Définition d'une infrastructure de sécurité et de mobilité pour les réseaux pair-à-pair recouvrants / Definition of a security and mobility infrastructure for peer-to-peer overlay networks

Daouda, Ahmat mahamat

29 September 2014

La sécurisation inhérente aux échanges dans les environnements dynamiques et distribués, dépourvus d’une coordination centrale et dont la topologie change perpétuellement, est un défi majeur. Dans le cadre de cette thèse, on se propose en effet de définir une infrastructure de sécurité adaptée aux contraintes des systèmes P2P actuels. Le premier volet de nos travaux consiste à proposer un intergiciel, appelé SEMOS, qui gère des sessions sécurisées et mobiles. SEMOS permet en effet de maintenir les sessions sécurisées actives et ce, même lorsque la configuration réseau change ou un dysfonctionnement se produit. Cette faculté d’itinérance est rendue possible par la définition d’un nouveau mécanisme de découplage afin de cloisonner l’espace d’adressage de l’espace de nommage ; le nouvel espace de nommage repose alors sur les tables de hachage distribuées (DHT). Le deuxième volet définit un mécanisme distribué et générique d’échange de clés adapté à l’architecture P2P. Basé sur les chemins disjoints et l’échange de bout en bout, le procédé de gestion des clés proposé est constitué d’une combinaison du protocole Diffie-Hellman et du schéma à seuil(k, n) de Shamir. D’une part, l’utilisation des chemins disjoints dans le routage des sous-clés compense l’absence de l’authentification certifiée, par une tierce partie, consubstantielle au protocole Diffie-Hellman et réduit, dans la foulée, sa vulnérabilité aux attaques par interception. D’autre part, l’extension de l’algorithme Diffie-Hellman par ajout du schéma à seuil (k, n) renforce substantiellement sa robustesse notamment dans la segmentation des clés et/ou en cas de défaillances accidentelles ou délibérées dans le routage des sous-clés. Enfin, les sessions sécurisées mobiles sont évaluées dans un réseau virtuel et mobile et la gestion des clés est simulée dans un environnement générant des topologies P2P aléatoires. / Securing communications in distributed dynamic environments, that lack a central coordination point and whose topology changes constantly, is a major challenge.We tackle this challenge of today’s P2P systems. In this thesis, we propose to define a security infrastructure that is suitable to the constraints and issues of P2P systems. The first part of this document presents the design of SEMOS, our middleware solution for managing and securing mobile sessions. SEMOS ensures that communication sessions are secure and remain active despite the possible disconnections that can occur when network configurations change or a malfunction arises. This roaming capability is implemented via the definition of a new addressing space in order to split up addresses for network entities with their names ; the new naming space is then based on distributed hash tables(DHT). The second part of the document presents a generic and distributed mechanism for a key exchange method befitting to P2P architectures. Building on disjoint paths andend-to-end exchange, the proposed key management protocol consists of a combination of the Diffie-Hellman algorithm and the Shamir’s (k, n) threshold scheme. On the onehand, the use of disjoint paths to route subkeys offsets the absence of the third party’s certified consubstantial to Diffie-Hellman and reduces, at the same time, its vulnerability to interception attacks. On the other hand, the extension of the Diffie-Hellman algorithm by adding the threshold (k, n) scheme substantially increases its robustness, in particular in key splitting and / or in the case of accidental or intentional subkeys routing failures. Finally, we rely on a virtual mobile network to assess the setup of secure mobile sessions.The key management mechanism is then evaluated in an environment with randomly generated P2P topologies.

P2P

DHT

VPN mobile

Chemins disjoints

Diffie-Hellman

Schéma à seuil (k, n)

P2P

(k, n) threshold scheme

Diffie-Hellman

Disjoint paths

Mobile VPN

DHT

多伺服器環境中基於智慧卡的身分認證機制之研究 / A Study on Smart Card Based User Authentication Mechanism for Multi-Server Environments

張詠詠, Chang, Yung Yung

Unknown Date

隨著科技的進步，智慧卡的種類漸增，功能也愈趨完善，生活中需要使用到智慧卡的時機也愈來愈頻繁，與之相對的，其安全性也愈加受到重視，尤其在卡片遺失的情形下，必須做到卡片中留存的資料就算被有心人士竊取，也無法從中得出使用者密碼(password)，藉以偽冒成合法使用者，如此才能確保卡片使用者的安全。為了達到此一目的，許多學者在智慧卡的安全機制上做了許多的研究，如：2012年學者Cheng等人提出了一個基於智慧卡的遠端使用者登錄認證機制。同一時期，學者Li等人也提出了多伺服器網路中，基於密碼驗證的智慧卡認證機制。本研究中，我們發現Cheng等人及Li等人所自訂之智慧卡認證協議，在智慧卡遺失的情況下，並未提供完整的保密環境，導致其使用者與伺服器雙方所建立的秘鑰與會議金鑰可能被破解而無法得知。因此，我們提出了改良版的基於邏輯運算的智慧卡身分驗證機制，加入Diffie-Hellman密鑰交換，以達到更具安全性的目標。 / With advances in technology, different types and functions of smart cards have become more popular and perfect in recent years. We use smart cards in daily life more and more frequent, so smart card security has become a very important issue, especially in the case of smart-card-loss. We have to ensure that if our card is lost and someone steals the sensitive data in our card, he/she cannot use it to guess or get user’s password. To achieve the goal, many researchers have done a lot of work in smart card security. In 2012 Cheng et al. proposed a smart card based authentication scheme for remote user login and verification. During the same period, Li et al. proposed a password and smart card based user authentication mechanism for multi-server environments. In this thesis, we first pointed out the security flaws of Cheng et al.’s and Li et al.’s mechanism. We found that Cheng et al.’s and Li et al.’s mechanism cannot be secure under offline-dictionary attack in the smart-card-loss case. This enables adversaries to guess user’s password and session keys. Secondly, we introduced an improved version of smart card based authentication mechanism using Diffie-Hellman key exchange to overcome the above mentioned problems

智慧卡

身分驗證機制

Diffie-Hellman密鑰交換

Smart card

Authentication mechanism

Diffie-Hellman key exchange

Kryptoggraphie mit elliptischen Kurven

Pönisch, Jens

01 December 2014

Der Vortrag erläutert das Grundprinzip des Diffie-Hellman-Schlüsseltausches mithilfe des diskreten Logarithmus unter Zuhilfenahme elliptischer Kurven über endlichen Körpern.

Diffie-Hellman-Schlüsseltausch

Diffie-Hellman key exchange

elliptic curve

Galois field

discrete logarithm problem

ddc:510

Elliptische Kurve

Diskreter Logarithmus

Galois-Feld

Criptografia

Marques, Thiago Valentim

15 April 2013

Submitted by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2015-11-04T10:36:45Z No. of bitstreams: 2 arquivototal.pdf: 4819014 bytes, checksum: b89987c92ac5294da134e67b82d09cd2 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) / Approved for entry into archive by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2015-11-04T11:40:46Z (GMT) No. of bitstreams: 2 arquivototal.pdf: 4819014 bytes, checksum: b89987c92ac5294da134e67b82d09cd2 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) / Made available in DSpace on 2015-11-04T11:40:46Z (GMT). No. of bitstreams: 2 arquivototal.pdf: 4819014 bytes, checksum: b89987c92ac5294da134e67b82d09cd2 (MD5) license_rdf: 23148 bytes, checksum: 9da0b6dfac957114c6a7714714b86306 (MD5) Previous issue date: 2013-04-15 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / In this paper we are studying cryptography’s evolution throughout history; analyzing the difference between symmetric and asymmetric cryptographies; enunciating definitions and theorems about binary relations, group theories, primitive roots and discrete logarithms; understanding the procedure of Diffie-Hellman’s key change protocol. In the last part in this work, we are proposing three activities to be applied in classroom. / Neste trabalho, vamos estudar a evolução da criptografia ao longo da história; analisar a diferença entre as criptografias simétricas e assimétricas; enunciar definições e teoremas sobre relações binárias, teoria dos grupos, raízes primitivas e logaritmos discretos; entender o procedimento do protocolo da troca de chaves de Diffie-Hellman; e, na parte final deste trabalho, iremos propor três atividades para serem aplicadas em sala de aula.

Sigilo

Secrecy

Diffie-Hellman

Discrete logarithms

Primitive roots

Mathematics

Safety

Abordagem histórica

Diffie-Hellman

Logaritmos discretos

Raízes primitivas

Matemática

Segurança

Cryptography

MATEMATICA::MATEMATICA APLICADA

Kryptoggraphie mit elliptischen Kurven: Versuch einer Erklärung

Pönisch, Jens

01 December 2014

Der Vortrag erläutert das Grundprinzip des Diffie-Hellman-Schlüsseltausches mithilfe des diskreten Logarithmus unter Zuhilfenahme elliptischer Kurven über endlichen Körpern.

info:eu-repo/classification/ddc/510

ddc:510

Diffie-Hellman-Schlüsseltausch

Desired Features and Design Methodologies of Secure Authenticated Key Exchange Protocols in the Public-Key Infrastructure Setting

Wang, Hao-Hsien

January 2004

The importance of an authenticated key exchange (AKE) protocol has long been known in the field of cryptography. Two of the questions still being asked today are (1) what properties or features does a secure AKE protocol possess, and (2) How does one, in a step by step fashion, create a secure AKE protocol? This thesis aims to answer these two questions. The thesis contains two parts: one is a survey of previous works on the desired features of the Station-to-Station (STS) protocol, and the other is a study of a previously proposed design methodology in designing secure AKE protocols, as well as contributing an original idea of such methodologies. Descriptions and comparisons of the two design methodologies are included. The thesis surveys the literature and conducts a case study of the STS protocol, analyzes various attacks on STS through some known attacks to it, and extracts the desired properties and features of a secure AKE protocol via the case study. This part of the thesis does not propose any new result, but summarizes a complete list of issues one should take consideration of while designing an AKE protocol. We also show that at the end of this part, a secure version of STS which possesses the desired features of an AKE protocol. The other major part of the thesis surveys one design methodology of creating a secure AKE protocol by Bellare, Canetti, and Krawczyk; it is based on having a secure key exchange protocol then adding (mutual) authentication to it. The thesis then proposes another original design methodology; it starts with a secure mutual authentication protocol, then adds the secure key exchange feature without modifying overheads and number of flows of the original mutual authentication protocol. We show in this part the "secure" AKE protocol developed through these two design approaches is identical to the secure version of STS described in the other part, and thus possesses the desired features of a secure AKE protocol. We also give a proof of security of the secure AKE protocol developed under our design methodology.

Computer Science

authentication

authenticated key exchange

Diffie-Hellman

Station-to-Station protocol

STS

Desired Features and Design Methodologies of Secure Authenticated Key Exchange Protocols in the Public-Key Infrastructure Setting

Wang, Hao-Hsien

January 2004

The importance of an authenticated key exchange (AKE) protocol has long been known in the field of cryptography. Two of the questions still being asked today are (1) what properties or features does a secure AKE protocol possess, and (2) How does one, in a step by step fashion, create a secure AKE protocol? This thesis aims to answer these two questions. The thesis contains two parts: one is a survey of previous works on the desired features of the Station-to-Station (STS) protocol, and the other is a study of a previously proposed design methodology in designing secure AKE protocols, as well as contributing an original idea of such methodologies. Descriptions and comparisons of the two design methodologies are included. The thesis surveys the literature and conducts a case study of the STS protocol, analyzes various attacks on STS through some known attacks to it, and extracts the desired properties and features of a secure AKE protocol via the case study. This part of the thesis does not propose any new result, but summarizes a complete list of issues one should take consideration of while designing an AKE protocol. We also show that at the end of this part, a secure version of STS which possesses the desired features of an AKE protocol. The other major part of the thesis surveys one design methodology of creating a secure AKE protocol by Bellare, Canetti, and Krawczyk; it is based on having a secure key exchange protocol then adding (mutual) authentication to it. The thesis then proposes another original design methodology; it starts with a secure mutual authentication protocol, then adds the secure key exchange feature without modifying overheads and number of flows of the original mutual authentication protocol. We show in this part the "secure" AKE protocol developed through these two design approaches is identical to the secure version of STS described in the other part, and thus possesses the desired features of a secure AKE protocol. We also give a proof of security of the secure AKE protocol developed under our design methodology.

Computer Science

authentication

authenticated key exchange

Diffie-Hellman

Station-to-Station protocol

STS

Energy-Aware Key Management in Wireless Ad-Hoc Networks

Chang, Chia-Wen

26 July 2006

In this thesis, we consider how to reduce the communication cost of the key exchange procedures as many as possible, while the secure group communication can still be achieved. Due to the energy consumption is usually proportional to the distance, we use the shortest paths algorithm to find the shortest communication paths between any pair of the secure group members. We first propose a straightforward heuristic named Minimum-Energy First-Selected ( MEFS ). MEFS tries to select the pair of group members which has less communication cost than all other pairs have at every time. Though MEFS performs better than random selecting, it still has some weakness in solving the energy-aware key management problem. So we use the concept of the minimum cost flow problem, and by appropriate transformation, then we get the optimal solution of the energy-aware key management problem under some constraints. At last, the simulation results proves that the minimum cost flow approach actually works better than MEFS does.

Diffie-Hellman protocol

wireless ad-hoc networks

network security

the minimum cost flow problem

Hardwarově akcelerovaný přenos dat s využitím TLS protokolu / Hardware accelerated data transfer using TLS protocol

Zugárek, Adam

January 2020

This paper describes implementation of the whole cryptographic protocol TLS including control logic and used cryptographic systems. The goal is to implement an application in the FPGA technology, so it could be used in hardware accelerated network card. The reason for this is new supported higher transmission speeds that Ethernet is able to operate on, and the absence of implementation of this protocol on FPGA. In the first half of this paper is described theory of cryptography followed by description of TLS protocol, its development, structure and operating workflow. The second half describes the implementation on the chosen technology that is also described here. It is used already existing solutions of given cryptographic systems for the implementation, or at least their parts that are modified if needed for TLS. It was implemented just several parts of whole protocol, such are RSA, Diffie-Hellman, SHA and part of AES. Based on these implementations and continuing studying in this matter it was made conclusion, that FPGA technology is inappropriate for implementation of TLS protocol and its control logic. Recommendation was also made to use FPGA only for making calculations of given cryptographic systems that are controlled by control logic from software implemented on standard processors.

Systém pro měření kvality elektrické energie / Power quality measuring system

Valenta, Jaroslav

January 2011

This thesis deals with the measurement of power quality. The evaluating quality parameters, data collection systems and transfer technologies will be discussed. The various type of cryptographic algorithms are also described. Cryptographic algorithms, which ensure to secure data communications from remote collection points of measurement, will be realized. These cryptographic algorithms will be realized in MATLAB and C/C++. The last part is focus on designed and implemented a simulation model to telemetry the power quality.