Encryption technique is widely used to ensure security in communication and wireless networks such as the Internet, Networking zone and Intranet. Every type of data has its own characteristics consequently, to safeguard private picture data from unwanted access, a variety of strategies are employed. In this paper an image encryption technology called Data Encryption Standard (DES) is combined with XOR to create a block cypher transformation algorithm for picture security. The suggested method is based on XOR with DES encryption, which emphasizes larger changes in the RGB combination as well as the histogram. The findings of the suggested method indicate more variety. The security of the system will be increased by increasing the variety.

Nowadays, the increasing number of devices deployed in IoT systems implementation and the requirement of preserving the integrity of data transported over the Internet, demand the use of data encryption schemes. This paper aims to show the performance evaluation of CP-ABE (Ciphertext-Policy Attribute Based Encryption) type of encryption over MQTT (Message Queue Transport Telemetry) that focuses on execution time for an IoT system with Raspberry Pi. For the implementation, two Raspberry Pi 4 Computer Model B are used for both the publisher and the subscriber, and a computer with Ubuntu 20.04 LTS operating system is used for the Broker and the Key Authority. The result of the present work provides relevant information on the execution times required in the CP-ABE encryption scheme to provide data integrity and fine-grained access control policy in an IoT system. The work demonstrates that the CP-ABE encryption scheme is suitable for IoT systems.

This paper present s a new image encryption model with focus on symmetric key schemes. It discus 5 schemes: Random Generation Key (8B); Random Key Generation part A(4B) and part B(4B); Input User Key (4B), Encrypted key and Random Key generation (4B); Random Key Generate (4B) and Input User Encrypted Key (4B); Input User Key (8B). Experimental results are based on image encryption by DES algorithm (5 instances) and by AES algorithm (5 instances). A table with image quality values and a table with complex arithmetic mean error are done.

The foundation of cryptography is number theory, which is crucial to data security. The majority of commonly used encryption techniques use prime integers, making it challenging to identify specific prime values (keys). The suggested approach employs matrices and vectors as keys, making it harder to identify the individual keys and using vectors to represent the data. Now a days, one method for providing data security safeguards is encryption. The right encryption technique protects digital data from unauthorized access, data corruption, e-piracy, e-theft, and other threats. Data security is the main benefit of utilizing this method. Here, we have used the symmetric key encryption procedure to generate keys from two uneven matrices. Seven different keys in matrix format have been chosen to perform encryption and decryption. With the help of an example, the techniques for encryption and decryption have been explained.

Nowadays, in communications, the main criteria to ensure that the information and communication in the network. The normal two users communication exchanges confidential data and files via the network. Secure data communication is the most important and crucial problem by message transmission networks. To resolve this problem, cryptography uses mathematical encryption and decryption data on adaptation by converting a data from key into an unreadable format. Cryptography provides a method for performing the transmission of confidential or secure communication. The proposed Padding Key Encryption (PKE) algorithm is used to encrypt the data; it generates the secret key in an unreadable format. The receiver decrypts the data using the private key in a readable format. In the proposed PKE algorithm, the sender sends data into plain text to cipher-text using a secret key to the authorized person; the unauthorized person cannot access the data through the Internet; only an authorized person can view the data the private key. The proposed simulation results provide high security to communicate the receiver for confidential data or files compared with other previous methods.

This paper presents a novel image encryption method that combines symmetric and asymmetric encryption with a watermark embedding extraction algorithm based on wavelet transform. The algorithm ensures the invisibility and robustness of the watermark, providing the first layer of encryption. The second layer of encryption is implemented by leveraging the efficiency of symmetric encryption and the security of asymmetric encryption. The integrity of the watermarking is evaluated using MEB(\%), PSNR(dB), and SSIM(\%), while the algorithm s efficiency is assessed through the encryption time T(ms). Experimental results show that the watermark achieves a PSNR of 59.671dB and an SSIM of 99.9, confirming its integrity and robustness. Furthermore, the synthetic encryption process takes only 50 seconds, ensuring both security and efficiency without increasing the time complexity. In conclusion, the proposed synthetic encryption algorithm demonstrates excellent performance in terms of efficiency and security.

The power communication network based on 5G network slicing is an important foundation to support smart grid, and the bearing of small granularity power regulation and control class services depends on the slicing soft isolation technology, and the data isolation between each soft isolation channel is crucial. In this paper, we propose a new symmetric cryptographic algorithm based on random coding, and establish a hybrid encryption method based on this symmetric algorithm, combined with SM2 and SM3 algorithms, which is suitable for encrypting the data of power regulation and control services. It is also verified through simulation that the proposed hybrid encryption method has high encryption efficiency while ensuring security.

This paper explores the advantages and limitations of probabilistic and deterministic encryption schemes for securing sensitive data. While probabilistic encryption ensures high security for data encryption, it can pose limitations when filtering and querying data. On the other hand, deterministic encryption method is a more flexible and unchanging encryption scheme that allows for the benefits of filtering data while icing its security. Many platform encryptions use deterministic encryption to allow for filtering of translated data while minimizing exposure of plain values to cipher values. Still, deterministic encryption can still pose certain pitfalls and may reveal information to eavesdroppers. A promising variation of encryption for perfecting security in communication end is ‘Varying encryption’ which is grounded on factors such as distance and country of connection. This acclimatized approach offers increased speed and security and can confuse attackers, making it harder for them to gain access to information being transmitted. Though, careful analysis of the advantages and disadvantages of assigning a specific encryption standard to a given set of conditions is essential to achieve optimal results.

With the increased usage of video communication technologies, the requirement for secure video data transfer has grown more critical than ever. Video encryption methods are critical in preventing unauthorized access to sensitive video data while it is provided across insecure networks. This study compares several video encryption algorithms, including symmetric and asymmetric key-based encryption methods. The goal of this research is to compare the security, computational complexity, and transmission overhead of several video encryption techniques. The research includes an examination of well-known encryption algorithms that include AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adelman) and DES (Data Encryption Standard), as well as variants on these techniques. Furthermore, this work offers a hybrid video encryption method that combines symmetric and asymmetric key-based encryption approaches to provide good security while being computationally simple. The experimental results reveal that the proposed method is more successful and effective than existing video encryption techniques. The suggested method used to secure video data communication over unsecured networks such as the internet, assuring the video data s secrecy, integrity, and authenticity.

The Internet of Things (IoT) refers to the growing network of connected physical objects embedded with sensors, software and connectivity. While IoT has potential benefits, it also introduces new cyber security risks. This paper provides an overview of IoT security issues, vulnerabilities, threats, and mitigation strategies. The key vulnerabilities arising from IoT s scale, ubiquity and connectivity include inadequate authentication, lack of encryption, poor software security, and privacy concerns. Common attacks against IoT devices and networks include denial of service, ransom-ware, man-in-the-middle, and spoofing. An analysis of recent literature highlights emerging attack trends like swarm-based DDoS, IoT botnets, and automated large-scale exploits. Recommended techniques to secure IoT include building security into architecture and design, access control, cryptography, regular patching and upgrades, activity monitoring, incident response plans, and end-user education. Future technologies like blockchain, AI-enabled defense, and post-quantum cryptography can help strengthen IoT security. Additional focus areas include shared threat intelligence, security testing, certification programs, international standards and collaboration between industry, government and academia. A robust multilayered defense combining preventive and detective controls is required to combat rising IoT threats. This paper provides a comprehensive overview of the IoT security landscape and identifies areas for continued research and development.

With the continuous improvement of the current level of information technology, the malicious software produced by attackers is also becoming more complex. It s difficult for computer users to protect themselves against malicious software attacks. Malicious software can steal the user s privacy, damage the user s computer system, and often cause serious consequences and huge economic losses to the user or the organization. Hence, this research study presents a novel deep learning-based malware detection scheme considering packers and encryption. The proposed model has 2 aspects of innovations: (1) Generation steps of the packer malware is analyzed. Packing involves adding code to the program to be protected, and original program is compressed and encrypted during the packing process. By understanding this step, the analysis of the software will be efficient. (2) The deep learning based detection model is designed. Through the experiment compared with the latest methods, the performance is proven to be efficient.

In this paper, a quantitative analysis method is proposed to calculate the risks from cyber-attacks focused on the domain of data security in the financial sector. Cybersecurity risks have increased in organizations due to the process of digital transformation they are going through, reflecting in a notorious way in the financial sector, where a considerable percentage of the attacks carried out on the various industries are concentrated. In this sense, risk assessment becomes a critical point for their proper management and, in particular, for organizations to have a risk analysis method that allows them to make cost-effective decisions. The proposed method integrates a layered architecture, a list of attacks to be prioritized, and a loss taxonomy to streamline risk analysis over the data security domain including: encryption, masking, deletion, and resiliency. The layered architecture considers: presentation layer, business logic layer, and data management layer. The method was validated and tested by 6 financial companies in Lima, Peru. The preliminary results identified the applicability of the proposed method collected through surveys of experts from the 6 entities surveyed, obtaining 85.7\% who consider that the proposed three-layer architecture contains the assets considered critical.

Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.

The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD’s SEV and, Enclavisor is placed in the guest kernel mode of SEV’s secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/ software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.

Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.

The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD’s SEV and, Enclavisor is placed in the guest kernel mode of SEV’s secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/ software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.

With the proliferation of IoT devices, the number of devices connected to the Internet has been rapidly increasing. An edge computing platform must flexible and efficient data control. Also, edge nodes are not always reliable. Edge node administrators can leak data through intentional mishandling. In this paper, we propose an edge computing platform on modular architecture that protects data and processing from interception and a processing flow based on data characteristics using Intel SGX and multi-authority attribute-based encryption. In addition, we report a performance evaluation of our method.

The adoption of IoT in a multitude of critical infrastructures revolutionizes several sectors, ranging from smart healthcare systems to financial organizations and thermal and nuclear power plants. Yet, the progressive growth of IoT devices in critical infrastructure without considering security risks can damage the user’s privacy, confidentiality, and integrity of both individuals and organizations. To overcome the aforementioned security threats, we proposed an AI and onion routing-based secure architecture for IoT-enabled critical infrastructure. Here, we first employ AI classifiers that classify the attack and non-attack IoT data, where attack data is discarded from further communication. In addition, the AI classifiers are secure from data poisoning attacks by incorporating an isolation forest algorithm that efficiently detects the poisoned data and eradicates it from the dataset’s feature space. Only non-attack data is forwarded to the onion routing network, which offers triple encryption to encrypt IoT data. As the onion routing only processes non-attack data, it is less computationally expensive than other baseline works. Moreover, each onion router is associated with blockchain nodes that store the verifying tokens of IoT data. The proposed architecture is evaluated using performance parameters, such as accuracy, precision, recall, training time, and compromisation rate. In this proposed work, SVM outperforms by achieving 97.7\% accuracy.

Scientific and technological advancements, particularly in IoT, have greatly enhanced the quality of life in society. Nevertheless, resource constrained IoT devices are now connected to the Internet through IPv6 and 6LoWPAN networks, which are often unreliable and untrusted. Securing these devices with robust security measures poses a significant challenge. Despite implementing encryption and authentication, these devices remain vulnerable to wireless attacks from within the 6LoWPAN network and from the Internet. Researchers have developed various methods to prevent attacks on the RPL protocol within the 6LoWPAN network. However, each method can only detect a limited number of attack types, and there are still several drawbacks that require improvement. This study aims to implement several attack prevention methods, such as Lightweight Heartbeat Protocol, SVELTE, and Contiki IDS. The study will provide an overview of these methods theories and simulate them on Contiki OS using Cooja software to assess their performance. The study s results demonstrate a correlation between the simulated data and the proposed theories. Furthermore, the study identifies and evaluates the strengths and weaknesses of these methods, highlighting areas that can be improved upon.

Mobile Ad Hoc Networks (MANETs) are more susceptible to security threats due to the nature of openness and decentralized administration. Even though there exist several standard cryptography and encryption methods, they induce an additional computational and storage burden on the resource constrained mobile nodes in MANETs. To sort out this issue, this paper proposes a simple trust management mechanism called as Mobility and Trust Aware Adaptive Location Aided Routing (MTALAR). Initially, MTALAR founds the request zone whose sides are parallel to the line connecting the source and destination nodes. Next, the source node finds a trustworthy route through multi-hop nodes based on a new factor called as Mobile-Trust Factor (MTF). MTF is the combination of communication trust and mobility. Communication trust ensures a correct detection of malicious nodes and mobility ensures a proper protection for innocent nodes. After route discovery, the source node periodically measures the MTF of the multi-hop nodes through HELLO packets. Based on the obtained MTF values, the source node declares the corresponding node as malicious or not. Extensive simulations performed on the proposed method prove the superiority in the identification of malicious nodes.

Message-locked Encryption (MLE) is the most common approach used in encrypted deduplication systems. However, the systems based on MLE are vulnerable to frequency analysis attacks, because MLE encrypts the identical plaintexts into the identical ciphertexts, which is deterministic. The state-of-theart defense scheme, which named TED, lacks key verification and uses a single key server to record frequency information. Once the key server is compromised, TED will be vulnerable to brute-force attacks. In addition, TED’s key generation algorithm needs to be designed more exquisitely to strengthen protection, and its security indicator is not comprehensive. We propose SDAF, which supports key verification and enhanced protection against frequency analysis attacks. Based on chameleon hash, SDAF realizes key verification to prevent malicious key servers from generating fake encryption keys. In order to disturb the frequency information, SDAF introduces reservoir sample to generate uniformly distributed encryption keys, and uses multiple key servers, which interact with each other via multi-party PSI and rotate spontaneously to avoid the single point of failure. Moreover, a new indicator Kurtosis is pointed out to evaluate the security against frequency analysis attacks. We implement the prototypes of SDAF. The experiments of the real-world data sets show that, compared with the existing schemes, SDAF can better resist frequency analysis attacks with lower time overheads.

E-voting plays a vital role in guaranteeing and promoting social fairness and democracy. However, traditional e-voting schemes rely on a centralized organization, leading to a crisis of trust in the vote-counting results. In response to this problem, researchers have introduced blockchain to realize decentralized e-voting, but the adoption of blockchain also brings new issues in terms of flexibility, anonymity, and usability. To this end, in this paper, we propose WeVoting, which provides weightbased flexibility with solid anonymity and enhances usability by designing a voter-independent on-chain counting mechanism. Specifically, we use distributed ElGamal homomorphic encryption and zero-knowledge proof to achieve voting anonymity with weight. Besides, WeVoting develops a counter-based counting mechanism to enhance usability compared with those self-tallying schemes. By critically designing an honesty-and-activity-based incentive algorithm, WeVoting can guarantee a correct counting result even in the presence of malicious counters. Our security and performance analyses elaborate that WeVoting achieves high anonymity in weighed voting under the premise of meeting the basic security requirements of e-voting. And meanwhile, its counting mechanism is sufficient for practical demands with reasonable overheads.

Cloud computing has been widely used because of its low price, high reliability, and generality of services. However, considering that cloud computing transactions between users and service providers are usually asynchronous, data privacy involving users and service providers may lead to a crisis of trust, which in turn hinders the expansion of cloud computing applications. In this paper, we propose DPP, a data privacypreserving cloud computing scheme based on homomorphic encryption, which achieves correctness, compatibility, and security. DPP implements data privacy-preserving by introducing homomorphic encryption. To verify the security of DPP, we instantiate DPP based on the Paillier homomorphic encryption scheme and evaluate the performance. The experiment results show that the time-consuming of the key steps in the DPP scheme is reasonable and acceptable.

Fraud detection is an integral part of financial security monitoring tool; however, the traditional fraud detection method cannot detect the existing malicious fraud, and the clouds will produce data revealing that the risk of fraud detection system can not protect the privacy of detected object, so the fraud detection data privacy security becomes a significant problem,Homomorphic encryption as a demonstrable cryptography cloud privacy computing outsourcing scheme can ensure that cloud computing can perform ciphertext polynomial calculation under the dense state data without direct contact with the accurate data of users, so as to ensure data privacy security. Aiming at the data privacy security problems in the process of fraud detection, this paper combined homomorphic encryption and Logistic regression fraud detection technology to study the Logistic regression fraud detection algorithm under homomorphic ciphertext and constructed a cloud privacy fraud detection method based on customer service and cloud computing services. CKKS encryption scheme is used to encrypt the fraud data set and realize the Logistic regression fraud detection algorithm under ciphertext. The experiment proves that the difference between the fraud detection accuracy on ciphertext and plaintext is less than 3\%. Under the condition of ensuring the privacy of sensitive data to be detected, the effect of the fraud detection model is not affected.

Cloud computing performs a significant part in sharing resources and data with other devices via data outsourcing. The data collaboration services, as a potential service given by the cloud service provider (CSP), is to assist the consistency and availability of the shared data amongst users. At the time of sharing resources, it is a complicated process for providing secure writing and access control operations. This study develops a Privacy Preserving Encryption with Optimal Key Generation Technique (PPE-OKGT) for CC environment. The presented PPE-OKGT technique secures the data prior to storing in the cloud sever via encryption process. For accomplishing this, the presented PPE-OKGT technique employs data encryption technology to secure the input data into a hidden format. Besides, in order to improve secrecy, the presented PPE-OKGT technique designs a chaotic search and rescue optimization (CSRO) algorithm for optimal generation of keys. The promising performance of the PPE-OKGT technique can be verified using a set of experimentations. A comprehensive comparison study reported the enhancements of the PPE-OKGT technique over other models.