The paper objective is to determine the basic schemes and their characteristics for ensuring the security of Internet of Things nodes using symmetric authentication cryptographic microcircuits. The main results that had been obtained by using method of structural and functional design represent potentially possible options for using symmetric authentication cryptomicrocircuits to ensure the protection of Internet of Things nodes. The analysis of the presented schemes’ functioning made it possible to form the following conclusions. The host-side private key storage authentication scheme provides a fast symmetric authentication process, but requires secure storage of the private key on the host side. The simplest authentication scheme without storing a secret key on the host side, which does not imply the use of a cryptographic chip on the host side, provides a fast symmetric authentication process, but has a relatively low cryptographic strength, since the interaction in the system is performed without a random component in cryptographic transformations, which assumes constant the nature of requests in the system, and, consequently, the possibility of cryptanalysis of messages. To increase the cryptographic strength of such a scheme, it is advisable to introduce into the interaction system a random component in cryptographic transformations and use additional hashing procedures with an intermediate key, which leads to the complication of the scheme due to double hashing, but significantly increases the level of information security of IoT nodes. Downloading software in the system is implemented using secret encryption and authentication keys, which are permanently stored in the secure non-volatile memory of cryptographic chips of IoT nodes. In this case, session keys for encrypting the firmware code or decrypting it are generated on the client and host side, respectively. This approach allows creating unique downloads of the original firmware code (application) by preventing cryptanalysts from obtaining its images and algorithms. The peculiarity of the scheme of exchange of symmetric session encryption keys of messages are: use of a secret key stored on the side of the host and the client; the determination of the session key is performed as a result of hashing a random number with a secret key, that is, the exchange of the session key is performed in an encrypted secure form.
Subject of research: procedures of asymmetric authentication of Internet of Things nodes to ensure the highest level of security using cryptographic chips. The aim of the article is to study the ways of potential use of cryptographic chips to ensure secure authentication of Internet of Things sites using asymmetric cryptography procedures. The article solves the following tasks: analysis of hardware support technologies for asymmetric cryptography of the Internet of Things; definition of secure procedures for asymmetric authentication of Internet of Things sites and their constituent elements: creation of certificates, verification of public and private keys. Research methods: method of structural and functional analysis and design of complex systems, methods of identification and authentication of information objects, cryptographic methods of information protection, methods of security analysis of distributed information systems. The novelty of the study is the analysis of hardware support technologies for asymmetric cryptography of Internet of Things with cryptographic chips and the definition of structural and functional schemes for the implementation of procedures for asymmetric authentication of Internet of Things. Distinctive features of the provided asymmetric authentication schemes and procedures are: ensuring an increased level of information security through secure storage of cryptographic keys, digital signatures, certificates, confidential data in a novelty security environment protected from external attacks and no need to store private keys on the host side. The results of the work are procedures and schemes of application of cryptomicrops of asymmetric authentication to ensure the protection of Internet of Things. Analysis of the functioning of the presented schemes allowed to draw the following conclusions. The proposed structural and functional schemes for the implementation of procedures for asymmetric authentication of Internet of Things using cryptographic chips give the user an easy opportunity to implement cryptography without expertise in this field. These chips use the ECDSA digital signature computing and verification hardware with elliptical curve advantages, as a proven and reliable authentication algorithm, and the ECDH symmetric encryption session key generation unit. The provided schemes and procedures support three components of information security, namely: confidentiality, integrity and authenticity of data. Examples of potential applications of the provided schemes and procedures can be implemented using any asymmetric authentication chip, but it is recommended that they be used to generate encryption session keys and where digital signatures are required to verify data and code for integrity and authenticity.
Subject of the study: the process of acoustic information protection in computer systems of critical applications to ensure the required level of system security. The aim of the article is to analyze the methods of acoustic information protection in computer systems of critical application by means of masking to ensure the impossibility of unauthorized access to the system. The article solves the following tasks: to analyze the software and hardware masking of speech; to study the masking of speech messages in order to introduce unrecognizability; to study the features of speech message compression; to investigate methods of covert transmission of acoustic information. The results of the work, which were obtained using mathematical methods of information transformation in computer systems, are potentially possible methods of masking speech messages to ensure the impossibility of unauthorized access to the system. The analysis of the functioning of the presented methods has led to the following conclusions. One of the perspective directions of acoustic information protection in communication channels and dedicated premises can be considered the creation and development of computerized speech masking systems along with or in conjunction with traditional technologies of semantic protection of acoustic information, namely, speech signal classification based on cryptographic algorithms. The main requirements for today's systems that provide protection of acoustic information in critical computer systems are speed and efficiency of various speech signal processing procedures using standard inexpensive technical means of computer telephony, namely: a personal computer, sound card, telephone line interface device and/or modem. These requirements can be met by applying digital methods of dynamic spectral analysis, i.e. synthesis of speech and audio signals. The choice of specific methods and means of speech masking as one of the types of semantic protection of acoustic information will depend on the practical requirements for the speech protection system and the technical characteristics of the acoustic information transmission channel. Further research is desirable to analyze the possible use of methods for synthesizing large ensembles of quasi-orthogonal discrete signals with improved ensemble, structural and correlation properties to ensure higher security indicators of acoustic channels in computer systems of critical applications.
Надано аналіз основних проблем упровадження медіа-освіти за результатами комплексного дослідження в загальноосвітніх школах України. Основними пріоритетами медіа-освіти є формування: критичного самостійного мислення, культури медіа-споживання як засобу забезпечення медіа-безпеки, здатності протистояти маніпуляціям. Комплексне вирішення цієї проблеми можливе на базі науково-методологічного забезпечення розроблення індивідуальних стратегій безпечного медіа-споживання (діагностичного інструментарію, спеціалізованих елективних курсів, комплексу психолого-педагогічних заходів).
Subject of research: crypto-resistant methods and tools of generating random sequences and hardware support of cryptographic transformations in IoT devices. The aim of the article is to study crypto-resistant methods and tools for generating and testing random sequences suitable for use in IoT devices with limited resources; determination of circuit implementations of random sequences hardware generators; formation of conclusions on the use of random number generators (RNG) in cryptographic protection systems of the IoT network. The article solves the following tasks: analysis of methods and hardware for generating random sequences to protect IoT solutions with limited resources; identification of safe and effective technologies for the implementation of RNG; classification of RNG attacks; analysis of the shortcomings of the practical use of statistical test packages to assess the quality of random sequences of RNG; evaluation of the speed of cryptoaccelerators of hardware support for cryptographic transformations; providing practical guidance on RNG for use in resource-constrained IoT devices. Research methods: method of structural and functional analysis of RNG and IoT devices, cryptographic methods of information protection, methods of random sequence generation, method of stability analysis of systems, methods of construction of autonomous Boolean networks and Boolean chaos analysis, methods of quality assessment of random sequences. Results of work: the analysis of technologies and circuit decisions of hardware RNG on characteristics: quality of numbers’ randomness and unpredictability of sequences, speed, power consumption, miniaturization, possibility of integral execution; providing practical recommendations for the use of RNG in cryptographic protection systems of the IoT network. The novelty of the study is the analysis of methods and hardware to support technologies for generating random sequences in the system of cryptographic protection of IoT solutions; classification of attacks on RNG and features of protection against them; identification of effective RNG technologies and circuit solutions for use in low-power IoT devices with limited computing resources; providing practical recommendations for the use of RNG in cryptographic protection systems of the IoT network. The analysis of technologies and circuit solutions allowed to draw the following conclusions: protection of IoT solutions includes: security of IoT network nodes and their connection to the cloud using secure protocols, ensuring confidentiality, authenticity and integrity of IoT data by cryptographic methods, attack analysis and network cryptographic stability; the initial basis for the protection of IoT solutions is the true randomness of the formed RNG sequences and used in algorithms for cryptographic transformation of information to protect it; feature of IoT devices is their heterogeneity and geographical distribution, limited computing resources and power supply, small size; The most effective (reduce power consumption and increase the generation rate) for use in IoT devices are RNG exclusively on a digital basis, which implements a three-stage process: the initial digital circuit, normalizer and random number flow generator; Autonomous Boolean networks (ABN) allow to create RNG with unique characteristics: the received numbers are really random, high speed – the number can be received in one measure, the minimum power consumption, miniature, high (up to 3 GHz) throughput of Boolean chaos; a promising area of ABN development is the use of optical logic valves for the construction of optical ABN with a bandwidth of up to 14 GHz; the classification of known classes of RNG attacks includes: direct cryptanalytic attacks, attacks based on input data, attacks based on the disclosure of the internal state of RNG, correlation attacks and special attacks; statistical test packages to evaluate RNG sequences have some limitations or shortcomings and do not replace cryptanalysis; Comparison of cryptoaccelerators with cryptographic transformation software shows their significant advantages: for AES block encryption algorithm, speeds increase by 10-20 times in 8/16-bit cryptoaccelerators and 150 times in 32-bit, growth hashing of SHA-256 in 32-bit cryptoaccelerators more than 100 times, and for the NMAS algorithm - up to 500 times.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.