Secure public-key encryption from factorisation-related problems

Brown, Jaimee

January 2007

Public key encryption plays a vital role in securing sensitive data in practical applications. The security of many encryption schemes relies on mathematical problems related to the difficulty of factoring large integers. In particular, subgroup problems in composite order groups are a general class of problems widely used in the construction of secure public-key encryption schemes. This thesis studies public-key encryption schemes that are provably secure based on the difficulty of subgroup or other integer factorisation related problems in the standard model. Firstly, a number of new public-key encryption schemes are presented which are secure in the sense of indistinguishability against chosen-ciphertext attack in the standard model. These schemes are obtained by instantiating the two previous paradigms for chosen-ciphertext security by Cramer and Shoup, and Kurosawa and Desmedt, with three previously studied subgroup membership problems. The resulting schemes are very efficient, and are comparable if not superior in terms of efficiency when compared to previously presented instantiations. Secondly, a new approach is presented for constructing RSA-related public key encryption schemes secure in the sense of indistinguishability against chosenciphertext attack without random oracles. This new approach requires a new set of assumptions, called the Oracle RSA-type assumptions. The motivating observation is that RSA-based encryption schemes can be viewed as tag-based encryption schemes, and as a result can be used as a building block in a previous technique for obtaining chosen-ciphertext security. Two example encryption schemes are additionally presented, each of which is of comparable efficiency to other public key schemes of similar security. Finally, the notion of self-escrowed public-key infrastructures is revisited, and a security model is defined for self-escrowed encryption schemes. The security definitions proposed consider adversarial models which reflect an attacker's ability to recover private keys corresponding to public keys of the attacker's choice. General constructions for secure self-escrowed versions of ElGamal, RSA, Cramer-Shoup and Kurosawa-Desmedt encryption schemes are also presented, and efficient instantiations are provided. In particular, one instantiation solves the 'key doubling problem' observed in all previous self-escrowed encryption schemes. Also, for another instantiation a mechanism is described for distributing key recovery amongst a number of authorities.

public key encryption

subgroup membership problems

provable security

chosenciphertext security

Cramer-Shoup

RSA

self-escrowed encryption

key recovery

Design exploration of application specific instruction set cryptographic processors for resources constrained systems / Μελέτη και υλοποίηση επεξεργαστών ειδικού σκοπού (ASIP) για κρυπτογραφικές εφαρμογές σε συστήματα περιορισμένων πόρων

Τσεκούρα, Ιωάννα

01 November 2010

The battery driven nature of wireless sensor networks, combined with the need of extended lifetime mandates that energy efficiency is a metric with high priority. In the current thesis we explore and compare the energy dissipation of di fferent processor architectures and how it is associated with performance and area requirements. The processor architectures are di erentiated based on the datapath length (16-bit, 32-bit, 64-bit and 128-bit) and the corresponding size of the data memories. Our study focuses on AES algorithm, and the indicated processor architectures support AES forward encryption, CCM (32/64/128), CBC (32/64/128) and CTR common modes of operation. In each processor architecture the instruction set is extended to increase the efficiency of the system. / -

Wireless sensor networks (WSN)

ASIP

ASIC

Advanced Encryption Standard (AES)

Encryption

621.399

Κρυπτογράφηση

Σχεδιασμός και υλοποίηση μηχανισμού πολλαπλών συναρτήσεων κατακερματισμού (Sha-256, Sha-512 και Multi-mode)

Μάλτη, Παναγιώτα

09 January 2012

Στην παρούσα διπλωματική εργασία θα μελετήσουμε τις διαδικασίες της κρυπτογράφησης και της αποκρυπτογράφησης. Θα αναφερθούμε στους λόγους που τις έκαναν δημοφιλείς σε πολλά πεδία εφαρμογής (μαθηματικά, εμπόριο, στρατός κ.α). Ιδιαίτερη αναφορά θα γίνει στους κρυπτογραφικούς αλγορίθμους SHA-256 και SHA-512. Θα μελετήσουμε τη δομή τους και τον τρόπο λειτουργίας τους. Στη συνέχεια θα μελετήσουμε πως μπορούμε σε ένα κύκλωμα να συνδυάσουμε τόσο τη λειτουργία του αλγορίθμου SHA-256, όσο και του SHA-512. Το καινούργιο αυτό κύκλωμα καλείται multi-mode. Τέλος, θα χρησιμοποιήσουμε το Modelsim για την εξομοίωση των αλγορίθμων και το εργαλείο Xilinx ISE θα βοηθήσει στη σύνθεσή τόσο των μεμονωμένων αλγορίθμων, όσο και του multi-mode κυκλώματος. / In this diploma thesis, we will study the process of encryption and decryption. We will refer to the reasons why these processes are so popular in many fields (mathematics, trade, army, etc). A special reference will be made in the cryptographic algorithms SHA-256 and SHA-512. We will study their structure and function. Furthermore, we will discuss the two above mentioned algorithms can be operated in the same circuit. This is called multi-mode. Finally, we will use Modelsim in order to compile our algorithms and Xilinx ISE for the synthesis not only for the stand-alone algorithms, but for the multi-mode circuit, as well.

Κρυπτογραφία

005.82

Encryption

Encryption algorithms

Multi-mode

Hash functions

SHA-256

SHA-512

Estudo e implementação de ip-cores para Criptografia simétrica baseada no Advanced encryption standard (AES)

Ramos Neto, Otacílio de Araújo

31 January 2013

Made available in DSpace on 2015-05-14T12:36:39Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 1849104 bytes, checksum: 222c0377ddf502eb4a6c7fd2f658bdb1 (MD5) Previous issue date: 2013-01-31 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / This work addresses data encryption using Rijndael symmetric key encryption algorithm , which is used in Advanced Encryption Standard - AES. AES has massively widespread in computing, communications, and broadcast media applications, due to its robustness. By intensively using of all flavors and sizes of devices and networks, the AES has become the standard at the time of implementation and deployment of these applications when the major requirement, in addition to performance, is security, i.e. virtually all of those applications nowadays. In systems equipped with modern processors, even those on small devices, it is common to find some that perform the encryption and decryption procedures in software. With the "explosive" spread of addition of security layers in almost everything that is processed inside and outside of the devices, even on systems equipped with powerful computing resources, the possibility of performing these layers on (small) additional hardware resources, developed with specific purpose, has become attractive. This dissertation presents a study of the theoretical foundations involving AES, some architectures and implementations based on it and documented in the recent technical and scientific literature, as well as the methodologies and requirements for the development of its hardware implementation, in particular, focusing on mobile systems, where performance has to be achieved in low power consumption and small area scenarios. Reference models have been developed and functionally validated in high-level languages for each hierarchical architectural level compiled from the mentioned study. As a proof of concept, this work consisted in undertaking a project of an intellectual property of digital integrated circuit core (IP core) for the encryption/decryption procedures of AES, starting from the pseudocode level of the algorithms and going to the level of a digital integrated circuit core. Among the solutions studied from recent literature, modules and operations that could be replicated and/or reused were identified. A microarchitecture for the full AES was implemented hierarchically to the core level with standard cells placed and routed. The work also offers three implementation options for the block identified as the most complex: the S-Box. Results of performance and area were then presented and compared with those of literature. / Este trabalho aborda a criptografia de dados com chave simétrica com uso do algoritmo de criptografia Rijndael, que é utilizado no Advanced Encryption Standard - AES. Devido a sua robustez, tem se tornado massivamente difundido em aplicações computacionais, comunicação e de difusão de media. Abrangendo todos os tamanhos e sabores de dispositivos de rede, o AES tem sido o padrão na hora da implementação e disponibilização dessas aplicações quando o requisito principal, além do desempenho, é a segurança, ou seja, praticamente todas as aplicações digitais nos dias de hoje. Em sistemas de processamento dotados dos modernos processadores, mesmo os de pequeno porte, é comum encontrar sistemas que executam os procedimentos de criptografia e decriptografia em software. Com a proliferação "explosiva" da adição de camadas de segurança em quase tudo que é processado dentro e fora dos dispositivos, mesmo em sistemas dotados de poderosos recursos computacionais, tem se tornado atrativa a possibilidade de executar essas camadas em (pequenos) recursos adicionais de hardware, desenvolvidos com finalidade específica. Nesta dissertação, foram estudados os fundamentos teóricos, envolvendo o AES, arquiteturas e implementações documentadas na literatura técnica e científica recente, bem como as metodologias e requisitos específicos para fins de desenvolvimento de sua implementação em hardware, focando, em especial, os sistemas móveis, onde desempenho tem que ser conseguido com baixo consumo de energia e pouca área. Foram desenvolvidos e validados funcionalmente modelos de referência em linguagem de alto nível para cada nível de hierarquia arquitetural compilado do referido estudo. Como prova de conceito, este trabalho consistiu em realizar o projeto de uma propriedade intelectual de núcleo de circuito integrado IP-core, digital para realização dos procedimentos de criptografia/decriptografia do AES, partindo do nível do pseudocódigo dos algoritmos até o nível de um núcleo (core) de circuito integrado digital. Das soluções estudadas na literatura recente, foram identificados módulos e operações passíveis de serem replicadas/reusadas. Uma microarquitetura para o AES completo foi implementada hierarquicamente até o nível de núcleo com standard cells posicionado e roteado, contemplando ainda 3 opções de implementação para o bloco reconhecidamente o mais complexo: o S-Box. Resultados de desempenho e área foram apresentados e comparados.

Advanced Encryption Standard - AES

Criptografia simétrica

Circuito integrado

S-Box

Symmetric encryption

Integrated circuit

Alternative Polynomials for Rijndael : Diffusion Analysis

Noroozi, Hamid

January 2014

The Rijndael cryptosystem uses a particular polynomial to create its constants. All calculations within the encryption and decryption layers are based on this polynomial. This arouse the curiosity to see what happens if the polynomial is substituted by other polynomials. This paper’s main area of study is to investigate the consequences of using different polynomials to construct the Rijndael cryptosystem. To do so, as a phase of this study, a Mathematica package has been created to ease the investigations. As the second phase, using the aforementioned package, some kind of diffusion analysis has been done on the newly constructed Rijndael-like cryptosystems. The fundamental challenge was to figure out the reason of having the particular polynomial chosen. By the end of the experiment, we concluded that choosing other polynomials with the same characteristics as an ingredient of the Rijndael algorithm, does not have any perceptible effects on the diffusion level.

Rijndael

Advanced Encryption Standard

Symmetric key Encryption

Diffusion Analysis

Mathematica

Irreducible Polynomial

Computer Sciences

Datavetenskap (datalogi)

Mathematics

Matematik

Ochrana soukromí v cloudu / Privacy protection in cloud

Chernikau, Ivan

Unknown Date

In the Master’s thesis were described privacy protection problems while using cloud technologies. Some of the problems can be solved with help of homomorphic encryption, data splitting or searchable encryption. These techniques were described and compared by provided security, privacy protection and efficiency. The data splitting technique was chosen and implemented in the C language. Afterwards a performance of the implemented solution was compared to AES encryption/decryption performance. An application for secured data storing in cloud was designed and implemented. This application is using the implemented data splitting technique and third-party application CloudCross. The designed application provides command line interface (CLI) and graphical user interface (GUI). GUI extends the capabilities of CLI with an ability to register cloud and with an autodetection of registered clouds. The process of uploading/downloading the data to/from cloud storage is transparent and it does not overload the user with technical details of used data splitting technique.

Transparentní šifrování pro koncová zařízení / Transparent Encryption Solution for Endpoint Devices

Pořízek, David

January 2019

Cílem této práce je návrh a implementace řešení transparentního šifrování pro platformu Microsoft Windows. Řešení by mělo být propojitelné s produktem prevence proti úniku dat (DLP) a rozšiřovat jej. K implementaci byl využit framework Microsoft File System Minifilter Driver, s jehož pomocí je možné sledovat a upravovat přístup k jednotlivým souborům na externích zařízeních nebo discích za běhu systému. Soubory jsou zabezpečeny na pozadí tak, aby uživatel nebyl neovlivněn při práci. Ovladač zajišťuje, že uživatel vždy pracuje s rozšifrovanými daty. Dále bude také vyvinuta externí aplikace, která umožňuje uživateli přistoupit k zašifrovaným datům, aniž by musel být v síti, kde DLP produkt běží.

Ochrana soukromí v cloudu / Privacy protection in cloud

Chernikau, Ivan

January 2019

In the Master’s thesis were described privacy protection problems while using cloud technologies. Some of the problems can be solved with help of homomorphic encryption, data splitting or searchable encryption. These techniques were described and compared by provided security, privacy protection and efficiency. The data splitting technique was chosen and implemented in the C language. Afterwards a performance of the implemented solution was compared to AES encryption/decryption performance. An application for secured data storing in cloud was designed and implemented. This application is using the implemented data splitting technique and third-party application CloudCross. The designed application provides command line interface (CLI) and graphical user interface (GUI). GUI extends the capabilities of CLI with an ability to register cloud and with an autodetection of registered clouds. The process of uploading/downloading the data to/from cloud storage is transparent and it does not overload the user with technical details of used data splitting technique.

Logic Encryption Using Machine Learning

Venkatesh, Shrinidhi

24 May 2022

No description available.

Electrical Engineering

Logic Encryption

Constraint Driven Logic Encryption

Machine Learning

Synthetic benchmark generator

Neural Networks

SAT Resilient Circuits

Integration of Attribute-Based Encryption and IoT: An IoT Security Architecture

Elbanna, Ziyad

January 2023

Services relying on internet of things (IoTs) are increasing day by day. IoT makes use of internet services like network connectivity and computing capability to transform everyday objects into smart things that can interact with users, and the environment to achieve a purpose they are designed for. IoT nodes are memory, and energy constrained devices that acquire information from the surrounding environment, those nodes cannot handle complex data processing and heavy security tasks alone, thus, in most cases a framework is required for processing, storing, and securing data. The framework can be cloud-based, a publish/subscribe broker, or edge computing based. As services relying on IoT are increasing enormously nowadays, data security and privacy are becoming concerns. Security concerns arise from the fact that most IoT data are stored unencrypted on untrusted third-party clouds, which results in many issues like data theft, data manipulation, and unauthorized disclosure. While some of the solutions provide frameworks that store data in encrypted forms, coarse-grained encryption provides less specific access policies to the users accessing data. A more secure control method applies fine-grained access control, and is known as attribute-based encryption (ABE). This research aims to enhance the privacy and the security of the data stored in an IoT middleware named network smart objects (NOS) and extend its functionality by proposing a new IoT security architecture using an efficient ABE scheme known as key-policy attribute-based encryption (KP-ABE) along with an efficient key revocation mechanism based on proxy re-encryption (PRE). Design science research (DSR) was used to facilitate the solution. To establish the knowledge base, a previous case study was reviewed to explicate the problem and the requirements to the artefact were elicited from research documents. The artefact was designed and then demonstrated in a practical experiment by means of Ubuntu operating system (OS). Finally, the artefact’s requirements were evaluated by applying a computer simulation on the Ubuntu OS. The result of the research is a model artefact of an IoT security architecture which is based on ABE. The model prescribes the components and the architectural structure of the IoT system. The IoT system consists of four entities: data producers, data consumers, NOS, and the TA. The model prescribes the new components needed to implement KP-ABE and PRE modules. First, data is transferred from data producers to NOS through secure hypertext transfer protocol (HTTPS), then the data is periodically processed and analyzed to obtain a uniform representation and add useful metadata regarding security, privacy, and data-quality. After that, the data is encrypted by KP-ABE using users’ attributes. PRE takes place when a decryption key is compromised, then the ciphertext is re-encrypted to prevent it’s disclosure. The evaluation results show that the proposed model improved the data retrieval time of the previous middleware by 32% and the re-encryption time by 87%. Finally, the author discusses the limitations of the proposed model and highlights directions for future research.

Internet of things

Attribute based encryption

Fine-grained access control

Key revocation

Proxy re-encryption

Computer Sciences

Datavetenskap (datalogi)