Global ETD Search

151	LF-PKI: Practical, Secure, and High-Performance Design and Implementation of a Lite Flexible PKI / LF-PKI: Praktisk, säker och Högpresterande design och Implementering av Lite Flexible PKI Xu, Yongzhe January 2022 (has links) Today’s Web Public Key Infrastructure (PKI) builds on a homogeneous trust model. All Certificate Authorities (CAs) are equally trusted once they are marked as trusted CAs on the client side. As a result, the security of the Web PKI depends on the weakest CA. Trust heterogeneity and flexibility can be introduced in today’s Web PKI to mitigate the problem. Each client could have different levels of trust in each trusted CA, according to the properties of each CA, such as the location, reputation and scale of the CA. As a result, the loss caused by the compromise of a less trusted CA will be relieved. In this work, we study Flexible-PKI (F-PKI), which is an enhancement of Web PKI, and propose Lite Flexible-PKI (LF-PKI) to address the limitations of F-PKI. LF-PKI is designed to securely and efficiently manage domain policies and enable trust heterogeneity on the client side. The domain owner can issue domain policies for their domains, and the client will have a complete view of the domain policies issued for a specific domain. Based on the collection of domain policies from LF-PKI, trust heterogeneity can be achieved on the client side. Each client will choose the domain policies based on the trust levels of the CA. On the basis of the LF-PKI design, a high-performance implementation of LF-PKI was developed, optimized, and analyzed. The optimized implementation can provide the LF-PKI services for worldwide domains on a single server with moderate hardware. / Dagens Web Public Key Infrastructure (PKI) bygger på en homogen förtroendemodell. Alla certifikatutfärdare (CA) är lika betrodda när de är markerade som betrodda certifikatutfärdare på klientsidan. Som ett resultat beror säkerheten för webb-PKI på den svagaste CA. Förtroendeheterogenitet och flexibilitet kan införas i dagens webb-PKI för att mildra problemet. Varje klient kan ha olika nivåer av förtroende för varje betrodd certifikatutfärdare, beroende på egenskaperna hos varje certifikatutfärdare, såsom certifikatutfärdarens plats, rykte och omfattning. Som ett resultat kommer förlusten som orsakats av kompromissen av en mindre pålitlig CA att avhjälpas. I detta arbete studerar vi Flexible-PKI (F-PKI), som är en förbättring av webb-PKI, och föreslår Lite Flexible-PKI (LF-PKI) för att ta itu med begränsningarna hos F-PKI. LF-PKI är utformad för att säkert och effektivt hantera domänpolicyer och möjliggöra förtroendeheterogenitet på klientsidan. Domänägaren kan utfärda domänpolicyer för sina domäner, och klienten kommer att ha en fullständig bild av domänpolicyerna som utfärdats för en specifik domän. Baserat på insamlingen av domänpolicyer från LF-PKI kan förtroendeheterogenitet uppnås på klientsidan. Varje klient kommer att välja domänpolicyer baserat på förtroendenivåerna för CA. På basis av LF-PKI-designen utvecklades, optimerades och analyserades en högpresterande implementering av LF-PKI. Den optimerade implementeringen kan tillhandahålla LF-PKI-tjänster för världsomspännande domäner på en enda server med måttlig hårdvara. Web Public Key Infrastructure (PKI) Certificate Transparency (CT) trust heterogeneity Sparse Merkle Tree (SMT) Web Public Key Infrastructure (PKI) Certificate Transparency (CT) trust heterogenity Sparse Merkle Träd (SMT) Computer and Information Sciences Data- och informationsvetenskap
152	Análise da viabilidade da implementação de algoritmos pós-quânticos baseados em quase-grupos multivariados quadráticos em plataformas de processamento limitadas. / Analyzing of the feasibility of implementing post-quantum algorithms based on multivariate quadratic quasigroups processing platforms in limited. Maia, Ricardo José Menezes 17 September 2010 (has links) Redes de sensores sem fio (RSSF) tipicamente consistem de nós sensores com limitação de energia, processamento, comunicação e memória. A segurança em RSSF está se tornando fundamental com o surgimento de aplicações que necessitam de mecanismos que permitam autenticidade, integridade e confidencialidade. Devido a limitações de recursos em RSSF, adequar criptossistemas de chaves públicas (PKC) para estas redes é um problema de pesquisa em aberto. Meados de 2008, Danilo Gligoroski et al. propuseram um novo PKC baseado em quase-grupos multivariados quadráticos (MQQ). Experimentos feitos por Gligoroski na plataforma FPGA mostram que MQQ executou em tempo menor que principais PKC (DH, RSA e ECC) existentes, tanto que alguns artigos afirmam que MQQ possui velocidade de uma típica cifra de bloco simétrica. Além disto, o MQQ exibiu o mesmo nível de segurança que outros PKC (DH, RSA e ECC) necessitando chaves menores. Outra propriedade que chama atenção no MQQ é o uso das operações básicas XOR, AND e deslocamento de bits nos processos de encriptação e decriptação, fato importante considerando que uma RSSF possui processamento limitado. Estas características tornam o MQQ promissor a levar um novo caminho na difícil tarefa de dotar redes de sensores sem fio de criptossistemas de chaves públicas. Neste contexto se insere este trabalho que analisa a viabilidade de implementar o algoritmo MQQ em uma plataforma de RSSF. Sendo importante considerar que este trabalho inova na proposta de levar para RSSF este novo PKC baseado quase-grupos multivariados quadráticos, além de contribuir com um método para reduzir o tamanho da chave pública utilizada pelo MQQ. Foram feitos testes com MQQ nas plataformas TelosB e MICAz, sendo que o MQQexibiu os tempos de 825; 1 ms para encriptar e 116; 6 ms para decriptar no TelosB e 445 ms para encriptar no MICAz. / Wireless sensor networks (WSN) typically consist of sensor nodes with limited energy, processing, communication and memory. Security in WSN is becoming critical with the emergence of applications that require mechanisms for authenticity, integrity and confidentiality. Due to resource constraints in sensor networks, public key cryptosystems suit (PKC) for these networks is an open research problem. In 2008 Danilo Gligoroski et al. proposed a new PKC based on quasi-groups multivariate quadratic (MQQ). Experiments by Gligoroski on FPGA platform show that MQQ performed in less time than most popular PKC (DH, RSA and ECC), so that some papers say MQQ has a typical speed of symmetric block cipher. Moreover, the MQQ exhibited same level of security that other PKC (DH, RSA and ECC) requiring keys minors. Another property that draws attention in MQQ is the use of basic operations XOR, AND, and bit shifting in the processes of encryption and decryption, important fact considering that a WSN has limited processing. These features make the MQQ promising to take a new path in the difficult task of providing wireless sensor networks in public key cryptosystems. Appears in this context that this study examines the feasibility of implementing MQQ a platform for WSN. Is important to consider this innovative work in the proposal to bring this new PKC for WSN based multivariate quadratic quasigroups, and contribute a method to reduce the size public key used by MQQ. Tests with MQQ on platforms TelosB and MICAz, the MQQ exhibited 825ms to encrypt and 116ms to decrypt on TelosB and 445 ms to encrypt on MICAz. Criptossistemas de chaves públicas Multivariate quadratic quasigroups Public key Cryptosystems Quase-grupos multivariados quadráticos Redes de sensores sem fio Wireless sensor networks
153	Análise da viabilidade da implementação de algoritmos pós-quânticos baseados em quase-grupos multivariados quadráticos em plataformas de processamento limitadas. / Analyzing of the feasibility of implementing post-quantum algorithms based on multivariate quadratic quasigroups processing platforms in limited. Ricardo José Menezes Maia 17 September 2010 (has links) Redes de sensores sem fio (RSSF) tipicamente consistem de nós sensores com limitação de energia, processamento, comunicação e memória. A segurança em RSSF está se tornando fundamental com o surgimento de aplicações que necessitam de mecanismos que permitam autenticidade, integridade e confidencialidade. Devido a limitações de recursos em RSSF, adequar criptossistemas de chaves públicas (PKC) para estas redes é um problema de pesquisa em aberto. Meados de 2008, Danilo Gligoroski et al. propuseram um novo PKC baseado em quase-grupos multivariados quadráticos (MQQ). Experimentos feitos por Gligoroski na plataforma FPGA mostram que MQQ executou em tempo menor que principais PKC (DH, RSA e ECC) existentes, tanto que alguns artigos afirmam que MQQ possui velocidade de uma típica cifra de bloco simétrica. Além disto, o MQQ exibiu o mesmo nível de segurança que outros PKC (DH, RSA e ECC) necessitando chaves menores. Outra propriedade que chama atenção no MQQ é o uso das operações básicas XOR, AND e deslocamento de bits nos processos de encriptação e decriptação, fato importante considerando que uma RSSF possui processamento limitado. Estas características tornam o MQQ promissor a levar um novo caminho na difícil tarefa de dotar redes de sensores sem fio de criptossistemas de chaves públicas. Neste contexto se insere este trabalho que analisa a viabilidade de implementar o algoritmo MQQ em uma plataforma de RSSF. Sendo importante considerar que este trabalho inova na proposta de levar para RSSF este novo PKC baseado quase-grupos multivariados quadráticos, além de contribuir com um método para reduzir o tamanho da chave pública utilizada pelo MQQ. Foram feitos testes com MQQ nas plataformas TelosB e MICAz, sendo que o MQQexibiu os tempos de 825; 1 ms para encriptar e 116; 6 ms para decriptar no TelosB e 445 ms para encriptar no MICAz. / Wireless sensor networks (WSN) typically consist of sensor nodes with limited energy, processing, communication and memory. Security in WSN is becoming critical with the emergence of applications that require mechanisms for authenticity, integrity and confidentiality. Due to resource constraints in sensor networks, public key cryptosystems suit (PKC) for these networks is an open research problem. In 2008 Danilo Gligoroski et al. proposed a new PKC based on quasi-groups multivariate quadratic (MQQ). Experiments by Gligoroski on FPGA platform show that MQQ performed in less time than most popular PKC (DH, RSA and ECC), so that some papers say MQQ has a typical speed of symmetric block cipher. Moreover, the MQQ exhibited same level of security that other PKC (DH, RSA and ECC) requiring keys minors. Another property that draws attention in MQQ is the use of basic operations XOR, AND, and bit shifting in the processes of encryption and decryption, important fact considering that a WSN has limited processing. These features make the MQQ promising to take a new path in the difficult task of providing wireless sensor networks in public key cryptosystems. Appears in this context that this study examines the feasibility of implementing MQQ a platform for WSN. Is important to consider this innovative work in the proposal to bring this new PKC for WSN based multivariate quadratic quasigroups, and contribute a method to reduce the size public key used by MQQ. Tests with MQQ on platforms TelosB and MICAz, the MQQ exhibited 825ms to encrypt and 116ms to decrypt on TelosB and 445 ms to encrypt on MICAz. Criptossistemas de chaves públicas Quase-grupos multivariados quadráticos Redes de sensores sem fio Multivariate quadratic quasigroups Public key Cryptosystems Wireless sensor networks
154	Efficient NTRU Implementations O'Rourke, Colleen Marie 30 April 2002 (has links) In this paper, new software and hardware designs for the NTRU Public Key Cryptosystem are proposed. The first design attempts to improve NTRU's polynomial multiplication through applying techniques from the Chinese Remainder Theorem (CRT) to the convolution algorithm. Although the application of CRT shows promise for the creation of the inverse polynomials in the setup procedure, it does not provide any benefits to the procedures that are critical to the performance of NTRU (public key creation, encryption, and decryption). This research has identified that this is due to the small coefficients of one of the operands, which can be a common misunderstanding. The second design focuses on improving the performance of the polynomial multiplications within NTRU's key creation, encryption, and decryption procedures through hardware. This design exploits the inherent parallelism within a polynomial multiplication to make scalability possible. The advantage scalability provides is that it allows the user to customize the design for low and high power applications. In addition, the support for arbitrary precision allows the user to meet the desired security level. The third design utilizes the Montgomery Multiplication algorithm to develop an unified architecture that can perform a modular multiplication for GF(p) and GF(2^k) and a polynomial multiplication for NTRU. The unified design only requires an additional 10 gates in order for the Montgomery Multiplier core to compute the polynomial multiplication for NTRU. However, this added support for NTRU presents some restrictions on the supported lengths of the moduli and on the chosen value for the residue for the GF(p) and GF(2^k) cases. Despite these restrictions, this unified architecture is now capable of supporting public key operations for the majority of Public-Key Cryptosystems. NTRU cryptography scalable multiplier unified multiplier Montgomery multiplier Public key cryptography Computer algorithms Data encryption (Computer science)
155	The Evolution of Cryptology Souza, Gwendolyn Rae 01 June 2016 (has links) We live in an age when our most private information is becoming exceedingly difficult to keep private. Cryptology allows for the creation of encryptive barriers that protect this information. Though the information is protected, it is not entirely inaccessible. A recipient may be able to access the information by decoding the message. This possible threat has encouraged cryptologists to evolve and complicate their encrypting methods so that future information can remain safe and become more difficult to decode. There are various methods of encryption that demonstrate how cryptology continues to evolve through time. These methods revolve around different areas of mathematics such as arithmetic, number theory, and probability. Another concern that has brought cryptology into everyday use and necessity is user authentication. How does one or a machine know that a user is who they say they are? Living in the age where most of our information is sent and accepted through computers, it is crucial that our information is kept safe, and in the appropriate care. cryptology cryptography RSA ciphers public-key cryptography Intellectual History Number Theory Other Applied Mathematics Other History Other Mathematics
156	A Secure Anti-Counterfeiting System using Near Field Communication, Public Key Cryptography, Blockchain, and Bayesian Games Alzahrani, Naif Saeed 16 July 2019 (has links) Counterfeit products, especially in the pharmaceutical sector, have plagued the international community for decades. To combat this problem, many anti-counterfeiting approaches have been proposed. They use either Radio Frequency Identification (RFID) or Near Field Communication (NFC) physical tags affixed to the products. Current anti-counterfeiting approaches detect two counterfeiting attacks: (1) modifications to a product's tag details, such as changing the expiration date; and (2) cloning of a genuine product's details to reuse on counterfeit products. In addition, these anti-counterfeiting approaches track-and-trace the physical locations of products as the products flow through supply chains. Existing approaches suffer from two main drawbacks. They cannot detect tag reapplication attacks, wherein a counterfeiter removes a legitimate tag from a genuine product and reapplies it to a counterfeit or expired product. Second, most existing approaches typically rely on a central server to authenticate products. This is not scalable and creates tremendous processing burden on the server, since significant volumes of products flood through the supply chain's nodes. In addition, centralized supply chains require substantial data storage to store authentication records for all products. Moreover, as with centralized systems, traditional supply chains inherently have the problem of a single-point of failure. The thesis of this dissertation is that a robust, scalable, counterfeiting-resistant supply chain that addresses the above drawbacks and can be simultaneously achieved by (i) using a combination of NFC tags on products and a distributed ledger such as blockchain for reapplication-proof, decentralized, and transparent product authentication (ii) a novel game-theoretical consensus protocol for enforcing true decentralization, and enhancing the protocol's security and performance. In this dissertation, we first propose a new Tag Reapplication Detection (TRD) system to detect reapplication attacks using low-cost NFC tags and public key cryptography. To detect reapplication attacks, TRD tracks the number of times a tag has been read in the supply chain using a 'central' authentication server. Second, leveraging the blockchain technology, we propose the Block-Supply Chain, a transformation of TRD into a decentralized supply chain. In this chain, each node maintains a blockchain (distributed public ledger) per product. This blockchain comprises chained blocks, where each is an authentication event. The Block-Supply Chain can detect tag reapplication attacks and can replace the centralized supply chain design, thus overcoming the centralization issues. One of the fundamental characteristics of blockchain technology is the consensus protocol. Consensus protocols ensure that all nodes in the blockchain network agree on the validity of a block to be included in the public ledger. The first and most popular of the existing consensus protocols is Proof of Work (PoW). However, PoW requires massive computational effort, resulting in high energy and computing resources consumption. Alternatively, Byzantine Fault Tolerance (BFT) protocols, such as Tendermint, were adapted in blockchain technology to be efficient and easy to implement. Nevertheless, not all of BFT protocols guarantee true decentralization, and they are mostly based on fixed-validators. BFT fixed-validators protocols typically rely on fixed, static validators responsible for validating all newly proposed blocks. This opens the door for adversaries to launch several attacks on these validators, such as Distributed Denial of Service (DDoS) and Eclipse attacks. In contrast, a truly decentralized protocol ensures that variable sets of anonymous validators execute the blocks' validations. Building on this observation, we propose the TrueBFT, a truly decentralized BFT-based consensus protocol that does not require PoW and randomly employs a different set of validators on each block's proposal. TrueBFT is designed for permissioned blockchains (in such blockchains, the participants who can transact on the blockchain are limited, and each participant is required to have permission to join the system). Our simulations show that TrueBFT offers remarkable performance with a satisfactory level of security compared to the state-of-the-art protocol Tendermint. Another issue with current consensus protocols, particularly the BFT, is that the majority of them do not take the number of employed validators into consideration. The number of validators in a blockchain network influences its security and performance substantially. In response, we integrate a game theoretical model into TrueBFT that analyzes the risk likelihood of each proposer (i.e., the node that creates and proposes the new block). Consequently, each time a new block is proposed, the 'number of validators' becomes proportional to the risk likelihood block's proposer. Additionally, the game model reinforces the honest behavior of the validators by rewarding honest validators and punishing dishonest ones. Together, TRD, Block-Supply Chain, and the game-theoretical TrueBFT consensus protocol enable robust, scalable, decentralized anti-counterfeiting supply chain that is resistant to tag reapplication attacks, as well as attacks to consensus protocols such as DDoS and Eclipse attacks. Business logistics Computer network protocols Near-field communication Public key cryptography Computer Sciences
157	Analysis Of Electronic Signature In Turkey From The Legal And Economic Perspectives And The Awareness Level In The Country Iskender, Gokhan 01 August 2006 (has links) (PDF) As in the case of other information technologies, the best way of obtaining efficient results from electronic signature application is integrating it to the legal and economic systems and increasing the awareness level of technology in the society. This thesis performs the legal and economic analyses of electronic signature in Turkey and measures the awareness level in the society. The analyses performed in the thesis show that electronic signature is not legally established in Turkey even the legal base is harmonious with European Union and it is expensive in practice even though its economic rate of return is high and the awareness level in the society which is measured in this study with a 20 questions test is not very high. T Information Technology 58.5-58.64
158	Parsing of X.509 certificates in a WAP environment / Parsning av X.509 certifikat i en WAP-miljö Asplund, Fredrik January 2002 (has links) <p>This master thesis consists of three parts. The first part contains a summary of what is needed to understand a X.509 parser that I have created, a discussion concerning the technical problems I encountered during the programming of this parser and a discussion concerning the final version of the parser. The second part concerns a comparison I made between the X.509 parser I created and a X.509 parser created"automatically"by a compiler. I tested static memory, allocation of memory during runtime and utilization of the CPU for both my parser (MP) and the parser that had a basic structure constructed by a compiler (OAP). I discuss changes in the parsers involved to make the comparison fair to OAP, the results from the tests and when circumstances such as time and non-standard content in the project make one way of constructing a X.509 parser better than the other way. The last part concerns a WTLS parser (a simpler kind of X.509 parser), which I created.</p> Informationsteknik Computer Security Parser Program comparison Programming Public key encryption WTLS certificate X.509 certificate Informationsteknik Information technology Informationsteknik
159	Attribute-based encryption : robust and efficient constructions Rouselakis, Ioannis 26 September 2013 (has links) Attribute-based encryption is a promising cryptographic primitive that allows users to encrypt data according to specific policies on the credentials of the recipients. For example, a user might want to store data in a public server such that only subscribers with credentials of specific forms are allowed to access them. Encrypting the data once for each party is not only impractical but also raises important privacy issues. Therefore, it would be beneficial to be able to encrypt only once for all desired parties. This is achievable by attribute-based encryption schemes, which come into several types and are applicable to a wide range of settings. Several attribute-based encryption schemes have been proposed and studied with a wide range of characteristics. For example, initial constructions proved to be significantly more challenging than constructing traditional public-key encryption systems and they imposed restrictions on the expressiveness of the Boolean formulas used during encryption. For several proposed schemes the total number of attributes was fixed during setup, while others allowed any string to be used as attribute ("large universe" constructions), but with considerable weaker security guarantees. Furthermore, these first constructions, although polynomial time, were impractical for wide deployment. This thesis is motivated by two main goals for ABE schemes: robustness and efficiency. For robustness, we propose a novel construction that achieves strong security guarantees and at the same time augments the capabilities of previous schemes. More specifically, we adapt existing techniques to achieve leakage-resilient ABE schemes with augmented robustness features making no compromises on security. For the second direction, our goal is to create practical schemes with as many features as possible, such as "large universe" and multi-authority settings. We showcase these claims with working implementations, benchmarks, and comparisons to previous constructions. Finally, these constructions lead us to new directions that we propose and intend to investigate further. / text Cryptography Public-key encryption Attribute-based encryption Large universe Leakage-resilience Multi-authority Ciphertext-policy Key-policy
160	Use Of Pki For Process Authorization Taskazan, Feyza 01 January 2004 (has links) (PDF) Enterprises require an information security solution that provides privacy, integrity, authentication and access controls for processes. License management systems are developed to be a solution for process authorization in different platforms. However, security threats on processes cannot be controlled with existing license management mechanisms. The need is a complete system that is independent from implementation, platform, and application. In this thesis, we design a complete system for process authorization based on Public Key Infrastructure (PKI) technology. QA Computer Software 76.75-76.765

Search results