Spelling suggestions: "subject:"has functions""
31 |
Stavové zpracování síťových toků / Stateful Processing of Network FlowsKošek, Martin Unknown Date (has links)
Modern network traffic processing became a challenging task as there are increasing demands on network security devices. Packet-level processing is not sufficient for advanced network traffic analysis and it is necessary to design processing over entire network flows. Stateful processing in software does not offer enough performance for high-speed networks over 10 Gbps and therefore acceleration in hardware should be utilized. Currently there exists no universal platform for stateful processing in hardware and this task has to be implemented individually. Utilization of such platform significantly speed-up development of stateful network applications. This master thesis analyzes all aspects of stateful network processing platform design. Component based architecture increases platform flexibility and ability to optimize for chosen network applications.
|
32 |
BitCoin peněženka pro platformu Windows Phone / BitCoin Wallet for Windows Phone PlatformProkop, Tomáš Unknown Date (has links)
Master's thesis deals with description of a new trading system known as BitCoin. Bitcoin is a unique type of virtual cash in the current world without the influence of large corporations. The system is protected through the use of cryptographic methods that are discussed in detail. The work explains the principles of integrity of transactions exchange transactions and the acquisition of new money through so-called miners. Individual miners services are mediated through software clients including a description of mining. The paper focuses on protocols for communication. It analyzes the different types of software purses for platforms Windows, Linux and Android. Examining reengineering of purses for Android. This document in no small part discusses the implementation own wallets for the Windows Phone platform 8th.
|
33 |
On iteration-based security flaws in modern hash functionsKortelainen, T. (Tuomas) 28 November 2014 (has links)
Abstract
The design principles proposed independently by both Ralph Merkle and Ivan Damgård in 1989 are applied widely in hash functions that are used in practice. The construction reads the message in one message block at a time and applies iteratively a compression function that, given a single message block and a hash value, outputs a new hash value.
This iterative structure has some security weaknesses. It is vulnerable, for instance, to Joux's multicollision attack, herding attack that uses diamond structures and Trojan message attack.
Our principal research topic comprises the deficiencies in hash function security induced by the Merkle-Damgård construction. In this work, we present a variant of Joux's multicollision attack. We also develop a new, time-saving algorithm for creating diamond structures. Moreover, two new efficient versions of Trojan message attack are introduced.
The main contribution of the thesis is the analysis of generalized iterated hash functions. We study the combinatorial properties of words from a new perspective and develop results that are applied to give a new upper bound for the complexity of multicollision attacks against the so called q-bounded generalized iterated hash functions. / Tiivistelmä
Vuonna 1989 Ralph Merkle ja Ivan Damgård ehdottivat toisistaan riippumatta hash-funktioille suunnitteluperiaatteita, joita käytetään tänä päivänä laajasti. Niin kutsuttu Merkle-Damgård -rakenne lukee viestin sisään viestiblokki kerrallaan ja käyttää tiivistefunktiota, joka liittää hash-arvoon ja viestiblokkiin uuden hash-arvon.
Tällä iteratiivisella rakenteella on joitakin turvallisuusheikkouksia. Se on haavoittuva esimerkiksi Joux’n monitörmäyshyökkäykselle, timanttirakenteita hyödyntävälle paimennushyökkäykselle ja Troijan viesti -hyökkäykselle.
Väitöskirjan pääasiallinen tutkimusaihe on Merkle-Damgård -rakenteen aiheuttamat puutteet tietoturvassa. Tässä työssä esitetään uusi versio Joux’n monitörmäyshyökkäyksestä, luodaan uusi aikaa säästävä algoritmi timanttirakenteiden kehittämiseksi ja kaksi uutta tehokasta versiota Troijan viesti -hyökkäyksestä.
Väitöskirjan tärkein kontribuutio on yleistettyjen iteratiivisten hash-funktioiden turvallisuuden analysointi. Sanojen kombinatorisia ominaisuuksia tutkitaan uudesta näkökulmasta, jonka pohjalta kehitettyjä tuloksia soveltamalla luodaan uusi yläraja niin kutsuttujen q-rajoitettujen yleisten iteratiivisten hash-funktioiden monitörmäyshyökkäysten kompleksisuudelle.
|
34 |
Autentizace s využitím lehké kryptografie / Authentication Using Lightweight CryptographyČlupek, Vlastimil January 2017 (has links)
The dissertation thesis deals with cryptographic protocols for secure authentication of communicating parties, which are intended primarily for low-cost devices used in Internet of Things. Low-cost devices represent computationally, memory and power constrained devices. The thesis focuses mainly on the possibilities of using mathematically undemanding cryptographic resorces for ensuring integrity of transmitted dat, authenticity of and secured transmission of data on low-cost devices. The main goals of the thesis focus on the design of new advanced cryptographic protocols for ensuring integrity of transmitted data, authenticity, confidentiality of transmitted data between low-cost devices and authenticity with non-repudiation of done events. The thesis describes proposal of three authentication protocols, one unilateral authentication protocol and two mutual authentication protocols. The thesis also describes proposals of two protocols for secured transmission of data between two devices, one protocol without a proof of receipt data and one protocol with proof of receipt data. In this thesis is also performed a security analysis and a discussion to proposed protocols.
|
35 |
Methodologies for deriving hardware architectures and VLSI implementations for cryptographic embedded systems / Ανάπτυξη μεθοδολογιών εύρεσης αρχιτεκτονικών υλικού και VLSI υλοποιήσεις για ενσωματωμένα συστήματα κρυπτογραφίαςΑθανασίου, Γεώργιος 16 May 2014 (has links)
The 21st century is considered as the era of mass communication and electronic information
exchange. There is a dramatic increase in electronic communications and e-transactions worldwide.
However, this advancement results in the appearance of many security issues, especially when the
exchanged information is sensitive and/or confidential. A significant aspect of security is
authentication, which in most of the cases is provided through a cryptographic hash function.
As happens for the majority of security primitives, software design and implementation of hash
functions is becoming more prevalent today. However, hardware is the embodiment of choice for
military and safety-critical commercial applications due to the physical protection and increased
performance that they offer. Hence, similarly to general hardware designs, regarding cryptographic
hash function ones, three crucial issues, among others, arise: performance, reliability, and flexibility.
In this PhD dissertation, hardware solutions regarding cryptographic hash functions, addressing
the aforementionted three crucial issues are proposed. Specifically, a design methodology for
developing high-throughput and area-efficient sole hardware architectures of the most widely-used
cryptographic hash families, i.e. the SHA-1 and SHA-2, is proposed. This methodology incorporates
several algorithmic-, system-, and circuit-level techniques in an efficient, recursive way, exploiting the
changes in the design’s graph dependencies that are resulted by a technique’s application.
Additionally, high-throughput and area-efficient hardware designs for the above families as well as
new ones (e.g. JH and Skein), are also proposed. These architectures outperform significantly all the
similar ones existing in the literature.
Furthermore, a design methodology for developing Totally Self-Checking (TSC) architectures of the
most widely-used cryptographic hash families, namely the SHA-1 and SHA-2 ones is proposed for the
first time. As any RTL architecture for the above hash families is composed by similar functional
blocks, the proposed methodology is general and can be applied to any RTL architecture of the SHA-1
and SHA-2 families. Based on the above methodology, TSC architectures of the two representatice
hash functions, i.e. SHA-1 and SHA-256, are provided, which are significantlty more efficient in terms
of Throughput/Area, Area, and Power than the corresponding ones that are derived using only
hardware redundancy.
Moreover, a design methodology for developing hardware architectures that realize more than
one cryptographic hash function (mutli-mode architectures) with reasonable throughput and area
penalty is proposed. Due to the fact that any architecture for the above hash families is composed by
similar functional blocks, the proposed methodology can be applied to any RTL architecture of the
SHA-1 and SHA-2 families. The flow exploits specific features appeared in SHA-1 and SHA-2 families
and for that reason it is tailored to produce optimized multi-mode architectures for them. Based on
the above methodology, two multi-mode architectures, namely a SHA256/512 and a SHA1/256/512,
are introduced. They achieve high throughput rates, outperforming all the existing similar ones in
terms of throughput/area cost factor. At the same time, they are area-efficient. Specifically, they
occupy less area compared to the corresponding architectures that are derived by simply designing
the sole hash cores together and feeding them to a commercial FPGA synthesis/P&R/mapping tool.
Finally, the extracted knowledge from the above research activities was exploited in three
additional works that deal with: (a) a data locality methodology for matrix–matrix multiplication, (b) a
methodology for Speeding-Up Fast Fourier Transform focusing on memory architecture utilization,
and (c) a near-optimal microprocessor & accelerators co-design with latency & throughput constraints. / Ο 21ος αιώνας θεωρείται η εποχή της μαζικής επικοινωνίας και της ηλεκτρονικής πληροφορίας.
Υπάρχει μία δραματική αύξηση των τηλεπικοινωνιών και των ηλεκτρονικών συναλλαγών σε όλο τον
κόσμο. Αυτές οι ηλεκτρονικές επικοινωνίες και συναλλαγές ποικίλουν από αποστολή και λήψη
πακέτων δεδομένων μέσω του Διαδικτύου ή αποθήκευση πολυμεσικών δεδομένων, έως και κρίσιμες
οικονομικές ή/και στρατιωτικές υπηρεσίες. Όμως, αυτή η εξέλιξη αναδεικνύει την ανάγκη για
περισσότερη ασφάλεια, ιδιαίτερα στις περιπτώσεις όπου οι πληροφορίες που ανταλλάσονται
αφορούν ευαίσθητα ή/και εμπιστευτικά δεδομένα. Σε αυτές τις περιπτώσεις, η ασφάλεια θεωρείται
αναπόσπαστο χαρακτηριστικό των εμπλεκομένων εφαρμογών και συστημάτων. Οι συναρτήσεις κατακερματισμού παίζουν έναν
πολύ σημαντικό ρόλο στον τομέα της ασφάλειας και, όπως συμβαίνει στην πλειοψηφία των βασικών
αλγορίθμων ασφαλείας, οι υλοποιήσεις σε λογισμικό (software) επικρατούν στις μέρες μας. Παρόλα
αυτά, οι υλοποιήσεις σε υλικό (hardware) είναι η κύρια επιλογή οσον αφορά στρατιωτικές
εφαρμογές και εμπορικές εφαρμογές κρίσιμης ασφάλειας. Η NSA, για παράδειγμα, εξουσιοδοτεί
μόνο υλοποιήσεις σε υλικό. Αυτό γιατί οι υλοποιήσεις σε υλικό είναι πολύ γρηγορότερες από τις
αντίστοιχες σε λογισμικό, ενώ προσφέρουν και υψηλά επίπεδα «φυσικής» ασφάλειας λόγω
κατασκευής. Έτσι, όσον αφορά τις κρυπτογραφικές συναρτήσεις κατακερματισμού, όπως ίσχυει
γενικά στις υλοποιήσεις υλικού, ανακύπτουν τρία (ανάμεσα σε άλλα) κύρια θέματα: Επιδόσεις,
Αξιοπιστία, Ευελιξία. Σκοπός της παρούσας διατριβής είναι να παράσχει λύσεις υλοποίησης σε υλικό για
κρυπτογραφικές συναρτήσεις κατακερματισμού, στοχεύοντας στα τρία κύρια ζητήματα που
αφορούν υλοποιήσεις σε υλικό, τα οποία και προαναφέρθηκαν (Επιδόσεις, Αξιοπιστία, Ευελιξία).
Συγκεκριμένα, προτείνονται μεθοδολογίες σχεδιασμού αρχιτεκτονικών υλικού (καθώς και οι
αρχιτεκτονικές αυτές καθαυτές) για τις οικογένειες SHA-1 και SHA-2 οι οποίες επιτυγχάνουν υψηλή
ρυθμαπόδοση με λογική αύξηση της επιφάνειας ολοκλήρωσης. Επίσης, προτείνονται αρχιτεκτονικές
οι οποίες επιτυγχάνουν υψηλή ρυθμαπόδοση με λογική αύξηση της επιφάνειας ολοκλήρωσης για
νέες κρυπτογραφικές συναρτήσεις, δηλαδή για τις JH και Skein. Ακόμα, προτείνονται μεθοδολογίες
σχεδιασμού αρχιτεκτονικών υλικού (καθώς και οι αρχιτεκτονικές αυτές καθαυτές) για τις οικογένειες
SHA-1 και SHA-2 οι οποίες έχουν τη δυνατότητα να ανιχνέυουν πιθανά λάθη κατά τη λειτουργία τους
ενώ επιτυγχάνουν υψηλή ρυθμαπόδοση με λογική αύξηση της επιφάνειας ολοκλήρωσης. Τέλος,
προτείνονται μεθοδολογίες σχεδιασμού πολύ-τροπων αρχιτεκτονικών υλικού (καθώς και οι
αρχιτεκτονικές αυτές καθ’αυτές) για τις οικογένειες SHA-1 και SHA-2 οι οποίες έχουν τη δυνατότητα
να υποστηρίξουν παραπάνω από μία συνάρτηση ενώ επιτυγχάνουν υψηλή ρυθμαπόδοση με λογική
αύξηση της επιφάνειας ολοκλήρωσης.
|
36 |
Fault Tolerant Cryptographic Primitives for Space ApplicationsJuliato, Marcio January 2011 (has links)
Spacecrafts are extensively used by public and private sectors to support a variety of services. Considering the cost and the strategic importance of these spacecrafts, there has been an increasing demand to utilize strong cryptographic primitives to assure their security. Moreover, it is of utmost importance to consider fault tolerance in their designs due to the harsh environment found in space, while keeping low area and power consumption. The problem of recovering spacecrafts from failures or attacks, and bringing them back to an operational and safe state is crucial for reliability. Despite the recent interest in incorporating on-board security, there is limited research in this area. This research proposes a trusted hardware module approach for recovering the spacecrafts subsystems and their cryptographic capabilities after an attack or a major failure has happened. The proposed fault tolerant trusted modules are capable of performing platform restoration as well as recovering the cryptographic capabilities of the spacecraft. This research also proposes efficient fault tolerant architectures for the secure hash (SHA-2) and message authentication code (HMAC) algorithms. The proposed architectures are the first in the literature to detect and correct errors by using Hamming codes to protect the main registers. Furthermore, a quantitative analysis of the probability of failure of the proposed fault tolerance mechanisms is introduced. Based upon an extensive set of experimental results along with probability of failure analysis, it was possible to show that the proposed fault tolerant scheme based on information redundancy leads to a better implementation and provides better SEU resistance than the traditional Triple Modular Redundancy (TMR). The fault tolerant cryptographic primitives introduced in this research are of crucial importance for the implementation of on-board security in spacecrafts.
|
37 |
Fault Tolerant Cryptographic Primitives for Space ApplicationsJuliato, Marcio January 2011 (has links)
Spacecrafts are extensively used by public and private sectors to support a variety of services. Considering the cost and the strategic importance of these spacecrafts, there has been an increasing demand to utilize strong cryptographic primitives to assure their security. Moreover, it is of utmost importance to consider fault tolerance in their designs due to the harsh environment found in space, while keeping low area and power consumption. The problem of recovering spacecrafts from failures or attacks, and bringing them back to an operational and safe state is crucial for reliability. Despite the recent interest in incorporating on-board security, there is limited research in this area. This research proposes a trusted hardware module approach for recovering the spacecrafts subsystems and their cryptographic capabilities after an attack or a major failure has happened. The proposed fault tolerant trusted modules are capable of performing platform restoration as well as recovering the cryptographic capabilities of the spacecraft. This research also proposes efficient fault tolerant architectures for the secure hash (SHA-2) and message authentication code (HMAC) algorithms. The proposed architectures are the first in the literature to detect and correct errors by using Hamming codes to protect the main registers. Furthermore, a quantitative analysis of the probability of failure of the proposed fault tolerance mechanisms is introduced. Based upon an extensive set of experimental results along with probability of failure analysis, it was possible to show that the proposed fault tolerant scheme based on information redundancy leads to a better implementation and provides better SEU resistance than the traditional Triple Modular Redundancy (TMR). The fault tolerant cryptographic primitives introduced in this research are of crucial importance for the implementation of on-board security in spacecrafts.
|
38 |
Cryptographic hash functions : cryptanalysis, design and applicationsGauravaram, Praveen Srinivasa January 2007 (has links)
Cryptographic hash functions are an important tool in cryptography to achieve certain security goals such as authenticity, digital signatures, digital time stamping, and entity authentication. They are also strongly related to other important cryptographic tools such as block ciphers and pseudorandom functions. The standard and widely used hash functions such as MD5 and SHA-1 follow the design principle of Merkle-Damgard iterated hash function construction which was presented independently by Ivan Damgard and Ralph Merkle at Crypto'89. It has been established that neither these hash functions nor the Merkle-Damgard construction itself meet certain security requirements. This thesis aims to study the attacks on this popular construction and propose schemes that offer more resistance against these attacks as well as investigating alternative approaches to the Merkle-Damgard style of designing hash functions. This thesis aims at analysing the security of the standard hash function Cellular Authentication and Voice Encryption Algorithm (CAVE) used for authentication and key-derivation in the second generation (2G) North American IS-41 mobile phone system. In addition, this thesis studies the analysis issues of message authentication codes (MACs) designed using hash functions. With the aim to propose some efficient and secure MAC schemes based on hash functions. This thesis works on three aspects of hash functions: design, cryptanalysis and applications with the following significant contributions: * Proposes a family of variants to the Damgard-Merkle construction called 3CG for better protection against specific and generic attacks. Analysis of the linear variant of 3CG called 3C is presented including its resistance to some of the known attacks on hash functions. * Improves the known cryptanalytical techniques to attack 3C and some other similar designs including a linear variant of GOST, a Russian standard hash function. * Proposes a completely novel approach called Iterated Halving, alternative to the standard block iterated hash function construction. * Analyses provably secure HMAC and NMAC message authentication codes (MACs) based on weaker assumptions than stated in their proofs of security. Proposes an efficient variant for NMAC called NMAC-1 to authenticate short messages. Proposes a variant for NMAC called M-NMAC which offers better protection against the complete key-recovery attacks than NMAC. As well it is shown that M-NMAC with hash functions also resists side-channel attacks against which HMAC and NMAC are vulnerable. Proposes a new MAC scheme called O-NMAC based on hash functions using just one secret key. * Improves the open cryptanalysis of the CAVE algorithm. * Analyses the security and legal implications of the latest collision attacks on the widely used MD5 and SHA-1 hash functions.
|
39 |
Návrh bezpečnostní infrastruktury elektronického archivu / Design of security infrastructure for electronic archiveDoležel, Radek January 2009 (has links)
This master's thesis deals with design of security infrastructure for electronic archive. In theoretical part is disscus about technical resources which are based on security services and protocols and methods which are used for protection. On basics of theoretical part is designed model of security infrastructure and it is built in laboratory. Model of security infrastructure is based on Open Source Software and as safety storages for private user authentication data are used cryptographic USB tokens. This master's thesis includes design and construction of real infrastructure of secured electronic archive. In each part of master's thesis is put main emphases on security and clear explanation from the beginning of desing of model of security infrastructure for electronic archive to finish of construction.
|
40 |
Odposlech moderních šifrovaných protokolů / Interception of Modern Encrypted ProtocolsMarček, Ján January 2012 (has links)
This thesis deals with the introduction to the security mechanism.The procedure explains the basic concepts, principles of cryptography and security of modern protocols and basic principles that are used for information transmission network. The work also describes the most common types of attacks targeting the eavesdropping of communication. The result is a design of the eavesdropping and the implementation of an attack on the secure communication of the SSL protocol..The attacker uses a false certificate and attacks based on poisoning the ARP and DNS tables for this purpose. The thesis discusses the principles of the SSL protocol and methodology of attacks on the ARP and DNS tables.
|
Page generated in 0.0899 seconds