Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Contents lists available at ScienceDirect

Journal of King Saud University –

Computer and Information Sciences
journal homepage: www.sciencedirect.com

The recent trends in cyber security: A review

Jagpreet Kaur, K .R. Ramkumar ⇑
Chitkara University Institute of Engineering and Technology, Chitkara University, Punjab, India

a r t i c l e i n f o a b s t r a c t

Article history: During recent years, many researchers and professionals have revealed the endangerment of wireless
Received 5 October 2020 communication technologies and systems from various cyberattacks, these attacks cause detriment and
Revised 4 January 2021 harm not only to private enterprises but to the government organizations as well. The attackers endeavor
Accepted 24 January 2021
new techniques to challenge the security frameworks, use powerful tools and tricks to break any sized
Available online xxxx
keys, security of private and sensitive data is in the stale mark. There are many advancements are being
developed to mitigate these attacks. In this conjunction, this paper gives a complete account of survey
Keywords:
and review of the various exiting advanced cyber security standards along with challenges faced by
Cyber security
DES
the cyber security domain. The new generation attacks are discussed and documented in detail, the
RSA advanced key management schemes are also depicted. The quantum cryptography is discussed with
Key management its merits and future scope of the same. Overall, the paper would be a kind of technical report to the
Quantum cryptography new researchers to get acquainted with the recent advancements in Cyber security domain.
Prime factorization Ó 2021 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University. This is an
Side channel attacks open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1. Attacks classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.1. Cryptographic attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.2. Access attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.3. Reconnaissance attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.4. Active attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.5. Passive attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.6. Phishing attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.7. Malware attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.1.8. Attack on quantum key distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.2. Standard security frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.2.1. Historical background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
1.2.2. Early generation of cyber security algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
2. Recent developments and emerging trends of cyber security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
2.1. Advancements in s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
2.2. Advanced key management schemes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
2.3. Tradeoff of recent algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
2.4. Quantum cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
2.4.1. Quantum key distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00

⇑ Corresponding author.
E-mail addresses: [email protected] (J. Kaur), [email protected] (K .R. Ramkumar).
Peer review under responsibility of King Saud University.

Production and hosting by Elsevier

https://doi.org/10.1016/j.jksuci.2021.01.018
1319-1578/Ó 2021 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University.
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

Please cite this article as: J. Kaur and K .R. Ramkumar, The recent trends in cyber security: A review, Journal of King Saud University –
Computer and Information Sciences, https://doi.org/10.1016/j.jksuci.2021.01.018
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

3. Security threats and challenges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00

4. Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 00

1. Introduction ments of asymmetric algorithms are discussed in Section 2 that is

continued with the advancements of key management schemes, as
The world is experiencing rapid growth in cyberspace today a summary, Table 2 gives a list of attacks mitigated because of
(Arora, 2016). Such an extraordinary growth in information- access recent advancements. Quantum cryptography is a term that brings
gives opportunities to those with malicious intentions. It is the a new dimension to cryptographic algorithms; Section 2.2 gives a
need of the hour (Arora, 2016) and the act of protecting the sys- succinct of quantum key distribution and management with
tems and technologies from unusual activities. Cyber security proper examples. In section 3, a predominant attack called side-
means maintaining the Integrity, Confidentiality, and Availability channel attack is scheduled to know the real and future attacks
(ICA) of computing assets belonging to an organization or connect- that are quantum-resistant even; these attacks still exist as a big
ing to another organization’s network. Due to the evolution and threat to the cybersecurity world. In Section 4 we have given the
increase of cyber threats, many researchers believed and urged to summary of this paper. This paper will be an avenue for new
educate the new generation about the concepts of cyber-security researchers and covers the major issues and advancements of
(Lunt et al., 2011). Cyber-crimes occur due to negligence in cybersecurity.
cyber-security and awareness among the clients (Schneier, 2018;
Albrechtsen, 2007). As stated in the recent research (Jasper, 1.1. Attacks classification
2017; Abdallah et al., 2018), the US has introduced the threat intel-
ligence frameworks. This framework works on the principle of This section introduces multifarious types of attacks in different
gathering information from various sources which have been care- domains and is further categorized as shown in Fig. 1.
fully examined by human security experts. Besides, researcher also
taking aid of machine learning techniques to analyze threats which 1.1.1. Cryptographic attack
in advanced way respond to attack incidents (Emmanuel et al., Type of attack in which the adversary breaks the cryptography,
2020). The United Kingdom has introduced its own National Cyber pragmatically, to discover the shortcoming in an exceeding proto-
Security Strategy 2016–2021 that resembles the ideas to that of the col, code, or ciphers to retrieve the plaintext without the key.
2011 version (Niekerk and Solms, 2013) and has allocated a budget
of £1.9bn for the Cyber Security Programme (UKCyber Security
1.1.2. Access attack
Strategy. National Cyber Security Strategy, 2016). As close as to
Type of attack where the perpetrator procures ingress to the
70 nations have addressed this issue through national cyber/infor-
host’s machine where they have no right to use with the intent
mation security strategies and significant legal acts in some type of
to manipulate information. Web application services and File
strategy document describing their national security and defense
Transfer services are being compromised where attackers able to
strategies (Apostolopoulos et al., 2018). In fact, under the cyber
access e-accounts, databases, and other private information.
network guide, the preplanning of vulnerabilities which includes
the timely information exchange regarding threats which may lead
1.1.3. Reconnaissance attack
to protect various entities such as environment, business, infras-
An attack in which the perpetrator maps with targeted systems
tructure and is capable of understanding the situational incidents
to scan any vulnerability in the machine to gather information.
accordingly (Fiedelholtz, 2021).
This is a kind of scenario similar to stealing for instance in the
In most recent studies, Cybersecurity is defined as a compre-
house which is vulnerable to break locks, doors, and windows that
hensive term (ISO, 2018). ITU-T X.1205 also defines cybersecurity
are not strong and are joined.
in their draft (International Telecommunications Union (ITU),
1205). Hence, in generalized term cyber security which helps pre-
vent cyber attacks, data breaches and can aid in risk manage- 1.1.4. Active attack
ment. The Security architecture defines some characteristics of An attack, while transmission of data alters the content and
security which include security attacks consists of two types: affects the operations thereby serve as an intercessor, leads to sev-
active and passive attacks and security objectives (Stallings, ere damage.
2006).
In general, the threats include various scenarios such as Cyber- 1.1.5. Passive attack
bullying (Smit, 2015), Identity theft (Michel et al., 2015), Digital The database is neither intrudes nor amends by the attacker;
devices (Smit, 2015) Autonomous systems (Miller et al., 2017), however, only monitors the target to access the information
Wireless Sensor Networks (WSN) and Wireless body area Net- throughout the transmission. In other words, the attacker’s main
works (WBAN) (Aslam et al., 2020), Cyber terrorism (Smit, 2015), aim is to collect the information by listening to a conversation
and can approach us from unforeseen sources and directions. With between hosts through several means.
the advancements in science, more sophisticated cyber-crimes and
malicious activities are evident in today’s world which is targeted 1.1.6. Phishing attack
and extremely dangerous. One such example was detected earlier An act of sending fallacious messages via many ways such as
in 2018; a ransomware attack was harming the government of emails, text messages, etc. that tends to become from the legiti-
Atlanta City (Conti et al., 2018) and other recent cyber breaches mate resource, thereby, deceive users and obtain sensitive and
(Ruohonen, 2019). confidential information such as login passwords, card numbers.
This paper is structured to start with the common attacks in
section 1.1 to have a glimpse of various attacks in general. Sec- 1.1.7. Malware attack
tion 1.2 starts with the historical background of cryptographic An attack where a perpetrator deliberately installed malicious
standards and gives an overview of the same. The recent advance- software on the host’s computer intending to not only proliferate
2
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Fig. 1. Different attack types.

virus, nonetheless but also infect and harm the computer, thereby, secret shift of each letter is different. For example, the string ‘‘mod-
gain private data. ern” will become ‘‘rqekut” having a secret shift ‘‘421636”. If the
plain text is combined with some key with random values having
1.1.8. Attack on quantum key distribution the same keyword length as that of plaintext, we would call it a
An attack has done while transmitting any data through a quan- one-time pad and ensure the security of the message at that time.
tum channel either by forge a single photon, multiple photons, or Modern security techniques as shown in Fig. 1 are complex but
by time elapsing of pulses. the basics remain the same. The security algorithms are
categorized into symmetric and asymmetric algorithms
(Simmons, 1979) having the same basic functionality of XOR-ing,
1.2. Standard security frameworks confusion and diffusion of data (Stallings, 2006).

1.2.1. Historical background

Data security is the main challenge of any network communica- 1.2.2. Early generation of cyber security algorithms
tion; hence there exist many algorithms to solve the security DES was once a primary symmetric-key algorithm (Standard,
issues. The history of cryptography and the encryption algorithms 2018) published in 1977. Initially, DES works with a 64-bit block
are discussed in the section below (Dagmar et al., 2007). Cryptog- size with a 56-bit key. DES works on equal block size and uses both
raphy was first invented by Spartans (Djekic, 2013) in some confusion and diffusion in the algorithm. However, due to its small
400BCE for transmitting data securely between militants. They key length, DES is considered to be unsafe. In 1999, Electronic
named their tool as scytale to encrypt their messages. Earlier times Frontier Foundation in collaboration with distributed.net had bro-
substitution method is used to encrypt the data. It replaces each ken the DES key in less than 24 h using a brute force attack (Dhole
letter of the plain text with another letter which is shifted with and Verma, 2012). Hence, in 2005 DES with other FIPS is with-
some fixed number between 0 and 25. The ciphertext can be drawn (NIST, 2018). There are various other attacks (Biham and
decoded only if one knows the secret shift. For example, the string Shamir, 2012; Matsui, 1993; Biham, 1994; Biham and Biryukov,
‘‘modern” will become ‘‘oqftp” and can be decoded if one knows 1997) that can break the DES with less time complexity than brute
the secret shift is two. The message becomes more secure if the force. Accordingly, Triple DES was expanded with Encrypt-
3
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Table 1
Modified algorithm – RSA.

Decrypt- Encrypt (EDE) mode, and hence the size of the key is 168 on the chebyshev theorem and that proves the less time and space
bits (Bhanot and Hans, 2015). complexity. However, performance analysis and security chal-
But there was a new attack that introduced is a meet-in-the- lenges still to be overcome. On the same hand, Gomez (Gómez,
middle attack that challenged 3 DES. Therefore, in 2001, NIST 2009) proposed a scheme based on the concepts of multivariate
(Diehl and Laws, 2016) declared and choose a new cipher, AES, cryptography using the concept of hidden irreducible polynomials
invented by Rijmen and Daemen. AES works with distinct length having some issues related to this design that it lets the perpetra-
keys
128, 192, and 256 bits. Larger the key bits, the safer the tor discover the private key directly from the public key.
transmission. Despite of many attacks (recovery attack and side- Chowhan and Jaju (2015) introduced a modified RSA the public-
channel attack) on AES, till now it has not been broken and consid- key encryption algorithm and performs a comparison based on
ered safe. In 1993, Blowfish (Bhanot and Hans, 2015; Schneier, security and time complexity by operating data of distinct sizes.
1993) was designed by Bruce Schneier having key length varies According to the author, the algorithm works as follows with three
between 32 bits ranges up to 448 bits with a 64-bit block size. This prime numbers and two more constraints to make the system
algorithm is vulnerable to birthday attacks due to its block size. more stable as delineated in Table 1.
One of the earliest key exchange methods in cryptography was The algorithm becomes more efficient with the increase in
published in 1976 and is known asDiffie–Hellman key exchange Security levels and key generation speed. Nevertheless, findings
(Diffie and Hellman, 1976). It is an algorithm in which two parties say that in terms of speed of encrypting and decrypting text and
evaluate the shared secret which can be used as an encryption key, overall execution time RSA is still better.
over an unprotected same communication channel; the problem is Aggarwal and Maurer (2016) has outlined the factoring problem
also called the discrete logarithm problem. The sender and receiver of RSA and demonstrates that the issue of factoring N can be effec-
computation is based on exponentiation performed over a modu- tively mitigated by Generic Ring Algorithm (GRA) which executes
lus. Since using modulus this becomes a one-way function which ring operations namely add and multiply, inverse ring operations
makes it difficult for the illegitimate user to get the secret key. namely subtract and divide, and equality test that specifies which
However, the man-in-the-middle attack also jeopardizes its secu- two results need to be compared. According to this paper, RSA pre-
rity. In 1978, Rivest–Shamir–Adleman (Rivest, 1978; Mohapatra sumes that message m Є Zn, it is encrypted as mx (mod n), where
and Cryptography, 2000) proposed a public-key algorithm based x > 1 and gcd (x, Ø (N)) = 1. The security of this algorithm is based
on the factoring problem (Vaudenay, 2006). on the fact that, given r, selected randomly from Zn, it is difficult to
find m such that mx - r 0 (mod n). This paper shows that under
the factoring scheme RSA and digital signature algorithms are
2. Recent developments and emerging trends of cyber security
not vulnerable to several attacks and is hard to break RSA by using
ring operations.
There are many recent developments in cyber security with the
Hwang et al. (2016) has outlined an essential form of public-key
help of new algorithms, procedures and frameworks. This section
cryptography known as Identity Based Encryption (IBE). Employing
discusses in detail about imperative mathematical equations,
this scheme author proposed a new certificate-based encryption
worked out samples, flow diagrams, overcome attacks along with
technique based on pair less cryptography, which provides security
their vulnerabilities and the various improvements over the exist-
against in distinguishability under Chosen Ciphertext Attack (IND-
ing standards over the years.
CCA) and is used in many applications like resource-constrained
node networks. The algorithm works in the way in which the sen-
2.1. Advancements in s der encrypts the data by performing the mentioned steps as:

The world is moving towards a new phase of security for asym- Step1: Selects the random integer r Є {0, 1} n and evaluate:
metric schemes that promised to provide security to prevailing (a) n = HS3 (MS, r)
security problems. Instead of using the predetermined matrix (b) QCid = HS1 (id, USid, PCid)
properties, problems are resolved using polynomials. Marcin (c) HSid = HS5 (QCid, USid, PCid, g1)
(Kapczynski and Lawnik, 2019) proposed two cryptosystems based
4
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Table 2
Methods with their Attacks and vulnerabilities.

Paper Method detail Mitigated attacks Vulnerabilities/Limitation

(Kapczynski and Lawnik, Ciphering utilizing variable key Resistant against various attacks such as side channel Space and Execution time increases
2019) length attacks , related key attack, chosen plain text attack enormously.
(Aggarwal and Maurer, Utilizing Generic Ring Algorithm for Mitigated factoring issue of RSA Vulnerable to various cryptanalytic
2016) RSA factoring problem attacks.
(Hwang et al., 2016) Certificate-based encryption based on Mitigates Chosen Cipher text Attack Vulnerable to Denial-of –Service
pairless cryptography attack, inefficacious for limited
bandwidth.
(Fujisaki, 2018) Involves public key encryption based Mitigates Man –in the middle attack Vulnerable to Denial-of –Service
upon a binary string with apt length. attack.
(Dwivedi, 2011) Message recovery through Secure against Brute force attack Vulnerable to known-Plaintext
distribution-transforming encoder attacks.
(Biswas and Mohit, 2016) Integrating RSA within DES Secure from different attacks Vulnerable to known-cipher text
attack, brute force attack
(Hazay et al., 2018) Resolve factoring problem using two Secure from malicious attacks Space and Execution time increases
party distributed. enormously.
(Chie, 2018) Generate session keys using key Models against active and passive attacks Vulnerable to Third-Party attack.
agreement scheme
(Thangarasu and Securing session keys using modified Mitigate Intruder attacks Suffers from traditional Attacks
Selvakumar, 2018) ECC
(Barbulescu and Duquesne, Propose novel key sizes using NFS Mitigate dos, impersonation attacks and replay Not accessible by the multi-server
2017) variant attacks environment

HS
(d) Key1 = (USid id ) n rithmic problems are under threat of breaking soon due to the
(e) Key2 = (PCid g1 HS2
,(QC PC n
id id)
availability of quantum computers. The author proves that these
Step2: algorithms are vulnerable to a multitude of attacks as they require
(a) Evaluate CT0 = g n rendering a similar secret for multiple given public keys. Thus, in
Step3: this algorithm, an improved polynomial scheme is proposed based
(a) Evaluate CT1 = HS4 (Key1, Key2) (MS || r). on two operations as a b, and a b.
Fujisaki and Okamoto (2013) designed a secure integration of
where MS = message to be encrypted, HS1 – HS5 = generated hash symmetric and asymmetric strategy. They introduced a new hybrid
functions, QCid = certification query, HSid = hash id, USid = user pub- technique the converts a frail symmetric and asymmetric strategy
lic key id, PCid = public certifier random generated id, g and g1 are to an asymmetric strategy that is chosen-cipher text secure. Their
ring generators calculated over prime numbers, CT0 and CT1 are the hybrid scheme works in a sense such that encrypted message MS is
cipher texts. defined as:
Sender sends the encrypted text to Receiver as CT = (CT0, CT1).
The receiver also computes the QID and HID same as the sender
eHPk ðMS; rÞ ¼ eAS
Pk ðr; Hðr; eÞjjeGðrÞ ðMSÞ
S
ð1Þ
and also computes MS || r with the following equation:
where
eAS
P k (Message; bits) represents message encryption using asym-
Step 4:
metric algorithm using randomized bits.
(a) HS4 (CTðoaid ÞðHid Þ ,CTCo id ) CT1
eSa (Message): represents message encryption using symmetric
algorithm utilizing the private key a.
If the abovementioned equation gives a result equivalent to MS
r is an arbitrary string selected over a proper domain.
|| r then the decrypted text is correct, and it returns M by discard-
e= eSGðrÞ (MS)
ing r; otherwise, returns null. Certainly, security increases but
with the increase in the cipher size communication overhead G and H indicate hash functions.
increases for the bandwidth-limited networks. Moreover, clients Biswas and Mohit (2016) proposed a novel asymmetric
put requests for the key management server concurrently leads algorithm by integrating RSA and DES. To make DES more
to obstruction in the system. secure authors modified the structure by encrypting the plain
Fujisaki (Fujisaki, 2018) presents an encryption scheme called text with RSA and the receiver’s public key to acquire the
an all-but-many encryption scheme which involves public- key cipher text. In this technique, 64-bit plain text is divided into
encryption based upon a binary string with apt length. According parts left and right and performs the computation as shown in
to this theme, to unlock the message with stable haphazardness, Fig. 2.
the sender stated the confidential key which initiates a forgery The equation carried out for encrypting the plain text is as
cipher text. However, any person not possessing the private key described below:
can neither perceive a fake cipher text from a genuine one nor pro-
Li ¼ ENRSA ðRi
1 Þ ð2Þ
duce a fake one. They proposed a framework for erecting an all-
but-many encryption scheme with expansion factor O(1), which
Ri ¼ Li
1  F ðRi
1 ; kÞ ð3Þ
brings the first fully equipped universally configurable commit-
ment scheme. In the similar way, Digital signatures are also implemented in
Dwivedi (2011) and Maheswara and Valluri (2012) along with asymmetric DES. Apart from security, the algorithm works under
many other researchers work with polynomials to give a new the RSA cryptosystem that increases the complexity and computa-
direction to security algorithms. However, Jia et al. (2017) proves tion cost and is endangered to brute force attack which makes the
that their algorithm based upon Polynomial symmetrical decom- system weaker.
position (PSD) problem, the main objective is to provide security Jianghua Liu along with other researchers (Huang et al., 2019)
owing to the fact the algorithms based upon factorization or loga- worked upon data authentication to preserve data online. With
5
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Fig. 2. Encryption using DES asymmetric-key algorithm, Mohit et al. (Biswas and Mohit, 2016).

the emergence of cloud computing increasingly number of data in 2.2. Advanced key management schemes
this day and age is being shifted to the servers in order to manage
large system management costs and for easy access. However, it On one side the algorithm complexities are getting increased,
comes with its own disadvantages of editing of text by intruders however; most of the time, the strength of an algorithm majorly
also known as data Redaction. Therefore, researchers worked upon depends on key sizes and key management schemes; this section
redactable signature schemes and hence extended it to three describes the various advanced key management schemes for pro-
authenticated data reduction scheme. These schemes are more viding better authentication and data integrity.
efficacious and secure, nonetheless; still face some challenges Babamir and Davahli (2016) extended the block cipher with
which makes it unstable. variable-length key selected randomly. The keys generation is in

6
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

a randomized fashion and the key size increases dynamically; computing, it sends the key, and the encoded message to U as
hence, hard to recover the plain text without the knowledge of shown in Fig. 3d below:
the key. The proposed algorithm is discussed with the following
mathematical relations for encryption (Babamir and Davahli, Hence, to decode the message both use the session key and
2016): achieve the best computational speed by reducing the several
rounds with limited resources and enhance the security proofs.
MSjþ1 ¼ CT j
r jþ1 =K jþ1 ð4Þ
However, sending encrypted messages to the server increases
complexity and cost. Furthermore, if the third-party is not loyal
CT j ¼ MSjþ1 =K jþ1 ð5Þ
then it may jeopardize the security.
Thangarasu and Selvakumar (2018) proposed an enhanced
Rjþ1 ¼ CT j % MSjþ1 ð6Þ
encryption technique over sensor-cloud architecture for securing
CT jþ1 ¼ MSjþ1=2 jj Rjþ1 ð7Þ the session keys between hosts while utilizing a reliable service.
To enhance the validation of sensor nodes in the network modified
For decryptions the mentioned equations are as follows: Elliptical Curve Cryptography (ECC) algorithm and to remove the
CT jþ1 ¼ MSjþ1  Kjþ1 þ Rjþ1 ð8Þ complexity related to the finding of invaders in the network theory
of the Abelian group is used by this technique.
MSjþ1 ¼ Rjþ1 =CT jþ1 ð9Þ Chen and Qi (2018) proposed an advanced biometric-based
mutual authentication technique with the key agreement. To use
where MSj+1= (j + 1) the message block, CTj = jth Cipher Text, Rj+1 = other public-key cryptography, this technique uses the Elliptical
remaining of jth cipher text block, Kj+1= (j + 1) th key block, rj = initial Curve Cryptography with a small key size. The scheme is based
random number. on the certainty that every key for a particular session is enclosed
In this method, the key size is of variable length and starts with within two haphazard integers that vary every time. Regardless of
some random bits and increased step by step. The approach is whether an opponent obtains the private key of the server, to infer
based on randomization hence after calculating the last cipher text past keys for that session, they are required to extricate the associ-
i.e. Cj+1, authors generate a random value and the random place. ating two haphazard integers by solving the elliptic curve discrete
The random values are generated to be positioned somewhere in logarithm (ECDLP) problem which seems to be impossible. To proof
Cj+1 and the random place specifies where Cj+1 random value is the authentication, Burrows-Abadi-Needham (BAN) logic has been
positioned. Hence, the procured key has: random bits + random used. However, the proposed technique is secure and efficient, but
value + random place + key [1. . .j + 1], [MSj+1/2]. Thus, this may not accessible by the multi-server environment.
approach is more resistant against various attacks, and hence, Barbulescu and Duquesne (2017) works with attacks against
security increases more due to randomization which produces con- the pairings and proposes a new key size. In this paper, they esti-
fusion among the encrypted text. However, increased execution mate the complexity of the Special extended Tower Number Field
time and usage of extra memory space are some of the main lim- Sieve (SexTNFS) algorithm. For this author works the Number Field
itations of the approach. Sieve (NFS) variant and explains the NFS with the help of Fig. 4
Hazay et al. (2018) proposed a key generation protocol that below where am and an are roots of m and n in the field number
comprises sub-protocols: first they present a fully simulated proto- and where Om and On are the ring integers of the same fields. Then
col for producing a distributive RSA composite with no factoriza- m & n are two polynomials such that m, n 2 Zi[y], having a com-
tion problem. Authors also implement a two-party setting mon factor / modulo S, where S = N for a factor and S = pr for dis-
(Gilboa, 1999) under this sub-protocol by adopting a novel tech- crete logarithms.
nique of using two unique additively homomorphism encryption From this they find the complexity of the classical variant of
strategy that empowers to guarantee dynamic security easily. Sec- NFS:
ondly, they adopt the bi-Primality test for confirming the legiti-
macy of the produced composite and then generate the secret LS ½641 þ o ð1Þ where S ¼ N ð10Þ
share keys in the form of d  1 mod N  0 mod u (N). Lastly, they  
proposed a two-party distributed decryption protocol. 1=3
LS½c ¼ exp ðc=9Þ1=3 ðlog SÞ ðlog log SÞ
2=3
ð11Þ
Chie (2018) proposed a technique called a three-party authen-
ticated key agreement (3PAKA) that allows a couple of registered By using these complexities they generate new pairing param-
users to create the session keys employing authentic server. The eters which are 255-bit security levels. Finally, to ensure the bit
user formerly shared its secret key with the server. The author security level they work with the various curves like Barreto-
described the technique in which U wants to create a session with Naehrig (BN), BLS12, and KSS16. The authors also evaluated the
V and perform the following steps as shown in Fig. 3: optimal ate pairing complexity for each and every proposed curves
to assure the 128 bits of security. Hence, concluded, that BLS12 is a
Step1: In this scheme, U sends the message to V and upon more systematic option.
receiving V sends its encrypted message along with U’s message Katz and Vaikuntanathan (2013) introduced a system for build-
to the server shows that Fig. 3a below: ing password-based protocols that empower customers to reboot
Step 2: When server receives a request from V client, it uses the the frail shared key into a cryptographic key and authenticated
private key of U and V for encrypting the message and use the key exchange protocols that enable parties to share a secret key
public keys to produce a short-time public key gx and gy and safely over the uncertain network. This novel system is processed
return the following encryption to the clients as shown in where clients concurrently send messages to each other. To make
Fig. 3b below: a protected protocol for key exchange, the protocol applies a hash
Step 3: When U receives the response from the server then function and secure encryption scheme (Gen, Enc, Dec) as shown in
decrypt the message and compute session key and (gy) x. After Fig. 5 below.
computing it sends the key, and the encoded message to V as In the aforementioned Fig. 5, pwd represents the shared pass-
shown in Fig. 3c below: word, U and W are the clients; key1 and key2 are hash keys. In
Step 4: When V receives the response from the server then the above scenario, U selects a random hash key key1 and gener-
decrypt the message and compute session key and (gy) x. After ates S1 and CT1 and sends it to W. Similarly, W produces S2 and
7
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Fig. 3a. Client send encrypted message to Server.

Fig. 3b. Server returns Encrypted Message to Clients.

and finding the best possible ways to counter-attack them to pro-

vide a complete security framework for futuristic communications.
In this paper, we have discussed some important new generation
security algorithms and their improvements; besides, this section
gives a glimpse of the most important algorithms discussed in pre-
Fig. 3c. Send Key and message to Client V. vious sections along with the attacks they can able to mitigate. The
limitations and vulnerabilities are also mentioned in Table 2.

2.4. Quantum cryptography

Quantum is a new technology, which is generating an abun-

dance of opportunities to develop an entirely a new generation
Fig. 3d. Send Key and message to Client U.
of cyber security algorithms. A normal quantum computer will
be 10,000 times faster than classical computers, hence, the
researchers are working in-depth to bring out the best possibilities
CT2 and sends it to U. Upon receiving, U checks the validity of S2
of smart, intelligent and quantum safe cyber security algorithms
and CT2. If invalid, U simply rejects; otherwise, compute L2 and
This section discusses the Quantum based cryptography
SKU. However, this scheme builds a secure protocol for key
method and schemes, in this quantum era and the pertaining
exchange but the system depends upon non-interactive zero-
advantages.
knowledge (NIZK) proof which is computationally inefficient.

2.4.1. Quantum key distribution

2.3. Tradeoff of recent algorithms Shen et al. (2018) enlighten the biggest endanger which Quan-
tum cryptography brings to the security of existing cyberspace.
The standards such as RSA and AES are being used in several Classical cryptosystems work with a secret key; if the key is fragile,
applications, although, the recent advancements in computing then the entire framework will be disintegrated. Exploiting Quan-
facilities make these algorithms vulnerable to various attacks. tum Mechanical properties (Gisin et al., 2002) perform crypto-
The researchers are working to mitigate the new types of attacks graphic tasks. Chen (2015) worked on Quantum, which can be

Fig. 4. Number Field Sieve Variant, extended from Barbulescu and Duquesne (2017).

8
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Fig. 5. Key exchange protocol.

used in sharing secret messages, computing securely, and secures to use and he also uses random filters to compute the photon’s
communication among two parties. According to the author, quan- polarization.
tum cryptography utilizes quantum physics to make the communi- In the second phase, Clark apprise Ellie over the classical channel
cation secure over the network between the users. To defeat this; a neither the spin nor (0 or 1) just the filter he used. Ellie will reply
new key distribution technique based on quantum physics is intro- and keep the digits if both use the same filter else discard the digits.
duced called quantum key exchange-clients can do key sharing Clark and Ellie should now both have similar bits which are called a
along with preventing an illegitimate user from procuring the key. shift key as shown in Fig. 7. Since, Clark chooses the correct filter
Brassard and Bennett (2014) describe the Public Key Distribu- half the time on average 50% of the measures will be correct. How-
tion (PKD) that uses a quantum channel that is not only utilized ever, the remaining Qubits for which Clark use the wrong filter acci-
for sending messages, yet is legally used to transmit arbitrary bits dentally end up with the correct bit half the time just by chance.
between two clients who share no secret data initially. If the trans- This means 75% of Clark’s measurement will be correct.
mission has not been aggravated, they consent to utilize these Without any computation fault, if any of the comparable bits
shared secret bits in the notable route as a one-time pad (Chen, would be rejected, indicates the appearance of malicious intender
2015) to disguise the importance of consequent significant corre- on the secured-quantum channel (Elliott, 2004). This is on account
spondences, or for other cryptographic applications requiring of the malicious intender, Eve, endeavoring to acquire the key. Apart
shared secret random data else they dispose of it. from measuring the photon spin by passing them through filters, she
Quantum Key Distribution (QKD), instead of relying on the con- would have no other option. This is because of the quantum no-
cepts of mathematics, is based upon the laws of quantum physics cloning theorem (Wootters and Zurek, 1982). Now, suppose Ellie
to create the symmetric key (Ardehali et al., 2005). The first prac- pass the photon from rectilinear filter show guess correctly that it
tical QKD protocol (Brassard and Bennett, 2014), wherein two par- has vertical spin and note down 0, but if eve uses the diagonal filter
ties communicate by the usage of both classical and quantum the photon spin will be altered as passes through and incorrectly
communication channels as delineated in Fig. 6. Classical channel raises 0 and vice versa as shown in Fig. 8a and Fig. 8bs. Given that
(Chen et al., 2018) allows individual bits of information back and (Polak and Rieffel, 2000), as switching between the filters at random,
forth to pass through the channel just as same as they use the Eve will select the basis falsely about half of the time. On the off
internet and this channel uses classical bits which can be either chance that Eve has listened in on every one of the bits then after
0 or 1. Hence, no privacy holds here and the eavesdropper easily n bit correlations by Ellie and Clark, they will decrease the likelihood
get the bits and send the false data to a receiver. On the other hand, that Eve will go unseen to ¾n (Lomonaco, 1999). That’s how quan-
the quantum channel acts differently. Instead of transforming bits, tum physics protects from her knowing the key.
it transforms QUBITS (Quantum bits) (Nitaj, 2012; Moizuddin et al., In 1991, Ekert proposed the protocol (Ekert, 1991) that is based
2017). Qubits can be 0 or 1 at the same time. In physics, the num- on Bell’s theorem. Note that (Ekert, 1991) employs a pair of quan-
ber of physical objects that can be used as Qubits: a single photon tum bits (i.e., an EPR pair), which is essentially the same as
or electron. (Brassard and Bennett, 2014). Subsequently, in 1992, the improve-
Qubits represent bits and incorporate some special properties: ment (Bennett, 1992) of the scheme (Brassard and Bennett, 2014)
was put forward by Bennett. Instead of using two orthogonal states,
 Qubits cannot be copied. they go for single non-orthogonal states. Subsequently, many QKD
 It is impossible to determine whether a qubit can be processed protocols, (Gisin et al., 1995; Bruß, 1998; Christensen, 2004; Inoue
through which filter. et al., 2002; Brunner et al., 2005; Liu et al., 2013) have been pro-
posed with the same basic principles of quantum mechanics.
BB84 uses a photon having a property spin which can be chan-
ged when passes through any of the Rectilinear or diagonal filter as
shown in Table 3 below: 3. Security threats and challenges
In the first stage, Ellie starts sending the photons over a quan-
tum channel while switching between the filters at random to This section discusses the various threats and challenges faced
communicate with Clark. Although, Clark doesn’t know which filter by most of the researchers. Jelezko et al. (2010) on one hand
9
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Fig. 6. Quantum Communication Model.

Table 3 instance: RSA with key length 2048-bits (Rivest, 1978; Chen
BB84 encoding. et al., 2018), ElGamal (1985), ECC (Tseng, 2007), and many more
BASICS 0 1 that can easily be broken. Classical algorithms facing the two main
+ (Rectilinear Basics)
problems effectively known as the: factorization problem (Integer
factorization, 2018), elliptic-curve discrete logarithm problem
X (Diagonal Basics) (Elliptic-curve cryptography, 2018). Many researchers (Gilboa,
1999; William and Woodward, 2017; Chen et al., 2016) in their
paper unfolds the truth and describes the algorithm proposed by
Shor (1994), Lov and Grover (1996) which in polynomial time
describes a fact that quantum computing is a novel kind of figuring solves these problems efficiently. However, in many surveys
machine which permits calculations represented by quantum–me- (Brandl et al., 2016; Sullivan and Forget, 2018; IBM, 2018; EPSRC,
chanical procedures to permit ‘‘enormous parallelism at the phys- 2018) it has been revealed that till now quantum computers do
ical level”. They have given the superposition rule of quantum not exist but they will come into reality by 2025.
states which would accelerate the classical algorithms. Despite Another biggest threat to cybersecurity is the WannaCry ran-
its infancy, Shen et al. (2018) apprise the challenges that Quantum somware attack. Mustaca (Mustaca, 2014) and Brewer (2016)
computers bring to the classical cryptography algorithms, for describe the ransomware attack, which was initially happened in

Fig. 7. BB84 simulation.

10
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Fig. 8a. Eve Intercepts and random guess for qubits.

Fig. 8b. Eve intercepts and random Guess for Qubits.

2013. They presented a new variant of ransomware that encrypts ages of electromagnetic or even sound (Standaert, 2010). In this,
the files on the client’s system and then demands a ransom to the cryptographic algorithm is modeled as a grey box i.e., the
decrypt the files. Nanded and Pathak (2016) describe different attacker gains or leaks the intermediate information as shown in
types of ransomware attacks and their functions. WannaCry is also Fig. 9. Side channels are described to be the unplanned result of
one of the forms of ransomware worm, and a recent security alert the system.
occurred in May 2017. Many authors examined the concepts, char- Hall et al. (2000) and Kocher (1996) presented the leakage of
acteristics, exponential growth of WannaCry, and different mea- abstract information about the key. However, it ought to be
surements to resolve this attack (Hsiao and Kao, 2018; Mohurle stressed that a specific side-channel attack may not be a practical
and Patil, 2017; Tabone, 1988; Sabharwal, 2020). risk in a few situations.
Wang et al. (2018) introduced a novel quantum algorithm that According to the observation, Standaert (2010) categorized
breaks the RSA cryptosystem within the polynomial-time using these attacks between two orthogonal axes: Active vs. Passive
quantum inverse Fourier transform and phase estimation by com- attacks and Invasive vs. Non-Invasive attacks. An invasive attack
puting the order g of M of the RSA public-key (x, s = pq) 2 Mxg M may abstain from aggravating the device’s behavior, whereas a
(mod s). Since, when g is found, the plaintext P of RSA can easily be passive attack may require a fundamental indispensable data to
procured by computing P  Mxg-1 (mod s). Hence, a cipher text- be perceptible. There are different important methods and tech-
only attack is proposed to attack RSA whereas Ariffin et al. niques applied in SCA attacks as shown in Table 4:
(2014) proposed an attack on RSA, in which decryption exponents Bernstein (2005), Keller et al. (2007), Cock et al. (2018)
p1 and p2 share their most significant bits in relation with prime described cache timing attacks as the attacks in which the attacker
numbers x and y, which share their information of the least signif- measures the execution time it takes to execute cryptographic
icant bits. The scheme performs in a way that makes by improving operations for extracting the sensitive data. The reason behind
the bounds of previous attacks and make RSA insecure. the attack is that the execution time differs from the input. Conse-
Bar-On et al. (2018) presented efficient slide attacks. Due to slid quently, the attacker extricates keys by measuring the time taken
pairs, these slide attacks perform better than the standard slide to run each operation. Whereas, in Cache-Access Based Attacks,
attacks and complexity is not more than 2n. These attacks decrease an attacker monitors the security operations which includes data
the time complexity from 291 to 240 on the same 128-bit variant cache such as AES lookup table entries or AES T-table entry
of the GOST block cipher. (Osvik et al., 2010; Bangerter et al., 2011; Percival, 2005; Luo
Rather than focusing on mathematical properties of the crypto- et al., 2018), instruction cache (Aciiçmez, 2007), etc. Whenever
graphic system i.e., mapping amongst a plaintext and ciphertext, access is made by the user from the memory, the attacker monitors
some algorithms focus on implementation in hardware on physical the time it takes and; hence, extracts the encryption key. It has
devices that communicate with each other. These physical commu- effectively broken AES, DES, Camellia (Tsunoo, 2002), and many
nications can be actuated and checked by attackers and may bring cryptographic algorithms successfully. To implement cache side-
about data valuable in the cryptanalysis. channel attacks there are many methods which include
Attacking a Physical channel is very dangerous; they need to be Evict + Time (Osvik et al., 2006), Prime + Probe (Percival, 2005),
analyzed in detail. This kind of data is called side-channel data, and Flush + Reload (Bangerter et al., 2011). Osvik et al. (2006) introduce
the attacks abusing side-channel data are called side-channel Evict + Time and Prime + Probe methods in which intruders over-
attacks (SCA) (Badrignans et al., 2011). By exploiting various tech- flow the cache with his/her information called as Eviction and
niques and analyzing non-functional behaviors, these attacks extri- Prime step. In the former method, when the process was imple-
cate the key and confidential data from the devices such as Time mented by the victim, the attacker learned the data from its execu-
details, consumption of the power, and getting clues from the leak- tion time. Another yet important method to implement cache

11
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Fig. 9. Side channel attacks.

based attack is Flush + Reload which was initially proposed by 4. Conclusions

Bangerter et al. (2011) and they attacked AES L1- cache which
was further extended L3-cache by Falkner and Yarom (2014) for Cybersecurity pertains to the practices that prevent cyber
cross-core attacks. Eisenbarth et al. (2015) initially presented the attacks, data breaches, and security threats. In general, the term
idea of mounting a cross-VM AES key recovery attack and cybersecurity is left with many questions such as what types of
increased the performance by flushing the memory lines between challenged and threats faced by organizations? How to mitigate
the rounds. those attacks? Who is at the highest risk? What steps need to be
A scan-based side-channel attack is yet another tough test tech- taken to reduce the cyber-attacks and risks? Still, many more ques-
nique as well as the tool to fetch the key in the cryptosystem by tions are unanswered. This article describes the taxonomy of vari-
examines the scanned data. To retrieve the keys of DES, Karri ous existing standards for encryption and decryption of data with
et al. (2004) in 2004 came up with the idea to utilize scan chains the recent emerging trends and the challenges faced by these stan-
and implement it on hardware. While performing the hardware dards in cybersecurity.
implementations of NTRUEncrypt for retrieving the key, Kamal The commonly used security standards have been discussed
and Youssef (2012) utilizes Design-For –Test (DFT) technique in with their strengths and weaknesses. In recent times, cybersecurity
which the cryptanalyst recovers the keys using polynomial based reached a new level, being transformed into a pre-eminence for
multipliers of scan chain used in the decryption algorithm wherein digital business. However, some new approaches and methods
2013 Flottes (2013) presented a new novel technique targeted are getting introduced based on the digital growth rate and on
against DFT structure using scan chains. This novel attack is the other side, the hackers try new tools and technologies to chal-
adopted by all the cryptographic algorithms including AES, DES, lenge the security frameworks. Thenceforward, numerous other
RSA, ElGamal, and ECC. Scan-based attacks can also be imple- endeavors emanate. This paper provided a detailed review of the
mented using scan signatures, these are used to retrieve data from new advancements of the security standards of symmetric and
the entire stream as well as block ciphers (Fujishiro et al., 2014a, asymmetric algorithms developed by various researchers over
2014b, 2015). This technique is also useful in retrieving data from the period of time with the help of new algorithms, procedures,
many cryptosystems including RSA, HMAC-SHA-256 (Nara et al., and frameworks. The RSA started with a one-way function along
2010; Oku et al., 2018). with a factoring problem. Adversely, instead of using a one-way
A fault attack is a deliberate manipulating of the integrated cir- function to secure the data, researchers instead of employing
cuit or an electronic device (e.g., smartcard, HSM) with the intent prime numbers develop an improved RSA algorithm with the help
to incite or induce errors by putting the device in abnormal condi- of ring integers to solve the factoring problems. The authors also
tions such as light, high and low voltage, temperature, clock, etc. proposed the technique of merging DES and RSA to achieve good
the end goal to induce errors in such a way that it leads to the confidentiality along with minimal overhead. Likewise, all the
ingress of indispensable data such as PIN code recovery, accepting other recent advancements of the RSA algorithm are well docu-
false signatures, key recover.). To carry out a fault attack on inte- mented in this paper, the various key management schemes with
grated circuits successfully, Fault Injection, and Fault Exploitation their pros & cons are also discussed well. Further, the symmetric
are required (Benot, 2011). Kim et al. (2012) developed new encryption standards use XOR as their main function for transfer-
attacks that deal with all directions on Differential fault analysis ring the bits on to the classical and perilous channel, but in recent
(DFA) by finding the key based on differential knowledge between days, another interesting cryptography is prominently getting
precise and erroneous cipher text achieved by urging the faults. developed called quantum cryptography based on the law of phy-
The author works with random byte fault of the 1-byte model by sics. This technology uses Qubits to provide more security with the
reducing the pair of precise and wrong cipher text whereas Fan new set of algorithms, where cryptanalysis is not an easy task with
et al. (2017) proposed DFA on LBlock and impart that to retrieve respect to Qubits. The quantum computers bring challenges and
all information of key, least 13.3 faults are needed. have a destructive result on classical asymmetric cryptography

12
 J. Kaur and K .R. Ramkumar
Table 4
Summary of side channel attacks.

Type of Attacks Paper Experiment System Target Algorithm/Method Knowledge extracted Performance
Cache-Timing Attack (Adve et al., 2013) Intel i7-870 Address space layout Cache Probing Extract the Physical Probing attack 180 times
randomization (ASLR) address of system call
Handler
(Jia and Xie, 2016) high-precision RSA-SPA L2R AND R2L using Montgomery’s Extracted 1024 bits key 1536 modular multiplications
oscilloscope, smartcard algorithm modular multiplier
reader, fi1lter devices
(Genkin et al., 2017) Intel Xeon E5-2430 RSA (OpenSSL 1.0.2f) Cache-Bank Conflicts- Variant of Cache Extracted 4096 bits key 16,000 decryptions
Bleed
(Heinz et al., 2012) Cortex-A8 AES Barreto’s implementation (T-Tables Per key byte it bound to 1,600,000 samples
implementation) 4 choices
(Aldaya et al., 2018) Sandy Bridge 3.10 GHz, RSA (OpenSSL) Non constant-time binary GCD Key recovered 28% 10 K trials
Intel Core i5-2400 algorithm
Cache-Access Based (Osvik et al., 2010) Athlon 64 AES (OpenSS, Linux Prime + Probe with relevant information Full 128-bit AES 300 Encryptions
Attacks 2.6.11 dm-crypt) about lookup tables of Physical and
Virtual addresses
13

(Bangerter et al., 2011) Pentium M, Linux AES (OpenSSL 0.9.8n) Flush + Reload with The Completely Fair Full 128-bit AES secret Instruct the machine for 2 samples from
2.6.33.4 Scheduler (CFS) Key. 1,68,000 Encryptions, to recover the key it

Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx
need 100 encryptions
(Eisenbarth et al., Pentium 4E AES (OpenSSL 1.0.1f) Prime + Probe technique with L1 cache Full 128-bit AES secret 16.000 encryptions.
2015) Key.
(Adve et al., 2015) Xen 4.4 (Intel Xeon E5 ElGamal Prime + Probe technique Full breakage of key 79,900 experimentalexponentiations
2690), VMware ESXi 5.1 between 12 and 27 min
(Genkin et al., 2018) Chrome OS ElGamal and ECDH Portable Native Client (PNaCl) or Full extraction of RSA 8192 eviction sets with 22 ms with sample
58.0.3029.112, HP Elite WebAssembly with the variant and ElGamal keys time 3 min.
Book 8760w laptop Prime + Probe
Scan-Based Attacks (Nara et al., 2010) Window XP SP3, Intel RSA LSI Scan Signature RSA 1024-Bit secret key Minimum 29 messages required.
Atom 1.2 GHz extracted
(Fujishiro et al., 2014) Intel(R) Core(TM) i7- Trivium Stream Cipher Scan Chains- a Design-for-test 512-bit plain text from Required 30 cycles for maximum 4096 scan
2620 M 2.70GHZ X4 technique. cipher text generated chain length.
by Trivium
(Fujishiro et al., 2014) Intel(R) Core(TM) i7- LED Block Cipher Scan Chains- a Design-for-test Retrieved 64-Bit key 100 trials with 79 plain Texts.
2620 M 2.70GHZ X4 technique.
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

algorithms includes RSA, ECC, ElGamal, and symmetric cryptogra- Barbulescu, R., Duquesne, S., 2017. Updating key size estimations for pairings. J.
Cryptol. 1–39. https://doi.org/10.1007/s00145-018-9280-5.
phy algorithms such as DES, AES, RC5, and Blowfish. Over the years,
Bar-On, A., Biham, E., Dunkelman, O., Keller, N., 2018. Efficient slide attacks. J.
immense research is going on quantum computing, the quantum Cryptol. 31 (3), 641–670. https://doi.org/10.1007/s00145-017-9266-8.
computers can break the existing standards completely when they Bennett, C.H., 1992. Quantum cryptography using any two non-orthogonal states.
come into real time implementations. Furthermore, the hardware Phys. Rev. Lett. 68 (21), 3121. https://doi.org/10.1103/PhysRevLett.68.3121.
Benot, O.: Fault attack. In Encyclopedia of Cryptography and Security. Springer,
implementations of security algorithms are being developed by Boston, ssss 452-453. (2011). doi: 10.1007/978-1-4419-5906-5.
various researchers along with the software implementations to Bernstein, D. J.: Cache-timing Attacks on AES. http://cr.yp.to/papers.
achieve the goal of speed, complexity, and correctness, but html#cachetiming. (2005).
Bhanot, R., Hans, R., 2015. A review and comparative analysis of various encryption
researchers need to be cautious to avoid side-channel attacks that algorithms. Int. J. Sec. Its Appl. 9 (4), 289–306. https://doi.org/10.14257/
incorporate timing attack, cache attack, scan-based attack, fault ijsia.2015.9.4.27.
and differential based attacks. There are many practical trials to Biham, E., 1994. New types of cryptanalytic attacks using related keys. J. Cryptols. 7
(4), 229–246. https://doi.org/10.1007/BF00203965.
break the AES and RSA by timing attacks and symmetric ciphers Biham, E., Biryukov, A., 1997. An improvement of davies’ attack on DES. J. Cryptol.
such as a stream, block, or Trivium ciphers are prone to scan- 10 (3), 195–205. https://doi.org/10.1007/s001459900027.
based attacks. Biham, E., Shamir, A., 2012. Differential Cryptanalysis of the Data Encryption
Standard. Springer, New York.
Our main aim is to provide an aspect of interesting advance- Biswas, G. P., Mohit, P., Modification of Symmetric-Key DES into Efficient
ments and challenges that cybersecurity brings to researchers. Asymmetric-Key DES using RSA. In Proceedings of the Second International
The prominent methods and algorithms that are available to solve Conference on Information and Communication Technology for Competitive
Strategies. ACM,New York, NY, USA .136. (2016). doi: 10.1145/
all security-related problems, their challenges, and new technolo-
2905055.2905352.UKI
gies such as Quantum computing and Quantum mechanics all are Brandl, M.F., Martinez, E.A., Monz, T., Nigg, D., Rines, R., Schindler, P., Blatt, R., 2016.
discussed in detail. This paper is a complete survey that covers Realization of a scalable shor algorithm. Science 351 (6277), 1068–1070.
all aspects of cybersecurity and will create an avenue for the new https://doi.org/10.1126/science.aad9480.
Brassard, C.H.B.G., Bennett, C.H., 2014. Quantum cryptography: public key
researchers to carry over the further steps to enrich this domain distribution and coin tossing. Theor. Comput. Sci. 560 (P1), 7–11. https://doi.
with advanced techniques for future applications. The next gener- org/10.1016/j.tcs.2014.05.025.
ation of security algorithm could be based on polynomials, in liter- Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Netw. Sec.
2016 (9), 5–9. https://doi.org/10.1016/S1353-4858(16)30086-1.
ature, there is a limited availability of polynomial based Brunner, N., Gisin, N., Stucki, D., Scarani, V., Zbinden, H., 2005. Fastsnd simple one-
encryption. We found it has a very good scope to include polyno- way quantum key distribution. Appl. Phys. Lett. 87 (19). https://doi.org/
mials in the array of security algorithms. 10.1063/1.2126792.
Bruß, D., 1998. Optimal eavesdropping in quantum cryptography with six states.
Phys. Rev. Lett. 81 (14), 3018–3021. https://doi.org/10.1103/
PhysRevLett.81.3018.
References Chen, C.Y., 2015. Quantum cryptography and its applications over the internet. IEEE
Netw. 29 (5), 64–69. https://doi.org/10.1109/MNET.2015.7293307.
Chen, W., Du, W., Ma, W., Li, J., Li, N., Zhang, Y., 2018. A survey on quantum
Abdallah, A.E., Mahbub, K., Palomar, E., Wagner, T.D., 2018. A novel trust taxonomy
cryptography. Chin. J. Electron. 27 (2), 223–228. https://doi.org/10.1049/
for shared cyber threat intelligence. Sec. Commun. Netw. https://doi.org/
cje.2018.01.017.
10.1155/2018/9634507. Article 9634507.
Chen, X., Li, J., Shen, J., Susilo, W., Zhou, T., 2018. Anonymous and traceable group
Aciiçmez, O., Yet another Microarchitectural Attack: Exploiting I-Cache. In
data sharing in cloud computing. IEEE Trans. Inform. Foren. Sec. 13 (4), 912–
Proceedings of the 2007 ACM workshop on Computer security architecture.
925. https://doi.org/10.1109/TIFS.2017.2774439.
ACM, Fairfax, Virginia, USA .11-18. (2007). doi: 10.1145/1314466.1314469.
Chen, J., Qi, M., 2018. New robust biometrics-based mutual authentication scheme
Adve, V., Criswell, J., Dautenhahn, N., Practical timing side channel attacks against
with key agreement using elliptic curve cryptography. Multimedia Tools Appl.
kernel space ASLR. In 2013 IEEE Symposium on Security and Privacy. IEEE,
77 (18), 23335–23351. https://doi.org/10.1007/s11042-018-5683-4.
Berkeley, CA, USA. 191-205.(2013).DOI: http://doi.ieeecomputersociety.org/
Chie, H., 2018. Using the modified Diffie-Hellman problem to enhance client
10.1109/SP.2013.23.
computational performance in a three-party authenticated key agreement.
Adve, V., Criswell, J., Dautenhahn, N., Last-Level Cache Side-Channel Attacks are
Arab. J. Sci. Eng. 43 (2), 637–644. https://doi.org/10.1007/s13369-017-2725-6.
Practical. In Proceedings of 2015 IEEE Symposium on Security and Privacy.IEEE,
Chowhan, S. S, Jaju, S. A.: A Modified RSA Algorithm to Enhance Security for Digital
San Jose, CA, USA . 605-622. (2015). doi: 10.1109/SP.2015.43.
Signature. In Proceedings of International Conference and Workshop on
Aggarwal, D., Maurer, U., 2016. Breaking RSA generically is equivalent to factoring.
Computing and Communication. IEEE, Vancouver, BC, Canada. 1-5. (2015).
IEEE Trans. Inform. Theory 62 (11), 6251–6259. https://doi.org/10.1109/
DOI: https://doi.org/10.1109/IEMCON.2015.7344493.
TIT.2016.2594197.
Christensen, Iversen, B. B., M., Toberer, E. S., Snyder, G. J.:Quantum Cryptography
Albrechtsen, Eirik, 2007. Qualitative study of users’ view on information security.
Protocols Robust Against Photon Number Splitting Attacks for Weak Laser Pulse
Comput. Sec. 26 (4), 276–289. https://doi.org/10.1016/j.cose.2006.11.004.
Implementations. Phys. Rev. Lett. 92(5). (2004). doi: 10.1103/
Aldaya, A.C., Brumley, B.B., García, C.P., Tapia, L.M.A., 2018. Cache-timing attacks on
PhysRevLett.92.057901.
RSA Key generation. IACR Cryptol. ePrint Archives 367, 4.
Cock, D., Heiser, G., Ge, Q., Yarom, Y., 2018. A survey of microarchitectural timing
Apostolopoulos, T., Gritzalis, D., Mitrou, L., Pipyros, K., Thraskias, C., 2018. A new
attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. 8 (1),
strategy for improving cyber-attacks evaluation in the context of tallinn
1–27. https://doi.org/10.1007/s13389-016-0141-6.
manual. Comput. Sec. 74 (3), 371–383. https://doi.org/10.1016/
Conti, M., Dargahi, T., Dehghantanha, A., 2018. Cyber Threat Intelligence. Springer
j.cose.2017.04.007.
International Publishing, Switzerland. ISBN: 978-3-319-73950-2.
Ardehali, M., Ardehali, M., Lo, H.K., 2005. Efficient quantum key distribution scheme
Dagmar, B., Gabor, E., Jorg, R., Tim, M., Tobias, R., 2007. Quantum cryptography: a
and a proof of its unconditional security. J. Cryptol. 18 (2), 133–165. https://doi.
survey. ACM Comput. Surv 39 (2), 6. https://doi.org/10.1145/
org/10.1007/s00145-004-0142-y.
1242471.1242474.
Ariffin, M. R. K., Bahig, H. M., Nitaj, A., Nassr, D.I., New attacks on the RSA
Dhole, A., Verma, V., 2012. Analysis of comparison between single encryption
Cryptosystem. In Proceedings of the International Conference on Cryptology in
(Advance Encryption Scheme (AES)) and Multicrypt Encryption Scheme. Int. J.
Africa. Springer, Africa.178-198.(2014)DOI:https://doi.org/10.1007/978-3-319-
Sci. Res. Publ. 2 (4), 90–94.
06734-6_12.
Diehl, E., Ten Laws for Security. Springer, Cham. (2016).ISBN: 978-3-319-42641-9.
Arora, Bhavna, 2016. Exploring and analyzing Internet crimes and their behaviours.
Diffie, W., Hellman, H., New directions in cryptography.IEEE Transactions on
Perspect. Sci. 8 (7), 540–542. https://doi.org/10.1016/j.pisc.2016.06.014.
Information Theory. 22(6).644–654. (1976). doi: 10.1109/TIT.1976.1055638.
Aslam N., Chowdhury C., Roy M, 2020. Security and privacy issues in wireless sensor
Djekic, A Scytale – Cryptography of the Ancient Sparta. Australian Science.(2013)
and body area networks. Gupta B., Perez G., Agrawal D., Gupta D. (eds)
Retrieved Jun 30, 2018 from http://www.australianscience.com.au/technology/
Handbook of Computer Networks and Cyber Security.173-200.2020.Springer,
a-scytale-cryptography-of-the-ancient-sparta/.AccessedJun 30, 2018.
Cham.doi: 10.1007/978-3-030-22277-2_7.
Dwivedi, A., 2011. A model of key agreement protocol using polynomials over non-
Babamir, S.M., Davahli, A., 2016. Indefinite block ciphering based on variable and
cummutative division semirings. J. Global Res. Comput. Sci. 2 (3).
great length key. Sec. Commun. Netw. 9 (18), 5533–5546. https://doi.org/
Eisenbarth, T., Irazoqui, G., Sunar, B., A Shared Cache Attack that Works Across Cores
10.1002/sec.1715.
and Defies VM Sandboxing–and its Application to AES. In Proceedings of 2015
Badrignans, B., Danger, J. L., Fischer, V., Gogniat, G., Torres, L. (Eds.).:Security trends
IEEE Symposium on Security and Privacy.IEEE, San Jose, CA, USA . 591-604.
for FPGAS: From secured to secure reconfigurable systems. Springer Science &
(2015). doi: 10.1109/SP.2015.42.
Business Media.(2011).s
Eisenbarth, T., Inci, M. S., Irazoqui, G., Gülmezoğlu, B., Sunar, B.: A Faster and More
Bangerter, E., Gullasch, D., Krenn, S., Cache games–Bringing Access-Based Cache
Realistic Flush+ Reload Attack on AES. Springer, Cham. 111-126. (2015).DOI:
Attacks on AES to Practice. InProceedings of 2011 IEEE Symposium on Security
https://doi.org/10.1007/978-3-319-21476-4_8.
and Privacy. IEEE, Berkeley, CA, USA. 490-505. (2011). doi: 10.1109/SP.2011.22.

14
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Ekert, Artur K., 1991. Quantum cryptography based on bell’s theorem. Phys. Rev. Inoue, K., Waks, E., Yamamoto, Y., 2002. Differential phase shift quantum key
Lett. 67 (6), 661. https://doi.org/10.1103/PhysRevLett.67.661. distribution. Phys. Rev. Lett. 89 (3). https://doi.org/10.1103/
ElGamal, T., 1985. A public key cryptosystem and a signature scheme based on PhysRevLett.89.037902.
discrete logarithms. IEEE Trans. Inform. Theory 31 (4), 469–472. https://doi.org/ Integer factorization. https://en.wikipedia.org/wiki/Integer_factorization. Accessed
10.1109/TIT.1985.1057074. August 25, 2018.
Elliott, C., 2004. Quantum cryptography. IEEE Sec. Privacy 2 (4), 57–61. https://doi. International Telecommunications Union (ITU).X. 1205: Overview of Cyber
org/10.1109/MSP.2004.54. Security. https://www.itu.int/rec/T-REC-X.1205-200804-I. AccessedAugust
Elliptic-curve cryptography. https://en.wikipedia.org/wiki/Elliptic-curve_ 20, 2018.
cryptography. Accessed August 25, 2018. ISO. Guidelines for Cyber Security. http://www.iso27001security.com/html/27032.
Emmanuel, S., Thomas, T., Vijayaraghavan, A.P., 2020. Machine learning and html. Accessed August 18, 2018.
cybersecurity. In: Machine Learning Approaches in Cyber Security Analytics. Jasper, Scott E., 2017. US cyber threat intelligence sharing frameworks. Int. J. Intell.
Springer, Singapore, pp. 37–47. https://doi.org/10.1007/978-981-15-1706- Count. Intell. 30 (1), 53–65. https://doi.org/10.1080/08850607.2016.1230701.
8_3. Jelezko, F., Ladd, T.D., Laflamme, R., Monroe, C., Nakamura, Y., O’Brien, J.L., 2010.
EPSRC.: Quantum Technologies. https://www.epsrc.ac.uk/research/ourportfolio/ Quantum computers. Nature 464 (7285), 45–53. https://doi.org/
themes/quantumtech/. Accessed August 28, 2018. 10.1038/nature08812.
Falkner, K., Yarom, Y., FLUSH+ RELOAD: A High Resolution, Low Noise, L3 Cache Jia, J., Liu, J., Zhang, H., 2017. Cryptanalysis of schemes based on polynomial
Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium. symmetrical decomposition. Chin. J. Electron. 26 (6), 1139–1146. https://doi.
USENIX, San Diego, CA, US. 22-25. (2014). ISBN:978-1-931971-15-7. org/10.1049/cje.2017.05.005.
Fan, C., Rong, Y ., Wei, Y.: Differential Fault Attacks on Lightweight Cipher LBlock. Jia, F., Xie, D., 2016. A unified method based on SPA and timing attacks on the
FundamentaInformaticae. 157(1-2).125-139.(2018). doi: 10.3233/FI-2018- improved RSA. China Commun. 13 (4), 89–96. https://doi.org/10.1109/
1621. CC.2016.7464126.
Fiedelholtz: Incident Response and Recovery. The Cyber Security Network Guide. Kamal, A. A., Youssef, A.M., A Scan-Based Side Channel Attack on the NTRUEncrypt
Studies in Systems, Decision and Control, vol 274. 2021.Springer, Cham. DOI: Cryptosystem. In Proceedings of the 2012 Seventh International Conference on
https://doi.org/10.1007/978-3-030-61591-8_4. Availability, Reliability and Security. IEEE, Prague, Czech Republic. 402-409.
Flottes, Natale, G. D., M. L., Rolt, J. D., Rouzeyre, B.: A Novel Differential Scan Attack (2012). doi: 10.1109/ARES.2012.14.
on Advanced DFT Structures. ACM Transactions on Design Automation of Kapczynski, A., Lawnik, M., 2019. The application of modified Chebyshev
Electronic System.18 (4).58. (2013). doi: 10.1145/2505014. polynomials in asymmetric cryptography. Comput. Sci. 20 (3). https://doi.org/
Fujisaki, E., 2018. All-but-many encryption. J. Cryptol. 31 (1), 226–275. https://doi. 10.7494/csci.2019.20.3.3307.
org/10.1007/s00145-017-9256-x. Karri, R., Yang, B., Wu, K., Scan based side channel attack on dedicated hardware
Fujisaki, E., Okamoto, T., 2013. Secure integration of asymmetric and symmetric implementations of data encryption standard. In Proceedings of the 2004
encryption schemes. J. Cryptol. 26 (1), 80–101. https://doi.org/10.1007/s00145- International Conference on Test. IEEE, Charlotte, NC, USA .339-344.(2004).
011-9114-1. (2004). doi: 10.1109/TEST.2004.1386969.
Fujishiro, M., Togawa, N., Yanagisawa, M., 2014a. Scan-based attack against trivium Katz, J., Vaikuntanathan, V., 2013. Round-optimal password-based authenticated
stream cipher using scan signatures. IEICE Trans. Fundament. Electron. key exchange. J. Cryptol. 26 (4), 714–743. https://doi.org/10.1007/s00145-012-
Commun. Comput. Sci. 97 (7), 1444–1451. https://doi.org/10.1587/transfun. 9133-6.
E97.A.1444. Keller, N., Miller, S. D., Mironov, I., Venkatesan, R., Cache Based Remote Timing
Fujishiro, M., Togawa, N., Yanagisawa, M., 2014b. Scan-based side-channel attack on Attack on the AES. In Proceedings of Cryptographer’s Track at the RSA
the LED block cipher using scan signatures. IEICE Trans. Fundament. Electron. Conference. Springer, Berlin, Heidelberg. 271-286. (2007). doi: 10.1007/
Commun. Comput. Sci. 97 (12), 2434–2442. https://doi.org/10.1587/transfun. 11967668_18.
E97.A.2434. Kim, C.: Improved Differential Fault Analysis on AES Key Schedule. IEEE
Fujishiro, M., Jiang, H., Kodera, H., Togawa, N., Yanagisawa, M.: Scan-Based Side- Transactions on Information Forensics and Security. 7(1). 41-50.(2012). doi:
Channel Attack on the Camellia Block Cipher Using Scan Signatures. IEICE 10.1109/TIFS.2011.2161289.
Transactions on Fundamentals of Electronics, Communications and Computer Kocher, P. C., Timing Attacks on Implementations of Diffie- Hellman, RSA, DSS, and
Sciences. 98(12).2547-2555.(2015).DOI:https://doi.org/10.1587/transfun.E98. other Systems.InProceedings of the Annual International Cryptology
A.2547. Conference. Springer, Berlin, Heidelberg.104–113.(1996).DOI:https://doi.org/
Genkin, D., Pachmanov, L., Tromer, E., Yarom, Y., sDrive-By Key-Extraction Cache 10.1007/3-540-68697-5_9.
Attacks from Portable Code. In Proceedings of the International Conference on Lily Chen, Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray
Applied Cryptography and Network Security. Springer. 83-102.(2018). doi: Perlner, Daniel Smith-Tone, Report on Post-Quantum Cryptography. US
10.1007/978-3-319-93387-0_5. Department of Commerce, National Institute of Standards and Technology.
Genkin, D., Heninger, N., Yarom, Y., 2017. CacheBleed: a timing attack on OpenSSL (2016). doi: 10.6028/NIST.IR.8105.
constant-time RSA. J. Cryptogr. Eng. 7 (2), 99–112. https://doi.org/10.1007/ Liu, Y.T.Y., Chen, L.J., Wang, H., Liang, G.L., Shentu, J., Wang, X., 2013. Ma
s13389-017-0152-y. Experimental measurement-device-independent quantum key distribution.
Gilboa, N., Two party RSA key generation. In Proceedings of Annual International Phys. Rev. Lett. 111 (13), 130502. https://doi.org/10.1103/
Cryptology Conference. Springer, Berlin, Heidelberg.116-129. (1999). doi: PhysRevLett.111.130502.
10.1007/3-540-48405-1_8. Lomonaco, S.J., 1999. A quick glance at quantum cryptography. Cryptologia 23 (1),
Gisin, N., Huttner, B., Imoto, N., Mor, T., 1995. Quantum cryptography with coherent 1–41. https://doi.org/10.1080/0161-119991887739.
states. Phys. Rev. A Atom. Mol. Opt. Phys. 51 (3), 1863–1869. https://doi.org/ Lov, K., Grover, L.K., A Fast Quantum Mechanical Algorithm for Database Search. In
10.1103/PhysRevA.51.1863. Proceedings of the twenty-eighth annual ACM symposium on Theory of
Gisin, N., Ribordy, G., Tittel, W., 2002. Quantum cryptography. Rev. Modern Phys. 74 computing. ACM, Philadelphia, Pennsylvania, USA 212-219. (1996).DOI:
(1), 145. https://doi.org/10.1103/RevModPhys.74.145. http://dx.doi.org/10.1145/237814.237866.
Gómez, B., 2009. Hidden Irreducible Polynomials: A Cryptosystem Based on Lunt, Barry M., Rowe, Dale C., Ekstrom, Joseph J., 2011. In: The Role of Cyber-
Multivariate Public Key Cryptography. Cryptology ePrint Archive, Report. Security in Information Technology Education. Information Technology
Hall, C., Kelsey, J., Schneier, B., Wagner, D., 2000. Side channel cryptanalysis of Education, ACM, New York, NY, USA, pp. 113–122.
product ciphers. J. Comput. Sec. 8 (2–3), 141–158. https://doi.org/10.3233/JCS- Luo, X., Qi, Y., He, J., Wang, Q., Wan, Y., 2018. Access-driven cache attack resistant
2000-82-304. and fast AES Implementation. Int. J. Embedded Syst. 10 (1), 32–40. https://doi.
Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T., Nicolosi, A.A., 2018. Efficient RSA key org/10.1504/IJES.2018.089429.
generation and threshold paillier in the two-party setting. J. Cryptol. 1–59. Maheswara, R., Valluri, 2012. Authentication schemes using polynomials over non-
https://doi.org/10.1007/s00145-017-9275-7. commutative rings. Int. J. Cryptogr. Inform. Sec. 2 (4), 51–57. https://doi.org/
Heinz, B., Stumpf, F., Weiß, M., A cache timing attack on AES in Virtualization 10.5121/ijcis.2012.2406.
Environments.In Proceedings of the International Conference on Financial Mitsuru Matsui, Linear Cryptanalysis Method for DES Cipher. In Proceedings of
Cryptography and Data Security. Springer, Berlin, Heidelberg.314-328.(2012). International Workshop on the Theory and Application of Cryptographic
doi: 10.1007/978-3-642-32946-3_23. Techniques. Springer, Berlin, Heidelberg. 386-397. (1993). doi: 10.1007/3-
Hsiao, S. C., Kao, D.Y., The Dynamic Analysis of WannacryRansomware. In 540-48285-7_33.
Proceedings of the 20th International Conference on Advanced Michel E. Kabay ME, Eric Salveggio, Robert Guess, Russell D. Rosco. Computer
Communication Technology (ICACT) . IEEE, Chuncheon-siGangwon-do, Security Handbook (6th. ed.). Wiley Online Library. (2015).ISBN:
Korea.159-166.(2018). (2018). doi: 10.23919/ICACT.2018.8323682. 9781118134115.
Huang, X., Liu, J., Ma, J., Xiang, Y., Zhou, W., Data Authentication with Privacy Miller, J., Parkinson, S., Ward, P., Ward, P., 2017. Cyber threats facing autonomous
Protection. In Advances in Cyber Security: Principles, Techniques, and and connected vehicles: future challenges. IEEE Trans. Intell. Transport. Syst. 8
Applications.115-142. 2019. Springer, Singapore. doi: 10.1007/978-981-13- (11), 2898–2915. https://doi.org/10.1109/TITS.2017.2665968.
1483-4_6. Pradosh K. Mohapatra, Public Key Cryptography. Crossroads. 7(1). 14-22.(2000).
Hwang, S.O., Le, M.H., Kim, I., 2016. Efficient certificate-based encryption schemes doi: 10.1145/351092.351098.
without pairing. Sec. Commun. Netw. 9 (18), 5376–5391. https://doi.org/ Mohurle, S., Patil, M., 2017. A Brief study of wannacry threat: ransomware attack
10.1002/sec.1703. 2017. Int. J. Adv. Res. Comput. Sci. 8 (5).
IBM, Quantum Computing Primer. https://www.research.ibm.com/ Moizuddin, M.,Qayyum, M., Winston, J.: A Comprehensive Survey: Quantum
quantum/expertise.html. Accessed August 28, 2018. Cryptography. In Proceedings of 2nd International Conference on Anti-Cyber

15
J. Kaur and K .R. Ramkumar Journal of King Saud University – Computer and Information Sciences xxx (xxxx) xxx

Crimes. IEEE, Abha, Saudi Arabia. 98-102. (2017). DOI: https://doi.org/10.1109/ Bruce Schneier. 2018. Crypto- Gram. https://www.schneier.com/crypto-gram/
Anti-Cybercrime.2017.7905271. archives/2018/0615.html#1. AccessedAugust 18, 2018
Mustaca, S., 2014. Are your IT professionals prepared for the challenges to come?. Shen, J., Shen, J., Wang, C., Zhou, T., 2018. Quantum cryptography for the future
Comput. Fraud Sec. 2014 (3), 18–20. https://doi.org/10.1016/S1361-3723(14) internet and the security analysis. Sec. Commun. Netw.. https://doi.org/
70472-5. 10.1155/2018/8214619. Article 8214619.
Nanded, Y Mss, Pathak, P.B., 2016. A dangerous trend of cybercrime: Shor, P. W., Algorithms for Quantum Computation: Discrete Logarithms and
ransomware growing challenge. Int. J. Adv. Res. Comput. Eng. Technol. 5 (2), Factoring. In Proceedings 35th Annual Symposium on Foundations of
371–373. Computer Science. IEEE, Santa Fe, NM, USA.124-134. (1994).DOI: http://
Nara, R., Ohtsuki, T., Satoh, K., Togawa, N., Yanagisawa, M., 2010. Scan-based side- dx.doi.org/10.1109/SFCS.1994.365700.
channel attack against RSA cryptosystems using scan signatures. IEICE Trans. Simmons, Gustavus J., 1979. Symmetric and asymmetric encryption. ACM Comput.
Fundament. Electron. Commun. Comput. Sci. 93 (12), 2481–2489. https://doi. Surv. 11 (4), 305–330. https://doi.org/10.1145/356789.356793.
org/10.1587/transfun.E93.A.2481. Smit, D.M., 2015. Cyber bullying in south african and american schools: a legal
Niekerk, Johan V., Solms, Rossouw V., 2013. From information security to cyber comparative study. S. Afr. J. Educ. 35 (2), 1076–1087. https://doi.org/10.15700/
security. Comput. Sec. 38 (7), 97–102. https://doi.org/10.1016/ saje.v35n2a1076.
j.cose.2013.04.004. William Stallings. Cryptography and Network Security(4/E). Pearson Education,
NIST. Withdrawal of FIPS 46-3 FIPS 74 and FIPS 81. https://csrc.nist.gov/news/2005/ India. (2006). ISBN: 9788177587746.
withdrawal-of-fips-46-3-fips-74-and-fips-81. Accessed June 14, 2018 Standaert, F. X. .: Secure Integrated Circuits and Systems. Springer, Boston, MA, USA.
Abderrahmane Nitaj, Quantum and post quantum cryptography, (2012), Available (2010).ISBN: 978-0-387-71827-9.
at: https://pdfs.semanticscholar.org/25d9/ Federal Information Processing Standard. https://en.wikipedia.org/wiki/Federal_
82dfdaa93976dda7fd8dfdae8e12c7b28bb4.pdf. Information_Processing_Standard. Accessed August 25, 2018.
Oku, D., Togawa, N.,Yanagisawa, M.: Scan-Based Side-Channel Attack against Sullivan, B., Forget AI, Real quantum computers By 2025 Are Truly Achievable.
HMAC-SHA-256 Circuits Based on Isolating Bit-Transition groups using Scan https://www.silicon.co.uk/e-innovation/microsoft-quantum-computers-2025-
Signatures. IPSJ Transactions on System LSI Design Methodology. 11.16-28. 179064?inf_by=5bcd6ff1671db87b368b4de0. Accessed August 28, 2018.
(2018). doi: 10.2197/ipsjtsldm.11.16. Tabone, S. R., Cyber Security 51 Handy Things To Know About Cyber Attacks: From
Osvik, D. A., Shamir, A., Tromer, E.:Cache Attacks and Countermeasures: The Case of the first Cyber Attack in 1988 to the WannaCryransomware 2017 (1st. ed.).ACM,
AES. In Proceedings of Cryptographer’s Track at the RSA Conference. Springer, USA .(2017).ISBN:1546841164 9781546841166.
Berlin, Heidelberg. 1-20. (2006). doi: 10.1007/11605805_1. Thangarasu, N., Selvakumar, A.A.L., 2018. Improved elliptical curve cryptography and
Osvik, D.A., Shamir, A., Tromer, E., 2010. Efficient cache attacks on AES, and abelian group theory to resolve linear system problem in sensor-cloud cluster
countermeasures. J. Cryptol. 23 (1), 37–71. https://doi.org/10.1007/s00145- computing. Cluster Comput. 1. https://doi.org/10.1007/s10586-017-1573-1.
009-9049-y. Tseng, Yuh-Min, 2007. An efficient two-party identity-based key exchange protocol.
Percival, C., Cache missing for Fun and Profit. BSDCan, Ottawa. http:// Informatica 18 (1), 125–136.
www.daemonology.net/hyperthreading-considered-harmful/. (2005). Tsunoo, Y.S. Crypt-Analysis of Block Ciphers Implemented on Computers with
Polak, W., Rieffel, E., 2000. An introduction to quantum computing for non- Cache. In preproceedings of ISITA. Article10026863967. (2002), [online]
physicists. ACM Comput. Surv. 32 (3), 300–335. https://doi.org/10.1145/ Available: https://ci.nii.ac.jp/naid/10026863967/.
367701.367709. UKCyber Security Strategy. National Cyber Security Strategy 2016 to 2021. https://
Rivest, R.L., 1978. A method for obtaining digital signatures and public-key www.gov.uk/government/publications/national-cyber-security-strategy-2016-
cryptosystems. Commun. ACM 21 (2), 120–126. https://doi.org/10.1145/ to-2021. Accessed July 10, 2018
359340.359342. Vaudenay, S.A., Classical introduction to cryptography: applications for
Ruohonen, J., 2019. An acid test for europeanization: public cyber security communications security. Springer, US. (2006).ISBN: 978-0-387-25464-7.
procurement in the European union. Eur. J. Sec. Res., 1–29 https://doi.org/ Wang, Y., Wang, H., Zhang, H., 2018. Quantum sfor RSA. China Commun. 15 (2), 25–
10.1007/s41125-019-00053-w. 32. https://doi.org/10.1109/CC.2018.8300269.
Sabharwal, S., & Sharma, S.: Ransomware Attack: India Issues Red Alert. Emerging William, B., Woodward, A., 2017. Will quantum computers be the end of public key
Technology in Modelling and Graphics. Springer, Singapore. 471-484. (2020). encryption. J. Cyber Sec. Technol. 1 (1), 1–22. https://doi.org/10.1080/
DOI:https://doi.org/10.1007/978-981-13-7403-6_42. 23742917.2016.1226650.
Schneier, B, Description of a New Variable-Length Key, 64-bit Block Cipher Wootters, William K., Zurek, Wojciech H., 1982. A single quantum cannot be cloned.
(Blowfish). In Proceedings of the International Workshop on Fast Software Nature 299 (5886), 802–803. https://doi.org/10.1234/12345678.
Encryption. Springer, Berlin, Heidelberg. (1993). doi: 10.1007/3-540-58108-
1_24.

16