Increasing the Robustness of Point Operations in Co-Z Arithmetic against Side-Channel Attacks

Almohaimeed, Ziyad Mohammed

08 August 2013

Elliptic curve cryptography (ECC) has played a significant role on secure devices since it was introduced by Koblitz and Miller more than three decades ago. The great demand for ECC is created by its shorter key length while it provides an equivalent security level in comparison to previously introduced public-key cryptosystems (e.g.RSA). From an implementation point of view a shorter key length means a higher processing speed, smaller power consumption, and silicon area requirement. Scalar multiplication is the main operation in Elliptic Curve Diffie-Hellman (ECDH), which is a key-agreement protocol using ECC. As shown in the prior literature, this operation is both vulnerable to Power Analysis attack and requires a large amount of time. Therefore, a lot of research has focused on enhancing the performance and security of scalar multiplication. In this work, we describe three schemes to counter power analysis cryptographic attacks. The first scheme provides improved security at the expense of a very small cost of additional hardware overhead; its basic idea is to randomize independent field operations in order to have multiple power consumption traces for each point operation. In the second scheme, we introduce an atomic block that consists of addition, multiplication and addition [A-M-A]. This technique provides a very good scalar multiplication protection but with increased computation cost. The third scheme provides both security and speed by adopting the second tech- nique and enhancing the instruction-level parallelism at the atomic level. As a result, the last scheme also provides a reduction in computing time. With these schemes the users can optimize the trade-off between speed, cost, and security level according to their needs and resources. / Graduate / 0544 / 0984 / z.mohaimeed@gmail.com

elliptic curve cryptography

power analysis

Elliptic curve Diffie-Hellman

ECDH

ECC

atomic block

Side-Channel Attack Aware Implementation

Efficient Packet-Drop Thwarting and User-Privacy Preserving Protocols for Multi-hop Wireless Networks

Mahmoud, Mohamed Mohamed Elsalih Abdelsalam

08 April 2011

In multi-hop wireless network (MWN), the mobile nodes relay others’ packets for enabling new applications and enhancing the network deployment and performance. However, the selfish nodes drop the packets because packet relay consumes their resources without benefits, and the malicious nodes drop the packets to launch Denial-of-Service attacks. Packet drop attacks adversely degrade the network fairness and performance in terms of throughput, delay, and packet delivery ratio. Moreover, due to the nature of wireless transmission and multi-hop packet relay, the attackers can analyze the network traffic in undetectable way to learn the users’ locations in number of hops and their communication activities causing a serious threat to the users’ privacy. In this thesis, we propose efficient security protocols for thwarting packet drop attacks and preserving users’ privacy in multi-hop wireless networks. First, we design a fair and efficient cooperation incentive protocol to stimulate the selfish nodes to relay others’ packets. The source and the destination nodes pay credits (or micropayment) to the intermediate nodes for relaying their packets. In addition to cooperation stimulation, the incentive protocol enforces fairness by rewarding credits to compensate the nodes for the consumed resources in relaying others’ packets. The protocol also discourages launching Resource-Exhaustion attacks by sending bogus packets to exhaust the intermediate nodes’ resources because the nodes pay for relaying their packets. For fair charging policy, both the source and the destination nodes are charged when the two nodes benefit from the communication. Since micropayment protocols have been originally proposed for web-based applications, we propose a practical payment model specifically designed for MWNs to consider the significant differences between web-based applications and cooperation stimulation. Although the non-repudiation property of the public-key cryptography is essential for securing the incentive protocol, the public-key cryptography requires too complicated computations and has a long signature tag. For efficient implementation, we use the public-key cryptography only for the first packet in a series and use the efficient hashing operations for the next packets, so that the overhead of the packet series converges to that of the hashing operations. Since a trusted party is not involved in the communication sessions, the nodes usually submit undeniable digital receipts (proofs of packet relay) to a centralized trusted party for updating their credit accounts. Instead of submitting large-size payment receipts, the nodes submit brief reports containing the alleged charges and rewards and store undeniable security evidences. The payment of the fair reports can be cleared with almost no processing overhead. For the cheating reports, the evidences are requested to identify and evict the cheating nodes. Since the cheating actions are exceptional, the proposed protocol can significantly reduce the required bandwidth and energy for submitting the payment data and clear the payment with almost no processing overhead while achieving the same security strength as the receipt-based protocols. Second, the payment reports are processed to extract financial information to reward the cooperative nodes, and contextual information such as the broken links to build up a trust system to measure the nodes’ packet-relay success ratios in terms of trust values. A node’s trust value is degraded whenever it does not relay a packet and improved whenever it does. A node is identified as malicious and excluded from the network once its trust value reaches to a threshold. Using trust system is necessary to keep track of the nodes’ long-term behaviors because the network packets may be dropped normally, e.g., due to mobility, or temporarily, e.g., due to network congestion, but the high frequency of packet drop is an obvious misbehavior. Then, we propose a trust-based and energy-aware routing protocol to route traffics through the highly trusted nodes having sufficient residual energy in order to establish stable routes and thus minimize the probability of route breakage. A node’s trust value is a real and live measurement to the node’s failure probability and mobility level, i.e., the low-mobility nodes having large hardware resources can perform packet relay more efficiently. In this way, the proposed protocol stimulates the nodes not only to cooperate but also to improve their packet-relay success ratio and tell the truth about their residual energy to improve their trust values and thus raise their chances to participate in future routes. Finally, we propose a privacy-preserving routing and incentive protocol for hybrid ad hoc wireless network. Micropayment is used to stimulate the nodes’ cooperation without submitting payment receipts. We only use the lightweight hashing and symmetric-key-cryptography operations to preserve the users’ privacy. The nodes’ pseudonyms are efficiently computed using hashing operations. Only trusted parties can link these pseudonyms to the real identities for charging and rewarding operations. Moreover, our protocol protects the location privacy of the anonymous source and destination nodes. Extensive analysis and simulations demonstrate that our protocols can secure the payment and trust calculation, preserve the users’ privacy with acceptable overhead, and precisely identify the malicious and the cheating nodes. Moreover, the simulation and measurement results demonstrate that our routing protocols can significantly improve route stability and thus the packet delivery ratio due to stimulating the selfish nodes’ cooperation, evicting the malicious nodes, and making informed decisions regarding route selection. In addition, the processing and submitting overheads of the payment-reports are incomparable with those of the receipts in the receipt-based incentive protocols. Our protocol also requires incomparable overhead to the signature-based protocols because the lightweight hashing operations dominate the nodes’ operations.

Security

Trust system

Trust-based routing protocol

black hole attacks

Cooperation stimulation

Reputation systems

Privacy preserving protocols

anonymity

Electrical and Computer Engineering

Side-Channel Analysis: Countermeasures and Application to Embedded Systems Debugging

Moreno, Carlos

January 2013

Side-Channel Analysis plays an important role in cryptology, as it represents an important class of attacks against cryptographic implementations, especially in the context of embedded systems such as hand-held mobile devices, smart cards, RFID tags, etc. These types of attacks bypass any intrinsic mathematical security of the cryptographic algorithm or protocol by exploiting observable side-effects of the execution of the cryptographic operation that may exhibit some relationship with the internal (secret) parameters in the device. Two of the main types of side-channel attacks are timing attacks or timing analysis, where the relationship between the execution time and secret parameters is exploited; and power analysis, which exploits the relationship between power consumption and the operations being executed by a processor as well as the data that these operations work with. For power analysis, two main types have been proposed: simple power analysis (SPA) which relies on direct observation on a single measurement, and differential power analysis (DPA), which uses multiple measurements combined with statistical processing to extract information from the small variations in power consumption correlated to the data. In this thesis, we propose several countermeasures to these types of attacks, with the main themes being timing analysis and SPA. In addition to these themes, one of our contributions expands upon the ideas behind SPA to present a constructive use of these techniques in the context of embedded systems debugging. In our first contribution, we present a countermeasure against timing attacks where an optimized form of idle-wait is proposed with the goal of making the observable decryption time constant for most operations while maintaining the overhead to a minimum. We show that not only we reduce the overhead in terms of execution speed, but also the computational cost of the countermeasure, which represents a considerable advantage in the context of devices relying on battery power, where reduced computations translates into lower power consumption and thus increased battery life. This is indeed one of the important themes for all of the contributions related to countermeasures to side- channel attacks. Our second and third contributions focus on power analysis; specifically, SPA. We address the issue of straightforward implementations of binary exponentiation algorithms (or scalar multiplication, in the context of elliptic curve cryptography) making a cryptographic system vulnerable to SPA. Solutions previously proposed introduce a considerable performance penalty. We propose a new method, namely Square-and-Buffered- Multiplications (SABM), that implements an SPA-resistant binary exponentiation exhibiting optimal execution time at the cost of a small amount of storage --- O(\sqrt(\ell)), where \ell is the bit length of the exponent. The technique is optimal in the sense that it adds SPA-resistance to an underlying binary exponentiation algorithm while introducing zero computational overhead. We then present several new SPA-resistant algorithms that result from a novel way of combining the SABM method with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. We also discuss the possibility of our method being implemented in a way that a certain level of resistance against DPA may be obtained. In a related contribution, we extend these ideas used in SPA and propose a technique to non-intrusively monitor a device and trace program execution, with the intended application of assisting in the difficult task of debugging embedded systems at deployment or production stage, when standard debugging tools or auxiliary components to facilitate debugging are no longer enabled in the device. One of the important highlights of this contribution is the fact that the system works on a standard PC, capturing the power traces through the recording input of the sound card.

cryptography

embedded systems

embedded systems security

side-channel analysis

timing attacks

power analysis

spa-resistant implementations

embedded systems debugging

Electrical and Computer Engineering

The impact of 9/11 on the South African anti-terrorism legislation and the constitutionality thereof.

Kokott, Katrin

January 2005

This paper aimed at analysing what was South Africa's response to its international obligations regarding the 9/11 events and how does such response comply with the country's constitutional framework. This study gave a brief outline of the most significant legislative changes in a number of countries and then concentrate on the South African anti-terrorism legislation. It identified the provisions of the Act that have been discussed most controversial throughout the drafting process and analysed whether they comply with constitutional standards. Particular emphasis was laid on the possible differences between the South African Act and comparative legislation that derive directly from the apartheid history of the country.

September 11 Terrorist Attacks, 2001

Applications of finite field computation to cryptology : extension field arithmetic in public key systems and algebraic attacks on stream ciphers

Wong, Kenneth Koon-Ho

January 2008

In this digital age, cryptography is largely built in computer hardware or software as discrete structures. One of the most useful of these structures is finite fields. In this thesis, we explore a variety of applications of the theory and applications of arithmetic and computation in finite fields in both the areas of cryptography and cryptanalysis. First, multiplication algorithms in finite extensions of prime fields are explored. A new algebraic description of implementing the subquadratic Karatsuba algorithm and its variants for extension field multiplication are presented. The use of cy- clotomic fields and Gauss periods in constructing suitable extensions of virtually all sizes for efficient arithmetic are described. These multiplication techniques are then applied on some previously proposed public key cryptosystem based on exten- sion fields. These include the trace-based cryptosystems such as XTR, and torus- based cryptosystems such as CEILIDH. Improvements to the cost of arithmetic were achieved in some constructions due to the capability of thorough optimisation using the algebraic description. Then, for symmetric key systems, the focus is on algebraic analysis and attacks of stream ciphers. Different techniques of computing solutions to an arbitrary system of boolean equations were considered, and a method of analysing and simplifying the system using truth tables and graph theory have been investigated. Algebraic analyses were performed on stream ciphers based on linear feedback shift registers where clock control mechanisms are employed, a category of ciphers that have not been previously analysed before using this method. The results are successful algebraic attacks on various clock-controlled generators and cascade generators, and a full algebraic analyses for the eSTREAM cipher candidate Pomaranch. Some weaknesses in the filter functions used in Pomaranch have also been found. Finally, some non-traditional algebraic analysis of stream ciphers are presented. An algebraic analysis on the word-based RC4 family of stream ciphers is performed by constructing algebraic expressions for each of the operations involved, and it is concluded that each of these operations are significant in contributing to the overall security of the system. As far as we know, this is the first algebraic analysis on a stream cipher that is not based on linear feedback shift registers. The possibility of using binary extension fields and quotient rings for algebraic analysis of stream ciphers based on linear feedback shift registers are then investigated. Feasible algebraic attacks for generators with nonlinear filters are obtained and algebraic analyses for more complicated generators with multiple registers are presented. This new form of algebraic analysis may prove useful and thereby complement the traditional algebraic attacks. This thesis concludes with some future directions that can be taken and some open questions. Arithmetic and computation in finite fields will certainly be an important area for ongoing research as we are confronted with new developments in theory and exponentially growing computer power.

Protocol engineering for protection against denial-of-service attacks

Tritilanunt, Suratose

January 2009

Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service un- availability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries °ood a large amount of bogus data to interfere or disrupt the service on the server. The attack can be either a single-source attack, which originates at only one host, or a multi-source attack, in which multiple hosts coordinate to °ood a large number of packets to the server. Cryptographic mechanisms in authentication schemes are an example ap- proach to help the server to validate malicious tra±c. Since authentication in key establishment protocols requires the veri¯er to spend some resources before successfully detecting the bogus messages, adversaries might be able to exploit this °aw to mount an attack to overwhelm the server resources. The attacker is able to perform this kind of attack because many key establishment protocols incorporate strong authentication at the beginning phase before they can iden- tify the attacks. This is an example of DoS threats in most key establishment protocols because they have been implemented to support con¯dentiality and data integrity, but do not carefully consider other security objectives, such as availability. The main objective of this research is to design denial-of-service resistant mechanisms in key establishment protocols. In particular, we focus on the design of cryptographic protocols related to key establishment protocols that implement client puzzles to protect the server against resource exhaustion attacks. Another objective is to extend formal analysis techniques to include DoS- resistance. Basically, the formal analysis approach is used not only to analyse and verify the security of a cryptographic scheme carefully but also to help in the design stage of new protocols with a high level of security guarantee. In this research, we focus on an analysis technique of Meadows' cost-based framework, and we implement DoS-resistant model using Coloured Petri Nets. Meadows' cost-based framework is directly proposed to assess denial-of-service vulnerabil- ities in the cryptographic protocols using mathematical proof, while Coloured Petri Nets is used to model and verify the communication protocols using inter- active simulations. In addition, Coloured Petri Nets are able to help the protocol designer to clarify and reduce some inconsistency of the protocol speci¯cation. Therefore, the second objective of this research is to explore vulnerabilities in existing DoS-resistant protocols, as well as extend a formal analysis approach to our new framework for improving DoS-resistance and evaluating the performance of the new proposed mechanism. In summary, the speci¯c outcomes of this research include following results; 1. A taxonomy of denial-of-service resistant strategies and techniques used in key establishment protocols; 2. A critical analysis of existing DoS-resistant key exchange and key estab- lishment protocols; 3. An implementation of Meadows's cost-based framework using Coloured Petri Nets for modelling and evaluating DoS-resistant protocols; and 4. A development of new e±cient and practical DoS-resistant mechanisms to improve the resistance to denial-of-service attacks in key establishment protocols.

The strength of Muslim American couples in the face of heightened discrimination from September 11th and the Iraq War : a project based upon an independent investigation /

Goodman, Brianne.

January 2008

Thesis (M.S.W.)--Smith College School for Social Work, Northampton, Mass., 2008. / Typescript. Includes bibliographical references (leaves 143-149).

11 Eylül sonrası terörizmin kazandığı yeni boyut ve uluslararası terörizmin Türkiye'ye yansımaları /

Muratoğlu, Enver. Metin, Yüksel.

January 2007

Tez (Yüksek Lisans) - Süleyman Demirel Üniversitesi, Sosyal Bilimler Enstitüsü, Kamu Yönetimi Anabilim Dalı, 2007. / Kaynakça var.

Migration and memory : reflections on schooling and community by Sikh immigrant youth /

Verma, Rita.

January 2004

Thesis (Ph. D.)--University of Wisconsin--Madison, 2004. / Includes bibliographical references (p. 274-280). Also available on the Internet.

"Ett lugnt hörn när det är kaos i världen" : en studie om varför barnprogrammet Bolibompa ser ut som det gör under och dagarna efter en katastrof

Isaksson, Linnea, Jeppsson, Elise

January 2008

<p>This study intends to examine why the Swedish children’s programme Bolibompa is produced the way it is during a larger catastrophe. Our intention was to find out how the editorial staff, in the children’s department in the public service television of Sweden (SVT),was handling the Estonia disaster, the September 11 attacks and the Asian Tsunami. To accomplish that, we first had to find out how the children’s programme looked during these catastrophes and also understand how the editorial staff was working with children’s programme during ordinary days.</p><p>To achieve our purpose we have been interviewing five persons from SVT, who was involved in producing the children’s programme during these three catastrophes. The method we used was qualitative research interview and theories of socialisation, media effects, social responsibility and theories of rhetoric mass media guided our study.</p><p>We found out that the editorial staff was producing the children’s programme differently during each catastrophe. When the Estonia disaster occurred, the children’s programme was delayed because of extended news. Next to the children’s programme a host was talking directly to the children trying to explain the accident. The day after the September 11 attacks the host of the children’s programme was discussing the catastrophe with invited guests in the TV studio. The editorial staff thought that many children were frightened at the time and that explains why they decided to keep a conversation. During the Asian Tsunami, SVT was broadcasting a Christmas special, and the children’s programmes weren’t changed at all,mostly because a break in the Christmas series would cause a lot of problems.</p>

qualitative research interview

television

SVT

children’s programme

Bolibompa

media

public service

the Estonia disaster

the September 11 attacks

the Asian Tsunami.

SOCIAL SCIENCES

SAMHÄLLSVETENSKAP