Energy Efficient Secure Key Management Schemes for WSNs and IoT

Wen, Wen

January 2016

Secret sharing is critical to most applications making use of security and remains one of the most challenging research areas in modern cryptography. In this thesis, we propose a novel efficient multi-secret sharing scheme based on the Chinese remainder theorem (CRT) with two verification methods, while the previous works are mostly based on the Lagrange polynomial. Key management schemes play an important role in communication security in Wireless Sensor Networks (WSNs). While the previous works mainly targeting on two different types of WSNs: distributed and hieratical, in this thesis, we propose our flexible WSN key management scheme, which is based on (n,t,n) multi-secret sharing technique, to provide a key management solution for heterogeneous architecture. The powerful key managers are responsible for most of the communicational and computational workload. They can provide Peer-to-Peer pair-wise keys for a pair of sensors to establish a secure communication session, and in the same time, they can also form communication clusters as cluster heads according to different application requirements. Internet of Things (IoT) becomes more and more popular and practical in recent years. Considering the diversity of the devices and the application scenarios, it is extremely hard to couple two devices or sub-networks with different communication and computation resources. In this thesis, we propose novel key agreement schemes based on (n,t,n) multi-secret sharing techniques for IoT in order to achieve light weighted key exchange while using Host Identity Protocol (HIP). We refer the new schemes as HIP-MEXs with different underlying multi-secret sharing techniques. We analyzed the computational and communication costs of the extremely resource constrained device which is referred to as Initiator, and CRT based HIP-MEX successfully outsource the heavy workload to the proxy, which are considered more powerful, when establishing new secret key.

Chinese Remainder Theorem

Secret Sharing

Secure

Energy Efficiency

Wireless Sensor Network

Internet of Things

Host Identity Protocol

Key Management

Key Exchange

Cryptography

Zabezpečená komunikace v rámci platformy PX4 / Secure communication within the PX4 platform

Ligocki, Roman

January 2020

PX4 platforma je jedna z nepoužívanějších softwarových balíčků pro řízení bezpilotníhosystému. Používá MAVLink protokol pro komunikaci mezi autopilotem, pozemní stanicía dalšími zařízeními v MAVLink síti. Je speciálně navržen pro bezpilotní systémy použí-vající rádia s nízkou datovou propustností. S rostoucím počtem těchto zařízení docházírovněž k růstu počtu útoků na tyto systémy. Tato diplomová práce obsahuje analízua popis bezpečnostních nedostatků v telemetrické komunikaci platformy PX4 běžící naprotokolu MAVLink. Na základě těchto nedostatků byla dále navržená a implementovánabezpečnostní řešení. Tato implementace zahrnuje šifrování, řízení přístupu, autentizacia systém pro výměnu klíčů. Bezpečnostní implementace je postavená na knihovně Mo-noCypher. Všechny části práce jsou naprogramováno v jazyce C. Cílem autora je sdíletvýsledky, kterých dosáhl s komunitou kolem paltformy PX4. Proto během finální částipráce vznikl pull request do veřejného repozitáře.

Advanced password-authenticated key exchanges / Les échanges de clefs complexes sécurisés par mot de passe

Dupont, Pierre-Alain

29 August 2018

L’échange de clef authentifié est probablement la primitive asymétrique la plus utilisée, notamment du fait de son inclusion dans le protocole TLS. Pour autant, son cousin, l’échange de clef authentifié par mot de passe, où l’authentification s’effectue par comparaison de mot de passe, l’est bien moins, bien qu’ayant déjà fait l’objet d’études considérables. C’est pourtant une primitive finalement bien plus proche d’une authentification réelle, dès lors qu’une des parties est humaine. Dans cette thèse, nous considérons des primitives avancées fondées sur l’échange de clef authentifié par mot de passe, en gardant à l’œil ses applications pratiques. Spécifiquement, nous introduisons une nouvelle primitive, l’échange de clef authentifié par mot de passe approximatif, où la condition de succès de l’authentification est désormais d’avoir une distance suffisamment faible entre les deux mots de passe, et plus nécessairement l’égalité parfaite. Nous fournissons un modèle de sécurité dans le cadre du modèle de composabilité universelle (UC) ainsi qu’une construction reposant sur un partage de secret robuste et des échanges de clefs authentifiés par mot de passe exact. Dans une seconde partie, nous considérons le problème pratique de la perte du mot de passe dès lors qu’une session est conduite sur un terminal compromis. Étant donné qu’il s’agit d’un problème intrinsèque à l’authentification par mot de passe, nous étendons le modèle BPR habituel pour prendre en compte, en lieu et place du mot de passe, des questions-réponses, toujours de faible entropie. Nous fournissons plusieurs protocoles dans ce modèle, dont certains reposent sur des familles de fonctions compatibles avec les humains, dans lesquelles les opérations requises pour dériver la réponse depuis la question sont suffisamment simples pour être faites de tête, permettant donc à l’humain de s’identifier directement. / Authenticated key exchange is probably the most widely deployed asymmetric cryptographic primitive, notably because of its inclusion in the TLS protocol. Its cousin, password-authenticated key exchange — where the authentication is done using a low-entropy password — while having been studied extensively as well has been much less used in practice. It is, however, a primitive much closer to actual authentication when at least one party is human. In this thesis, we consider advanced primitives based on password-authenticated key exchange, with an eye toward practical applications. Specifically, we introduce fuzzy password-authenticated key exchange, where the authentication succeeds as long as the two passwords are close enough, and not necessarily equal. We provide a security model in the UC framework, as well as a construction based on regular password-authenticated key exchanges and robust secret-sharing schemes. Secondly, we consider the practical problem of password leakage when taking into account sessions conducted on a corrupted device. As there is intrinsically no hope with regular password authentication, we extend the BPR security model to consider low-entropy challenge responses instead. We then provide several instantiations, some based on human-compatible function families, where the operation required to answer the challenge are simple enough to be conducted in one’s head, allowing the actual authentication to be directly performed by the human being.

Authentification

Clef-publique

Cryptographie

Échange de clef

Mot de passe

Mot de passe approximatif

Authentication

Cryptography

Fuzzy password

Key exchange

Password

Public-key

005.8

004

Kryptoggraphie mit elliptischen Kurven: Versuch einer Erklärung

Pönisch, Jens

01 December 2014

Der Vortrag erläutert das Grundprinzip des Diffie-Hellman-Schlüsseltausches mithilfe des diskreten Logarithmus unter Zuhilfenahme elliptischer Kurven über endlichen Körpern.

info:eu-repo/classification/ddc/510

ddc:510

Diffie-Hellman-Schlüsseltausch

Formal Verification of a LTE Security Protocol for Dual-Connectivity : An Evaluation of Automatic Model Checking Tools

Pfeffer, Katharina

January 2014

Security protocols are ubiquitously used in various applications with the intention to ensure secure and private communication. To achieve this goal, a mechanism offering reliable and systematic protocol verification is needed. Accordingly, a major interest in academic research on formal methods for protocol analysis has been apparent for the last two decades. Such methods formalize the operational semantics of a protocol, laying the base for protocol verification with automatic model checking tools. So far, little work in this field has focused on protocol standardization. Within this thesis a security analysis of a novel Authenticated Key-Exchange (AKE) protocol for secure association handover between two Long-Term Evolution (LTE) base stations (which support dual-connectivity) is carried out by applying two state-of-the-art tools for automated model checking (Scyther and Tamarin Prover). In the course of this a formal protocol model and tool input models are developed. Finally, the suitability of the used tools for LTE protocol analysis is evaluated. The major outcome is that none of the two applied tools is capable to accurately model and verify the dual-connectivity protocol in such detail that it would make them particularly useful in the considered setting. The reason for this are restrictions in the syntax of Scyther and a degraded performance of Tamarin when using complex protocol input models. However, the use of formal methods in protocol standardization can be highly beneficial, since it implies a careful consideration of a protocol’s fundamentals. Hence, formal methods are helpful to improve and structure a protocol’s design process when applied in conjunction to current practices. / Säkerhetsprotokoll används i många typer av applikationer för att säkerställa säkerhet och integritet för kommunikation. För att uppnå detta mål behövs en behövs mekanismer som tillhandahåller pålitlig och systematisk verifiering av protokollen. Därför har det visats stort akademiskt intresse för forskning inom formell verifiering av säkerhetsprotokoll de senaste två decennierna. Sådana metoder formaliserar protokollsemantiken, vilket lägger grunden till automatiserad verifiering med modellverifieringsverktyg. Än så la¨nge har det inte varit stort focus på praktiska tilla¨mpningar, som t.ex. hur väl metoderna fungerar för de problem som dyker upp under en standardiseringsprocess. I detta examensarbete konstrueras en formell modell för ett säkerhetsprotokoll som etablerar en säkerhetsassociation mellan en terminal och två Long-Term Evolution (LTE) basstationer i ett delsystem kallat Dual Connectivity. Detta delsystem standardiseras för närvarande i 3GPP. Den formella modellen verifieras sedan med bästa tillgängliga verktyg för automatiserad modellverifiering (Scyther och Tamarin Prover). För att åstadkomma detta har den formella modellen implementerats i inmatningsspråken för de två verktygen.  Slutligen ha de två verktygen evaluerats. Huvudslutsatsen är att inget av de två verktygen tillräckligt väl kan modellera de koncept där maskinstödd verifiering som mest behövs. Skälen till detta är Scythers begränsade syntax, och Tamarins begränsade prestanda och möjlighet att terminera för komplexa protokollmodeller. Trots detta är formella metoder andvändbara i standardiseringsprocessen eftersom de tvingar fram väldigt noggrann granskning av protokollens fundamentala delar. Därför kan formella metoder bidra till att förbättra strukturen på protokollkonstruktionsprocessen om det kombineras med nuvarande metoder.

security

authenticated key-exchange

3GPP

LTE

formal methods

protocol verification

automated model checking

säkerhet

autentiserad etablering av nycklar

3GPP

LTE

formella metoder

protokollverifiering

automatiserad modellverifiering

Communication Systems

Kommunikationssystem

A Portable and Improved Implementation of the Diffie-Hellman Protocol for Wireless Sensor Networks

Shoaib, Naveed

22 September 2009

No description available.

Communication

Computer Science

Information Systems

Mathematics

Wireless Sensor Networks

Sun SPOTS

Diffie-Hellman Key-Exchange Protocol

Elliptic Curve Cryptography

Elliptic Curve Diffie-Hellman

Portable Diffie-Hellman

Memory-based Hardware-intrinsic Security Mechanisms for Device Authentication in Embedded Systems

Soubhagya Sutar (9187907)

30 July 2020

<div>The Internet-of-Things (IoT) is one of the fastest-growing technologies in computing, revolutionizing several application domains such as wearable computing, home automation, industrial manufacturing, <i>etc</i>. This rapid proliferation, however, has given rise to a plethora of new security and privacy concerns. For example, IoT devices frequently access sensitive and confidential information (<i>e.g.,</i> physiological signals), which has made them attractive targets for various security attacks. Moreover, with the hardware components in these systems sourced from manufacturers across the globe, instances of counterfeiting and piracy have increased steadily. Security mechanisms such as device authentication and key exchange are attractive options for alleviating these challenges.</div><div><br></div><div>In this dissertation, we address the challenge of enabling low-cost and low-overhead device authentication and key exchange in off-the-shelf embedded systems. The first part of the dissertation focuses on a hardware-intrinsic mechanism and proposes the design of two Physically Unclonable Functions (PUFs), which leverage the memory (DRAM, SRAM) in the system, thus, requiring minimal (or no) additional hardware for operation. Two lightweight authentication and error-correction techniques, which ensure robust operation under wide environmental and temporal variations, are also presented. Experimental results obtained from prototype implementations demonstrate the effectiveness of the design. The second part of the dissertation focuses on the application of these techniques in real-world systems through a new end-to-end authentication and key-exchange protocol in the context of an Implantable Medical Device (IMD) ecosystem. Prototype implementations exhibit an energy-efficient design that guards against security and privacy attacks, thereby making it suitable for resource-constrained devices such as IMDs.</div><div><br></div>

Computer Engineering

Computer System Security

physically unclonable functions

PUF

Dynamic Random Access Memories

DRAM

device authentication

key exchange

authentication protocol

authentication scheme

authentication mechanism

combination PUF

memory PUF

implantable medical devices

IMD

IMD security

hardware security

Embedded Systems Security

Evaluation of Certificate Enrollment over Application Layer Security / Utvärdering av certifikatsskrivning över applikationslagersäkerhet

Krontiris, Alexandros

January 2018

This thesis analyzes Application Layer security protocols for certificate enrollment and management. EDHOC, Ephemeral Diffie-HellmanOver COSE, is a recently developed key exchange protocol whichis designed to provide authentication and key-exchange functionality with compact message sizes and minimum round-trip-time. The workof this thesis extends the EDHOC protocol with a certificate enrollment functionality, targeting IoT constrained devices and it has been implemented for analysis and evaluation purposes. The main scope of this document is to study the security, performance and scalability (in descendingorder of importance) of enrollment over EDHOC compared to other certificate enrollment protocols. / Detta examensarbete analyserar säkerhetsprotokoll av typen ApplicationLayer för certifikatregistrering och hantering. EDHOC, Ephemeral Diffie-Hellman Over COSE, har implementerats, analyserats och utvärderats. EDHOC är ett nyligen utvecklat Application Layer-protokoll som är utformat för att tillhandahålla autentiserings- och nyckelfunktionsfunktioner med kompakta meddelandestorlekar och minimala rundturstider, inriktat på IoT-begränsade enheter. Huvudområdet för examensarbetet är att studera säkerhet, prestanda och skalbarhet (i fallande ordning av betydelse) hos EDHOC jämfört med andra föreslagna Application Layer-säkerhetsprotokoll som utför certifikatsskrivning.

Certificate Enrollment/Management

application layer security

key exchange protocol.

Certifikat inskrivning/förvaltning

applikationslager säkerhet

nyckelutbytesprotokoll.

Computer and Information Sciences

Data- och informationsvetenskap

Elliptic Curve Cryptography for Lightweight Applications.

Hitchcock, Yvonne Roslyn

January 2003

Elliptic curves were first proposed as a basis for public key cryptography in the mid 1980's. They provide public key cryptosystems based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP) , which is so called because of its similarity to the discrete logarithm problem (DLP) over the integers modulo a large prime. One benefit of elliptic curve cryptosystems (ECCs) is that they can use a much shorter key length than other public key cryptosystems to provide an equivalent level of security. For example, 160 bit ECCs are believed to provide about the same level of security as 1024 bit RSA. Also, the level of security provided by an ECC increases faster with key size than for integer based discrete logarithm (dl) or RSA cryptosystems. ECCs can also provide a faster implementation than RSA or dl systems, and use less bandwidth and power. These issues can be crucial in lightweight applications such as smart cards. In the last few years, ECCs have been included or proposed for inclusion in internationally recognized standards. Thus elliptic curve cryptography is set to become an integral part of lightweight applications in the immediate future. This thesis presents an analysis of several important issues for ECCs on lightweight devices. It begins with an introduction to elliptic curves and the algorithms required to implement an ECC. It then gives an analysis of the speed, code size and memory usage of various possible implementation options. Enough details are presented to enable an implementer to choose for implementation those algorithms which give the greatest speed whilst conforming to the code size and ram restrictions of a particular lightweight device. Recommendations are made for new functions to be included on coprocessors for lightweight devices to support ECC implementations Another issue of concern for implementers is the side-channel attacks that have recently been proposed. They obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time and the information is then used to break implementations that have not incorporated appropriate defences. A new method of defence to protect an implementation from the simple power analysis (spa) method of attack is presented in this thesis. It requires 44% fewer additions and 11% more doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm. The algorithm forms a contribution to the current range of possible spa defences which has a good speed but low memory usage. Another topic of paramount importance to ECCs for lightweight applications is whether the security of fixed curves is equivalent to that of random curves. Because of the inability of lightweight devices to generate secure random curves, fixed curves are used in such devices. These curves provide the additional advantage of requiring less bandwidth, code size and processing time. However, it is intuitively obvious that a large precomputation to aid in the breaking of the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve which would be unavailable for a random curve. Therefore, it would appear that fixed curves are less secure than random curves, but quantifying the loss of security is much more difficult. The thesis performs an examination of fixed curve security taking this observation into account, and includes a definition of equivalent security and an analysis of a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. A lower bound on the expected time to solve such ECDLPs using this method is presented, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. It is concluded that adding a total of 11 bits to the size of a fixed curve provides an equivalent level of security compared to random curves. The final part of the thesis deals with proofs of security of key exchange protocols in the Canetti-Krawczyk proof model. This model has been used since it offers the advantage of a modular proof with reusable components. Firstly a password-based authentication mechanism and its security proof are discussed, followed by an analysis of the use of the authentication mechanism in key exchange protocols. The Canetti-Krawczyk model is then used to examine secure tripartite (three party) key exchange protocols. Tripartite key exchange protocols are particularly suited to ECCs because of the availability of bilinear mappings on elliptic curves, which allow more efficient tripartite key exchange protocols.

Elliptic curve (EC)

elliptic curve cryptosystem (ECC)

discrete logarithm problem (DLP)

speed

code size

memory usage

ram usage

fixed curve

random curve

Pollard's rho method

Canetti-Krawczyk proof model

key exchange protocols

security proof

tripartite key exchange

pairings

password-based authentication

point addition

projective coordinates

Jacobian coordinates

Chudnovsky Jacobian coordinates

modified Jacobian coordinates

binary method

simultaneous multiple exponentiation

two-in-one scalar multiplication

coprocessor

smart card

lightweight device

simple power analysis (spa)

side channel attack

equivalent security.

主從式架構下基於晶格之通行碼認證金鑰交換協定之研究 / A study of password-based authenticated key exchange from lattices for client/server model

鄭逸修

Unknown Date

基於通行碼之認證金鑰交換協定(Password-based Authenticated Key Exchange)為一項使要進行交換訊息之雙方做相互驗證並產生一把共享金鑰的技術。藉由通訊雙方共享一組通行碼做為身份驗證的依據，並且在驗證結束後產生一把僅有雙方才知道的祕密通訊金鑰，往後進行傳遞機密資訊時即可透過此金鑰建立安全的通訊管道。 本篇論文提出一個在主從式架構(Client/Server model)下基於晶格(lattice)之通行碼認證金鑰交換協定，用戶端只需記錄與伺服器共享之通行碼，而伺服器端除了通行碼外擁有屬於自己的公私鑰對，雙方間透過共享之通行碼進行相互驗證，並且在兩個步驟內完成認證及金鑰交換。在安全性上基於晶格密碼系統之難問題，若未來量子電腦問世能夠抵擋其強大運算能力之攻擊，達到安全且有效率之通行碼認證金鑰協議。 / The password-based authenticated key exchange is a technology that allows both parties to perform mutual authentication and generate a shared session key. They through the shared password as the basis for authentication and generate a session key that is only known by both parties. At last, they can use this key to establish a secure channel to transmit secret message. We propose a password-based authenticated key exchange from lattices for Client-Server model. The client only need to remember the password rather than the private key, and the server except keep the password and its own public/private key pair. Both parties execute the mutual authentication via the shared password and accomplish the key exchange within two steps. The security of our protocol is based on LWE problem for lattices, so it is secure even an attacker uses a quantum computer.

晶格

誤差學習難問題

金鑰交換協定

雙向驗證機制

主從式架構

PAKE

Lattice

LWE

Key exchange

Mutual authentication

Client/Server model