Elektroninio parašo naudojimo efektyvumas XXX organizacijoje / Digital signature's usage efficiency in XXX organization

Laucius, Tatjana

17 January 2007

Informacinės technologijos ir Interneto tinklas įsiterpė į mokslą, gamybą, ekonomiką ir valstybės valdžią bei pakeitė mūsų pasaulėžiūrą – tai kas buvo neįmanoma dar prieš dešimtmetį, tapo realybė. Sąskaitų apmokėjimas Internetu, sutarčių pasirašymas, paslaugų užsakymas ir apsikeitimas kita informacija tarp privačių asmenų, valstybės institucijų ir verslo organizacijų vyksta „online“ (tiesioginio laiko) režimu. Tačiau kuo daugiau atsiranda naujų galimybių siunčiant duomenis Internetu, tuo sparčiau auga elektroninių nusikaltimų skaičius. Elektroniniai nusikaltėliai siekiant savanaudiškų tikslų gali pasinaudoti konfidencialia informacija, pakeičiant tik vieną simbolį, pavyzdžiui, sąskaitos numeryje ar kitaip iškraipant informaciją, gali atnešti nuostolių asmenims ir organizacijoms. Tačiau nepaisant visų grėsmių Interneto tinklas yra iki šiol greičiausiais, patogiausias ir populiariausias, tačiau nepatikimiausiais būdas siųsti duomenys , todėl reikėtų naudoti informacijos apsaugos priemones. / Information technologies and internet has interfered into science, production and government. Our world-view had definitely changed – what was impossible just a few years ago now became a reality. Paying bills by the internet, signing contracts, ordering services and exchanging information between private clients, governmental institutions and business organizations and other operation are making online. Number of electronic crimes rises directly proportionally to opportunities increasing in sending information by internet. Electronic criminals to suit their own aims can use confidential information by changing single symbol, for example in account number, or by distorting information in any other way may cause incur losses to users and organizations. However, despite of all the disadvantages, internet is the fastest, the most comfortable and popular, but the most insecure way to send information, that is the reason why we should use secure means of communication. The main object or this graduation thesis is explore digital signature as one of the newest secure means of communication . The main functions, usage singularity are analyzed in this work. Author direct attention to digital signature legal power which has been accepted by government. Digital signature is equivalence to hand-made signature. Also, have made an observation on cryptography’s (data coding) scientific methods for digital signatures functions ensuring. Separate part of work is divided to projects and... [to full text]

Economics

Elektroninis parašas

Informacinės technologijos

Elektroniniai nusikaltimai

Digital signature

Information technologies

Electronic crimes

CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

Chandrasekhar, Santosh

01 January 2011

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption.

Authentication

digital signature

proxy signature

signature amortization

trapdoor hash functions

Computer Sciences

Signing with Codes

Mas??rov??, Zuzana

January 2014

Code-based cryptography is an area of classical cryptography in which cryptographic primitives rely on hard problems and trapdoor functions related to linear error-correcting codes. Since its inception in 1978, the area has produced the McEliece and the Niederreiter cryptosystems, multiple digital signature schemes, identification schemes and code-based hash functions. All of these are believed to be resistant to attacks by quantum computers. Hence, code-based cryptography represents a post-quantum alternative to the widespread number-theoretic systems. This thesis summarizes recent developments in the field of code-based cryptography, with a particular emphasis on code-based signature schemes. After a brief introduction and analysis of the McEliece and the Niederreiter cryptosystems, we discuss the currently unresolved issue of constructing a practical, yet provably secure signature scheme. A detailed analysis is provided for the Courtois, Finiasz and Sendrier signature scheme, along with the mCFS and parallel CFS variations. Finally, we discuss a recent proposal by Preetha et al. that attempts to solve the issue of provable security, currently failing in the CFS scheme case, by randomizing the public key construct. We conclude that, while the proposal is not yet practical, it represents an important advancement in the search for an ideal code-based signature scheme.

Assinatura digital Rabin-Williams - sem randomização e com prova eficiente de segurança / Rabin-Williams digital signature without randomization and with tight security proof.

Bernardo Caraponale Magri

13 April 2012

Com o surgimento da criptografia de chave pública, muito esforço foi feito para a criação de protocolos de criptografia e de assinatura que fossem comprovadamente seguros contra indivíduos maliciosos. Existem várias definições de segurança, tanto para protocolos de criptografia como para protocolos de assinatura, e também existem vários modelos de adversários, que simulam um indivíduo malicioso tentando corromper o protocolo. A família de protocolos de assinatura Rabin possui os recordes de velocidade de vericação da assinatura, chegando a ser até 100 vezes mais rápida do que o RSA. Este trabalho apresenta uma redução eficiente de segurança no modelo do oráculo aleatório para uma variante do protocolo de assinatura Rabin descrito por Bernstein, onde não é necessário o uso de nenhuma função para geração de bits pseudo-aleatórios, o que torna o protocolo mais robusto. A redução apresentada é uma redução polinomial e eficiente do problema da fatoração de inteiros para o problema de quebrar o protocolo Principal Rabin-Williams B = 0. / With the development of public-key cryptography, many efforts were made to build encryption and signature protocols that were provably secure against malicious adversaries. There are many definitions of security for encryption and signature protocols, and there are many adversary models to simulate the behaviour of a malicious adversary against a given protocol. The Rabin family of signature protocols has the speed records for verification of signature, being up to 100 times faster than RSA. This work presents a tight security proof in the random oracle model for a variant of the Rabin signature protocol presented by Bernstein, that does not require the use of pseudo-random bits, making the protocol more robust. The proof presented here is a polynomially tight reduction for the problem of integer factorization to the problem of breaking the Principal Rabin-Williams B = 0 protocol.

Assinatura Digital

Criptografia

Rabin-Williams

RSA

Cryptography

Digital Signature

Rabin-Williams

RSA

Evaluation and Implementation for Pushing Automatic Updates to IoT Devices

Min, Menglei

January 2017

In recent years, Internet of Things has developed rapidly, and now has penetrated into human life and industrial production. It is speculated that the internet of things will become ubiquitous in the future, which will bring a series of problems. First, the large number of things will lead to operated system and software updates consuming a lot of manpower and resources. Another problem is the Internet of things facing security issues, in recent years for the means of Internet of things and tools have been increasing largely. Therefore, to achieve a secure automatic update on the Internet of Things is essential. This report will follow such an automatic update system based on Internet of things to expand. First it elaborated on the main motive of this problem, found three existing related works and three security methods for communication to analyze. Then combined results of analysis, put forward own a secure automatic update solution: manager and devices connect and mutual authentication in real time, at the same time, the manager will regularly check the database to see if there is new version application. When the administrator uploads a new version, the manager will download the version and then sends to all devices, then device installs and finally restart itself. Next, the report described how to implement this system in detail and evaluated it. In the end, this report summarized and introduces the future work.

Automatic update

Internet of things

Digital signature

Secure sockets layer communication

Secure hash algorithm

Software Engineering

Programvaruteknik

Improving Integrity Assurances of Log Entries From the Perspective of Intermittently Disconnected Devices / Förbättring av integritetsförsäkring av loggar sett från tillfälligt bortkopplade enheter

Andersson, Marcus, Nilsson, Alexander

January 2014

It is common today in large corporate environments for system administrators to employ centralized systems for log collection and analysis. The log data can come from any device between smart-phones and large scale server clusters. During an investigation of a system failure or suspected intrusion these logs may contain vital information. However, the trustworthiness of this log data must be confirmed. The objective of this thesis is to evaluate the state of the art and provide practical solutions and suggestions in the field of secure logging. In this thesis we focus on solutions that do not require a persistent connection to a central log management system. To this end a prototype logging framework was developed including client, server and verification applications. The client employs different techniques of signing log entries. The focus of this thesis is to evaluate each signing technique from both a security and performance perspective. This thesis evaluates "Traditional RSA-signing", "Traditional Hash-chains"', "Itkis-Reyzin's asymmetric FSS scheme" and "RSA signing and tick-stamping with TPM", the latter being a novel technique developed by us. In our evaluations we recognized the inability of the evaluated techniques to detect so called `truncation-attacks', therefore a truncation detection module was also developed which can be used independent of and side-by-side with any signing technique. In this thesis we conclude that our novel Trusted Platform Module technique has the most to offer in terms of log security, however it does introduce a hardware dependency on the TPM. We have also shown that the truncation detection technique can be used to assure an external verifier of the number of log entries that has at least passed through the log client software.

Secure logging

forward security

TPM

digital signature

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

Internet marketing a ICT ve Vietnamu / Internet marteting and ICT in Vietnam

Nguyen, Anh Tuan

January 2008

The thesis deals with general theory of internet marketing, its opening and discrete premises for functioning, positive sides and threats that internet marketing can bring. An important part of the thesis is drawing an image of the current level of ICT infrastructure and the situation in internet marketing aplication in Vietnam.

Flexible Digital Authentication Techniques

Ge, He

05 1900

Abstract This dissertation investigates authentication techniques in some emerging areas. Specifically, authentication schemes have been proposed that are well-suited for embedded systems, and privacy-respecting pay Web sites. With embedded systems, a person could own several devices which are capable of communication and interaction, but these devices use embedded processors whose computational capabilities are limited as compared to desktop computers. Examples of this scenario include entertainment devices or appliances owned by a consumer, multiple control and sensor systems in an automobile or airplane, and environmental controls in a building. An efficient public key cryptosystem has been devised, which provides a complete solution to an embedded system, including protocols for authentication, authenticated key exchange, encryption, and revocation. The new construction is especially suitable for the devices with constrained computing capabilities and resources. Compared with other available authentication schemes, such as X.509, identity-based encryption, etc, the new construction provides unique features such as simplicity, efficiency, forward secrecy, and an efficient re-keying mechanism. In the application scenario for a pay Web site, users may be sensitive about their privacy, and do not wish their behaviors to be tracked by Web sites. Thus, an anonymous authentication scheme is desirable in this case. That is, a user can prove his/her authenticity without revealing his/her identity. On the other hand, the Web site owner would like to prevent a bunch of users from sharing a single subscription while hiding behind user anonymity. The Web site should be able to detect these possible malicious behaviors, and exclude corrupted users from future service. This dissertation extensively discusses anonymous authentication techniques, such as group signature, direct anonymous attestation, and traceable signature. Three anonymous authentication schemes have been proposed, which include a group signature scheme with signature claiming and variable linkability, a scheme for direct anonymous attestation in trusted computing platforms with sign and verify protocols nearly seven times more efficient than the current solution, and a state-of-the-art traceable signature scheme with support for variable anonymity. These three schemes greatly advance research in the area of anonymous authentication. The authentication techniques presented in this dissertation are based on common mathematical and cryptographical foundations, sharing similar security assumptions. We call them flexible digital authentication schemes.

Computer networks -- Security measures.

Computer security.

Authentication.

authentication

anonymity

digital signature

cryptographic protocols

Secure and efficient post-quantum cryptographic digital signature algorithms

Mahmoud, Mahmoud Yehia Ahmed

24 August 2021

Cryptographic digital signatures provide authentication to communicating parties over communication networks. They are integral asymmetric primitives in cryptography. The current digital signature infrastructure adopts schemes that rely on the hardness of finding discrete logarithms and factoring in finite groups. Given the recent advances in physics which point towards the eventual construction of large scale quantum computers, these hard problems will be solved in polynomial time using Shor’s algorithm. Hence, there is a clear need to migrate the cryptographic infrastructure to post-quantum secure alternatives. Such an initiative is demonstrated by the PQCRYPTO project and the current Post-Quantum Cryptography (PQC) standardization competition run by the National Institute of Standards and Technology (NIST). This dissertation considers hash-based digital signature schemes. Such algorithms rely on simple security notions such as preimage, and weak and strong collision resistances of hash functions. These notions are well-understood and their security against quantum computers has been well-analyzed. However, existing hash-based signature schemes have large signature sizes and high computational costs. Moreover, the signature size increases with the number of messages to be signed by a key pair. The goal of this work is to develop hash-based digital signature schemes to overcome the aforementioned limitations. First, FORS, the underlying few-time signature scheme of the NIST PQC alternate candidate SPHINCS+ is analyzed against adaptive chosen message attacks, and DFORS, a few-time signature scheme with adaptive chosen message security, is proposed. Second, a new variant of SPHINCS+ is introduced that improves the computational cost and security level. Security analysis for the new variant is presented. In addition, the hash-based group digital signature schemes, Group Merkle (GM) and Dynamic Group Merkle (DGM), are studied and their security is analyzed. Group Merkle Multi-Treem (GMMT) is proposed to solve some of the limitations of the GM and DGM hash-based group signature schemes. / Graduate

Digital signature schemes

Hash-based signature schemes

Post-quantum cryptography

Group signature schemes

Merkle trees

Post-quantum algorithms for digital signing in Public Key Infrastructures / Post-quantum-algoritmer för digitala signaturer i Public Key Infrastructures

Sjöberg, Mikael

January 2017

One emerging threat to Public Key Infrastructures is the possible development of large-scale quantum computers, which would be able to break the public-key cryptosystems used today. Several possibly post-quantum secure cryptographic algorithms have been proposed but so far they have not been used in many practical settings. The purpose of this thesis was to find post-quantum digital signature algorithms that might be suitable for use in Public Key Infrastructures today. To answer the research question, an extensive literature study was conducted where relevant algorithms were surveyed. Algorithms with high-grade implementations in different cryptographic libraries were benchmarked for performance. Hash-based XMSS and SPHINCS, multivariate-based Rainbow and lattice-based BLISS-B were benchmarked and the results showed that BLISS-B offered the best performance, on par with RSA and ECDSA. All the algorithms did however have relatively large signature sizes and/or key sizes. Support for post-quantum digital signature algorithms in Public Key Infrastructure products could easily be achieved since many algorithms are implemented in cryptographic libraries. The algorithms that could be recommended for use today were SPHINCS for high-security applications and possibly BLISS-B for lower security applications requiring higher efficiency. The biggest obstacles to widespread deployment of post-quantum algorithms was deemed to be lack of standardisation and either inefficient operations compared to classical algorithms, uncertain security levels, or both. / Ett nytt hot mot Public Key Infrastructures är den möjliga utvecklingen av storskaliga kvantdatorer som kan knäcka de asymmetriska kryptosystem som används idag. Ett flertal eventuellt kvantsäkra algoritmer har presenterats men de har än så länge inte sett mycket praktisk användning. Målet med detta examensarbete var att försöka identifiera eventuellt kvantsäkra signaturalgoritmer som skulle kunna lämpa sig för användning i Public Key Infrastructures idag. För att besvara forskningsfrågan gjordes en utredande litteraturstudie där relevanta signaturalgoritmer identifierades. Därefter prestandatestades de algoritmer som var implementerade i kryptografiska bibliotek. De algoritmer som prestandatestades var de hash-baserade algoritmerna XMSS och SPHINCS, flervariabel-baserade Rainbow och gitter-baserade BLISS-B. Resultaten visade att BLISS-B hade bäst prestanda och att prestandan var i nivå med RSA och ECDSA. Samtliga algoritmer hade emellertid relativt stora signatur- och/eller nyckelstorlekar. Eventuellt kvantsäkra algoritmer skulle redan idag kunna stödjas i Public Key Infrastructures eftersom många algoritmer finns implementerade i kryptografiska bibliotek. SPHINCS kunde rekommenderas när hög säkerhet krävs medan BLISS-B möjligtvis skulle kunna användas när lägre säkerhet kan tolereras i utbyte mot bättre prestanda. Största hindren för utbredd användning ansågs vara en brist på standardisering samt ineffektiva operationer jämfört med klassiska algoritmer och/eller tveksamma säkerhetsnivåer.

Post-quantum algorithms

Digital signature algorithms

Public Key Infrastructures

Computer Sciences

Datavetenskap (datalogi)