Secure storage of encryption keys

Kothapalli, Purushotham

January 2007

The purpose of this thesis work was to make a survey of presently existing devices available in the market to store encryption keys; how the hacker intrudes into the device; what are the attacks behind theft of the keys; how can we store encryption keys securely? To achieve this purpose, an overview of the storage devices and attacks made by hackers was acquired through academic books and papers, Internet sites and magazines. Basic cryptography and related algorithms were studied for the purpose of knowing how the encryption key is generated from these algorithms. Under the category of storage devices, USBs (Universal Serial Bus), PDAs (Personal Digital Assistant) and Smart Cards were examined. Under the category of attacks on devices, attacks from hackers, attacks from malicious code (Trojan Horses, viruses, worms), attacks from PDAs, attacks from Smart Cards, dictionary attacks and brute force attacks were studied. Based on these requirements we have discussed and analyzed a proposed system to store the encryption keys securely to avoid these attacks.

Cryptography

Storage of encryption keys in devices

Attacks on devices

Proposed secure system

Open Secure Office Project : Wireless Sensor Network

Andersson, Rikard, Sandberg, Martin, Urszuly, László

January 2005

In recent years, the development of wireless sensor networks has made a great progress. Early projects focused on replacement of existing systems equipped with wires. These systems started out as simple static data collection networks with one smart central node that could decide further actions based on the content of the collected data. Through time, the intelligence has become more decentralized, which means the nodes now can cooperate in a more efficient and dynamic manner. The task given is to evaluate TinyOS and NesC on specific hardware from Crossbow Technology Inc, applied on an application called the Open Secure Office Project. This application is designed to enhance the security without negative effects on comfort in a frequently visited open-plan office. Finally, a real world system demonstration should be performed. We propose a solution where there is no urgent need to cover the entire office area with radio signals to maintain a secure sensor system. This is true as long as all entries and exits to the office area are “guarded” by some base station which has as main task to keep track of people and equipment entering or leaving the office. Small scale tests have been performed which show that it is possible to easily develop and maintain a wireless sensor network security system, that could be coordinated by alternative systems.

Wireless sensor network

Open secure office

TinyOS

NesC

Secure Data Aggregation Protocol with Byzantine Robustness for Wireless Sensor Networks

Khalifa, Tarek

January 2007

Sensor networks are dense wireless networks constituting of small and low-cost sensors that collect and disseminate sensory data. They have gained great attention in recent years due to their ability to offer economical and effective solutions in a variety of fields; and their profound suitability to address mission critical problems that are common in health, transportation, and military applications. “Sensor networks” is a technology that is seen to change the world, and as such their deployment is expected to see a rapid growth. Effective security strategy is essential for any sensor network in order to maintain trustful and reliable functionality, protect sensory information, and ensure network component authenticity. Security models and protocols that are typically used in other types of networks, such as wired networks, are not suitable for sensor networks due to their specific hardware specifications. This thesis highlights some of the research done so far in the area of security of wireless sensor networks and proposes a solution to detect Byzantine behaviour - a challenging security threat that many sensor networks face. The proposed solution’s use of cryptography is kept at a minimum to ensure maximum secure bandwidth. Under this solution, a sensor network continues to work normally until an attack is suspected. Once an attack is suspected, a cryptography scheme is enabled to authenticate suspected nodes and to allow the identification of potential external attacks. If an attack seems to persist after the cryptography scheme has been enabled, the same mechanism is used to identify and isolate potentially compromised nodes. The goal is to introduce a degree of intelligence into such networks and consequently improve reliability of data collection, accuracy of aggregated data, and prolong network lifetime.

security

byzantine

secure aggregation

sensor networks

Electrical and Computer Engineering

Secure Store : A Secure Distributed Storage Service

Lakshmanan, Subramanian

12 August 2004

As computers become pervasive in environments that include the home and community, new applications are emerging that will create and manipulate sensitive and private information. These applications span systems ranging from personal to mobile and hand held devices. They would benefit from a data storage service that protects the integrity and confidentiality of the stored data and is highly available. Such a data repository would have to meet the needs of a variety of applications, handling data with varying security and performance requirements. Providing simultaneously both high levels of security and high levels of performance may not be possible when many nodes in the system are under attack. The agility approach to building secure distributed services advocates the principle that the overhead of providing strong security guarantees should be incurred only by those applications that require such high levels of security and only at times when it is necessary to defend against high threat levels. A storage service that is designed for a variety of applications must follow the principles of agility, offering applications a range of options to choose from for their security and performance requirements. This research presents secure store, a secure and highly available distributed store to meet the performance and security needs of a variety of applications. Secure store is designed to guarantee integrity, confidentiality and availability of stored data even in the face of limited number of compromised servers. Secure store is designed based on the principles of agility. Secure store integrates two well known techniques, namely replication and secret-sharing, and exploits the tradeoffs that exist between security and performance to offer applications a range of options to choose from to suit their needs. This thesis makes several contributions, including (1) illustration of the the principles of agility, (2) a novel gossip-style secure dissemination protocol whose performance is comparable to the best-possible benign-case protocol in the absence of any malicious activity, (3) demonstration of the performance benefits of using weaker consistency models for data access, and (4) a technique called collective endorsement that can be used in other secure distributed applications.

Consistency

Secure dissemination

Byzantine fault tolerance

Storage security

Distributed storage

Design of Adaptive Sliding Mode Tracking Controllers for Chaotic Synchronization and Application to Secure Communications

Wu, Shiue-Wei

31 August 2010

Synchronization of two identical chaotic systems with matched and mismatched perturbations by utilizing adaptive sliding mode control (ASMC) technique is presented in this thesis. The sliding surface function is designed based on Lyapunov stability theorem and linear matrix inequality (LMI) optimization technique. Adaptive mechanisms embedded in the proposed control scheme are used to adapt the unknown upper bounds of the perturbations. The designed tracking controller can not only suppress the mismatched perturbations when the controlled dynamics (master-slave) are in the sliding mode, but also drive the trajectories of synchronization errors into a small bounded region whose size can be adjusted through the designed parameters. The stability of overall controlled synchronization systems is guaranteed. Application of proposed chaotic synchronization technique to secure communication as well as several numerical examples are given to demonstrate the feasibility of the proposed design technique.

secure communication

chaotic synchronization

mismatched perturbations

adaptive sliding mode control

Efficient Strong Anonymous Authentication Scheme for Wireless Communications

Tong, Yi-Wen

30 August 2012

Because of the popularity of wireless communication technologies, people can access servers without the restriction of place and time. With the rapid development of mobile devices, such as smart phones and iPads, the frequency of wireless networks have increased. Roaming services ensure service provision without location constraints. A secure roaming authentication protocol is critical for the security and privacy of users when accessing services by roaming. It ensures the authenticity of mobile users, and foreign and home servers. After authentication, the session key for the mobile user and the foreign server is established for secure communication. In addition, a secure roaming protocol may provide anonymity for mobile users. When the mobile user requests a service, the server is unable to identify two requests from the same user. For the current anonymous authentication protocols, the foreign server must fulfill the revocation check by the computation linear to the number of revoked users. It makes the protocol infeasible in practical environments. This thesis proposes a strong anonymous authentication protocol, using two-stage authentication, in which the home server is involved in the initial authentication to eliminate the revocation list and issues a timely anonymous credential for subsequent authentication after successful authentication. It reduces the computation costs for the revocation check and minimizes the size of the revocation list. Finally, this thesis also provides security proofs and comparisons of the proposed authentication mechanism.

Authentication

Wireless Network

Anonymity

Group Signature

Revocation

Secure Roaming

An Efficient Mutual Authentication for Mobile Communication

Chen, Hsin-Yu

22 July 2005

Owing to the fast progress of mobile communication technologies and the ubiquity of mobile networks, users can communicate with each other anytime and anywhere as long as they carry their smart and tiny mobile phones. This convenient communication service is quite popular and gradually joins in the people¡¦s life. Nevertheless, lots of attacks, such as the men-in-the-middle attacks and the replay attacks, are seriously threatening the security of the mobile networks and affecting the quality of the service simultaneously. Many security mechanisms for mobile communication have been introduced in the literature. Among these mechanisms, authentication plays a very important role in the entire mobile network system and acts as the first defense against the attackers since it can ensure the correctness of the identities of communication entities before they engage in any other communication activities. Therefore, to guarantee the quality of this advanced service, an efficient (especially, user efficient) and secure authentication scheme is urgently desired. In this thesis, we will propose a robust authentication scheme for mobile communication systems. Not only does the proposed scheme achieve mutual authentication, but also it greatly reduces the computation and communication cost of mobile users as compared with the existing authentication schemes.

Authentication protocols

Secure communication

Information security

Symmetric cryptosystems

Mobile communication

Mobility-Matching Key Management for Secure Group Communications in Wireless Networks

Liang, Li-ling

28 July 2006

In this thesis, we propose and analyze a multicast key backbone for secure group communications. We also utilize the correlated relationships between the mobile users in the wireless communications networks. When a batch member joins or leaves the group communications, the system has to update and distribute encryption keys to assure that only active members could receive the latest information. In previous tree-based multicast key management schemes, the depth of the key tree is unbounded and analytically deriving the exact value of the corresponding average update cost remains an open problem. And in previous schemes, the different mobile user arrives in and leaves from the system at different time. In contrast, the depth of the proposed multicast key backbone is fixed and the arriving or leaving users are more than one. We utilize these two characteristics and simulate the system to get the average update cost per time unit. We can find that this scheme can improve the efficiency of the system in some special cases when updating the new key.

Secure Group Communications

Key Updating

Correlated Relationships

Key Management

Secure Communication Channel Mechanisms For Isolated Networks

Karadag, Gokdeniz

01 December 2009

Current network security solutions are consisted of a single host, with network interfaces of the host connected to protected and external networks at the same time. This design ensures security by restricting traffic flow to a single point, where it can be examined and acted on by a set of rules. However, this design also has a flaw and a single point of failure, that being the vulnerabilities in the security device itself. An adversary would have unhindered access to protected networks if a vulnerability in the security device itself leads to its compromise. To prevent this possibility, high-security networks are completely isolated from external networks, by prohibiting any network connection and constituting a so-called air gap in between. But, data transfer needs do arise between external networks and high-security networks, and in current technology this problem does not have a solution without human intervention. In this theses, we propose a set of mechanisms that allows near-realtime data transfers between high-security network and external networks, without requiring any human intervention. The design consists of two hosts connected via a shared storage, transferring only application layer data between networks. This prevents attacks targeting network stacks of the security device&#039 / s OS, and confines a compromised security device to the network that it is already connected to. In case of a compromise the amount of possible unwanted traffic to and from the high-security network is vastly reduced.

QA Computer Software 76.75-76.765

Antenna subset modulation for secure millimeter-wave wireless communication

Valliappan, Nachiappan

10 July 2012

The small carrier wavelength at millimeter-wave (mm-Wave) frequencies allows the possibility of implementing a large number of antennas on a single chip. This work uses the potential of large antenna arrays at these frequencies to develop a low-complexity directional modulation technique: Antenna Subset Modulation (ASM) for point-to-point secure wireless communication. The main idea in ASM is to communicate information by modulating the far-field radiation pattern of the array at the symbol rate. By driving only a subset of antennas and changing the subset used for each symbol transmission the far-field pattern is modulated. Two techniques for implementing antenna subset selection are proposed. The first technique is simple where the antenna subset to be used is selected at random for every symbol transmission. While randomly switching antenna subsets does not affect the symbol modulation for a desired receiver along the main lobe direction, it effectively randomizes the amplitude and phase of the received symbol for an eavesdropper along a sidelobe. Using a simplified statistical model for random antenna subset selection, an expression for the average symbol error rate (SER) is derived as a function of observation angle for linear arrays. To overcome the problem of large peak sidelobe level in random antenna subset switching, an optimized antenna subset selection procedure based on simulated annealing is then discussed. Finally, numerical results comparing the average SER performance of the proposed techniques against conventional array transmission are presented. While both methods produce a narrower information beam-width in the desired direction, the optimized antenna subset selection technique is shown to offer better security and array performance. / text

Millimeter-wave

Antenna subset

Directional modulation

Secure communication