Securetrade: a secure protocol based on transferable E-cash for exchanging cards in P2P trading card games. / Um protocolo de segurança baseado em moeda eletrônica para troca de cartas em jogos de cartas colecionáveisP2P.

Marcos Vinicius Maciel da Silva

02 August 2016

Trading card games (TCG) are distinct from traditional card games mainly because, in the former, the cards are not shared among players in a match. Instead, users play with the cards they own (e.g., that have been purchased or traded with other players), which correspond to a subset of all cards produced by the game provider. Even though most computer-based TCGs rely on a trusted third-party (TTP) for preventing cheating during trades, allowing them to securely do so in the absence of such entity, as in a Peer-to-Peer (P2P) scenario, remains a challenging task. Potential solutions for this challenge can be based on e-cash protocols, but not without adaptations, as those scenarios display different requirements: for example, TCGs should allow users to play with the cards under their possession, not only to be able to pass those cards over as with digital coins. In this work, we present and discuss the security requirements for allowing cards to be traded in TCGs and how they relate to e-cash. We then propose a concrete and efficient TTP-free protocol for trading cards in a privacy-preserving manner. The construction is based on a secure transferable e-cash protocol and on a P-signature scheme converted to the asymmetric pairing setting. According to our experimental results, the proposed protocol is quite efficient for use in practice: an entire deck is stored in less than 5 MB, while it takes a few seconds to be prepared for a match; the verification of the cards, on its turn, takes less time than an usual match, and can be performed in background while the game is played. / Jogos de cartas colecionáveis (TCG, do inglês Trading Card Game) diferem de jogos de cartas tradicionais principalmente porque as cartas não são compartilhadas em uma partida. Especificamente, os jogadores usam suas próprias cartas (obtidas, e.g., por meio de compra ou troca com outros jogadores), as quais correspondem a um subconjunto de todas as cartas criadas pelo produtor do jogo. Embora a maioria dos TCGs digitais atuais dependam de um terceiro confiável (TTP, do ingês Trusted Third-Party) para prevenir trapaças durante trocas, permitir que os jogadores troquem cartas de maneira segura sem tal entidade, como é o caso em um cenário peer-to-peer (P2P), ainda é uma tarefa desafiadora. Possíveis soluções para esse desafio podem ser baseadas em protocolos de moeda eletrônica, mas não sem adaptações decorrentes dos requisitos diferentes de cada cenário: por exemplo, TCGs devem permitir que usuários joguem com as suas cartas, não apenas que passem-nas adiante como ocorre com moedas eletrônicas. Neste trabalho, são apresentados e discutidos os principais requisitos de segurança para trocas de cartas TCGs e como eles se relacionam com moedas eletrônicas. Também é proposto um protocolo eficiente que permite trocas de cartas sem a necessidade de um TTP e com suporte a privacidade. A construção usa como base um protocolo seguro de moeda eletrônica e um protocolo de assinatura-P adaptado para utilizar emparelhamentos assimétricos, mais seguros que os simétricos. De acordo com os experimentos realizados, o protocolo proposto é bastante eficiente para uso na prática: são necessários apenas 5 MB para armazenar um baralho inteiro, enquanto a preparação do mesmo leva apenas alguns segundos; a verificação das cartas, por sua vez, é mais rápida que a duração comum de uma partida e pode ser executada em plano de fundo, durante a própria partida.

Algoritmos

Criptologia

Jogos eletrônicos

Segurança de computadores

Algorithms

Computer security

Cryptology

Electronic games

Modelisation et validation des générateurs aléatoires cryptographiques pour les systèmes embarqués. / Modeling and validation of cryptographic random generators for embedded systems

Layat, Kevin

17 December 2015

L’objet de cette thèse porte sur la modélisation mathématique des générateurs physiques de nombres aléatoires, tout particulièrement dans le contexte des systèmes embarqués. Les axes principaux sont les modèles stochastiques des sources d'entropie, l’établissement de tests statistiques adaptés et l’exploitation des défauts détectés / The purpose of this thesis focuses on the mathematical modeling of physical random number generators, especially in the context of embedded systems. The main axes are the stochastic modeling of entropy sources, the establishment of appropriate statistical tests and the exploitation of detected weaknesses.

Modélisation

RNG

Statistique

Systèmes Embarqués

Cryptologie

Modeling

RNG

Statistics

Embedded Systems

Cryptology

510

Méthodes logicielles formelles pour la sécurité des implémentations de systèmes cryptographiques / Formal sofwtare methods for cryptosystems implementation security

Rauzy, Pablo

13 July 2015

Les implémentations cryptographiques sont vulnérables aux attaques physiques, et ont donc besoin d'en être protégées. Bien sûr, des protections défectueuses sont inutiles. L'utilisation des méthodes formelles permet de développer des systèmes tout en garantissant leur conformité à des spécifications données. Le premier objectif de ma thèse, et son aspect novateur, est de montrer que les méthodes formelles peuvent être utilisées pour prouver non seulement les principes des contre-mesures dans le cadre d'un modèle, mais aussi leurs implémentations, étant donné que c'est là que les vulnérabilités physiques sont exploitées. Mon second objectif est la preuve et l'automatisation des techniques de protection elles-même, car l'écriture manuelle de code est sujette à de nombreuses erreurs, particulièrement lorsqu'il s'agit de code de sécurité. / Implementations of cryptosystems are vulnerable to physical attacks, and thus need to be protected against them. Of course, malfunctioning protections are useless. Formal methods help to develop systems while assessing their conformity to a rigorous specification. The first goal of my thesis, and its innovative aspect, is to show that formal methods can be used to prove not only the principle of the countermeasures according to a model, but also their implementations, as it is where the physical vulnerabilities are exploited. My second goal is the proof and the automation of the protection techniques themselves, because handwritten security code is error-prone.

Cryptologie

Méthodes formelles

Canal auxiliaire

Injections de fautes

Cryptology

Formal methods

Side-channel

Fault injection

Cleartext detection and language identification in ciphers

Gambardella, Maria-Elena

January 2021

In historical cryptology, cleartext represents text written in a known language ina cipher (a hand-written manuscript aiming at hiding the content of a message).Cleartext can give us an historical interpretation and contextualisation of themanuscript and could help researchers in cryptanalysis, but to these days thereis still no research on how to automatically detect cleartext and identifying itslanguage. In this paper, we investigate to what extent we can automaticallydistinguish cleartext from ciphertext in transcribed historical ciphers and towhat extent we are able to identify its language. We took a rule-based approachand run 7 different models using historical language models on ciphertextsprovided by the DECRYPT-Project. Our results show that using unigrams andbigrams on a word-level combined with 3-grams, 4-grams and 5-grams on acharacter-level is the best approach to tackle cleartext detection.

historical cryptology

digital humanities

Cryptography and Computer Communications Security. Extending the Human Security Perimeter through a Web of Trust

Adeka, Muhammad I.

January 2015

This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work. / Petroleum Technology Development Fund (PTDF), Abuja, Nigeria.

The Influence of Language Models on Decryption of German Historical Ciphers

Sikora, Justyna

January 2022

This thesis assesses the influence of language models on decryption of historical German ciphers. Previous research on language identification and cleartext detection indicates that it is beneficial to use historical language models (LM) while dealing with historical ciphers as they can outperform models trained on present-day data. To date, no systematic investigation has considered the impact of choosing different LMs for the decryption of ciphers. Therefore, we conducted a series of experiments with the aim of exploring this assumption. Using historical data from the HistCorp collection and Project Gutenberg, we have created 3-gram, 4-gram and 5-gram models, as well as constructed substitution ciphers for testing of the models. The results show that in most cases language models trained on historical data perform better than the larger modern models, while the most consistent results for the tested ciphers gave the 4-gram models.

historical cryptology

historical language models

historical ciphers

Lyra2: password hashing scheme with improved security against time-memory trade-offs. / LYRA2: um esquema de hash de senhas com maior segurança contra trade-offs entre processamento e memória.

Andrade, Ewerton Rodrigues

07 June 2016

To protect against brute force attacks, modern password-based authentication systems usually employ mechanisms known as Password Hashing Schemes (PHS). Basically, a PHS is a cryptographic algorithm that generates a sequence of pseudorandom bits from a user-defined password, allowing the user to configure the computational costs involved in the process aiming to raise the costs of attackers testing multiple passwords trying to guess the correct one. Traditional schemes such as PBKDF2 and bcrypt, for example, include a configurable parameter that controls the number of iterations performed, allowing the user to adjust the time required by the password hashing process. The more recent scrypt and Lyra algorithms, on the other hand, allow users to control both processing time and memory usage. Despite these advances, there is still considerable interest by the research community in the development of new (and better) alternatives. Indeed, this led to the creation of a competition with this specific purpose, the Password Hashing Competition (PHC). In this context, the goal of this research effort is to propose a superior PHS alternative. Specifically, the objective is to improve the Lyra algorithm, a PHS built upon cryptographic sponges whose project counted with the authors\' participation. The resulting solution, called Lyra2, preserves the security, efficiency and flexibility of Lyra, including: the ability to configure the desired amount of memory and processing time to be used by the algorithm; and (2) the capacity of providing a high memory usage with a processing time similar to that obtained with scrypt. In addition, it brings important improvements when compared to its predecessor: (1) it allows a higher security level against attack venues involving time-memory trade-offs; (2) it includes tweaks for increasing the costs involved in the construction of dedicated hardware to attack the algorithm; (3) it balances resistance against side-channel threats and attacks relying on cheaper (and, hence, slower) storage devices. Besides describing the algorithm\'s design rationale in detail, this work also includes a detailed analysis of its security and performance in different platforms. It is worth mentioning that Lyra2, as hereby described, received a special recognition in the aforementioned PHC competition. / Para proteger-se de ataques de força bruta, sistemas modernos de autenticação baseados em senhas geralmente empregam algum Esquema de Hash de Senhas (Password Hashing Scheme - PHS). Basicamente, um PHS é um algoritmo criptográfico que gera uma sequência de bits pseudo-aleatórios a partir de uma senha provida pelo usuário, permitindo a este último configurar o custo computacional envolvido no processo e, assim, potencialmente elevar os custos de atacantes testando múltiplas senhas em paralelo. Esquemas tradicionais utilizados para esse propósito são o PBKDF2 e bcrypt, por exemplo, que incluem um parâmetro configurável que controla o número de iterações realizadas pelo algoritmo, permitindo ajustar-se o seu tempo total de processamento. Já os algoritmos scrypt e Lyra, mais recentes, permitem que usuários não apenas controlem o tempo de processamento, mas também a quantidade de memória necessária para testar uma senha. Apesar desses avanços, ainda há um interesse considerável da comunidade de pesquisa no desenvolvimento e avaliação de novas (e melhores) alternativas. De fato, tal interesse levou recentemente à criação de uma competição com esta finalidade específica, a Password Hashing Competition (PHC). Neste contexto, o objetivo do presente trabalho é propor uma alternativa superior aos PHS existentes. Especificamente, tem-se como alvo melhorar o algoritmo Lyra, um PHS baseado em esponjas criptográficas cujo projeto contou com a participação dos autores do presente trabalho. O algoritmo resultante, denominado Lyra2, preserva a segurança, eficiência e flexibilidade do Lyra, incluindo a habilidade de configurar do uso de memória e tempo de processamento do algoritmo, e também a capacidade de prover um uso de memória superior ao do scrypt com um tempo de processamento similar. Entretanto, ele traz importantes melhorias quando comparado ao seu predecessor: (1) permite um maior nível de segurança contra estratégias de ataque envolvendo trade-offs entre tempo de processamento e memória; (2) inclui a possibilidade de elevar os custos envolvidos na construção de plataformas de hardware dedicado para ataques contra o algoritmo; (3) e provê um equilíbrio entre resistância contra ataques de canal colateral (\"side-channel\") e ataques que se baseiam no uso de dispositivos de memória mais baratos (e, portanto, mais lentos) do que os utilizados em computadores controlados por usuários legítimos. Além da descrição detalhada do projeto do algoritmo, o presente trabalho inclui também uma análise detalhada de sua segurança e de seu desempenho em diferentes plataformas. Cabe notar que o Lyra2, conforme aqui descrito, recebeu uma menção de reconhecimento especial ao final da competição PHC previamente mencionada.

Algorithms

Algoritmos

Computer security

Criptologia

Cryptology

Esquema de hash de senhas

Methodology and techniques of computing

Metodologia e técnicas de computação

Password hashing scheme

Segurança de computadores

Parametrização e otimização de criptografia de curvas elípticas amigáveis a emparelhamentos. / Parameterization and optmization of pairing-friendly elliptic curves.

Pereira, Geovandro Carlos Crepaldi Firmino

27 April 2011

A tendência para o futuro da tecnologia é a produção de dispositivos eletrônicos e de computação cada vez menores. Em curto e médio prazos, ainda há poucos recursos de memória e processamento neste ambiente. A longo prazo, conforme a Física, a Química e a Microeletrônica se desenvolvem, constata-se significativo aumento na capacidade de tais dispositivos. No intervalo de curto e médio prazos, entre 20 e 50 anos, até que a tecnologia tenha avanços, soluções leves de software se vêem necessárias. No Brasil, o protocolo de assinatura digital RSA é o mais amplamente adotado, sendo obsolescente como padrão. O problema é que os avanços tecnológicos impõem um aumento considerável no tamanho das chaves criptográficas para que se mantenha um nível de segurança adequado, resultando efeitos indesejáveis em tempo de processamento, largura de banda e armazenamento. Como solução imediata, temos a criptografia de curvas elípticas sendo mais adequada para utilização por órgãos públicos e empresas. Dentro do estudo de curvas elípticas, este trabalho contribui especificamente com a introdução de uma nova subfamília das curvas amigáveis a emparelhamento Barreto-Naehrig (BN). A subfamília proposta tem uma descrição computacionalmente simples, tornando-a capaz de oferecer oportunidades de implementação eficiente. A escolha das curvas BN também se baseia no fato de possibilitarem uma larga faixa de níveis práticos de segurança. A partir da subfamília introduzida foram feitas algumas implementações práticas começando com algoritmos mais básicos de operações em corpos de extensão, passando por algoritmos de aritmética elíptica e concluindo com o cálculo da função de emparelhamento. A combinação da nova subfamília BN com a adoção de técnicas de otimização, cuidadosamente escolhidas, permitiu a mais eficiente implementação do emparelhamento Ate ótimo, operação bastante útil em aplicações criptográficas práticas. / The trend for the future consists of steadfast shrinking of electrical and computing devices. In the short to medium term, one will still find constrained storage and processing resources in that environment. In the long run, as Physics, Chemistry and Microelectronics progress, the capabilities of such devices are likely to increase. In 20 to 50 years from now, until technology has firm advances, lightweight software solutions will be needed. In Brazil, the most widely adopted signature protocol, the RSA scheme, is obsolescent as a standard. The problem is that technological advances impose a considerable increase in cryptographic key sizes in order to maintain a suitable security level, bringing about undesirable effects in processing time, bandwidth occupation and storage requirements. As an immediate solution, we have the Elliptic Curve Cryptography which is more suitable for utilization in public agencies and industry. In the field of elliptic curves, this work contributes specifically with the introduction of a new subfamily of the pairing-friendly Barreto-Naehrig (BN) curves. The proposed subfamily has a computationally simple description, and makes it able to offer opportunities for efficient implementation. The choice of the BN curves is also based on the fact that they allow a range of practical security levels. Furthermore, there were made practical implementations from the introduced subfamily, like the most basic extension fields algorithms, elliptic curve arithmetic and pairing computation. The adoption of the new BN subfamily with carefully chosen optimization techniques allowed the most efficient implementation of the optimal Ate pairing, which is a very useful operation in many practical cryptographic applications.

Algebraic curves

Algorithms

Algoritmos

Bilinear pairings

Corpos finitos

Criptologia

Cryptology

Curvas algébricas

Emparelhamentos bilineares

Finite fields

Network security

Segurança de redes

Testabilité versus Sécurité : Nouvelles attaques par chaîne de scan & contremesures / Testability versus Security : New scan-based attacks & countermeasures

Joaquim da Rolt, Jean

14 December 2012

Dans cette thèse, nous analysons les vulnérabilités introduites par les infrastructures de test, comme les chaines de scan, utilisées dans les circuits intégrés digitaux dédiés à la cryptographie sur la sécurité d'un système. Nous développons de nouvelles attaques utilisant ces infrastructures et proposons des contre-mesures efficaces. L'insertion des chaînes de scan est la technique la plus utilisée pour assurer la testabilité des circuits numériques car elle permet d'obtenir d'excellents taux de couverture de fautes. Toutefois, pour les circuits intégrés à vocation cryptographique, les chaînes de scan peuvent être utilisées comme une porte dérobée pour accéder à des données secrètes, devenant ainsi une menace pour la sécurité de ces données. Nous commençons par décrire une série de nouvelles attaques qui exploitent les fuites d'informations sur des structures avancées de conception en vue du test telles que le compacteur de réponses, le masquage de valeur inconnues ou le scan partiel, par exemple. Au travers des attaques que nous proposons, nous montrons que ces structures ne protégent en rien les circuits à l'inverse de ce que certains travaux antérieurs ont prétendu. En ce qui concerne les contre-mesures, nous proposons trois nouvelles solutions. La première consiste à déplacer la comparaison entre réponses aux stimuli de test et réponses attenduesde l'équipement de test automatique vers le circuit lui-même. Cette solution entraine un surcoût de silicium négligeable, n'aucun impact sur la couverture de fautes. La deuxième contre-mesure viseà protéger le circuit contre tout accès non autorisé, par exemple au mode test du circuit, et d'assurer l'authentification du circuit. A cet effet, l'authentification mutuelle utilisant le protocole de Schnorr basé sur les courbes elliptiques est mis en oeuvre. Enfin, nous montronsque les contre-mesures algorithmiques agissant contre l'analyse différentielle peuvent être également utilisées pour se prémunir contre les attaques par chaine de scan. Parmi celles-ci on citera en particulier le masquage de point et le masquage de scalaire. / In this thesis, we firstly analyze the vulnerabilities induced by test infrastructures onto embedded secrecy in digital integrated circuits dedicated to cryptography. Then we propose new scan-based attacks and effective countermeasures. Scan chains insertion is the most used technique to ensure the testability of digital cores, providing high-fault coverage. However, for ICs dealing with secret information, scan chains can be used as back doors for accessing secret data, thus becominga threat to device's security. We start by describing a series of new attacks that exploit information leakage out of advanced Design-for-Testability structures such as response compaction, X-Masking and partial scan. Conversely to some previous works that proposed that these structures are immune to scan-based attacks, we show that our new attacks can reveal secret information that is embedded inside the chip boundaries. Regarding the countermeasures, we propose three new solutions. The first one moves the comparison between test responses and expected responses from the AutomaticTest Equipment to the chip. This solution has a negligible area overhead, no effect on fault coverage. The second countermeasure aims to protect the circuit against unauthorized access, for instance to the test mode, and also ensure the authentication of the circuit. For thatpurpose, mutual-authentication using Schnorr protocol on Elliptic Curves is implemented. As the last countermeasure, we propose that Differential Analysis Attacks algorithm-level countermeasures, suchas point-blinding and scalar-blinding can be reused to protect the circuit against scan-based attacks.

Circuits intégrés

Conception en vue du test

Cryptologie

Sécurité et attaques

Test intégré

Integrated circuits

Design for testability

Cryptology

Bist

Security & attacks

Cryptanalyse de chiffrements par blocs avec la méthode des variances / Secret-key cryptanalysis based on the variance method.

Marriere, Nicolas

20 December 2017

La première partie de la thèse porte sur l'utilisation de la méthode des variances dans le cadre des attaques différentielles sur des schémas de Feistel généralisés. Cette méthode permet d'améliorer des attaques sur deux points : la complexité en données ou le nombre de tours couvert par l'attaque.Afin d'atteindre ce but, un outil a été développé permettant de calculer la valeur exacte de l'espérance et de la variance et nous nous servons alors de cette précision pour améliorer les attaques.La seconde partie porte sur une famille de schémas de chiffrement : les EGFN.Nous avons utilisé la méthode des variances et notre outil afin de construire des attaques différentielles. Des simulations ont été effectuées afin de confirmer les résultats.Dans la dernière partie, nous nous intéressons à LILLIPUT, un système de chiffrement concret issu des EGFN. Nous avons effectué une analyse différentielle et monté des attaques avec une structure spécifique.Ces attaques sont trouvées par un programme cherchant des attaques automatiquement. Nous avons notamment mis en avant la possibilité d'études sur les attaques différentielles improbables. / The first part of the thesis is the cryptanalysis of generalized Feistel networks with the use of the variance method.This method allows to improve existing attacks by two ways: data complexity or the number of rounds. In order to do that, we have developed a tool which computes the right values of expectations and variances.It provides a better analysis of the attacks.In the second part, we have studied the EGFN a new family of generalized Feistel networks. We have used the variance method and our tool in order to build some differential attacks. Simulations were made to confirm the theoritical study.In the last part, we have studied LILLIPUT, a concret cipher based on the EGFN.We have provided a differential analysis and build differential attacks which have unusual conditions. These attacks were found empirically by a tool that automatically look for differential attacks. In particular, we have highlighted some improbable differential attacks.

Cryptologie symétrique

Cryptanalyse différentielle

Symmetric-Key cryptology

Differential cryptanalysis

Generic attacks on Feistel type schemes