Desired Features and Design Methodologies of Secure Authenticated Key Exchange Protocols in the Public-Key Infrastructure Setting

Wang, Hao-Hsien

January 2004

The importance of an authenticated key exchange (AKE) protocol has long been known in the field of cryptography. Two of the questions still being asked today are (1) what properties or features does a secure AKE protocol possess, and (2) How does one, in a step by step fashion, create a secure AKE protocol? This thesis aims to answer these two questions. The thesis contains two parts: one is a survey of previous works on the desired features of the Station-to-Station (STS) protocol, and the other is a study of a previously proposed design methodology in designing secure AKE protocols, as well as contributing an original idea of such methodologies. Descriptions and comparisons of the two design methodologies are included. The thesis surveys the literature and conducts a case study of the STS protocol, analyzes various attacks on STS through some known attacks to it, and extracts the desired properties and features of a secure AKE protocol via the case study. This part of the thesis does not propose any new result, but summarizes a complete list of issues one should take consideration of while designing an AKE protocol. We also show that at the end of this part, a secure version of STS which possesses the desired features of an AKE protocol. The other major part of the thesis surveys one design methodology of creating a secure AKE protocol by Bellare, Canetti, and Krawczyk; it is based on having a secure key exchange protocol then adding (mutual) authentication to it. The thesis then proposes another original design methodology; it starts with a secure mutual authentication protocol, then adds the secure key exchange feature without modifying overheads and number of flows of the original mutual authentication protocol. We show in this part the "secure" AKE protocol developed through these two design approaches is identical to the secure version of STS described in the other part, and thus possesses the desired features of a secure AKE protocol. We also give a proof of security of the secure AKE protocol developed under our design methodology.

Computer Science

authentication

authenticated key exchange

Diffie-Hellman

Station-to-Station protocol

STS

Energy-Aware Key Management in Wireless Ad-Hoc Networks

Chang, Chia-Wen

26 July 2006

In this thesis, we consider how to reduce the communication cost of the key exchange procedures as many as possible, while the secure group communication can still be achieved. Due to the energy consumption is usually proportional to the distance, we use the shortest paths algorithm to find the shortest communication paths between any pair of the secure group members. We first propose a straightforward heuristic named Minimum-Energy First-Selected ( MEFS ). MEFS tries to select the pair of group members which has less communication cost than all other pairs have at every time. Though MEFS performs better than random selecting, it still has some weakness in solving the energy-aware key management problem. So we use the concept of the minimum cost flow problem, and by appropriate transformation, then we get the optimal solution of the energy-aware key management problem under some constraints. At last, the simulation results proves that the minimum cost flow approach actually works better than MEFS does.

Diffie-Hellman protocol

wireless ad-hoc networks

network security

the minimum cost flow problem

Hardwarově akcelerovaný přenos dat s využitím TLS protokolu / Hardware accelerated data transfer using TLS protocol

Zugárek, Adam

January 2020

This paper describes implementation of the whole cryptographic protocol TLS including control logic and used cryptographic systems. The goal is to implement an application in the FPGA technology, so it could be used in hardware accelerated network card. The reason for this is new supported higher transmission speeds that Ethernet is able to operate on, and the absence of implementation of this protocol on FPGA. In the first half of this paper is described theory of cryptography followed by description of TLS protocol, its development, structure and operating workflow. The second half describes the implementation on the chosen technology that is also described here. It is used already existing solutions of given cryptographic systems for the implementation, or at least their parts that are modified if needed for TLS. It was implemented just several parts of whole protocol, such are RSA, Diffie-Hellman, SHA and part of AES. Based on these implementations and continuing studying in this matter it was made conclusion, that FPGA technology is inappropriate for implementation of TLS protocol and its control logic. Recommendation was also made to use FPGA only for making calculations of given cryptographic systems that are controlled by control logic from software implemented on standard processors.

Systém pro měření kvality elektrické energie / Power quality measuring system

Valenta, Jaroslav

January 2011

This thesis deals with the measurement of power quality. The evaluating quality parameters, data collection systems and transfer technologies will be discussed. The various type of cryptographic algorithms are also described. Cryptographic algorithms, which ensure to secure data communications from remote collection points of measurement, will be realized. These cryptographic algorithms will be realized in MATLAB and C/C++. The last part is focus on designed and implemented a simulation model to telemetry the power quality.

Systém pro anonymní předávání zpráv / System for anonymous transmit of messages

Kislinger, Jan

January 2014

Diploma thesis deals with an anonymous transmit of messages using protocol for anonymous authentication. In first part, we introduce theoretical familiarization to the issues and description protocol for anonymous authentication. Further, it describes the suggestion of the communication between the client and the server. Finally, contains a description of the created system for anonymous transmit of messages, which consists of the server and clients, who can leave challenges on the server for other users and they obtains challenges from the server. The thesis explains how to start and control program. There are also discussed methods of computing verification values, encryption keys and messages and authentication of receivers.

Evaluation of Certificate Enrollment over Application Layer Security / Utvärdering av certifikatsskrivning över applikationslagersäkerhet

Krontiris, Alexandros

January 2018

This thesis analyzes Application Layer security protocols for certificate enrollment and management. EDHOC, Ephemeral Diffie-HellmanOver COSE, is a recently developed key exchange protocol whichis designed to provide authentication and key-exchange functionality with compact message sizes and minimum round-trip-time. The workof this thesis extends the EDHOC protocol with a certificate enrollment functionality, targeting IoT constrained devices and it has been implemented for analysis and evaluation purposes. The main scope of this document is to study the security, performance and scalability (in descendingorder of importance) of enrollment over EDHOC compared to other certificate enrollment protocols. / Detta examensarbete analyserar säkerhetsprotokoll av typen ApplicationLayer för certifikatregistrering och hantering. EDHOC, Ephemeral Diffie-Hellman Over COSE, har implementerats, analyserats och utvärderats. EDHOC är ett nyligen utvecklat Application Layer-protokoll som är utformat för att tillhandahålla autentiserings- och nyckelfunktionsfunktioner med kompakta meddelandestorlekar och minimala rundturstider, inriktat på IoT-begränsade enheter. Huvudområdet för examensarbetet är att studera säkerhet, prestanda och skalbarhet (i fallande ordning av betydelse) hos EDHOC jämfört med andra föreslagna Application Layer-säkerhetsprotokoll som utför certifikatsskrivning.

Certificate Enrollment/Management

application layer security

key exchange protocol.

Certifikat inskrivning/förvaltning

applikationslager säkerhet

nyckelutbytesprotokoll.

Computer and Information Sciences

Data- och informationsvetenskap

Design and evaluation of security mechanism for routing in MANETs : elliptic curve Diffie-Hellman cryptography mechanism to secure Dynamic Source Routing protocol (DSR) in Mobile Ad Hoc Network (MANET)

Almotiri, Sultan H.

January 2013

Ensuring trustworthiness through mobile nodes is a serious issue. Indeed, securing the routing protocols in Mobile Ad Hoc Network (MANET) is of paramount importance. A key exchange cryptography technique is one such protocol. Trust relationship between mobile nodes is essential. Without it, security will be further threatened. The absence of infrastructure and a dynamic topology changing reduce the performance of security and trust in mobile networks. Current proposed security solutions cannot cope with eavesdroppers and misbehaving mobile nodes. Practically, designing a key exchange cryptography system is very challenging. Some key exchanges have been proposed which cause decrease in power, memory and bandwidth and increase in computational processing for each mobile node in the network consequently leading to a high overhead. Some of the trust models have been investigated to calculate the level of trust based on recommendations or reputations. These might be the cause of internal malicious attacks. Our contribution is to provide trustworthy communications among the mobile nodes in the network in order to discourage untrustworthy mobile nodes from participating in the network to gain services. As a result, we have presented an Elliptic Curve Diffie-Hellman key exchange and trust framework mechanism for securing the communication between mobile nodes. Since our proposed model uses a small key and less calculation, it leads to a reduction in memory and bandwidth without compromising on security level. Another advantage of the trust framework model is to detect and eliminate any kind of distrust route that contain any malicious node or suspects its behavior.

004.6

Mobilní aplikace pro šifrované volání / Mobile Application for Encrypted Calls

Jonáš, Jiří

January 2017

The thesis is focused on implementation of aplication for secure telephone communication on data network. Application is developed for operating system Android. For call management is responsible signaling protocol SIP and for transfer of voice data is used protocol RTP. For security of call is first created cryptografic key for symetric cryptography. After generating key is established call, which is encrypted by symetric cipher AES. Encrypting between communicating sides is provided in application or on microSD card. Part of solution is measurement of speed of cryptographic primitives, which are used for secure call.

Webové aplikace pro autentizaci uživatelů / Web applications for user authentication

Vybíral, Petr

January 2014

The thesis deals with the problems of user authentication. The first chapter analyzes the problem of authentication, its methods and its utilization. The second chapter presents the different security options for communication. The chapter describes security, communication and authentication protocols. There is the 2D barcode QR Code described at the end of the chapter. The third chapter is devoted to ASP.NET technology, its development and possibilities of utilization. Attention is focused on web form and server controls. There is an analysis of elements of cookies and possibilities of their use. The last chapter consists of a practical part, which describes the development of a web application. There is a description of the parts of application, such as the database, the Web navigation, master pages and etc. in the following chapter. The cardinal part of the chapter consists of an analysis and implementation of forms authentication, the attribute authentication and authentication with QR code. Finally, there is a description of way how to secure the communication by using a certificate.

Design and Evaluation of Security Mechanism for Routing in MANETs. Elliptic Curve Diffie-Hellman cryptography mechanism to secure Dynamic Source Routing protocol (DSR) in Mobile Ad Hoc Network (MANET).

Almotiri, Sultan H.

January 2013

Ensuring trustworthiness through mobile nodes is a serious issue. Indeed, securing the routing protocols in Mobile Ad Hoc Network (MANET) is of paramount importance. A key exchange cryptography technique is one such protocol. Trust relationship between mobile nodes is essential. Without it, security will be further threatened. The absence of infrastructure and a dynamic topology changing reduce the performance of security and trust in mobile networks. Current proposed security solutions cannot cope with eavesdroppers and misbehaving mobile nodes. Practically, designing a key exchange cryptography system is very challenging. Some key exchanges have been proposed which cause decrease in power, memory and bandwidth and increase in computational processing for each mobile node in the network consequently leading to a high overhead. Some of the trust models have been investigated to calculate the level of trust based on recommendations or reputations. These might be the cause of internal malicious attacks. Our contribution is to provide trustworthy communications among the mobile nodes in the network in order to discourage untrustworthy mobile nodes from participating in the network to gain services. As a result, we have presented an Elliptic Curve Diffie-Hellman key exchange and trust framework mechanism for securing the communication between mobile nodes. Since our proposed model uses a small key and less calculation, it leads to a reduction in memory and bandwidth without compromising on security level. Another advantage of the trust framework model is to detect and eliminate any kind of distrust route that contain any malicious node or suspects its behavior.

Dynamic Source Routing protocol (DSR)

Mobile Ad Hoc Network (MANET)

Routing security

Design

Evaluation