In wireless communication systems, the conventional secret key exchange is based on the public key cryptography, which requires complex computations to retain the secrecy level of these key bits. The proposed physical layer-based algorithms have shown promising performance to extract secret keys from the privately shared randomness relying on the reciprocal channel state between both communicated nodes. In this study, the authors propose a physical layer key exchange method which transmits the key bits by encoding them within some phase randomisation (PR) sequences that are privately indexed to a specific channel criterion. The PR sequences only randomise the data phases and thus no efficiency reduction will be incurred. In fact, by choosing a pool of randomisation sequences with certain statistical properties, they could also be used to condition the signal to meet physical layer transmission requirements such as bandwidth, envelope and so on. They quantify the potential of the proposed method by demonstrating it within the context of a multiple-input multiple-output orthogonal frequency division multiplexing system. The results reveal that, relative to existing techniques, the proposed method offers superior key error rate performance at lower computational complexity with better secrecy level.

Android has become the most prevalent mobile system, but in the meanwhile malware on this platform is widespread. System call sequences are studied to detect malware. However, malware detection with these approaches relies on common system-call-subsequences. It is not so efficient because it is difficult to decide the appropriate length of the common subsequences. To address this issue, the authors propose a new approach, back-propagation neural network on Markov chains from system call sequences (BMSCS). It treats one system call sequence as a homogeneous stationary Markov chain and applies back-propagation neural network (BPNN) to detect malware by comparing transition probabilities in the chain. Since transition probabilities from one system call to another in malware are significantly different from those in benign applications, BMSCS can efficiently detect malware by capturing the anomaly in state transitions with the help of BPNN. The authors evaluate the performance of BMSCS by experiments with real application samples. The experiment results show that the F-score of BMSCS achieves up to 0.982773, which is higher than the other methods in the literature.

Public-key infrastructure (PKI) is based on public-key certificates and is the most widely used mechanism for trust and key management. However, standard PKI validation and revocation mechanisms are considered major reasons for its unsuitability for delay/disruption tolerant networking (DTN). DTN requires mechanism to authenticate messages at each node before forwarding it in the network. So, certificate revocation lists (CRLs) being distributed in DTN network will need to be authenticated and validated for issuer certificate authority (CA) at each node. In this study, the authors propose new validation and revocation mechanism which is compliant with DTN semantics and protocols. This study also proposes a new design for CRL in compliance with standard PKI X.509 standard to make the proposed mechanism easy to implement for DTN. The new designed CRL is of reduced size as it contains fewer entries as compared with standard X.509 CRL and also arranges the revocation list in the form of hash table (map) to increase the searching efficiency.

Attribute-based signature (ABS) schemes play a vital role to accomplish authentication and signer privacy simultaneously. In recent years, cryptographic primitives are deployed on insecure devices such as mobile devices; thereby, secret key exposure seems inevitable. To alleviate the impact of key exposure in ABS scenarios, the authors apply the method of key insulation to ABS and construct the first signature-policy attribute-based key-insulated signature (ABKIS) scheme. The proposed construction supports expressive monotone Boolean functions as signing predicates and preserves signer privacy. Their ABKIS scheme is key-insulated and strong key-insulated secure under computational Diffie–Hellman exponent assumption. To the best of their knowledge, the proposed ABKIS is the first ABS scheme in signature-policy flavour dealing with key exposure problems employing key-insulation mechanism.

In Gentry's fully homomorphic encryption scheme, a sparse subset sum problem (SSSP) is used and a big set is included in the public key. In the implementation of a variant, to reduce the size of the public key, Gentry and Halevi used a specific form of a SSSP constructed from geometric progressions. In this study, the authors solve Gentry and Halevi's sparse subset sum challenges for the first time. Owing to the aggressive choice of parameters, the process is fairly easy and can be done by simply modifying their lattice-based attack. Their experiment shows that even a large challenge can be solved within two days. As a second contribution, considering other attacks such as a hybrid attack combining a meet in the middle attack with a lattice-based attack, they provide a new condition for hard instances of the SSSP from geometric progressions.

Honeypots are designed to investigate malicious behaviour. Each type of homogeneous honeypot system has its own characteristics in respect of specific security functionality, and also suffers functional drawbacks that restrict its application scenario. In practical scenarios, therefore, security researchers always need to apply heterogeneous honeypots to cope with different attacks. However, there is a lack of general tools or platforms that can support versatile honeynet deployment in order to investigate the malicious behavior. In this study, the authors propose a versatile virtual honeynet management tool to address this problem. It is a flexible tool that offers security researchers the versatility to deploy various types of honeypots. It can also generate and manage the virtual honeynet through a dynamic configuration approach adapting to the mutable network environment. The experimental results demonstrate that this tool is effective to perform automated honeynet deployment toward a variety of heterogeneous honeypots.

Conditional differential cryptanalysis on NFSR-based cryptosystems was first proposed by Knellwolf et al. in Asiacrypt 2010 and has been successfully used to attack reduced variants of Grain v1. In this paper, we greatly improve conditional differential attacks on Grain v1 in the following four aspects. First, a new differential engine is derived to correctly track the differential trails of Grain v1. Second, we propose a new difference-searching strategy which serves to find suitable differences for the conditional differential attack on a given reduced variant of Grain v1. Third, a highly IV-saving condition-imposing strategy is presented. Last, we propose a further bias-increasing strategy. In particular, the improvements on the difference-searching strategy and the condition-imposing strategy are crucial to mount conditional differential attacks on the variants of Grain v1 with more than 106 rounds. It is shown that the improved conditional differential attacks could retrieve 31 distinct secret key expressions for 107-round Grain v1 and could retrieve 15 distinct secret key expressions for 110-round Grain v1. Both the attacks succeed with constant probabilities. Thus far, our results are the best known for the reduced variants of Grain v1 as far as the number of rounds attacked is concerned.