Lyra: uma função de derivação de chaves com custos de memória e processamento configuráveis. / Lyra: password-based key derivation with tunable memory and processing costs.

Leonardo de Campos Almeida

16 March 2016

Este documento apresenta o Lyra, um novo esquema de derivação de chaves, baseado em esponjas criptográficas. O Lyra foi projetado para ser estritamente sequencial, fornecendo um nível elevado de segurança mesmo contra atacantes que utilizem múltiplos núcleos de processamento, como uma GPU ou FPGA. Ao mesmo tempo possui uma implementação simples em software e permite ao usuário legítimo ajustar o uso de memória e tempo de processamento de acordo com o nível de segurança desejado. O Lyra é, então, comparado ao scrypt, mostrando que esta proposta fornece um nível se segurança mais alto, além de superar suas deficiências. Caso o atacante deseje realizar um ataque utilizando pouca memória, o tempo de processamento do Lyra cresce exponencialmente, enquanto no scrypt este crescimento é apenas quadrático. Além disto, para o mesmo tempo de processamento, o Lyra permite uma utilização maior de memória, quando comparado ao scrypt, aumentando o custo de ataques de força bruta. / This document presents Lyra, a password-based key derivation scheme based on cryptographic sponges. Lyra was designed to be strictly sequential, providing strong security even against attackers that use multiple processing cores, such as FPGAs or GPUs. At the same time, it is very simple to implement in software and allows legitimate users to tune its memory and processing costs according to the desired level of security. We compare Lyra with scrypt, showing how this proposal provides a higher security level and overcomes limitations of scrypt. If the attacker wishes to perform a low-memory attack against the algorithm, the processing cost grwos expontetialy, while in scrypt, this growth is only quadratic. In addition, for an identical processing time, Lyra allows for a higher memory usage than its counterparts, further increasing the cost of brute force attacks.

Criptologia

Derivação de chaves

Esponjas criptográficas

Memória RAM

Segurança de redes

Utilização de memória

Cryptographic sponges

Memory usage

Password-based key derivation

Security

Heuristic Optimization of Boolean Functions and Substitution Boxes for Cryptography

Burnett, Linda Dee

January 2005

Fundamental to the electronic security of information and communication systems, is the correct use and application of appropriate ciphers. The strength of these ciphers, particularly in their ability to resist cryptanalytic attacks, directly in uences the overall strength of the entire system. The strength of the underlying cipher is reliant upon a robust structure and the carefully designed interaction between components in its architecture. Most importantly, however, cipher strength is critically dependent on the strength of the individual components of which it is comprised. Boolean functions and substitution boxes (s-boxes) are among the most common and essential components of ciphers. This is because they are able to provide a cipher with strengthening properties to resist known and potential cryptanalytic attacks. Thus, it is not surprising that significant research effort has been made in trying to develop ways of obtaining boolean functions and substitution boxes with optimal achievable measures of desirable cryptographic properties. Three of the main cryptographic properties required by strong boolean functions and s-boxes are nonlinearity, correlation immunity and propagation criteria, with different cryptographic applications requiring different acceptable measures of these and other properties. As combinations of cryptographic properties exhibited by functions can be conicting, finding cryptographically strong functions often means that a trade-off needs to be made when optimizing property values. Throughout this thesis, the term "optimization" specifically refers to seeking to obtain the best achievable combination of target property values which may be exhibited by boolean functions and s-boxes, regardless of whether the relevant properties are conflicting or complementary. This thesis focusses on a particular class of techniques for obtaining strong functions for cryptographic applications, referred to as heuristic methods or, simply, heuristics. Three new heuristic methods, each aimed at generating boolean functions optimizing one or more of the main cryptographic properties mentioned above, in addition to other desirable properties, are presented. The first of the new heuristic methods developed for this thesis focusses on generating boolean functions which are balanced and exhibit very high nonlinearities. Highly nonlinear balanced functions are critical to many cryptographic applications, as they provide good resistance to linear cryptanalytic attacks. This first method is based on the recursive modification of a starting bent function and is shown to be highly successful and efficient at generating numerous such functions, which also exhibit low autocorrelation values, in a very short computational time. The generation of balanced, correlation immune boolean functions that also exhibit the confl icting property of high nonlinearity is the focus of the second new heuristic method developed for this thesis. By concatenating selected pairs of lower-dimensional boolean functions together in the Walsh Hadamard transform domain, direct optimization for both resilience and nonlinearity was able to take place at each level towards and for the final function. This second method was able to generate examples of boolean functions with almost all of the best known optimal combinations of target property values. Experiments have shown the success of this method in consistently generating highly nonlinear resilient boolean functions, for a range of orders of resilience, with such functions possessing optimal algebraic degree. A third new heuristic method, which searches for balanced boolean functions which satisfy a non-zero degree of propagation criteria and exhibit high nonlinearity, is presented. Intelligent bit manipulations in the truth table of starting functions, based on fundamental relationships between boolean function transforms and measures, provide the design rationale for this method. Two new function generation schemes have been proposed for this method, to efficiently satisfy the requirements placed on the starting functions utilized in the computational process. An optional process attempts to increase the algebraic degree of the resulting functions, without sacrificing the optimalities that are achievable. The validity of this method is demonstrated through the success of various experimental trials. Switching the focus from single output boolean functions to multiple output boolean functions (s-boxes), the effectiveness of existing heuristic techniques (namely Genetic Algorithm, Hill Climbing Method and combined Genetic Algorithm/Hill Climbing) in primarily being applied to improve the nonlinearity of s-boxes of various dimensions, is investigated. The prior success of these heuristic techniques for improving the nonlinearity of boolean functions has been previously demonstrated, as has the success of hill climbing in isolation when applied to bijective s-boxes. An extension to the bijective s-box optimization work is presented in this thesis. In this new research, a Genetic Algorithm, Hill Climbing Method and the two in combination are applied to the nonlinearity and autocorrelation optimization of regular NxM s-boxes (N > M) to investigate the effectiveness and efficiency of each of these heuristics. A new breeding scheme, utilized in the Genetic Algorithm and combined Genetic Algorithm/Hill Climbing trials, is also presented. The success of experimental results compared to random regular s-box generation is demonstrated. New research in applying the Hill Climbing Method to construct NxM sboxes (N > M) required to meet specific property criteria is presented. The consideration of the characteristics desired by the constructed s-boxes largely dictated the generation process. A discussion on the generation process of the component functions is included. Part of the results produced by experimental trials were incorporated into a commonly used family of stream ciphers, thus further supporting the use of heuristic techniques as a useful means of obtaining strong functions suitable for incorporation into practical ciphers. An analysis of the cryptographic properties of the s-box used in the MARS block cipher, the method of generation and the computational time taken to obtain this s-box, led to the new research reported in this thesis on the generation of MARS-like s-boxes. It is shown that the application of the Hill Climbing Method, with suitable requirements placed on the component boolean functions, was able to generate multiple MARS-like s-boxes which satisfied the MARS sbox requirements and provided additional properties. This new work represented an alternative approach to the generation of s-boxes satisfying the MARS sbox property requirements but which are cryptographically superior and can be obtained in a fraction of the time than that which was taken to produce the MARS s-box. An example MARS-like s-box is presented in this thesis. The overall value of heuristic methods in generating strong boolean functions and substitution boxes is clearly demonstrated in this thesis. This thesis has made several significant contributions to the field, both in the development of new, specialized heuristic methods capable of generating strong boolean functions, and in the analysis and optimization of substitution boxes, the latter achieved through applying existing heuristic techniques.

boolean function

substitution box

heuristic techniques

Genetic Algorithm

Hill Climbing

cryptographic properties

autocorrelation

balance

nonlinearity

correlation immunity

resilience

propagation criteria

Security primitives for ultra-low power sensor nodes in wireless sensor networks

Huang, An-Lun

05 May 2008

The concept of wireless sensor network (WSN) is where tiny devices (sensor nodes), positioned fairly close to each other, are used for sensing and gathering data from its environment and exchange information through wireless connections between these nodes (e.g. sensor nodes distributed through out a bridge for monitoring the mechanical stress level of the bridge continuously). In order to easily deploy a relatively large quantity of sensor nodes, the sensor nodes are typically designed for low price and small size, thereby causing them to have very limited resources available (e.g. energy, processing power). Over the years, different security (cryptographic) primitives have been proposed and refined aiming at utilizing modern processor’s power e.g. 32-bit or 64-bit operation, architecture such as MMX (Multi Media Extension) and etc. In other words, security primitives have targeted at high-end systems (e.g. desktop or server) in software implementations. Some hardware-oriented security primitives have also been proposed. However, most of them have been designed aiming only at large message and high speed hashing, with no power consumption or other resources (such as memory space) taken into considerations. As a result, security mechanisms for ultra-low power (<500µW) devices such as the wireless sensor nodes must be carefully selected or designed with their limited resources in mind. The objective of this project is to provide implementations of security primitives (i.e. encryption and authentication) suitable to the WSN environment, where resources are extremely limited. The goal of the project is to provide an efficient building block on which the design of WSN secure routing protocols can be based on, so it can relieve the protocol designers from having to design everything from scratch. This project has provided three main contributions to the WSN field.  Provides analysis of different tradeoffs between cryptographic security strength and performances, which then provide security primitives suitable for the needs in a WSN environment. Security primitives form the link layer security and act as building blocks for higher layer protocols i.e. secure routing protocol.  Implements and optimizes several security primitives in a low-power microcontroller (TI MSP430F1232) with very limited resources (256 bytes RAM, 8KB flash program memory). The different security primitives are compared according to the number of CPU cycles required per byte processed, specific architectures required (e.g. multiplier, large bit shift) and resources (RAM, ROM/flash) required. These comparisons assist in the evaluation of its corresponding energy consumption, and thus the applicability to wireless sensor nodes.  Apart from investigating security primitives, research on various security protocols designed for WSN have also been conducted in order to optimize the security primitives for the security protocols design trend. Further, a new link layer security protocol using optimized security primitives is also proposed. This new protocol shows an improvement over the existing link layer security protocols. Security primitives with confidentiality and authenticity functions are implemented in the TinyMote sensor nodes from the Technical University of Vienna in a wireless sensor network. This is to demonstrate the practicality of the designs of this thesis in a real-world WSN environment. This research has achieved ultra-low power security primitives in wireless sensor network with average power consumption less than 3.5 µW (at 2 second packet transmission interval) and 700 nW (at 5 second packet transmission interval). The proposed link layer security protocol has also shown improvements over existing protocols in both security and power consumption. / Dissertation (MEng (Computer Engineering))--University of Pretoria, 2008. / Electrical, Electronic and Computer Engineering / unrestricted

Ultra-low power

Security

Cryptographic primitives

Message authentication code (MAC)

Wireless sensor network (WSN)

OCB

UMAC

UCTD

Vote électronique : définitions et techniques d'analyse / Electronic Voting : Definitions and Analysis Techniques

Lallemand, Joseph

08 November 2019

Cette thèse porte sur l'étude de différents aspects de la sécurité des protocoles de vote électronique à distance. Ces protocoles décrivent comment organiser des élections par Internet de manière sécurisée. Ils ont notamment pour but d'apporter des garanties de secret du vote, et de vérifiabilité - ie, il doit être possible de s'assurer que les votes sont correctement comptabilisés. Nos contributions portent sur deux aspects principaux. Premièrement, nous proposons une nouvelle technique d'analyse automatique de propriétés d'équivalence, dans le modèle symbolique. De nombreuses propriétés en lien avec la vie privée s'expriment comme des propriétés d'équivalence, telles que le secret du vote en particulier, mais aussi l'anonymat ou la non-traçabilité. Notre approche repose sur le typage: nous mettons au point un système de typage qui permet d'analyser deux protocoles pour prouver leur équivalence. Nous montrons que notre système de typage est correct, c'est-à-dire qu'il implique effectivement l'équivalence de traces, à la fois pour des nombres bornés et non bornés de sessions. Nous comparons l'implémentation d'un prototype de notre système avec les autres outils existants pour l'équivalence symbolique, sur divers protocoles de la littérature. Cette étude de cas montre que notre procédure est bien plus efficace que la plupart des autres outils - au prix d'une perte de précision (notre outil peut parfois échouer à prouver certaines équivalences). Notre seconde contribution est une étude des définitions du secret du vote et de la vérifiabilité - ou, plus précisément, la vérifiabilité individuelle, une propriété qui requiert que chaque votant soit en mesure de vérifier que son propre vote a bien été pris en compte. Nous prouvons, aussi bien dans les modèles symboliques que calculatoire, que le secret du vote implique la vérifiabilité individuelle, alors même que l'intuition et des résultats voisins déjà établis semblaient indiquer que ces deux propriétés s'opposent. Notre étude met également en évidence une limitation des définitions existantes du secret du vote par jeux cryptographiques : elles supposent une urne honnête, et par conséquent expriment des garanties significativement plus faibles que celles que les protocoles visent à assurer. Nous proposons donc une nouvelle définition (par jeu) du secret du vote, contre une urne malhonnête. Nous relions notre définition à une notion de secret du vote par simulation, pour montrer qu'elle apporte des garanties fortes. Enfin, nous menons une étude de cas sur plusieurs systèmes de vote existants. / In this thesis we study several aspects of the security of remote electronic voting protocols. Such protocols describe how to securely organise elections over the Internet. They notably aim to guarantee vote privacy - ie, votes must remain secret -and verifiability - it must be possible to check that votes are correctly counted. Our contributions are on two aspects. First, we propose a new approach to automatically prove equivalence properties in the symbolic model. Many privacy properties can be expressed as equivalence properties, such as in particular vote privacy, but also anonymity or unlinkability. Our approach relies on typing: we design a type system that can typecheck two protocols to prove their equivalence. We show that our type system %, together with some additional conditions on the messages exchanged by the protocols, soundly implies trace equivalence, both for bounded and unbounded numbers of sessions. We compare a prototype implementation of our typechecker with other existing tools for symbolic equivalence, on a variety of protocols from the literature. This case study shows that our procedure is much more efficient than most other tools - at the price of losing precision (our tool may fail to prove some equivalences). Our second contribution is a study of the definitions of privacy and verifiability - more precisely, individual verifiability, a property that requires each voter to be able to check that their own vote is counted. We prove that, both in symbolic and computational models, privacy implies individual verifiability, contrary to intuition and related previous results that seem to indicate that these two properties are opposed. Our study also highlights a limitation of existing game-based definitions of privacy: they assume the ballot box is trusted, which makes for significantly weaker guarantees than what protocols aim for. Hence we propose a new game-based definition for vote privacy against a dishonest ballot box. We relate our definition to a simulation-based notion of privacy, to show that it provides meaningful guarantees, and conduct a case study on several voting schemes.

Sécurité

Protocoles cryptographiques

Vote électronique

Équivalence

Typage

Secret du vote

Security

Cryptographic protocols

Electronic voting

Equivalence

Type systems

Privacy

005.8

324.65

Algebraicko-diferenční analýza Keccaku / Algebraic-differential analysis of Keccak

Seidlová, Monika

January 2016

In this thesis, we analyze the cryptographic sponge function family Keccak - the winner of the SHA-3 Cryptographic Hash Standard competition. Firstly, we explore how higher order differentials can be used to forge a tag in a parallelizable MAC function. We introduce new terms and theory studying what affine spaces remain affine after one round of Keccak's underlying permutation Keccak-f. This allows us to improve the forgery. Secondly, collisions in Keccak could be generated from pairs of values, that follow particular differential trails in Keccak-f. We tested finding pairs for a given differential trail in reduced-round Keccak-f using algebraic techniques with the mathematics software SAGE. We found a pair in a 4-round trail in Keccak-f[50] in under 5 minutes and a 3-round trail in Keccak-f[100] in 80 seconds on a regular PC. Powered by TCPDF (www.tcpdf.org)

PKI based Encryption for Document Sharing, Optimized Storage, and Proof of Existence in the Cloud

Ratnayake, Yohan

January 2015

No description available.

Certificates

CA

Security Architecture

proxy server

CA server

CSP

Bitcoin block chain

cryptographic digest

proof of existence

digital notary service

timestamp

Kryptovirologie / Cryptovirology

Kubík, Pavel

January 2008

This thesis is focused on a relatively new branch of computer security called Cryptovirology. It uses cryptography and its principles in conjunction with designing and writing malicious codes (e.g. computer viruses, trojan horses, worms). Techniques such as viral propagation through computer networks, capabilities of current viruses and similar threats are described. Beside cryptography and computer viruses, design of the cryptovirus and methods of a cryptoviral extortion attack along with their related potential are also analyzed below in this paper. As a proof of the concept in the given area of cryptovirology, a demonstrational computer program was written. The program was implemented with the respect to the satisfaction of the essentials set to the cryptovirus.

Architectural Synthesis Techniques for Design of Correct and Secure ICs

Sundaresan, Vijay

January 2008

No description available.

Computer Science

Integrated Circuit Design

EDA

CAD for VLSI

Cryptographic Hardware Design

Secure Embedded Systems

Architectural Synthesis

BDD Based Synthesis Flow for Design of DPA Resistant Cryptographic Circuits

Chakkaravarthy, Manoj

19 April 2012

No description available.

Computer Engineering

Hardware Security

Differential Power Analysis (BDD)

Side channel Attacks (SCA)

Cryptographic Circuits

BDD Based Synthesis Flow

DPA Countermeasures

Secure and Efficient Implementations of Cryptographic Primitives

Guo, Xu

30 May 2012

Nowadays pervasive computing opens up many new challenges. Personal and sensitive data and computations are distributed over a wide range of computing devices. This presents great challenges in cryptographic system designs: how to protect privacy, authentication, and integrity in this distributed and connected computing world, and how to satisfy the requirements of different platforms, ranging from resource constrained embedded devices to high-end servers. Moreover, once mathematically strong cryptographic algorithms are implemented in either software or hardware, they are known to be vulnerable to various implementation attacks. Although many countermeasures have been proposed, selecting and integrating a set of countermeasures thwarting multiple attacks into a single design is far from trivial. Security, performance and cost need to be considered together. The research presented in this dissertation deals with the secure and efficient implementation of cryptographic primitives. We focus on how to integrate cryptographic coprocessors in an efficient and secure way. The outcome of this research leads to four contributions to hardware security research. First, we propose a programmable and parallel Elliptic Curve Cryptography (ECC) coprocessor architecture. We use a systematic way of analyzing the impact of System-on-Chip (SoC) integration to the cryptographic coprocessor performance and optimize the hardware/software codesign of cryptographic coprocessors. Second, we provide a hardware evaluation methodology to the NIST SHA-3 standardization process. Our research efforts cover both of the SHA-3 fourteen Second Round candidates and five Third Round finalists. We design the first SHA-3 benchmark chip and discuss the technology impact to the SHA-3 hardware evaluation process. Third, we discuss two technology dependent issues in the fair comparison of cryptographic hardware. We provide a systematic approach to do a cross-platform comparison between SHA-3 FPGA and ASIC benchmarking results and propose a methodology for lightweight hash designs. Finally, we provide guidelines to select implementation attack countermeasures in ECC cryptosystem designs. We discuss how to integrate a set of countermeasures to resist a collection of side-channel analysis (SCA) attacks and fault attacks. The first part of the dissertation discusses how system integration can affect the efficiency of the cryptographic primitives. We focus on the SoC integration of cryptographic coprocessors and analyze the system profile in a co-simulation environment and then on an actual FPGA-based SoC platform. We use this system-level design flow to analyze the SoC integration issues of two block ciphers: the existing Advanced Encryption Standard (AES) and a newly proposed lightweight cipher PRESENT. Next, we use hardware/software codesign techniques to design a programmable ECC coprocessor architecture which is highly flexible and scalable for system integration into a SoC architecture. The second part of the dissertation describes our efforts in designing a hardware evaluation methodology applied to the NIST SHA-3 standardization process. Our Application Specific Integrated Circuit (ASIC) implementation results of five SHA-3 finalists are the first ASIC real measurement results reported in the literature. As a contribution to the NIST SHA-3 competition, we provide timely ASIC implementation cost and performance results of the five SHA-3 finalists in the SHA-3 standard final round evaluation process. We define a consistent and comprehensive hardware evaluation methodology to the NIST SHA-3 standardization process from Field Programmable Gate Array (FPGA) prototyping to ASIC implementation. The third part of the dissertation extends the discussion on hardware benchmarking of NIST SHA-3 candidates by analyzing the impact of technology to the fair comparison of cryptographic hardware. First, a cross-platform comparison between the FPGA and ASIC results of SHA-3 designs demonstrates the gap between two sets of benchmarking results. We describe a systematic approach to analyze a SHA-3 hardware benchmark process for both FPGAs and ASICs. Next, by observing the interaction of hash algorithm design, architecture design, and technology mapping, we propose a methodology for lightweight hash implementation and apply it to CubeHash optimizations. Our ultra-lightweight design of the CubeHash algorithm represents the smallest ASIC implementation of this algorithm reported in the literature. Then, we introduced a cost model for analyzing the hardware cost of lightweight hash implementations. The fourth part of the dissertation discusses SCA attacks and fault attacks resistant cryptosystem designs. We complete a comprehensive survey of state-of-the-art of secure ECC implementations and propose a methodology on selecting countermeasures to thwart multiple side-channel attacks and fault attacks. We focus on a systematic way of organizing and understanding known attacks and countermeasures. / Ph. D.

Block Cipher

Side-Channel Attacks

SHA-3

Hash Function

System-on-Chip

Cryptographic Coprocessor

Elliptic Curve Cryptography

Fault Attacks