Global ETD Search

1	A Session Initiation Protocol User Agent with Key Escrow Hossen, MD. Sakhawat January 2009 (has links) <p>Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system.</p><p>Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session.</p><p>This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. <em>without</em> the possibility of undetectable fabrication of<em><strong> </strong></em>session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead.</p> Lawful Interception Key escrow SRTP MIKEY PKI Digital Signature
2	A Session Initiation Protocol User Agent with Key Escrow Hossen, MD. Sakhawat January 2009 (has links) Voice over Internet Protocol (VoIP), also called IP telephony is rapidly becoming a familiar term and as a technology it is invading the enterprise, private usage, and educational and government organizations. Exploiting advanced voice coding & compression techniques and bandwidth sharing over packet switched networks, VoIP can dramatically improve bandwidth efficiency. Moreover enhanced security features, mobility support, and cost reduction features of VoIP are making it a popular choice for personal communication. Due to its rapid growth in popularity VoIP is rapidly becoming the next generation phone system. Lawful interception is a mean of monitoring private communication of users that are suspected of criminal activities or to be a threat to national security. However, government regulatory bodies and law enforcement agencies are becoming conscious of the difficulty of lawful interception of public communication due to the mobilitysupport and advanced security features implemented in some implementations of VoIP technology. There has been continuous pressure from the government upon the operators and vendors to find a solution that would make lawful interception feasible and successful. Key escrow was proposed as a solution by the U. S. National Security Agency. In key escrow the key(s) for a session are entrusted to a trusted third party and upon proper authorization law enforcement agencies can receive the session key(s) from this trusted third party However, key escrow adds some security vulnerabilities and potential risks as an unethical employee of the key escrow agent (or a law enforcement agency that has received the session key(s)) can misuse the key(s) to forge content of a communication session -- as he or she possesses the same key(s) as the user used for this session. This thesis addresses the issue of forged session content, by proposing, implementing, and evaluating a cryptographic model which allows key escrow session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. without the possibility of undetectable fabrication of session content. The implementation utilizes an existing implementation of a Session Initiation Protocol (SIP) user agent ‘minisip’ developed at KTH. The performance evaluation results suggest that the proposed model can support key escrow while protecting the user communication from being forged with the cost of minimal computational resource and negligible overhead. Lawful Interception Key escrow SRTP MIKEY PKI Digital Signature
3	Anonymous Multi-Receiver Certificate-Based Encryption Tsai, Pei-Jen 16 August 2011 (has links) In a multi-receiver encryption environment, a sender can randomly choose a set of authorized receivers while distributing messages to them efficiently and securely. Recently, more and more researchers concern the privacy of receivers. They mentioned that an authorized receiver does not want other entities, except the service provider, to be able to derive her/his identity in many applications such as pay-TV. However, most of these protocols either provide no formal security proofs or are inefficient owing to high computation cost. In this thesis, we construct two provably secure and efficient anonymous multi-receiver certificated-based encryption schemes, PMCE and SCMCE, which avoid the key escrow problem while preserving the implicit certification of identity-based setting. The proposed PMCE and SCMCE get rid of pairing computation to encrypt a message and only need one and two pairing computations to decrypt the ciphertext, respectively. Finally, we define the security models and offer formal proofs to all properties including receiver anonymity. Key Escrow Freeness Multi-Receiver Encryption Bilinear Pairing Certificate-Based Encryption Anonymity
4	Lawful Interception and Countermeasures : In the era of Internet Telephony Evripidis, Romanidis January 2008 (has links) Lawful interception and the way it is performed have played a significant role in the effectiveness of this type of communication monitoring. Although the secrecy of interception and the related equipment are supposed to provide correct information to a law enforcement agency, there are some countermeasures that can be taken by the subject that can seriously undermine the collection of correct and accurate data. This thesis project attempts to identify the problems that exist for interception of telephony (be it fixed, mobile, or via the Internet). Moreover, there are some suggestions for improvements how lawful interception should be performed in order to avoid possible attacks that could decrease the credibility of the intercepted data. Numerous publications (in print or distributed on the Internet) have described weaknesses in the current state of the art lawful interception when using equipment that can be purchased in the market. This thesis presents improvements in how LI can be conducted in order to avoid these vulnerabilities. Additionally, there is a description of the key escrow systems and the possibility of avoiding one of their most significant vulnerabilities. The main problem of the lawful interception is the rapid changes in telecommunications and the complicated architecture of the telecommunication networks, as both make monitoring vulnerable to specific countermeasures. An analysis of how lawful interception can take place and current countermeasures for lawful interception of Internet telephony are vital in order to identify the problems in carrying out such intercepts today and to make suggestions for improvements. This topic is especially relevant given the current Swedish “FRA lagen” regarding interception of electronic communication going into, out of, and through Sweden. Not only is it important to understand how lawful interception can be performed or prevented, but it is also important to understand how information obtained from lawful interception could be purposely misleading or falsified. Lawful interception countermeasures key escrow SRTP/MIKEY digital signatures Communication Systems Kommunikationssystem
5	Multiple Escrow Agents in VoIP Azfar, Abdullah January 2010 (has links) Using a Key escrow agent in conjunction with Voice over IP (VoIP) communication ensures that law enforcements agencies (LEAs) can retrieve the session key used to encrypt data between two users in a VoIP session. However, the use of a single escrow agent has some drawbacks. A fraudulent request by an evil employee from the LEA can lead to improper disclosure of a session key. After the escrow agent reveals the key this evil person could fabricate data according to his/her needs and encrypt it again (using the correct session key). In this situation the persons involved in the communication session can be accused of crimes that he or she or they never committed. The problems with a single escrow agent becomes even more critical as a failure of the escrow agent can delay or even make it impossible to reveal the session key, thus the escrow agent might not be able to comply with a lawful court order or comply with their escrow agreement in the case of data being released according to this agreement (for example for disaster recovery). This thesis project focused on improving the accessibility and reliability of escrow agents, while providing good security. One such method is based on dividing the session key into M chunks and escrowing the chunks with M escrow agents. Using threshold cryptography the key can be regenerated by gathering any N-out-of-M chunks. The value of M and N may differ according to the role of the user. For a highly sophisticated session, the user might define a higher value for M and N for improved, availability, reliability, and security. For a less confidential or less important session (call), the value of M and N might be smaller. The thesis examines the increased availability and increased reliability made possible by using multiple escrow agents. / Med en nyckel förvaringsinstitut som tillsammans med Röst över IP (VoIP) kommunikation säkerställer att brottsbekämpande organ (LEAs) kan hämta sessionsnyckeln används för att kryptera data mellan två användare i en VoIP-session. Däremot har användningen av ett enda förvaringsinstitut visa nackdelar. En bedräglig begäran av en ond arbetstagare från LEA kan leda till otillbörligt röjande av en sessionsnyckel. Efter förvaringsinstitut avslöjar nyckeln detta onda person kunde fabricera uppgifter i enlighet med hans eller hennes behov och kryptera den igen (med rätt sessionsnyckel). I denna situation personer som deltar i kommunikationssession kan anklagas för brott som han eller hon eller de aldrig begått. Problemen med en enda förvaringsinstitut som blir ännu mer kritisk som ett misslyckande av förvaringsinstitut kan försena eller till och med gör det omöjligt att avslöja sessionsnyckeln, vilket förvaringsinstituten kanske inte kan följa en laglig domstolsbeslut eller uppfyller sina depositionsavtalets när det gäller data frisläppas i enlighet med detta avtal (till exempel för katastrofer). Detta examensarbete fokuserar på att förbättra tillgängligheten och tillförlitligheten i spärrade medel, samtidigt som god säkerhet. En sådan metod bygger på att dela upp sessionsnyckeln till M bitar och escrowing i bitar med M förvaringsinstituten. Använda tröskel kryptografi nyckeln kan genereras genom att samla alla N-out-of-M bitar. Värdet på M och N kan variera beroende på användarens roll. För en mycket sofistikerad session kan användaren definiera ett högre värde för M och N för förbättrad tillgänglighet, tillförlitlighet och säkerhet. För en mindre konfidentiell eller mindre viktigt session (telefonsamtal), kan värdet på M och N vara mindre. I avhandlingen analyseras den ökade tillgänglighet och ökad tillförlitlighet möjligt genom att använda flera spärrade medel. Key escrow VoIP Law Enforcement Agency Multiple Escrow Agents Threshold Cryptography Reliability Availability Shamir's Secret Sharing Communication Systems Kommunikationssystem
6	"Proposta de esquemas de criptografia e de assinatura sob modelo de criptografia de chave pública sem certificado" / "Proposal for encryption and signature schemes under certificateless public key cryptography model" Goya, Denise Hideko 28 June 2006 (has links) Sob o modelo de criptografia de chave pública baseada em identidades (ID-PKC), a própria identidade dos usuários é usada como chave pública, de modo a dispensar a necessidade de uma infra-estrutura de chaves públicas (ICP), na qual o gerenciamento de certificados digitais é complexo. Por outro lado, sistemas nesse modelo requerem uma entidade capaz de gerar chaves secretas. Essa entidade é conhecida por PKG (Private Key Generator); ela possui uma chave-mestra e mantém custódia das chaves secretas geradas a partir dessa chave-mestra. Naturalmente, a custódia de chaves é indesejável em muitas aplicações. O conceito de Criptografia de Chave Pública sem Certificado, ou Certificateless Public Key Cryptography (CL-PKC), foi proposto para que a custódia de chaves fosse eliminada, mantendo, porém, as características de interesse: a não necessidade de uma ICP e a eliminação de certificados digitais. CL-PKC deixa de ser um sistema baseado em identidades, pois é introduzida uma chave pública, gerada a partir de uma informação secreta do usuário. Nesta dissertação, apresentamos a construção de dois esquemas, um CL-PKE e um CL-PKS, baseados em emparelhamentos bilineares sobre curvas elípticas. Ambas propostas: (1) eliminam custódia de chaves; (2) dispensam certificados digitais; (3) são mais eficientes, sob certos aspectos, que esquemas anteriormente publicados; (4) e são seguros contra ataques adaptativos de texto cifrado escolhido (em CL-PKE) e contra ataques adaptativos de mensagem escolhida (em CL-PKS), sob o modelo de oráculos aleatórios. / Under the model of Identity Based Cryptography (ID-PKC), the public key can be the user's identity, therefore it does not require a Public Key Infrastructure (PKI) with its complex management of Digital Certificates. On the other hand, this system requires a Private Key Generator (PKG), a trusted authority who is in possession of a master key and can generate any of the private keys. In this way, PKG can exercise the so-called key escrow, which is undesirable in many applications. The concept of Certificateless Public Key Cryptography (CL-PKC) was proposed in order to remove the key escrow characteristic of IBC, while it does not require PKI neither Digital Certificates to certify the public keys. CL-PKC is no more an IBC because public keys are introduced, to bind the identities with its secret keys. In this thesis we construct two schemes, one CL-PKE and one CL-PKS, based on bilinear pairing functions which: (1) does not allow key escrow by the PKG; (2) does not require Digital Certificates; (3) is more efficient, in some aspects, than previously published CL-PKE and CL-PKS schemes; (4) and is secure in the sense that it is strong against adaptive chosen ciphertext attacks (in CL-PKE) and adaptive chosen message attacks (in CL-PKS), under Random Oracle Model. assinatura digital bilinear pairing certificateless public key cryptography CL-PKC CL-PKC custódia de chaves digital signature emparelhamento bilinear IBE ICP ID-PKC key escrow security segurança
7	"Proposta de esquemas de criptografia e de assinatura sob modelo de criptografia de chave pública sem certificado" / "Proposal for encryption and signature schemes under certificateless public key cryptography model" Denise Hideko Goya 28 June 2006 (has links) Sob o modelo de criptografia de chave pública baseada em identidades (ID-PKC), a própria identidade dos usuários é usada como chave pública, de modo a dispensar a necessidade de uma infra-estrutura de chaves públicas (ICP), na qual o gerenciamento de certificados digitais é complexo. Por outro lado, sistemas nesse modelo requerem uma entidade capaz de gerar chaves secretas. Essa entidade é conhecida por PKG (Private Key Generator); ela possui uma chave-mestra e mantém custódia das chaves secretas geradas a partir dessa chave-mestra. Naturalmente, a custódia de chaves é indesejável em muitas aplicações. O conceito de Criptografia de Chave Pública sem Certificado, ou Certificateless Public Key Cryptography (CL-PKC), foi proposto para que a custódia de chaves fosse eliminada, mantendo, porém, as características de interesse: a não necessidade de uma ICP e a eliminação de certificados digitais. CL-PKC deixa de ser um sistema baseado em identidades, pois é introduzida uma chave pública, gerada a partir de uma informação secreta do usuário. Nesta dissertação, apresentamos a construção de dois esquemas, um CL-PKE e um CL-PKS, baseados em emparelhamentos bilineares sobre curvas elípticas. Ambas propostas: (1) eliminam custódia de chaves; (2) dispensam certificados digitais; (3) são mais eficientes, sob certos aspectos, que esquemas anteriormente publicados; (4) e são seguros contra ataques adaptativos de texto cifrado escolhido (em CL-PKE) e contra ataques adaptativos de mensagem escolhida (em CL-PKS), sob o modelo de oráculos aleatórios. / Under the model of Identity Based Cryptography (ID-PKC), the public key can be the user's identity, therefore it does not require a Public Key Infrastructure (PKI) with its complex management of Digital Certificates. On the other hand, this system requires a Private Key Generator (PKG), a trusted authority who is in possession of a master key and can generate any of the private keys. In this way, PKG can exercise the so-called key escrow, which is undesirable in many applications. The concept of Certificateless Public Key Cryptography (CL-PKC) was proposed in order to remove the key escrow characteristic of IBC, while it does not require PKI neither Digital Certificates to certify the public keys. CL-PKC is no more an IBC because public keys are introduced, to bind the identities with its secret keys. In this thesis we construct two schemes, one CL-PKE and one CL-PKS, based on bilinear pairing functions which: (1) does not allow key escrow by the PKG; (2) does not require Digital Certificates; (3) is more efficient, in some aspects, than previously published CL-PKE and CL-PKS schemes; (4) and is secure in the sense that it is strong against adaptive chosen ciphertext attacks (in CL-PKE) and adaptive chosen message attacks (in CL-PKS), under Random Oracle Model. assinatura digital CL-PKC custódia de chaves emparelhamento bilinear ICP segurança bilinear pairing certificateless public key cryptography CL-PKC digital signature IBE ID-PKC key escrow security

1

Page generated in 0.0667 seconds