To see the other types of publications on this topic, follow the link: Cryptography Authentication.
Dissertations / Theses on the topic 'Cryptography Authentication'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Cryptography Authentication.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Melin, Tomas, and Tomas Vidhall. "Namecoin as authentication for public-key cryptography." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-108413.
Full textAbstract:
Public-key cryptography is a subject that is very important to everyone who wants confidentiality and privacy in networks. It is important to understand how public-key cryptography systems work and what flaws they have. In the first part of this report we describe some of the most common encryption schemes and key agreements. We carefully investigate their flaws, if they are broken and what threats have dire consequences. We find that the biggest issue is authentication and we present current solutions to the problem. The current solutions are flawed because they rely too much on trusting different entities. It is only required that one trusted entity becomes malicious for the entire authentication system to be compromised. Because of this we propose an alternative system in the second part, Namecoin. A risk analysis in form of an attack tree is performed on the Namecoin system, where we describe how the attacks are executed and what you can do to prevent them. We present different threats against the system and we describe how dire the consequences are and the probability of their execution. Since Namecoin is an implementation of the block chain algorithm we have also explained how the block chain works in detail. We present why we think that Namecoin is a system that should replace the currently used certificate authority system. The certificate authority system is flawed because it is centralized and dependant on that no authority makes any mistakes. The Namecoin system does not become compromised unless more than 50 % of the hashrate in the system is used with malicious intent. We have concluded that the biggest threats against Namecoin have such a low probability that they can be neglected.
2
Wright, Moriah E. "RSA, Public-Key Cryptography, and Authentication Protocols." Youngstown State University / OhioLINK, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1339297480.
Full text
3
Ferradi, Houda. "Integrity, authentication and confidentiality in public-key cryptography." Thesis, Paris Sciences et Lettres (ComUE), 2016. http://www.theses.fr/2016PSLEE045/document.
Full textAbstract:
Cette thèse présente des résultats appartenant aux trois thèmes fondamentaux de la cryptographie à clé publique : l’intégrité, l’authentification et la confidentialité. Au sein de chaque thème nous concevons des nouvelles primitives et améliorons des primitives existantes. Le premier chapitre, dédié à l’intégrité, introduit une preuve non-interactive de génération appropriée de clés publiques RSA et un protocole de co-signature dans lequel tout irrespect de l’équité laisse automatiquement la partie lésée en possession d’une preuve de culpabilité incriminant la partie tricheuse. Le second chapitre, ayant pour sujet l’authentification, montre comme une mesure de temps permet de raccourcir les engagements dans des preuves à divulgation nulle et comment des biais, introduits à dessin dans le défi, permettent d’accroitre l’efficacité de protocoles. Ce chapitre généralise également le protocole de Fiat-Shamir à plusieurs prouveurs et décrit une fraude très sophistiquée de cartes-à-puce illustrant les dangers de protocoles d’authentification mal-conçus. Au troisième chapitre nous nous intéressons à la confidentialité. Nous y proposons un cryptosystème à clé publique où les hypothèses de complexité traditionnelles sont remplacées par un raffinement du concept de CAPTCHA et nous explorons l’application du chiffrement-pot-de-miel au langage naturel. Nos dernières contributions concernent le chiffrement basé sur l’identité (IBE). Nous montrerons comment ajouter des fonctions d’émission à l’IBE hiérarchique et comment l’IBE permet de réduire la fenêtre temporelle de risque lors de la diffusion de mises à jour logicielles<br>This thesis presents new results in three fundamental areas of public-key cryptography: integrity, authentication and confidentiality. In each case we design new primitives or improve the features of existing ones. The first chapter, dealing with integrity, introduces a non-interactive proof for proper RSA public key generation and a contract co-signature protocol in which a breach in fairness provides the victim with transferable evidence against the cheater. The second chapter, focusing on authentication, shows how to use time measurements to shorten zeroknowledge commitments and how to exploit bias in zero-knowledge challenges to gain efficiency. This chapter also generalizes Fiat-Shamir into a one-to-many protocol and describes a very sophisticated smart card fraud illustrating what can happen when authentication protocols are wrongly designed. The third chapter is devoted to confidentiality. We propose public-key cryptosystems where traditional hardness assumptions are replaced by refinements of the CAPTCHA concept and explore the adaptation of honey encryption to natural language messages. Our final contributions focus on identity-based encryption (IBE) showing how to add broadcast features to hierarchical IBE and how to use IBE to reduce vulnerability exposure time of during software patch broadcast
4
Tian, Xiaojian. "Several constructions of authentication codes with secrecy /." View abstract or full-text, 2004. http://library.ust.hk/cgi/db/thesis.pl?COMP%202004%20TIAN.
Full text
5
Abidin, Aysajan. "Weaknesses of Authentication inQuantum Cryptography and Strongly Universal Hash Functions." Licentiate thesis, Linköping University, Linköping University, Department of Mathematics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-57290.
Full textAbstract:
<p>Authentication is an indispensable part of Quantum Cryptography, which is an unconditionally secure key distribution technique based on the laws of nature. Without proper authentication, Quantum Cryptography is vulnerable to “man-in-the-middle” attacks. Therefore, to guarantee unconditional security of any Quantum Cryptographic protocols, the authentication used must also be unconditionally secure. The standard in Quantum Cryptography is to use theWegman-Carter authentication, which is unconditionally secure and is based on the idea of universal hashing.</p><p>In this thesis, we first investigate properties of a Strongly Universal hash function family to facilitate understanding the properties of (classical) authentication used in Quantum Cryptography. Then, we study vulnerabilities of a recently proposed authentication protocol intended to rule out a "man-in-the-middle" attack on Quantum Cryptography. Here, we point out that the proposed authentication primitive is not secure when used in a generic Quantum Cryptographic protocol. Lastly, we estimate the lifetime of authentication using encrypted tags when the encryption key is partially known. Under simplifying assumptions, we derive that the lifetime is linearly dependent on the length of the authentication key. Experimental results that support the theoretical results are also presented.</p>
6
Long, Nguyen Hoang. "Authentication protocols in pervasive computing." Thesis, University of Oxford, 2009. https://ora.ox.ac.uk/objects/uuid:d21c0ce6-5dd6-43ef-b6c6-01346d02031b.
Full textAbstract:
The popularity of personal computing devices (e.g. smart cards) exposes users to risks, notably identity theft, and creates new requirements for secure communication. A recently proposed approach to creating secure communication is to use human trust and human interactions. These approaches potentially eliminate the need for passwords as in Bluetooth, shared secrets or trusted parties, which are often too complex and expensive to use in portable devices. In this new technology, handheld devices exchange data (e.g. payment, heart rates or public keys) over some medium (e.g. WiFi) and then display a short and non-secret digest of the protocol's run that the devices' human owners manually compare to ensure they agree on the same data, i.e. human interactions are used to prevent fraud. In this thesis, we present several new protocols of this type which are designed to optimise the work required of humans to achieve a given level of security. We discover that the design of these protocols is influenced by several principles, including the ideas of commitment without knowledge and separation of security concerns, where random and cryptographic attacks should be tackled separately. Underpinning the technology is a new cryptographic function, termed a keyed digest function, which produces a short number for humans to compare. This is similar to the notion of a universal hash function, but its output length is shorter (e.g. 16 bits). Hence, it should be faster to compute. We propose several digest constructions using Toeplitz matrices, integer multiplication and pseudorandom numbers. The application of digest functions leads us to develop more efficient alternatives to standard digital signatures. Our protocol security analysis leads to a new bound on the key length for an almost universal hash function, which can be derived by the pigeon-hole principle. The new bound turns out to be tighter than another similar bound derived from the combination of the Singleton bound in coding theory and an equivalence between error-correcting codes and almost universal hash functions.
7
Lunemann, Carolin. "Quantum cryptography : security analysis of multiuser quantum communication with embedded authentication." Master's thesis, Universität Potsdam, 2006. http://opus.kobv.de/ubp/volltexte/2007/1275/.
Full textAbstract:
Three quantum cryptographic protocols of multiuser quantum networks with embedded authentication, allowing quantum key distribution or quantum direct communication, are discussed in this work. The security of the protocols against different types of attacks is analysed with a focus on various impersonation attacks and the man-in-the-middle attack. On the basis of the security analyses several improvements are suggested and implemented in order to adjust the investigated vulnerabilities. Furthermore, the impact of the eavesdropping test procedure on impersonation attacks is outlined. The framework of a general eavesdropping test is proposed to provide additional protection against security risks in impersonation attacks.<br>In der Diplomarbeit werden drei verschiedene quantenkryptographische Protokolle mit dem Schwerpunkt auf authentifizierten Quantennetzwerken analysiert. Die Sicherheit der Protokolle gegenüber verschiedenen Angriffen wird untersucht, wobei der Fokus auf kompletten Personifikationsattacken („impersonation attacks“) liegt. Auf Basis der Sicherheitsanalyse und den Netzwerkanforderungen werden entsprechende Verbesserungen vorgeschlagen. Um die Gefahr von Personifikationen realistisch abschätzen zu können, wird außerdem der Einfluss des Testablaufs analysiert. Um zusätzlichen Schutz gegen Personifikationsattacken zu gewährleisten, werden die Rahmenbedingungen für eine allgemeine Testspezifikation festgelegt.
8
Aljeaid, D. "A novel authentication protocol based on biometric and identity-based cryptography." Thesis, Nottingham Trent University, 2015. http://irep.ntu.ac.uk/id/eprint/28041/.
Full textAbstract:
Recently, considerable attention has been devoted to distributed systems. It has become obvious that a high security level should be a fundamental prerequisite for organisations' processes, both in the commercial and public sectors. A crucial foundation for securing a network is the ability to reliably authenticate ommunication parties. However, these systems face some critical security risks and challenges when they attempt to stabilise between security, efficiency and functionality. Developing a secure authentication protocol can be challenging; this thesis proposes an authentication scheme that employs two authentication factors involving something you know (password) and something you are (biometric) based on Identity-Based Cryptography and Elliptic Curve Cryptography. Two protocols have been chosen that provide mutual authentication and secure key exchange, which are the equivalent to the Diffie-Hellman key exchange. Due to a potential flaw in the protocols, guarding against attacks can be challenging. In order to alleviate some of the issues encountered with the new protocol, this thesis uses the encrypt-then-authenticate method. Formal verification methods are used to evaluate the new protocol. First, finite-state machines are used to examine and predict the behaviour of the protocol. Modelling with this method shows that the new protocol can function correctly and behave correctly within the protocol description, even with invalid input or time delay. Second, Petri nets are used to model, simulate and analyse the new protocol. This thesis formulates several attack models via Petri nets in which the security of the proposed protocols is discussed precisely. Ultimately, this novel work ensures that the new protocol provides a coherent security concept and can be implemented over insecure channels while offering secure mutual authentication.
9
Weis, Stephen August 1978. "New foundations for efficient authentication, commutative cryptography, and private disjointness testing." Thesis, Massachusetts Institute of Technology, 2006. http://hdl.handle.net/1721.1/37842.
Full textAbstract:
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.<br>This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.<br>Includes bibliographical references (p. 105-115).<br>This dissertation presents new constructions and security definitions related to three areas: authentication, cascadable and commutative crytpography, and private set operations. Existing works relevant to each of these areas fall into one of two categories: efficient solutions lacking formal proofs of security or provably-secure, but highly inefficient solutions. This work will bridge this gap by presenting new constructions and definitions that are both practical and provably-secure. The first contribution in the area of efficient authentication is a provably-secure authentication protocol named HB+. The HB+ protocol is efficient enough to be implemented on extremely low-cost devices, or even by a patient human with a coin to flip. The security of HB+ is based on the hardness of a long-standing learning problem that is closely related to coding theory. HB+ is the first authentication protocol that is both practical for low-cost devices, like radio frequency identification (RFID) tags, and provably secure against active adversaries. The second contribution of this work is a new framework for defining and proving the security of cascadable cryptosystems, specifically commutative cryptosystems.<br>(cont.) This new framework addresses a gap in existing security definitions that fail to handle cryptosystems where ciphertexts produced by cascadable encryption and decryption perations may contain some message-independent history. Several cryptosystems, including a new, practical commutative cryptosystem, are proven secure under this new framework. Finally, a new and efficient private disjointness testing construction named HW is offered. Unlike previous constructions, HW is secure in the face of malicious parties, but without the need for random oracles or expensive zero-knowledge protocols. HW is as efficient as previous constructions and may be implemented using standard software libraries. The security of HW is based on a novel use of subgroup assumptions. These assumptions may prove useful in solving many other private set operation problems.<br>by Stephen A. Weis.<br>Ph.D.
10
Abidin, Aysajan. "Weaknesses of Authentication in Quantum Cryptography and Strongly Universal Hash Functions." Licentiate thesis, Linköpings universitet, Tillämpad matematik, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-57290.
Full textAbstract:
Authentication is an indispensable part of Quantum Cryptography, which is an unconditionally secure key distribution technique based on the laws of nature. Without proper authentication, Quantum Cryptography is vulnerable to “man-in-the-middle” attacks. Therefore, to guarantee unconditional security of any Quantum Cryptographic protocols, the authentication used must also be unconditionally secure. The standard in Quantum Cryptography is to use theWegman-Carter authentication, which is unconditionally secure and is based on the idea of universal hashing. In this thesis, we first investigate properties of a Strongly Universal hash function family to facilitate understanding the properties of (classical) authentication used in Quantum Cryptography. Then, we study vulnerabilities of a recently proposed authentication protocol intended to rule out a "man-in-the-middle" attack on Quantum Cryptography. Here, we point out that the proposed authentication primitive is not secure when used in a generic Quantum Cryptographic protocol. Lastly, we estimate the lifetime of authentication using encrypted tags when the encryption key is partially known. Under simplifying assumptions, we derive that the lifetime is linearly dependent on the length of the authentication key. Experimental results that support the theoretical results are also presented.<br>ICG QC
11
Abi-char, Pierre. "A dynamic trust-based context-aware secure authentication framework for pervasive computing environments." Thesis, Evry, Institut national des télécommunications, 2010. http://www.theses.fr/2010TELE0006/document.
Full textAbstract:
La prise en considération des exigences en matière de sécurité, de vie privée et de confiance au sein des environnements pervasifs (ubiquitaires) est indispensable à la fourniture des services personnalisés aux utilisateurs. L’objectif de cette thèse est de disposer d’une architecture souple et évolutive intégrant l’authentification des utilisateurs, la préservation de leur vie privée et la gestion de la confiance en vue d’optimiser la stratégie de contrôles d’accès aux services personnalisés. La première contribution porte sur la proposition d’un protocole d’authentification mutuelle construit à partir de schémas cryptographiques robustes d’établissement de clés basés sur les courbes elliptiques (MaptoPoint/Curve algorithm, Weil Pairing) et d’un modèle dynamique basé sur les attributs issus des données contextuelles. La seconde contribution porte sur la conception d’une nouvelle architecture bâti sur un modèle basé sur les attributs et organisée autour de 3 couches : la couche de contrôle de le vie privée qui assure la protection de la vie privée des utilisateurs en contrôlant leurs données personnelles, la couche d’accès associant les processus d’authentification et de contrôles d’accès en intégrant des mécanismes dédiés à la gestion des paramètres de confiance et la couche de service pour la gestion des accès aux services selon le profil de l’utilisateur et de son environnement. La troisième contribution porte sur le développement et la mise en œuvre d’un prototype au sein de la plateforme dédiée à la fourniture de services du laboratoire Handicom de Telecom SudParis<br>To provide personalized services to users in pervasive environments, we should consider both user's privacy, trust and security requirements. Traditional authentication and access control mechanisms are not able to adapt their security policies to a changing context while insuring privacy and trust issues. This thesis introduces a new global vision for the protection of pervasive environments, based on context-aware principle. The aim of this thesis is to get a flexible and scalable framework including user authentication, user privacy preserving and trust management in order to optimize the access control strategy to personalized services. The first contribution include the proposal of a mutual authentication protocol supported by both robust key establishment schemes based on elliptic curves (MaptoPoint/Curve algorithm, Weil Pairing) and a dynamic model based on attributes issued from contextual data. The second contribution include the design of a new architecture built on an attribute based model and organized over 3 layers: the privacy control layer which insure the protection of the user private life by controlling their personal data, the access layer which associate authentication and access control processes while providing mechanisms dedicated to trust parameters management , and finally the service layer for service access management according to the user profile and his environment. The third contribution the implementation and the deployment of a prototype within the service delivery platform in Handicom lab of Telecom & Management SudParis
12
Yuksel, Kaan. "Universal hashing for ultra-low-power cryptographic hardware applications." Link to electronic thesis, 2004. http://www.wpi.edu/Pubs/ETD/Available/etd-0428104-195331.
Full textAbstract:
Thesis (M.S.)--Worcester Polytechnic Institute.<br>Keywords: self-powered; universal hashing; ultra-low-power; message authentication codes; provable security. Includes bibliographical references (p. 55-61).
13
Wainewright, Evelyn. "Efficient Simulation for Quantum Message Authentication." Thesis, Université d'Ottawa / University of Ottawa, 2016. http://hdl.handle.net/10393/35213.
Full textAbstract:
A mix of physics, mathematics, and computer science, the study of quantum information seeks to understand and utilize the information that can be held in the state of a quantum system. Quantum cryptography is then the study of various cryptographic protocols on the information in a quantum system. One of the goals we may have is to verify the integrity of quantum data, a process called quantum message authentication. In this thesis, we consider two quantum message authentication schemes, the Clifford code and the trap code. While both of these codes have been previously proven secure, they have not been proven secure in the simulator model, with an efficient simulation. We offer a new class of simulator that is efficient, so long as the adversary is efficient, and show that both of these codes can be proven secure using the efficient simulator. The efficiency of the simulator is typically a crucial requirement for a composable notion of security. The main results of this thesis have been accepted to appear in the Proceedings of the 9th International Conference on Information Theoretic Security (ICITS 2016).
14
Maimuţ, Diana Ştefania. "Authentication and encryption protocols : design, attacks and algorithmic improvements." Thesis, Paris, Ecole normale supérieure, 2015. http://www.theses.fr/2015ENSU0047/document.
Full textAbstract:
Cette thèse aborde différents aspects de la cryptologie, subsumant des champs aussi variés que la conception de protocoles, l’amélioration d’outils algorithmiques et les attaques. Les deux principales focales de cette étude sont : un protocole de co-signature prouvé irréfragable et un système de chiffrement authentifié à sécurité prouvée. Notre protocole de co-signature permet l’équité légale. L’équité légale est une nouvelle variante de la notion d’équité, ne reposant pas sur des tiers. Notre instanciation d’équité légale est construite à l’aide des signatures de Schnorr. Nous présenterons également un protocole d’authentification distribué de type Fiat-Shamir. La deuxième partie de cette thèse est consacrée aux améliorations algorithmiques. Nous introduisons une méthode permettant de doubler la vitesse de l’algorithme de Barrett en utilisant des modules composites spécifiques et un nouvel algorithme de multiplication à retour sur trace, particulièrement adapté aux microprocesseurs bon marché. Nous nous intéresserons ensuite à la sécurité des composants en étudiant la régulation du débit des correcteurs de von Neumann et les attaques en fautes sur des implémentations de cryptographie à courbes elliptiques. Enfin, un des actes novatoires incidents notre travail sera d’adapter aux codes correcteurs d’erreurs deux techniques empruntées à la cryptographie : un premier résultat améliore l’efficacité calculatoire des codes BCH grâce à une version de l’algorithme de Barrett étendue aux polynômes. Le second est un nouveau code correcteur d’erreurs basé sur la théorie des nombres<br>This thesis addresses various topics in cryptology, namely protocol design, algorithmic improvements and attacks. In addition, we venture out of cryptography and propose two new applications of cryptographic techniques to error correcting codes. Our main results comprise a provably secure co-signature protocol and a provably secure authenticated encryption scheme. Our co-signature protocol achieves legal fairness, a novel fairness variant that does not rely on third parties. Legal fairness is implemented using Schnorr signatures. We also present a distributed Fiat-Shamir authentication protocol. The second part of the thesis is devoted to computational improvements, we discuss a method for doubling the speed of Barrett’s algorithm by using specific composite moduli, devise new BCH speed-up strategies using polynomial extensions of Barrett’s algorithm, describe a new backtracking-based multiplication algorithm suited for lightweight microprocessors and present a new number theoretic error-correcting code. Fault injection attacks are further overviewed and a new fault attack on ECC implementations is proposed
15
Abi-char, Pierre. "A dynamic trust-based context-aware secure authentication framework for pervasive computing environments." Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2010. http://www.theses.fr/2010TELE0006.
Full textAbstract:
La prise en considération des exigences en matière de sécurité, de vie privée et de confiance au sein des environnements pervasifs (ubiquitaires) est indispensable à la fourniture des services personnalisés aux utilisateurs. L’objectif de cette thèse est de disposer d’une architecture souple et évolutive intégrant l’authentification des utilisateurs, la préservation de leur vie privée et la gestion de la confiance en vue d’optimiser la stratégie de contrôles d’accès aux services personnalisés. La première contribution porte sur la proposition d’un protocole d’authentification mutuelle construit à partir de schémas cryptographiques robustes d’établissement de clés basés sur les courbes elliptiques (MaptoPoint/Curve algorithm, Weil Pairing) et d’un modèle dynamique basé sur les attributs issus des données contextuelles. La seconde contribution porte sur la conception d’une nouvelle architecture bâti sur un modèle basé sur les attributs et organisée autour de 3 couches : la couche de contrôle de le vie privée qui assure la protection de la vie privée des utilisateurs en contrôlant leurs données personnelles, la couche d’accès associant les processus d’authentification et de contrôles d’accès en intégrant des mécanismes dédiés à la gestion des paramètres de confiance et la couche de service pour la gestion des accès aux services selon le profil de l’utilisateur et de son environnement. La troisième contribution porte sur le développement et la mise en œuvre d’un prototype au sein de la plateforme dédiée à la fourniture de services du laboratoire Handicom de Telecom SudParis<br>To provide personalized services to users in pervasive environments, we should consider both user's privacy, trust and security requirements. Traditional authentication and access control mechanisms are not able to adapt their security policies to a changing context while insuring privacy and trust issues. This thesis introduces a new global vision for the protection of pervasive environments, based on context-aware principle. The aim of this thesis is to get a flexible and scalable framework including user authentication, user privacy preserving and trust management in order to optimize the access control strategy to personalized services. The first contribution include the proposal of a mutual authentication protocol supported by both robust key establishment schemes based on elliptic curves (MaptoPoint/Curve algorithm, Weil Pairing) and a dynamic model based on attributes issued from contextual data. The second contribution include the design of a new architecture built on an attribute based model and organized over 3 layers: the privacy control layer which insure the protection of the user private life by controlling their personal data, the access layer which associate authentication and access control processes while providing mechanisms dedicated to trust parameters management , and finally the service layer for service access management according to the user profile and his environment. The third contribution the implementation and the deployment of a prototype within the service delivery platform in Handicom lab of Telecom & Management SudParis
16
Li, He. "Privacy and Authentication in Emerging Network Applications." Diss., Virginia Tech, 2021. http://hdl.handle.net/10919/101786.
Full textAbstract:
In this dissertation, we studied and addressed the privacy-preserving and authentication
techniques for some network applications, where existing internet security solutions cannot
address them straightforwardly due to different trust and attack models and possibly constrained
resources. For example, in a centralized dynamic spectrum access (DSA) system,
the spectrum resource licensees called incumbent users (IUs), have strong operational privacy
requirements for the DSA service provider called spectrum access system (SAS), and
hence SAS is required to perform spectrum computation without knowing IUs' operational
information. This means SAS can at most be considered as a semi-trusted party which is
honest but curious, and common anonymization and end-to-end encryption cannot address
this issue, and dedicated solutions are required. Another example is that in an intra-vehicle
Controller Area Network (CAN), the transmitter can only embed 64 bits of message and
its authentication tag into on message frame, which makes it difficult to achieve message
authentication in real-time with sufficient cryptographic strength. The focus of this dissertation
is to fill the gap of existing solutions with stronger security notion and practicability.
On the topic of privacy-preserving DSA systems, we firstly explored existing solutions and
proposed a comparative study. We additionally proposed a new metric for evaluation and
showed the advantages and disadvantages of existing solutions. We secondly studied the IU
location privacy in 3.5GHz band ESC-based DSA system and proposed a novel scheme called
PriDSA. PriDSA addresses malicious colluding SAS attack model through leveraging different
and relatively lightweight cryptography primitive with novel design, granting stronger security notion and improved efficiency as well. We thirdly studied the operational privacy of
both IU and secondary users (SUs) in a general centralized SAS based DSA system and proposed
a novel framework called PeDSS. Through our novel design that integrates differential
privacy with secure multi-party computation protocol, PeDSS exhibits great communication
and computation overhead compared to existing solutions.
On the topic of lightweight message authentication in resource-constrained networks, we
firstly explored message authentication schemes with high cryptographic strength and low
communication-overhead and proposed a novel scheme called CuMAC. CuMAC provides
a flexible trade-off between authentication delay and cryptographic strength, through the embodiment of a novel concept that we refer to as accumulation of cryptographic strength.
We secondly explored the possibility of achieving both high cryptographic strength and low
authentication delay and proposed a variant of CuMAC called CuMAC/S. By employing the
novel idea of message speculation, CuMAC/S achieves enables the accumulation of cryptographic strength while incurring minimal delay when the message speculation accuracy is
high.<br>Doctor of Philosophy<br>The privacy-preserving and message authentication issues of some network applications are
distinctive from common internet security due to different attack models and possibly constrained
resources, and these security and privacy concerns cannot be addressed by applying
existing internet security solutions straightforwardly. For example, in a centralized dynamic
spectrum access (DSA) system, the spectrum resource licensees called incumbent users (IUs),
have strong operational privacy requirements for the DSA service provider called spectrum
access system (SAS), and hence SAS is required to perform spectrum computation without
knowing IUs' operational information. This means SAS can at most be considered as a
semi-trusted party which is honest but curious, and common anonymization and end-to-end
encryption cannot address this issue, and dedicated solutions are required. Another example
is that in an intra-vehicle Controller Area Network (CAN), the transmitter can only embed
64 bits of message and its authentication tag into on message frame, which makes it difficult
to achieve message authentication in real-time with sufficient cryptographic strength.
We addressed the privacy issue of DSA systems by proposing novel schemes incorporating
efficient cryptographic primitives and various privacy-preserving techniques, achieving a
greatly higher efficiency or stronger privacy-preserving level. We addressed the lightweight
authentication issue of resource-constrained networks by employing the novel concept of security
accumulation and message speculation, achieving high cryptographic strength, low
communication overhead, and probable low latency.
17
Thangavel, Jayakumar. "Digital Signature : Comparative study of its usage in developed and developing countries." Thesis, Uppsala universitet, Informationssystem, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-217960.
Full textAbstract:
The online trading is growing widely day by day, which makes safety the biggest concern while carrying out trading by electronic means. As many other operations can be done with digital environment and internet, operation that provides identity validation should also be added to the digital environment. When data are transferred, the user should make sure that there are no changes in the original data while transferring them from sender to receiver. And it has also become necessary to authenticate the users often to ensure security and to avoid fraud. There are lot of different ways of online identification, in which digital signature is considered to be one of the powerful way of authentication. So, the online user use digital signature to authenticate the sender and to maintain the integrity of the document sent. In this paper, a study is carried out to identify the usage of digital signature and the perspective of people towards it in developed and developing countries and a survey is taken to support the theory.
18
Page, Thomas. "The application of hash chains and hash structures to cryptography." Thesis, Royal Holloway, University of London, 2009. http://repository.royalholloway.ac.uk/items/31df8a80-0af6-4de3-9842-366f8549c3ae/1/.
Full textAbstract:
In this thesis we study how hash chains and other hash structures can be used in various cryptographic applications. In particular we focus on the applications of entity authentication, signatures and key establishment. We study recursive application of hash functions to create hash chains, hash trees and other hash structures. We collate all these to form a catalogue of structures that we apply to various cryptographic applications. We study existing work on authentication and create many entity authentication schemes based on structures from our catalogue. We present a novel algorithm to find efficient signature schemes from any given hash structure. We study some suggestions for suitable hash structures and define a particular scalable hash structure complete with a simple message to signature map that is the most efficient such scheme of which we know. We explore k-time signature schemes and identify two new properties, which we call perforated and porous. We look at the application of hash structures to key establishment schemes. We compare the existing schemes and make improvements on many. We present a new key establishment scheme, and show a link between certain k-time signatures and certain key establishment schemes. We look at the other applications of hash structures, and suggest areas in which our catalogue could be used for further development.
19
Yachouh, Marwan. "Re-authentication of Critical Operations." Thesis, Linköping University, Department of Electrical Engineering, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1174.
Full textAbstract:
<p>This is a study on the development of a re-authentication prototype. Re- authentication serves as a receipt for e.g. system administrators that authorise them to carry out a critical operation in a system that already is protected by a security architecture. A critical operation is a kind of operation that can cause serious damage to a network node or a set of network nodes, if it is done without one giving it a second thought. The purpose is to prevent mistakes and secure the users’ audit trail. </p><p>The main task is to propose and implement a re-authentication prototype, that is to enable the incorporation of the re-authentication prototype to an already complete security architecture and yet preserve the security and performance level of the architecture. </p><p>This thesis deals with this problem by using digitally signed certificates to provide the necessary security issues. The certificates used are called re- authentication certificates and follows the X.509 attribute certificate standard. The re-authentication certificate is optimised so that it only holds authorisation information regarding one critical operation. An access control decision function is used to decide if the re-authentication certificate and its owner are authentic. On basis of that decision the user can get the authority to execute critical operations. </p><p>The finished prototype confirms that a re-authentication can be incorporated with the security architecture. The report also shows that the security status of the architecture is preserved. The performance of the prototype is rather difficult to prove since the prototype implementation only initialises the objects that are required to prove the security issues. A performance test can therefore never prove how the prototype will perform in an authentic environment. The performance is assumed to be adequate since it uses the same authentication function that is used by the security architecture.</p>
20
Al-Ibrahim, Mohamed Hussain. "Source authentication in group communication." Thesis, Electronic version, 2005. http://hdl.handle.net/1959.14/549.
Full textAbstract:
Title from screen page; viewed 10 Oct 2005.<br>Thesis (PhD)--Macquarie University, Division of Information and Communication Sciences, Dept. of Computing, 2004.<br>Bibliography: leaves 163-175.<br>Introduction -- Cryptographic essentials -- Multicast: structure and security -- Authentication of multicast streams -- Authentication of concast communication -- Authentication of transit flows -- One-time signatures for authenticating group communication -- Authentication of anycast communication -- Authentication of joining operation - Conclusion and future directions.<br>Electronic publication; full text available in PDF format.<br>Multicast is a relatively new and emerging communication mode in which a sender sends a message to a group of recipients in just one connection establishment... reducing broadband overhead and increasing resource utilization in the already congested and contented network... The focus of the research in this area has been in two directions: first, building an efficient routing infrastructure, and secondly, building a sophisticated security infrastructure. The focus of this work is on the second issue.<br>An ideal authenticated multicast environment ... provides authenticity for all the communication operations in the system... We ... propose a comprehensive solution to the problem ... for all its possible operations... 1. one-to-one (or joining mode) 2. one-to-many (or broadcast mode) 3. many-to-one (or concast mode) 4. intermediate (or transit mode) ... We study the ... mode known as anycast, in which a server is selected from a group of servers. Further we develop ... schemes for group-based communication exploiting the distinct features of one-time signatures... cover situations when a threshold number of participants are involved and ... where a proxy signer is required.<br>Electronic reproduction.<br>Mode of access: World Wide Web.<br>Also available in a print form
21
Haraldsson, Emil. "Strong user authentication mechanisms." Thesis, Linköping University, Department of Electrical Engineering, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-2688.
Full textAbstract:
<p>For Siemens Industrial Turbomachinery to meet its business objectives a modular authentication concept has to be implemented. Such a mechanism must be cost- effective while providing a well-balanced level of security, easy maintenance and be as user-friendly as possible. </p><p>Authenticating users securely involves the combination of two fields, theory of authentication mechanisms in information systems and human computer interaction. To construct a strong user authentication system the correlations of these fields has to be understood and provide guidance in the design. </p><p>Strong user authentication mechanisms enforce the use of two-factor authentication or more. The combinations implemented rely on knowledge, possession and sometimes logical-location. </p><p>A user authentication system has been implemented using leading industrial products as building blocks glued together with security analysis, programming and usability research. </p><p>The thesis is divided into two parts, the first part giving the theoretical background of cryptography, authentication theory and protocols needed for the understanding of the second part, providing security analysis, blueprints, and detailed discussions on the implemented system. </p><p>Conclusions have been drawn regarding the implemented system and its context as well as from strict theoretical reasoning regarding the authentication field in general. Conclusions include: </p><p>· The unsuitability of remote authentication using biometrics</p><p> · The critical importance of client security in remote authentication</p><p> · The importance of a modular structure for the security of complex network-based systems</p>
22
Oniki, Chiquito Izumi 1985. "Protocolos criptográficos de identificação baseados em reticulados." [s.n.], 2012. http://repositorio.unicamp.br/jspui/handle/REPOSIP/275648.
Full textAbstract:
Orientador: Ricardo Dahab<br>Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação<br>Made available in DSpace on 2018-08-22T11:38:01Z (GMT). No. of bitstreams: 1
OnikiChiquito_Izumi_M.pdf: 3419663 bytes, checksum: 5f621e251ebc62429a85ff141091f7f5 (MD5)
Previous issue date: 2012<br>Resumo: Na área de Segurança da Informação, controle de acesso diz respeito á habilidade de permitir ou negar a utilização de determinados recursos, sejam eles informações, dispositivos, serviços etc., por parte de um indivíduo. Protocolos de identificação correspondem a algoritmos criptográficos que permitem verificar, com certo grau de confiança, se a alegação de um indivíduo a respeito de sua identidade é verdadeira. Dessa forma, pode-se prover acesso controlado e conceder privilégios de utilização de recursos somente a entidades ou indivíduos cuja identidade tenha sido comprovada. Algoritmos baseados em reticulados, de uma forma geral, têm despertado particular interesse em aplicações criptográficas, devido à sua provável resistência a ataques empregando computadores quânticos, ao contrário dos criptossistemas baseados em problemas da Teoria dos Números. Por esse motivo, nos _últimos anos, tem-se buscado desenvolver protocolos de identificação cuja segurança esteja relacionada a problemas envolvendo reticulados. Neste trabalho, foram abordadas as principais propostas recentes de protocolos de identificação baseados em reticulados. Além da apresentação dos algoritmos, é feita uma análise comparativa entre protocolos selecionados, incorporando dados experimentais de execução. A etapa de implementação aqui apresentada tem também como finalidade suprir a ausência de resultados experimentais para essa categoria de protocolos, no sentido de iniciar um processo de validação para uso dos algoritmos em aplicações práticas. Questões como possibilidades de otimização e expectativas para o futuro da área também são discutidas<br>Abstract: One of the main concerns of the field of Information Security is access control, which refers to the restriction of access to several kinds of resources, such as data, places, devices, services and others. Identification schemes are cryptographic algorithms that allow verifying with some level of certainty if an identity claim is legitimate. Therefore, such schemes make possible to provide access control and grant privileges only to authorized individuals whose identities have been previously verified. Lattice-based algorithms are particularly interesting as the cryptography community believes them to remain secure even to quantum computers attacks, as opposite to some cryptosystems used today based on Number Theory problems. For this reason, identification schemes based on lattices have received growing attention lately. In this work, we address the main recent developments of lattice-based identification schemes. After introducing the algorithms, we make a comparative analysis of the selected schemes, using experimental data collected from our own implementation of the algorithms. The implementation phase also aims to help validating these schemes for practical use, since to this date there were practically no experimental results available. Other issues, like optimization possibilities and the future of the area, are also addressed in this work<br>Mestrado<br>Ciência da Computação<br>Mestra em Ciência da Computação
23
Chang, Simon Yi-Fan. "Elliptic curve cryptography, zero-knowledge proof, and Lamport's hash chain in a distributed authentication system." Thesis, Boston University, 2013. https://hdl.handle.net/2144/21132.
Full textAbstract:
Thesis (M.S.C.S.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you.<br>This paper proposes a novel distributed authentication system that uses robust alternatives in cryptographic algorithms to grant a third-party access to personal data without compromising a user's credentials. The paper examines briefly the concept of distributed authentication systems, and discusses how elliptic curve cryptography and Lamport's hash chain can operate in a zero-knowledge proof to establish and manage trust. The paper also discusses how this design avoids some of the most common flaws in distributed authentication systems. Finally, based on results from tests conducted with included source codes, the paper argues that increasing number of rounds of zero-knowledge proof yields substantially faster performance than increasing the modulus for elliptic curve calculations while maintaining comparable levels of security.<br>2031-01-01
24
Cederlöf, Jörgen. "Authentication in quantum key growing." Thesis, Linköping University, Department of Mathematics, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-3214.
Full textAbstract:
<p>Quantum key growing, often called quantum cryptography or quantum key distribution, is a method using some properties of quantum mechanics to create a secret shared cryptography key even if an eavesdropper has access to unlimited computational power. A vital but often neglected part of the method is unconditionally secure message authentication. This thesis examines the security aspects of authentication in quantum key growing. Important concepts are formalized as Python program source code, a comparison between quantum key growing and a classical system using trusted couriers is included, and the chain rule of entropy is generalized to any Rényi entropy. Finally and most importantly, a security flaw is identified which makes the probability to eavesdrop on the system undetected approach unity as the system is in use for a long time, and a solution to this problem is provided.</p>
25
Merz, Doug, and Bruce Maples. "Encrypt/Decrypt COMSEC Unit for Space-based Command and Telemetry Applications." International Foundation for Telemetering, 2003. http://hdl.handle.net/10150/605565.
Full textAbstract:
International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada<br>This paper describes the system-level architecture and design concept of a communications security
(COMSEC) equipment intended for space-based low data rate (< 1 Mbps) command and telemetry
applications. The COMSEC Unit is a stand-alone piece of equipment which provides decryption of
uplink command and control information and encryption of downlink telemetry data. The system-level
architecture is described followed by an overview of the digital design concepts and a
discussion of applications. Finally, although specifically targeted for narrowband command and
telemetry applications, this design approach is flexible enough to accommodate other algorithms of
choice as well as operate in higher data rate applications.
26
Al-Adhami, Ayad. "A secure quorum based multi-tag RFID system." Thesis, University of Plymouth, 2018. http://hdl.handle.net/10026.1/12821.
Full textAbstract:
Radio Frequency Identification (RFID) technology has been expanded to be used in different fields that need automatic identifying and verifying of tagged objects without human intervention. RFID technology offers a great advantage in comparison with barcodes by providing accurate information, ease of use and reducing of labour cost. These advantages have been utilised by using passive RFID tags. Although RFID technology can enhance the efficiency of different RFID applications systems, researchers have reported issues regarding the use of RFID technology. These issues are making the technology vulnerable to many threats in terms of security and privacy. Different RFID solutions, based on different cryptography primitives, have been developed. Most of these protocols focus on the use of passive RFID tags. However, due to the computation feasibility in passive RFID tags, these tags might be vulnerable to some of the security and privacy threats. , e.g. unauthorised reader can read the information inside tags, illegitimate tags or cloned tags can be accessed by a reader. Moreover, most consideration of reserchers is focus on single tag authentication and mostly do not consider scenarios that need multi-tag such as supply chain management and healthcare management. Secret sharing schemes have been also proposed to overcome the key management problem in supply chain management. However, secret sharing schemes have some scalability limitations when applied with high numbers of RFID tags. This work is mainly focused on solving the problem of the security and privacy in multi-tag RFID based system. In this work firstly, we studied different RFID protocols such as symmetric key authentication protocols, authentication protocols based on elliptic curve cryptography, secret sharing schemes and multi-tag authentication protocols. Secondly, we consider the significant research into the mutual authentication of passive RFID tags. Therefore, a mutual authentication scheme that is based on zero-knowledge proof have been proposed . The main object of this work is to develop an ECC- RFID based system that enables multi-RFID tags to be authenticated with one reader by using different versions of ECC public key encryption schemes. The protocol are relied on using threshold cryptosystems that operate ECC to generate secret keys then distribute and stored secret keys among multi RFID tags. Finally, we provide performance measurement for the implementation of the proposed protocols.
27
Ferrari, Nico. "Context-Based Authentication and Lightweight Group Key Establishment Protocol for IoT Devices." Thesis, Mittuniversitetet, Institutionen för informationssystem och –teknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-36975.
Full textAbstract:
The concept of the Internet of Things is driven by advancements of the Internet with the interconnection of heterogeneous smart objects using different networking and communication technologies. With the rapidly increasing number of interconnected devices present in the life of a person, providing authentication and secure communication between them is considered a key challenge. The integration of Wireless Sensor Networks in the Internet of Things creates new obstacles due to the necessity of finding a balance between the resources utilization and the applied security solutions. In multicast group communications, the energy consumption, bandwidth and processing overhead at the nodes are minimized in comparison to a point-to-point communication system. To securely transmit a message in order to maintain confidentiality of the data and the user’s privacy, usually involves human interaction or the pre-agreement upon some key, the latter unknown to an external attacker. In this thesis, the author proposed an authentication protocol based on the similar context between the correct devices and lightweight computationally secure group-key establishment, avoiding any kind of human involvement. The goal is achieved by having the devices calculate a fingerprint from their ambient context and through a fuzzy commitment scheme generating a commitment respectively opening value which is used to generate a common secret key between them. The tests are effected on real world data accumulated from different environments. The proposed scheme is based on elliptic curve cryptography and cryptographic one-way accumulators. Its feasibility is analyzed by implementing the group key establishment phase in the Contiki operating system and by simulating it with the Cooja simulator. Furthermore, the applicability of the protocol is analyzed and justified by an analysis of the storage overhead, communication overhead, and energy consumption. The simulator shows an energy consumption of only 112 mJ per node for group key establishment. The results obtained in this thesis demonstrate the feasibility of the scheme, it’s computational, and communication costs are further comparable to other similar approaches.
28
El, Moustaine Ethmane. "Authentication issues in low-cost RFID." Phd thesis, Institut National des Télécommunications, 2013. http://tel.archives-ouvertes.fr/tel-00997688.
Full textAbstract:
This thesis focuses on issues related to authentication in low-cost radio frequency identification technology, more commonly referred to as RFID. This technology it is often referred to as the next technological revolution after the Internet. However, due to the very limited resources in terms of computation, memory and energy on RFID tags, conventional security algorithms cannot be implemented on low-cost RFID tags making security and privacy an important research subject today. First of all, we investigate the scalability in low-cost RFID systems by developing a ns-3 module to simulate the universal low-cost RFID standard EPC Class-1 Generation-2 in order to establish a strict framework for secure identification in low-cost RFID systems. We show that, the symmetrical key cryptography is excluded from being used in any scalable low-cost RFID standard. Then, we propose a scalable authentification protocol based on our adaptation of the famous public key cryptosystem NTRU. This protocol is specially designed for low-cost RFID systems, it can be efficiently implemented into low-cost tags. Finally, we consider the zero-knowledge identification i.e. when the no secret sharing between the tag and the reader is needed. Such identification approaches are very helpful in many RFID applications when the tag changes constantly the field of administration. We propose two lightweight zero-knowledge identification approaches based on GPS and randomized GPS schemes. The proposed approaches consist in storing in the back-end precomputed values in the form of coupons. So, the GPS-based variant can be private and the number of coupons can be much higher than in other approaches thus leading to higher resistance to denial of service attacks for cheaper tags
29
Abi-Char, Pierre. "A dynamic trust-based context-aware secure authentication framework for pervasive computing environments." Phd thesis, Institut National des Télécommunications, 2010. http://tel.archives-ouvertes.fr/tel-00542331.
Full textAbstract:
To provide personalized services to users in pervasive environments, we should consider both user's privacy, trust and security requirements. Traditional authentication and access control mechanisms are not able to adapt their security policies to a changing context while insuring privacy and trust issues. This thesis introduces a new global vision for the protection of pervasive environments, based on context-aware principle. The aim of this thesis is to get a flexible and scalable framework including user authentication, user privacy preserving and trust management in order to optimize the access control strategy to personalized services. The first contribution include the proposal of a mutual authentication protocol supported by both robust key establishment schemes based on elliptic curves (MaptoPoint/Curve algorithm, Weil Pairing) and a dynamic model based on attributes issued from contextual data. The second contribution include the design of a new architecture built on an attribute based model and organized over 3 layers: the privacy control layer which insure the protection of the user private life by controlling their personal data, the access layer which associate authentication and access control processes while providing mechanisms dedicated to trust parameters management , and finally the service layer for service access management according to the user profile and his environment. The third contribution the implementation and the deployment of a prototype within the service delivery platform in Handicom lab of Telecom & Management SudParis.
30
Bursum, Kim. "Initial Comparative Empirical Usability Testing for the Collaborative Authentication System." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6614.
Full textAbstract:
The Collaborative Authentication (co-authentication) system is an authentication system that relies on some or all members of a pre-registered set of secure hardware tokens being concurrently present to an authentication server at the moment of authentication. Previous researchers have compared various embodiments of the co-authentication system to each other including using Quick Response (QR) codes/cellphone cameras and Near Field Communication (NFC) between tokens. This thesis concerns the initial design and implementation of empirical comparative testing mechanisms between one embodiment of the co-authentication system and other commonly used authentication systems. One contribution is the simulated standard user ID and password login in a computer browser and a simulated RSA SecureID ® one time password (OTP) and login with embedded usability testing mechanisms. Another contribution is the development and implementation of a new Bluetooth communication functionality between tokens. A third contribution is the addition of usability testing mechanisms to two versions of this new functionality.
31
Volte, Emmanuel. "Miroirs, Cubes et Feistel Dissymétriques." Thesis, Cergy-Pontoise, 2014. http://www.theses.fr/2014CERG0701/document.
Full textAbstract:
La première partie est consacrée à l'étude d'attaques génériques sur des schémas de Feistel dissymétriques. Ces attaques sont en fait des distingueurs qui calculent sur une partie des clairs-chiffrés le nombre de paires vérifiant un système d'égalités et de non-égalités sur un groupe fini. La recherche de ce type d'attaques a été automatisée et améliorée, notamment en tenant compte de goulots d'étranglement. Plus généralement, des travaux sur ce type de systèmes, que l'on désigne par les termes << théorie du miroir >> sont exposés dans cette partie. En particulier, on décrit le problème de la somme de deux bijections sur un groupe fini.La deuxième partie décrit un des candidats à la compétition SHA-3 : la fonction de hachage CRUNCH. Cette fonction reprend un schéma de Feistel dissymétrique et utilise la somme de deux bijections. De plus, un nouveau mode d'enchaînement a été utilisé.Dans la dernière partie on traite de problème d'authentification à divulgation nulle de connaissance. D'abord avec les polynômes à plusieurs variables, puis avec un problème difficile lié aux groupes symétriques. Une illustration est donnée avec le groupe du Rubik's Cube.Enfin une méthode originale pour tenter de trouver une solution aux équations de Brent est donnée en annexe<br>The first part is dedicated to the study of generic attacks in unbalanced Feistel schemes. All these attacks are distinguishers that counts how many number of couples (plain text, cipher text) verify a system of equalities and non-equalities on a finite groupe. With the help of algorithms we have found all the possible attacks, and some attacks with a neck bottle have been rejected automatically. More generally, we describe some works about the "mirror theory" that deals about that kind of systems. We specially describe the problem of the sum of two bijections in a finite group.The second part describes one of the candidate of the SHA-3 competition : the hash function called CRUNCH. This function includes the sum of two bijections, and each bijection is an unbalanced Feistel Scheme. A new chaining process for long messages is given.In the last part we deal with zero-knowledge authentication problems. The first protocol is based on multivariate polynomials. The second is linked to a difficult problem in symmetric groups. We take the example of the Rubik's cube group.Finally, we reveal some works on Brent equations. We build an algorithm that may find one solution
32
Hendershot, Travis S. "Towards Using Certificate-Based Authentication as a Defense Against Evil Twins in 802.11 Networks." BYU ScholarsArchive, 2016. https://scholarsarchive.byu.edu/etd/6115.
Full textAbstract:
Wireless clients are vulnerable to exploitation by evil twins due to flaws in the authentication process of 802.11 Wi-Fi networks. Current certificate-based wireless authentication protocols present a potential solution, but are limited in their ability to provide a secure and usable platform for certificate validation. Our work seeks to mitigate these limitations by exploring a client-side strategy for utilizing alternative trust models in wireless network authentication. We compile a taxonomy of various trust models for conducting certificate-based authentication of wireless networks and methodically evaluate each model according to desirable properties of security, usability, and deployability. We then build a platform for leveraging alternative certificate-based trust models in wireless networks, present a proof-of-concept using one of the most promising alternative validation models identified--a whitelisting and pinning hybrid--and examine its effectiveness at defending against evil twin attacks in 802.11 networks.
33
Rezazadeh, Baee Mir Ali. "Privacy-preserving authentication and key management for cooperative intelligent transportation systems." Thesis, Queensland University of Technology, 2021. https://eprints.qut.edu.au/212412/1/Mir%20Ali_Rezazadeh%20Baee_Thesis.pdf.
Full textAbstract:
Car accidents kill or injure millions of people. Cooperative Intelligent Transportation Systems (C-ITS) can increase road safety and reduce accidents through the application of information and communication technologies for communicating vehicles. However, C-ITS applications are vulnerable to potential cyber-attacks involving message manipulation, where messages may be altered intentionally or fake messages sent, compromising the safety goals. Cryptographic techniques can be used to solve this, but this must be done in a way that preserves driver privacy, so that unauthorized surveillance and tracking of drivers is not possible. This research develops a secure conditional privacy-preserving authentication scheme for C-ITS applications.
34
Adeka, Muhammad I. "Cryptography and Computer Communications Security. Extending the Human Security Perimeter through a Web of Trust." Thesis, University of Bradford, 2015. http://hdl.handle.net/10454/11380.
Full textAbstract:
This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work.
35
Palaniswamy, Basker. "Improving authentication and key management for intra and inter vehicular communication." Thesis, Queensland University of Technology, 2022. https://eprints.qut.edu.au/236249/1/Basker%2BPalaniswamy%2BThesis.pdf.
Full textAbstract:
There are two types of vehicular communications: intra-vehicular and inter-vehicular. Widely used intra-vehicular communications protocols include Controller Area Network (CAN) 2.0B and Society of Automotive Engineers (SAE) J1939. Neither CAN 2.0B or SAE J1939 have included security mechanisms to prevent adversarial attacks. Adversaries may modify messages without detection. Inter-vehicular communications includes both vehicle-to-infrastructure and vehicle-to-vehicle communications. These are also vulnerable to attack. Manipulation of vehicular communications can have physical consequences endangering human life. This work aims to address this by analysing existing authentication protocols and designing secure authentication mechanisms for inter-vehicular and intra-vehicular communications to prevent certain adversarial attacks.
36
Hilm, David, and David Rahim. "Two-factor Authentication and Digital Signing for an Enterprise System utilizing Yubikey." Thesis, Linköpings universitet, Artificiell intelligens och integrerade datorsystem, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-158642.
Full textAbstract:
The use of a second factor to increase the security of systems is growing and has continued to do so for a long time. This thesis explores options for implementation to use a YubiKey as an authentication method (OTP) as well as for signing digital transactions through a web browser client. Measures of network overhead that occurs in conjunction with Digital Signing of transactions are also disclosed. Our findings show that YubiKey provides flexible and readily available solutions that can be used with only small implementations for OTP authentication. It is also shown that the major concern for implementing a solution for a web browser is to intuitively use certificates stored on a USB-device without installing any plugins or with the use of a third-party application running on the client machine.
37
Wang, Haiyuan. "Security Architecture for the TEAMDEC System." Thesis, Virginia Tech, 1999. http://hdl.handle.net/10919/9778.
Full textAbstract:
The prevalence of the Internet, client/server applications, Java, e-commerce, and electronic communications offers tremendous opportunities for business, education and communication, while simultaneously presenting big challenges to network security. In general, the web was designed with little concern for security. Thus, the issue of security is important in the design of network-based applications. The software architecture proposed in this thesis allows for the secure and efficient running of a team-based decision support system, specifically TEAMDEC. Based on the system's requirements and architecture, three types of possible attacks to the system are identified and a security solution is proposed that allows for user authentication, secure communication, and script access control. The implementation of these features will reduce security risk and allow effective use of the valuable system information data.<br>Master of Science
38
Nashwan, Shadi Ismail. "Performance analysis of a new dynamic authentication protocol DAKA of 3G mobile systems based on a novel Cryptography algorithm 'Anglia'." Thesis, Anglia Ruskin University, 2009. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.492950.
Full textAbstract:
Numerous examinations of the weaknesses with Authentication of Key Agreement protocol (AKA) of Universal Mobile Telecommunications System (UMTS) have been presented by various researchers. It is plausible to suggest that the majority of the proposed solutions of authentication protocols in the reported investigative works are formulated based on asymmetric algorithms which consume more computational overhead than symmetric algorithms. There is no evidence that the symmetric algorithms could lead to the existing weaknesses.
39
El, Moustaine Ethmane. "Authentication issues in low-cost RFID." Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2013. http://www.theses.fr/2013TELE0030.
Full textAbstract:
Cette thèse se concentre sur les problèmes liés à l’authentification dans la technologie RFID. Cette technologie est l’une des technologies les plus prometteuses dans le domaine de l’informatique ubiquitaire, elle est souvent désignée comme la prochaine révolution après Internet. Cependant, à cause des ressources très limitées en termes de calcul, mémoire et énergie sur les étiquettes RFID, les algorithmes classiques de sécurité ne peuvent pas être implémentés sur les étiquettes à bas coût rendant ainsi la sécurité et la vie privée un important sujet de recherche aujourd’hui. Dans un premier temps, nous étudions le passage à l’échelle dans les systèmes RFID à bas coût en développant un module pour ns-3 qui simule le standard EPC Class 1 Generation 2 pour établir un cadre stricte pour l’identification sécurisée des RFID à bas coût, ce qui nous conduit à l’utilisation de la cryptographie à clés publiques. Ensuite, nous proposons un protocole d’authentification basé sur une adaptation que nous avons introduit sur le célèbre cryptosystème NTRU. Ce protocole est spécialement conçu pour les RFID à bas coût comme les étiquettes n’implémentent que des opérations simples (xor, décalages, addition) et il garantit le passage à l’échelle. Enfin, nous considérons l’identification à divulgation nulle de connaissance, ce type d’approches est très utile dans de nombreuses applications RFID. Nous proposons deux protocoles à divulgation nulle de connaissance basés sur cryptoGPS et cryptoGPS randomisé. Ces approches consistent à stocker sur le serveur des coupons pré-calculés, ainsi la sécurité et la vie privée sont mieux supportées que dans les autres approches de ce type<br>This thesis focuses on issues related to authentication in low-cost radio frequency identification technology, more commonly referred to as RFID. This technology it is often referred to as the next technological revolution after the Internet. However, due to the very limited resources in terms of computation, memory and energy on RFID tags, conventional security algorithms cannot be implemented on low-cost RFID tags making security and privacy an important research subject today. First of all, we investigate the scalability in low-cost RFID systems by developing a ns-3 module to simulate the universal low-cost RFID standard EPC Class-1 Generation-2 in order to establish a strict framework for secure identification in low-cost RFID systems. We show that, the symmetrical key cryptography is excluded from being used in any scalable low-cost RFID standard. Then, we propose a scalable authentification protocol based on our adaptation of the famous public key cryptosystem NTRU. This protocol is specially designed for low-cost RFID systems, it can be efficiently implemented into low-cost tags. Finally, we consider the zero-knowledge identification i.e. when the no secret sharing between the tag and the reader is needed. Such identification approaches are very helpful in many RFID applications when the tag changes constantly the field of administration. We propose two lightweight zero-knowledge identification approaches based on GPS and randomized GPS schemes. The proposed approaches consist in storing in the back-end precomputed values in the form of coupons. So, the GPS-based variant can be private and the number of coupons can be much higher than in other approaches thus leading to higher resistance to denial of service attacks for cheaper tags
40
Machizaud, Jacques. "Cryptographie visuelle pour l’authentification de documents." Thesis, Saint-Etienne, 2012. http://www.theses.fr/2012STET4010/document.
Full textAbstract:
La cryptographie visuelle consiste à partager entre plusieurs « Shadow Images » (SIs) un secret qui ne se révèlera à l'oeil de l'observateur qu'à leur superposition. Depuis les travaux de Naor et Shamir, ce procédé cryptographique a été étendu à Des schémas numériques variés, adaptés à diverses problématiques. En revanche, les travaux concernant son implémentation physique sont peu nombreux à ce jour. Cette thèse est consacrée à l'implémentation de la cryptographie visuelle sur des SIs imprimés en demi-tons en vue de l'authentification de documents. Le SI associé au document peut être imprimé sur support opaque ou transparent, les autres SIs étant imprimés sur films transparents. Nous avons résolu la difficulté de leur superposition par une méthode de Fourier permettant le recalage de la structure quasi-périodique d'un SI. La précision de cette méthode nous a permis de développer un système optique de superposition par projection. On verra que les phénomènes physiques responsables du rendu visuel de SIs superposés sont propices à une protection contre la copie illicite du SI associé à un document. La complexité de ces phénomènes et leur dépendance au type d'impression imposent une modélisation physique pour obtenir un rendu précis. Cette approche nous a conduit à considérer la problématique de la reproduction des couleurs et à développer des modèles spectraux adaptés à la superposition de supports imprimés non diffusants et/ou diffusants, en réflexion et en transmission. La précision de ces modèles prédictifs est tout à fait satisfaisante au regard de celle habituellement obtenue dans le domaine de la reproduction des couleurs. Cela nous a permis d'introduire une approche originale de la cryptographie visuelle par ajustement de couleur (color matching) : une même couleur, à une tolérance près basée sur la vision humaine, est générée par différents demi-tons imprimés sur les supports à superposer. La couleur du message peut ainsi constituer un secret partagé entre les SIs de la même façon que l'est le contenu du message. Chaque SI pris individuellement ne laisse fuir aucune information sur la couleur du message, qui ne sera révélée qu'à leur superposition. Cela peut permettre de prévenir une attaque par falsification du SI associé au document (cheating attack ). De plus, le rendu des couleurs étant très dépendant du système d'impression utilisé, une reproduction fidèle à partir d'un système d'impression différent est difficile. La difficulté peut être encore accrue par l'utilisation de caractéristiques d'impression non standard<br>In this thesis, we will focus on the physical implementation of visual cryptography, which consists in sharing a secret message between several unmeaning images, so-called shadow images, at least one of them being printed. By the principle of the method, no information leaks about the message until the images are properly stacked together. As the alignment of the shadow images hampers the deployment of the visual cryptography in practice, we develop a dedicated image registration method. In contrast with existing methods, ours is not intrusive. We make use of the particular shape of the elementary constituents of the shadow images, the shares, to extract in the Fourier domain the main parameters of the geometrical transformations occurring between the superposed images. We prove that this method allows subpixel accuracy in shadow images registration. We benefit from such ability by implementing visual cryptography in an image projection configuration : the digital shadow image is projected onto the printed one. In this way, the registration is performed automatically by using a digital camera (the resulting superposition being observable by the eye). For the purpose of authentication, one has to deal with specific attacks: the shadow image attached to a given document could be tampered with or copied. In order to prevent such attacks, we have increased the di_culty to reproduce the shadow image by considering color. This approach requires a complete management of colors. Thanks to recent advances in color reproduction, we are able to predict the reflectance and transmittance spectra of supports printed in color. In this thesis, we develop new spectral prediction models namely for piles of printed transparencies as well as for transparencies stacked onto papers, all printed in color. Thus, we are able to predict the color of each share in a shadow image to be printed and to achieve color matching i.e. we are able to reach a color by various combinations of superposed colors. Such a prediction allowed us to introduce a new approach in visual cryptography: color matching when revealing the secret message to be shared into two (or more) shadow images, in order to authenticate the shadow images provider. As the prediction models are sensitive to the calibration of the printing system (printer, inks, supports, halftoning and geometry measurement conditions), the use of special materials will increase the di_culty to generate visually acceptable fake pairs of shadow images
41
Risterucci, Gabriel. "Mécanismes et outils pour sécurisation de systèmes à accès distants : application aux systèmes de gestion électronique de documents." Thesis, Aix-Marseille, 2016. http://www.theses.fr/2016AIXM4010/document.
Full textAbstract:
Cette thèse a pour objet l'amélioration de la sécurité de systèmes à accès distant par l'utilisation d'outils cryptographiques. Elle s'applique en particulier aux applications de gestion de documents numériques pour leurs problématiques de communication, d'authentification et de gestion de droits. Contrairement aux approches classiques consistant à utiliser des moyens de protections ponctuels, nous proposons ici un ensemble d'outils conçu pour collaborer afin de renforcer la sécurité du système. La sécurisation des communications est réalisée grâce à la conception d'un protocole de communications sécurisée adapté aux applications distribuées. Les problématiques d'authentification ont donné lieu à l'élaboration de solutions permettant d'apporter un support cryptographique pour toutes modalités d'authentification. La gestion des droits fait l'objet d'un développement spécifique permettant d'associer des droits à des applications cryptographiques. Un point clé de ces réflexions est l'importance de l'accessibilité de ces outils de sécurité pour les utilisateurs du système. Cela a influé sur les propositions pour qu'elles perturbent le moins possible l'expérience utilisateur. Le résultat est l'intégration en un système global de différents outils et mécanismes apportant une sécurité complète à un système de gestion de documents numériques. Cette sécurité est basée sur des algorithmes cryptographiques afin de disposer de propriétés de sécurité prouvables et vérifiables. Comme support de ces mécanismes, une plate-forme de sécurité logicielle a été conçu pour fournir les outils cryptographiques de façon portable<br>This thesis' goal is the improvement of the security of remotely accessed systems with the use of cryptographic tools. Specifically it is applied to digital documents management software that raise issues in three fields~: communication, authentication and rights management. Unlike common approaches that involve the use of individual protections for these three fields, we offer a set of tools made to work together to improve the system's security. Securing communication is done thanks to a new secure communication protocol designed for distributed applications. Authentication issues led to the development of two tailored solutions providing cryptographic support to the application for any authentication method. Rights management is handled through new associations between a given access right and specific cryptographic applications. A key element of those solutions is the emphasis put on the usability of these secure tools. It swayed the development of our proposals toward more transparent solutions that would not disturb the user experience. As a result, we obtained a secure system made of these tools and mechanisms that work together to provide full and transparent security for a digital documents management software. This security is fully based on cryptographic algorithms to provide provable and verifiable security properties. As a supporting layer for these mechanisms, a secure software library was designed to provide all the required tools for cryptographic uses in a portable way
42
Kočíř, Michal. "Použití smart-karet v moderní kryptografii." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2013. http://www.nusl.cz/ntk/nusl-220299.
Full textAbstract:
This thesis discusses the general use of smart cards in MULTOS in cryptographic applications. At first is described two types of authentication - the authentication by the subject with focusing on authenticators and the authentication by the knowledge. Furthermore there is the description of the anonymous authentication and attribute authentization. This is followed by a description of smart cards with a focus on MULTOS cards. There is also performed analysis of programmable smart cards .NET, JavaCard and MULTOS. Practical part is focused on the implementation of an authentication scheme, which is being developed at FEEC. The communication of authentication protocol is between the MULTOS card and reader connected to a PC. The protocol is composed of cryptographic functions such as random number generation, hash function, modular exponentiation, modular multiplication and difference of large numbers. It was also implemented the measurement of specific applications.
43
Sbai, Anass. "Contributions au proxy de re-chiffrement et à la délégation d'authentification." Electronic Thesis or Diss., Amiens, 2021. http://www.theses.fr/2021AMIE0032.
Full textAbstract:
La cyber sécurité est un enjeu majeur pour le SmartGrid et les industries énergétiques. La manipulation des données issues des compteurs intelligents peut avoir des conséquences néfastes, particulièrement lorsque les systèmes de comptage sont connectés directement aux sources de production. Dans le cadre du projet VertPom, nous nous sommes intéressés à deux problématiques majeures : la confidentialité des données de consommation et les systèmes d'authentification. Pour répondre aux problématiques de confidentialité, nous avons utilisé le concept des proxy de re-chiffrement (PRE) qui permet le partage de données chiffrées. Nous avons étudié les systèmes existants et nous nous sommes intéressés aux constructions bénéficiant d'une sécurité CCA dans le modèle standard qui n'utilisent pas le couplage. Nous montrons l'existence d'une vulnérabilité dans un PRE existant puis nous proposons une nouvelle construction basée sur le système de chiffrement de Cramer-Shoup. Nous définissons aussi la notion de PREaaS (Proxy Re-Encryption as a Service) qui permet une utilisation dans un contexte orienté services. S'agissant des problématiques d'authentification, nous présentons un nouveau protocole de délégation d'authentification. Notre solution permet aux utilisateurs de, s'authentifier anonymement sur des réseaux non sécurisés, de manière asynchrone sans communication directe entre les différents acteurs, tout en minimisant le nombre d'interactions<br>Cybersecurity is a major issue for the SmartGrid and energy industries. Manipulating data collected from smart meters can have harmful consequences, especially when the metering systems are connected directly to the production sources. Within the scope of the VertPom project, we have addressed two major issues: the confidentiality of consumption data and authentication systems. To address the confidentiality issues, we used the concept of proxy re-encryption (PRE) which allows the sharing of encrypted data. We have studied existing systems and we are interested in constructions with CCA security in the standard model without pairing. We show the existence of a vulnerability in an existing PRE and we propose a new construction based on the Cramer-Shoup encryption system. We also define the notion of PREaaS (Proxy Re-Encryption as a Service) which allows use in a service-oriented context. Regarding authentication issues, we present a new authentication delegation protocol. Our solution allows users to anonymously authenticate themselves on unsecured networks, asynchronously without direct communication between the different actors, while minimizing the number of interactions
44
Bělík, David. "Ověření uživatelů pomocí chytrých telefonů." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2014. http://www.nusl.cz/ntk/nusl-220984.
Full textAbstract:
The main aim of this diploma thesis is to get acquainted with the area of secure authentication and authorization of users in smartphones on the Android platform. Individual types of encoding, authentications, authentication devices and characteristics of QR codes are decribed in the chapters. In the practical part of this thesis the applications are created with an implemented authentication scheme, which is being developed at FEKT VUT in Brno. The client part of the application, that generates QR code, as well as the server part, that verifies the authenticity of the data, are set up.
45
Marek, Tomáš. "Softwarová podpora výuky kryptografických protokolů." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2009. http://www.nusl.cz/ntk/nusl-217980.
Full textAbstract:
Document contains informations about authentication, encryption, data integrity and data authenticity. Next part includes description of well know cryptography protocols, their functions and also their weaknesses. All of these acquired informations were used in concept and final software support for teaching of cryptography protocols, which is able to run on clasic web-browser. Thats why the application was designed as web PHP pages using JavaScript and AJAX, which ensures plaform and OS architecture independency. Besides the descripted and ilustrated part of application there are also interactive parts and animations. The last period contains description of education software and its functions. Source code can be found on the appended CD.
46
Hitchcock, Yvonne Roslyn. "Elliptic curve cryptography for lightweight applications." Thesis, Queensland University of Technology, 2003. https://eprints.qut.edu.au/15838/1/Yvonne_Hitchcock_Thesis.pdf.
Full textAbstract:
Elliptic curves were first proposed as a basis for public key cryptography in the mid 1980's. They provide public key cryptosystems based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP) , which is so called because of its similarity to the discrete logarithm problem (DLP) over the integers modulo a large prime. One benefit of elliptic curve cryptosystems (ECCs) is that they can use a much shorter key length than other public key cryptosystems to provide an equivalent level of security. For example, 160 bit ECCs are believed to provide about the same level of security as 1024 bit RSA. Also, the level of security provided by an ECC increases faster with key size than for integer based discrete logarithm (dl) or RSA cryptosystems. ECCs can also provide a faster implementation than RSA or dl systems, and use less bandwidth and power. These issues can be crucial in lightweight applications such as smart cards. In the last few years, ECCs have been included or proposed for inclusion in internationally recognized standards. Thus elliptic curve cryptography is set to become an integral part of lightweight applications in the immediate future. This thesis presents an analysis of several important issues for ECCs on lightweight devices. It begins with an introduction to elliptic curves and the algorithms required to implement an ECC. It then gives an analysis of the speed, code size and memory usage of various possible implementation options. Enough details are presented to enable an implementer to choose for implementation those algorithms which give the greatest speed whilst conforming to the code size and ram restrictions of a particular lightweight device. Recommendations are made for new functions to be included on coprocessors for lightweight devices to support ECC implementations Another issue of concern for implementers is the side-channel attacks that have recently been proposed. They obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time and the information is then used to break implementations that have not incorporated appropriate defences. A new method of defence to protect an implementation from the simple power analysis (spa) method of attack is presented in this thesis. It requires 44% fewer additions and 11% more doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm. The algorithm forms a contribution to the current range of possible spa defences which has a good speed but low memory usage. Another topic of paramount importance to ECCs for lightweight applications is whether the security of fixed curves is equivalent to that of random curves. Because of the inability of lightweight devices to generate secure random curves, fixed curves are used in such devices. These curves provide the additional advantage of requiring less bandwidth, code size and processing time. However, it is intuitively obvious that a large precomputation to aid in the breaking of the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve which would be unavailable for a random curve. Therefore, it would appear that fixed curves are less secure than random curves, but quantifying the loss of security is much more difficult. The thesis performs an examination of fixed curve security taking this observation into account, and includes a definition of equivalent security and an analysis of a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. A lower bound on the expected time to solve such ECDLPs using this method is presented, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. It is concluded that adding a total of 11 bits to the size of a fixed curve provides an equivalent level of security compared to random curves. The final part of the thesis deals with proofs of security of key exchange protocols in the Canetti-Krawczyk proof model. This model has been used since it offers the advantage of a modular proof with reusable components. Firstly a password-based authentication mechanism and its security proof are discussed, followed by an analysis of the use of the authentication mechanism in key exchange protocols. The Canetti-Krawczyk model is then used to examine secure tripartite (three party) key exchange protocols. Tripartite key exchange protocols are particularly suited to ECCs because of the availability of bilinear mappings on elliptic curves, which allow more efficient tripartite key exchange protocols.
47
Hitchcock, Yvonne Roslyn. "Elliptic Curve Cryptography for Lightweight Applications." Queensland University of Technology, 2003. http://eprints.qut.edu.au/15838/.
Full textAbstract:
Elliptic curves were first proposed as a basis for public key cryptography in the mid 1980's. They provide public key cryptosystems based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP) , which is so called because of its similarity to the discrete logarithm problem (DLP) over the integers modulo a large prime. One benefit of elliptic curve cryptosystems (ECCs) is that they can use a much shorter key length than other public key cryptosystems to provide an equivalent level of security. For example, 160 bit ECCs are believed to provide about the same level of security as 1024 bit RSA. Also, the level of security provided by an ECC increases faster with key size than for integer based discrete logarithm (dl) or RSA cryptosystems. ECCs can also provide a faster implementation than RSA or dl systems, and use less bandwidth and power. These issues can be crucial in lightweight applications such as smart cards. In the last few years, ECCs have been included or proposed for inclusion in internationally recognized standards. Thus elliptic curve cryptography is set to become an integral part of lightweight applications in the immediate future. This thesis presents an analysis of several important issues for ECCs on lightweight devices. It begins with an introduction to elliptic curves and the algorithms required to implement an ECC. It then gives an analysis of the speed, code size and memory usage of various possible implementation options. Enough details are presented to enable an implementer to choose for implementation those algorithms which give the greatest speed whilst conforming to the code size and ram restrictions of a particular lightweight device. Recommendations are made for new functions to be included on coprocessors for lightweight devices to support ECC implementations Another issue of concern for implementers is the side-channel attacks that have recently been proposed. They obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time and the information is then used to break implementations that have not incorporated appropriate defences. A new method of defence to protect an implementation from the simple power analysis (spa) method of attack is presented in this thesis. It requires 44% fewer additions and 11% more doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm. The algorithm forms a contribution to the current range of possible spa defences which has a good speed but low memory usage. Another topic of paramount importance to ECCs for lightweight applications is whether the security of fixed curves is equivalent to that of random curves. Because of the inability of lightweight devices to generate secure random curves, fixed curves are used in such devices. These curves provide the additional advantage of requiring less bandwidth, code size and processing time. However, it is intuitively obvious that a large precomputation to aid in the breaking of the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve which would be unavailable for a random curve. Therefore, it would appear that fixed curves are less secure than random curves, but quantifying the loss of security is much more difficult. The thesis performs an examination of fixed curve security taking this observation into account, and includes a definition of equivalent security and an analysis of a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. A lower bound on the expected time to solve such ECDLPs using this method is presented, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. It is concluded that adding a total of 11 bits to the size of a fixed curve provides an equivalent level of security compared to random curves. The final part of the thesis deals with proofs of security of key exchange protocols in the Canetti-Krawczyk proof model. This model has been used since it offers the advantage of a modular proof with reusable components. Firstly a password-based authentication mechanism and its security proof are discussed, followed by an analysis of the use of the authentication mechanism in key exchange protocols. The Canetti-Krawczyk model is then used to examine secure tripartite (three party) key exchange protocols. Tripartite key exchange protocols are particularly suited to ECCs because of the availability of bilinear mappings on elliptic curves, which allow more efficient tripartite key exchange protocols.
48
Faye, Youssou. "Algorithmes d'authentification et de cryptographie efficaces pour les réseaux de capteurs sans fil." Thesis, Besançon, 2014. http://www.theses.fr/2014BESA2018/document.
Full textAbstract:
Un réseau de capteurs sans fil (RCSF) est constitué d’un grand nombre de nœuds capteurs autonomes qui collaborent ensemble pour la surveillance d’une zone, d’une machine, d’une personne etc.. Dans certaines applications,les données critiques doivent être protégées contre toute utilisation frauduleuse et être accessibles en temps réel. Le besoin d’apporter une solution de sécurité fiable et adaptée paraît donc essentiel. Les solutions de sécurité utilisées dans les réseaux traditionnels ne sont pas directement applicables dans les RCSFs, car développer des primitives de sécurité en utilisant de faibles ressources devient un véritable défi. Dans cette thèse, nous proposons des solutions nouvelles peu gourmandes en ressources qui tiennent compte des faibles capacités de défense d’un réseau autonome. Dans cette optique nous appliquons des mécanismes cryptographiques bas´es sur les fonctions de hachage et les courbes elliptiques. Un focus sur différents mécanismes de sécurité peu gourmands en ressources nous permet la mise en évidence des rapports de forces entre les RCSFs et leurs vulnérabilités. Notre première contribution vise `a améliorer la sécurité et les performances en termes d’´énergie sur des protocoles d’authentification existants tout en utilisant les mêmes mécanismes. Dans la deuxième contribution, on utilise le concept de probabilité de risque afin de déterminer la consommation énergétique dans différentes architectures de déploiement. Dans la troisième contribution nous présentons un nouveau mécanisme d’accélération de la multiplication scalaire sur les courbes elliptiques définies dans des corps finis premiers. Ce mécanisme bas´e sur l’opposé et l’ordre d’un point, réduit le nombre d’opérations de points dans un intervalle donné, et présente en plus l’avantage de pouvoir être combiné avec les techniques existantes. Enfin dans notre dernière contribution, nous nous sommes intéressés à l’accélération du calcul des points résultants du partitionnement du scalaire qui introduisent des coûts additionnels de calcul et de stockage mémoire. Nous comparons différentes formules de points existantes en mettant en évidence leur efficacité<br>A Wireless Sensor Network (WSN) consists of a large number of sensor nodes which collaborate so as tomonitor environnement. For various WSNs’ applications, the collected data should be protected by preventingunauthorized users from gaining the information. The need to find a reliable and adaptive security solution isvery important. Most current standard security protocols designed for traditional networks cannot be applieddirectly in WSN. For this reason, providing a variety of security functions with limited resources is a realchallenge. Our research work seeks to find secure efficient solutions that take into account the rather weakdefense of an autonomous network. In this way, we apply lightweight cryptography mechanisms based on hashfunction and elliptic curves. A focus on different security mechanisms and lightweight security algorithms canhighlight the strength ratio between WSNs and their vulnerabilities. Our first contribution is on a secure energyefficient solution, it uses the same mechanism and aims to enhance the security weaknesses of existing solutions.The second contribution uses the concept of probability risk analysis to show to which level the proposedsolution justifies the better energy consumption for a given network architecture. In the third contribution, wepresent a new technique to accelerate scalar multiplication on elliptic curves cryptography over prime field forlight-weight embedded devices like sensor nodes. Our method reduces the computation of scalar multiplicationby an equivalent representation of points based on point order in a given interval and can also act as a supportfor most existing methods. Finally our last contribution presents a fast pre-computation algorithm in a parallelscalar multiplication to avoid the storage of pre-computation points which requires extra memory. We alsoprovide a comparison of different formulas so as to find out their efficiency
49
Piva, Fabio Rogério 1982. "Addressing human factors in the design of cryptographic solutions = a two-case study in item validation and authentication." [s.n.], 2014. http://repositorio.unicamp.br/jspui/handle/REPOSIP/275510.
Full textAbstract:
Orientador: Ricardo Dahab<br>Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação<br>Made available in DSpace on 2018-08-25T09:03:51Z (GMT). No. of bitstreams: 1
Piva_FabioRogerio_D.pdf: 7931626 bytes, checksum: 2a9d167e0a1fd625d636fd24d4c0028e (MD5)
Previous issue date: 2014<br>Resumo: O projeto de soluções criptográficas seguras a partir de uma perspectiva puramente teórica não é suficiente para garantir seu sucesso em cenários realistas. Diversas vezes, as premissas sob as quais estas soluções são propostas não poderiam estar mais longe das necessidades do mundo real. Um aspecto frequentemente esquecido, que pode influenciar em como a solução se sai ao ser integrada, é a forma como o usuário final interage com ela (i.e., fatores humanos). Neste trabalho, estudamos este problema através da análise de dois cenários de aplicação bem conhecidos da pesquisa em Segurança da Informação: O comércio eletrônico de itens digitais e Internet banking. Protocolos de trocas justas tem sido amplamente estudados, mas continuam não sendo implementados na maioria das transações de comércio eletrônico disponíveis. Para diversos tipos de itens digitais (e-goods), o modelo de negócios atual para comércio eletrônico falha em garantir justiça aos clientes. A validação de itens é um passo crítico em trocas justas, e recebeu pouca atenção dos pesquisadores. Nós acreditamos que estes problemas devam ser abordados de forma integrada, para que os protocolos de trocas justas possam ser efetivamente implementados no mercado. De forma geral, acreditamos também que isso seja um reflexo de paradigmas de projeto orientado a sistemas para soluções de segurança, que são centrados em dados em vez de usuários, o que resulta em métodos e técnicas que frequentemente desconsideram os requisitos de usuários. Contextualizamos como, ao subestimar as sutilezas do problema da validação de itens, o modelo atual para compra e venda de itens digitais falha em garantir sucesso, na perspectiva dos compradores, para as transações ¿ sendo, portanto, injusto por definição. Também introduzimos o conceito de Degradação Reversível, um método que inerentemente inclui o passo de validação de itens em transações de compra e venda com a finalidade de mitigar os problemas apresentados. Como prova-de-conceito, produzimos uma implementação de Degradação Reversível baseada em códigos corretores de erros sistemáticos (SECCs), destinada a conteúdo multimídia. Este método é também o subproduto de uma tentativa de incluir os requisitos do usuário no processo de construção de métodos criptográficos, uma abordagem que, em seguida, evoluímos para o denominado projeto de protocolos orientado a itens. De uma perspectiva semelhante, também propomos um método inovador para a autenticação de usuários e de transações para cenários de Internet Banking. O método proposto, baseado em Criptografia Visual, leva em conta tanto requisitos técnicos quanto de usuário, e cabe como um componente seguro ¿ e intuitivo ¿ para cenários práticos de autenticação de transações<br>Abstract: Designing secure cryptographic solutions from a purely theoretical perspective is not enough to guarantee their success in a realistic scenario. Many times, the assumptions under which these solutions are designed could not be further from real-world necessities. One particular, often-overlooked aspect that may impact how the solution performs after deployment is how the final user interacts with it (i.e., human factors). In this work, we take a deeper look into this issue by analyzing two well known application scenarios from Information Security research: The electronic commerce of digital items and Internet banking. Fair exchange protocols have been widely studied, but are still not implemented on most e-commerce transactions available. For several types of digital items (e-goods), the current e-commerce business model fails to provide fairness to customers. A critical step in fair exchange is item validation, which still lacks proper attention from researchers. We believe this issue should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. More generally, we also believe this to be the consequence of ongoing system-oriented security solution design paradigms that are data-centered, as opposed to user-centered, thus leading to methods and techniques that often disregard users¿ requirements. We contextualize how, by overlooking the subtleties of the item validation problem, the current model for buying and selling digital items fails to provide guarantees of a successful transaction outcome to customers, thus being unfair by design. We also introduce the concept of Reversible Degradation, a method for enhancing buy-sell transactions concerning digital items that inherently includes the item validation step in the purchase protocol in order to tackle the discussed problems. As a proof-of-concept, we produce a deliverable instantiation of Reversible Degradation based on systematic error correction codes (SECCs), suitable for multimedia content. This method is also the byproduct of an attempt to include users¿ requirements into the cryptographic method construction process, an approach that we further develop into a so-called item-aware protocol design. From a similar perspective, we also propose a novel method for user and transaction authentication for Internet Banking scenarios. The proposed method, which uses Visual Cryptography, takes both technical and user requirements into account, and is suitable as a secure ¿ yet intuitive ¿ component for practical transaction authentication scenarios<br>Doutorado<br>Ciência da Computação<br>Doutor em Ciência da Computação
50
Portella, Rodrigo. "Balancing energy, security and circuit area in lightweight cryptographic hardware design." Thesis, Paris Sciences et Lettres (ComUE), 2016. http://www.theses.fr/2016PSLEE036/document.
Full textAbstract:
Cette thèse aborde la conception et les contremesures permettant d'améliorer le calcul cryptographique matériel léger. Parce que la cryptographie (et la cryptanalyse) sont de nos jours de plus en plus omniprésentes dans notre vie quotidienne, il est crucial que les nouveaux systèmes développés soient suffisamment robustes pour faire face à la quantité croissante de données de traitement sans compromettre la sécurité globale. Ce travail aborde de nombreux sujets liés aux implémentations cryptographiques légères. Les principales contributions de cette thèse sont : - Un nouveau système d'accélération matérielle cryptographique appliqué aux codes BCH ; - Réduction de la consommation des systèmes embarqués et SoCs ; - Contre-mesures légères des attaques par canal auxiliaire applicables à l'algorithme de chiffrement reconfigurable AES ;- CSAC : Un pare-feu sécurisé sur la puce cryptographique ; - Attaques par analyse fréquentielle ; - Un nouveau protocole à divulgation nulle de connaissance appliquée aux réseaux de capteurs sans fil ; - OMD : Un nouveau schéma de chiffrement authentifié<br>This thesis addresses lightweight hardware design and countermeasures to improve cryptographic computation. Because cryptography (and cryptanalysis) is nowadays becoming more and more ubiquitous in our daily lives, it is crucial that newly developed systems are robust enough to deal with the increasing amount of processing data without compromising the overall security. This work addresses many different topics related to lightweight cryptographic implementations. The main contributions of this thesis are: - A new cryptographic hardware acceleration scheme applied to BCH codes; - Hardware power minimization applied to SoCs and embedded devices; - Timing and DPA lightweight countermeasures applied to the reconfigurable AES block cipher; - CSAC: A cryptographically secure on-chip firewall; - Frequency analysis attack experiments; - A new zero-knowledge zero-knowledge protocol applied to wireless sensor networks; - OMD: A new authenticated encryption scheme