PLOS ONE: [sortOrder=DATE_NEWEST_FIRST, sort=Date, newest first, q=subject:"Cryptography"]PLOShttps://journals.plos.org/plosone/webmaster@plos.orgaccelerating the publication of peer-reviewed sciencehttps://journals.plos.org/plosone/search/feed/atom?sortOrder=DATE_NEWEST_FIRST&unformattedQuery=subject:%22Cryptography%22&sort=Date,+newest+firstAll PLOS articles are Open Access.https://journals.plos.org/plosone/resource/img/favicon.icohttps://journals.plos.org/plosone/resource/img/favicon.ico2024-03-29T12:23:03ZStealing complex network attack detection method considering security situation awarenessBo XiHuiying LiuBotao HouYing WangYuling Guo10.1371/journal.pone.02985552024-03-21T14:00:00Z2024-03-21T14:00:00Z<p>by Bo Xi, Huiying Liu, Botao Hou, Ying Wang, Yuling Guo</p>
Tracking and detection have brought great challenges to network security. Therefore, this paper proposes a monitoring method of stealthy complex network attacks considering security situation awareness. By constructing a tracking model of invisible complex network attacks, public monitoring nodes are selected for monitoring. The cost of a single monitoring node is calculated by the algorithm, and the monitoring node is determined by the monitoring node algorithm, so as to reduce the resource occupancy rate of the monitoring node and improve the monitoring accuracy. The simulation results show that this method is stable in the range of 1000 to 4000 nodes, and can effectively monitor the complex network attacks of stealing secrets.A lightweight and secure protocol for teleworking environmentFahad AlgarniSaeed Ullah Jan10.1371/journal.pone.02982762024-03-21T14:00:00Z2024-03-21T14:00:00Z<p>by Fahad Algarni, Saeed Ullah Jan</p>
The Internet has advanced so quickly that we can now access any service at any time, from any location. As a result of this capability, People around the world can benefit from the popularity and convenience of teleworking systems. Teleworking systems, however, are vulnerable to a range of attacks; as an unauthorized user enters the open communication line and compromises the whole system, that, in turn, creates a big hurdle for the teleworkers. Professional groups have presented numerous mechanisms for the security of teleworking systems to stop any harm, but there are still a lot of security issues like insider, stolen verifier, masquerade, replay, traceability and impersonation threats. In this paper, we propose that one of the security issues with teleworking systems is the lack of a secure authentication mechanism. In order to provide a secure teleworking environment, we have proposed a lightweight and secure protocol to authenticate all the participants and make the requisite services available in an efficient manner. The security analysis of the presented protocol has been investigated formally using the random oracle model (ROM) and ProVerif simulation and informally through illustration/attack discussions. Meanwhile, the performance metrics have been measured by considering computation and communication overheads. Upon comparing the proposed protocol with prior works, it has been demonstrated that our protocol is superior to its competitors. It is suitable for implementation because it achieved a 73% improvement in computation and 34% in communication costs.TurboBlom: A light and resilient key predistribution scheme with application to Internet of ThingsMajid KhabbazianReihaneh Safavi-NainiAhmad Shabani-Baghani10.1371/journal.pone.02951902024-03-20T14:00:00Z2024-03-20T14:00:00Z<p>by Majid Khabbazian, Reihaneh Safavi-Naini, Ahmad Shabani-Baghani</p>
In the Internet of Things (IoT), there are often devices that are computationally too constrained to establish a security key using traditional key distribution mechanisms such as those based on the Diffie-Hellman key exchange. To address this, current solution commonly rely on key predistribution schemes (KPSs). Among KPSs, the Blom scheme provably provides the highest resilience against node capture attacks. This, however, comes at high computational overhead, because the Blom scheme requires many multiplications over a large finite field. To overcome this computational overhead, we present TurboBlom, a novel amendment of the Blom scheme. TurboBlom circumvents the need for field multiplications by utilizing specialized generator matrices, such as random zero-one matrices. We demonstrate that, through this approach, TurboBlom can significantly reduce the computational overhead of the Blom scheme by orders of magnitude. In our next key finding, we demonstrate that TurboBlom offers a level of resilience against node capture that is virtually on par with the Blom scheme. Notably, we prove that the gap between the resilience of the two schemes is exponentially small. These features of TurboBlom (i.e., low computational overhead and high resilience) make it suitable for computationally constrained devices. Such devices exist in abundance in IoT, for example, as part of Low Power and Lossy Networks (LLNs). To demonstrate a sample application of TurboBlom, we show how to use it to enable sender authentication in the Routing Protocol for LLNs (RPL), a standard routing protocol for IoT.Linear feedback coding scheme for multiple-access fading channels with degraded message setsYuan LiaoXiaofang Wang10.1371/journal.pone.02953692024-03-18T14:00:00Z2024-03-18T14:00:00Z<p>by Yuan Liao, Xiaofang Wang</p>
Channel coding technology plays an important role in wireless communication systems, and it serves as a crucial mechanism to reduce interference during the transmission process. As the fifth-generation (5G) and sixth-generation (6G) wireless communication systems rapidly advance, requirements of the users on the quality and security of wireless service are increasing. To solve these problems, it calls for us to explore the new channel coding technologies. In this paper, a linear feedback coding scheme for fading multiple-access channels with degraded message sets (FMAC-DMS) is proposed. In this scheme, the transmitting beamforming and channel splitting are used to transform the channel with complex signals into scalar equivalent sub-channels. Then, the extended Schalkwijk-Kailath coding scheme (SK) is further applied to each sub-channel. The channel capacity, finite blocklength (FBL) sum-rate and FBL secrecy achievable sum-rate of the FMAC-DMS in single-input single-output (SISO) and multi-input single-output (MISO) cases are derived. Finally, we show that the proposed scheme not only provides a FBL coding solution but also guarantees physical layer security(PLS). The numerical and simulation results show the effectiveness of the proposed scheme as a channel coding solution. The study of this paper provides a new method to construct a practical FBL scheme for the FMAC-DMS.Access authentication via blockchain in space information networkMuhammad ArshadLiu JianweiMuhammad KhalidWaqar KhalidYue CaoFakhri Alam Khan10.1371/journal.pone.02912362024-03-07T14:00:00Z2024-03-07T14:00:00Z<p>by Muhammad Arshad, Liu Jianwei, Muhammad Khalid, Waqar Khalid, Yue Cao, Fakhri Alam Khan</p>
Space Information Network (SIN) has significant benefits of providing communication anywhere at any time. This feature offers an innovative way for conventional wireless customers to access enhanced internet services by using SIN. However, SIN’s characteristics, such as naked links and maximum signal latency, make it difficult to design efficient security and routing protocols, etc. Similarly, existing SIN authentication techniques can’t satisfy all of the essentials for secure communication, such as privacy leaks or rising authentication latency. The article aims to develop a novel blockchain-based access authentication mechanism for SIN. The proposed scheme uses a blockchain application, which has offered anonymity to mobile users while considering the satellites’ limited processing capacity. The proposed scheme uses a blockchain application, which offers anonymity to mobile users while considering the satellites’ limited processing capacity. The SIN gains the likelihood of far greater computational capacity devices as technology evolves. Since authenticating in SIN, the technique comprises three entities: low Earth orbit, mobile user, and network control centre. The proposed mutual authentication mechanism avoids the requirement of a ground station, resulting in less latency and overhead during mobile user authentication. Finally, the new blockchain-based authentication approach is being evaluated with AVISPA, a formal security tool. The simulation and performance study results illustrate that the proposed technique delivers efficient security characteristics such as low authentication latency, minimal signal overhead and less computational cost with group authentication.BPKEM: A biometric-based private key encryption and management framework for blockchainHao CaiHan LiJianlong XuLinfeng LiYue Zhang10.1371/journal.pone.02860872024-03-04T14:00:00Z2024-03-04T14:00:00Z<p>by Hao Cai, Han Li, Jianlong Xu, Linfeng Li, Yue Zhang</p>
The fundamental technology behind bitcoin, known as blockchain, has been studied and used in a variety of industries especially in finance. The security of blockchain is extremely important as it will affects the assets of the clients as well as it is the lifeline feature of the entire system that needs to be guaranteed. Currently, there is a lack of a methodical approach to guarantee the security and dependability of the private key during its whole life. Furthermore, there is no quick, easy, or secure way to create the encryption key. A biometric-based private key encryption and management framework (BPKEM) for blockchain is proposed not only to solve the private key lifecycle manag- ement problem, but also it maintains compatibility with existing blockchain systems. For the problem of private key encryption, a biometric-based stable key generation method is proposed. By using the relative invariance between facial and fingerprint feature points, this measure can convert feature points into stable and distinguishable descriptors, then using a reusable fuzzy extractor to create a stable key. The correct- ness and efficiency of the newly proposed biometric-based blockchain encryption tech- nique in this paper has been validated in the experiments.An enterprise composite blockchain construction method for business environmentSu LiJunlu WangBaoyan Song10.1371/journal.pone.02991622024-03-01T14:00:00Z2024-03-01T14:00:00Z<p>by Su Li, Junlu Wang, Baoyan Song</p>
In order to foster a modern economic system and facilitate high-quality economic development, it is crucial to establish a conducive business environment. Undoubtedly, the evaluation of the business environment for enterprises constitutes a prominent area of research. Nevertheless, ensuring the authenticity and security of the raw data sources provided by participating enterprises poses a challenge, thereby compromising the accuracy of the evaluation. To tackle this issue, an enterprise composite blockchain construction method for business environment is proposed in this paper, which stores the raw data of enterprises by the means of hybrid on-chain and off-chain. Initially, the enhanced hash function SHA256 is introduced to encrypt the raw data of enterprises. The encrypted data is subsequently stored in an off-chain Level DB database, which is based on non-volatile memory. This approach effectively alleviates the burden on communication and storage. Secondly, a composite storage strategy on-chain is adopted: the key values from the Level DB are stored in the DAG-based Conflux public blockchain, while the enterprise state data is stored in the consortium blockchain, so as to provide trusted evidence of business environment evaluation data. Finally, it is demonstrated through a large number of experimental comparisons that the enterprise composite blockchain construction method proposed in this paper exhibits better read and write performance, lower storage efficiency and storage overhead, and outperforms both the before-improved Level DB database and existing blockchain storage models.Blockchain-secure patient Digital Twin in healthcare using smart contractsSandro AmofaQi XiaHu XiaIsaac Amankona ObiriBonsu Adjei-ArthurJingcong YangJianbin Gao10.1371/journal.pone.02861202024-02-29T14:00:00Z2024-02-29T14:00:00Z<p>by Sandro Amofa, Qi Xia, Hu Xia, Isaac Amankona Obiri, Bonsu Adjei-Arthur, Jingcong Yang, Jianbin Gao</p>
Modern healthcare has a sharp focus on data aggregation and processing technologies. Consequently, from a data perspective, a patient may be regarded as a timestamped list of medical conditions and their corresponding corrective interventions. Technologies to securely aggregate and access data for individual patients in the quest for precision medicine have led to the adoption of Digital Twins in healthcare. Digital Twins are used in manufacturing and engineering to produce digital models of physical objects that capture the essence of device operation to enable and drive optimization. Thus, a patient’s Digital Twin can significantly improve health data sharing. However, creating the Digital Twin from multiple data sources, such as the patient’s electronic medical records (EMR) and personal health records (PHR) from wearable devices, presents some risks to the security of the model and the patient. The constituent data for the Digital Twin should be accessible only with permission from relevant entities and thus requires authentication, privacy, and provable provenance. This paper proposes a blockchain-secure patient Digital Twin that relies on smart contracts to automate the updating and communication processes that maintain the Digital Twin. The smart contracts govern the response the Digital Twin provides when queried, based on policies created for each patient. We highlight four research points: access control, interaction, privacy, and security of the Digital Twin and we evaluate the Digital Twin in terms of latency in the network, smart contract execution times, and data storage costs.A lightweight attribute-based signcryption scheme based on cloud-fog assisted in smart healthcareYanzhong SunXiaoni DuShufen NiuSiwei Zhou10.1371/journal.pone.02970022024-01-30T14:00:00Z2024-01-30T14:00:00Z<p>by Yanzhong Sun, Xiaoni Du, Shufen Niu, Siwei Zhou</p>
In the environment of big data of the Internet of Things, smart healthcare is developed in combination with cloud computing. However, with the generation of massive data in smart healthcare systems and the need for real-time data processing, traditional cloud computing is no longer suitable for resources-constrained devices in the Internet of Things. In order to address this issue, we combine the advantages of fog computing and propose a cloud-fog assisted attribute-based signcryption for smart healthcare. In the constructed “cloud-fog-terminal” three-layer model, before the patient (data owner)signcryption, it first offloads some heavy computation burden to fog nodes and the doctor (data user) also outsources some complicated operations to fog nodes before unsigncryption by providing a blinded private key, which greatly reduces the calculation overhead of resource-constrained devices of patient and doctor, improves the calculation efficiency. Thus it implements a lightweight signcryption algorithm. Security analysis confirms that the proposed scheme achieves indistinguishability under chosen ciphertext attack and existential unforgeability under chosen message attack if the computational bilinear Diffie-Hellman problem and the decisional bilinear Diffie-Hellman problem holds. Furthermore, performance analysis demonstrates that our new scheme has less computational overhead for both doctors and patients, so it offers higher computational efficiency and is well-suited for application scenarios of smart healthcare.A lightweight and robust authentication scheme for the healthcare system using public cloud serverIrshad Ahmed AbbasiSaeed Ullah JanAbdulrahman Saad AlqahtaniAdnan Shahid KhanFahad Algarni10.1371/journal.pone.02944292024-01-30T14:00:00Z2024-01-30T14:00:00Z<p>by Irshad Ahmed Abbasi, Saeed Ullah Jan, Abdulrahman Saad Alqahtani, Adnan Shahid Khan, Fahad Algarni</p>
Cloud computing is vital in various applications, such as healthcare, transportation, governance, and mobile computing. When using a public cloud server, it is mandatory to be secured from all known threats because a minor attacker’s disturbance severely threatens the whole system. A public cloud server is posed with numerous threats; an adversary can easily enter the server to access sensitive information, especially for the healthcare industry, which offers services to patients, researchers, labs, and hospitals in a flexible way with minimal operational costs. It is challenging to make it a reliable system and ensure the privacy and security of a cloud-enabled healthcare system. In this regard, numerous security mechanisms have been proposed in past decades. These protocols either suffer from replay attacks, are completed in three to four round trips or have maximum computation, which means the security doesn’t balance with performance. Thus, this work uses a fuzzy extractor method to propose a robust security method for a cloud-enabled healthcare system based on Elliptic Curve Cryptography (ECC). The proposed scheme’s security analysis has been examined formally with BAN logic, ROM and ProVerif and informally using pragmatic illustration and different attacks’ discussions. The proposed security mechanism is analyzed in terms of communication and computation costs. Upon comparing the proposed protocol with prior work, it has been demonstrated that our scheme is 33.91% better in communication costs and 35.39% superior to its competitors in computation costs.Performance analysis: Securing SIP on multi-threaded/multi-core proxy server using public keys on Diffie–Hellman (DH) in single and multi-server queuing scenariosDavid Samuel BhattiSalbia SidratShahzad SaleemAnnas Wasim MalikBeomKyu SuhKi-Il KimKyu-Chul Lee10.1371/journal.pone.02936262024-01-25T14:00:00Z2024-01-25T14:00:00Z<p>by David Samuel Bhatti, Salbia Sidrat, Shahzad Saleem, Annas Wasim Malik, BeomKyu Suh, Ki-Il Kim, Kyu-Chul Lee</p>
The rapid replacement of PSTN with VOIP networks indicates the definitive phase-out of the PBX/PABX with smartphone-based VOIP technology that uses WLAN connectivity for local communication; however, security remains a key issue, regardless of the communication coverage area. Session initiation protocol (SIP) is one of the most widely adopted VOIP connection establishment protocols but requires added security. On the Internet, different security protocols, such as HTTPS (SSL/TLS), IPSec, and S/MIME, are used to protect SIP communication. These protocols require sophisticated infrastructure and some pose a significant overhead that may deteriorate SIP performance. In this article, we propose the following: i) avoid using Internet bandwidth and complex Internet protocols for local communication within an organization, but harness WLAN connectivity, ii) use multi-threaded or multicore computer systems to handle concurrent calls instead of installing hardware-based SIP servers, and iii) run each thread in a separate core. Cryptography is a key tool for securely transmitting confidential data for long- and short-range communication, and the Diffie-Hellman (DH) protocol has consistently been a popular choice for secret key exchanges. Primarily, used for symmetric key sharing, it has been proven effective in generating public/private key pairs, sharing public keys securely over public channels, and subsequently deriving shared secret keys from private/public keys. This key exchange scheme was proposed to safeguard VOIP communication within WLANs, which rely on the SIP for messaging and multimedia communication. For ensuring an efficient implementation of SIP, the system was rigorously analyzed using the M/M/1 and M/M/c queuing models. We analyze the behavior of SIP servers with queuing models with and without end-to-end security and increase users’ trust in SIP security by providing a transparent sense of end-to-end security as they create and manage their private and public keys instead of relying on the underlying SIP technology. This research implements instant messaging, voice conversation, and secret key generation over DH while implementing and observing the role of multi-threading in multiqueue systems that serve incoming calls. By increasing the number of threads from one to two, the SIP response time improved from 20.23809 to 0.08070 min at an arrival rate of 4250 calls/day and a service rate of three calls/min. Similarly, by adding one to seven threads, the queue length was reduced by four calls/min. Implementing secure media streaming and reliable AES-based signaling for session confidentiality and integrity introduces a minor 8-ms tradeoff in SIP service performance. However, the advantages of implementing added security outweigh this limitation.Low complexity smart grid security protocol based on elliptic curve cryptography, biometrics and hamming distanceKeyan Abdul-Aziz MutlaqVincent Omollo NyangaresiMohd Adib OmarZaid Ameen AbduljabbarIman Qays AbduljaleelJunchao MaMustafa A. Al Sibahee10.1371/journal.pone.02967812024-01-23T14:00:00Z2024-01-23T14:00:00Z<p>by Keyan Abdul-Aziz Mutlaq, Vincent Omollo Nyangaresi, Mohd Adib Omar, Zaid Ameen Abduljabbar, Iman Qays Abduljaleel, Junchao Ma, Mustafa A. Al Sibahee</p>
The incorporation of information and communication technologies in the power grids has greatly enhanced efficiency in the management of demand-responses. In addition, smart grids have seen considerable minimization in energy consumption and enhancement in power supply quality. However, the transmission of control and consumption information over open public communication channels renders the transmitted messages vulnerable to numerous security and privacy violations. Although many authentication and key agreement protocols have been developed to counter these issues, the achievement of ideal security and privacy levels at optimal performance still remains an uphill task. In this paper, we leverage on Hamming distance, elliptic curve cryptography, smart cards and biometrics to develop an authentication protocol. It is formally analyzed using the Burrows-Abadi-Needham (BAN) logic, which shows strong mutual authentication and session key negotiation. Its semantic security analysis demonstrates its robustness under all the assumptions of the Dolev-Yao (DY) and Canetti- Krawczyk (CK) threat models. From the performance perspective, it is shown to incur communication, storage and computation complexities compared with other related state of the art protocols.Comparative analysis and FPGA realization of different control synchronization approaches for chaos-based secured communication systemsTalal BonnyWafaa Al NassanAceng Sambas10.1371/journal.pone.02917142024-01-23T14:00:00Z2024-01-23T14:00:00Z<p>by Talal Bonny, Wafaa Al Nassan, Aceng Sambas</p>
Synchronization of the chaotic systems has attracted much attention in recent years due to its vital applications in secured communication systems. In this paper, an implementation and comparative analysis of two different control approaches for synchronization between two identical four-dimensional hyperchaotic systems is presented. The two control approaches are the Adaptive nonlinear controller and the linear optimal quadratic regulator LQR. To demonstrate the effectiveness of each controller, the numerical simulation is presented using Matlab/Simulink and the control law is derived. The performance of the proposed controllers is compared based on four factors; response time, squared error integration, energy applied from the controller, and cost function. To measure the robustness of the control approaches, the performance factors are compared when there is a change in system parameters and a variation in the initial conditions. Then the proposed synchronization methods are implemented on the FPGA platform to demonstrate the utilized resources on Field Programmable Gate Array (FPGA) hardware platform and the operation speed. Finally, to generalize the results of the comparison, the study is implemented for the synchronization of another secured communication system consisting of two identical three-dimensional chaotic. The experimental results show that the LQR method is more effective than the Adaptive controller based on the performance factors we propose. Moreover, the LQR is much simpler to implement on hardware and requires fewer resources on the FPGA.Searching across-cohort relatives in 54,092 GWAS samples via encrypted genotype regressionQi-Xin ZhangTianzi LiuXinxin GuoJianxin ZhenMeng-yuan YangSaber KhederzadehFang ZhouXiaotong HanQiwen ZhengPeilin JiaXiaohu DingMingguang HeXin ZouJia-Kai LiaoHongxin ZhangJi HeXiaofeng ZhuDaru LuHongyan ChenChangqing ZengFan LiuHou-Feng ZhengSiyang LiuHai-Ming XuGuo-Bo Chen10.1371/journal.pgen.10110372024-01-11T14:00:00Z2024-01-11T14:00:00Z<p>by Qi-Xin Zhang, Tianzi Liu, Xinxin Guo, Jianxin Zhen, Meng-yuan Yang, Saber Khederzadeh, Fang Zhou, Xiaotong Han, Qiwen Zheng, Peilin Jia, Xiaohu Ding, Mingguang He, Xin Zou, Jia-Kai Liao, Hongxin Zhang, Ji He, Xiaofeng Zhu, Daru Lu, Hongyan Chen, Changqing Zeng, Fan Liu, Hou-Feng Zheng, Siyang Liu, Hai-Ming Xu, Guo-Bo Chen</p>
Explicitly sharing individual level data in genomics studies has many merits comparing to sharing summary statistics, including more strict QCs, common statistical analyses, relative identification and improved statistical power in GWAS, but it is hampered by privacy or ethical constraints. In this study, we developed <i>encG-reg</i>, a regression approach that can detect relatives of various degrees based on encrypted genomic data, which is immune of ethical constraints. The encryption properties of <i>encG-reg</i> are based on the random matrix theory by masking the original genotypic matrix without sacrificing precision of individual-level genotype data. We established a connection between the dimension of a random matrix, which masked genotype matrices, and the required precision of a study for encrypted genotype data. <i>encG-reg</i> has false positive and false negative rates equivalent to sharing original individual level data, and is computationally efficient when searching relatives. We split the UK Biobank into their respective centers, and then encrypted the genotype data. We observed that the relatives estimated using <i>encG-reg</i> was equivalently accurate with the estimation by KING, which is a widely used software but requires original genotype data. In a more complex application, we launched a finely devised multi-center collaboration across 5 research institutes in China, covering 9 cohorts of 54,092 GWAS samples. <i>encG-reg</i> again identified true relatives existing across the cohorts with even different ethnic backgrounds and genotypic qualities. Our study clearly demonstrates that encrypted genomic data can be used for data sharing without loss of information or data sharing barrier.Hiding scrambled text messages in speech signals using a lightweight hyperchaotic map and conditional LSB mechanismMustafa A. Al SibaheeZaid Ameen AbduljabbarChengwen LuoJin ZhangYijing HuangIman Qays AbduljaleelJunchao MaVincent Omollo Nyangaresi10.1371/journal.pone.02964692024-01-03T14:00:00Z2024-01-03T14:00:00Z<p>by Mustafa A. Al Sibahee, Zaid Ameen Abduljabbar, Chengwen Luo, Jin Zhang, Yijing Huang, Iman Qays Abduljaleel, Junchao Ma, Vincent Omollo Nyangaresi</p>
This study presents a lightweight, secure audio steganography system for hiding text messages for transmission over the Internet, with the aim of addressing the current problems of high computational cost and insufficient security identified in earlier studies. We propose a two-phase functioning mechanism. Text characters are first transformed into ASCII code and stored in a vector, which is then divided into three sub-vectors. These sub-vectors are scrambled using two low-complexity operations, namely a forward-backward reading technique and an odd-even index. Two scrambling loops are performed, the first on the small sub-vectors the second on the vector as a whole. In the hiding phase, the speech signal samples are divided into 256 blocks using only 200 values per block, and low-complexity quadratic and the Hénon maps are used to hide the speech signal in a random manner. The conditional LSB is applied as a low-complexity algorithm to identify hidden bits, and a special hyperchaotic map algorithm is developed to randomly choose locations. The proposed approach provides good security for a scrambled text message, with high SNR and PSNR, small MSE and PESQ, a SSIM value of close to one (As indicated in Tables 1, 2, 3, and 4), a BER value of close to zero (as shown in table 8), NCC value near +1 (as shown in table 8), and an MOS value of near five (as described in table 6), as well as a low computational hiding cost.