Partitioning oracle attacks against variants of AES-GCM and ChaCha20-Poly1305

Tordsson, Pontus

January 2021

We investigate so-called partitioning oracle attacks against AES-GCM and ChaCha20-Poly1305 along with some improvements. Such attacks against these two cryptosystems are efficient because they can be reduced to solving linear systems of equations over finite fields. We show, with some randomness assumptions, that such linear systems must have at least as many columns as rows. We have also chosen two finite (non-field) rings, as replacement for the respective fields used by AES-GCM and ChaCha20-Poly1305 for message authentication. These rings make the problem of linear system arrangement in a partitioning oracle attack extremely hard for large linear system dimensions.

partitioning oracle attack

AES-GCM

ChaCha20-Poly1305

Mathematics

Matematik

Data Link Layer Security for Spacecraft Communication Implementation on FPGA

Sundberg, Sarah

January 2020

With increasing awareness of potential security threats there is a growing interest in communication security for spacecraft control and data. Traditionally commercial and scientific missions have relied on their uniqueness to prevent security breaches. During time the market has changed with open systems for mission control and data distribution, increased connectivity and the use of existing and shared infrastructure. Therefore security layers are being introduced to protect spacecraft communication. In order to mitigate the perceived threats, the Consultative Committee for Space Data Systems (CCSDS) has proposed the addition of communication security in the various layers of the communication model. This thesis describes and discuss their proposal and look into how this application should be implemented into the data link layer of the communication protocol to protect from timing attacks. An implementation of AES-CTR+GMAC is constructed in software to compare different key lengths and another implementation is constructed in synthesized VHDL for use on hardware to investigate the impact on area consumption on the FPGA as well as if it is possible to secure it from cache-timing attacks.

AES-GCM

FPGA

VHDL

Spacecraft

Communication

Timing attacks

Security

Embedded Systems

Inbäddad systemteknik

Akcelerace šifrování přenosu síťových dat / Acceleration of Network Traffic Encryption

Koranda, Karel

January 2013

This thesis deals with the design of hardware unit used for acceleration of the process of securing network traffic within Lawful Interception System developed as a part of Sec6Net project. First aim of the thesis is the analysis of available security mechanisms commonly used for securing network traffic. Based on this analysis, SSH protocol is chosen as the most suitable mechanism for the target system. Next, the thesis aims at introduction of possible variations of acceleration unit for SSH protocol. In addition, the thesis presents a detailed design description and implementation of the unit variation based on AES-GCM algorithm, which provides confidentiality, integrity and authentication of transmitted data. The implemented acceleration unit reaches maximum throughput of 2,4 Gbps.

Whiteboxrouter för små kontorsnätverk - En prestandajämförelse

Lundberg, Carl

January 2018

Inom nätverksbranchen finns en strävan att gå från proprietära lösningar till en öppen standard för hård- och mjukvara. En term för detta är Whiteboxing och det innebär att användaren ges möjlighet att plocka ihop komponenter efter behov, och själv välja vilken mjukvara som används. I sin enklaste form byggs en Whiteboxrouter av en konventionell PC med två nätverkskort och en mjukvarubaserad routingapplikation. Företaget ÅF är intresserade av att veta hur Whitebox-lösningar för routrar står sig prestandamässigt i relation till konventionella routerlösningar med Application Specific Integrated Circuit. Detta arbete har undersökt prestandan genom att mäta throughput och goodput hos en Cisco 2911-router, en Whiteboxrouter med mjukvaran pfSense, samt en Whiteboxrouter som körde pfSense virtualiserat på ESXi. Dessutom undersöktes respektive konfigurations prestanda när trafiken skickades över IPsec VPN. För mätningarna användes filöverföringar med FTP och mätprogrammet Iperf3. Målet med arbetet var att skapa ett beslutsunderlag som klargjorde eventuella prestandaskillnader och utarbetade rekommendationer för framtida val av routerlösning. Resultatet visade att vid generell paketförmedling var prestandan mellan routrarna relativt jämn, dock rekommenderas den virtualiserade Whiteboxroutern då den fick det bästa resultatet. När trafiken sedan krypterades med IPsec VPN var det stora prestandaskillnader mellan enheterna. Bäst prestanda fick Whiteboxroutern. Författaren ser en vinning med Whitebox-tekniken i stort då den medger att serverutrustning som ska utrangeras på grund av prestandakrav, istället kan fungera som nätverksutrustning (routrar och brandväggar) och fortsätta användas under en större del av den tekniska livslängden. Detta kan på sikt leda till minskad miljöpåverkan och besparingar för företaget.

Whitebox

White box

Router

Throughput

Goodput

Iperf3

FTP

pfSense

ASIC

Cisco

VMware

ESXi

IPsec

AES

AES-GCM

AES-CBC

Prestandajämförelse

Prestandamätning

Engineering and Technology

Teknik och teknologier

Akcelerace vektorových a krytografických operací na platformě x86-64 / Acceleration of Vector and Cryptographic Operations on x86-64 Platform

Šlenker, Samuel

January 2017

The aim of this thesis was to study and subsequently process a comparison of older and newer SIMD processing units of modern microprocessors on the x86-64 platform. The thesis provides an overview of the fastest computations of vector operations with matrices and vectors, including corresponding source codes. Furthermore, the thesis is focused on authenticated encryption, specifically on block cipher AES operating in Galois Counter Mode, and on a discussion of possibilities of instruction sets for cryptographic support.