Návrh bezpečnostní infrastruktury elektronického archivu / Design of security infrastructure for electronic archive

Doležel, Radek

January 2009

This master's thesis deals with design of security infrastructure for electronic archive. In theoretical part is disscus about technical resources which are based on security services and protocols and methods which are used for protection. On basics of theoretical part is designed model of security infrastructure and it is built in laboratory. Model of security infrastructure is based on Open Source Software and as safety storages for private user authentication data are used cryptographic USB tokens. This master's thesis includes design and construction of real infrastructure of secured electronic archive. In each part of master's thesis is put main emphases on security and clear explanation from the beginning of desing of model of security infrastructure for electronic archive to finish of construction.

Securing Wireless Communication via Information-Theoretic Approaches: Innovative Schemes and Code Design Techniques

Shoushtari, Morteza

21 June 2023

Historically, wireless communication security solutions have heavily relied on computational methods, such as cryptographic algorithms implemented in the upper layers of the network stack. Although these methods have been effective, they may not always be sufficient to address all security threats. An alternative approach for achieving secure communication is the physical layer security approach, which utilizes the physical properties of the communication channel through appropriate coding and signal processing. The goal of this Ph.D. dissertation is to leverage the foundations of information-theoretic security to develop innovative and secure schemes, as well as code design techniques, that can enhance security and reliability in wireless communication networks. This dissertation includes three main phases of investigation. The first investigation analyzes the finite blocklength coding problem for the wiretap channel model which is equipped with the cache. The objective was to develop and analyze a new wiretap coding scheme that can be used for secure communication of sensitive data. Secondly, an investigation was conducted into information-theoretic security solutions for aeronautical mobile telemetry (AMT) systems. This included developing a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system, as well as examining the potential of post-quantum cryptography approaches as future secrecy solutions for AMT systems. The investigation focused on exploring code-based techniques and evaluating their feasibility for implementation. Finally, the properties of nested linear codes in the wiretap channel model have been explored. Investigation in this phase began by exploring the duality relationship between equivocation matrices of nested linear codes and their corresponding dual codes. Then a new coding algorithm to construct the optimum nested linear secrecy codes has been invented. This coding algorithm leverages the aforementioned duality relationship by starting with the worst nested linear secrecy codes from the dual space. This approach enables us to derive the optimal nested linear secrecy code more efficiently and effectively than through a brute-force search for the best nested linear secrecy codes directly.

Wireless communication security

information-theoretic security

wiretap channel

wiretap caching channel

secrecy coding

error-correction coding

coset coding

aeronautical mobile telemetry security

post-quantum cryptosystems

cryptographic algorithms

nested linear codes

duality relationship in coding theory

dual codes

optimum nested linear secrecy codes

Engineering

Energy efficiency in AES encryption on ARM Cortex CPUs : Comparative analysis across modes of operation, data sizes, and key lengths

Dupré, Gene

January 2024

This thesis examines the energy efficiency of Advanced Encryption Standard (AES) encryption across various modes of operation (ECB, CBC, CFB, OFB, CTR, GCM, and CCM) on ARM Cortex-A53, Cortex-A72, and Cortex-A76 processors, using Raspberry Pi models 3, 4, and 5 as the experimental platforms. The study primarily investigates the impact of key lengths (128, 192, and 256 bits) and data sizes on energy consumption during encryption tasks. Using an experimental setup with the Raspberry Pi single-board computers, energy consumption was measured and analyzed through repeated encryption operations and data collection via a power meter interfaced with a database. The results reveal only modest increases in energy consumption with larger key lengths across all tested modes and data sizes, suggesting that while key length incrementally affects energy usage, the impact remains relatively minor, thus not significantly compromising energy efficiency for enhanced security. The analysis further shows that ECB mode consistently exhibits the lowest energy consumption, with CTR and CBC not far behind, followed by OFB and then CFB being the least effective among the traditional modes, with AEAD modes like GCM and CCM demanding substantially higher energy, reflecting their more complex processing requirements. Additionally, the study highlights the influence of data size on energy efficiency, showing a decrease in energy consumption per kilobyte with increasing file size up to a certain point, beyond which the benefits diminish. This thesis contributes to a deeper understanding of the trade-offs between security features and energy efficiency in AES encryption on ARM processors, offering insights into scenarios where energy consumption is a critical concern. The findings underscore the importance of selecting appropriate encryption modes and configurations based on the specific requirements and constraints of hardware environments aimed at optimizing energy efficiency in cryptographic operations. Future research could expand on a broader array of ARM-based devices to improve the biases from the Raspberry Pi boards and enhance the reliability of the conclusions drawn from the data.

AES encryption

ARM Cortex processors

encryption modes

data size impact

key length

energy efficiency

embedded systems

cryptographic analysis

ECB

CBC

CTR

OFB

CFB

GCM

CCM

encryption efficiency

cybersecurity

power-efficient cryptography

energy profiles

Information Systems, Social aspects

AspectKE*: Security aspects with program analysis for distributed systems

Fan, Yang, Masuhara, Hidehiko, Aotani, Tomoyuki, Nielson, Flemming, Nielson, Hanne Riis

January 2010

Enforcing security policies to distributed systems is difficult, in particular, when a system contains untrusted components. We designed AspectKE*, a distributed AOP language based on a tuple space, to tackle this issue. In AspectKE*, aspects can enforce access control policies that depend on future behavior of running processes. One of the key language features is the predicates and functions that extract results of static program analysis, which are useful for defining security aspects that have to know about future behavior of a program. AspectKE* also provides a novel variable binding mechanism for pointcuts, so that pointcuts can uniformly specify join points based on both static and dynamic information about the program. Our implementation strategy performs fundamental static analysis at load-time, so as to retain runtime overheads minimal. We implemented a compiler for AspectKE*, and demonstrate usefulness of AspectKE* through a security aspect for a distributed chat system.

aspect oriented programming

program analysis

security policies

distributed systems

tuple spaces

Data processing Computer science

Language Constructs and Features (E.2)

Abstract data types

Classes and objects (NEW)

Concurrent programming structures

Constraints (NEW)

Control structures

Coroutines

Data types and structures

Dynamic storage management

Frameworks (NEW)

Inheritance (NEW)

Input/output

Modules, packages

Patterns (NEW)

Polymorphism (NEW)

Procedures, functions, and subroutines

Recursion

Security and Protection (K.6.5)

Access controls

Authentication

Cryptographic controls

Information flow controls

Security kernels**

Verification**

Algebraic approaches to semantics

Denotational semantics

Operational semantics

Partial evaluation (NEW)

Process models (NEW)

Program analysis (NEW)

Analýza a optimalizace datové komunikace pro telemetrické systémy v energetice / Analysis and Optimization of Data Communication for Telemetric Systems in Energy

Fujdiak, Radek

January 2017

Telemetry system, Optimisation, Sensoric networks, Smart Grid, Internet of Things, Sensors, Information security, Cryptography, Cryptography algorithms, Cryptosystem, Confidentiality, Integrity, Authentication, Data freshness, Non-Repudiation.