A hybrid cryptosystem is developed in the paper “Hybrid Data Encryption and Decryption Using Hybrid RSA and DNA” by combining the advantages of asymmetric-key (public-key) and symmetric-key (private-key) cryptosystems. These two types of cryptosystems use a variety of key types. The approach addresses worries about the users right to privacy, authentication, and accuracy by using a data encryption procedure that is secure both ways. Data encoding and data decryption are two separate security techniques used by the system. It has been suggested that a hybrid encryption algorithm be used for file encryption to handle the issues with efficiency and security. RSA and DNA are combined in this method. The outcome so the tests show that the RSA and DNA hybrid encryption algorithms are suitable for use. In this particular study effort, the hybrid encryption and decoding for cloud processing with IOT devices used the DNA and RSA algorithms.
Authored by Prashant Bhati, Saurabh Tripathi, Shristi Kumari, Suryansh Sachan, Reena Sharma
Information exchange occurs all the time in today’s internet era. Some of the data are public, and some are private. Asymmetric cryptography plays a critical role in securing private data transfer. However, technological advances caused private data at risk due to the presence of quantum computers. Therefore, we need a new method for securing private data. This paper proposes combining DNA cryptography methods based on the NTRU cryptosystem to enhance security data confidentiality. This method is compared with conventional public key cryptography methods. The comparison shows that the proposed method has a slow encryption and decryption time compared to other methods except for RSA. However, the key generation time of the proposed method is much faster than other methods tested except for ECC. The proposed method is superior in key generation time and considerably different from other tested methods. Meanwhile, the encryption and decryption time is slower than other methods besides RSA. The test results can get different results based on the programming language used.
Authored by U. Satriyo, Faisal Rahutomo, Bambang Harjito, Heri Prasetyo
E-health, smart health and telemedicine are examples of sophisticated healthcare systems. For end-to-end communication, these systems rely on digital medical information. Although this digitizing saves much time, it is open source. As a result, hackers could potentially manipulate the digital medical image as it is being transmitted. It is harder to diagnose an actual disease from a modified digital medical image in medical diagnostics. As a result, ensuring the security and confidentiality of clinical images, as well as reducing the computing time of encryption algorithms, appear to be critical problems for research groups. Conventional approaches are insufficient to ensure high-level medical image security. So this review paper focuses on depicting advanced methods like DNA cryptography and Chaotic Map as advanced techniques that could potentially help in encrypting the digital image at an effective level. This review acknowledges the key accomplishments expressed in the encrypting measures and their success indicators of qualitative and quantitative measurement. This research study also explores the key findings and reasons for finding the lessons learned as a roadmap for impending findings.
Authored by N Deepa, N Sivamangai
Counterfeited products are a significant problem in both developed and developing countries and has become more critical as an aftermath of COVID-19, exclusively for drugs and medical equipment’s. In this paper, an innovative approach is proposed to resist counterfeiting which is based on the principles of Synthetic DNA. The proposed encryption approach has employed the distinctive features of synthetic DNA in amalgamation with DNA encryption to provide information security and functions as an anticounterfeiting method that ensures usability. The scheme’s security analysis and proof of concept are detailed. Scyther is used to carry out the formal analysis of the scheme, and all of the modeled assertions are verified without any attacks.
Authored by C.S. Sreeja, Mohammed Misbahuddin
The rate of development in today s IT industry is unprecedented. Information is being stored and transformed at a faster and faster rate. Therefore, the importance of protecting sensitive data is growing. Everyone is concerned about preventing hackers from gaining access to their personal data. Several algorithms from the fields of classical cryptography and steganography can be used to conceal data. DNA cryptography is an emerging field that aims to protect information kept in DNA. DNA cryptography takes use of DNA s innate computing power at the molecular level. In this paper, we are exploring diverse cryptographic algorithms and methods that are used to secure the stored data in DNA. The paper represents the critical review that includes merits and demerits of the diverse cryptographic algorithms for securing the data in DNA.
Authored by Parth Parmar, Jekil Gadhiya, Satvik Vats, Deepak Verma, Krunal Vaghela
With the popularization of AIoT applications, every endpoint device is facing information security risks. Thus, how to ensure the security of the device becomes essential. Chip security is divided into software security and hardware security, both of which are indispensable and complement each other. Hardware security underpins the entire cybersecurity ecosystem by proving essential primitives, including key provisioning, hardware cryptographic engines, hardware unique key (HUK), and unique identification (UID). This establishes a Hardware Root of Trust (HRoT) with secure storage, secure operation, and a secure environment to provide a trustworthy foundation for chip security. Today s talk starts with how to use a Physical Unclonable Function (PUF) to generate a unique “fingerprint” (static random number) for the chip. Next, we will address using a static random number and dynamic entropy to design a high-performance true random number generator and achieve real anti-tampering HRoT by leveraging static and dynamic entropy. By integrating NISTstandard cryptographic engines, we have created an authentic PUF-based Hardware Root of Trust. The all-in-one integrated solution can handle all the necessary security functions throughout the product life cycle as well as maintaining a secure boundary to achieve the integrity of sensitive information or assets. Finally, as hardware-level protection extends to operating systems and applications, products and services become secure.
Authored by Meng-Yi Wu
With people s attention to information security, the research on authentication encryption algorithm has become a very important branch of cryptography in recent years. It is widely used in data encryption, message authentication, authentication and key management. In the network of large-scale communication nodes, there are a large quantity of network nodes and a variety of devices. The traditional PKI cryptosystem has the problems of certificate management difficulty and resource waste. Based on the research of block cipher algorithm, this article discusses its application in the design of terminal identity authentication system, and designs a node two-way authentication scheme based on identity encryption. The simulation results show that the block cipher algorithm proposed in this article can get 95.82\%, accuracy, which is higher than the contrast algorithm. Authentication and encryption algorithm based on block cipher plays an important role in authentication and encryption algorithm because of its fast implementation speed of software and hardware and easy standardization. The research shows that the algorithm proposed in this article is superior to other algorithms in the application of terminal identity authentication system. It provides a new solution for related research.
Authored by Dongmei Bin, Xin Li, Ming Xie, Yongjian Liang, Chunyan Yang
Encryption technique is widely used to ensure security in communication and wireless networks such as the Internet, Networking zone and Intranet. Every type of data has its own characteristics consequently, to safeguard private picture data from unwanted access, a variety of strategies are employed. In this paper an image encryption technology called Data Encryption Standard (DES) is combined with XOR to create a block cypher transformation algorithm for picture security. The suggested method is based on XOR with DES encryption, which emphasizes larger changes in the RGB combination as well as the histogram. The findings of the suggested method indicate more variety. The security of the system will be increased by increasing the variety.
Authored by Hariom Singh, Chetan Gupta
The foundation of cryptography is number theory, which is crucial to data security. The majority of commonly used encryption techniques use prime integers, making it challenging to identify specific prime values (keys). The suggested approach employs matrices and vectors as keys, making it harder to identify the individual keys and using vectors to represent the data. Now a days, one method for providing data security safeguards is encryption. The right encryption technique protects digital data from unauthorized access, data corruption, e-piracy, e-theft, and other threats. Data security is the main benefit of utilizing this method. Here, we have used the symmetric key encryption procedure to generate keys from two uneven matrices. Seven different keys in matrix format have been chosen to perform encryption and decryption. With the help of an example, the techniques for encryption and decryption have been explained.
Authored by M. Maragatharajan, L. Sathishkumar, J. Manikandan, S. Suprakash, P. Naveen
Nowadays, in communications, the main criteria to ensure that the information and communication in the network. The normal two users communication exchanges confidential data and files via the network. Secure data communication is the most important and crucial problem by message transmission networks. To resolve this problem, cryptography uses mathematical encryption and decryption data on adaptation by converting a data from key into an unreadable format. Cryptography provides a method for performing the transmission of confidential or secure communication. The proposed Padding Key Encryption (PKE) algorithm is used to encrypt the data; it generates the secret key in an unreadable format. The receiver decrypts the data using the private key in a readable format. In the proposed PKE algorithm, the sender sends data into plain text to cipher-text using a secret key to the authorized person; the unauthorized person cannot access the data through the Internet; only an authorized person can view the data the private key. The proposed simulation results provide high security to communicate the receiver for confidential data or files compared with other previous methods.
Authored by Aman Mittal, Frederick Sidney
With the increased usage of video communication technologies, the requirement for secure video data transfer has grown more critical than ever. Video encryption methods are critical in preventing unauthorized access to sensitive video data while it is provided across insecure networks. This study compares several video encryption algorithms, including symmetric and asymmetric key-based encryption methods. The goal of this research is to compare the security, computational complexity, and transmission overhead of several video encryption techniques. The research includes an examination of well-known encryption algorithms that include AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adelman) and DES (Data Encryption Standard), as well as variants on these techniques. Furthermore, this work offers a hybrid video encryption method that combines symmetric and asymmetric key-based encryption approaches to provide good security while being computationally simple. The experimental results reveal that the proposed method is more successful and effective than existing video encryption techniques. The suggested method used to secure video data communication over unsecured networks such as the internet, assuring the video data s secrecy, integrity, and authenticity.
Authored by Riddhi Mirajkar, Nilesh Sable, Dipak Palve, Sayali Sontakke
The Internet of Things (IoT) refers to the growing network of connected physical objects embedded with sensors, software and connectivity. While IoT has potential benefits, it also introduces new cyber security risks. This paper provides an overview of IoT security issues, vulnerabilities, threats, and mitigation strategies. The key vulnerabilities arising from IoT s scale, ubiquity and connectivity include inadequate authentication, lack of encryption, poor software security, and privacy concerns. Common attacks against IoT devices and networks include denial of service, ransom-ware, man-in-the-middle, and spoofing. An analysis of recent literature highlights emerging attack trends like swarm-based DDoS, IoT botnets, and automated large-scale exploits. Recommended techniques to secure IoT include building security into architecture and design, access control, cryptography, regular patching and upgrades, activity monitoring, incident response plans, and end-user education. Future technologies like blockchain, AI-enabled defense, and post-quantum cryptography can help strengthen IoT security. Additional focus areas include shared threat intelligence, security testing, certification programs, international standards and collaboration between industry, government and academia. A robust multilayered defense combining preventive and detective controls is required to combat rising IoT threats. This paper provides a comprehensive overview of the IoT security landscape and identifies areas for continued research and development.
Authored by Luis Cambosuela, Mandeep Kaur, Rani Astya
The escalating visibility of secure direct object reference (IDOR) vulnerabilities in API security, as indicated in the compilation of OWASP Top 10 API Security Risks, highlights a noteworthy peril to sensitive data. This study explores IDOR vulnerabilities found within Android APIs, intending to clarify their inception while evaluating their implications for application security. This study combined the qualitative and quantitative approaches. Insights were obtained from an actual penetration test on an Android app into the primary reasons for IDOR vulnerabilities, underscoring insufficient input validation and weak authorization methods. We stress the frequent occurrence of IDOR vulnerabilities in the OWASP Top 10 API vulnerability list, highlighting the necessity to prioritize them in security evaluations. There are mitigation recommendations available for developers, which recognize its limitations involving a possibly small and homogeneous selection of tested Android applications, the testing environment that could cause some inaccuracies, and the impact of time constraints. Additionally, the study noted insufficient threat modeling and root cause analysis, affecting its generalizability and real-world relevance. However, comprehending and controlling IDOR dangers can enhance Android API security, protect user data, and bolster application resilience.
Authored by Semi Yulianto, Roni Abdullah, Benfano Soewito
The escalating visibility of secure direct object reference (IDOR) vulnerabilities in API security, as indicated in the compilation of OWASP Top 10 API Security Risks, highlights a noteworthy peril to sensitive data. This study explores IDOR vulnerabilities found within Android APIs, intending to clarify their inception while evaluating their implications for application security. This study combined the qualitative and quantitative approaches. Insights were obtained from an actual penetration test on an Android app into the primary reasons for IDOR vulnerabilities, underscoring insufficient input validation and weak authorization methods. We stress the frequent occurrence of IDOR vulnerabilities in the OWASP Top 10 API vulnerability list, highlighting the necessity to prioritize them in security evaluations. There are mitigation recommendations available for developers, which recognize its limitations involving a possibly small and homogeneous selection of tested Android applications, the testing environment that could cause some inaccuracies, and the impact of time constraints. Additionally, the study noted insufficient threat modeling and root cause analysis, affecting its generalizability and real-world relevance. However, comprehending and controlling IDOR dangers can enhance Android API security, protect user data, and bolster application resilience.
Authored by Semi Yulianto, Roni Abdullah, Benfano Soewito
As the use of machine learning continues to grow in prominence, so does the need for increased knowledge of the threats posed by artificial intelligence. Now more than ever, people are worried about poison attacks, one of the many AI-generated dangers that have already been made public. To fool a classifier during testing, an attacker may "poison" it by altering a portion of the dataset it utilised for training. The poison-resistance strategy presented in this article is novel. The approach uses a recently developed basic called the keyed nonlinear probability test to determine whether or not the training input is consistent with a previously learnt Ddistribution when the odds are stacked against the model. We use an adversary-unknown secret key in our operation. Since the caveats are kept hidden, an adversary cannot use them to fool a keyed nonparametric normality test into concluding that a (substantially) modified dataset really originates from the designated dataset (D).
Authored by Ramesh Saini
Information-Centric Networking (ICN) has emerged as a perfect match to support data-driven applications. Typically, ICN ensures data integrity and authenticity, by provisioning signed and verifiable data packets. Nonetheless, the ICN cryptography-based security scheme entails increased computational and communication cost, while also necessitates continuous connectivity to the infrastructure. We claim that this security approach requires supportive mechanisms to perform adequately in scenarios involving disruptive connectivity and short-term communication. In this paper, we investigate the applicability of two security approaches, namely the in-force cryptographybased approach and a ‘lighter’ reputation-based one, in ad hoc information-centric networks, and aim to identify the pros and cons of each solution. Our experiments rely on a scenario deemed appropriate for the particular research objective: we selected an ICN-based Flying Ad hoc Network (FANET). We assess the impact of intermittent connectivity, as well as, the associated computational and communication cost, and the dynamics of mobility. Our results demonstrate that the reputation-based approach allows for building trust relations in a fast and lightweight manner, but without requiring permanent connectivity to trusted third parties. Therefore, we argue that the standard ICN security system can be consolidated by integrating reputation-based trust as an essential complementary mechanism.
Authored by Ioanna Kapetanidou, Paulo Mendes, Vassilis Tsaoussidis
Mobile Ad Hoc Networks (MANETs) are more susceptible to security threats due to the nature of openness and decentralized administration. Even though there exist several standard cryptography and encryption methods, they induce an additional computational and storage burden on the resource constrained mobile nodes in MANETs. To sort out this issue, this paper proposes a simple trust management mechanism called as Mobility and Trust Aware Adaptive Location Aided Routing (MTALAR). Initially, MTALAR founds the request zone whose sides are parallel to the line connecting the source and destination nodes. Next, the source node finds a trustworthy route through multi-hop nodes based on a new factor called as Mobile-Trust Factor (MTF). MTF is the combination of communication trust and mobility. Communication trust ensures a correct detection of malicious nodes and mobility ensures a proper protection for innocent nodes. After route discovery, the source node periodically measures the MTF of the multi-hop nodes through HELLO packets. Based on the obtained MTF values, the source node declares the corresponding node as malicious or not. Extensive simulations performed on the proposed method prove the superiority in the identification of malicious nodes.
Authored by Narsimhulu Gorre, Sreenivasa Duggirala
Fraud detection is an integral part of financial security monitoring tool; however, the traditional fraud detection method cannot detect the existing malicious fraud, and the clouds will produce data revealing that the risk of fraud detection system can not protect the privacy of detected object, so the fraud detection data privacy security becomes a significant problem,Homomorphic encryption as a demonstrable cryptography cloud privacy computing outsourcing scheme can ensure that cloud computing can perform ciphertext polynomial calculation under the dense state data without direct contact with the accurate data of users, so as to ensure data privacy security. Aiming at the data privacy security problems in the process of fraud detection, this paper combined homomorphic encryption and Logistic regression fraud detection technology to study the Logistic regression fraud detection algorithm under homomorphic ciphertext and constructed a cloud privacy fraud detection method based on customer service and cloud computing services. CKKS encryption scheme is used to encrypt the fraud data set and realize the Logistic regression fraud detection algorithm under ciphertext. The experiment proves that the difference between the fraud detection accuracy on ciphertext and plaintext is less than 3\%. Under the condition of ensuring the privacy of sensitive data to be detected, the effect of the fraud detection model is not affected.
Authored by Zhuang Chen, Mingdian Cai, Zhikun Wang
Visible Light Security 2022 - Visible light communication (VLC) is a shortrange wireless optical communication that can transmit data by switching lighting elements at high speeds in indoor areas. In common areas, VLC can provide data security at every layer of communication by using physical layer security (PLS) techniques as well as existing cryptography-based techniques. In the literature, PLS techniques have generally been studied for monochrome VLC systems, and multicolor VLC studies are quite limited. In this study, to the best of authors’ knowledge, null steering (NS) and artificial noise (AN), which are widely used PLS methods, have been applied to multi-colored LEDbased VLC systems for the first time in the literature and the achievable secrecy rate has been calculated.
Authored by Besra Çetindere, Cenk Albayrak, Kadir Türk
Quantum Computing Security 2022 - Recent advances in quantum computing have highlighted the vulnerabilities in contemporary RSA encryption. Shor’s approach for factoring numbers is becoming more tractable as quantum computing advances. This jeopardizes the security of any cryptographic system that is based on the complexity of factorisation. Many other crypto-systems based on theories like Elliptic Curve Cryptography are also vulnerable. To keep a cryptographic system safe against a quantum adversary, we must develop approaches based on a hard mathematical problem that is not vulnerable to quantum computer attacks, and we must develop Post Quantum Cryptography (PQC). One potential option is the use of lattices in a system called ring Learning with Errors (rLWE). Several techniques for postquantum encryption have been submitted to NIST. This paper studies the different speeds of different lattice-based protocols.
Authored by Mohamed Garrach, Chetan Waghela, Mahima Mathews, L Sreekuttan
Quantum Computing Security 2022 - Cloud computing has turned into an important technology of our time. It has drawn attention due to its, availability, dynamicity, elasticity and pay as per use pricing mechanism this made multiple organizations to shift onto the cloud platform. It leverages the cloud to reduce administrative and backup overhead. Cloud computing offers a lot of versatility. Quantum technology, on the other hand, advances at a breakneck pace. Experts anticipate a positive outcome and predict that within the next decade, powerful quantum computers will be available. This has and will have a substantial impact on various sciences streams such as cryptography, medical research, and much more. Sourcing applications for business and informational data to the cloud, presents privacy and security concerns, which have become crucial in cloud installation and services adoption. To address the current security weaknesses, researchers and impacted organizations have offered several security techniques in the literature. The literature also gives a thorough examination of cloud computing security and privacy concerns.
Authored by Rajvir Shah
Quantum Computing Security 2022 - Quantum computing is a swiftly blooming technology that straps up the process of quantum mechanics to solve problems too complex for conventional computers. Quantum Cryptography applies algorithms to encrypt messages that it is never read by anyone outside of the unauthorized recipient. Using Quantum mechanics, for secure communication, we have to follow either a superposition or entanglement algorithm. When compared to superposition, entanglement algorithms are providing more security. Why because it is difficult for intruders to identify how the qubits maintain the relationship. In the existing system, Quantum Key Distribution for short distances has already implemented its even commercially available using entanglement algorithm (Artur Ekert E91 Protocol). In the proposed system, quantum communication over very long distances. In this paper, using Quantum entanglement; the keys are exchanged securely and identify eavesdropping in the communication channel.
Authored by Vani Geddada, P. Lakshmi
QR Codes 2022 - The study was conducted to model Wi-Fi password resource assets in a platform that can be shared and collaborated publicly securely and support dynamic data changes with online repository shortcuts documented in access support via dedicated search engines and QR CODE. This study uses 3 methods, namely the one-way SHA-256 HASH function which was formulated with the addition of sowing techniques and reversing techniques so as to produce a long String named Keycode, the second method uses modern cryptographic techniques, namely Digital Signature, which collects keycodes in Path the identity of the resource asset, and the last one is a QR CODE used as an access shortcut that collects digital signature access data. This study used testing data from comparator application contributors, namely wifimap.io randomly, the results of which the formulation results were then disassembled using the brute force technique using hashcat. The results of the research of password data from resources were successfully formulated into a combination of Strings with high confidentiality that cannot be disassembled to the original data but are still accessible to the owner and holder of the keycode that is balanced with the limitations of access control.
Authored by Dede Sudirman, Teguh Suharsono, Rina Mardiati
QR Codes 2022 - Quick Response code (QR code) is a 2-D matrix barcode which stores data in four different encoding modes (numeric, alphanumeric, kanji, binary). They are widely used nowadays and can be seen almost everywhere whether it is on cosmetics products, general stores, billboards and so on. It has become an important part of day to day activities. As an information sharing medium, it has become so user friendly and mobile-friendly that with just one scan through smart phones you get the information stored in it. The main intent of this work is to secure QR code from unauthorized access by allowing only those who have authorization to access it by using cryptography (by encrypting and decrypting the QR code using a key value). And further security was enhanced by applying ‘k’ out of ‘n’ visual cryptography scheme on the QR code. It creates ‘n’ no. of share of the QR code out of which ‘k’ no. of shares is required to restore it. This work will briefly explain how cryptography and visual cryptography were used to secure the QR code. The experimental results showed that there was no data loss during this process. Also, if at the time of decryption wrong key is entered then the QR code will not be generated. And also it is required to input minimum k number of generated shares of the QR code for the successful retrieval of QR code. Quality of the reconstructed QR code was also measured using PSNR and SSIM which showed that reconstructed QR code was of good quality as well as original QR code and reconstructed QR code were identical.
Authored by Cheshtaa Bhardwaj, Hitendra Garg, Shashi Shekhar
Protocol Verification - Symbolic protocol verification generally abstracts probabilities away, considering computations that succeed only with negligible probability, such as guessing random numbers or breaking an encryption scheme, as impossible. This abstraction, sometimes referred to as the perfect cryptography assumption, has shown very useful as it simplifies automation of the analysis. However, probabilities may also appear in the control flow where they are generally not negligible. In this paper we consider a framework for symbolic protocol analysis with a probabilistic choice operator: the probabilistic applied pi calculus. We define and explore the relationships between several behavioral equivalences. In particular we show the need for randomized schedulers and exhibit a counterexample to a result in a previous work that relied on nonrandomized ones. As in other frameworks that mix both non-deterministic and probabilistic choices, schedulers may sometimes be unrealistically powerful. We therefore consider two subclasses of processes that avoid this problem. In particular, when considering purely non-deterministic protocols, as is done in classical symbolic verification, we show that a probabilistic adversary has—maybe surprisingly—a strictly superior distinguishing power for may testing, which, when the number of sessions is bounded, we show to coincide with purely possibilistic similarity.
Authored by Vincent Cheval, Raphaëlle Crubillé, Steve Kremer