Global ETD Search

21	A Key Management Architecture for Securing Off-Chip Data Transfers on an FPGA Graf, Jonathan 04 August 2004 (has links) Data security is becoming ever more important in embedded and portable electronic devices. The sophistication of the analysis techniques used by attackers is amazingly advanced. Digital devices' external interfaces to memory and communications interfaces to other digital devices are vulnerable to malicious probing and examination. A hostile observer might be able to glean important details of a device's design from such an interface analysis. Defensive measures for protecting a device must therefore be even more sophisticated and robust. This thesis presents an architecture that acts as a secure wrapper around an embedded application on a Field Programmable Gate Array (FPGA). The architecture includes functional units that serve to authenticate a user over a secure serial interface, create a key with multiple layers of security, and encrypt an external memory interface using that key. In this way, the wrapper protects all of the digital interfaces of the embedded application from external analysis. Cryptographic methods built into the system include an RSA-related secure key exchange, the Secure Hash Algorithm, a certificate storage system, and the Data Encryption Standard algorithm in counter mode. The principles behind the encrypted external memory interface and the secure authentication interface can be adjusted as needed to form a secure wrapper for a wide variety of embedded FPGA applications. / Master of Science Security Encryption Amanuet Key Management Field programmable gate arrays Wrapper
22	Evaluation of Key Management Protocols and Their Implementations / Utvärdering av Key Management Protokoll och dess implementationer Andersson, Erik, Combler, David January 2018 (has links) When constructing a network system it is important to consider the attributes which deﬁne said system and how to best build around those attributes. In this report we’ve studied Key Management Protocols as well as 802.15.4 WPAN networks and how key managment is conducted in such networks. This was done to better understand how Key Management Protocols themselves work and if, or how, they differ when used in 802.15.4 networks. In this report we studied 4 different Key Management Protocols: IKEv2,HIPv2,PANA and 802.1X as well as their various implementations. Based on the information gathered we analyzed how an implementation would work according to IEEE 802.15.9. Firstly we found was that IKEv2 offers a lot of functionality at the cost of system complexity and required a lot of memory. It also required major modiﬁcations to work in 802.15.4 networks. Secondly we found that HIPv2 offers the ability to separate the locator and identiﬁer tags of TCP/IP and is lightweight. It doesn’t use IP or TCP/UDP and as such required minor changes to work in 802.15.4 networks. Finally, PANA and 802.1X both offer client-to-network authentication using EAP and use a moderate to high amount of space. 802.1X required a moderate amount of changes to work in 802.15.4 networks. PANA on the other hand required few changes, though it should not be used as a general purpose Key Management Protocol in 802.15.4 networks. Key Management Protcol Key Management Evaluation Comparison IKEv2 HIPv2 PANA 802.1X Implementation strongSwan OpenHIP openPANA Open1X Computer Sciences Datavetenskap (datalogi)
23	Advanced Secret Handling in Kubernetes Application with HashiCorp Vault / Avancerad hemlig hantering i Kubernetes-applikationen med HashiCorp Vault Hamid, Maryum January 2023 (has links) In the era of microservices and cloud-based systems, safeguarding sensitive credentials has become a critical concern for modern businesses. This thesis delves into the application of HashiCorp Vault, a prominent tool for secure secret management, within the domain of telecommunication networks, renowned for managing tens of thousands of nodes. Through a case study approach, this research explores Vault’s core components, security features, and disaster recovery mechanisms, with a specific focus on integrating them into existing telecommunication systems. A thorough examination of technical documentation, academic literature, and industry reports reveals fundamental concepts and best practices in credential management. Additionally, this study provides a comprehensive analysis of the system architecture of telecom management systems, showcasing how HashiCorp Vault’s capabilities bolster security, ensure compliance, and sustain business continuity in large-scale networks. Nevertheless, the thesis also addresses the implications of integrating HashiCorp Vault into the system architecture, including potential challenges tied to complexity and the need for meticulous key management for such extensive credentials. The findings emphasize the necessity of a balanced approach, prioritizing both automation and security. Vigilant monitoring, alerting, and maintenance practices are paramount. As a conclusion, this thesis proposes promising avenues for future research, envisioning the integration of artificial intelligence, machine learning, and blockchain technologies in credential management systems. These advancements hold the potential to further enhance the security landscape for telecommunication networks and beyond. / I en tid präglad av mikrotjänster och molnbaserade system har skydd av känsliga referenser blivit ett kritiskt problem för moderna företag. Denna avhandling fördjupar sig i tillämpningen av HashiCorp Vault, ett framstående verktyg för säker hemlig hantering, inom domänen av telekommunikationsnätverk, känt för att hantera tiotusentals noder. Genom en fallstudiemetod utforskar denna forskning Vaults kärnkomponenter, säkerhetsfunktioner och katastrofåterställningsmekanismer, med ett specifikt fokus på att integrera dem i befintliga telekommunikationssystem. En grundlig granskning av teknisk dokumentation, akademisk litteratur och branschrapporter avslöjar grundläggande begrepp och bästa praxis inom referenshantering. Dessutom ger denna studie en omfattande analys av systemarkitekturen för telekomhanteringssystem, och visar hur HashiCorp Vaults kapacitet stärker säkerheten, säkerställer efterlevnad och upprätthåller affärskontinuitet i storskaliga nätverk. Ändå tar avhandlingen också upp implikationerna av att integrera HashiCorp Vault i systemarkitekturen, inklusive potentiella utmaningar kopplade till komplexitet och behovet av noggrann nyckelhantering för så omfattande referenser. Resultaten betonar nödvändigheten av ett balanserat tillvägagångssätt, som prioriterar både automatisering och säkerhet. Vaksamma övervaknings-, varningsoch underhållsmetoder är av största vikt. Som en slutsats föreslår den här avhandlingen lovande vägar för framtida forskning, som föreställer sig integrationen av artificiell intelligens, maskininlärning och blockchainteknologier i autentiseringssystem. Dessa framsteg har potential att ytterligare förbättra säkerhetslandskapet för telekommunikationsnätverk och vidare. HashiCorp Vault Key Management System Kubernetes HashiCorp Vault Key Management System Kubernetes Computer and Information Sciences Data- och informationsvetenskap
24	Lightweight Cryptographic Group Key Management Protocols for the Internet of Things Gebremichael, Teklay January 2019 (has links) The Internet of Things (IoT) is increasingly becoming an integral component of many applications in consumer, industrial and other areas. Notions such as smart industry, smart transport, and smart world are, in large part, enabled by IoT. At its core, the IoT is underpinned by a group of devices, such as sensors and actuators, working collaboratively to provide a required service. One of the important requirements most IoT applications are expected to satisfy is ensuring the security and privacy of users. Security is an umbrella term that encompasses notions such as confidentiality, integrity and privacy, that are typically achieved using cryptographic encryption techniques. A special form of communication common in many IoT applications is group communication, where there are two or more recipients of a given message. In or-der to encrypt a message broadcast to a group, it is required that the participating parties agree on a group key a priori. Establishing and managing a group key in IoT environments, where devices are resources-constrained and groups are dynamic, is a non-trivial problem. The problem presents unique challenges with regard to con-structing protocols from lightweight and secure primitives commensurate with the resource-constrained nature of devices and maintaining security as devices dynamically leave or join a group. This thesis presents lightweight group key management protocols proposed to address the aforementioned problem, in a widely adopted model of a generic IoT network consisting of a gateway with reasonable computational power and a set of resource-constrained nodes. The aim of the group key management protocols is to enable the gateway and the set of resource-constrained devices to establish and manage a group key, which is then used to encrypt group messages. The main problems the protocols attempt to solve are establishing a group key among participating IoT devices in a secure and computationally feasible manner; enabling additionor removal of a device to the group in a security preserving manner; and enabling generation of a group session key in an efficient manner without re-running the protocol from scratch. The main challenge in designing such protocols is ensuring that the computations that a given IoT device performs as part of participating in the protocol are computationally feasible during initial group establishment, group keyupdate, and adding or removing a node from the group. The work presented in this thesis shows that the challenge can be overcome by designing protocols from lightweight cryptographic primitives. Specifically, protocols that exploit the lightweight nature of crypto-systems based on elliptic curves and the perfect secrecy of the One Time Pad (OTP) are presented. The protocols are designed in such a way that a resource-constrained member node performs a constant number of computationally easy computations during all stages of the group key management process. To demonstrate that the protocols are practically feasible, implementation resultof one of the protocols is also presented, showing that the protocol outperforms similar state-of-the-art protocols with regard to energy consumption, execution time, memory usage and number of messages generated. / <p>Vid tidpunkten för framläggningen av avhandlingen var följande delarbete opublicerat: delarbete 3 (manuskript).</p><p>At the time of the defence the following paper was unpublished: paper 3 (manuscript).</p> / SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle) Privacy and security of the IoT IoT group key management lightweight key management protocols elliptic curve cryptography proximity-based authentication Computer Sciences Datavetenskap (datalogi)
25	AN UPDATE ON NETWORK-BASED SECURITY TECHNOLOGIES APPLICABLE TO TELEMETRY POST-PROCESSING AND ANALYSIS ACTIVITIES Kalibjian, Jeff 10 1900 (has links) ITC/USA 2007 Conference Proceedings / The Forty-Third Annual International Telemetering Conference and Technical Exhibition / October 22-25, 2007 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Networked based technologies (i.e. TCP/IP) have come to play an important role in the evolution of telemetry post processing services. A paramount issue when using networking to access/move telemetry data is security. In past years papers have focused on individual security technologies and how they could be used to secure telemetry data. This paper will review currently available network based security technologies, update readers on enhancements, and discuss their appropriate uses in the various phases of telemetry post-processing and analysis activities. Network based computing data security security protocols key management telemetry post processing cryptography identity services
26	Secure IP Multicasting with Encryption Key Management Maharjan, Nadim, Moten, Daryl 10 1900 (has links) ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada / This paper presents the design for secure IP multicasting in an iNet environment using public key cryptography. Morgan State University has been conducting research to improve the telemetry network by improving network performance, implementing IP (Internet Protocol) multicasting and providing a stronger security system for the iNet environment. The present study describes how IP multicasting could be implemented to provide more secure communication in the iNet environment by reducing traffic and optimizing network performance. The multicast of data is closely tied to the key management center for secure applications. This paper develops a means of delivering keys between two or more parties showing a relationship between the multicast network and the Key Management Center (KMC). The KMC is an element of the system which distributes and manages session keys among multicast members. A public key encryption method is used to address the distribution of session keys in the multicast network. The paper will present a system level design of multicast and key management with dual encryption of session keys for the iNet system. IP Multicasting Public-key Cryptosystem Key Management Center Security Public Certificates iNET
27	A comparison of the security in ZigBee and the IEEE 802.15.9 standard and an experimental analysis of communication over IEEE 802.15.4 / En jämförelse av säkerheten gällande ZigBee och IEEE 802.15.9 standarden och en experimentell analys av kommunikation över IEEE 802.15.4 Silversved, Nicklas, Runesson, Hampus January 2019 (has links) The increasing number of IoT devices used in today’s society has led to a demand for better security in order to prevent attackers from gaining access to private information. The IoT brings a wide application scope and because of that there are a lot of ways to set up a secure network and manage keys in these kinds of networks. This paper presents a comparison between the security model in Zigbee and the new recommended practice for Key Management Protocols defined by the IEEE 802.15.9 standard. We investigate key establishment and transportation together with the vulnerabilities that this might bring regarding potential attacks like DoS and MitM. Since these protocols are built on the IEEE 802.15.4 standard, experimental tests have been made where we analyze the throughput, RTT and packet loss over varied distances and we try to determine the maximum transmission range for devices using IEEE 802.15.4 modules. The IEEE 802.15.9 standard works with different KMPs and depending on the KMP being used we can see both similarities and differences regarding key management and possible attacks when comparing it to ZigBee. Furthermore, we found that attacks on a ZigBee device is more likely to compromise the whole network while similar attacks would only affect the specific peers in an IEEE 802.15.9 communication. Based on the experiments we find that open areas, distance and interference have a negative effect on the throughput, RTT and packet loss of the communication. IEEE 802.15.4 IEEE 802.15.9 ZigBee security key establishment key management protocol Computer Engineering Datorteknik
28	A Lab System for Secret Sharing / Utveckling av laborationssystem för secret sharing Olsson, Fredrik January 2004 (has links) <p>Finnegan Lab System is a graphical computer program for learning how secret sharing works. With its focus on the algorithms and the data streams, the user does not have to consider machine-specific low-level details. It is highly modularised and is not restricted to secret sharing, but can easily be extended with new functions, such as building blocks for Feistel networks or signal processing. </p><p>This thesis describes what secret sharing is, the development of a new lab system designed for secret sharing and how it can be used.</p> Informationsteknik Cryptography Graph-Based Application Framework Java Key Management Secret Sharing Informationsteknik Information technology Informationsteknik
29	Security and Efficiency Tradeoffs in Multicast Group Key Management Duma, Claudiu January 2003 (has links) <p>An ever-increasing number of Internet applications, such as content and software distribution, distance learning, multimedia streaming, teleconferencing, and collaborative workspaces, need efficient and secure multicast communication. However, efficiency and security are competing requirements and balancing them to meet the application needs is still an open issue.</p><p>In this thesis we study the efficiency versus security requirements tradeoffs in group key management for multicast communication. The efficiency is in terms of minimizing the group rekeying cost and the key storage cost, while security is in terms of achieving backward secrecy, forward secrecy, and resistance to collusion.</p><p>We propose two new group key management schemes that balance the efficiency versus resistance to collusion. The first scheme is a flexible category-based scheme, and addresses applications where a user categorization can be done based on the user accessibility to the multicast channel. As shown by the evaluation, this scheme has a low rekeying cost and a low key storage cost for the controller, but, in certain cases, it requires a high key storage cost for the users. In an extension to the basic scheme we alleviate this latter problem.</p><p>For applications where the user categorization is not feasible, we devise a cluster-based group key management. In this scheme the resistance to collusion is measured by an integer parameter. The communication and the storage requirements for the controller depend on this parameter too, and they decrease as the resistance to collusion is relaxed. The results of the analytical evaluation show that our scheme allows a fine-tuning of security versus efficiency requirements at runtime, which is not possible with the previous group key management schemes.</p> / Report code: LiU-TEK-LIC-2003:53. Key management Multicast communication Security-efficiency tradeoffs Collusion resistance Push-oriented approaches Computer science Datavetenskap
30	Wireless On-Board Diagnostics Schirninger, Rene, Zeppetzauer, Stefan January 2005 (has links) <p>Wireless On-board diagnostics functionality, which is a future outlook to vehicle system </p><p>parameter analysis, enables measurements and controlling without the limitation of a physical </p><p>connector. Today every vehicle must by law provide the possibility to analyze engine and </p><p>emission related parameters (OBD II). The wireless connection requires a high security level </p><p>to prevent unauthorized communication establishment with the truck’s bus system. The aim </p><p>of the project is to make a survey of the available security mechanisms and to find the most </p><p>promising solutions. Furthermore, several usage scenarios and access right levels are </p><p>specified and a risk analysis of the whole system is made. The greatest challenge is the </p><p>specification and implementation of a proper key-exchange mechanism between the analyzing </p><p>device and the truck’s bus system, which is therefore carried out with the highest possible </p><p>level of awareness. Consequently several different concepts have been formulated based on </p><p>the different usage scenarios.</p> Wireless LAN Security On-Board Diagnostics Pre-shared Key-Management Wireless Local Area Network LAN

Search results