Cryptography and Security (cs.CR)

Abstract: Modern information communications use cryptography to keep the contents of communications confidential. RSA (Rivest-Shamir-Adleman) cryptography and elliptic curve cryptography, which are public-key cryptosystems, are widely used cryptographic schemes. However, it is known that these cryptographic schemes can be deciphered in a very short time by Shor's algorithm when a quantum computer is put into practical use. Therefore, several methods have been proposed for quantum computer-resistant cryptosystems that cannot be cracked even by a quantum computer. A simple implementation of LWE-based lattice cryptography based on the LWE (Learning With Errors) problem requires a key length of $O(n^2)$ to ensure the same level of security as existing public-key cryptography schemes such as RSA and elliptic curve cryptography. In this paper, we attacked the Ring-LWE (RLWE) scheme, which can be implemented with a short key length, with a modified LLL (Lenstra-Lenstra-Lov\'asz) basis reduction algorithm and investigated the trend in the degree of field extension required to generate a secure and small key. Results showed that the lattice-based cryptography may be strengthened by employing Cullen or Mersenne prime numbers as the degree of field extension.

Abstract: Trusted execution environments in several existing and upcoming CPUs demonstrate the success of confidential computing, with the caveat that tenants cannot use accelerators such as GPUs and FPGAs. If the accelerators have TEE support, the user-code executing on the CPU in a confidential VM has to rely on software-based encryption to facilitate communication between VMs and accelerators. Even after hardware changes to enable TEEs on both sides and software changes to adopt existing code to leverage these features, it results in redundant data copies and hardware encryption at the bus-level and on the accelerator thus degrading the performance and defeating the purpose of using accelerators. In this paper, we reconsider the Arm Confidential Computing Architecture (CCA) design-an upcoming TEE feature in Arm v9-to address this gap. We observe that CCA offers the right abstraction and mechanisms to allow confidential VM to use accelerators as a first class abstraction, while relying on the hardware-based memory protection to preserve security. We build Acai, a CCA-based solution, to demonstrate the feasibility of our approach without changes to hardware or software on the CPU and the accelerator. Our experimental results on GPU and FPGA show that Acai can achieve strong security guarantees with low performance overheads.

Abstract: Building and maintaining a silicon foundry is a costly endeavor that requires substantial financial investment. From this scenario, the semiconductor business has largely shifted to a fabless model where the Integrated Circuit supply chain is globalized but potentially untrusted. In recent years, several hardware obfuscation techniques have emerged to thwart hardware security threats related to untrusted IC fabrication. Reconfigurable-based obfuscation schemes have shown great promise of security against state-of-the-art attacks -- these are techniques that rely on the transformation of static logic configurable elements such as Look Up Tables (LUTs). This survey provides a comprehensive analysis of reconfigurable-based obfuscation techniques, evaluating their overheads and enumerating their effectiveness against all known attacks. The techniques are also classified based on different factors, including the technology used, element type, and IP type. Additionally, we present a discussion on the advantages of reconfigurable-based obfuscation techniques when compared to Logic Locking techniques and the challenges associated with evaluating these techniques on hardware, primarily due to the lack of tapeouts. The survey's findings are essential for researchers interested in hardware obfuscation and future trends in this area.

Abstract: Signer-anonymity is a central feature of ring signatures (RS) which enable a user to sign messages on behalf of an arbitrary set of users, called the ring, without revealing exactly which member of that ring actually generated the signature. The strong and long-term signer-ambiguous is a reassuring guarantee for the user hesitating to leak a secret, especially if the consequences of an identification are dire in some scenarios such as whistleblowing. The unconditional ambiguity notion, which protects the signer-ambiguous even confront with an infinitely powerful adversary, is considered for RS which wants to achieve long-term signer-ambiguous. However, the existing works that consider the unconditional ambiguity notion did not comprehensively and strictly capture the unconditional ambiguity notion, and the existing lattice-based RS constructions analyzed the unconditional ambiguity only in the random oracle model. In this paper, we reformalize the unconditional ambiguity notion for RS, which comprehensively and strictly captures the security requirements imposed by the practice. Then we propose a lattice-based RS construction with unconditional ambiguity and prove the security (unforgeability and signer-ambiguous) in the standard model.

Abstract: In the last two decades, the evolving cyber-threat landscape has brought to center stage the contentious tradeoffs between the security and performance of modern microprocessors. The guarantees provided by the hardware to ensure no violation of process boundaries have been shown to be breached in several real-world scenarios. While modern CPU features such as superscalar, out-of-order, simultaneous multi-threading, and speculative execution play a critical role in boosting system performance, they are central for a potent class of security attacks termed transient micro-architectural attacks. These attacks leverage shared hardware resources in the CPU that are used during speculative and out-of-order execution to steal sensitive information. Researchers have used these attacks to read data from the Operating Systems (OS) and Trusted Execution Environments (TEE) and to even break hardware-enforced isolation. Over the years, several variants of transient micro-architectural attacks have been developed. While each variant differs in the shared hardware resource used, the underlying attack follows a similar strategy. This paper presents a panoramic view of security concerns in modern CPUs, focusing on the mechanisms of these attacks and providing a classification of the variants. Further, we discuss state-of-the-art defense mechanisms towards mitigating these attacks.

Abstract: In recent times, I've encountered a principle known as cloud computing, a model that simplifies user access to data and computing power on a demand basis. The main objective of cloud computing is to accommodate users' growing needs by decreasing dependence on human resources, minimizing expenses, and enhancing the speed of data access. Nevertheless, preserving security and privacy in cloud computing systems pose notable challenges. This issue arises because these systems have a distributed structure, which is susceptible to unsanctioned access - a fundamental problem. In the context of cloud computing, the provision of services on demand makes them targets for common assaults like Denial of Service (DoS) attacks, which include Economic Denial of Sustainability (EDoS) and Distributed Denial of Service (DDoS). These onslaughts can be classified into three categories: bandwidth consumption attacks, specific application attacks, and connection layer attacks. Most of the studies conducted in this arena have concentrated on a singular type of attack, with the concurrent detection of multiple DoS attacks often overlooked. This article proposes a suitable method to identify four types of assaults: HTTP, Database, TCP SYN, and DNS Flood. The aim is to present a universal algorithm that performs effectively in detecting all four attacks instead of using separate algorithms for each one. In this technique, seventeen server parameters like memory usage, CPU usage, and input/output counts are extracted and monitored for changes, identifying the failure point using the CUSUM algorithm to calculate the likelihood of each attack. Subsequently, a fuzzy neural network is employed to determine the occurrence of an attack. When compared to the Snort software, the proposed method's results show a significant improvement in the average detection rate, jumping from 57% to 95%.

Abstract: The present work builds on previous investigations of the authors (and their collaborators) regarding bridges, a certain type of morphisms between encryption schemes, making a step forward in developing a (category theory) language for studying relations between encryption schemes. Here we analyse the conditions under which bridges can be performed sequentially, formalizing the notion of composability. One of our results gives a sufficient condition for a pair of bridges to be composable. We illustrate that composing two bridges, each independently satisfying a previously established IND-CPA security definition, can actually lead to an insecure bridge. Our main result gives a sufficient condition that a pair of secure composable bridges should satisfy in order for their composition to be a secure bridge. We also introduce the concept of a complete bridge and show that it is connected to the notion of Fully composable Homomorphic Encryption (FcHE), recently considered by Micciancio. Moreover, we show that a result of Micciancio which gives a construction of FcHE schemes can be phrased in the language of complete bridges, where his insights can be formalised in a greater generality.

Abstract: Internet technology has proven to be a vital contributor to many cutting-edge innovations that have given humans access to interact virtually with objects. Until now, numerous virtual systems had been developed for digital transformation to enable access to thousands of services and applications that range from virtual gaming to social networks. However, the majority of these systems lack to maintain consistency during interconnectivity and communication. To explore this discussion, in the recent past a new term, Metaverse has been introduced, which is the combination of meta and universe that describes a shared virtual environment, where a number of technologies, such as 4th and 5th generation technologies, VR, ML algorithms etc., work collectively to support each other for the sake of one objective, which is the virtual accessibility of objects via one network platform. With the development, integration, and virtualization of technologies, a lot of improvement in daily life applications is expected, but at the same time, there is a big challenge for the research community to secure this platform from external and external threats, because this technology is exposed to many cybersecurity attacks. Hence, it is imperative to systematically review and understand the taxonomy, applications, open security challenges, and future research directions of the emerging Metaverse technologies. In this paper, we have made useful efforts to present a comprehensive survey regarding Metaverse technology by taking into account the aforesaid parameters. Following this, in the initial phase, we explored the future of Metaverse in the presence of 4th and 5th generation technologies. Thereafter, we discussed the possible attacks to set a preface for the open security challenges. Based on that, we suggested potential research directions that could be beneficial to address these challenges cost-effectively.