Enhancement of Security for Cloud Based IoT Using XHE Scheme
Keywords:IoT, Cloud, Password Based Encryption, Extended Honey Encryption, Brute-Force Attacks
Security is a million dollar issue for all computer systems. Every week there is news of another major breakin to a commercial or government system. Also it is well known that many governments are actively engaged in cyber-warfare, trying to break into the systems of other governments and other groups. The Internet of Things is increasingly changing into an omnipresent computing service, requiring vast volumes of knowledge storage and process. Unfortunately, due to the unique characteristics of resource constraints, selforganization and short range communication in IoT, it always resorts to the cloud for outsourced storage and computation. Security is one of the major challenges faced by cloud based IoT. The standard file protection technique relies on password based encryption schemes and they are vulnerable to brute force attacks. The reason is that, for a wrongly guessed key,
the decryption process yields an invalid-looking plaintext message, confirming the invalidity of the key, while for the
correct key it outputs a valid-looking plaintext message, confirming the correctness of the guessed key. Honey
encryption helps to minimise this vulnerability. Hence, this paper proposed an extended Honey Encryption (XHE) scheme for enhancing the security of the cloud based IoT.
Mohammad Abdur Razzaque, Marija Milojevic-Jevric, Andrei
Palade, and SiobhánClarke, ―IEEE, Middleware for Internet of
Things‖, IEEE Internet of Things Journal, Vol. 3, No. 1, pp. 70 - 95,
W. Diffie and M.E. Hellman, ―New Directions in Crytography‖,
IEEE Transactions on Information Theory, Vol. 22, No. 6, pp. 644 -
,IEEE Press, New Jersey, 1976.
G. Irazoqui, M.S. Inci, T. Eisenbarth and B. Sunar, ―Wait a Minute!
A Fast, Cross-VM Attacks on AES‖, LNCS, Springer, Switzerland,
Vol. 8688, pp. 299-319, 2014.
Y. Wei, J. Lu and Y. Hu, ―Meet-in-the-Middle Attack on 8 Rounds of
the AES Block Cipher under 192 Key Bits. LNCS‖, Springer,
Heidelberg, Vol. 6672, pp. 222-232, 2011.
A. Nitaj, M.R.K. Ariffin, D.I. Nassar, H.M. Bahig, ―New Attacks on
the RSA Cryptosystem. LNCS, Progress in Cryptology –
AFRICACRYPT‖, LNCS, Springer, Swtizerland, Vol. 8469, pp. 178-
Y. Lu, L. Peng, S. Sarkar, ―Cryptanalysis of an RSA variant with
Moduli N = prq‖, In: 9thInternational Workshop on Coding and
Cryptography 2015 WCC2015, Apr 2015, Paris, France. 2016.
S.F. Tan and A. Samsudin, ―Enhanced Security for Public Cloud
Storage with Honey Encryption”, Advanced Science Letters.
A. Juels and T. Ristenpart, ―Honey Encryption: Security beyond the
Brute-Force Bound,‖ Advances in Crypto logy—Euro crypt 2014‖,
LNCS 8441, Springer, pp. 293–310, 2014
H. Jo and J. Won, ―A new countermeasure against brute-force attacks
that use high-performance computers for big data analysis‖,Hindawi
Publishing Corporation, International Journal of Distributed Sensor
Networks, pp. 7, 2015. [Online] Available at: http://dx.doi.org/
R. Chatterjee, J. Bonneau., A. Juels and T. Ristenpart, ―Cracking
Resistant Password Vaults using Natural Language Encoders,‖
Proceedings – IEEE Symposium on Security and Privacy, No.
, pp. 481-498, July 2015.
Z. Huang, E. Ayday, J. Fellay, J. Hubaux and A. Juels, ―Genoguard:
Protecting genomic data against brute-force attacks,‖ IEEE
Symposium on Security and Privacy, pp. 447-462, 2015. DOI
J. Jaeger, T. Ristenpart and Q. Tang, ―Honey encryption beyond
message recovery security,‖ International Association for
Cryptologic Research, Fischlin and J.-S.Coron (Eds.): EUROCRYPT
, Part I, LNCS 9665, pp. 758–788, 2016. DOI: 10.1007/978-3-
J. Kim and J. Won, ―Honey chatting: A novel instant messaging
system robust to eavesdropping over communication,‖ IEEE In
Acoustics, Speech and Signal Processing (ICASSP), pp. 2184-2188,
J.W. Yoon, H.S. Kim, H.J. Jo, H.L. Lee, and K.S. Lee, ―Visual honey
encryption: Application to steganography,‖ in Proceedings of the 3rd
ACM Workshop on Information Hiding and Multimedia Security,
New York, NY, USA, 2015, IH & MM Sec ’15, pp. 65–74, ACM.
N. Tyagi, J. Wang, K. Wen and D.Zuo, ―Honey Encryption
Applications. 6.857 Computer and Network Security‖, Massachusetts
Institute of Technology. [Online] Available at: http://www.mit.edu/~
M. Golla, B. Beuscher and M. Durmuth, ―On the security of cracking
resistant password vaults,‖ Proceedings of the ACM Conference on
Computer and Communications Security, Vol. 24, No. 28, pp. 1230-
, Oct. 2016.
R. Chatterjee, A. Athalye, D. Akhawe, A. Juels, and T. Ristenpart,
―Password typos and how to correct them securely,‖ In Security and
Privacy (SP), 2016 IEEE Symposium, pp. 799–818, 2016.
H. Choi, H. Nam and J. Hur, ―Password Typos Resilience in Honey
Encryption,‖ IEEE Symposium. The 31st International Conference on
Information Networking (ICOIN 2017), pp. 593-597, 2017