Comparison of security level and current consumption of security implementations for MQTT

Carlsson, Fredrik, Eriksson, Klas-Göran

January 2018

IoT is a rapidly growing area with products in the consumer, commercial and industrial market. Collecting data with multiple small and often battery-powered devices sets new challenges for both security and communication. There has been a distinct lack of a IoT specific communication protocols. The industry has had to use bulky interfaces not suitable for resource-constrained devices. MQTT is a standardised communication protocol made for the IoT industry. MQTT does however not have built-in security and it is up to the developers to implement a suitable security countermeasure. To evaluate how different security countermeasures impact MQTT in complexity, current consumption and security the following research questions are answered. How do you derive a measurement from the SEF that can be compared with a current consumption measurement? Which level of security, according to the SEF, will RSA, AES and TLS provide to MQTT when publishing a message to a broker? What level of complexity is added to MQTT when using chosen security countermeasure? Which of the analysed security countermeasure upholds an adequate security level while also having a low current consumption? To answer the above research questions an experiment approach has been used. Implementations of TLS, RSA and AES have been evaluated to measure how they affect the security level and current consumption of an MQTT publication, compared to no security countermeasures at all.Both RSA and AES had the same security level, but the current consumption for RSA was four times higher. The experiment showed that the security level is significantly higher for TLS, while it also has the highest current consumption. The security countermeasure evaluated differs greatly. TLS provides complete protections, while RSA and AES lacks authentication and does not ensure integrity and non-repudiation.Even if the current consumption for TLS is higher, the security it provides make it unreasonable to recommend any of the other security countermeasure implementations.

AES

Complexity Current Consumption

Internet of Things

IoT

MQTT

RSA

Security

Security Countermeasure

TLS

Computer Systems

Datorsystem

The cloud, a security risk? : A study on cloud computing and efficient encryption.

Nguyen, Robin, Al-khayatt, Josef

January 2018

After many incidents of cloud services being attacked and personal user data leaking, a secure way of storing data on the cloud would be to encrypt. Even if an attacker would have access to the files he/she would not be able to decrypt the files without the secret key. In this thesis a software will be developed and works by securing user data by encrypting, prior uploading to the cloud. This software is a potential solution to the existing threat. The thesis presents many different methods of encryption but narrows it down to two, AES and XOR, which will be implemented into the software. This is done by statistically comparing the speed of each system. As well as comparing the expected time by using a student’s t-test calculating what degree of certainty one will be faster than the other. The thesis discusses and highlights level of security regarding cloud security. Comparisons of the algorithms are made to determine which method to be used under what circumstances.

Encryption

AES

Xor

Cloud encryption

Encryption speed

Engineering and Technology

Teknik och teknologier

Performance analysis of GPGPU and CPU on AES Encryption

Neelap, Akash Kiran

January 2014

The advancements in computing have led to tremendous increase in the amount of data being generated every minute, which needs to be stored or transferred maintaining high level of security. The military and armed forces today heavily rely on computers to store huge amount of important and secret data, that holds a big deal for the security of the Nation. The traditional standard AES encryption algorithm being the heart of almost every application today, although gives a high amount of security, is time consuming with the traditional sequential approach. Implementation of AES on GPUs is an ongoing research since few years, which still is either inefficient or incomplete, and demands for optimizations for better performance. Considering the limitations in previous research works as a research gap, this paper aims to exploit efficient parallelism on the GPU, and on multi-core CPU, to make a fair and reliable comparison. Also it aims to deduce implementation techniques on multi-core CPU and GPU, in order to utilize them for future implementations. This paper experimentally examines the performance of a CPU and GPGPU in different levels of optimizations using Pthreads, CUDA and CUDA STREAMS. It critically exploits the behaviour of a GPU for different granularity levels and different grid dimensions, to examine the effect on the performance. The results show considerable acceleration in speed on NVIDIA GPU (QuadroK4000), over single-threaded and multi-threaded implementations on CPU (Intel® Xeon® E5-1650). / +46-760742850

AES algorithm

CUDA

GPU computing

Pthreads

Computer Sciences

Datavetenskap (datalogi)

Telecommunications

Telekommunikation

Software Engineering

Programvaruteknik

A critical assessment of the current understanding of chromium passivation treatments in tinplate

Biermann, M.C. (Marthinus Christoffel)

17 April 2007

Chromium passivation treatment on tinplate is important in stabilising the active tin surface in terms of oxidation resistance, sulphide stain resistance and ensuring good lacquer adhesion properties. Through this research, the reason was explored why dip passivation treatment, in sodium dichromate, provides superior lacquer adhesion properties on tinplate compared to electrolytic sodium dichromate (CDC) treatments. A critical assessment of the current knowledge of chromium passivation treatments on tinplate formed the basis of the experimental work. Through electrochemical and surface analytical techniques (X-Ray Photoelectron Spectroscopy and Auger Electron Spectroscopy) both dip and CDC treated tinplate surfaces were characterised in terms of surface species. It was shown through XPS, using angle resolved techniques, that no metallic chromium forms on the tinplate surface during CDC treatments. Furthermore, a difference in chromium surface species was established for the dip and CDC processes showing additional SnO and Cr(OH)3.nH2O species for the latter. Complementary to these findings, it was verified that the formation of additional chromium hydroxide species is a function of pH, governed by the applied cathodic current during the CDC process itself. The inferior adhesion properties of CDC treated tinplate were shown to be related to the difference in the respective surface species formed during dip and CDC applications. Copyright 2004, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. Please cite as follows: Biermann, MC 2004, A critical assessment of the current understanding of chromium passivation treatments in tinplate, MSc dissertation, University of Pretoria, Pretoria, viewed yymmdd < http://upetd.up.ac.za/thesis/available/etd-04172007-123305 / > / Dissertation (MSc(Applied Sciences))--University of Pretoria, 2007. / Materials Science and Metallurgical Engineering / unrestricted

Galvanostatic

Polarisation

Aes

Passivation

Lacquer

Xps

Tin

Chromium

Steel

Potentiodynamic

Tinplate

UCTD

A Comparison of EncryptionAlgorithms for Protecting data passed Through a URL

Osman, Mohamed, Johansson, Adam

January 2017

This project starts off with giving an overview of what sensitive data is, encryption algorithms and other required knowledge for this thesis project.This is because of the aim of this thesis project, that is to find the best way to encrypt data passed through a URL with a focus on protecting sensitive data in web applications. Data sent through the URL of a web application could be sensitive data, and exposure of sensitive data can be devastating for governments, companies, and individuals. The tools and methods that are used for this thesis project are described. An overview is given of the requirements of the web application that was to be created, the development of it, implementation and comparison of encryption algorithms. After that, the results of the encryption algorithms are compared and displayed together with a prototype of the web application and its encryption. The results are then analyzed in two different sections: security of the encryptions and performance tests. With the results given we conclude which one of the encryption algorithms is the most suitable for our web application, and otherwise when encrypting data through the URL of a web application. The results show that AES has a great advantage over 3DES both in security and performance when encrypting sensitive data passed through a URL.Those results are then used to build a secure web application to help and assist a broker during an open showing. The web application is then used together with information from interested buyers so it can be easy for the broker to contact them after the showing.

Encryption

ASP.NET CORE

Security

web application

Query String

AES

DES

Engineering and Technology

Teknik och teknologier

Oxidation, pickling and over-pickling mechanisms of high silicon alloyed steel grades / Mécanismes d'oxydation, de décapage et de sur-décapage des aciers fortement alliés au silicium

Alaoui Mouayd, Amine

30 January 2014

Les mécanismes d'oxydation, de décapage et sur-décapage d'un acier bas carbone est d'un acier fortement allié au silicium (1,6 et 3.2 % en masse de silicium) ont été étudiés. Le suivi de l'oxydation par thermogravimétrie et la caractérisation de la calamine des aciers fortement alliés au silicium a montré un effet très marquant de passivation de la couche de silice. Les calamines des échantillons modèles sont composées de couches d'hématite, magnétite et wüstite partiellement décomposée en fer et magnétite pour l'acier bas carbone. Pour l'acier au silicium, la fayalite est présente à l'interface acier/wüstite sous forme de grains ou d'une couche interne. Le suivi du potentiel de circuit ouvert pendant le décapage et sur-décapage de ces échantillons a montré un potentiel de corrosion stable et anodique pour les oxydes de fer et une chute drastique de ce potentiel au contact de l'acide avec le métal. Le suivi du taux de dissolution totale par ICP-AES combiné avec des mesures de courant de corrosion par la méthode de Tafel a montré une contribution importante de la dissolution électrochimique par oxydation de la wüstite et la magnétite et réduction de Fe3+ issu de la dissolution chimique de l'hématite et la magnétite. La fayalite est libérée dans la solution par dissolution de la wüstite ou du métal adjacents. Après le contact acide/metal, toutes les dissolutions sont exclusivement électrochimiques par corrosion du métal et réduction de la magnétite (cas des calamines industrielles). La spectroscopie d'impédance électrochimique a été utilisée pour la première fois pour ce type d'étude. L'estimation des valeurs de capacité a montré un comportement pseudo passif pour la couche d’hématite et d’électrode poreuse pour la wüstite. / Oxidation, pickling and over-pickling mechanisms of a low carbon steel and a high alloyed steel (1.6 and 3.2 wt.% Si) were investigated. The monitoring of oxidation with thermogravimetry and characterization of scale showed a very important passivating effect of the silica layer. Model scales are composed of layers of hematite, magnetite and partially decomposed wüstite into iron and magnetite for the low carbon steel. For the silicon steel, fayalite is present in the steel/wüstite interface as grains or an internal layer. Open circuit potential measurements during pickling and over-pickling of these samples showed a stable and anodic corrosion potential for iron oxides and a significant potential jump once the acid reaches the metal. The monitoring of the total dissolution rate with ICP-AES coupled with corrosion current measurements with the Tafel method showed an important contribution of electrochemical dissolution by oxidation of wüstite and magnetite and reduction of Fe+3 from chemical dissolution of hematite. Fayalite is liberated in the solution by dissolution of the surrounding wüstite or metal. After the contact acid/metal, all dissolutions are exclusively electrochemical by corrosion of the metal and reduction of magnetite (case for industrial scales). Electrochemical impedance spectroscopy was used for the first time for this kind of studies. The estimation of the capacitance values showed a passive like behaviour for hematite and a porous electrode one for wüstite.

Acier au silicium

Oxydation

Décapage et sur-décapage

ICP-AES

Impédance

Oxidation

Silicon steel

620

CROSSTALK BASED SIDE CHANNEL ATTACKS IN FPGAs

Ramesh, Chethan

10 April 2020

As FPGA use becomes more diverse, the shared use of these devices becomes a security concern. Multi-tenant FPGAs that contain circuits from multiple independent sources or users will soon be prevalent in cloud and embedded computing environments. The recent discovery of a new attack vector using neighboring long wires in Xilinx SRAM FPGAs presents the possibility of covert information leakage from an unsuspecting user's circuit. The work makes two contributions that extend this finding. First, we rigorously evaluate several Intel SRAM FPGAs and confirm that long wire information leakage is also prevalent in these devices. Second, we present the first successful attack on an unsuspecting circuit in an FPGA using information passively obtained from neighboring long-lines. Information obtained from a single AES S-box input wire combined with analysis of encrypted output is used to rapidly expose an AES key. This attack is performed remotely without modifying the victim circuit, using electromagnetic probes or power measurements, or modifying the FPGA in any way. We show that our approach is effective for three different FPGA devices. Our results demonstrate that the attack can recover encryption keys from AES circuits running at 50MHz. Finally, we present results from the AES attack performed using a cloud FPGA in a Microsoft Project Catapult cluster. These experiments show the effect can be used to attack a remotely-accessed cloud FPGA.

FPGA security

crosstalk

Side channel attack

AES

Microsoft Catapult

Electrical and Computer Engineering

Hardwarově akcelerovaný přenos dat s využitím TLS protokolu / Hardware accelerated data transfer using TLS protocol

Zugárek, Adam

January 2020

This paper describes implementation of the whole cryptographic protocol TLS including control logic and used cryptographic systems. The goal is to implement an application in the FPGA technology, so it could be used in hardware accelerated network card. The reason for this is new supported higher transmission speeds that Ethernet is able to operate on, and the absence of implementation of this protocol on FPGA. In the first half of this paper is described theory of cryptography followed by description of TLS protocol, its development, structure and operating workflow. The second half describes the implementation on the chosen technology that is also described here. It is used already existing solutions of given cryptographic systems for the implementation, or at least their parts that are modified if needed for TLS. It was implemented just several parts of whole protocol, such are RSA, Diffie-Hellman, SHA and part of AES. Based on these implementations and continuing studying in this matter it was made conclusion, that FPGA technology is inappropriate for implementation of TLS protocol and its control logic. Recommendation was also made to use FPGA only for making calculations of given cryptographic systems that are controlled by control logic from software implemented on standard processors.

Zabezpečený převodník standardu RS-232 na Internet / Secure converter for an RS-232 standard to the Internet

Pokorný, Michal

January 2010

Master´s thesis tries to find a solution to make a secure transmission channel between virtual serial ports on the personal computer and the serial ports on the Rabbit RCM3700 development KIT. Today’s communications channels don't offer appropriate security of a whole communication. Therefore it depends on get-togethers, in order to realize this security themselves. This security means ensuring reliable transmission of data to be encrypted between parties so that any attacker is not able to read real-time, or eventually change them. As a result of this Master thesis is the design and implementation, which in addition to encryption algorithm provides sufficient security and authenticity of communication between the parties. As an encryption algorithm has been chosen widely used AES algorithm and as authentication algorithm has been chosen algorithm, which for authenticity requires knowledge of the secret key.

Elektromagnetická analýza / Electromagnetic analysis

Kolofík, Josef

January 2012

This thesis deals with electromagnetic analysis and applications of electromagnetic side channel. The first and second part describes the basics of cryptography, function of cryptographic module and side-channel attacks. The third part discusses the electromagnetic analysis, construction of probe, a description of the laboratory workplace, the electromagnetic emission of PIC16F84A, AES and preparation for laboratory measurements. The fourth part describes specific laboratory measurements and extracting the useful signal. In the fifth part of the thesis presents the results of processing the measured values, the outputs generated by scripts and found the link between measured curves and AES encryption key. In the sixth part of the thesis are analyzed the basics of defense against side channel attack.