Advances in secure remote electronic voting

Dossogne, Jérôme

30 October 2015

In this document, most readers should be easily introduced to the challengesoffered to a designer, an implementer and a user when using electronic voting.Some of these challenges are receiving an answer in the second part of thedocument where we introduce and describe several distinct scientific resultsobtained during our years as PhD student covering essentially the years 2009 to2011 included. All these results are aimed towards either better understandingthe issues of electronic voting or solving them. Nonetheless, a reader might beinterested in picking one of these contributions to use for his own electronicvoting system while leaving the rest. That is, the different chapters of thesecond part of the document are able to stand on their own most of the timeand could be used without the others which leads us to introduce each of themseparately.After concluding in the third part, we provide a certain amount of appendicesthat were not thoroughly discussed within the second part of the documentbut that might be of interest to the reader. These appendices are made ofvarious researches, collaborations and analyzes that we performed during thosesame years and which are related to electronic voting. / Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Informatique mathématique

Technologie de la sécurité

Informatique générale

Analyse de systèmes informatiques

voting

security

remote

Heterogeneous Networks: from integration to mobility

Qachri, Naïm

16 September 2015

Français:La notion de réseaux hétérogènes correspond à l’intégration de plusieurs technologies de transmission de données sans-fil dans le but d’accroitre la qualité de service des communications dans les réseaux mobiles.Historiquement, les mécanismes de sécurité des réseaux mobiles et sans-fil ont été largement focalisés sur la protection d’équipement utilisateur au niveau du dernier saut de communication et sur base d’une connectivité simple et unique. Cette connectivité, réduite à sa plus simple expression, a restraint le développement des protocoles de sécurité à des protocoles bi-parties, qui couvrent l’authentification des équipements utilisateurs et le chiffrement sur des communicationsLes mécanismes de sécurité et de cryptographie ne sont donc pas suffisants pour protéger correctement et efficacement des connections parallèles ou leur mobilité au sein de réseaux hétérogènes. Le but de cette thèse de doctorat, à travers quatre contributions personnelles, est d’apporter de nouveaux mécanismes et protocoles de sécurité afin de protéger au mieux les réseaux hétérogènes:• La première contribution se focalise sur le développement d’une nouvelle primitive cryptographique pour la protection des transmissions sans-fil. La propriété principale de celle-ci est de protéger les trames en cas de capture. Cette primitive introduit, notamment, la notion de force brute probabiliste (ce qui veut dire qu’un attaquant ne peut pas choisir parmi différentes clés équiprobables laquelle est effectivement utilisée).• La seconde contribution propose un nouveau protocole pour gérer d’une manière sure et efficace la mobilité des équipements utilisateurs entre différentes technologies au sein de réseaux hétérogènes.• La troisième contribution couvre la gestion des clés maîtres des utilisateurs, embarqués au sein des cartes SIM, utilisées au sein des réseaux d’opérateurs mobiles. Nos protocoles et mécanismes automa- tisent des changements réguliers et sûrs de la clé maître, et ajoutent de la diversité dans la gestion des clés de sessions pour minimiser l’impact en cas de révélation de ces dernières (par le biais d’un vol de base de donnée, par exemple)• La quatrième contribution introduit un nouveau paradigme de connectivité pour les réseaux mo- biles basé sur des communications 1−à−n. Le paradigme redéfinit les frontières de sécurité et place l’équipement utilisateur au centre d’un groupe authentifié mobile. Par conséquent, le changement de paradigme mène à la création de nouveaux protocoles pour l’authentification, la gestion de la mo- bilité et la négociation protégées de clés afin de fournir une protection de bout en bout entre deux équipements utilisateurs ou plus. / English:Heterogeneous Networks (HetNets) is the integration of multiple wireless technologies to increase the quality of service of the communications in mobile networks. This evolution is the next generation of Public Land Mobile Networks (PLMNs).Mobile and wireless network security mechanisms have largely focused on the protection of the User Equipment (UE) within the last mile (the last hop of the communication in the chain of connected devices) and on single connections. The single connectivity has reduced the development of the security to two party protocols, and they cover the authentication of the UE to the mobile network and the encryption on a single channel based on homogeneous communications through a unique technology.The current security and cryptographic mechanisms are not sufficient to protect correctly, and efficiently, parallel connections or their mobility in HetNets. The purpose of the PhD Thesis is to bring new security protocols and mechanisms to protect HetNets.The contributions, that are brought by the thesis, follow the evolution of HetNets through 4 contributions by starting from the wireless transmissions to the largest frame of HetNets architecture:• The first contribution focuses on the development of an new cryptographic primitives for wireless transmissions. The main property is to protect the frame from eavesdropping. The primitive introduces the notion of probabilistic brute force (meaning that an attacker cannot decide among different keys which the used one).• The second contribution proposes a new protocol to manage efficiently and securely the mobility of the UEs between different technologies inside HetNets.• The third contribution covers the management of the master secrets, embedded within the Universal Subscriber Identity Module (USIM), in large PLMNs. Our mechanisms and protocols automate regular and secure changes of the master secret, and they add diversity in the management of session keys to minimize the impact of key leakages (in case of credential database theft, for instance).• The fourth contribution introduces a new connectivity paradigm for mobile networks based on one-to- many communications. The paradigm redesigns the security borders and puts the UE in the center of a mobile authenticated group. Therefore, the paradigm shift leads to new security protocols for authentication, mobility management, and secure negotiation to provide end-to-end encryption between two or more UEs. / Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Sciences exactes et naturelles

Technologie de la sécurité

Informatique générale

sécurité informatique

réseaux hétérogénes

sécurité

mobile network security

wireless network security

computer security

security architecture

protocols

cryptography

protocoles

cryptographie

heterogeneous networks

HetNets

Use of simulators for side-channel analysis: Leakage detection and analysis of cryptographic systems in early stages of development

Veshchikov, Nikita

23 August 2017

Cryptography is the foundation of modern IT security,it provides algorithms and protocols that can be usedfor secure communications. Cryptographic algorithmsensure properties such as confidentiality and data integrity.Confidentiality can be ensured using encryption algorithms.Encryption algorithms require a secret information called a key.These algorithms are implemented in cryptographic devices.There exist many types of attacks against such cryptosystems,the main goal of these attacks is the extraction of the secret key.Side-channel attacks are among the strongest types of attacksagainst cryptosystems. Side-channel attacks focus on the attacked device, they measure its physicalproperties in order to extract the secret key. Thus, these attacks targetweaknesses in an implementation of an algorithm rather than the abstract algorithm itself.Power analysis is a type of side-channel attacks that can be used to extract a secretkey from a cryptosystem through the analysis of its power consumption whilethe target device executes an encryption algorithm. We can say that the secret information is leaking from the device through itspower consumption. One of the biggest challenges in the domain of side-channel analysisis the evaluation of a device from the perspective of side-channel attacksor in other words the detection of information leakage.A device can be subject to several sources of information leakageand it is actually relatively easy to find just one side-channel attack that works(by exploiting just one source of leakage),however it is very difficult to find all sources of information leakage or to show that there is no information leakage in the givenimplementation of an encryption algorithm. Evaluators use various statistical tests during the analysis of a cryptographic device to checkthat it does not leak the secret key. However, in order to performsuch tests the evaluation lab needs the device to acquire the measurementsand analyse them. Unfortunately, the development process of cryptographicsystems is rather long and has to go through several stages. Thus, an information leakagethat can lead to a side-channel attackcan be discovered by an evaluation lab at the very last stage using the finalproduct. In such case, the whole process has to be restarted in order to fix the issue,this can lead to significant time and budget overheads. The rationale is that developers of cryptographic systems would like to be able to detect issues related to side-channel analysis during the development of the system,preferably on the early stages of its development. However, it is far from beinga trivial task because the end product is not yet available andthe nature of side-channel attacks is such that it exploits the properties ofthe final version of the cryptographic device that is actually available to the end user. The goal of this work is to show how simulators can be used for the detection of issues related to side-channel analysis during the development of cryptosystems.This work lists the advantages of simulators compared to physical experimentsand suggests a classification of simulators for side-channel analysis.This work presents existing simulators that were created for side-channel analysis,more specifically we show that there is a lack of available simulation toolsand that therefore simulators are rarely used in the domain. We present threenew open-source simulators called Silk, Ascold and Savrasca.These simulators are working at different levels of abstraction,they can be used by developers to perform side-channel analysisof the device during different stages of development of a cryptosystem.We show how Silk can be used during the preliminary analysisand development of cryptographic algorithms using simulations based on high level of abstraction source code. We used it to compare S-boxesas well as to compare shuffling countermeasures against side-channel analysis.Then, we present the tool called Ascold that can be used to find side-channel leakagein implementations with masking countermeasure using the analysis of assembly code of the encryption.Finally, we demonstrate how our simulator called Savrasca can be used to find side-channelleakage using simulations based on compiled executable binaries. We use Savrascato analyse masked implementation of a well-known contest on side-channel analysis (the 4th edition of DPA Contest),as a result we demonstrate that the analysed implementation contains a previouslyundiscovered information leakage. Through this work we alsocompared results of our simulated experiments with real experiments comingfrom implementations on microcontrollers and showed that issues found using our simulatorsare also present in the final product. Overall, this work emphasises that simulatorsare very useful for the detection of side-channel leakages in early stages of developmentof cryptographic systems. / Option Informatique du Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Informatique mathématique

Technologie informatique hardware

Informatique appliquée logiciel

Analyse de systèmes informatiques

Technologie de la sécurité

cryptography

cryptanalysis

encryption

side-channel analysis

shuffling countermeasures

masking countermeasures

simulations

automated tools

side-channel attacks

Advanced turbulence models for the simulation of air pollutants dispersion in urban area

Longo, Riccardo

10 September 2020

NOWADAYS, a number of studies keep on demonstrating the existence of a strong relation between high concentrations of particulate matter (PM) and the prevalence of human morbidity and mortality. Large particles can be filtered in the nose or in the throat, while fine particles (about10 micrometer) can settle in the bronchi and lungs, leading to more serious consequences. According to Karagulian et al. the major sources of urban air pollution are traffic (25%), combustion and agriculture (22%), domestic fuel burning (20%), natural dust (18%) and industrial activities (15%).As a consequence, the detailed study of dispersion phenomena within the urban canopy becomes a target of great interest. To this end, Computational Fluid Dynamics (CFD) can be successfully employed to predict turbulence and dispersion patterns, accounting for a detailed characterization of the pollutant sources, complex obstacles and atmospheric stability classes.Despite being intrinsically different phenomena, turbulence and dispersion are closely related. It is universally accepted that, to reach accurate prediction of the concentration field, it is necessary to properly reproduce the turbulence one. For this reason, the present PhD thesis is split into two main Sections: one focused on turbulence modelling and the subsequent, centered on the dispersion modelling.Thanks to its good compromise between accuracy of results and calculation time, Reynolds-averaged Navier-Stokes (RANS) still represents a valid alternative to more resource-demanding methods. However, focusing on the models’ performance in urban studies, Large Eddy Simulation (LES) generally outperforms RANS results, even if the former is at least one order of magnitude more expensive. Stemming from this consideration, the aim of this work is to propose a variety of approaches meant to solve some of the major limitations linked to standard RANS simulation and to further improve its accuracy in disturbed flow fields, without renouncing to its intrinsic feasibility. The proposed models are suitable for the urban context, being capable of automatically switching from a formulation proper for undisturbed flow fields to one suitable for disturbed areas. For neutral homogeneous atmospheric boundary layer (ABL), a comprehensive approach is adopted, solving the issue of the erroneous stream-wise gradients affecting the turbulent profiles and able to correctly represent the various roughness elements. Around obstacles, more performing closures are employed. The transition between the two treatments is achieved through the definition of a Building Influence Area (BIA). The finalgoal is to offer more affordable alternatives to LES simulations without sacrificing a good grade of accuracy.Focusing on the dispersion modelling framework, there exists a number of parameters which have to be properly specified. In particular, the definition of the turbulent Schmidt number Sct, expressing the ratio of turbulent viscosity to turbulent mass diffusivity, is imperative. Despite its relevance, the literature does not report a clear guideline on the definition of this quantity. Nevertheless, the importance of Sct with respect to dispersion is undoubted and further demonstrated in the works of different authors. For atmospheric boundary layer flows, typical constant values range between 0.2 and 1.3. As a matter of fact, the local variability of Sct is supported by experimental evidence and by direct numerical simulations (DNS). These observations further suggest that the turbulent Schmidt number should be prescribed as a dynamic variable. Following these observations a variable turbulent Schmidt number formulation is proposed in this work. The latter stems from the same hypothesis of the variable formulation developed by Gorlé et al. Moreover, the relevant uncertain model parameters are optimized through uncertainty quantification (UQ). This formulation further increased the accuracy of the predictions, and was successfully verified by Di Bernardino et al. However, the turbulent Schmidt number resulting from this formulation is still intrinsically linked to the turbulence model employed, i.e. to the Cμ coefficient. To overcome this constraint, the nature and the dependencies of Sct were further analyzed through correlation studies and employing principal component analysis (PCA) on data obtained through the proposed ABL RANS model. Subsequently, the same data-driven technique was employed based on the high-fidelity outcomes of a delayed Detached Eddy Simulation (dDES) to derive a generalized turbulentSchmidt number formulation. The latter can be employed within a wide range of turbulence models, without limiting its variability. / Doctorat en Sciences de l'ingénieur et technologie / info:eu-repo/semantics/nonPublished

Technologie de la sécurité

Recherche énergétique

Eoliennes

Urbanisme et architecture [génie civil]

Technologie du bâtiment

Technologie urbaine

Technologie du trafic

pollutant dispersion

turbulence model

numerical simulation

wind engineering

dispersion model

smart city

computational fluid dynamics

RANS

DES

wind turbine

pollutant remediation measure

ANSYS Fluent

OpenFOAM