Pseudorandom number generators using multiple sources of entropy

Srivastava, Gautam

21 January 2010

Randomness is an important part of computer science. A large group of work, both in theoretical and practical computer science, is dedicated to the study of whether true 'randomness' is necessary for a variety of applications and protocols to work. One of the main uses for randomness is in the generation of keys, used as a security measure for many cryptographic protocols. The main measure of randomness is achieved by looking at entropy, a measure of the disorder of a system. Nature is able to provide us with many sources that are high in entropy. However, many cryptographic protocols need sources of randomness that are stronger (higher in entropy) than what is present naturally to ensure security. Therefore, a gap exists between what is available in Nature, and what is necessary for provable security. This paper looks to bridge this gap. Research in pseudorandom number generation has gone on for decades. However, many of the past constructions were lacking in either documentation or provable security of their methods. The need for a pseudorandom number generator (PRG) with provable security and strong documentation is evident. A new construction of a PRG is introduced. The new construction, labeled XRNG, looks to encompass recent research in the field of extractors along with previously known research in the field of pseudorandom number generation. Extractors, as the name suggests, looks to extract close to random information from high entropy sources.

random number generators

data encryption

Towards securing networks of resource constrained devices: a study of cryptographic primitives and key distribution schemes

Chan, Kevin Sean

25 August 2008

Wireless networks afford many benefits compared to wired networks in terms of their usability in dynamic situations, mobility of networked devices, and accessibility of hazardous environments. The devices used in these networks are generally assumed to be limited in resources such as energy, memory, communications range, and computational ability. Operating in remote or hostile environments, this places them in danger of being compromised by some malicious entity. This work addresses these issues to increase the security of these networks while still maintaining acceptable levels of networking performance and resource usage. We investigate new methods for data encryption on personal wireless hand-held devices. An important consideration for resource-constrained devices is the processing required to encrypt data for transmission or for secure storage. Significant latency from data encryption diminishes the viability of these security services for hand-held devices. Also, increased processing demands require additional energy for each device, where both energy and processing capability are limited. Therefore, one area of interest for hand-held wireless devices is being able to provide data encryption while minimizing the processing and energy overhead as a cost to provide such a security service. We study the security of a wavelet-based cryptosystem and consider its viability for use in hand-held devices. This thesis also considers the performance of wireless sensor networks in the presence of an adversary. The sensor nodes used in these networks are limited in available energy, processing capability and transmission range. Despite these resource constraints and expected malicious attacks on the network, these networks require widespread, highly-reliable communications. Maintaining satisfactory levels of network performance and security between entities is an important goal toward ensuring the successful and accurate completion of desired sensing tasks. However, the resource-constrained nature of the sensor nodes used in these applications provides challenges in meeting these networking and security requirements. We consider link-compromise attacks and node-spoofing attacks on wireless sensor networks, and we consider the performance of various key predistribution schemes applied to these networks. New key predistribution techniques to improve the security of wireless sensor networks are proposed.

Cryptography

Sensor networks

Network security

Computers--Access control

Data protection

Computer security

Data encryption (Computer science)

Quantum key distribution protocols with high rates and low costs

Zhang, Zheshen

09 April 2009

In the age of information explosion, there is huge amount of information generated every second. Some of the information generated, for example news, is supposed to be shared by public and anyone in the world can get a copy of it. However, sometimes, information is only supposed to be maintain private or only shared by a given group of people. In the latter case, information protection becomes very important. There are various ways to protect information. One of the technical ways is cryptography, which is an area of interest for mathematicians, computer scientists and physicists. As a new area in cryptography, physical layer security has been paid great attention recently. Quantum key distribution is a hot research topic for physical layer security in the two decades. This thesis focuses on two quantum key distribution protocols that can potentially increase the key generation rate and lower the cost. On protocol is based on amplified spontaneous emission as signal source and the other one is based on discretely signaled continuous variable quantum communication. The security analysis and experimental implementation issues for both protocols are discussed.

Quantum key distribution

Quantum communication

Quantum information

Cryptography

Data encryption (Computer science)

Provable security support for kerberos (and beyond)

Kumar, Virendra

18 May 2012

Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Like other standard protocols, Kerberos is no exception to security flaws and weaknesses, as has been demonstrated in several prior works. Provable security guarantees go a long way in restoring users' faith, thus making a protocol an even stronger candidate for standards. In this thesis, our goal was thus to provide provable security support for Kerberos and other practical protocols. Our contributions are three-fold: We first look at the symmetric encryption schemes employed in the current version 5 of Kerberos. Several recent results have analyzed a significant part of Kerberos v.5 using formal-methods-based approaches, which are meaningful only if the underlying encryption schemes satisfy strong cryptographic notions of privacy and authenticity. However, to our knowledge these schemes were never analyzed and proven to satisfy such notions. This thesis aims to bridge this gap. Our provable security analyses confirm that some of the encryption scheme options in Kerberos v.5 already provide privacy and authenticity, and for the remaining we suggest slight modifications for the same. We next turn our attention to the ways in which the keys and other random strings needed in cryptographic schemes employed by practical protocols are generated. Randomness needs to be carefully generated for the provable security guarantees to hold. We propose an efficient pseudorandom generator (PRG) based on hash functions. The security of our PRG relies on exponential collision-resistance and regularity of the underlying hash function. Our PRG can be used to generate various strings, like session keys, sequence numbers, confounders, etc., which are all suggested to be generated randomly in the Kerberos v.5 specification, but no algorithms are mentioned. Each of the above strings are required to satisfy different properties, all of which are trivially satisfied by the pseudorandom strings output by a PRG. Finally, we look at the problem of revocation associated with two relatively new types of encryption schemes: identity-based encryption (IBE) and attribute-based encryption (ABE). While these encryption schemes are relatively less efficient compared to public-key encryption schemes, they have already been used (and are very likely to be used in future, as well) in many practical protocols due to their attractive features. Any setting, public-key, identity-based, or attribute-based, must provide a means to revoke users from the system. However, unlike public-key encryption, there has been little prior work on studying the revocation mechanisms in an IBE or ABE. We propose new primitives and their efficient and provably secure instantiations, focusing on the revocation problem. We would like to note that even though all the results presented in this thesis are motivated mainly by provable security in practice, only the first bullet above has a direct impact on a practical and widely deployed protocol Kerberos. Our PRG is the most efficient construction among theoretical PRGs, but it may still not be efficient enough to be directly usable in practical protocols. And our results and techniques for revocation in IBE and ABE have found much wider applications in information security, such as mobile social networks, cloud-based secure health records, data outsourcing systems, vehicular ad-hoc networks, etc.

Encryption scheme

Kerberos

Provable security

Revocation

Pseudorandom generator

Computer security

Data protection

Data encryption (Computer science)

FPGA implementations of elliptic curve cryptography and Tate pairing over binary field

Huang, Jian. Li, Hao,

January 2007

Thesis (M.S.)--University of North Texas, Aug., 2007. / Title from title page display. Includes bibliographical references.

Authentication and key establishment in computer and communication networks no silver bullet /

Mehta, Manish. Harn, Lein.

January 2006

Thesis (Ph. D.)--School Computing and Engineering. University of Missouri--Kansas City, 2006. / "A dissertation in computer networking and software architecture." Advisor: Lein Harn. Typescript. Vita. Title from "catalog record" of the print edition Description based on contents viewed Nov. 13, 2007. Includes bibliographical references (leaves 203-214). Online version of the print edition.

Contributions to image encryption and authentication

Uehara, Takeyuki.

January 2003

Thesis (Ph.D.)--University of Wollongong, 2003. / Typescript. Bibliographical references: leaf 201-211.

Efficient authentication schemes for routing in mobile ad hoc networks

Xu, Shidi.

January 2006

Thesis (M.Comp.Sc.)--University of Wollongong, 2006. / Typescript. Includes bibliographical references: leaf 93-102.

Contributions to group key distribution schemes

Kurnio, Hartono.

January 2005

Thesis (Ph.D.)--University of Wollongong, 2005. / Typescript. Includes bibliographical references: leaf 149-157.

Digital rights management for smart containment objects

Fares, Tony Yussef.

January 2005

Thesis (Ph.D.)--University of Wollongong, 2005. / Typescript. Includes appendices. Includes bibliographical references: leaf 201-214.