On Secure Administrators for Group Messaging Protocols

Balbas Gutierrez, David

January 2021

In the smartphone era, instant messaging is fully embedded in our daily life. Messaging protocols must preserve the confidentiality and authenticity of sent messages both in two-party conversations and in group chats, in which the list of group members may suffer modifications over time. Hence, a precise characterization of their security is required. In this thesis, we analyze the cryptographic properties that are desirable in secure messaging protocols, particularly in asynchronous group key agreement protocols. Our main contribution is a study of the administration of a messaging group, which is a common scenario in which a subset of the group members (the administrators) are the only users allowed to modify the group structure by adding and removing group members. As we discuss, enabling secure group administration mechanisms can enhance the security of messaging protocols. For this purpose, we introduce a new primitive which extends the continuous group key agreement (CGKA) primitive to capture secure administration, which we denote by administrated CGKA (A-CGKA). The definition is followed by a correctness notion and an informal security description. We present two constructions of our A-CGKA that can be built on top of any CGKA: individual admin signatures (IAS), and dynamic group signature (DGS), both constructed using signature schemes. Furthermore, we provide a detailed overview of secure group messaging in which we discuss group evolution, efficiency, concurrency, and different adversarial models. We introduce a novel CGKA correctness definition (in the so-called propose-and-commit paradigm), followed by a security game that incorporates the correctness properties. We also survey some variants of the TreeKEM protocol and compare their security. / I de smarta telefonernas tid är direktmeddelanden en självklar del av vår vardag. Meddelandeprotokoll måste upprätthålla konfidentialitet och autenticitet för skickade meddelanden både i tvåpartskonversationer samt i gruppchatter vars medlemslistor kan förändras över tid. Därför krävs en precis karaktärisering av deras säkerhet. I detta arbete analyserar vi de kryptografiska egenskaper som är önskvärda i meddelandeprotokoll med fokus på asynkrona gruppnyckelavtalsprotokoll (group key agreement protocols). Arbetets huvudsakliga bidrag till området är en studie av administrationen av en meddelandegrupp. Detta är ett vanligt förekommande scenario där endast en delmängd av gruppmedlemmarna (administratörerna) tillåts modifiera gruppens struktur genom att lägga till och ta bort medlemmar. Som diskuteras i arbetet kan användandet av säkra gruppadministrationsmekanismer (group administration mechanisms) förbättra säkerheten för meddelandeprotokoll. I detta syfte introducerar vi en ny kryptografisk primitiv vilken uttökar den s.k. “continuous group key agreement”-primitiven (CGKA) till att även innefatta säker administration. Denna primitiv kallar vi administrated CGKA (A-CGKA), vars definition följs av en korrekthetsdefinition och en informell säkerhetsbeskrivning. Vi presenterar två konstruktioner av A-CGKA som kan byggas ovanpå vilken CGKA som helst: individual admin signatures (IAS) och dynamic group signature (DGS), som båda konstrueras via signaturscheman. Utöver detta ger vi även en detaljerad överblick över säkra gruppmeddelanden i vilken vi diskuterar gruppevolution, effektivitet, samtidighet och olika fientliga modeller. Vi introducerar en ny definition av korrekthet för CGKA (vilket följer paradigmen propose-and-commit) följt av ett s.k. “security game” som inkorporerar korrekthetsegenskaperna. Vi undersöker även varianter av TreeKEM-protokollet och jämför deras säkerhet.

Computer Sciences

Datavetenskap (datalogi)

An Exploration of Mathematical Applications in Cryptography

Kosek, Amy

22 May 2015

No description available.

Mathematics

Mathematics Education

cryptography

cryptographic ciphers

number theory

elliptic curve cryptography

Design Methodology for Differential Power Analysis Resistant Circuits

Manchanda, Antarpreet Singh

21 October 2013

No description available.

Computer Engineering

DPA

Differential Power Analysis

SDMLp

Side Channel Attacks

Cryptographic circuits

Design flow

Optimization of Physical Unclonable Function Protocols for Lightweight Processing

Pinto, Carol Suman

01 September 2016

Physically unclonable functions are increasingly used as security primitives for device identification and anti-counterfeiting. However, PUFs are associated with noise and bias which in turn affects its property of reliability and predictability. The noise is corrected using fuzzy extractors, but the helper data generated during the process may cause leakage in min-entropy due to the bias observed in the response. This thesis offers two optimization techniques for PUF based protocols. The first part talks about the construction of a secure enrollment solution for PUFs on a low-end resource-constrained device using a microcontroller and a secure networked architecture. The second part deals with the combined optimization of min-entropy and error-rate using symbol clustering techniques to improve the reliability of SRAM PUFs. The results indicate an increase in min-entropy without much effect on the error rate but at the expense of PUF size. / Master of Science

Physical Unclonable Functions (PUFs)

Static Random Access Memory (SRAM)

Cryptographic protocols

Efficiency of Logic Minimization Techniques for Cryptographic Hardware Implementation

Raghuraman, Shashank

15 July 2019

With significant research effort being directed towards designing lightweight cryptographic primitives, logical metrics such as gate count are extensively used in estimating their hardware quality. Specialized logic minimization tools have been built to make use of gate count as the primary optimization cost function. The first part of this thesis aims to investigate the effectiveness of such logical metrics in predicting hardware efficiency of corresponding circuits. Mapping a logical representation onto hardware depends on the standard cell technology used, and is driven by trade-offs between area, performance, and power. This work evaluates aforementioned parameters for circuits optimized for gate count, and compares them with a set of benchmark designs. Extensive analysis is performed over a wide range of frequencies at multiple levels of abstraction and system integration, to understand the different regions in the solution space where such logic minimization techniques are effective. A prototype System-on-Chip (SoC) is designed to benchmark the performance of these circuits on actual hardware. This SoC is built with an aim to include multiple other cryptographic blocks for analysis of their hardware efficiency. The second part of this thesis analyzes the overhead involved in integrating selected authenticated encryption ciphers onto an SoC, and explores different design alternatives for the same. Overall, this thesis is intended to serve as a comprehensive guideline on hardware factors that can be overlooked, but must be considered during logical-to-physical mapping and during the integration of standalone cryptographic blocks onto a complete system. / Master of Science / The proliferation of embedded smart devices for the Internet-of-Things necessitates a constant search for smaller and power-efficient hardware. The need to ensure security of such devices has been driving extensive research on lightweight cryptography, which focuses on minimizing the logic footprint of cryptographic hardware primitives. Different designs are optimized, evaluated, and compared based on the number of gates required to express them at a logical level of abstraction. The expectation is that circuits requiring fewer gates to represent their logic will be smaller and more efficient on hardware. However, converting a logical representation into a hardware circuit, known as “synthesis”, is not trivial. The logic is mapped to a “library” of hardware cells, and one of many possible solutions for a function is selected - a process driven by trade-offs between area, speed, and power consumption on hardware. Our work studies the impact of synthesis on logical circuits with minimized gate count. We evaluate the hardware quality of such circuits by comparing them with that of benchmark designs over a range of speeds. We wish to answer questions such as “At what speeds do logical metrics rightly predict area- and power-efficiency?”, and “What impact does this have after integrating cryptographic primitives onto a complete system?”. As part of this effort, we build a System-on-Chip in order to observe the efficiency of these circuits on actual hardware. This chip also includes recently developed ciphers for authenticated encryption. The second part of this thesis explores different ways of integrating these ciphers onto a system, to understand their effect on the ciphers’ compactness and performance. Our overarching aim is to provide a suitable reference on how synthesis and system integration affect the hardware quality of cryptographic blocks, for future research in this area.

Logic synthesis

Cryptographic hardware

Circuit minimization

Leon-3

System-on-Chip

Authenticated encryption hardware

From Theory to Practice: Deployment-grade Tools and Methodologies for Software Security

Rahaman, Sazzadur

25 August 2020

Following proper guidelines and recommendations are crucial in software security, which is mostly obstructed by accidental human errors. Automatic screening tools have great potentials to reduce the gap between the theory and the practice. However, the goal of scalable automated code screening is largely hindered by the practical difficulty of reducing false positives without compromising analysis quality. To enable compile-time security checking of cryptographic vulnerabilities, I developed highly precise static analysis tools (CryptoGuard and TaintCrypt) that developers can use routinely. The main technical enabler for CryptoGuard is a set of detection algorithms that refine program slices by leveraging language-specific insights, where TaintCrypt relies on symbolic execution-based path-sensitive analysis to reduce false positives. Both CryptoGuard and TaintCrypt uncovered numerous vulnerabilities in real-world software, which proves the effectiveness. Oracle has implemented our cryptographic code screening algorithms for Java in its internal code analysis platform, Parfait, and detected numerous vulnerabilities that were previously unknown. I also designed a specification language named SpanL to easily express rules for automated code screening. SpanL enables domain experts to create domain-specific security checking. Unfortunately, tools and guidelines are not sufficient to ensure baseline security in internet-wide ecosystems. I found that the lack of proper compliance checking induced a huge gap in the payment card industry (PCI) ecosystem. I showed that none of the PCI scanners (out of 6), we tested are fully compliant with the guidelines, issuing certificates to merchants that still have major vulnerabilities. Consequently, 86% (out of 1,203) of the e-commerce websites we tested, are non-compliant. To improve the testbeds in the light of our work, the PCI Security Council shared a copy of our PCI measurement paper to the dedicated companies that host, manage, and maintain the PCI certification testbeds. / Doctor of Philosophy / Automatic screening tools have great potentials to reduce the gap between the theory and the practice of software security. However, the goal of scalable automated code screening is largely hindered by the practical difficulty of reducing false positives without compromising analysis quality. To enable compile-time security checking of cryptographic vulnerabilities, I developed highly precise static analysis tools (CryptoGuard and TaintCrypt) that developers can use routinely. Both CryptoGuard and TaintCrypt uncovered numerous vulnerabilities in real-world software, which proves the effectiveness. Oracle has implemented our cryptographic code screening algorithms for Java in its internal code analysis platform, Parfait, and detected numerous vulnerabilities that were previously unknown. I also designed a specification language named SpanL to easily express rules for automated code screening. SpanL enables domain experts to create domain-specific security checking. Unfortunately, tools and guidelines are not sufficient to ensure baseline security in internet-wide ecosystems. I found that the lack of proper compliance checking induced a huge gap in the payment card industry (PCI) ecosystem. I showed that none of the PCI scanners (out of 6), we tested are fully compliant with the guidelines, issuing certificates to merchants that still have major vulnerabilities. Consequently, 86% (out of 1,203) of the e-commerce websites we tested, are non-compliant. To improve the testbeds in the light of our work, the PCI Security Council shared a copy of our PCI measurement paper to the dedicated companies that host the PCI certification testbeds.

Cryptographic API misuses

Static program analysis

Benchmark

Payment card industry

Internet measurement

Website scanning

Web security

Srovnání kryptografických primitiv využívajících eliptických křivek na různých hardwarových platformách / Comparison of cryptographic primitives used in elliptic curve cryptograpny on different hardware platforms

Brychta, Josef

January 2018

This master thesis deals with the implementation of variants of cryptographic libraries containing primitives for elliptic curves. By creating custom metering charts to compare each implementation. The main task was not only the implementation of libraries but also the design and implementation of test scenarios together with the creation of measurement methods for different libraries and hardware platforms. As a result, a number of experimental tests were conducted on different curves and their parameters so that the results of the work included complex problems of elliptic curves in cryptography. The main parameters were power, time and memory consumption.

Performance Evaluation of Cryptographic Algorithms on ESP32 with Cryptographic Hardware Acceleration Feature

Jin, Qiao

January 2022

The rise of the Internet of Things (IoT) and autonomous robots/vehicles comes with a lot of embedded electronic systems. Small printed circuit boards with microcomputers will be embedded almost everywhere. Therefore, the security and data protection of those systems will be a significant challenge to take into consideration for the future development of IoT devices. Cryptographic algorithms can be used to provide confidentiality and integrity for data transmitted between those embedded devices. It is important to know what kind of algorithm is the most suitable for the specified task and the selected embedded device.  In this thesis, several commonly used cryptographic algorithms are evaluated and an EPS32 based IoT device is chosen as the evaluation platform. ESP32 is a series of low cost and low power System-on-Chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth. Additionally, ESP32 has the hardware acceleration feature for commonly used cryptographic algorithms. The goal of this thesis is to evaluate the performances of different cryptographic algorithms on the ESP32 with and without using the hardware acceleration feature. The execution times of different cryptographic algorithms processing data with varying sizes are collected, and the performance of each cryptographic algorithm is then evaluated.  A data logging scenario is evaluated as a case study where the ESP32 periodically sends data to a remote database. Under different configurations of the ESP32, the transmission time of encrypted and non-encrypted communications via Hypertext Transfer Protocol Secure (HTTPS) and Hypertext Transfer Protocol (HTTP) will be compared.  The results can be used to simplify the calculation of performance/protection trade-offs for specific algorithms. It also shows that the built-in hardware acceleration has a significant impact on increasing those algorithms’ performances. For Advanced Encryption Standard (AES), the throughput for encryption increased by 257.8%, and for decryption 222.7%. For Secure Hash Algorithm (SHA-2), the throughput increased by 165.2%. For Rivest-Shamir-Adleman (RSA), the encryption throughput has a decrease of 40.7%, and decryption has an increase of 184%. Furthermore, the results can also aid the design and development of a secure IoT system incorporating devices built with ESP32. / Uppkomsten av Internet of Things (IoT) och autonoma robotar / fordon kommer med många inbyggda elektroniska system. Små kretskort med mikrodatorer kommer att vara inbäddade nästan överallt. Därför kommer säkerheten och dataskyddet för dessa system att vara en betydande utmaning att ta hänsyn till för den framtida utvecklingen av IoT-enheter. Kryptografiska algoritmer kan användas för att ge sekretess och integritet för data som överförs mellan de inbäddade enheterna. Det är viktigt att veta vilken typ av algoritm som är bäst lämpad för den angivna uppgiften och den valda inbäddade enheten.  I denna avhandling utvärderas flera vanliga kryptografiska algoritmer och en EPS32-baserad IoT-enhet väljs som utvärderingsplattform. ESP32 är en serie av låga och lågeffektiva system-on-chip-mikrokontroller med integrerat Wi-Fi och dual-mode Bluetooth. Dessutom har ESP32 hårdvaruaccelereringsfunktionen för vanliga kryptografiska algoritmer. Målet med denna avhandling är att utvärdera prestanda för olika kryptografiska algoritmer på ESP32 med och utan att använda hårdvaruaccelereringsfunktionen. Exekveringstiderna för olika kryptografiska algoritmer som behandlar data med olika storlekar samlas in och prestanda för varje kryptografisk algoritm utvärderas sedan.  Ett dataloggningsscenario utvärderas som en fallstudie där ESP32 regelbundet skickar data till en fjärrdatabas. Under olika konfigurationer av ESP32 jämförs överföringstiden för krypterad och icke-krypterad kommunikation via Hypertext Transfer Protocol Secure (HTTPS) och Hypertext Transfer Protocol (HTTP).  Resultaten kan användas för att förenkla beräkningen av prestanda / skydda avvägningar för specifika algoritmer. Det visar också att den inbyggda hårdvaruaccelerationen har en betydande inverkan på att öka dessa algoritmers prestanda. För Advanced Encryption Standard (AES) ökade genomströmningen för kryptering med 257,8% och för dekryptering 222,7%. För Secure Hash Algorithm (SHA-2) ökade kapaciteten med 165,2%. För Rivest-Shamir-Adleman (RSA) har krypteringsflödet minskat med 40,7% och dekryptering har ökat med 184%. Dessutom kan resultaten också hjälpa till att utforma och utveckla ett säkert IoT-system som innehåller enheter byggda med ESP32.

Computer and Information Sciences

Data- och informationsvetenskap

Context-Based Authentication and Lightweight Group Key Establishment Protocol for IoT Devices

Ferrari, Nico

January 2019

The concept of the Internet of Things is driven by advancements of the Internet with the interconnection of heterogeneous smart objects using different networking and communication technologies. With the rapidly increasing number of interconnected devices present in the life of a person, providing authentication and secure communication between them is considered a key challenge. The integration of Wireless Sensor Networks in the Internet of Things creates new obstacles due to the necessity of finding a balance between the resources utilization and the applied security solutions. In multicast group communications, the energy consumption, bandwidth and processing overhead at the nodes are minimized in comparison to a point-to-point communication system. To securely transmit a message in order to maintain confidentiality of the data and the user’s privacy, usually involves human interaction or the pre-agreement upon some key, the latter unknown to an external attacker. In this thesis, the author proposed an authentication protocol based on the similar context between the correct devices and lightweight computationally secure group-key establishment, avoiding any kind of human involvement. The goal is achieved by having the devices calculate a fingerprint from their ambient context and through a fuzzy commitment scheme generating a commitment respectively opening value which is used to generate a common secret key between them. The tests are effected on real world data accumulated from different environments. The proposed scheme is based on elliptic curve cryptography and cryptographic one-way accumulators. Its feasibility is analyzed by implementing the group key establishment phase in the Contiki operating system and by simulating it with the Cooja simulator. Furthermore, the applicability of the protocol is analyzed and justified by an analysis of the storage overhead, communication overhead, and energy consumption. The simulator shows an energy consumption of only 112 mJ per node for group key establishment. The results obtained in this thesis demonstrate the feasibility of the scheme, it’s computational, and communication costs are further comparable to other similar approaches.

Internet of Things

Context-based authentication

Fuzzy commitment scheme

Cryptographic key establishment

Lightweight cryptography

Contiki

One-way accumulators

Computer Engineering

Datorteknik

Lyra: uma função de derivação de chaves com custos de memória e processamento configuráveis. / Lyra: password-based key derivation with tunable memory and processing costs.

Almeida, Leonardo de Campos

16 March 2016

Este documento apresenta o Lyra, um novo esquema de derivação de chaves, baseado em esponjas criptográficas. O Lyra foi projetado para ser estritamente sequencial, fornecendo um nível elevado de segurança mesmo contra atacantes que utilizem múltiplos núcleos de processamento, como uma GPU ou FPGA. Ao mesmo tempo possui uma implementação simples em software e permite ao usuário legítimo ajustar o uso de memória e tempo de processamento de acordo com o nível de segurança desejado. O Lyra é, então, comparado ao scrypt, mostrando que esta proposta fornece um nível se segurança mais alto, além de superar suas deficiências. Caso o atacante deseje realizar um ataque utilizando pouca memória, o tempo de processamento do Lyra cresce exponencialmente, enquanto no scrypt este crescimento é apenas quadrático. Além disto, para o mesmo tempo de processamento, o Lyra permite uma utilização maior de memória, quando comparado ao scrypt, aumentando o custo de ataques de força bruta. / This document presents Lyra, a password-based key derivation scheme based on cryptographic sponges. Lyra was designed to be strictly sequential, providing strong security even against attackers that use multiple processing cores, such as FPGAs or GPUs. At the same time, it is very simple to implement in software and allows legitimate users to tune its memory and processing costs according to the desired level of security. We compare Lyra with scrypt, showing how this proposal provides a higher security level and overcomes limitations of scrypt. If the attacker wishes to perform a low-memory attack against the algorithm, the processing cost grwos expontetialy, while in scrypt, this growth is only quadratic. In addition, for an identical processing time, Lyra allows for a higher memory usage than its counterparts, further increasing the cost of brute force attacks.

Criptologia

Cryptographic sponges

Derivação de chaves

Esponjas criptográficas

Memória RAM

Memory usage

Password-based key derivation

Security

Segurança de redes

Utilização de memória