 rounds of Camellia-256. When, in an impossible differential attack, the size of the target subkey space is large and the filtration, in the initial steps of the attack, is performed slowly, the extended hash table technique will be very useful. The proposed attack on Camellia-256 requires 2124.1 known plaintexts and has a running time equivalent to about 2249.3 encryptions. In terms of the number of attacked rounds, our result is the best published attack on Camellia-256. © 2011 The Institution of Engineering and Technology.
IET Information Security (17518709) 5(4)pp. 228-236
One of the most important structures used in modern block ciphers is the substitution-permutation network (SPN) structure. Many block ciphers with this structure widely use Maximun Distance Separable (MDS) matrices over finite fields as their diffusion layers, for example, advanced encryption standard (AES) uses a 4×4 MDS matrix as the main part of its diffusion layer and the block cipher Khazad has an involutory 8×8 matrix. In this study, first a construction is proposed for a 4×4 linear diffusion layer that can intermix four words of arbitrary size with branch number 5. Then extend this idea for 8×8 diffusion layer using low-cost linear functions. In this construction, first, certain binary linear combinations of inputs are fed into two or three different invertible linear functions and then combined using XOR operation. In order to show the efficiency of the proposed diffusion layer, the authors exploit it in a nested SPN structure and compare its efficiency with some well-known diffusion layers such as the diffusion layer of Hierocrypt. © 2011 The Institution of Engineering and Technology.
Journal of Systems and Software (01641212) 83(4)pp. 702-709
In this paper, we introduce a new impossible differential cryptanalysis of Zodiac that is considerably more effective than the one in the previous work (Hong et al., 2002). Using two new 13-round impossible differential characteristics and the early abort technique, this 3R-Attack breaks 128-bit key full-round Zodiac with complexity less than 271.3 encryptions, which is practical. This result is approximately 248 times better than what mentioned in the earlier work. Our result reveals depth of Zodiac's weakness against impossible differential cryptanalysis due to its poor diffusion layer. We also obtain a tighter upper bound for time complexity. © 2009 Elsevier Inc. All rights reserved.
Mala, H. ,
Dakhilalian, M. ,
Rijmen, V. ,
Modarres hashemi m., M. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (03029743) 6498pp. 282-291
Using a new 4-round impossible differential in AES that allows us to exploit the redundancy in the key schedule of AES-128 in a way more effective than previous work, we present a new impossible differential attack on 7 rounds of this block cipher. By this attack, 7-round AES-128 is breakable with a data complexity of about 2106 chosen plaintexts and a time complexity equivalent to about 2110 encryptions. This result is better than any previously known attack on AES-128 in the single-key scenario. © 2010 Springer-Verlag Berlin Heidelberg.
Computer Standards and Interfaces (09205489) 32(4)pp. 222-227
Crypton is a 128-bit block cipher which was submitted to the Advanced Encryption Standard competition. In this paper, we present two new impossible differential attacks to reduced-round Crypton. Using two new observations on the diffusion layer of Crypton, exploiting a 4-round impossible differential, and appropriately choosing three additional rounds, we mount the first impossible differential attack on 7-round Crypton. The proposed attacks require 2121 chosen plaintexts each. The first attack requires 2125.2 encryptions. We then utilize more pre-computation and memory to reduce the time complexity to 2116.2 encryptions in the second attack. © 2010 Elsevier B.V. All rights reserved.
Mala, H. ,
Shakiba, M. ,
Dakhilalian, M. ,
Bagherikaram, G. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (03029743) 5867pp. 281-294
Camellia, a 128-bit block cipher which has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this paper, using the redundancy in the key schedule and accelerating the filtration of wrong pairs, we present a new impossible differential attack to reduced-round Camellia. By this attack 12-round Camellia-128 without FL/FL - 1 functions and whitening is breakable with a total complexity of about 2116.6 encryptions and 2 116.3 chosen plaintexts. In terms of the numbers of the attacked rounds, our attack is better than any previously known attack on Camellia-128. © 2009 Springer-Verlag Berlin Heidelberg.
Mala, H. ,
Dakhil-alian, M. ,
Brenjkoub, M. 2pp. 3304-3308
Proxy signature schemes allow a proxy signer to generate a proxy signature on behalf of an original signer. In this paper we propose an Identity-based proxy signature scheme from bilinear pairings. In comparison with the Xu et al's scheme, our scheme is more efficient in computation and requires fewer pairing operations especially in verification phase. © 2006 IEEE.
