Characterization of cipher suite selection, downgrading, and other weaknesses observed in the wild / Karaktärisering av cipher suite val, nedgradering och andra svagheter som observerats i det vilda

Kjell, Edvin, Frisenfelt, Sebastian

January 2021

The importance of security on the web is growing every day. How domains handle and prioritize their level of security is varying. Tradeoffs between security and convenience have to be made to uphold a website's public image. This thesis uses a subset of domains from the Alexa Top 1M list. The list was used to create our datasets, collected through active scans with testssl.sh. This thesis has through the mentioned datasets compared domains in regards to several security aspects and analyzed how they handle security and convenience. We performed our scans over the course of two weeks to analyze each domain's level of security. As well as looking at top domains for several popular categories. Our analysis mainly focused on comparing the domains on their choice of Transport Layer Security (TLS) version, cipher suite, support for HSTS, and if they were exposed to any vulnerabilities. The subset of domains that we looked at saw about 50% implementation of TLS 1.3. We discovered that the most popular domains tend to choose availability as one of their highest priorities, leaving them exposed to vulnerabilities in earlier versions of the TLS protocol. Most domains that showed exposure to one vulnerability, in general, also were exposed to BEAST. This was also the most prominent vulnerability among all domains. We also showed that many of the negotiated cipher suites on the list of domains still utilize cipher block chaining, which is known to be weak. Our results show that different browsers, mobile operating systems, and the time of day had a negligible impact on the choice of TLS version. Most of the domains in the popular categories had not yet adopted TLS 1.3 and were overall more exposed to the tested vulnerabilities than those on the top million list. The support for HSTS was low in both the categories and on the Alexa top list. We conclude that upgrading to the latest recommended standard should always be a priority for server operators.

TLS

HTTPS

HSTS

cipher suites

vulnerabilities

Computer and Information Sciences

Data- och informationsvetenskap

"Jarní noc se dá strávit všelijak...": O fenoménu městských šifrovacích her / "There are many possibilities how to spend a spring night...": About City Cipher Games Phenomenon

Daňhelková, Kateřina

January 2011

The presented Diploma Thesis deals with the phenomenon of city cipher games. Research was performed by the researcher participation in four city cipher games in Prague, by semi- structured and informal interviews and by cipher games web sites analysis It considers cipher games postmodern enjoyment which is characteristic for emphasizing an experience. The thesis is focused on two task groups: game and city. It examines city cipher games attributes, asks how players take the game and tries to realize the motivation for their participation. It shows that players undergo physical and intellectual exhaustion, discomfort and little hazard. Very strong experience connected with own limits' overcoming is the reason why they join the game again. Other essential reason is the unusual connection between a type of summer camp game and the city world. City is a coulisse with atmosphere for the game. Players experience the city in an unusual way. They learn to know it differently. They are undergoing a type of psychogeographic method. So the game not only takes benefits from the city but also creates players' relationships to the city. Players learn to know the city. It is important to mention that city and game are paramount arenas for freedom exerting.

Analyse de primitives symétriques / Analysis of symmetric primitives

Karpman, Pierre

18 November 2016

Cette thèse a pour objet d'étude les algorithmes de chiffrement par blocet les fonctions de hachage cryptograpiques, qui sont deux primitives essentielles de la cryptographie dite «symétrique».Dans une première partie, nous étudions des éléments utiles pour la conception de chiffres par bloc: tout d'abord des matrices de diffusion de grande dimension issues de codes correcteurs géométriques, puis une boîte de substitution offrant une bonne diffusion. Dans le second cas, nous montrons aussi comment utiliser cet élément pour construire un chiffre compact et efficace sur petits processeurs.Dans une seconde partie, nous nous intéressons à des attaques en collision à initialisation libre sur la fonction de hachage SHA-1. Nous montrons comment les attaques classiques sur cette fonction peuvent être rendues plus efficaces en exploitant la liberté supplémentaire offerte par ce modèle. Ceci nous permet en particulier de calculer explicitement des collisions pour la fonction de compression de SHA-1 non réduite. / This thesis is about block ciphers and cryptographic hash functions, which are two essential primitives of symmetric-key cryptography. In the first part of this manuscript, we study useful building blocks for block cipher design. We first consider large diffusion matrices builtfrom algebraic-geometry codes, and then construct a small S-box with good diffusion. In the second case, we show how the S-box can be used to define a compact and efficient block cipher targetting small processors. In the second part, we focus on the SHA-1 hash function, for which we develop a free start collision attack. We show how classical collision attacks can be made more efficient by exploiting the additional freedom provided by the model. This allows us in particular to compute explicit collisions for the full compression function of SHA-1.

Cryptographie symétrique

Chiffres par bloc

Fonctions de hachage

Symmetric cryptography

Block cipher

Hash function

The Everyday Internet, a Minefield in Disguise : Characterization of different types of domains including malicious and popularity / Internet, ett minfält i förklädnad.

Petersson, Linn, Lindkvist, Rebecka

January 2022

Today, security has become a growing concern for all internet users, where technology is developing faster than its security is implemented, which leads to insecure domains. In this thesis, we look at the reality of today’s domains and research if some categories of domains are safer than others and the reason behind it. The total amount of researched domains was 8080 divided into four categories; popular, categories, continents, and malicious. The analysis was made by looking closer at default protocols, cipher suites, certificate authorities (CAs), certificate classifications, page loading times, and vulnerabilities. Our result indicated that TLS 1.2 and TLS 1.3 are the most commonly used protocol. The largest difference between the domains could be seen among the CAs, even though no definite reason for this could be found. The most popular cipher suite for popular, categories, and malicious belonged to TLS 1.3 meanwhile, continents had a cipher suite belonging to TLS 1.2. All four categories were vulnerable to at least five out of eight different types of attacks. The least commonly used certificate classification is EV certificates, while DV is the most commonly used. Through our data collection and analysis, we could conclude that all domains are not as safe as one might think, while the underlying security infrastructure of malicious domains might be better than anyone expects.

characterisation

malicious

domains

vulnerabilities

cipher suites

TLS

protocols

security

certificates

Computer and Information Sciences

Data- och informationsvetenskap

Analysis of Lightweight Cryptographic Primitives

George, Kiernan Brent

05 May 2021

Internet-of-Things (IoT) devices have become increasingly popular in the last 10 years, yet also show an acceptance for lack of security due to hardware constraints. The range of sophistication in IoT devices varies substantially depending on the functionality required, so security options need to be flexible. Manufacturers typically either use no security, or lean towards the use of the Advanced Encryption Standard (AES) with a 128-bit key. AES-128 is suitable for the higher end of that IoT device range, but is costly enough in terms of memory, time, and energy consumption that some devices opt to use no security. Short development and a strong drive to market also contribute to a lack in security. Recent work in lightweight cryptography has analyzed the suitability of custom protocols using AES as a comparative baseline. AES outperforms most custom protocols when looking at security, but those analyses fail to take into account block size and future capabilities such as quantum computers. This thesis analyzes lightweight cryptographic primitives that would be suitable for use in IoT devices, helping fill a gap for "good enough" security within the size, weight, and power (SWaP) constraints common to IoT devices. The primitives have not undergone comprehensive cryptanalysis and this thesis attempts to provide a preliminary analysis of confidentiality. The first is a single-stage residue number system (RNS) pseudorandom number generator (PRNG) that was shown in previous publications to produce strong outputs when analyzed with statistical tests like the NIST RNG test suite and DIEHARD. However, through analysis, an intelligent multi-stage conditional probability attack based on the pigeonhole principle was devised to reverse engineer the initial state (key) of a single-stage RNS PRNG. The reverse engineering algorithm is presented and used against an IoT-caliber device to showcase the ability of an attacker to retrieve the initial state. Following, defenses based on intentional noise, time hopping, and code hopping are proposed. Further computation and memory analysis show the proposed defenses are simple in implementation, but increase complexity for an attacker to the point where reverse engineering the PRNG is likely no longer viable. The next primitive proposed is a block cipher combination technique based on Galois Extension Field multiplication. Using any PRNG to produce the pseudorandom stream, the block cipher combination technique generates a variable sized key matrix to encrypt plaintext. Electronic Codebook (ECB) and Cipher Feedback (CFB) modes of operation are discussed. Both system modes are implemented in MATLAB as well as on a Texas Instruments (TI) MSP430FR5994 microcontroller for hardware validation. A series of statistical tests are then run against the simulation results to analyze overall randomness, including NIST and the Law of the Iterated Logarithm; the system passes both. The implementation on hardware is compared against a stream cipher variation and AES-128. The block cipher proposed outperforms AES-128 in terms of computation time and consumption for small block sizes. While not as secure, the cryptosystem is more scalable to block sizes used in IoT devices. / Master of Science / An Internet-of-Things (IoT) device is a single-purpose computer that operates with less computing resources and sometimes on battery power. The classification of IoT can range anywhere from motion sensors to a doorbell camera, but IoT devices are used in more than just home automation. The medical and industrial spaces use simple wireless computers for a number of tasks as well. One concern with IoT, given the hardware constraints, is the lack of security. Since messages are often transmitted through a wireless medium, anybody could eavesdrop on what is being communicated if data is not encrypted prior to transmission. Cryptography is the practice of taking any string of data and obfuscating it through a process that only valid parties can reverse. The sophistication of cryptographic systems has increased to the point where IoT manufacturers elect to use no security in many cases because the hardware is not advanced enough to run them efficiently. The Advanced Encryption Standard (AES) is usually the choice for security in the IoT space, but typically only higherend devices can afford to use AES. This thesis focuses on alternative lightweight systems to AES. First, a single-stage residue number system (RNS) pseudorandom number generator (PRNG) is analyzed, which has been proven to generate statistically random outputs in previous publications. PRNGs are a cheap method of producing seemingly random outputs through an algorithm once provided with an initial state known as a seed. An intelligent attack on the PRNG is devised, which is able to reverse engineer the initial state, effectively breaking the random behavior. Three defenses against the attack are then implemented to protect against the reported vulnerability. Following, a block cipher combination technique is presented, using the aforementioned PRNG as the source of randomness. A block cipher is a method of encrypting large chunks of data together, to better obfuscate the output. Using a block cipher is more secure than just using a PRNG for encryption. However, PRNGs are used to generate the key for the proposed block cipher, as they offer a more efficient method of security. The combination technique presented serves to increase the security of PRNGs further. The cipher is shown to perform better on an IoT-caliber device in terms of computation time and energy consumption at smaller block sizes than AES.

Block Cipher

Galois Extension Field

Post-Quantum Cryptography

Pseudorandom Number Generator

Residue Number System

Design, Implementation and Cryptanalysis of Modern Symmetric Ciphers

Henricksen, Matthew

January 2005

The main objective of this thesis is to examine the trade-offs between security and efficiency within symmetric ciphers. This includes the influence that block ciphers have on the new generation of word-based stream ciphers. By incorporating block-cipher like components into their designs, word-based stream ciphers have experienced hundreds-fold improvement in speed over bit-based stream ciphers, without any observable security degradation. The thesis also emphasizes the importance of keying issues in block and stream ciphers, showing that by reusing components of the principal cipher algorithm in the keying algorithm, security can be enhanced without loss of key-agility or expanding footprint in software memory. Firstly, modern block ciphers from four recent cipher competitions are surveyed and categorized according to criteria that includes the high-level structure of the block cipher, the method in which non-linearity is instilled into each round, and the strength of the key schedule. In assessing the last criterion, a classification by Carter [45] is adopted and modified to improve its consistency. The classification is used to demonstrate that the key schedule of the Advanced Encryption Standard (AES) [62] is surprisingly flimsy for a national standard. The claim is supported with statistical evidence that shows the key schedule suffers from bit leakage and lacks sufficient diffusion. The thesis contains a replacement key schedule that reuses components from the cipher algorithm, leveraging existing analysis to improve security, and reducing the cipher's implementation footprint while maintaining key agility. The key schedule is analyzed from the perspective of an efficiency-security tradeoff, showing that the new schedule rectifies an imbalance towards e±ciency present in the original. The thesis contains a discussion of the evolution of stream ciphers, focusing on the migration from bit-based to word-based stream ciphers, from which follows a commensurate improvement in design flexibility and software performance. It examines the influence that block ciphers, and in particular the AES, have had upon the development of word-based stream ciphers. The thesis includes a concise literature review of recent styles of cryptanalytic attack upon stream ciphers. Also, claims are refuted that one prominent word-based stream cipher, RC4, suffers from a bias in the first byte of each keystream. The thesis presents a divide and conquer attack against Alpha1, an irregularly clocked bit-based stream cipher with a 128-bit state. The dominating aspect of the divide and conquer attack is a correlation attack on the longest register. The internal state of the remaining registers is determined by utilizing biases in the clocking taps and launching a guess and determine attack. The overall complexity of the attack is 261 operations with text requirements of 35,000 bits and memory requirements of 2 29.8 bits. MUGI is a 64-bit word-based cipher with a large Non-linear Feedback Shift Register (NLFSR) and an additional non-linear state. In standard benchmarks, MUGI appears to su®er from poor key agility because it is implemented on an architecture for which it is not designed, and because its NLFSR is too large relative to the size of its master key. An unusual feature of its key initialization algorithm is described. A variant of MUGI, entitled MUGI-M, is proposed to enhance key agility, ostensibly without any loss of security. The thesis presents a new word-based stream cipher called Dragon. This cipher uses a large internal NLFSR in conjunction with a non-linear filter to produce 64 bits of keystream in one round. The non-linear filter looks very much like the round function of a typical modern block cipher. Dragon has a native word size of 32 bits, and uses very simple operations, including addition, exclusive-or and s-boxes. Together these ensure high performance on modern day processors such as the Intel Pentium family. Finally, a set of guidelines is provided for designing and implementing symmetric ciphers on modern processors, using the Intel Pentium 4 as a case study. Particular attention is given to understanding the architecture of the processor, including features such as its register set and size, the throughput and latencies of its instruction set, and the memory layouts and speeds. General optimization rules are given, including how to choose fast primitives for use within the cipher. The thesis describes design decisions that were made for the Dragon cipher with respect to implementation on the Intel Pentium 4. Block Ciphers, Word-based Stream Ciphers, Cipher Design, Cipher Implementa- tion, -

Block Ciphers

Word-based Stream Ciphers

Cipher Design

Cipher Implementation

Cryptanalysis

Key Schedule Classifcation

Key Agility

Advanced Encryption Standard

RC4

Alpha1

MUGI

Dragon

Correlation Attacks

Divide and Conquer Attacks

Intel Pentium 4

Criptografia: Da origem aos dias atuais / Encryption: the origin to the present days

Victor Monteiro Ferreira Porto

26 February 2015

Esta pesquisa foi realizada com a intenção de motivar o estudo da criptografia, mostrando que a matemática e a comunicação estão presentes em diversos momentos, tanto no passado quanto no presente. Este trabalho mostra a origem da criptoanálise e toda a sua evolução dando ênfase nos mecanismos de codificação e decodificação através de exemplos práticos. Além disso, alguns métodos criptográficos são destacados como a cifra de substituição monoalfabética, a cifra de Vigenère, a criptografia RSA que é o método mais conhecido de criptografia de chave pública, as cifras de Hill, o método das transformações lineares e o método de Rabin, devido a sua grande importância para a evolução de sistemas computacionais e assinaturas digitais entre outros. Por fim, mostra-se a importância e a necessidade dos recursos criptográficos nos dias de hoje, na tentativa de impedir que hackers e pessoas que fazem mau uso do conhecimento matemático possam causar danos a sociedade, seja por uma simples mensagem ou até mesmo através de situações mais imprudentes como as transações bancárias indevidas / This research was conducted with the intention of motivating the study of cryptography, showing that mathematics and the communication are present at various times, both past and present. This work shows the origin of cryptanalysis and all its evolution giving emphasis on coding and decoding mechanisms through practical examples. In addition, some methods cryptographic are highlighted as the monoalphabetic substitution cipher, the Vigenere cipher, RSA encryption that is the best known method of public key cryptography , ciphers Hill, the method of linear transformations and the Rabin method, due to its great importance for the evolution of computer systems and signatures digital among others. Finally, we show the importance and the need for cryptographic resources these days, in an attempt to prevent hackers and people who make bad use of mathematical knowledge can cause damage to society, whether by a simple message or through more situations reckless as improper banking transactions

Criptografia

Criptoanálise

Codificação

Decodificação

Cifra de substituição monoalfabética

Cifra de Vigenère

Criptografia RSA

Cifras de Hill

Método das transformações lineares

Método de Rabin

Cryptography

Cryptanalysis

Coding

Decoding

Monoalphabetic substitution cipher

Vigenere cipher

RSA encryption

Ciphers Hill

Method of linear transformations

Rabin method

MATEMATICA

Criptografia: Da origem aos dias atuais / Encryption: the origin to the present days

Victor Monteiro Ferreira Porto

26 February 2015

Esta pesquisa foi realizada com a intenção de motivar o estudo da criptografia, mostrando que a matemática e a comunicação estão presentes em diversos momentos, tanto no passado quanto no presente. Este trabalho mostra a origem da criptoanálise e toda a sua evolução dando ênfase nos mecanismos de codificação e decodificação através de exemplos práticos. Além disso, alguns métodos criptográficos são destacados como a cifra de substituição monoalfabética, a cifra de Vigenère, a criptografia RSA que é o método mais conhecido de criptografia de chave pública, as cifras de Hill, o método das transformações lineares e o método de Rabin, devido a sua grande importância para a evolução de sistemas computacionais e assinaturas digitais entre outros. Por fim, mostra-se a importância e a necessidade dos recursos criptográficos nos dias de hoje, na tentativa de impedir que hackers e pessoas que fazem mau uso do conhecimento matemático possam causar danos a sociedade, seja por uma simples mensagem ou até mesmo através de situações mais imprudentes como as transações bancárias indevidas / This research was conducted with the intention of motivating the study of cryptography, showing that mathematics and the communication are present at various times, both past and present. This work shows the origin of cryptanalysis and all its evolution giving emphasis on coding and decoding mechanisms through practical examples. In addition, some methods cryptographic are highlighted as the monoalphabetic substitution cipher, the Vigenere cipher, RSA encryption that is the best known method of public key cryptography , ciphers Hill, the method of linear transformations and the Rabin method, due to its great importance for the evolution of computer systems and signatures digital among others. Finally, we show the importance and the need for cryptographic resources these days, in an attempt to prevent hackers and people who make bad use of mathematical knowledge can cause damage to society, whether by a simple message or through more situations reckless as improper banking transactions

Criptografia

Criptoanálise

Codificação

Decodificação

Cifra de substituição monoalfabética

Cifra de Vigenère

Criptografia RSA

Cifras de Hill

Método das transformações lineares

Método de Rabin

Cryptography

Cryptanalysis

Coding

Decoding

Monoalphabetic substitution cipher

Vigenere cipher

RSA encryption

Ciphers Hill

Method of linear transformations

Rabin method

MATEMATICA

Implementace symetrické blokové šifry AES na moderních procesorech / Implementation of symmetric bloc cipher AES in modern processors

Škoda, Martin

January 2014

The main aim of master's thesis is usage of new instructions from instruction set called Intel® Advanced Encryption Standard New Instructions (AES-NI), which is available on processors with code name Westmere and newer. In theoretical part, there are described symmetric block ciphers and their operational modes. Cipher AES is described in details, especially used block transformations, key expansion and equivalent inverse cipher. Next topic is description of instructions of AES-NI instruction set – their function is explained using pseudo codes of instructions and there are examples of their usage in code. Further in work, dynamic-link library is created, which implements cipher AES with key sizes 128, 192 and 256 bites and implements operational modes described in theoretical part. Library functions are called from Matlab by scripts and their functionality is proved by checking test vectors values, which are provided in publications of National Institute of Standards and Technology.

Implantations cryptographiques sécurisées et outils d’aide à la validation des contremesures contre les attaques par canaux cachés

Thuillet, Céline

30 March 2012

Depuis plusieurs années, les composants dédiés à la sécurité comme les cartes à puce sont soumises à des attaques dites par canaux cachés. Ces attaques permettent d'exhiber les secrets en analysant des caractéristiques physiques comme la consommation du composant ou encore son temps d'exécution. Dans le cadre de cette thèse, deux contremesures ont été réalisées et appliquées à l'AES (algorithme de chiffrement symétrique). De plus, afin d'aider les développements futurs des contremesures et la validation de celles-ci, un simulateur a été développé. Il permet de réaliser des attaques grâce à un modèle de consommation défini dans les phases amont de développement. Enfin, j'ai pu participer aux groupes de travail qui ont proposé Shabal à la compétition SHA-3, qui vise à définir un nouveau standard pour les fonctions de hachage. Des implantations matérielles ont été réalisées par la suite. / For several years, the security components such as smart cards are subject to side channel attacks. These attacks allow to exhibit secrets by analyzing the physical characteristics such as power consumption or execution time. As part of this thesis, two countermeasures were carried out and applied to the AES (symmetric cipher). In addition, to help future development of countermeasures and their validation, a simulator was developed. It realizes attacks using a power consumption model defined in the early phases of development. Finally, I participated in working groups that have proposed Shabal to SHA-3 competition, which aims to define a new standard for hash functions. Hardware implementations have been made thereafter.

Attaques par canaux cachés

Fonctions de hachage

Carte à puce

Asic

Protections

Side channel attacks

Smartcards

ASIC

Countermeasures

Symmetric cipher

Hash functions