Moderní metody ověření identity uživatelů / Modern methods for user authentication

Sýkora, Daniel

January 2009

The main focus of Master’s thesis is modern methods for user authentication. In the first part are briefly described currently used protocols and pointed out thein advantages and disadvantages. The theoretical introduction analyzes the principles of zero-knowledge authentication, password-based protocols and describes the concept of a new generation hash function. The practical part describes the specific implementation of authentication protocols - Ohta-Okamoto protocol as a representative of the zero knowledge protocols and SRP (Secure Remote Password), which represents password-based protocols. In both cases, the installation procedure is described following the analysis of their implementation (at the source code level) and then compared with the transmitted data captured by Wireshark. The SRP protocol is verified by AVISPA tool. There is summary of both protocols security analysis in the conclusion.

Leveraging an Active Directory for the Generation of Honeywords

Lundström, Johan

January 2018

Honeywords, fake passwords that when used by an adversary are set to trigger an alarm, is one way of detecting security breaches. For them to be effective, however, they must resemble real passwords as closely as possible and thus, the construction of the honeywords is crucial. In this thesis, a new model for generating honeywords, PII-Syntax, is presented that was built in part on a previous model but reworked and adapted to meet new requirements. The purpose of the study was to investigate whether an Active Directory, (AD) could be used as a resource in the construction of honeywords. The assumption was that the AD contains information about real system users that could be leveraged to create high-quality honeywords because of the very fact that they are based on actual users. It is a well-known fact that many users have a natural inclination towards incorporating personal information when choosing their passwords, information that can be leveraged by an adversary making the passwords easier to retrieve. The proposed model capitalizes on this fact and bases the honeyword generation process on users’ personally identifiable information, PII. The motivation for this is to enhance the quality of the honeywords, i.e. making them more plausible from the perspective of the adversary. The resulting model performed equally well or better than all existing honeyword generation algorithms to which it was compared with regard to flatness, DoS resistivity, multiple system vulnerability and storage cost. The most important contribution, however, is the inclusion of users’ personal information in the generation of the honeywords that ultimately help strengthen the security of password-based authentication systems. Contributions from this thesis include a novel manner in which to approach a well-known problem, both in a theoretical as well as a practical sense: PII-Syntax is a new honeyword generation algorithm that apart from performing equally well or better than previous algorithms brings an added value of believability to the generated honeywords because of the inclusion of users’ personal information found in an AD.

honeywords

passwords

authentication

password-based authentication

password cracking

deception techniques

Information Systems

Elliptic Curve Cryptography for Lightweight Applications.

Hitchcock, Yvonne Roslyn

January 2003

Elliptic curves were first proposed as a basis for public key cryptography in the mid 1980's. They provide public key cryptosystems based on the difficulty of the elliptic curve discrete logarithm problem (ECDLP) , which is so called because of its similarity to the discrete logarithm problem (DLP) over the integers modulo a large prime. One benefit of elliptic curve cryptosystems (ECCs) is that they can use a much shorter key length than other public key cryptosystems to provide an equivalent level of security. For example, 160 bit ECCs are believed to provide about the same level of security as 1024 bit RSA. Also, the level of security provided by an ECC increases faster with key size than for integer based discrete logarithm (dl) or RSA cryptosystems. ECCs can also provide a faster implementation than RSA or dl systems, and use less bandwidth and power. These issues can be crucial in lightweight applications such as smart cards. In the last few years, ECCs have been included or proposed for inclusion in internationally recognized standards. Thus elliptic curve cryptography is set to become an integral part of lightweight applications in the immediate future. This thesis presents an analysis of several important issues for ECCs on lightweight devices. It begins with an introduction to elliptic curves and the algorithms required to implement an ECC. It then gives an analysis of the speed, code size and memory usage of various possible implementation options. Enough details are presented to enable an implementer to choose for implementation those algorithms which give the greatest speed whilst conforming to the code size and ram restrictions of a particular lightweight device. Recommendations are made for new functions to be included on coprocessors for lightweight devices to support ECC implementations Another issue of concern for implementers is the side-channel attacks that have recently been proposed. They obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time and the information is then used to break implementations that have not incorporated appropriate defences. A new method of defence to protect an implementation from the simple power analysis (spa) method of attack is presented in this thesis. It requires 44% fewer additions and 11% more doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm. The algorithm forms a contribution to the current range of possible spa defences which has a good speed but low memory usage. Another topic of paramount importance to ECCs for lightweight applications is whether the security of fixed curves is equivalent to that of random curves. Because of the inability of lightweight devices to generate secure random curves, fixed curves are used in such devices. These curves provide the additional advantage of requiring less bandwidth, code size and processing time. However, it is intuitively obvious that a large precomputation to aid in the breaking of the elliptic curve discrete logarithm problem (ECDLP) can be made for a fixed curve which would be unavailable for a random curve. Therefore, it would appear that fixed curves are less secure than random curves, but quantifying the loss of security is much more difficult. The thesis performs an examination of fixed curve security taking this observation into account, and includes a definition of equivalent security and an analysis of a variation of Pollard's rho method where computations from solutions of previous ECDLPs can be used to solve subsequent ECDLPs on the same curve. A lower bound on the expected time to solve such ECDLPs using this method is presented, as well as an approximation of the expected time remaining to solve an ECDLP when a given size of precomputation is available. It is concluded that adding a total of 11 bits to the size of a fixed curve provides an equivalent level of security compared to random curves. The final part of the thesis deals with proofs of security of key exchange protocols in the Canetti-Krawczyk proof model. This model has been used since it offers the advantage of a modular proof with reusable components. Firstly a password-based authentication mechanism and its security proof are discussed, followed by an analysis of the use of the authentication mechanism in key exchange protocols. The Canetti-Krawczyk model is then used to examine secure tripartite (three party) key exchange protocols. Tripartite key exchange protocols are particularly suited to ECCs because of the availability of bilinear mappings on elliptic curves, which allow more efficient tripartite key exchange protocols.

Elliptic curve (EC)

elliptic curve cryptosystem (ECC)

discrete logarithm problem (DLP)

speed

code size

memory usage

ram usage

fixed curve

random curve

Pollard's rho method

Canetti-Krawczyk proof model

key exchange protocols

security proof

tripartite key exchange

pairings

password-based authentication

point addition

projective coordinates

Jacobian coordinates

Chudnovsky Jacobian coordinates

modified Jacobian coordinates

binary method

simultaneous multiple exponentiation

two-in-one scalar multiplication

coprocessor

smart card

lightweight device

simple power analysis (spa)

side channel attack

equivalent security.