Global ETD Search

41	RESEARCH OF SECURITY HARDWARE IN PKI SYSTEM Wenhua, Qi, Qishan, Zhang, Hailong, Liu 10 1900 (has links) International Telemetering Conference Proceedings / October 20-23, 2003 / Riviera Hotel and Convention Center, Las Vegas, Nevada / Security hardware based on asymmetric algorithm is the key component of Public Key Infrastructure (PKI), which decides the safety and performance of system. Security device in server or client have some common functions. We designed the client token and cryptographic server to improve the performance of PKI, and got obvious effect. Security hardware key pair Public Key Infrastructure (PKI) token
42	建立一個以服務多代理者系統為主的公鑰匙架構 / Building a Public Key Infrastructure for Multi-Agent Systems 唐朝緯, Chao-Wei Tang Unknown Date (has links) 代理者（Agent）是一個自主性的軟體程式，可以幫助代表人類在網際網路上從事各種的電子化服務（E-Service）。由於目前多代理者系統缺少了安全管理的機制，以致於目前為止代理者代表人類在網上從事活動的行為還不被大家接受。因此，我們提出了一套以代理者為導向的公鑰匙架構（Agent-Oriented Public Key Infrastructure, APKI），各式各樣的數位憑證被產生、儲存、註銷及驗證，以滿足不同存取控制的需求。例如，代理者的認證是以代理者身份憑證為基礎，而授權的部分則以授權憑證或屬性憑證來做驗證。透過這些數位憑證，我們可以在虛擬網路上的代理者之間建立一條信任路徑，一個安全的電子化服務的實際應用範例將會以此架構實作及呈現出來，以驗證我們所提架構的可行性。 / Agent is autonomous software that mediates e-service for human on the Internet. The acceptance of agent-mediated e-service (AMES) is very slow for the lacking of security management infrastructure for multi-agent system. Therefore we proposed an agent-oriented public key infrastructure (APKI) for multi-agent e-service. In this APKI, a taxonomy of digital certificates are generated, stored, verified, and revoked to satisfy different access and delegation control purposes. Agent identity certificate was designed for agent’s authentication whereas attributed and agent authorization certificates were proposed for agent’s authorization and delegation. Using these digital certificates, we establish agent trust relationships on the cyberspace. A trusted agent-mediated e-service scenario will be shown to demonstrate the feasibility of our APKI. Public Key Infrastructure Multi-Agent Systems Security Authentication Authorization
43	Anonymity and time in public-key encryption Quaglia, Elizabeth January 2012 (has links) In a world that is increasingly relying on digital technologies, the ability to securely communicate and distribute information is of crucial importance. Cryptography plays a key role in this context and the research presented in this thesis focuses on developing cryptographic primitives whose properties address more closely the needs of users. We start by considering the notion of robustness in public-key encryption, a property which models the idea that a ciphertext should not decrypt to a valid mes- sage under two different keys. In contexts where anonymity is relevant, robustness is likely to be needed as well, since a user cannot tell from the ciphertext if it is intended for him or not. We develop and study new notions of robustness, relating them to one another and showing how to achieve them. We then consider the important issue of protecting users' privacy in broadcast encryption. Broadcast encryption (BE) is a cryptographic primitive designed to efficiently broadcast an encrypted message to a target set of users that can decrypt it. Its extensive real-life application to radio, television and web-casting renders BE an extremely interesting area. However, all the work so far has striven for efficiency, focusing in particular on solutions which achieve short ciphertexts, while very little attention has been given to anonymity. To address this issue, we formally define anonymous broadcast encryption, which guarantees recipient-anonymity, and we provide generic constructions to achieve it from public-key, identity-based and attribute-based encryption. Furthermore, we present techniques to improve the efficiency of our constructions. Finally, we develop a new primitive, called time-specific encryption (TSE), which allows us to include the important element of time in the encryption and decryption processes. In TSE, the sender is able to specify during what time interval a ciphertext can be decrypted by a receiver. This is a relevant property since information may become useless after a certain point, sensitive data may not be released before a particular time, or we may wish to enable access to information for only a limited period. We define security models for various flavours of TSE and provide efficient instantiations for all of them. These results represent our efforts in developing public-key encryption schemes with enhanced properties, whilst maintaining the delicate balance between security and efficiency. 652.8
44	A secure one-use dynamic backdoor password system based on public key cryptography. January 2002 (has links) Yu Haitao. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 71). / Abstracts in English and Chinese. / Chapter Chapter 1. --- Introduction --- p.1 / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Thesis organization --- p.6 / Chapter Chapter 2. --- Conventional password authentication and backdoor password schemes --- p.7 / Chapter 2.1 --- Password and password authentication --- p.7 / Chapter 2.1.1 --- Introduction to password and its security problems --- p.7 / Chapter 2.1.2 --- Front-door passwords vs. backdoor passwords --- p.8 / Chapter 2.1.3 --- Dynamic passwords vs. static passwords --- p.9 / Chapter 2.2 --- Forgotten-password problem --- p.10 / Chapter Chapter 3. --- Introduction to Cryptography --- p.12 / Chapter 3.1 --- Introduction to information security --- p.12 / Chapter 3.2 --- Conventional cryptography --- p.16 / Chapter 3.3 --- Public-key cryptography --- p.21 / Chapter 3.4 --- RSA cryptosystem --- p.24 / Chapter 3.5 --- One-way function --- p.27 / Chapter 3.6 --- Digital signature --- p.30 / Chapter 3.7 --- Secret sharing --- p.34 / Chapter 3.8 --- Zero-knowledge proof --- p.34 / Chapter 3.9 --- Key management --- p.36 / Chapter 3.9.1 --- Key distribution in conventional cryptography --- p.36 / Chapter 3.9.2 --- Distribution of public keys --- p.39 / Chapter Chapter 4. --- A secure one-use dynamic backdoor password system based on Public Key Cryptography --- p.42 / Chapter 4.1 --- System objectives --- p.42 / Chapter 4.2 --- Simple system and analysis --- p.45 / Chapter 4.2.1 --- System diagram --- p.45 / Chapter 4.2.2 --- System protocol --- p.46 / Chapter 4.2.3 --- Applied technologies --- p.50 / Chapter 4.2.4 --- System security analysis --- p.52 / Chapter 4.3 --- Multi-user system and analysis --- p.55 / Chapter 4.3.1 --- Modification to the system diagram --- p.56 / Chapter 4.3.2 --- Modification to the system protocol --- p.57 / Chapter 4.3.3 --- System analysis for multi-user system --- p.64 / Chapter 4.4 --- Applicable modes and analysis --- p.66 / Chapter 4.5 --- Conclusion --- p.68 / Chapter Chapter 5. --- Conclusion --- p.69 / Bibliography --- p.71 / Appendix --- p.72 / Chapter A. --- Algorithm of MD5 --- p.72 / Chapter B. --- Algorithm of DSA --- p.76 / Chapter C. --- Algorithm of RSA --- p.79 Public key cryptography Computers--Access control--Passwords Computer security Authentication
45	Cryptographic primitives on reconfigurable platforms. January 2002 (has links) Tsoi Kuen Hung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 84-92). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- Objectives --- p.3 / Chapter 1.3 --- Contributions --- p.3 / Chapter 1.4 --- Thesis Organization --- p.4 / Chapter 2 --- Background and Review --- p.6 / Chapter 2.1 --- Introduction --- p.6 / Chapter 2.2 --- Cryptographic Algorithms --- p.6 / Chapter 2.3 --- Cryptographic Applications --- p.10 / Chapter 2.4 --- Modern Reconfigurable Platforms --- p.11 / Chapter 2.5 --- Review of Related Work --- p.14 / Chapter 2.5.1 --- Montgomery Multiplier --- p.14 / Chapter 2.5.2 --- IDEA Cipher --- p.16 / Chapter 2.5.3 --- RC4 Key Search --- p.17 / Chapter 2.5.4 --- Secure Random Number Generator --- p.18 / Chapter 2.6 --- Summary --- p.19 / Chapter 3 --- The IDEA Cipher --- p.20 / Chapter 3.1 --- Introduction --- p.20 / Chapter 3.2 --- The IDEA Algorithm --- p.21 / Chapter 3.2.1 --- Cipher Data Path --- p.21 / Chapter 3.2.2 --- S-Box: Multiplication Modulo 216 + 1 --- p.23 / Chapter 3.2.3 --- Key Schedule --- p.24 / Chapter 3.3 --- FPGA-based IDEA Implementation --- p.24 / Chapter 3.3.1 --- Multiplication Modulo 216 + 1 --- p.24 / Chapter 3.3.2 --- Deeply Pipelined IDEA Core --- p.26 / Chapter 3.3.3 --- Area Saving Modification --- p.28 / Chapter 3.3.4 --- Key Block in Memory --- p.28 / Chapter 3.3.5 --- Pipelined Key Block --- p.30 / Chapter 3.3.6 --- Interface --- p.31 / Chapter 3.3.7 --- Pipelined Design in CBC Mode --- p.31 / Chapter 3.4 --- Summary --- p.32 / Chapter 4 --- Variable Radix Montgomery Multiplier --- p.33 / Chapter 4.1 --- Introduction --- p.33 / Chapter 4.2 --- RSA Algorithm --- p.34 / Chapter 4.3 --- Montgomery Algorithm - Ax B mod N --- p.35 / Chapter 4.4 --- Systolic Array Structure --- p.36 / Chapter 4.5 --- Radix-2k Core --- p.37 / Chapter 4.5.1 --- The Original Kornerup Method (Bit-Serial) --- p.37 / Chapter 4.5.2 --- The Radix-2k Method --- p.38 / Chapter 4.5.3 --- Time-Space Relationship of Systolic Cells --- p.38 / Chapter 4.5.4 --- Design Correctness --- p.40 / Chapter 4.6 --- Implementation Details --- p.40 / Chapter 4.7 --- Summary --- p.41 / Chapter 5 --- Parallel RC4 Engine --- p.42 / Chapter 5.1 --- Introduction --- p.42 / Chapter 5.2 --- Algorithms --- p.44 / Chapter 5.2.1 --- RC4 --- p.44 / Chapter 5.2.2 --- Key Search --- p.46 / Chapter 5.3 --- System Architecture --- p.47 / Chapter 5.3.1 --- RC4 Cell Design --- p.47 / Chapter 5.3.2 --- Key Search --- p.49 / Chapter 5.3.3 --- Interface --- p.50 / Chapter 5.4 --- Implementation --- p.50 / Chapter 5.4.1 --- RC4 cell --- p.51 / Chapter 5.4.2 --- Floorplan --- p.53 / Chapter 5.5 --- Summary --- p.53 / Chapter 6 --- Blum Blum Shub Random Number Generator --- p.55 / Chapter 6.1 --- Introduction --- p.55 / Chapter 6.2 --- RRNG Algorithm . . --- p.56 / Chapter 6.3 --- PRNG Algorithm --- p.58 / Chapter 6.4 --- Architectural Overview --- p.59 / Chapter 6.5 --- Implementation --- p.59 / Chapter 6.5.1 --- Hardware RRNG --- p.60 / Chapter 6.5.2 --- BBS PRNG --- p.61 / Chapter 6.5.3 --- Interface --- p.66 / Chapter 6.6 --- Summary --- p.66 / Chapter 7 --- Experimental Results --- p.68 / Chapter 7.1 --- Design Platform --- p.68 / Chapter 7.2 --- IDEA Cipher --- p.69 / Chapter 7.2.1 --- Size of IDEA Cipher --- p.70 / Chapter 7.2.2 --- Performance of IDEA Cipher --- p.70 / Chapter 7.3 --- Variable Radix Systolic Array --- p.71 / Chapter 7.4 --- Parallel RC4 Engine --- p.75 / Chapter 7.5 --- BBS Random Number Generator --- p.76 / Chapter 7.5.1 --- Size --- p.76 / Chapter 7.5.2 --- Speed --- p.76 / Chapter 7.5.3 --- External Clock --- p.77 / Chapter 7.5.4 --- Random Performance --- p.78 / Chapter 7.6 --- Summary --- p.78 / Chapter 8 --- Conclusion --- p.81 / Chapter 8.1 --- Future Development --- p.83 / Bibliography --- p.84 Computer security Field programmable gate arrays Public key cryptography
46	Identity based cryptography from pairings. January 2006 (has links) Yuen Tsz Hon. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2006. / Includes bibliographical references (leaves 109-122). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / List of Notations --- p.viii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Identity Based Cryptography --- p.3 / Chapter 1.2 --- Hierarchical Identity Based Cryptosystem --- p.4 / Chapter 1.3 --- Our contributions --- p.5 / Chapter 1.4 --- Publications --- p.5 / Chapter 1.4.1 --- Publications Produced from This Thesis --- p.5 / Chapter 1.4.2 --- Publications During Author's Study in the Degree --- p.6 / Chapter 1.5 --- Thesis Organization --- p.6 / Chapter 2 --- Background --- p.8 / Chapter 2.1 --- Complexity Theory --- p.8 / Chapter 2.1.1 --- Order Notation --- p.8 / Chapter 2.1.2 --- Algorithms and Protocols --- p.9 / Chapter 2.1.3 --- Relations and Languages --- p.11 / Chapter 2.2 --- Algebra and Number Theory --- p.12 / Chapter 2.2.1 --- Groups --- p.12 / Chapter 2.2.2 --- Elliptic Curve --- p.13 / Chapter 2.2.3 --- Pairings --- p.14 / Chapter 2.3 --- Intractability Assumptions --- p.15 / Chapter 2.4 --- Cryptographic Primitives --- p.18 / Chapter 2.4.1 --- Public Key Encryption --- p.18 / Chapter 2.4.2 --- Digital Signature --- p.19 / Chapter 2.4.3 --- Zero Knowledge --- p.21 / Chapter 2.5 --- Hash Functions --- p.23 / Chapter 2.6 --- Random Oracle Model --- p.24 / Chapter 3 --- Literature Review --- p.26 / Chapter 3.1 --- Identity Based Signatures --- p.26 / Chapter 3.2 --- Identity Based Encryption --- p.27 / Chapter 3.3 --- Identity Based Signcryption --- p.27 / Chapter 3.4 --- Identity Based Blind Signatures --- p.28 / Chapter 3.5 --- Identity Based Group Signatures --- p.28 / Chapter 3.6 --- Hierarchical Identity Based Cryptography --- p.29 / Chapter 4 --- Blind Identity Based Signcryption --- p.30 / Chapter 4.1 --- Schnorr's ROS problem --- p.31 / Chapter 4.2 --- BIBSC and Enhanced IBSC Security Model --- p.32 / Chapter 4.2.1 --- Enhanced IBSC Security Model --- p.33 / Chapter 4.2.2 --- BIBSC Security Model --- p.36 / Chapter 4.3 --- Efficient and Secure BIBSC and IBSC Schemes --- p.38 / Chapter 4.3.1 --- Efficient and Secure IBSC Scheme --- p.38 / Chapter 4.3.2 --- The First BIBSC Scheme --- p.43 / Chapter 4.4 --- Generic Group and Pairing Model --- p.47 / Chapter 4.5 --- Comparisons --- p.52 / Chapter 4.5.1 --- Comment for IND-B --- p.52 / Chapter 4.5.2 --- Comment for IND-C --- p.54 / Chapter 4.5.3 --- Comment for EU --- p.55 / Chapter 4.6 --- Additional Functionality of Our Scheme --- p.56 / Chapter 4.6.1 --- TA Compatibility --- p.56 / Chapter 4.6.2 --- Forward Secrecy --- p.57 / Chapter 4.7 --- Chapter Conclusion --- p.57 / Chapter 5 --- Identity Based Group Signatures --- p.59 / Chapter 5.1 --- New Intractability Assumption --- p.61 / Chapter 5.2 --- Security Model --- p.62 / Chapter 5.2.1 --- Syntax --- p.63 / Chapter 5.2.2 --- Security Notions --- p.64 / Chapter 5.3 --- Constructions --- p.68 / Chapter 5.3.1 --- Generic Construction --- p.68 / Chapter 5.3.2 --- An Instantiation: IBGS-SDH --- p.69 / Chapter 5.4 --- Security Theorems --- p.73 / Chapter 5.5 --- Discussions --- p.81 / Chapter 5.5.1 --- Other Instantiations --- p.81 / Chapter 5.5.2 --- Short Ring Signatures --- p.82 / Chapter 5.6 --- Chapter Conclusion --- p.82 / Chapter 6 --- Hierarchical IBS without Random Oracles --- p.83 / Chapter 6.1 --- New Intractability Assumption --- p.87 / Chapter 6.2 --- Security Model: HIBS and HIBSC --- p.89 / Chapter 6.2.1 --- HIBS Security Model --- p.89 / Chapter 6.2.2 --- Hierarchical Identity Based Signcryption (HIBSC) --- p.92 / Chapter 6.3 --- Efficient Instantiation of HIBS --- p.95 / Chapter 6.3.1 --- Security Analysis --- p.96 / Chapter 6.3.2 --- Ordinary Signature from HIBS --- p.101 / Chapter 6.4 --- Plausibility Arguments for the Intractability of the OrcYW Assumption --- p.102 / Chapter 6.5 --- Efficient HIBSC without Random Oracles --- p.103 / Chapter 6.5.1 --- Generic Composition from HIBE and HIBS --- p.104 / Chapter 6.5.2 --- Concrete Instantiation --- p.105 / Chapter 6.6 --- Chapter Conclusion --- p.107 / Chapter 7 --- Conclusion --- p.108 / Bibliography --- p.109 Public key cryptography Computers--Access control Data encryption (Computer science)
47	A multiple-precision integer arithmetic library for GPUs and its applications Zhao, Kaiyong 01 January 2011 (has links) No description available. Data encryption (Computer science) Graphics processing units Public key cryptography
48	Towards Using Certificate-Based Authentication as a Defense Against Evil Twins in 802.11 Networks Hendershot, Travis S. 01 November 2016 (has links) Wireless clients are vulnerable to exploitation by evil twins due to flaws in the authentication process of 802.11 Wi-Fi networks. Current certificate-based wireless authentication protocols present a potential solution, but are limited in their ability to provide a secure and usable platform for certificate validation. Our work seeks to mitigate these limitations by exploring a client-side strategy for utilizing alternative trust models in wireless network authentication. We compile a taxonomy of various trust models for conducting certificate-based authentication of wireless networks and methodically evaluate each model according to desirable properties of security, usability, and deployability. We then build a platform for leveraging alternative certificate-based trust models in wireless networks, present a proof-of-concept using one of the most promising alternative validation models identified--a whitelisting and pinning hybrid--and examine its effectiveness at defending against evil twin attacks in 802.11 networks. Wireless networks authentication public key cryptography evil twin Computer Sciences
49	Understanding Certificate Revocation Hagström, Åsa January 2006 (has links) <p>Correct certificate revocation practices are essential to each public-key infrastructure. While there exist a number of protocols to achieve revocation in PKI systems, there has been very little work on the theory behind it: Which different types of revocation can be identified? What is the intended effect of a specific revocation type to the knowledge base of each entity?</p><p>As a first step towards a methodology for the development of reliable models, we present a graph-based formalism for specification and reasoning about the distribution and revocation of public keys and certificates. The model is an abstract generalization of existing PKIs and distributed in nature; each entity can issue certificates for public keys that they have confidence in, and distribute or revoke these to and from other entities.</p><p>Each entity has its own public-key base and can derive new knowledge by combining this knowledge with certificates signed with known keys. Each statement that is deduced or quoted within the system derives its support from original knowledge formed outside the system. When such original knowledge is removed, all statements that depended upon it are removed as well. Cyclic support is avoided through the use of support sets.</p><p>We define different revocation reasons and show how they can be modelled as specific actions. Revocation by removal, by inactivation, and by negation are all included. By policy, negative statements are the strongest, and positive are the weakest. Collisions are avoided by removing the weaker statement and, when necessary, its support.</p><p>Graph transformation rules are the chosen formalism. Rules are either interactive changes that can be applied by entities, or automatically applied deductions that keep the system sound and complete after the application of an interactive rule.</p><p>We show that the proposed model is sound and complete with respect to our definition of a valid state.</p> / Report code: LIU-TEK-LIC-2006:1 Revocation Public-key certificates Graph transformation Information science Informationslära
50	Destructive and constructive aspects of efficient algorithms and implementation of cryptographic hardware Meurice de Dormale, Guerric 04 October 2007 (has links) In an ever-increasing digital world, the need for secure communications over unsecured channels like Internet has exploded. To meet the different security requirements, communication devices have to perform expensive cryptographic operations. Hardware processors are therefore often needed to meet goals such as speed, ubiquity or cost-effectiveness. For such devices, the size of security parameters is chosen as small as possible to save resources and time. It is therefore necessary to know the effective security of given sets of parameters in order to achieve the best trade-off between efficiency and security. The best way to address this problem is by means of accurate estimations of dedicated hardware attacks. In this thesis, we investigate two aspects of cryptographic hardware: constructive applications that deal with general purpose secure devices and destructive applications that handle dedicated hardware attacks against cryptosystems. Their set of constraints is clearly different but they both need efficient algorithms and hardware architectures. First, we deal with efficient and novel modular inversion and division algorithms on Field-Programmable Gate Array (FPGA) hardware platform. Such algorithms are an important building block for both constructive and destructive use of elliptic curve cryptography. Then, we provide new or highly improved architectures for attacks against RC5 cipher, GF(2m) elliptic curves and RSA by means of efficient elliptic curve-based factorization engines (ECM). We prove that FPGA-based solutions are much more cost-effective and low power than software-based solutions. Our resulting cost assessments should serve as a basis for improving the accuracy of current hardware or software-based security evaluations. Finally, we handle the efficiency-flexibility trade-off problem for high-speed hardware implementations of elliptic curve. Then, we present efficient elliptic curve digital signature algorithm coprocessors for smart cards. We also show that, surprisingly, affine coordinates can be an attractive solution for such an application. Hardware Attacks Public-key Algorithms Division Elliptic curves Cryptography Fpga

Search results