Abstract: The rapid growth of the Internet and corresponding Internet community has fueled the rapid growth of both individual and business communications leading to the growth of all types of online communication. The direct result of this has been the growing concern and sometimes demand for security and privacy in electronic communication and e-commerce. Security and privacy are essential if individual communication is to continue and e-commerce is to thrive in cyberspaceCybercyberspace. The call for and desire for security and privacy has led to the advent of several proposals for security protocols and standards. Among these are Secure Socket Layer (SSL) and Transport Layer Security (TLS) Protocols, secure IP (IPSec)Internet Protocol Security (IPSec), Secure HTTP (S-HTTP), secure E-mail (PGPPGPpretty good privacy (PGP) andPretty Good Privacy (PGP) S/MIMESecure/Multipurpose Internet Mail Extensions (S/MIME)), DNDSECS/MIMEsecure/multipurpose internet mail extensions (S/MIME), SSH, and others. This chapter focuses on these.

Abstract: Advances like Industry 4.0 lead to a rising number of Internet-connected industrial deployments and thus an Industrial Internet of Things with growing attack vectors. To uphold a secure and safe operation of these deployments, industrial protocols nowadays include security features, e.g., end-to-end secure communication. However, so far, it is unclear how well these features are used in practice and which obstacles might prevent operators from securely running their deployments.In this research description paper, we summarize our recent research activities to close this gap. Specifically, we show that even secure-by-design protocols are by far no guarantee for secure deployments. Instead, many deployments still open the doors for eavesdropping attacks or malicious takeovers. Additionally, we give an outlook on how to overcome identified obstacles allowing operators to configure their deployments more securely.

Abstract: In an era characterized by digital pervasiveness and rapidly expanding datasets, ensuring the integrity and reliability of information is paramount. As cyber threats evolve in complexity, traditional cryptographic methods face increasingly sophisticated challenges. This article initiates an exploration into these challenges, focusing on key exchanges (encompassing their variety and subtleties), scalability, and the time metrics associated with various cryptographic processes. We propose a novel cryptographic approach underpinned by theoretical frameworks and practical engineering. Central to this approach is a thorough analysis of the interplay between Confidentiality and Integrity, foundational pillars of information security. Our method employs a phased strategy, beginning with a detailed examination of traditional cryptographic processes, including Elliptic Curve Diffie-Hellman (ECDH) key exchanges. We also delve into encrypt/decrypt paradigms, signature generation modes, and the hashes used for Message Authentication Codes (MACs). Each process is rigorously evaluated for performance and reliability. To gain a comprehensive understanding, a meticulously designed simulation was conducted, revealing the strengths and potential improvement areas of various techniques. Notably, our cryptographic protocol achieved a confidentiality metric of 9.13 in comprehensive simulation runs, marking a significant advancement over existing methods. Furthermore, with integrity metrics at 9.35, the protocol's resilience is further affirmed. These metrics, derived from stringent testing, underscore the protocol's efficacy in enhancing data security.

Abstract: Byzantine consensus is a fundamental building block in distributed cryptographic problems. Despite decades of research, most existing asynchronous consensus protocols require a strong trusted setup and expensive public-key cryptography. In this paper, we study asynchronous Byzantine consensus protocols that do not rely on a trusted setup and do not use public-key cryptography such as digital signatures. We give an Asynchronous Common Subset (ACS) protocol whose security is only based on cryptographic hash functions modeled as a random oracle. Our protocol has O(κn3) total communication and runs in expected O(1) rounds. The fact that we use only cryptographic hash functions also means that our protocol is post-quantum secure. The minimal use of cryptography and the small number of rounds make our protocol practical. We implement our protocol and evaluate it in a geo-distributed setting with up to 128 machines. Our experimental evaluation shows that our protocol is more efficient than the only other setup-free consensus protocol that has been implemented to date. En route to our asynchronous consensus protocols, we also introduce new primitives called asynchronous secret key sharing and cover gather, which may be of independent interest.

Abstract: The field of high-assurance cryptography is quickly maturing, yet a unified foundational framework for end-to-end formal verification of efficient cryptographic implementations is still missing. To address this gap, we use the Coq proof assistant to formally connect three existing tools: (1) the Hacspec emergent cryptographic specification language; (2) the Jasmin language for efficient, high-assurance cryptographic implementations; and (3) the SSProve foundational verification framework for modular cryptographic proofs. We first connect Hacspec with SSProve by devising a new translation from Hacspec specifications to imperative SSProve code. We validate this translation by considering a second, more standard translation from Hacspec to purely functional Coq code and generate a proof of the equivalence between the code produced by the two translations. We further define a translation from Jasmin to SSProve, which allows us to formally reason in SSProve about efficient cryptographic implementations in Jasmin. We prove this translation correct in Coq with respect to Jasmin's operational semantics. Finally, we demonstrate the usefulness of our approach by giving a foundational end-to-end Coq proof of an efficient AES implementation. For this case study, we start from an existing Jasmin implementation of AES that makes use of hardware acceleration and prove that it conforms to a specification of the AES standard written in Hacspec. We use SSProve to formalize the security of the encryption scheme based on the Jasmin implementation of AES.

Abstract: With the enablement of Internet of Things technology, the electrical grid is currently undergoing a drastic revolution, which is known as smart grid. Since massive sensitive data and control commands transmitted via public channels, the smart grid is challenged by various cyber threats. Authenticated key agreement protocols in smart grid effectively ensure the confidentiality and authentication of communication through mutual authentication and establishing session keys. In this article, we review the existing elliptic curve cryptography (ECC)-based authentication and key agreement protocols in smart gird and perform a security analysis of Hu et al.’s protocol. We exhibit that the protocol fails to resist key compromise impersonation (KCI) attack and cannot provide untraceability. Furthermore, we propose a security-enhanced authentication and key agreement protocol based on ECC, which performs registration, authentication, and key agreement phases over public channels to enable mutual authentication and to establish session keys. The protocol is also proved to be security-enhanced by formal proof and informal analysis. The performance analysis results demonstrate that the proposed protocol is comparable to other existing protocols while achieving enhanced security. Therefore, the protocol satisfies the deployment requirements for resource-constrained smart grid.

Abstract: The paper describes the construction of nonlinear cryptographic protocol, based on separate linear cryptosystems. Implementation of suggested construction scheme enables encryption of data blocks with ready-made and proven cryptosystems, without making any changes to their design. The scheme of proposed protocol is presented, using the AES and Twofish cryptosystems as an example. The sequence of using cryptosystems proceeds based on pseudo-random cryptographically strong gamma deployment algorithm, which increases the nonlinearity of encryption and improves the general strong of systems. The article highlights the construction of nonlinear cryptosystems, model of the process of the nonlinear modifiers deployment, and proposes a general scheme of the structure of nonlinear cryptographic protocols using one or more different cryptosystems. Proposed scheme has great flexibility and scalability. This solution allows simple and effective improvement of existing cryptographic systems or their separate algorithms and is promising for further research.

Abstract: Internet of Things (IoT) have gained popularity in recent times. With an increase in the number of IoT devices, security and privacy vulnerabilities are also increasing. For sensitive domains like healthcare and industrial sectors, such vulnerabilities can cause havoc. Thus, authentication is an important aspect for establishing a secure communication between various participants. In this paper, two recent authentication and key exchange protocols are studied. It is demonstrated that these protocols are susceptible to replay attacks, modification attacks, and technical correctness issues. Possible improvements to address these vulnerabilities are also presented. The enhancements are designed to preserve the performance of the original protocols.

Abstract: Cryptographic Self-Selection is a paradigm employed by modern Proof-of-Stake consensus protocols to select a block-proposing "leader." Algorand [Chen and Micali, 2019] proposes a canonical protocol, and Ferreira et al. [2022] establish bounds $f(\alpha,\beta)$ on the maximum fraction of rounds a strategic player can lead as a function of their stake $\alpha$ and a network connectivity parameter $\beta$. While both their lower and upper bounds are non-trivial, there is a substantial gap between them (for example, they establish $f(10\%,1) \in [10.08\%, 21.12\%]$), leaving open the question of how significant of a concern these manipulations are. We develop computational methods to provably nail $f(\alpha,\beta)$ for any desired $(\alpha,\beta)$ up to arbitrary precision, and implement our method on a wide range of parameters (for example, we confirm $f(10\%,1) \in [10.08\%, 10.15\%]$). Methodologically, estimating $f(\alpha,\beta)$ can be phrased as estimating to high precision the value of a Markov Decision Process whose states are countably-long lists of real numbers. Our methodological contributions involve (a) reformulating the question instead as computing to high precision the expected value of a distribution that is a fixed-point of a non-linear sampling operator, and (b) provably bounding the error induced by various truncations and sampling estimations of this distribution (which appears intractable to solve in closed form). One technical challenge, for example, is that natural sampling-based estimates of the mean of our target distribution are \emph{not} unbiased estimators, and therefore our methods necessarily go beyond claiming sufficiently-many samples to be close to the mean.

Abstract: We interviewed cryptography experts from academia and industry to learn from their experiences with the design and deployment of cryptographic protocols. We present adoption challenges, including misaligned incentives in academia and standardization, mismatched assumptions, low-quality reference implementations, and usability issues.

Abstract: This paper delves into the realm of quantum computing and its potential to revolutionize data encryption methodologies. Leveraging IBM's Qiskit tool, we investigate encryption approaches aimed at bolstering data security. Commencing with a foundational elucidation of quantum computing and its pivotal role in encryption, we subsequently conduct a comparative analysis between classical binary encryption and quantum encryption methodologies. This analysis includes a practical demonstration of quantum encryption implementation utilizing Qiskit, underscoring the robustness and heightened security offered by quantum-based encryption techniques. Throughout this exploration, we address pertinent challenges encountered in the field, such as the limitations inherent in existing quantum hardware, while also outlining prospective directions for advancement. By the conclusion of this paper, readers will discern the profound implications of quantum computing in shaping the future landscape of encryption technology.

Abstract: Kerberos protocol is one of the famous network authentication protocols that manages and facilitates user authentication processes across networks to gain safe access to resources. This protocol relies on the role of Active Directory in a Windows environment to authenticate users in a network. It generates tickets that work as identifiers and validity for users over a network. Attackers are always seeking to illegally obtain tickets to gain access to the network resources. However, this paper focuses on the most prominent attacks that this protocol is exposed to and explains them, along with the solutions proposed by several researchers to mitigate golden ticket attacks that take advantage of a vulnerability in the Kerberos authentication protocol. Therefore, this paper proposed an enhanced approach for mitigating this type of serious attack by adding an additional validation layer for users who have a golden ticket in the server of the service. After decrypting the service ticket, the resources server verifies that the ticket was issued by the Ticket Granting Service (TGS), a trusted authority, by examining the KRBTGT signature. If the ticket is deemed a golden ticket, the server of the service will signal the biometric validation layer to perform biometric verification on the user of this ticket. Verifies the client's identity again using biometric credentials that are kept in a secure database on the resources server. This biometric validation layer is adding a new role for the services server that will require using several additional tools to obtain a perfect biometric validation layer. That is ensuring just authorized access for golden tickets is the lofty target of hackers and the focus of many researchers to limit its attacks.

Abstract: As Internet of Things (IoT) technology continues to advance, there is a growing awareness of IoT security within the industry. Quantum communication technology can potentially significantly improve the communication security of IoT devices. Based on semi-quantum cryptography and utilizing single photons, this paper introduces two semi-quantum secure direct communication (SQSDC) protocols for use in smart door locks. Protocol 1 is more efficient, and the efficiency analysis shows that the communication efficiency is as high as 28.57%. Security analysis demonstrates the asymptotic security of the protocols, effectively resisting intercept–measure–resend attacks and entangle–measure attacks from potential eavesdroppers. The extended SQSDC protocol (protocol 2) builds upon protocol 1 by enabling a single qubit to transmit two bits of information, resulting in a double efficiency outcome.

Abstract: In an era of information flooding, a data breach not only results in economic loss, but also a loss of goodwill for the business applications. Cryptographic algorithms have been studied and applied for the protection of sensitive data for a very long time. Machine learning applications deal with an enormous amount of data where the data may be critical and sensitive. There are a plethora of machine learning applications where cryptography is applied for the protection of data. In the same way, machine learning algorithms can be used for implementing cryptographic algorithms. It is used for analyzing and finding hidden patterns to improve the credibility of the security algorithms. This chapter analyzes the contribution of cryptography to machine learning algorithms and vice versa. It also describes the challenges and opportunities in application and interaction between these two fields.

Abstract: Drones are limited-resource aircraft without a human pilot on board. They are used for area surveillance and information gathering, which they then relay to a Ground Control Station (GCS) or other drones in the network. Due to the vast amounts of data transmission in an Internet of Drones (IoD) network, it is vulnerable to different cyber attacks. Our previous works deal with cryptographic algorithms i.e. an Authenticated Key Agreement (AKA) algorithm named Elliptic Curve Cryptography based AKA integrating Timestamps and Trigonometric concepts (ECCTST) and an encryption algorithm named Customized Lightweight Encryption Algorithm (CLEA)-256 for a legitimate IoD network. Also, the review of the previous works shows that the execution of real-time adversarial attacks on cryptographic protocols is an area to explore. Hence, our proposed work proves the robustness of our previous works on cryptographic protocols, which have been done using a Raspberry Pi (RPi) 4 B-based drone installed with Kali Linux OS as the attacker. The data preparation by the legitimate drone and 12 sessions of legitimate communications happen between the drone and the GCS, and the legitimate communications are captured using Wireshark. Adversarial security analysis has detected ample randomizations in the captured ECCTST-based data and the captured CLEA-256-based data, which indicates the robustness of our previous works on ECCTST and CLEA-256 and the integration of the 2 for secure communications in an IoD network.

Abstract: Analysing complex evasion and obfuscation techniques is crucial for creating more robust defences against malware. String obfuscation is an easy-to-implement technique that hides information, such as domain names, registry keys, etc. Its detection and removal allow malware to be more accurately analysed. This paper proposes a new method for generating detectors for string obfuscation in binary executables. This is achieved by combining features extracted from the assembly of a binary, and its respective control flow graph and the directed graph derived from the control flow graph. Our method generates highly efficient detectors tailored for string obfuscation achieving more than 90% across all evaluation metrics.

Abstract: The evolution of the Fifth Generation (5G) networks and the rise of Open Radio Access Network (O-RAN) architecture introduced a new era of wireless connectivity, offering exceptional speeds, low latency, and increased capacity. However, the open and disaggregated nature of O-RAN itself leads to serious security challenges. This paper gives an in-depth analysis of the current security posture of the 5G O-RAN, assessing the security protocol stack in use to harden the 5G O-RAN framework. We show the strengths and weaknesses inherited in each protocol of the current stack and propose enhancements to fortify the security of the 5G O-RAN deployments.

Abstract: Wireless Body Area Networks are a revolutionary advancement in modern healthcare that enable the continuous and real-time monitoring of patients’ physiological data using wearable and implantable sensors. Securing data transmission in WBAN is essential for reliable and effective healthcare monitoring. This work utilized a hybrid cryptographic model known as Secure End to end Emergency Network Data Transmission (SENDT) that incorporated Elliptic Curve Cryptography (ECC) and Elliptic Curve Digital Signature Algorithm (ECDSA). The suggested solution integrates ECC and ECDSA algorithms to efficiently preserve data privacy and guarantee the integrity of transferred data among nodes. The approach utilizes AES-128 for encryption, SHA-2 for hashing, and ECDSA for authentication and verification, guaranteeing strong security with minimum computation overhead. This research compares HECC, CLAKA, and SENDT cryptographic protocols. The proposed technique exhibits exceptional performance, with an impressive throughput of 85%, a packet delivery ratio of 95%, a reduction in latency by 30%, and a decrease in energy usage by 25% when compared to alternative protocols. The results emphasise the effectiveness and dependability of SENDT in ensuring secure data transmission for WBAN applications. Keywords— WBAN, Data Security, ECC, ECDSA, AES

Abstract: This research explores the concept of a hybrid security protocol that combines the strengths of different existing protocols to safeguard digital communication. An ideal protocol should maintain a balance between security and efficiency, which is accomplished with the help of combining various algorithms. Hybrid security protocol takes advantage of both symmetric and asymmetric algorithms. A hybrid protocol developed using AES and ECC and an additional encryption method, which in terms provide a more efficient and secure protocol and is validated by performing experiments on the developed and the existing protocols. The results of the research work gives a detailed insights about the efficiency and security of the hybrid protocols.

Abstract: With the booming development of Internet of Things (IoT), the LoRaWAN protocol, a crucial technology in Low Power Wide Area Network (LPWAN), has attracted academic attention. Numerous studies on the security of LoRaWAN have been proposed, and some of these studies have been rigorously verified. However, there is a lack of a unified verification framework for the LoRaWAN protocol. In this paper, we present a unified, comprehensive, and systematic security verification framework for the LoRaWAN protocol. The framework facilitates the construction of CSP model for the LoRaWAN protocol and enables the implementation of these CSP models in PAT with C#. Additionally, it supports the formal verification of the models. By integrating C# into PAT, our framework gains extensibility, flexibility, and broad applicability. Simultaneously, we introduce intruders in our CSP model to simulate five different types of attacks (Replay attacks, DoS attacks, ACK Spoofing attacks, Bit Flipping attacks, and MITM attacks) to evaluate LoRaWAN’s performance in vulnerable environments. To demonstrate the applicability of our framework, we extend it to higher versions of LoRaWAN and apply it in the manufacturing industry. We not only verify the fundamental properties but also validate the security properties by simulating attacks in PAT. Our work would help to diversely analyze the security aspects related to the LoRaWAN protocol, and provide the foundation for the analysis of enhancing its security and robustness.

Abstract: The Computationally Complete Symbolic Attacker (CCSA) approach to security protocol verification relies on probabilistic logics to reason about the interaction traces between a protocol and an arbitrary adversary. The proof assistant Squirrel implements one such logic. CCSA logics come with cryptographic axioms whose soundness derives from the security of standard cryptographic games, e.g. PRF, EUF, IND-CCA. Unfortunately, these axioms are complex to design and implement; so far, these tasks are manual, ad-hoc and error-prone. We solve these issues by providing a formal and systematic method for deriving axioms from cryptographic games. Our method relies on synthesizing an adversary against some cryptographic game, through the notion of bi-deduction. Concretely, we define a rich notion of bi-deduction, justify how to use it to derive cryptographic axioms, provide a proof system for bi-deduction, and an automatic proof-search method which we implemented in Squirrel.