PPLN-waveguide-based polarization entangled QKD simulator

Gariano, John, Djordjevic, Ivan B.

30 August 2017

We have developed a comprehensive simulator to study the polarization entangled quantum key distribution (QKD) system, which takes various imperfections into account. We assume that a type-II SPDC source using a PPLN-based nonlinear optical waveguide is used to generate entangled photon pairs and implements the BB84 protocol, using two mutually unbiased basis with two orthogonal polarizations in each basis. The entangled photon pairs are then simulated to be transmitted to both parties; Alice and Bob, through the optical channel, imperfect optical elements and onto the imperfect detector. It is assumed that Eve has no control over the detectors, and can only gain information from the public channel and the intercept resend attack. The secure key rate (SKR) is calculated using an upper bound and by using actual code rates of LDPC codes implementable in FPGA hardware. After the verification of the simulation results, such as the pair generation rate and the number of error due to multiple pairs, for the ideal scenario, available in the literature, we then introduce various imperfections. Then, the results are compared to previously reported experimental results where a BBO nonlinear crystal is used, and the improvements in SKRs are determined for when a PPLN-waveguide is used instead.

Quantum Key Distribution

Quantum cryptography

Polarization entanglement

Authentication protocols in pervasive computing

Long, Nguyen Hoang

January 2009

The popularity of personal computing devices (e.g. smart cards) exposes users to risks, notably identity theft, and creates new requirements for secure communication. A recently proposed approach to creating secure communication is to use human trust and human interactions. These approaches potentially eliminate the need for passwords as in Bluetooth, shared secrets or trusted parties, which are often too complex and expensive to use in portable devices. In this new technology, handheld devices exchange data (e.g. payment, heart rates or public keys) over some medium (e.g. WiFi) and then display a short and non-secret digest of the protocol's run that the devices' human owners manually compare to ensure they agree on the same data, i.e. human interactions are used to prevent fraud. In this thesis, we present several new protocols of this type which are designed to optimise the work required of humans to achieve a given level of security. We discover that the design of these protocols is influenced by several principles, including the ideas of commitment without knowledge and separation of security concerns, where random and cryptographic attacks should be tackled separately. Underpinning the technology is a new cryptographic function, termed a keyed digest function, which produces a short number for humans to compare. This is similar to the notion of a universal hash function, but its output length is shorter (e.g. 16 bits). Hence, it should be faster to compute. We propose several digest constructions using Toeplitz matrices, integer multiplication and pseudorandom numbers. The application of digest functions leads us to develop more efficient alternatives to standard digital signatures. Our protocol security analysis leads to a new bound on the key length for an almost universal hash function, which can be derived by the pigeon-hole principle. The new bound turns out to be tighter than another similar bound derived from the combination of the Singleton bound in coding theory and an equivalence between error-correcting codes and almost universal hash functions.

621.382

Securing the digital signing process

Van den Berg, James Richard

25 March 2010

M.Comm. / Worldwide an increasing amount of legal credibility is being assigned to digital signatures and it is therefore of utmost importance to research and develop additional measures to secure the technology. The main goal of this dissertation is to research and identify areas in which the user’s private key, used for the digital signing of messages, is exposed to the risk of being compromised and then develop a prototype system (SecureSign) to overcome the identified vulnerabilities and secure the digital signing process. In order to achieve the above stated, use will be made of a cryptographic token, which will provide secure storage and a secure operational environment to the user’s private key. The cryptographic token is at the heart of SecureSign and it is where the user’s private key will be created, stored and used. All operations requiring the user’s private key will be performed on the token, which is equipped with its own processor for this purpose.

Digital signature

Computer security

Public key cryptography

Cryptographic Credentials with Privacy-preserving Biometric Bindings

Bissessar, David

January 2013

Cryptographic credentials allow user authorizations to be granted and verified. and have such applications as e-Passports, e-Commerce, and electronic cash. This thesis proposes a privacy protecting approach of binding biometrically derived keys to cryptographic credentials to prevent unauthorized lending. Our approach builds on the 2011 work of Adams, offering additional benefits of privacy protection of biometric information, generality on biometric modalities, and performance. Our protocol integrates into Brands’ Digital Credential scheme, and the Anonymous Credentials scheme of Camenisch and Lysyanskaya. We describe a detailed integration with the Digital Credential Scheme and sketch the integration into the Anonymous Credentials scheme. Security proofs for non-transferability, correctness of ownership, and unlinkability are provided for the protocol’s instantiation into Digital Credentials. Our approach uses specialized biometric devices in both the issue and show protocols. These devices are configured with our proposed primitive, the fuzzy ex-tractor indistinguishability adaptor which uses a traditional fuzzy extractor to create and regenerate cryptographic keys from biometric data and IND-CCA2 secure en-cryption protect the generated public data against multiplicity attacks. Pedersen commitments are used to hold the key at issue and show time, and A zero-knowledge proof of knowledge is used to ensure correspondence of key created at issue-time and regenerated at show-time. The above is done in a manner which preserves biometric privacy, as and delivers non-transferability of digital credentials. The biometric itself is not stored or divulged to any of the parties involved in the protocol. Privacy protection in multiple enrollments scenarios is achieved by the fuzzy extractor indistinguishability adapter. The zero knowledge proof of knowledge is used in the showing protocol to prove knowledge of values without divulging them.

Cryptography

Privacy Enhancing Techniques

Biometrics

Fuzzy Extractors

A secure steganographic file system with non-duplicating properties

Ellefsen, Ian David

11 September 2012

M.Sc. / This dissertation investigates the possibility of a steganographic file system which does not have to duplicate hidden data in order to avoid "collisions" between the hidden and non-hidden data. This will ensure the consistency of the hidden data, and avoid unnecessary data duplication while at the same time providing an acceptable level of information security. The dissertation will critically analyse a number of existing steganographic file systems in order to determine the problems which are faced by this field. These problems will then be addressed, which will allow for the definition of a possible solution. In order to provide a more complete understanding of the implementation discussed in the latter part of this dissertation, a number of background concepts are discussed. This includes a discussion of file systems, cryptography, and steganography, each of which contributes to the body of knowledge required for later chapters. The latter part of this dissertation outlines the Secure Steganographic File System (SSFS). This implementation will attempt to effectively manage the storage of hidden data which is embedded within a host file system. The dissertation will outline how SSFS will allow fragments of hidden data to exist in any physical location on a storage device, while still maintaining a consistent file system structure. The dissertation will then critically analyse the impact of such a system, by examining the impact on the host file system's performance. This will allow the feasibility of such a system to be demonstrated.

Cryptography

Computer security

Data encryption (Computer science)

Lattice-based predicate encryption = Encriptação com predicados baseada em reticulados / Encriptação com predicados baseada em reticulados

Magalhães, Karina Mochetti de, 1982-

27 August 2018

Orientadores: Ricardo Dahab, Michel Abdalla / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-27T04:48:10Z (GMT). No. of bitstreams: 1 Magalhaes_KarinaMochettide_D.pdf: 1527439 bytes, checksum: bde8a4343d856fa31a8cd9e9f0b1d2b7 (MD5) Previous issue date: 2014 / Resumo: Em um sistema de criptografia funcional, uma autoridade de posse de uma chave mestra pode gerar uma chave secreta que permite o cálculo de uma função sobre a mensagem nos dados criptografados. Assim, é possível calcular tal função no texto cifrado usando somente a chave secreta. Exemplos importantes de criptografia funcional são Criptografia Baseada em Identidades, Criptografia Baseada em Atributos, Criptografia com Produto Escalar, Criptografia Difusa Baseada em Identidades, Criptografia de Vector Oculto, Criptografia Baseada em Certificados, Criptografia com Pesquisa de Palavra-Chave e Criptografia Baseada em Identidades com Curinga. Esquemas de criptografia com predicados são uma especialização de esquemas de criptografia funcionais, em que a função utilizada não fornece informações sobre a mensagem, mas determina se a decriptação deve ou não funcionar corretamente. Criptografia baseada em reticulados é uma importante alternativa para os principais sistemas criptográficos utilizados atualmente, uma vez que elas são supostamente seguras contra algoritmos quânticos. O Algoritmo de Shor é capaz de resolver o Problema da Fatoração Inteira e o Problema do Logaritmo Discreto em tempo polinomial em um computador quântico, quebrando os sistemas criptográficos mais usados e importantes atualmente, como o RSA, o Diffie-Hellman e a Criptografia de Curvas Elípticas. Neste trabalho nos concentramos em esquemas de criptografia com predicados baseados em reticulados. Nós estudamos e descrevemos os principais sistemas baseados em reticulados encontrados na literatura, estendendo-os a versões hierárquicas e mostrando como o uso de um reticulado com estrutura ideal afeta a prova de segurança. Para cada esquema, uma prova formal de segurança é detalhada, as análises de complexidade e do tamanho das variáveis são mostradas e a escolha dos parâmetros garantindo o funcionamento correto da decriptação é dada / Abstract: In a functional encryption system, an authority holding a master secret key can generate a key that enables the computation of some function on the encrypted data. Then, using the secret key the decryptor can compute the function from the ciphertext. Important examples of functional encryption are Identity-Based Encryption, Attribute-Based Encryption, Inner Product Encryption, Fuzzy Identity-Based Encryption, Hidden Vector Encryption, Certificate-Based Encryption, Public Key Encryption with Keyword Search and Identity-Based Encryption with Wildcards. Predicate encryption schemes are a specialization of functional encryption schemes, in which the function does not give information of the plaintext, but it determines whether the decryption should or should not work properly. Lattice-Based Cryptography is an important alternative to the main cryptographic systems used today, since they are conjectured to be secure against quantum algorithms. Shor's algorithm is capable of solving the Integer Factorization Problem and the Discrete Logarithm Problem in polynomial time on a quantum computer, breaking the most used and important cryptosystems such as RSA, Diffie-Hellman and Elliptic Curve Cryptography. In this work we focus on Lattice-Based Predicate Encryption. We study and describe the main lattice-based schemes found in the literature, extending them to hierarchical versions and showing how the use of ideal lattice affects their security proof. For each scheme, a formal proof of security is detailed, analyses of complexity and variable's size are shown and the parameter's choice ensuring that the decryption works correctly is given / Doutorado / Ciência da Computação / Doutora em Ciência da Computação

Criptografia

Teoria dos reticulados

Cryptography

Lattice theory

Data storage security for cloud computing using elliptic curve cryptography

Buop, George Onyango

January 2020

Institutions and enterprises are moving towards more service availability, managed risk and at the same time, aim at reducing cost. Cloud Computing is a growing technology, thriving in the fields of information communication and data storage. With the proliferation of online activity, more and more information is saved as data every day. This means that more data is being stored in the cloud than ever before. Data that is stored online often holds private information – such as addresses, payment details and medical documentation. These become the target of cyber criminals. There is therefore growing need to protect these data from threats and issues such as data breach and leakage, data loss, account takeover or hijackings, among others. Cryptography refers to securing the information and communication techniques based on mathematical concepts and algorithms which transform messages in ways that are hard to decipher. Cryptography is one of the techniques we could protect data stored in the cloud as it enables security properties of data confidentiality and integrity. This research investigates the security issues that affect storage of data in the cloud. This thesis also discusses the previous research work and the currently available technology and techniques that are used for securing data in the cloud. This thesis then presents a novel scheme for security of data stored in Cloud Computing by using Elliptic Curve Integrated Encryption Scheme (ECIES) that provides for confidentiality and integrity. This scheme also uses Identity Based Cryptography (IBC) for more efficient key management. The proposed scheme combines the security of Identity- Based Cryptography (IBC), Trusted cloud (TC), and Elliptic Curve Cryptography (ECC) to reduce system complexity and provide more security for cloud computing applications. The research shows that it is possible to securely store confidential user data on a Public Cloud such as Amazon S3 or Windows Azure Storage without the need to trust the Cloud Provider and with minimal overhead in processing time. The results of implementing the proposed scheme shows faster and more efficient communication operation when it comes to key generation as well as encryption and decryption. The difference in the time taken for these operations is as a result of the use of ECC algorithm which has a small key size and hence highly efficient compared with other types of asymmetric cryptography. The results obtained show the scheme is more efficient, when compared with other classification techniques in the literature.

Telecommunication

Cloud Computing

Data Storage

Cryptography

Parallel Aes diffusion inter block diffusion at bit level and compression / Parallel Aes diffusion inter block diffusion at bit level and compression

Shah, Milap

January 2020

Information is an intelligent data through which knowledgeable and usable things can be convicted or interpreted in a proper manner. With the advancement of technology, transmission of information over the network has come a trend. This information must be transmitted securely over the network. Data security was not a problem if a secure channel was provided for single transmission. It is a necessity to convert the information into an unintelligible form for transmitting it over an unsecured channel. Encryption is a technique through which original information can be converted into unintelligible form. As time has elapsed, various encryption algorithms are employed so that information can be transmitted securely over an unsecured channel. Unless an intruder accesses the encrypted text, he / she cannot gain any information from that text. But as the new algorithms are designed, all the algorithms are challenged and their cryptanalysis is available. In the year 1998, Advanced Encryption Standards (A (S)) were proposed and later it was widely accepted as the most secure encryption algorithm that can be used to encrypt the information so that it can be transmitted securely and unsecured. fixed to a new scheme called Parallel AЕS, was an employee who takes four blocks of 16 bytes at a time to generate four blocks of 16 bytes of text thus providing diffusion of blocks at exchange. than all sequential AЕs. All the algorithms are challenged and their cryptanalysis is available. In the year 1998, To make A morS more fixed to a new scheme called Parallel AЕS, was an employee who took four blocks of 16 bytes at a time to generate four blocks of 16 bytes of text, thus providing diffusion of blocks at exchange. By doing this parallel A stoodS stood to be much firmer than sequential AЕS. Advanced Encryption Standards (AЕS) was proposed and later it was widely accepted as the most secure encryption algorithm that can be used to encrypt the information so that it can be transmitted securely over an unsecured channel. To make A morS more fixed to a new scheme called Parallel AЕS, was an employee who took four blocks of 16 bytes at a time to generate four blocks of 16 bytes of text, thus providing diffusion of blocks at exchange. By doing this parallel A stoodS stood to be much firmer than sequential AЕS. Advanced Encryption Standards (AЕS) was proposed and later it was widely accepted as the most secure encryption algorithm that can be used to encrypt the information so that it can be transmitted securely over an unsecured channel. To make A morS more fixed to a new scheme called Parallel AЕS, was an employee who took four blocks of 16 bytes at a time to generate four blocks of 16 bytes of text, thus providing diffusion of blocks at exchange. By doing this parallel A stoodS stood to be much firmer than sequential AЕS. was an employee who took four blocks of 16 bytes at a time to generate four blocks of 16 bytes of text, thus providing diffusion of blocks at exchange. By doing this parallel A stoodS stood to be much firmer than sequential AЕS. was an employee who took four blocks of 16 bytes at a time to generate four blocks of 16 bytes of text, thus providing diffusion of blocks at exchange. By doing this parallel A stoodS stood to be much firmer than sequential AЕS.

cryptography

AES

Other Engineering and Technologies

Annan teknik

Complex photonic materials for cryptography, holograms and memories

Mazzone, Valerio

05 1900

Most of the time, in a nano-fabrication facility, the efforts of a researcher are devoted to optimising the fabrication process in order to avoid defects and obtain the best result in terms of precision and quality of the fabricated device. However, it is inevitable that during the sample fabrication, a variable intrinsic amount of disorder is introduced. This feature can be exploited to develop novel applications spanning different areas of optics. A perfect unclonable cryptographic system based on new integrated optical fingerprints chip is presented and a proof of concept is provided. The role of disorder at the nanoscale is further studied in the fabrication processes such as electron beam lithography and dry-etching. In this scenario, the randomness is the starting point to develop new technologies for structural coloration and holograms.

cryptography

Photonics

Disorder

Holograms

Nanofabrication

Complex

Části webové stránky šifrované pomocí GPG / GPG Encrypted Web Pages

Matějka, Jiří

January 2020

Cílem této práce je navrhnout a implementovat způsob zabezpečení citlivých dat na veřejných serverech nebo serverech třetích stran. Práce se zabývá implementací rozšíření pro webový prohlížeč Mozilla Firefox, které bude schopno nalézt a dešifrovat zašifrované prvky webové stránky s využitím výstupů GnuPG projektu. Rozšíření musí být dále schopno zpracovat dynamické změny webové stránky způsobené použitím XHR API, Fetch API, či Push API. V neposlední řadě se práce zabývá testováním implementovaného řešení a měření vlivu rozšíření na celkovou dobu zpracování webových stránek prohlížečem.