The COVID-19 pandemic changed the lives of millions of citizens worldwide in the manner they live and work to the so-called new norm in social standards. In addition to the extraordinary effects on society, the pandemic created a range of unique circumstances associated with cybercrime that also affected society and business. The anxiety due to the pandemic increased the probability of successful cyberattacks and as well as number and range. For public health officials and communities, location tracking is an essential component in the their efforts to combat the disease. The governments provide a lot of mobile apps to help health officials to trace the infected persons and contact them to aid and follow up on the health status, which requires an exchange of data in different forms. This paper presents the one-time stamp model as a new cryptography technique to secure different contact forms and protect the privacy of the infected person. The one-time stamp hybrid model consists of a combination of symmetric, asymmetric, and hashing cryptography in an entirely new way that is different from conventional and similar existing algorithms. Several experiments have been carried out to analyze and examine the proposed technique. Also, a comparison study has been made between our proposed technique and other state-of-the-art alternatives. Results show that the proposed one-time stamp model provides a high level of security for the encryption of sensitive data relative to other similar techniques with no extra computational cost besides faster processing time.
The article presents the issues covering the modern methods of securing data in both manufacturing processes and companies within the concept of Industry 4.0. In this approach, research problems arose how to implement the right method of secure data sending in sales, manufacturing and distribution processes. It is a very important issue for manufacturing companies as well as how the process of sending electronic data should be safely conducted. While current researches concentrated on the method of blockchain secured electronic documents, there is almost no research concentrating on blockchain integrator selection criteria. The main purpose of this paper is to provide a decision assistance model based on multiple criteria decision analysis technique. Also, mutual relationships between parameters for the assessment of integrators are established. In the article, a Multi-Criteria Decision Analysis (MCDA) was used to assess these characteristics. The Decision Making Trial and Evaluation Laboratory (DEMATEL) technique was chosen for this assessment.
In spite of the fact that digital signing is an essential requirement for implementation of e-governance solutions in any organization, its use in large scale Government ICT implementation is negligible in India. In order to understand the reasons for low-level acceptance of the technology, authors performed a detailed study of a famous e-governance initiative of India. The outcome of the study revealed that the reasons are related to the challenges concerning the use of cryptographic devices carrying private key and the complicated process of generation, maintenance and disposal of Digital Signature Certificates (DSC). The solution, for the challenges understood from the case study, required implementation of a certificateless technology where private keys should be generated as and when required rather than storing them on cryptographic devices. Although many solutions which provide certificateless technology exist, to date there have been no practical implementation for using biometrics for implementing the solution. This paper presents the first realistic architecture to implement Identity Based Cryptography with biometrics using RSA algorithm. The solution presented in the paper is capable of providing a certificate-less digital signature technology to the users, where public and private keys are generated on-the-fly.
4
Dostęp do pełnego tekstu na zewnętrznej witrynie WWW
Identity verification using biometric methods has been used for many years. A special case is a handwritten signature made on a digital device or piece of paper. For the digital analysis and verification of its authenticity, special methods are needed. Unfortunately, this is a rather complicated task that quite often requires complex processing techniques. In this paper, we propose a system of signatures verification consisting of two stages. In the first one, a signature pattern is created. Thanks to this, the first attempt to verify identity takes place. In the case of approval, the second stage is followed by the processing of a graphic sample containing a signature by the convolutional neural network. The proposed technique has been described, tested and discussed due to its practical use.
5
Dostęp do pełnego tekstu na zewnętrznej witrynie WWW
On December 20th, 2016, the National Institute of Standards and Technology (NIST) formally initiated a competition to solicit, evaluate, and standardize one or more quantum-resistant cryptographic algorithms. Among the current candidates is a cryptographic primitive which has shown much promise in the post-quantum age, Multivariate Cryptography. These schemes compose two affine bijections S and T with a system of multivariate polynomials. However, this composition of S and T becomes costly as the data encrypted grows in size. Here we present Constructive Affine Stream (CAS) Transformations, a set of algorithms which enable specialized, large-scale, affine transformations in O(n) space and O(n log n) time, without compromising security. The goal of this paper is to address the practical problems related to affine transformations common among almost all multivariate cryptographic schemes.
6
Dostęp do pełnego tekstu na zewnętrznej witrynie WWW
This article presents a combinatorial algorithm to find a shortest triangular path (STP) between two points inside a digital object imposed on triangular grid that runs in O(n/g log n/g)time, where n is the number of pixels on the contour of the object and g is the grid size. Initially, the inner triangular cover which maximally inscribes the object is constructed to ensure that the path lies within the object. An appropriate bounding parallelogram is considered with those two points in diagonally opposite corners and then one of the semi-perimeters of the parallelogram is traversed. Certain combinatorial rules are formulated based on the properties of triangular grid and are applied during the traversal whenever required to shorten the triangular path. A shortest triangular path between any two points may not be unique. Another combinatorial algorithm is presented, which finds the family of shortest triangular path (FSTP) (i.e., the region containing all possible shortest triangular paths) between two given points inside a digital object and runs in O(n/g log n/g) time. Experimental results are presented to verify the correctness, robustness, and efficacy of the algorithms. STP and FSTP can be useful for shape analysis of digital objects and determining shape signatures.
The authors of this article focus on the analysis of safety weaks of digital signature schemes used within e-Government service in condition of Slovak republic. Main part is orientated on the possibility of attacks on eID card with using RSA digital signature scheme what was in the last months very frequently medialized in Slovakia. In the practical part on the base of mathematically description is analysed possible weaks of RSA digital signature schemes especially complexity of factorization problems dependence of length of key is describe and compare with more effectiveness ECDSA scheme. On the base of studies the authors mentioned the recommendations for parameters selection of very often used digital signature schemes focus on access to safety-critical applications supported during process of digitalization of e-Government in Slovak republic.
W artykule przedstawiono zagadnienia znakowania wodnego sygnałów fonicznych w dziedzinie zlogarytmowanej amplitudy widma. Artykuł został przygotowany na podstawie rozprawy doktorskiej o tym samym tytule, obronionej na Politechnice Warszawskiej w grudniu 2015 r. W artykule (i w rozprawie doktorskiej) zaprezentowano trzy rodzaje znakowania wodnego sygnałów fonicznych: znakowania adnotacyjnego, wstawiania sygnatury cyfrowej do sygnałów fonicznych oraz znakowania „odciskami palca” (ang. fingerprinting).
EN
In this paper an audio watermarking technique is presented, using log-spectrum domain for watermark embedding. This paper was prepared on the basis of the author's doctoral thesis with the same title, defended at the Warsaw University of Technology in December 2015. The paper (and doctoral thesis) presents three types of audio watermarking: annotation watermarking, digital signature embedding in audio signals and fingerprinting.
Steganography is a method of sending confidential information in a way that the existence of the channel in this communication remains secret. A collaborative approach between steganography and digital signature provides a high secure hidden data. Unfortunately, there are wide varieties of attacks that affect the quality of image steganography. Two issues that required to be addressed are large size of the ciphered data in digital signature and high bandwidth. The aim of the research is to propose a new method for producing a dynamic hashed message algorithm in digital signature and then embedded into image for enhancing robustness of image steganography with reduced bandwidth. A digital signature with smaller hash size than other hash algorithms was developed for authentication purposes. A hash function is used in the digital signature generation. The encoder function encoded the hashed message to generate the digital signature and then embedded into an image as a stego-image. In enhancing the robustness of the digital signature, we compressed or encoded it or performed both operations before embedding the data into the image. This encryption algorithm is also computationally efficient whereby for messages with the sizes less than 1600 bytes, the hashed file reduced the original file up to 8.51%.
10
Dostęp do pełnego tekstu na zewnętrznej witrynie WWW
Current trends in information system design show that users should have access to services provided by information system offered on their mobile devices. Because many information systems store sensitive information, appropriate protection mechanisms must be deployed. This paper presents the software libraries (APIs) that can be used to implement pairing-based systems on mobile devices. Variety of mobile devices causes that is necessary to design a generic trust infrastructure that will allow to implement efficiently a system that uses parings. There are two basic paradigms that can be used: client-server or cloud-based. The analysis of pros and cons of the architectures showed that it is faster and easier to implement pairing application using cloud-based approach mainly because of the lower number of components required to implement, e.g., the library containing pairing calculations must be only prepared for one operating system instead of many that are using different technologies. The tests conducted using cloud-based demonstrator showed, that in case of documents signing and verification with auxiliary server instead of the mobile device, the pairing calculation time is marginally short in relation to the required to retrieve documents from a remote location.
PL
Aktualne trendy w projektowaniu systemów informacyjnych pokazują, że użytkownik powinien mieć dostęp do usług systemów IT za pomocą urządzeń mobilnych. W przypadku przechowywania informacji wrażliwej w systemach informacyjnych muszą być wdrożone odpowiednie mechanizmy zabezpieczeń. W artykule zaprezentowano biblioteki programowe (API), umożliwiające implementacje systemów wykorzystujących odwzorowania dwuliniowe na urządzeniach mobilnych. Różnorodność urządzeń mobilnych powoduje, że konieczne jest zaprojektowanie ogólnej infrastruktury zaufania, w szczególności przy założeniu wykorzystania odwzorowań dwuliniowych. W artykule zostały przeanalizowane dwa podstawowe podejścia bazujące na modelu klient-serwer i modelu bazującym na chmurze. Testy bazujące na demonstratorze wykorzystującym model chmury pokazały, że czas obliczeń odwzorowania przy podpisywaniu i weryfikowaniu podpisu cyfrowego jest bardzo mały w stosunku do czasu pobierania plików ze zdalnych serwerów.
Artykuł skrótowo opisuje przebieg i zakres tematyczny testów interoperacyjności podpisu elektronicznego. Przedstawiono aplikacje biorące udział w testach oraz ogólne wyniki.
EN
Article briefly describes the course and scope of the interoperability test of digital signature interoperability. The applications involved in the test and the overall results are presented.
Algorytm funkcji skrótu MD5 to jeden z najpopularniejszych sposobów uzyskania skrótu wiadomości. Otrzymane skróty mogą służyć jako podpisy cyfrowe plików lub ciągów znaków. Niniejszy artykuł przedstawia implementację tego algorytmu w języku C++. Można tu znaleźć opis klasy, która może później posłużyć jako biblioteka do dowolnego programu napisanego w tym języku.
EN
Message-Digest algorithm 5 is one of the most popular ways to get the message digest. Received shortcuts can be used as digital signatures of files or strings. This paper contains the implementation of this algorithm in C++ programming language. You can find there the description of the class, which can serve as a library in different programs written in C++.
In this paper an audio watermarking technique is presented, using log-spectrum, dirty paper codes and LDPC for watermark embedding. This technique may be used as a digital communication channel, transmitting data at about 40 b/s. It may be also applied for hiding a digital signature, e.g., for copyright protection purposes. Robustness of the watermarks against audio signal compression, resampling and transmitting through an acoustic channel is tested.
The paper deals with Nyberg-Rueppel digital signatures without message recovery. Probability of signature forgery is analyzed and assessed. Some simple methods to minimize probability of signature forgery are proposed.
Artykuł skrótowo opisuje przebieg i zakres tematyczny testu interoperacyjności podpisu elektronicznego CommonSign 2012. Przedstawione zostały aplikacje biorące udział w teście oraz ogólne wyniki.
EN
Article briefly describes the course and scope of the interoperability test of electronic signature interoperability CommonSign 2012. The applications involved in the test and the overall results are presented.
We show how a signatory can indicate coercion by embedding a secret message into the signature. Our scheme is practical and applies to standard signature schemes unlike the recent construction of Durnoga et al. (2013). The construction follows directly from kleptographic techniques due to Moti Yung and Adam Young.
We present a digital signature scheme with secretly embedded warning. The embedded warning is a protection mechanism in case of restraint or blackmail. Extending ordinary digital signatures we propose schemes where a signer, approached by a powerful adversary that demands handing over a signing key, can disclose his private key. In our solution the signer is able to generate a feigned key indistinguishable from the genuine one. Then such a key can be used to embed a special warning message within a signature to indicate coercion. Such warnings can be transferred via subliminal channel to some trusted authority.
W artykule przedstawiono wiodące rozwiązania z dziedziny systemów do podpisywania kodu aplikacji. Systemy Microsoft Authenticode, Oracle Java Code Signing oraz Apple Codesign porównane zostały pod kątem ich założeń projektowych, struktury wytwarzanego podpisu cyfrowego, a także sposobu jego generowania oraz weryfikacji. Omówiona została również koncepcja tożsamości kodu źródłowego aplikacji.
EN
This publication discusses the leading solutions for code signing systems such as Microsoft Authenticode, Oracle Java Code Signing and Apple Codesign. All systems were compared to each other in aspects such as digital signature structure, its generation and verification. A special attention was given to an issue of code identity.
We proposed an efficient and secure digital signature scheme using elliptic curve cryptography (ECC) and bilinear pairings in this paper. The proposed scheme employs the general cryptographic hash function (i.e., SHA-1) instead of map-to-point function, because the map-to-point is a cost-intensive operation and it is usually implemented as a probabilistic algorithm. Further, our scheme is computationally efficient as one bilinear paring and three elliptic curve scalar point multiplication operations are executed for signature generation and verification, and thus the scheme requires much lesser computation cost than other related schemes. In addition, in the random oracle model, our scheme is proven to be existential unforgeable against the adaptive chosen message and identity attacks (EUF-CMA) based on a variation of the collusion attack algorithm with ktraitors (k-CAA3) problem.