This study revisits the side-channel security of the elliptic curve cryptography (ECC) scalar multiplication implemented with Montgomery ladder. Focusing on a specific implementation that does not use the y -coordinate for point addition (ECADD) and point doubling (ECDBL), the authors show that Montgomery ladder on Weierstrass curves is vulnerable to a chosen base-point attack. Unlike the normal implementation

Recently, lattice signatures based on the Fiat-Shamir framework have seen a lot of improvements which are efficient in practice. The security of these signature schemes depends mainly on the hardness of solving short integer solutions (SIS) and/or learning with errors problem in the random oracle model. The authors propose an alternative lattice-based signature scheme on the Fiat-Shamir framework over

LBlock is a lightweight block cipher with Feistel-SP structure proposed by Wu and Zhang in Applied Cryptography and Network Security 2011, and a modified version LBlock-s is used later in the design of the lightweight authenticated encryption cipher LAC, one of the CAESAR candidates. The best known integral attack on LBlock is presented by Zhang and Wu which can attack 23-round LBlock based on a 16-round

Distributed sensors are mainly used environment monitoring systems to monitor volcanic eruption, weather disaster, storm, tornadoes, hurricane, earthquake, and tsunami. The routing path of these networks is frequently affected by the presence of malicious and faulty nodes. The authors propose a secure, load-balanced routing (SLBR) protocol using wireless sensor networks for disaster management. The

Poly1305 is a polynomial hash function designed by Bernstein in 2005. Presently, it is part of several major platforms, including the Transport Layer Security protocol. Vectorised implementation of Poly1305 was proposed by Goll and Gueron in 2015. The authors provide some simple algorithmic improvements to the Goll–Gueron vectorisation strategy. Implementation of the modified strategy on modern Intel

The popularity of Android prompts cyber-criminals to create malicious apps that can compromise security and confidentiality of the mobile systems. Analysing the permissions requested by an app is one of the methods to detect if it is malware or not. However, taking all the permissions available in the Android system into account can result in a model with increased complexity. To tackle this, a malware

With the fast increase in airspace density and high-safety requirements on aviation, automatic dependent surveillance-broadcast (ADS-B) is regarded as the primary method in the next generation air traffic surveillance. The ADS-B data is broadcast with the plain text without sufficient security measures, which results in various attack patterns emerging. However, in terms of constrictions with laws

Recently emerged distributed computation outsourcing environments (e.g. volunteer computing, crowdsourcing, cloud computing, and pooled mining in cryptocurrencies) provide many new opportunities and challenges. One important new challenge in these environments is assuring the correctness and validity of the computation output when computation nodes have motivation for lazy, malicious, or hoarding behaviour

A Key Derivation Function (KDF) derives cryptographic keys from private string and public information. The security property for the cryptographic keys is indistinguishable from the random strings of equal length. The security analysis of KDFs has received increasing attention. The practice important of KDFs is reflected in the adoption of industry standards such as NIST800-135 and PKCS5. This study

The integral cryptanalysis is a powerful cryptanalytic technique for the security evaluation of block cipher. However, when using the MILP-aided division property to search the integral distinguishers, many candidates of initial division properties need to be tested, so that the computations are unbearable in practice. This study takes advantage of the division property propagation of S-box to improve

The cryptographic algorithm has been gradually improved in design, but its implementations are vulnerable to side-channel analysis (SCA). Generally speaking, adding a mask to the primitive is the best way to counteract SCA. In the high-order mask, the key to affecting performance and security lies in the multiplication design. Based on the research of the advanced encryption standard (AES) algorithm

The stream cipher SNOW 3G is the core of the 3G Partnership Project (3GPP) for implementing a confidentiality algorithm and data integrity algorithm. In this study, the authors analyse the initialisation stage based on the chosen IV differential attacks on the reduced-round SNOW 3G and SNOW . Firstly, they show a distinguisher for 12-round SNOW 3G and 255 distinguishers for 13-round SNOW , respectively

The authors use the mixed-integer linear programming (MILP) technique for the automatic search for differential characteristics of LEA and HIGHT ciphers. They show that the MILP model of the differential property of modular addition with one constant input can be represented with a much lesser number of linear inequalities compared to the general case. Benefiting from this model for HIGHT block cipher

In this study, the authors take advantage of feeding the SMT solver by extra information provided through middle state cube characteristics to introduce a new method which they call SMT-based cube attack, and apply it to improve the success of the solver in attacking reduced-round versions of Simeck32/64 lightweight block cipher. The key idea is to search for and utilise all found middle state characteristics

Internet of Things (IoT) gains popularity in recent times due to its flexibility, usability, diverse applicability and ease of deployment. However, the issues related to security are less explored. The IoT devices are light weight in nature and have low computation power, low battery life and low memory. As incorporating security features are resource expensive, IoT devices are often found to be less

With the advances in wireless communication and Internet of things, wireless body area networks (WBANs) have attracted more and more attention because of the potential in improving the quality of health care services. With the help of WBANs, the user can access the patient's life-critical data generated by miniaturised medical sensors, and remote health care monitoring services are provided. Since

Wireless mesh networks (WMNs) upraised as superior technology offering all aspects of services as compared to conventional networks. Due to the absence of centralised authority, WMNs suffers from both external and internal attacks, which decrease the overall performance of WMNs. In this study, the authors proposed an efficient handoff authentication protocol with privacy preservation of nonce and transfer

In recent years, the security of online social networks (OSNs) has become an issue of widespread concern. Searching and detecting compromised accounts in OSNs is crucial for ensuring the security of OSN platforms. In this study, the authors proposed a new method of detecting compromised accounts based on a supervised analytical hierarchy process (SAHP). First, they considered the expression habits

In the previous study, authors proved that inversion of enhanced matrix power function (MPF), introduced as conjectured one-way function, is a nondeterministic polynomial time (NP)-complete problem. Furthermore, a key agreement protocol (KAP), the security of which relies on the inversion of this function, was previously proposed. The problem is that the application of MPF can yield weak keys under

Malware and malicious code do not only incur considerable costs and losses but impact negatively the reputation of the targeted organisations. Malware developers, hackers, and information security specialists are continuously improving their strategies to defeat each other. Unfortunately, there is no one-size-fits-all solution to detect and eradicate any malware. This situation is aggravated more by

Cube attacks are an important type of key recovery attacks against nonlinear feedback shift register (NFSR)-based cryptosystems. The key step in cube attacks closely related to key recovery is recovering superpolies. However, in the previous cube attacks including original, division property based and correlation cube attacks, the algebraic normal form of superpolies could hardly be shown to be exact

The identity-based signature (IBS) scheme is one of the most promising secure and widely used cryptographic primitives for electronic commerce applications. For example, ID-based signing in a multi-party setting, without ever revealing any private and secret information, has received considerable interest in distributed applications such as a global manufacturer. However, there is no practical solution

Low-rate denial of service (LDoS) attack is a special DoS attack type of wireless sensor network (WSN). Routing protocol is the critical component of the WSN. Routing flood attack is a novel LDoS attack pattern in WSN. However, the attack is difficult to be detected by traditional intrusion detection algorithm. A novel LDoS attack detection method based on big data and signal analysis is proposed.

Scan chain is an architectural solution to facilitate in-field tests and debugging of digital chips, however, it is also known as a source of security problems, e.g. scan-based attacks in the chips. The authors conduct a comprehensive gate-level security analysis on crypto-chips, which are equipped with a scan chain, and then propose a set of protection mechanisms to immune vulnerable nets of the chips

The publish/subscribe (P/S) service on Advanced Metering Infrastructure (AMI) servers of smart grid need to deal with huge amount of data, which may lead to data burst on AMI servers and serious server crash. Moreover, for protecting data security, sensitive data must be encrypted before being published. It obstacles traditional data utilisation based on plaintext P/S service. Thus, enabling an encrypted

In the present day computing environment, where access control decisions are often dependent on contextual information like the location of the requesting user and the time of access request, Attribute Based Access Control (ABAC) has emerged as a suitable choice for expressing security policies. In an ABAC system, access decisions depend on the set of attribute values associated with the subjects,