Secure Text Communication for the Tiger XS

Hertz, David

January 2006

<p>The option of communicating via SMS messages can be considered available in all GSM networks. It therefore constitutes a almost universally available method for mobile communication.</p><p>The Tiger XS, a device for secure communication manufactured by Sectra, is equipped with an encrypted text message transmission system. As the text message service of this device is becoming increasingly popular and as options to connect the Tiger XS to computers or to a keyboard are being researched, the text message service is in need of upgrade.</p><p>This thesis proposes amendments to the existing protocol structure. It thoroughly examines a number of options for source coding of small text messages and makes recommendations as to implementation of such features. It also suggests security enhancements and introduces a novel form of stegangraphy.</p>

source coding

text compression

cryptography

steganography

PPM

Other engineering physics

Övrig teknisk fysik

Implementing the Transport Layer Security Protocol for Embedded Systems / Implementation och anpassning av Transport Layer Security för inbyggda system

Werstén, Bengt

January 2007

<p>Web servers are increasingly being used in embedded devices as a communication medium. As more systems connect to the Internet, the need for security is increasing. The Transport Layer Protocol (TLS) is the successor of Secure Socket Layer (SSL) and provides security in almost all secure Internet transactions. This thesis aims to investigate if TLS can be adapted to embedded systems without sacrificing much of the system resources available.</p><p>A literature study and an implementation of TLS have been performed. The literature study determined resource intense parts of TLS, hardware support as well as export laws applicable to TLS. The different parts of the implementation are evaluated on an ARM7-core to determine the execution times. The results for the symmetric ciphers AES and 3DES are compared when measuring execution times using both software and hardware solutions. The size of the implementation is also measured.</p><p>TLS was shown to be able to integrate on embedded systems. Practical issues such as certificates and keys can be solved in different ways to suite the target environment. The largest remaining issue is the execution time for asymmetric algorithms. The results that are provided clearly illustrates that the RSA used for key exchange is very time consuming. Alternative solutions to gain better performance are discussed.</p>

TLS

SSL

embedded systems

cryptography

hardware support

export laws

Information technology

Informationsteknik

New hardware algorithms and designs for Montgomery modular inverse computation in Galois Fields GF(p) and GF(2 [superscript n])

Gutub, Adnan Abdul-Aziz

11 June 2002

Graduation date: 2003

Modular functions

Algorithms

Functions, Inverse

Finite fields (Algebra)

Public key cryptography

New algorithms and architectures for arithmetic in GF(2[superscript m]) suitable for elliptic curve cryptography

Rodr��guez-Henr��quez, Francisco

07 June 2000

During the last few years we have seen formidable advances in digital and mobile communication technologies such as cordless and cellular telephones, personal communication systems, Internet connection expansion, etc. The vast majority of digital information used in all these applications is stored and also processed within a computer system, and then transferred between computers via fiber optic, satellite systems, and/or Internet. In all these new scenarios, secure information transmission and storage has a paramount importance in the emerging international information infrastructure, especially, for supporting electronic commerce and other security related services. The techniques for the implementation of secure information handling and management are provided by cryptography, which can be succinctly defined as the study of how to establish secure communication in an adversarial environment. Among the most important applications of cryptography, we can mention data encryption, digital cash, digital signatures, digital voting, network authentication, data distribution and smart cards. The security of currently used cryptosystems is based on the computational complexity of an underlying mathematical problem, such as factoring large numbers or computing discrete logarithms for large numbers. These problems, are believed to be very hard to solve. In the practice, only a small number of mathematical structures could so far be applied to build public-key mechanisms. When an elliptic curve is defined over a finite field, the points on the curve form an Abelian group. In particular, the discrete logarithm problem in this group is believed to be an extremely hard mathematical problem. High performance implementations of elliptic curve cryptography depend heavily on the efficiency in the computation of the finite field arithmetic operations needed for the elliptic curve operations. The main focus of this dissertation is the study and analysis of efficient hardware and software algorithms suitable for the implementation of finite field arithmetic. This focus is crucial for a number of security and efficiency aspects of cryptosystems based on finite field algebra, and specially relevant for elliptic curve cryptosystems. Particularly, we are interested in the problem of how to implement efficiently three of the most common and costly finite field operations: multiplication, squaring, and inversion. / Graduation date: 2001

Cryptography -- Mathematical models

Curves, Elliptic

Towards security limits of embedded hardware devices : from practice to theory

Peeters, Eric

16 November 2006

Mobile appliances and especially smart cards have found more and more applications in the past two decades. A little more than ten years ago, the security of those devices still only relied on mathematical complexity and computational infeasibility to force cryptographic systems. Unfortunately, during the execution of cryptographic algorithms, unintentional leakage may be observed. Indeed, the power consumption or the electromagnetic emanations of the device are correlated to the encryption/decryption process. Those unintended channels are called “sidechannel”. Our work was not targeted at the discovery of new “side-channel” sources but rather at a thorough investigation of two of them: the power consumption and the electromagnetic emanation in the near-field domain. In this respect, we dealt with three different aspects of the problem: 1. We carried out many experiments on small microcontrollers but also on FPGAs in order to provide an explanation on the sources and on the set up of an efficient measurement process. Moreover, we provide the first XY scanning pictures of the electromagnetic field radiated by a small microcontroller. 2. Obtaining several measures of the observed side-channel, how is it possible to statistically analyzed these observations? We detail here the different methods available and we introduce an enhancement in the Template Attack process with Principal Component Analysis. 3. Finally, on the basis of this experience, we tried to answer the following question: “Is it possible to provide a theoretical tool to evaluate secure implementations?” The idea was to follow the notion of “Physical Computer” introduced by Micali and Reyzin. In this respect, we provide here two metrics that we consider necessary to evaluate both the strength of the adversary and the information held in the leakage. Respectively we choose the average success rate and the Shannon's mutual information.

Electromagnetic analysis

Secure hardware

Smart card

Physical computer

Cryptography

DPA

EMA

Side-channel

Keeping Secrets in Hardware: the Microsoft Xbox(TM) Case Study

Huang, Andrew "bunnie"

26 May 2002

This paper discusses the hardware foundations of the cryptosystem employed by the Xbox(TM) video game console from Microsoft. A secret boot block overlay is buried within a system ASIC. This secret boot block decrypts and verifies portions of an external FLASH-type ROM. The presence of the secret boot block is camouflaged by a decoy boot block in the external ROM. The code contained within the secret boot block is transferred to the CPU in the clear over a set of high-speed busses where it can be extracted using simple custom hardware. The paper concludes with recommendations for improving the Xbox security system. One lesson of this study is that the use of a high-performance bus alone is not a sufficient security measure, given the advent of inexpensive, fast rapid prototyping services and high-performance FPGAs.

AI

Tamper-resistant hardware

Microsoft Xbox

Cryptography

Privacy

Public Key Algos

Lossless quantum data compression and secure direct communication

Boström, Kim

January 2004

Diese Dissertation behandelt die Kodierung und Verschickung von Information durch einen Quantenkanal. Ein Quantenkanal besteht aus einem quantenmechanischen System, welches vom Sender manipuliert und vom Empfänger ausgelesen werden kann. Dabei repräsentiert der individuelle Zustand des Kanals die Nachricht. <br /> <br /> Die zwei Themen der Dissertation umfassen 1) die Möglichkeit, eine Nachricht in einem Quantenkanal verlustfrei zu komprimieren und 2) die Möglichkeit eine Nachricht von einer Partei zu einer einer anderen direkt und auf sichere Weise zu übermitteln, d.h. ohne dass es einer dritte Partei möglich ist, die Nachricht abzuhören und dabei unerkannt zu bleiben.<br /> <br /> Die wesentlichen Ergebnisse der Dissertation sind die folgenden. <br /> Ein allgemeiner Formalismus für Quantencodes mit variabler Länge wird ausgearbeitet. Diese Codes sind notwendig um verlustfreie Kompression zu ermöglichen. Wegen der Quantennatur des Kanals sind die codierten Nachrichten allgemein in einer Superposition von verschiedenen Längen. Es zeigt sich, daß es unmöglich ist eine Quantennachricht verlustfrei zu komprimieren, wenn diese dem Sender nicht apriori bekannt ist. Im anderen Falle wird die Möglichkeit verlustfreier Quantenkompression gezeigt und eine untere Schranke für die Kompressionsrate abgeleitet. Des weiteren wird ein expliziter Kompressionsalgorithmus konstruiert, der für beliebig vorgegebene Ensembles aus Quantennachrichten funktioniert.<br /> <br /> Ein quantenkryptografisches Prokoll - das &ldquo;Ping-Pong Protokoll&rdquo; - wird vorgestellt, welches die sichere direkte übertragung von klassischen Nachrichten durch einen Quantenkanal ermöglicht. Die Sicherheit des Protokolls gegen beliebige Abhörangriffe wird bewiesen für den Fall eines idealen Quantenkanals. Im Gegensatz zu anderen quantenkryptografischen Verfahren ist das Ping-Pong Protokoll deterministisch und kann somit sowohl für die Übermittlung eines zufälligen Schlüssels als auch einer komponierten Nachricht verwendet werden. Das Protokoll is perfekt sicher für die Übertragung eines Schlüssels und quasi-sicher für die direkte Übermittlung einer Nachricht. Letzteres bedeutet, dass die Wahrscheinlichkeit eines erfolgreichen Abhörangriffs exponenziell mit der Länge der Nachricht abnimmt. / This thesis deals with the encoding and transmission of information through a quantum channel. A quantum channel is a quantum mechanical system whose state is manipulated by a sender and read out by a receiver. The individual state of the channel represents the message.<br /> <br /> The two topics of the thesis comprise 1) the possibility of compressing a message stored in a quantum channel without loss of information and 2) the possibility to communicate a message directly from one party to another in a secure manner, that is, a third party is not able to eavesdrop the message without being detected.<br /> <br /> The main results of the thesis are the following. <br /> A general framework for variable-length quantum codes is worked out. These codes are necessary to make lossless compression possible. Due to the quantum nature of the channel, the encoded messages are in general in a superposition of different lengths. It is found to be impossible to compress a quantum message without loss of information if the message is not apriori known to the sender. In the other case it is shown that lossless quantum data compression is possible and a lower bound on the compression rate is derived. Furthermore, an explicit compression scheme is constructed that works for arbitrarily given source message ensembles. <br /> <br /> A quantum cryptographic protocol - the &ldquo;ping-pong protocol&rdquo; - is presented that realizes the secure direct communication of classical messages through a quantum channel. The security of the protocol against arbitrary eavesdropping attacks is proven for the case of an ideal quantum channel. In contrast to other quantum cryptographic protocols, the ping-pong protocol is deterministic and can thus be used to transmit a random key as well as a composed message. <br /> The protocol is perfectly secure for the transmission of a key, and it is quasi-secure for the direct transmission of a message. The latter means that the probability of successful eavesdropping exponentially decreases with the length of the message.

Physics

Mise en oeuvre de politiques de protection de données à caractère personnel : ine approche reposant sur la réécriture de requêtes SPARQL

Oulmakhzoune, Said

29 April 2013

With the constant proliferation of information systems around the globe, the need for decentralized and scalable data sharing mechanisms has become a major factor of integration in a wide range of applications. Literature on information integration across autonomous entities has tacitly assumed that the data of each party can be revealed and shared to other parties. A lot of research, concerning the management of heterogeneous sources and database integration, has been proposed, for example based on centralized or distributed mediators that control access to data managed by different parties. On the other hand, real life data sharing scenarios in many application domains like healthcare, e-commerce market, e-government show that data integration and sharing are often hampered by legitimate and widespread data privacy and security concerns. Thus, protecting the individual data may be a prerequisite for organizations to share their data in open environments such as Internet. Work undertaken in this thesis aims to ensure security and privacy requirements of software systems, which take the form of web services, using query rewriting principles. The user query (SPARQL query) is rewritten in such a way that only authorized data are returned with respect to some confidentiality and privacy preferences policy. Moreover, the rewriting algorithm is instrumented by an access control model (OrBAC) for confidentiality constraints and a privacy-aware model (PrivOrBAC) for privacy constraints. A secure and privacy-preserving execution model for data services is then defined. Our model exploits the services¿ semantics to allow service providers to enforce locally their privacy and security policies without changing the implementation of their data services i.e., data services are considered as black boxes. We integrate our model to the architecture of Axis 2.0 and evaluate its efficiency in the healthcare application domain.

Privacy

OrBAC

Query rewriting

Data mediation

Data services

SPARQL

Nonlinear dynamics of photonic components. Chaos cryptography and multiplexing

Rontani, Damien

16 November 2011

With the rapid development of optical communications and the increasing amount of data exchanged, it has become utterly important to provide effective architectures to protect sensitive data. The use of chaotic optoelectronic devices has already demonstrated great potential in terms of additional computational security at the physical layer of the optical network. However, the determination of the security level and the lack of a multi-user framework are two hurdles which have prevented their deployment on a large scale. In this thesis, we propose to address these two issues. First, we investigate the security of a widely used chaotic generator, the external cavity semiconductor laser (ECSL). This is a time-delay system known for providing complex and high-dimensional chaos, but with a low level of security regarding the identification of its most critical parameter, the time delay. We perform a detailed analysis of the influence of the ECSL parameters to devise how higher levels of security can be achieved and provide a physical interpretation of their origin. Second, we devise new architectures to multiplex optical chaotic signals and realize multi-user communications at high bit rates. We propose two different approaches exploiting known chaotic optoelectronic devices. The first one uses mutually coupled ECSL and extends typical chaos-based encryption strategies, such as chaos-shift keying (CSK) and chaos modulation (CMo). The second one uses an electro-optical oscillator (EOO) with multiple delayed feedback loops and aims first at transposing coded-division multiple access (CDMA) and then at developing novel strategies of encryption and decryption, when the time-delays of each feedback loop are time- dependent.

[SPI:OTHER] Engineering Sciences/Other

CHAOS

CRYPTOGRAPHY

NON LINEAR SYSTEM

SYNCHRONIZATION

SEMICONDUCTOR LASERS

MULTIPLEXING

OPTICAL COMMUNICATIONS

PHOTONIC

Towards Template Security for Iris-based Biometric Systems

Fouad, Marwa

18 April 2012

Personal identity refers to a set of attributes (e.g., name, social insurance number, etc.) that are associated with a person. Identity management is the process of creating, maintaining and destroying identities of individuals in a population. Biometric technologies are technologies developed to use statistical analysis of an individual’s biological or behavioral traits to determine his identity. Biometrics based authentication systems offer a reliable solution for identity management, because of their uniqueness, relative stability over time and security (among other reasons). Public acceptance of biometric systems will depend on their ability to ensure robustness, accuracy and security. Although robustness and accuracy of such systems are rapidly improving, there still remain some issues of security and balancing it with privacy. While the uniqueness of biometric traits offers a convenient and reliable means of identification, it also poses the risk of unauthorized cross-referencing among databases using the same biometric trait. There is also a high risk in case of a biometric database being compromised, since it’s not possible to revoke the biometric trait and re-issue a new one as is the case with passwords and smart keys. This unique attribute of biometric based authentication system poses a challenge that might slow down public acceptance and the use of biometrics for authentication purposes in large scale applications. In this research we investigate the vulnerabilities of biometric systems focusing on template security in iris-based biometric recognition systems. The iris has been well studied for authentication purposes and has been proven accurate in large scale applications in several airports and border crossings around the world. The most widely accepted iris recognition systems are based on Daugman’s model that creates a binary iris template. In this research we develop different systems using watermarking, bio-cryptography as well as feature transformation to achieve revocability and security of binary templates in iris based biometric authentication systems, while maintaining the performance that enables widespread application of these systems. All algorithms developed in this research are applicable on already existing biometric authentication systems and do not require redesign of these existing, well established iris-based authentication systems that use binary templates.

Biometrics

Iris Recognition

Biometric Security

Bio-cryptography

Watermarking

Haptic Biometrics

Template Security