IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications

Hadjichristofi, George Costa

11 January 2002

This research focuses on developing a set of secure communication network testbeds and using them to measure the overhead of IP Security (IPSec) for email and web applications. The network testbeds are implemented using both wireline and wireless technologies. The testing involves a combination of authentication algorithms such as Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5) and Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1), implemented through different authentication protocols such as ESP and AH, and used in conjunction with the Triple Digital Encryption Standard (3DES). The research examines the overhead using no encryption and no authentication, authentication and no encryption, and authentication and encryption. A variety of different sizes of compressed and uncompressed files, are considered when measuring the overhead. The testbed realizes security using IPSec to secure the connection between different nodes. The email protocol that is used is the Simple Mail Transfer Protocol (SMTP) and the web protocol considered is the Hyper Text Transfer Protocol (HTTP). The key metrics considered are the network load in bytes, the number of packets, and the transfer time. This research emphasizes the importance of using HTTP to access files than using SMTP. Use of HTTP requires fewer packets, lower network loads, and lower transfer times than SMTP. It is demonstrated that this difference, which occurs regardless of security, is magnified by the use of authentication and encryption. The results also indicate the value of using compressed files for file transfers. Compressed and uncompressed files require the same transfer time, network load and number of packets since FreeS/WAN IPSec does not carry any form of compression on the data before passing it to the data link layer. Both authentication algorithms, HMAC-MD5 and HMAC- SHA1, result in about the same network load and number of packets. However, HMAC-SHA1 results in a higher transfer time than HMAC-MD5 because of SHA1's higher computational requirements. ESP authentication and ESP encryption reduce the network load for small files only, compared to ESP encryption and AH authentication. ESP authentication could not be compared with AH authentication, since the FreeS/WAN IPSec implementation used in the study does not support ESP authentication without using encryption. In a wireless environment, using IPSec does not increase the network load and the number of transactions, when compared to a wireline environment. Also, the effect of security on transfer time is higher compared to a wireline environment, even though that increase is overshadowed by the high transfer time percentage increase due to the wireless medium. / Master of Science

ESP

MD5

3DES

IP Security

AH

SHA1

Exploitation de la logique propositionnelle pour la résolution parallèle des problèmes cryptographiques / Exploitation of propositional logic for parallel solving of cryptographic problems

Legendre, Florian

30 June 2014

La démocratisation des ordinateurs, des téléphones portables et surtout de l'Internet a considérablement révolutionné le monde de la communication. Les besoins en matière de cryptographie sont donc plus nombreux et la nécessité de vérifier la sûreté des algorithmes de chiffrement est vitale. Cette thèse s'intéresse à l'étude d'une nouvelle cryptanalyse, appelée cryptanalyse logique, qui repose sur l'utilisation de la logique propositionnelle - à travers le problème de satisfaisabilité - pour exprimer et résoudre des problèmes cryptographiques. Plus particulièrement, les travaux présentés ici portent sur une certaine catégorie de chiffrements utilisés dans les protocoles d'authentification et d'intégrité de données qu'on appelle fonctions de hachage cryptographiques. Un premier point concerne l'aspect modélisation d'un problème cryptographique en un problème de satisfaisabilité et sa simplification logique. Sont ensuite présentées plusieurs façons pour utiliser cette modélisation fine, dont un raisonnement probabiliste sur les données du problème qui permet, entres autres, d'améliorer les deux principaux points d'une attaque par cryptanalyse logique, à savoir la modélisation et la résolution. Un second point traite des attaques menées en pratique. Dans ce cadre, la recherche de pré-Image pour les fonctions de hachage les plus couramment utilisées mènent à repousser les limites de la résistance de ces fonctions à la cryptanalyse logique. À cela s'ajoute plusieurs attaques pour la recherche de collisions dans le cadre de la logique propositionnelle. / Democratization of increasingly high-Performance digital technologies and especially the Internet has considerably changed the world of communication. Consequently, needs in cryptography are more and more numerous and the necessity of verifying the security of cipher algorithms is essential.This thesis deals with a new cryptanalysis, called logical cryptanalysis, which is based on the use of logical formalism to express and solve cryptographic problems. More precisely, works presented here focuses on a particular category of ciphers, called cryptographic hash functions, used in authentication and data integrity protocols.Logical cryptanalysis is a specific algebraic cryptanalysis where the expression of the cryptographic problem is done through the satisfiabilty problem, fluently called sat problem. It consists in a combinatorial problem of decision which is central in complexity theory. In the past years, works led by the scientific community have allowed to develop efficient solvers for industrial and academical problems.Works presented in this thesis are the fruit of an exploration between satisfiability and cryptanalysis, and have enabled to display new results and innovative methods to weaken cryptographic functions.The first contribution is the modeling of a cryptographic problem as a sat problem. For this, we present some rules that lead to describe easily basic operations involved in cipher algorithms. Then, a section is dedicated to logical reasoning in order to simplify the produced sat formulas and show how satisfiability can help to enrich a knowledge on a studied problem. Furthermore, we also present many points of view to use our smooth modeling to apply a probabilistic reasoning on all the data associated with the generated sat formulas. This has then allowed to improve both the modeling and the solving of the problem and underlined a weakness about the use of round constants.Second, a section is devoted to practical attacks. Within this framework, we tackled preimages of the most popular cryptographic hash functions. Moreover, the collision problem is also approached in different ways, and particularly, the one-Bloc collision attack of Stevens on MD5 was translated within a logical context. It's interesting to remark that in both cases, logical cryptanalysis takes a new look on the considered problems.

Satisfaisabilité

Cryptographie

Fonction de hachage

Md5

Sha1

Satisfiability

Cryptography

Hash function

Md5

Sha1

Ribotos sumos elektroninių pinigų cirkuliacijos sistema / Limited amount electronic money circulation system

Šėža, Vygintas

13 August 2010

Sparti elektroninės komercijos plėtra ir augimas natūraliai sąlygojo modernių, online aplinkai pritaikytų atsiskaitymo, mokėjimo sistemų atsiradimą. Itin svarbu tai, kad technologijų tobulėjimo pasėkoje ne tik eksponentiškai išaugo perduodamos informacijos kiekis, tačiau pakito pačios informacijos prigimtis – ji pati savaime, per se, tapo ekonominę vertę turinčiu objektu. Vartotojų noras saugiai atsiskaityti internete įtakojo, kad „online“ aplinkoje mažėja naudojimas tokių tradicinių atsiskaitymo priemonių kaip mokėjimo kortelės. Interneto vartotojai vis rečiau pasitiki šiuo mokėjimo įrankiu, kadangi vartotojai, pateikdami pardavėjui savo mokėjimo kortelės duomenis, susiduria su neteisėta šių duomenų panaudojimo rizika. Šiame darbe pateikiamas siūlomas dalinai prijungties režime veikiančios elektroninių pinigų cirkuliacijos sistemos, skirtos mažiems ir vidutiniams mokėjimams, modelis, besiremiantis sukurta Payword mikromokėjimų sistemos koncepcija. / Fast developing and growing of e-commerce determined the coming of modern payment systems. Intention of users to pay safely on the internet impacted the decrease of use of traditional payment system such as credit cards. It’s started to look for and design alternative ways of payment, such as smart cards systems or systems using software for saving monetary value. Traditional payment systems currently used by most e-commerce sites are not suitable for high volume, tiny valued transactions. There is a need of payment system that is cost effective, secure and easy to use. The purpose of this work is to propose a model of semi-online electronic money circulation system for small and average payments, which is based on a concept of R. Rivest and A. Shamir created micropayment system called Payword. The proposed model’s architecture and protocol are explained in detail. To increase performance of the system there was done a research to find out which hash algorithm and electronic signature algorithm is most suitable for the proposed model.

Informatics Engineering

Elektroniniai pinigai

Elektroninių pinigų cirkuliacija

Elektroniniai parašai

SHA1

Maišos algoritmai

Electronic money

Electronic money circulation

Digital signatures

SHA1

Hash algorithms

Odposlech moderních šifrovaných protokolů / Interception of Modern Encrypted Protocols

Marček, Ján

January 2012

This thesis deals with the introduction to the security mechanism.The procedure explains the basic concepts, principles of cryptography and security of modern protocols and basic principles that are used for information transmission network. The work also describes the most common types of attacks targeting the eavesdropping of communication. The result is a design of the eavesdropping and the implementation of an attack on the secure communication of the SSL protocol..The attacker uses a false certificate and attacks based on poisoning the ARP and DNS tables for this purpose. The thesis discusses the principles of the SSL protocol and methodology of attacks on the ARP and DNS tables.