Algebraicko-diferenční analýza Keccaku / Algebraic-differential analysis of Keccak

Seidlová, Monika

January 2016

In this thesis, we analyze the cryptographic sponge function family Keccak - the winner of the SHA-3 Cryptographic Hash Standard competition. Firstly, we explore how higher order differentials can be used to forge a tag in a parallelizable MAC function. We introduce new terms and theory studying what affine spaces remain affine after one round of Keccak's underlying permutation Keccak-f. This allows us to improve the forgery. Secondly, collisions in Keccak could be generated from pairs of values, that follow particular differential trails in Keccak-f. We tested finding pairs for a given differential trail in reduced-round Keccak-f using algebraic techniques with the mathematics software SAGE. We found a pair in a 4-round trail in Keccak-f[50] in under 5 minutes and a 3-round trail in Keccak-f[100] in 80 seconds on a regular PC. Powered by TCPDF (www.tcpdf.org)

Combined robust and fragile watermarking algorithms for still images. Design and evaluation of combined blind discrete wavelet transform-based robust watermarking algorithms for copyright protection using mobile phone numbers and fragile watermarking algorithms for content authentication of digital still images using hash functions.

Jassim, Taha D.

January 2014

This thesis deals with copyright protection and content authentication for still images. New blind transform domain block based algorithms using one-level and two-level Discrete Wavelet Transform (DWT) were developed for copyright protection. The mobile number with international code is used as the watermarking data. The robust algorithms used the Low-Low frequency coefficients of the DWT to embed the watermarking information. The watermarking information is embedded in the green channel of the RGB colour image and Y channel of the YCbCr images. The watermarking information is scrambled by using a secret key to increase the security of the algorithms. Due to the small size of the watermarking information comparing to the host image size, the embedding process is repeated several times which resulted in increasing the robustness of the algorithms. Shuffling process is implemented during the multi embedding process in order to avoid spatial correlation between the host image and the watermarking information. The effects of using one-level and two-level of DWT on the robustness and image quality have been studied. The Peak Signal to Noise Ratio (PSNR), the Structural Similarity Index Measure (SSIM) and Normalized Correlation Coefficient (NCC) are used to evaluate the fidelity of the images. Several grey and still colour images are used to test the new robust algorithms. The new algorithms offered better results in the robustness against different attacks such as JPEG compression, scaling, salt and pepper noise, Gaussian noise, filters and other image processing compared to DCT based algorithms. The authenticity of the images were assessed by using a fragile watermarking algorithm by using hash function (MD5) as watermarking information embedded in the spatial domain. The new algorithm showed high sensitivity against any tampering on the watermarked images. The combined fragile and robust watermarking caused minimal distortion to the images. The combined scheme achieved both the copyright protection and content authentication.

Secure and Efficient Implementations of Cryptographic Primitives

Guo, Xu

30 May 2012

Nowadays pervasive computing opens up many new challenges. Personal and sensitive data and computations are distributed over a wide range of computing devices. This presents great challenges in cryptographic system designs: how to protect privacy, authentication, and integrity in this distributed and connected computing world, and how to satisfy the requirements of different platforms, ranging from resource constrained embedded devices to high-end servers. Moreover, once mathematically strong cryptographic algorithms are implemented in either software or hardware, they are known to be vulnerable to various implementation attacks. Although many countermeasures have been proposed, selecting and integrating a set of countermeasures thwarting multiple attacks into a single design is far from trivial. Security, performance and cost need to be considered together. The research presented in this dissertation deals with the secure and efficient implementation of cryptographic primitives. We focus on how to integrate cryptographic coprocessors in an efficient and secure way. The outcome of this research leads to four contributions to hardware security research. First, we propose a programmable and parallel Elliptic Curve Cryptography (ECC) coprocessor architecture. We use a systematic way of analyzing the impact of System-on-Chip (SoC) integration to the cryptographic coprocessor performance and optimize the hardware/software codesign of cryptographic coprocessors. Second, we provide a hardware evaluation methodology to the NIST SHA-3 standardization process. Our research efforts cover both of the SHA-3 fourteen Second Round candidates and five Third Round finalists. We design the first SHA-3 benchmark chip and discuss the technology impact to the SHA-3 hardware evaluation process. Third, we discuss two technology dependent issues in the fair comparison of cryptographic hardware. We provide a systematic approach to do a cross-platform comparison between SHA-3 FPGA and ASIC benchmarking results and propose a methodology for lightweight hash designs. Finally, we provide guidelines to select implementation attack countermeasures in ECC cryptosystem designs. We discuss how to integrate a set of countermeasures to resist a collection of side-channel analysis (SCA) attacks and fault attacks. The first part of the dissertation discusses how system integration can affect the efficiency of the cryptographic primitives. We focus on the SoC integration of cryptographic coprocessors and analyze the system profile in a co-simulation environment and then on an actual FPGA-based SoC platform. We use this system-level design flow to analyze the SoC integration issues of two block ciphers: the existing Advanced Encryption Standard (AES) and a newly proposed lightweight cipher PRESENT. Next, we use hardware/software codesign techniques to design a programmable ECC coprocessor architecture which is highly flexible and scalable for system integration into a SoC architecture. The second part of the dissertation describes our efforts in designing a hardware evaluation methodology applied to the NIST SHA-3 standardization process. Our Application Specific Integrated Circuit (ASIC) implementation results of five SHA-3 finalists are the first ASIC real measurement results reported in the literature. As a contribution to the NIST SHA-3 competition, we provide timely ASIC implementation cost and performance results of the five SHA-3 finalists in the SHA-3 standard final round evaluation process. We define a consistent and comprehensive hardware evaluation methodology to the NIST SHA-3 standardization process from Field Programmable Gate Array (FPGA) prototyping to ASIC implementation. The third part of the dissertation extends the discussion on hardware benchmarking of NIST SHA-3 candidates by analyzing the impact of technology to the fair comparison of cryptographic hardware. First, a cross-platform comparison between the FPGA and ASIC results of SHA-3 designs demonstrates the gap between two sets of benchmarking results. We describe a systematic approach to analyze a SHA-3 hardware benchmark process for both FPGAs and ASICs. Next, by observing the interaction of hash algorithm design, architecture design, and technology mapping, we propose a methodology for lightweight hash implementation and apply it to CubeHash optimizations. Our ultra-lightweight design of the CubeHash algorithm represents the smallest ASIC implementation of this algorithm reported in the literature. Then, we introduced a cost model for analyzing the hardware cost of lightweight hash implementations. The fourth part of the dissertation discusses SCA attacks and fault attacks resistant cryptosystem designs. We complete a comprehensive survey of state-of-the-art of secure ECC implementations and propose a methodology on selecting countermeasures to thwart multiple side-channel attacks and fault attacks. We focus on a systematic way of organizing and understanding known attacks and countermeasures. / Ph. D.

Block Cipher

Side-Channel Attacks

SHA-3

Hash Function

System-on-Chip

Cryptographic Coprocessor

Elliptic Curve Cryptography

Fault Attacks

Analýza návrhu hašovací funkce CubeHash / Analysis of the CubeHash proposal

Stankovianska, Veronika

January 2013

The present thesis analyses the proposal of CubeHash with spe- cial emphasis on the following papers: "Inside the Hypercube" [1], "Sym- metric States and Their Improved Structure" [7] and "Linearisation Frame- work for Collision Attacks" [6]. The CubeHash algorithm is presented in a concise manner together with a proof that the CubeHash round function R : ({0, 1}32 )32 → ({0, 1}32 )32 is a permutation. The results of [1] and [7] con- cerning the CubeHash symmetric states are reviewed, corrected and substan- tiated by proofs. More precisely, working with a definition of D-symmetric state, based on [7], the thesis proves both that for V = Z4 2 and its linear subspace D, there are 22 |V | |D| D-symmetric states and an internal state x is D-symmetric if and only if the state R(x) is D-symmetric. In response to [1], the thesis presents a step-by-step computation of a lower bound for the num- ber of distinct symmetric states, explains why the improved preimage attack does not work as stated and gives a mathematical background for a search for fixed points in R. The thesis further points out that the linearisation method from [6] fails to consider the equation (A ⊕ α) + β = (A + β) ⊕ α (∗), present during the CubeHash iteration phase. Necessary and sufficient conditions for A being a solution to (∗) are...

Nástroj na vizualizaci plagiátů v různých programovacích jazycích / Tool for Visualization of Plagiarism in Several Programming Languages

Bančák, Michal

January 2019

The thesis describes the design and implementation of a plagiarism tool for programming languages C, Python and PHP. It describes techniques that are used to cover a plagiarism. The aim of this work is to create a tool for detection and visualization of plagiarisms covered up using these techniques. The tool performs detection by transforming input projects into an abstract syntactic tree, which is obtained by lexical and syntactic analysis. These trees will be compared by a proposed algorithm that uses node and subtree valuation using the {hash} function. The found parts of the code that could potentially lead to plagiarism are visualized in the form of a subtree of an abstract syntactic tree that represents the parts of the code found by the tool. Further, the work  describes testing of this tool on identified plagiarism techniques and specifies which of them it can eliminate. In its conclusion, the work describes the possible further development of the tool.

Metody ukládání uživatelských hesel v operačních systémech / Password deposition techniques in operating systems

Pavlík, Martin

January 2009

This master thesis deals with ways to store passwords in current operating systems. Specifically, this work focuses on Windows, Linux, BSD and OS X. These systems are examined for ways of hashing passwords and on resistance of resulting hashes against various attacks. First (theoretical) section describes the procedures and algorithms that are needed for user authentication. This part also describes methods of hash storing. At the end of the theoretical part are generally described some possible attacks against hash functions. In second (practical) part is described and tested tools for obtaining hashes of the investigated operating systems. Subsequently practical attacks were conducted against obtained hashes by using appropriate tools. Furthermore there are presented results of the attacks. In the conclusion of the work there is a comparison of tools and methods which were used to obtain plaintext passwords from operating systems.

Evoluční návrh hašovacích funkcí / Evolutionary Design of Hash Functions

Kidoň, Marek

January 2016

Hash tables are fast associative array implementations which became part of modern world of information technology and thanks to its simplicity became very popular among computer programmers. The choice of proper hash function is very important. Improperly selected hash function can result in poor hash table performance and its application. Currently there are many exceptional implementations of general hash functions. Such functions are not constrained to a concrete set of inputs, they perform on any input. On the other hand if we know the input domain we can design a specific hash function for desired application thus reaching better levels of performance compare to a general hash function. However hash function design is not trivial. There are no rules, standards, guides nor automated tools that would help us with such a task. In case of manual design the hash function author has to rely on his/her knowledge, experience, inventiveness and intuition. In case of such complicated tasks there is sometimes advantageous to choose a different path and use techniques such as evolution algorithms. Natural computing is an approach of certain problem solutions that are inspired by the process of species reproduction as defined by Charles Darwin. In this thesis we will design hash functions for the domain of IP addresses, that serve as an unique network device interface identifier in internet protocol networks. The chosen subset of natural computing is the genetic programming, a very specific technique that is an adequate approach to our problem thanks to its properties. Evolutionary designed hash functions offer good properties. They outperform state-of-the-art generic, human-created hash functions in terms of speed and collision resistance.

Urychlení těžby Bitcoinů / Bitcoin Mining Acceleration

Novotný, Jan

January 2014

This master's thesis deals with virtual currency called Bitcoin. It describes the functioning of the currency of technical perspective especially the implementation of the transaction, the way of its validation and ensuring the integrity by using cryptographic functions. Furthermore, it describes the principle of the Bitcoin creation, particularly mining method called pooled mining. The thesis also describes the communication protocols and design of architecture to acceleration of the bitcoin mining. Finally, there are described tests, assessment and proposals for the continuation of work.

Bezpečné kryptografické algoritmy / Safe Cryptography Algorithms

Mahdal, Jakub

January 2008

This thesis brings a reader an overview about historical and modern world of cryptographic methods, as well evaluates actual state of cryptographic algorithm progressions, which are used in applications nowadays. The aim of the work describes common symmetric, asymmetric encryption methods, cryptographic hash functions and as well pseudorandom number generators, authentication protocols and protocols for building VPNs. This document also shows the basics of the successful modern cryptanalysis and reveals algorithms that shouldn't be used and which algorithms are vulnerable. The reader will be also recommended an overview of cryptographic algorithms that are expected to stay safe in the future.

Elektronická podatelna VUT 2 / Electronic Mail Room of the BUT

Beran, Martin

January 2007

This dissertation thesis attends to problems of electronic registry for VUT. It deals with the principal of electronic registry functioning, electronic signature and it compares offer of the commercial registries. It goes in for the proposal and implementation of the electronic registry for VUT. Since the using of the e- registry on all public service Office was legalized the people can avoid long queues and the employees are avoided from the stress before dead lines. By the communication through the electronic registry is very important the electronical signature. It is almost a full-valued and lawful alternative to the physical signature. For its safety and utility this system employes asymmetric codes and hash algorithm. Presently in many states, where the electronical signature is legalized it is used together with standard X 509 which defines the format of certificates, organization and action of certification authorities. The certification autority ensures safe connection of the person and general key for using of the electronical signature.