A dependable and secure approach for secret key establishment and operation in automotive CPS

Giri, Naresh Kumar

January 1900

Master of Science / Department of Computer Science / Arslan Munir / Modern automobiles incorporate a network of electronic control units (ECUs) that provides a range of features such as safety, driver assistance, infotainment. Such network of ECUs in a vehicle are connected to each other through buses, forming interconnections called intra-vehicle network. Bus technologies that are widely used in modern day automobiles are controller area network (CAN), local interconnect network (LIN), and media oriented systems transport (MOST). These bus technologies, however, do not possess any security or dependability features, and thus are susceptible to vulnerabilities. Such vulnerabilities allow attackers to mount passive attacks (e.g., snooping) and/or active attacks (e.g., fault injection). In this study, we propose a scheme for secure authentication of automotive ECUs. Our proposed scheme ensures that only authenticated ECUs can participate in communication over the intra-vehicle network/bus. ECU authentication is carried out using certificate-based authentication which is implemented using elliptic curve cryptography (ECC). The study also proposes a symmetric (session) key-establishment mechanism within intra-vehicular network to establish a common symmetric (session) key for all ECUs to communicate over the network. The key-establishment mechanism removes the need of storing symmetric keys in ECU memory permanently. The study incorporates key refreshment by assigning a certain lifetime/timeframe period to symmetric (session) key and then regularly updates session key after the expiration of each lifetime. Our proposed method provides confidentiality and integrity in intra-vehicle ECU communication without violating safety and real-time constraints of the vehicle. Our approach leverages multi-core ECUs to provide fault-tolerance by using redundant multi-threading (FT-RMT), performs quick error detection (FT-QED) and accelerate performance using lightweight checkpointing (CP).

Authentication

Symmetric key

Key generation

Key distribution

A Novel Verification Scheme for Fine-Grained Top-k Queries in Two-Tiered Sensor Networks

Ma, X., Song, H., Wang, J., Gao, J., Min, Geyong

January 2014

No / A two-tiered architecture with resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier is expected to be adopted in large scale sensor networks. In a hostile environment, adversaries are more motivated to compromise the master nodes to break the authenticity and completeness of query results, whereas it is lack of light and secure query processing protocol in tiered sensor networks at present. In this paper, we study the problem of verifiable fine-grained top- queries in two-tiered sensor networks, and propose a novel verification scheme, which is named Verification Scheme for Fine-grained Top- Queries (VSFTQ). To make top- query results verifiable, VSFTQ establishes relationships among data items of each sensor node using their orders, which are encrypted together with the scores of the data items and the interested time epoch number using distinct symmetric keys kept by each sensor node and the network owner. Both theoretical analysis and simulation results show that VSFTQ can not only ensure high probability of detecting forged and/or incomplete query results, but also significantly decrease the amount of verification information when compared with existing schemes.

Time Memory Trade Off Attack On Symmetric Ciphers

Saran, Nurdan A.

01 February 2009

Time Memory Trade O (TMTO) is a cryptanalytic method that aims to develop an attack which has a lower memory complexity than lookup table and a lower online time complexity than exhaustive search. TMTO methods are widely studied in the literature and used for inverting various cryptosystems. We focus on the design and the analysis of TMTO on symmetric ciphers in this thesis. Firstly, the summary of the random mapping statistics from the view point of TMTO is presented. We also recalculate some expected values with a simpler approach than the existing proofs. Then, we propose some variant constructions and also present three new distinguishers based on random mappings. Next, we provide a detailed analysis of the success rate of two main improvements of the attack / Distinguished Point Method and Rainbow Method. Finally, we discuss the adjustment of the parameters to achieve a high success rate. To support our theoretical framework, we also present empirical results of our analysis to actual ciphers.

QA Mathematics 1-939

Secure Key Agreement for Wearable Medical Devices

Kasparek, Alexander J

05 December 2019

In this thesis we explore if a proposed random binary sequence generation algorithm can be combined with a separately proposed symmetric key agreement protocol to provide usable security for communications in Wireless Body Area Networks (WBAN). Other previous works in this area fall short by only considering key generation between two of the same signals or allowing for key generation between two different types of signals but with the cost of a significant signal collection time requirement. We hoped to advance this area of research by making secure key generation more efficient with less signal collection time and allowing keys to be generated between two sensors that measure two different physiological signals. However, while the binary sequence generation algorithm and key agreement protocol perform well separately, they do not perform well together. The combined approach yields keys that have good properties for use in a WBAN, but the generation rate is low.

WBAN

Body Area Network Security

Bio-cryptography

Physiological signals

Symmetric key agreement

Cryptanalyse de chiffrements par blocs avec la méthode des variances / Secret-key cryptanalysis based on the variance method.

Marriere, Nicolas

20 December 2017

La première partie de la thèse porte sur l'utilisation de la méthode des variances dans le cadre des attaques différentielles sur des schémas de Feistel généralisés. Cette méthode permet d'améliorer des attaques sur deux points : la complexité en données ou le nombre de tours couvert par l'attaque.Afin d'atteindre ce but, un outil a été développé permettant de calculer la valeur exacte de l'espérance et de la variance et nous nous servons alors de cette précision pour améliorer les attaques.La seconde partie porte sur une famille de schémas de chiffrement : les EGFN.Nous avons utilisé la méthode des variances et notre outil afin de construire des attaques différentielles. Des simulations ont été effectuées afin de confirmer les résultats.Dans la dernière partie, nous nous intéressons à LILLIPUT, un système de chiffrement concret issu des EGFN. Nous avons effectué une analyse différentielle et monté des attaques avec une structure spécifique.Ces attaques sont trouvées par un programme cherchant des attaques automatiquement. Nous avons notamment mis en avant la possibilité d'études sur les attaques différentielles improbables. / The first part of the thesis is the cryptanalysis of generalized Feistel networks with the use of the variance method.This method allows to improve existing attacks by two ways: data complexity or the number of rounds. In order to do that, we have developed a tool which computes the right values of expectations and variances.It provides a better analysis of the attacks.In the second part, we have studied the EGFN a new family of generalized Feistel networks. We have used the variance method and our tool in order to build some differential attacks. Simulations were made to confirm the theoritical study.In the last part, we have studied LILLIPUT, a concret cipher based on the EGFN.We have provided a differential analysis and build differential attacks which have unusual conditions. These attacks were found empirically by a tool that automatically look for differential attacks. In particular, we have highlighted some improbable differential attacks.

Cryptologie symétrique

Cryptanalyse différentielle

Symmetric-Key cryptology

Differential cryptanalysis

Generic attacks on Feistel type schemes

Alternative Polynomials for Rijndael : Diffusion Analysis

Noroozi, Hamid

January 2014

The Rijndael cryptosystem uses a particular polynomial to create its constants. All calculations within the encryption and decryption layers are based on this polynomial. This arouse the curiosity to see what happens if the polynomial is substituted by other polynomials. This paper’s main area of study is to investigate the consequences of using different polynomials to construct the Rijndael cryptosystem. To do so, as a phase of this study, a Mathematica package has been created to ease the investigations. As the second phase, using the aforementioned package, some kind of diffusion analysis has been done on the newly constructed Rijndael-like cryptosystems. The fundamental challenge was to figure out the reason of having the particular polynomial chosen. By the end of the experiment, we concluded that choosing other polynomials with the same characteristics as an ingredient of the Rijndael algorithm, does not have any perceptible effects on the diffusion level.

Rijndael

Advanced Encryption Standard

Symmetric key Encryption

Diffusion Analysis

Mathematica

Irreducible Polynomial

Computer Sciences

Datavetenskap (datalogi)

Mathematics

Matematik

Anonymity With Authenticity

Swaroop, D

12 1900

Cryptography is science of secure message transmission. Cryptanalysis is involved with breaking these encrypted messages. Both cryptography and cryptanalysis constitute together to form cryptology. Anonymity means namelessness i.e., the quality or state of being unknown while authenticity translates to the quality or condition of being authentic or genuine. Anonymity and authenticity are two different embodiments of personal secrecy. Modern power has increased in its capacity to designate individuals, due to which they find it inconvenient to continue communicating, remaining anonymous. In this thesis we are going to describe an anonymous system which consists of a number of entities which are anonymous and are communicating with each other without revealing their identity and at the same time maintaining their authenticity such that an anonymous entity(sayE1)will be able to verify that, the message it received from another anonymous entity(sayE2)subsequent to an initial message from E2, are in fact from E2 itself. Later when E2 tries to recommend a similar communication to E1 with another anonymous entity E3 in the system, E1 must be able to verify that recommendation, without E2 losing its authenticity of its communication with E1 to E3. This thesis is divided into four chapters. The first chapter is an introduction to cryptography, symmetric key cryptography and public key cryptography. It also summarizes the contribution of this thesis. The second chapter gives various protocol for the above problem ’Anonymity with Authenticity’ along with its extension. Totally six protocols are proposed for the above problem. In third chapter all these six protocols are realized using four different schemes, where each scheme has its own pros and cons. The fourth and final chapter concludes with a note on what possible factors these four different realization schemes need to be chosen and other possible realization schemes.

Cryptography

Cryptanalysis

Anonymous Systems (Communication)

Symmetric Key Cryptography

Public Key Cryptography

Computer Science

Symmetric Key Management for Mobile Financial Applications : A Key Hierarchy Approach

Azam, Junaid

January 2013

In recent times the usage of smart phones has significantly increased. Businesses are transforming to make more out of smart phones. As a consequence, there is an increasing demand to have more and more mobile applications. Among other areas, mobile applications are also being used to make financial transactions. Applications used for financial transactions need to be more reliable and have end-to-end security. To implement security we heavily depend on cryptography and the heart of cryptography is the keys which are used in cryptographic processes (encryption/decryption). Therefore, it is essential not only to protect, but also to properly manage these keys, so that a robust and secure system can be achieved. This research work provides a complete implementation of symmetric key management for mobile phone applications with a focus on financial data using a key hierarchy approach. We have developed a key management system which allows smart phones to download the cryptographic key hierarchy. This key hierarchy is used to encrypt and decrypt financial data, such as PIN and other transaction information. Using this application (key management system), we can achieve an end-to-end security between client (mobile phones) and payment server (banking server). This research work presents implementation of key management system for Android OS only.

Symmetric Key Management

Key Hierarchy

Key Security

Financial Transaction

Mobile Phone

Mobile Application Security

mCommerce.

Computer and Information Sciences

Data- och informationsvetenskap

Cryptanalyse de chiffrements symétriques / Cryptanalysis of symmetric ciphers

Lallemand, Virginie

05 October 2016

Les travaux réalisés dans cette thèse ont pour objet l'analyse de la sécurité de chiffrements à clef secrète. Plus précisément, nous y décrivons la cryptanalyse de plusieurs chiffrements par blocs et à flot ayant pour point commun d'avoir été conçus récemment pour répondre aux nouveaux enjeux de la cryptographie symétrique. Nous mettons en avant des attaques des versions complètes de cinq chiffrements, prouvant ainsi que ces primitives cryptographiques n'apportent pas la sécurité annoncée par leurs concepteurs.La première partie de cette thèse est dédiée à l'analyse de chiffrements par blocs avec des techniques de cryptanalyse différentielle. Nous montrons comment mener une attaque par différentielles tronquées sur la famille de chiffrements à bas coût KLEIN en exploitant la faible diffusions de sa fonction de tour. Ensuite, nous nous intéressons à Zorro et à Picaro, deux chiffrements conçus de sorte à être faciles à protéger contre les attaques par canaux auxiliaires, et montrons que les choix de conception guidés par cette contrainte ont engendré des faiblesses dans leurs propriétés différentielles, pouvant ensuite être exploitées dans des attaques.La seconde partie du manuscrit porte sur la cryptanalyse de chiffrements à flot. Nous y étudions Sprout et Flip, deux chiffrements aux structures innovantes visant respectivement à limiter la taille du circuit matériel nécessaire à l'implémentation et une bonne adaptation dans un schéma de FHE. / The main subject of this thesis is the security analysis of symmetric key ciphers. Specifically, we study several recently proposed block and stream ciphers and prove that the level of security stated by their designers is overestimated. The ciphers we study were all designed in order to meet the needs of one of the new applications of symmetric cryptography, which include symmetric ciphers for very constrained environments.The first part of the thesis is dedicated to the analysis of block ciphers with techniques based on differential cryptanalysis. We start with the description of a truncated differential attack on the family of lightweight ciphers KLEIN. Next, we analyse two ciphers that were designed in such a way that they could be easily and effectively protected against side-channel attacks: Zorro and Picaro. We show that the design choices made by their designers lead to weak diffusion properties. We exploit these imperfections to devise a differential cryptanalysis of Zorro and a related key attack on Picaro.The second part of this thesis deals with stream ciphers and gives an analysis of two innovative designs: Sprout and Flip. Sprout was designed in order to limit its hardware area size and to suit very constrained environments, while Flip reaches efficient performances when used in FHE schemes. In both cases, we find flaws that lead to attacks of the particular set of parameters proposed for these ciphers.

Cryptographie symétrique

Cryptanalyse

Cryptographie à bas coût

Chiffrements par blocs

Chiffrements à  flot

Cryptanalyse différentielle

Symmetric-key cryptography

Cryptanalysis

Ciphers

005.8

Storage Systems and Security Challenges in Telemetry Post Processing Environments

Kalibjian, Jeff

10 1900

ITC/USA 2008 Conference Proceedings / The Forty-Fourth Annual International Telemetering Conference and Technical Exhibition / October 27-30, 2008 / Town and Country Resort & Convention Center, San Diego, California / A common concern in telemetry post-processing environments is adequate disk storage capacity to house captured and post-processed telemetry data. In today's network environments there are many storage solutions that can be deployed to address storage needs. Recent trends in storage systems reveal movement to implement security services in storage systems. After reviewing storage options appropriate for telemetry post-processing environments; the security services such systems typically offer will also be discussed and contrasted with other third party security services that might be implemented directly on top of a networked storage system.

Storage security

Network Attached Storage (NAS)

Storage Area Networks (SAN)

disk arrays

key management

symmetric key cryptography

dual asymmetric key cryptography

digitial signature