Network and system security in an information age

Scully, Michael N. B.

01 January 2000

In a time when networks are so readily interconnected around the world, computer security is a paramount concern for information technology professionals. As users, we regularly log onto terminals that are configured and maintained by others, running software developed by others, using operating systems with publicly known flaws, over networks connected by others, using protocols that were never constructed with security in mind. We rely on systems that we are forced to trust, connecting to remote systems we do not know, and only a finite minority of users has even the slightest conception of how these systems handle their information. Availability is the ultimate goal in providing usefulness and utility with an information system, but availability is also a detriment to system security. Avenues of availability are also avenues of potential data attack from malicious users or hackers. A certain level of confidentiality within data systems is necessary to assure the privacy of personal information as well as the secrecy of proprietary data. Users and information systems must be able to authenticate one another's identification while insuring transmissions between them remain unaltered in transit. This thesis is a discussion of network security considerations and network attack methodologies with respect to availability, confidentiality, and reliability. Network administrators must consider balancing these aspects in securing information systems.

Management Information Systems

Fair Comparison of ASIC Performance for SHA-3 Finalists

Zuo, Yongbo

22 June 2012

In the last few decades, secure algorithms have played an irreplaceable role in the protection of private information, such as applications of AES on modems, as well as online bank transactions. The increasing application of secure algorithms on hardware has made implementations on ASIC benchmarks extremely important. Although all kinds of secure algorithms have been implemented into various devices, the effects from different constraints on ASIC implementation performance have never been explored before. In order to analyze the effects from different constraints for secure algorithms, SHA-3 finalists, which includes Blake, Groestl, Keccak, JH, and Skein, have been chosen as the ones to be implemented for experiments in this thesis. This thesis has first explored the effects of different synthesis constraints on ASIC performance, such as the analysis of performance when it is constrained for frequency, or maximum area, etc. After that, the effects of choosing various standard libraries were tested, for instance, the performance of UMC 130nm and IBM 130nm standard libraries have been compared. Additionally, the effects of different technologies have been analyzed, such as 65nm, 90nm, 130nm and 180nm of UMC libraries. Finally, in order to further understand the effects, experiments for post-layout analysis has been explored. While some algorithms remain unaffected by floor plan shapes, others have shown preference for a specific shape, such as JH, which shows a 12% increase in throughput/area with a 1:2 rectangle compared to a square. Throughout this thesis, the effects of different ASIC implementation factors have been comprehensively explored, as well as the details of the methodology, metrics, and the framework of the experiments. Finally, detailed experiment results and analysis will be discussed in the following chapters. / Master of Science

SHA

NIST

ASIC

Finalist

Hardware

Encryption

Hash

Cipher

Key

Ochrana soukromí v cloudu / Privacy protection in cloud

Chernikau, Ivan

Unknown Date

In the Master’s thesis were described privacy protection problems while using cloud technologies. Some of the problems can be solved with help of homomorphic encryption, data splitting or searchable encryption. These techniques were described and compared by provided security, privacy protection and efficiency. The data splitting technique was chosen and implemented in the C language. Afterwards a performance of the implemented solution was compared to AES encryption/decryption performance. An application for secured data storing in cloud was designed and implemented. This application is using the implemented data splitting technique and third-party application CloudCross. The designed application provides command line interface (CLI) and graphical user interface (GUI). GUI extends the capabilities of CLI with an ability to register cloud and with an autodetection of registered clouds. The process of uploading/downloading the data to/from cloud storage is transparent and it does not overload the user with technical details of used data splitting technique.

Benchmarking Framework for Transparent Data Encryption Systems

Moulianitakis, Feidias, Asimakopoulos, Konstantinos

January 2019

In the digital world of today, information is always at risk regardless of its state, at rest or in transit. Cryptography is the technology that promises to address the security issues that emerge. Hence, it was a reasonable consequence to introduce cryptography to databases. However, manually encrypting and decrypting data along with the key management is a burden for the regular user of a database. The need for removing this burden gave birth to Transparent Data Encryption (TDE).   TDE technology is widely available nowadays and a number of vendors have developed their own solutions for protecting data at rest in a transparent way to the end user. However, cryptographic operations are resource intensive and introduce an overhead to the computational operations. The burden of cryptographic operations has drawn the interest of both academia and the industry for a long time before TDE appeared on the horizon. Hence, a lot of research has been done to measure the performance impact of those operations.   Despite the extensive study for the performance of cryptographic algorithms, the performance of the TDE systems and the add-on computational burden for the introduced encryption has not yet been studied thoroughly. As a result, the current Thesis project tries to develop a theoretical benchmarking framework that evaluates the performance of Transparent Data Encryption systems. The study is conducted utilizing the Design Research methodology.   The developed benchmarking framework focuses on the basic performance metrics of TDE systems, Elapsed time, CPU time and Hard Disk memory consumption. These metrics are calculated for varying key lengths, encryption algorithms and table sizes.  The framework follows a five - step procedure that includes the creation of topology - lab environment, creation of databases and definition of scenarios, activation of TDE feature, sequencial execution of scenarios and analysis of the results. The developed framework is evaluated by applying it on real TDE systems.

Transparent Data Encryption

benchmarking framework

encryption performance

Design Research

Cryptography

Elektroteknik och elektronik

Application of linear block codes in cryptography

Esmaeili, Mostafa

19 March 2019

Recently, there has been a renewed interest in code based cryptosystems. Amongst the reasons for this interest is that they have shown to be resistant to quantum at- tacks, making them candidates for post-quantum cryptosystems. In fact, the National Institute of Standards and Technology is currently considering candidates for secure communication in the post-quantum era. Three of the proposals are code based cryp- tosystems. Other reasons for this renewed interest include e cient encryption and decryption. In this dissertation, new code based cryptosystems (symmetric key and public key) are presented that use high rate codes and have small key sizes. Hence they overcome the drawbacks of code based cryptosystems (low information rate and very large key size). The techniques used in designing these cryptosystems include random bit/block deletions, random bit insertions, random interleaving, and random bit ipping. An advantage of the proposed cryptosystems over other code based cryp- tosystems is that the code can be/is not secret. These cryptosystems are among the rst with this advantage. Having a public code eliminates the need for permutation and scrambling matrices. The absence of permutation and scrambling matrices results in a signi cant reduction in the key size. In fact, it is shown that with simple random bit ipping and interleaving the key size is comparable to well known symmetric key cryptosystems in use today such as Advanced Encryption Standard (AES). The security of the new cryptosystems are analysed. It is shown that they are immune against previously proposed attacks for code based cryptosystems. This is because scrambling or permutation matrices are not used and the random bit ipping is beyond the error correcting capability of the code. It is also shown that having a public code still provides a good level of security. This is proved in two ways, by nding the probability of an adversary being able to break the cryptosystem and showing that this probability is extremely small, and showing that the cryptosystem has indistinguishability against a chosen plaintext attack (i.e. is IND-CPA secure). IND-CPA security is among the primary necessities for a cryptosystem to be practical. This means that a ciphertext reveals no information about the corresponding plaintext other than its length. It is also shown that having a public code results in smaller key sizes. / Graduate

cryptography

linear block codes

random bit deletion

random bit insertion

random interleaving

code based encryption

post-quantum encryption

Popiratelné šifrování / Deniable encryption

Šebek, Marcel

January 2012

In the thesis we study deniable encryption, as proposed by Canetti et al. (CRYPTO 1997). Standard encryption schemes guarantee good security level unless the adversary is able to force the sender and/or receiver to reveal her secret knowledge. Assuming that the adversary knows true ciphertext, the se- cret inputs usually commits the sender/receiver to the true plaintext. On the contrary, deniable scheme is equipped with algorithms that provide alternative secrets which makes the adversary believe that different plaintext was encrypted. We recall the most important results in the area, in particular, the schemes of Canetti et al. (CRYPTO 1997), the scheme of Klonowski et al. (SOFSEM 2008) based on ElGamal encryption, schemes of O'Neill et al. (CRYPTO 2011), and schemes and impossibility result of Bendlin et al. (ASIACRYPT 2011). In ad- dition to presenting known results in an unified environment, we deeply investi- gate simulatable-encryption based schemes. In particular, we construct a scheme that is bideniable, and both of its induced schemes are receiver-deniable (in the flexible/multi-distributional setting). We also disprove part of the results of Bendlin et al. (ASIACRYPT 2011) by showing that their construction of fully bideniable scheme is wrong. This result is verified using computer simulation....

Usable, Secure Content-Based Encryption on the Web

Ruoti, Scott

01 July 2016

Users share private information on the web through a variety of applications, such as email, instant messaging, social media, and document sharing. Unfortunately, recent revelations have shown that not only is users' data at risk from hackers and malicious insiders, but also from government surveillance. This state of affairs motivates the need for users to be able to encrypt their online data.In this dissertation, we explore how to help users encrypt their online data, with a special focus on securing email. First, we explore the design principles that are necessary to create usable, secure email. As part of this exploration, we conduct eight usability studies of eleven different secure email tools including a total of 347 participants. Second, we develop a novel, paired-participant methodology that allows us to test whether a given secure email system can be adopted in a grassroots fashion. Third, we apply our discovered design principles to PGP-based secure email, and demonstrate that these principles are sufficient to create the first PGP-based system that is usable by novices. We have also begun applying the lessons learned from our secure email research more generally to content-based encryption on the web. As part of this effort, we develop MessageGuard, a platform for accelerating research into usable, content-based encryption. Using MessageGuard, we build and evaluate Private Facebook Chat (PFC), a secure instant messaging system that integrates with Facebook Chat. Results from our usability analysis of PFC provided initial evidence that our design principles are also important components to usable, content-based encryption on the Web.

Security

HCI

Usable security

Content-based encryption

Secure email

Webmail

End-to-end encryption

user study

Computer Sciences

On applications of puncturing in error-correction coding

Klinc, Demijan

05 April 2011

This thesis investigates applications of puncturing in error-correction coding and physical layer security with an emphasis on binary and non-binary LDPC codes. Theoretical framework for the analysis of punctured binary LDPC codes at short block lengths is developed and a novel decoding scheme is designed that achieves considerably faster convergence than conventional approaches. Subsequently, optimized puncturing and shortening is studied for non-binary LDPC codes over binary input channels. Framework for the analysis of punctured/shortened non-binary LDPC codes over the BEC channel is developed, which enables the optimization of puncturing and shortening patterns. Insight from this analysis is used to develop algorithms for puncturing and shortening of non-binary LDPC codes at finite block lengths that perform well. It is confirmed that symbol-wise puncturing is generally bad and that bit-wise punctured non-binary LDPC codes can significantly outperform their binary counterparts, thus making them an attractive solution for future communication systems; both for error-correction and distributed compression. Puncturing is also considered in the context of physical layer security. It is shown that puncturing can be used effectively for coding over the wiretap channel to hide the message bits from eavesdroppers. Further, it is shown how puncturing patterns can be optimized for enhanced secrecy. Asymptotic analysis confirms that eavesdroppers are forced to operate at BERs very close to 0.5, even if their signal is only slightly worse than that of the legitimate receivers. The proposed coding scheme is naturally applicable at finite block lengths and allows for efficient, almost-linear time encoding. Finally, it is shown how error-correcting codes can be used to solve an open problem of compressing data encrypted with block ciphers such as AES. Coding schemes for multiple chaining modes are proposed and it is verified that considerable compression gains are attainable for binary sources.

Encryption

Compression

Physical layer security

Binary and non-binary LDPC codes

Shortening

Puncturing

Data encryption (Computer science)

Computer security

Attribute-based encryption : robust and efficient constructions

Rouselakis, Ioannis

26 September 2013

Attribute-based encryption is a promising cryptographic primitive that allows users to encrypt data according to specific policies on the credentials of the recipients. For example, a user might want to store data in a public server such that only subscribers with credentials of specific forms are allowed to access them. Encrypting the data once for each party is not only impractical but also raises important privacy issues. Therefore, it would be beneficial to be able to encrypt only once for all desired parties. This is achievable by attribute-based encryption schemes, which come into several types and are applicable to a wide range of settings. Several attribute-based encryption schemes have been proposed and studied with a wide range of characteristics. For example, initial constructions proved to be significantly more challenging than constructing traditional public-key encryption systems and they imposed restrictions on the expressiveness of the Boolean formulas used during encryption. For several proposed schemes the total number of attributes was fixed during setup, while others allowed any string to be used as attribute ("large universe" constructions), but with considerable weaker security guarantees. Furthermore, these first constructions, although polynomial time, were impractical for wide deployment. This thesis is motivated by two main goals for ABE schemes: robustness and efficiency. For robustness, we propose a novel construction that achieves strong security guarantees and at the same time augments the capabilities of previous schemes. More specifically, we adapt existing techniques to achieve leakage-resilient ABE schemes with augmented robustness features making no compromises on security. For the second direction, our goal is to create practical schemes with as many features as possible, such as "large universe" and multi-authority settings. We showcase these claims with working implementations, benchmarks, and comparisons to previous constructions. Finally, these constructions lead us to new directions that we propose and intend to investigate further. / text

Cryptography

Public-key encryption

Attribute-based encryption

Large universe

Leakage-resilience

Multi-authority

Ciphertext-policy

Key-policy

Architectural support for improving security and performance of memory sub-systems

Yan, Chenyu

17 November 2008

This thesis explores architectural level optimizations to make secure systems more efficient, secure and affordable. It extends prior work for secure architecture in several areas. It proposes a new combined memory encryption and authentication scheme which uses very small on-chip storage area and incurs much less performance overhead compared with prior work. In addition, the thesis studies the issues of applying architectural support for data security to distributed shared memory systems. It presents a scheme which is scalable with large-scale systems and only introduces negligible performance overhead for confidentiality and integrity protection. Furthermore, the thesis also investigates another source of reducing performance overhead in secure systems through optimizing on-chip caching schemes and minimizing off-chip communications.

Architecture

Security

GCM

Memory

Encryption

Authentication

Computer security

Copyright and electronic data processing

Data protection

Data encryption (Computer science)

Authentication