Global ETD Search

21	A client puzzle based public-key authentication and key establishment protocol. January 2002 (has links) Fung Chun-Kan. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 105-114). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgements --- p.iv / List of Figures --- p.viii / List of Tables --- p.x / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivations and Objectives --- p.1 / Chapter 1.2 --- Authentication Protocol --- p.3 / Chapter 1.3 --- Security Technologies --- p.5 / Chapter 1.3.1 --- Cryptography --- p.5 / Chapter 1.3.2 --- Digital Certificate --- p.7 / Chapter 1.3.3 --- One-way Hash Function --- p.8 / Chapter 1.3.4 --- Digital Signature --- p.9 / Chapter 1.4 --- Thesis Organization --- p.9 / Chapter 2 --- Related Work --- p.11 / Chapter 2.1 --- Introduction --- p.11 / Chapter 2.2 --- Authentication and Key Establishment Protocols --- p.11 / Chapter 2.3 --- Denial-of-Service Attack Handling Methods --- p.15 / Chapter 2.4 --- Attacks on Authentication and Key Establishment Protocol --- p.18 / Chapter 2.4.1 --- Denial-of-Service Attack --- p.19 / Chapter 2.4.2 --- Replay Attack --- p.19 / Chapter 2.4.3 --- Man-in-the middle Attack --- p.21 / Chapter 2.4.4 --- Chosen-text Attack --- p.22 / Chapter 2.4.5 --- Interleaving Attack --- p.23 / Chapter 2.4.6 --- Reflection Attack --- p.25 / Chapter 2.5 --- Summary --- p.27 / Chapter 3 --- A DoS-resistant Authentication and Key Establishment Protocol --- p.29 / Chapter 3.1 --- Introduction --- p.29 / Chapter 3.2 --- Protocol Notations --- p.30 / Chapter 3.3 --- Protocol Descriptions --- p.30 / Chapter 3.4 --- An Improved Client Puzzle Protocol --- p.37 / Chapter 3.4.1 --- Review of Juels-Brainard Protocol --- p.37 / Chapter 3.4.2 --- Weaknesses of Juels-Brainard Protocol and Proposed Improvements --- p.39 / Chapter 3.4.3 --- Improved Client Puzzle Protocol --- p.42 / Chapter 3.5 --- Authentication Framework --- p.43 / Chapter 3.5.1 --- Client Architecture --- p.44 / Chapter 3.5.2 --- Server Architecture --- p.47 / Chapter 3.6 --- Implementations --- p.49 / Chapter 3.6.1 --- Software and Programming Tools --- p.49 / Chapter 3.6.2 --- The Message Formats --- p.50 / Chapter 3.5.3 --- Browser Interface --- p.51 / Chapter 3.6.4 --- Calculation of the Difficulty Level --- p.53 / Chapter 3.6.5 --- "(C, t) Non-Existence Verification" --- p.56 / Chapter 3.7 --- Summary --- p.57 / Chapter 4 --- Security Analysis and Formal Proof --- p.58 / Chapter 4.1 --- Introduction --- p.58 / Chapter 4.2 --- Security Analysis --- p.59 / Chapter 4.2.1 --- Denial-of-Service Attacks --- p.59 / Chapter 4.2.2 --- Replay Attacks.........； --- p.60 / Chapter 4.2.3 --- Chosen-text Attacks --- p.60 / Chapter 4.2.4 --- Interleaving Attacks --- p.61 / Chapter 4.2.5 --- Others --- p.62 / Chapter 4.3 --- Formal Proof Methods --- p.62 / Chapter 4.3.1 --- General-purpose Specification Languages and Verification Tools --- p.62 / Chapter 4.3.2 --- Expert System Approach --- p.63 / Chapter 4.3.3 --- Modal Logic Approach --- p.64 / Chapter 4.3.4 --- Algebraic Term-Rewriting Approach --- p.66 / Chapter 4.4 --- Formal Proof of the Proposed Protocol --- p.66 / Chapter 4.4.1 --- Notations --- p.67 / Chapter 4.4.2 --- The Proof --- p.68 / Chapter 4.5 --- Summary --- p.73 / Chapter 5 --- Experimental Results and Analysis --- p.75 / Chapter 5.1 --- Introduction --- p.75 / Chapter 5.2 --- Experimental Environment --- p.75 / Chapter 5.3 --- Experiments --- p.77 / Chapter 5.3.1 --- Computational Performance of the Puzzle Solving Operation at different Difficulty Levels --- p.77 / Chapter 5.3.2 --- Computational Performance of the Puzzle Generation and Puzzle Solution Verification --- p.79 / Chapter 5.3.3 --- Computational Performance of the Protocol Cryptographic Operations --- p.82 / Chapter 5.3.4 --- Computational Performance of the Overall Protocol Session --- p.84 / Chapter 5.3.5 --- Impact on the Server Load without Client Puzzles --- p.85 / Chapter 5.3.6 --- Impact on the Server Load with Client Puzzles --- p.88 / Chapter 5.3.7 --- Impact on the Server Response Time from the Puzzles --- p.97 / Chapter 5.4 --- Summary --- p.100 / Chapter 6 --- Conclusion and Future Work --- p.101 / Chapter 6.1 --- Concluding Remarks --- p.101 / Chapter 6.2 --- Contributions --- p.103 / Chapter 6.3 --- Future Work --- p.104 / Bibliography --- p.105 Public key cryptography Data encryption (Computer science) Computer networks--Security measures
22	Análise de elementos jurídico-tecnológicos que compõem a assinatura digital certificada digitalmente pela Infra-estrutura da Chaves Públicas do Brasil (ICP-Brasil). / Analysis of legal-technological elements that compose the certifyd digital signature for the infrastructure of public keys of Brazil (ICP-Brasil). Airton Roberto Guelfi 22 March 2007 (has links) Este trabalho faz uma análise crítica dos elementos jurídicos-tecnológicos de uma assinatura digital certificada digitalmente. O primeiro aspecto a ser abordado advém da verificação da competência para o desenvolvimento da atividade de certificação, em decorrência da natureza jurídica do certificado digital. Consoante se verificou, o certificado digital é o instrumento hábil a assegurar a autenticidade dos documentos eletrônicos por meio de uma assinatura digital. Dessa forma, equipara-se ao ato de reconhecimento de firma, atividade notarial desenvolvida pelos Cartórios Notariais, de acordo com a competência fixada no artigo 236 da Constituição da República Federativa do Brasil. Todavia, segundo regra presente na Medida Provisória 2.200-2/01, desde 2001 essa atividade vem sendo desenvolvida sob a competência do Governo Federal, através do Instituto Nacional de Tecnologia da Informação - ITI (Autoridade Certificadora Raiz da Infraestrutura de Chaves Públicas do Brasil. Como decorrência tem-se que a Medida Provisória 2.200-2/01 é inconstitucional, uma vez que não respeita regra de competência material fixada pela Constituição da República Federativa do Brasil para o desenvolvimento da atividade notarial. Sob um prisma tecnológico, têm-se que a ICP-Brasil, por meio de seu Comitê Gestor, fixa expressamente qual a tecnologia que deve ser empregada para a produção das assinaturas digitais. Neste caminho, até maio de 2006, entre outros, foi indicado o algoritmo criptográfico de função hash MD5 para a geração das assinaturas digitais com autenticidade e integridade garantidas por lei. Todavia, o MD5 perdeu sua utilidade em 2004, quando foi quebrado, ocasionando a possibilidade de fraudes, inclusive a geração de documentos eletrônicos forjados. Sem dúvida, a legislação brasileira vinha assegurando validade jurídica e força probante a documentos eletrônicos assinados com algoritmo criptográfico de função hash MD5 que poderiam ter sido forjados. Para que o documento eletrônico assinado digitalmente possa ser amplamente utilizado em relações sociais é preciso que regras jurídicas e tecnológicas sejam respeitadas, sob pena de se criar uma enorme insegurança social. / This work presents a critical analysis of the technology and law aspects of certified digital signatures, and their implementation in Brazil. We discuss and verify the competency rules that apply to the certification activity according to the legal nature of the digital certificate. A digital certificate is the instrument that secures the authenticity of an electronic document by means of a digital signature. According to the article 236 of the Brazilian Constitution, authenticity certifications are of exclusive competence of public notaries. Nevertheless, based on an under constitutional statute, digital certification has being conducted by the Federal Government thru its National Institute of Information Technology (Instituto Nacional de Tecnologia da Informação - ITI), who is responsible for the Brazilian public key root certification authority. We found that the statute that supports those activities (Medida Provisória 2.200-2/01) is unconstitutional, and therefore invalid and unenforceable, since it does not satisfy constitutional rules of material competency. Under a technology view, we find that the Managing Committee of the Brazilian Public Key Infrastructure explicitly defines the technology to be used in digital signatures. According to that ruling, until may 2006, among others, the MD5 hashing algorithm was used to generate digital signatures with statutory presumption of authenticity and integrity. Nevertheless, MD5 lost its technical usefulness in 2004, when it was broken, and became prone to fraud such as the generation of forged electronic documents. There is no doubt that Brazilian legislation gave legal value and probatory force to electronic documents signed using the already broken MD5 hashing algorithm that could very well had been forged. Digitally signed electronic documents can only be successfully used if legal rules and the technological aspects be fully understood and respected. Otherwise, the result will be high levels of uncertainty in law relations. Assinatura digital Certificação digital Infra-estrutura de chaves públicas Digital certification Digital signature Public key infrastructure
23	The performance of Group Diffie-Hellman paradigms : a software framework and analysis / Hagzan, Kieran S. January 2007 (has links) Thesis (M.S.)--Rochester Institute of Technology, 2007. / Typescript. Includes bibliographical references (leaf 246).
24	A survey and security strength classification of PKI certificate revocation management implementations / MacMichael, John L. January 2003 (has links) (PDF) Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, December 2003. / Thesis advisor(s): J.D. Fulp, D.F. Warren. Includes bibliographical references. Also available online.
25	Forward security and certificate management in mobile AD Hoc networks Go, Hiu-wing., 吳曉頴. January 2004 (has links) published_or_final_version / abstract / toc / Computer Science and Information Systems / Master / Master of Philosophy Wireless communication systems Public key cryptography. Mobile communication systems.
26	Authentication and key establishment in computer and communication networks no silver bullet / Mehta, Manish. Harn, Lein. January 2006 (has links) Thesis (Ph. D.)--School Computing and Engineering. University of Missouri--Kansas City, 2006. / "A dissertation in computer networking and software architecture." Advisor: Lein Harn. Typescript. Vita. Title from "catalog record" of the print edition Description based on contents viewed Nov. 13, 2007. Includes bibliographical references (leaves 203-214). Online version of the print edition.
27	A novel unified algorithm and hardware architecture for integrated modular division and multiplication in GF(p) and GF(2[superscript]n) suitable for public-key cryptography / Tawalbeh, Lo'ai. January 1900 (has links) Thesis (Ph. D.)--Oregon State University, 2005. / Printout. Includes bibliographical references (leaves 57-61). Also available on the World Wide Web.
28	Validation, delegation, and trust in inter-domain public key infrastructure Grindlinger, David Matthew. January 2002 (has links) Thesis (M.S.)--University of Florida, 2002. / Title from title page of source document. Includes vita. Includes bibliographical references.
29	Design and development of an on-line vending system for selling prepaid electricity via the Internet Hearn, Gareth 07 March 2006 (has links) The sale of prepaid electricity is prevalent in South Africa due to the current economic, social, and political conditions. The system currently used for the distribution of tokens for prepaid electricity, CVS, has a design flaw that leads to many security vulnerabilities. The design flaw is that the security devices that generate the tokens are distributed in the field and operate independently of centralised control. This was done because of the limited communication infrastructure in South Africa 10 years ago, but is no longer necessary. An improvement to the system is suggested that removes the security vulnerabilities by making the system on-line. By employing the communication infrastructure that is available today to provide access to the security devices, the security devices can be located in a secure environment. Changing the mode of operation to on-line also has other advantages such as simplifying auditing and removing synchronisation problems. This improved system works by communicating on-line with a centralised server and database for every transaction that a customer makes. By doing this, all of the parties involved are kept up to date with the most recent transactions. There can no longer be financial discrepancies and the risk of all parties involved is thus reduced. It is no longer meaningful to steal the vending machines because they no longer have the ability to generate tokens independently. In order to implement such a system, however, there are many security aspects that need to be addressed, such as the confidentiality of the information within the system and proving that a transaction did occur between two specific parties. To this end, cryptographic functions and protocols are selected that meet the requirements of the system. Public key cryptography was found to be a necessary ingredient in making the system work effectively and efficiently. In order to use public key cryptography in the new system, Public Key Infrastructure is required to manage public keys and provide authentication services. A suitable system is developed and described that employs certificate authorities and X.509 certificates. The procedures that are required from each party are listed. A set of messages that is required for the functions of the system is given. For each message, the contents of the message is given, the parts of the message that must be encrypted are defined and the parts of the message that must be digitally signed are given. Finally, the security of the individual parts of the system is critically analysed to show that all of the design goals have been achieved. Particular attention is given to the authentication of parties involved in the communication. The security of the system as a whole is also evaluated with respect to the X.810 security framework and it is shown that the system is robust from a security perspective. The result of the research is a system that meets the required functionality to replace the existing system, and at the same time meets all of the security requirements. It is shown that the proposed system does not have the security flaws of the existing system and thus is more effective in its purpose of vending prepaid electricity. / Dissertation (MEng (Electronic))--University of Pretoria, 2007. / Electrical, Electronic and Computer Engineering / unrestricted X.509 Public key infrastructure Xml Cryptography Security On-line Cvs Sts Prepaid electricity Soap UCTD
30	Přístupy k auditu infrastruktury veřejných klíčů / Public Key Infrastructure audit approaches Pěnka, Michal January 2010 (has links) The aim of this work is to introduce fundamental concepts of public key infrastructure. Basic requirements for communication and related problems are presented. The solution of these problems can be found in cryptography. Different types of cyphers and infrastructures based on assymetric cryptography are described. The infrastructure types involve hierarchical system of certificate authorities and the web of trust. Furthermore, there is a list and description of cryptography software which can be used in the field of public key infrastructre. The main topic of this thesis is the audit of public key infrastructure. Audit can be supported by several available standards, e.g. WebTrust for Certificate Authorities, ETSI TS 101 456, ETSI TS 102 042 and ISO 21188:2006. This paper systematically describes these standards and using statistical methods compares and evaluates their complexity.

Search results