Global ETD Search

121	Fail-Safe-Konzept für Public-Key-Infrastrukturen Maseberg, Jan Sönke. Unknown Date (has links) (PDF) Techn. Universiẗat, Diss., 2002--Darmstadt.
122	Encryption in Delocalized Access Systems Ahlström, Henrik, Skoglund, Karl-Johan January 2008 (has links) The recent increase in performance of embedded processors has enabled the use of computationally heavy asymmetric cryptography in small and power efficient embedded systems. The goal of this thesis is to analyze whether it is possible to use this type of cryptography to enhance the security in access systems. This report contains a literature study of the complications related to access systems and their functionality. Also a basic introduction to cryptography is included. Several cryptographic algorithms were implemented using the public library LibTomCrypt and benchmarked on an ARM7-processor platform. The asymmetric coding schemes were ECC and RSA. The tested symmetric algorithms included AES, 3DES and Twofish among others. The benchmark considered both codesize and speed of the algorithms. The two asymmetric algorithms, ECC and RSA, are possible to be used in an ARM7 based access system. Although, both technologies can be configured to finish the calculations within a reasonable time-frame of 10 Sec, ECC archives a higher security level for the same execution time. Therefore, an implementation of ECC would be preferable since it is faster and requires less resources. Some further suggestions of improvements to the implementation is discussed in the final chapters. Access systems Cryptography Public Key Embedded system Large integer arithmetic. Information Systems
123	Assinaturas de chave públicas sem certificados / Certificateless public key signatures Castro, Rafael Dantas de 16 August 2018 (has links) Orientador: Ricardo Dahab / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-16T21:50:46Z (GMT). No. of bitstreams: 1 Castro_RafaelDantasde_M.pdf: 1379597 bytes, checksum: 3b065d6b67c5440dc00b0e4663d170d3 (MD5) Previous issue date: 2009 / Resumo: Nesta tese é apresentada uma visão do campo de Assinaturas de Chave Pública sem Certificados (CL-PKC), resultado final de pesquisa empreendida durante o mestrado do autor na Universidade Estadual de Campinas. A abordagem aqui contida tem como principal base a Segurança Demonstrável; analisamos os modelos de segurança de CL-PKC, os esquemas já propostos na literatura, e suas demonstrações de segurança. Contribuímos também alguns novos resultados para a área, especificamente: o estudo da aplicabilidade do Lema da Bifurcação 'a esquemas de CL-PKC (§ 4.3.3); o algumas pequenas otimizações a esquemas seguros (§ 4.4.1); o demonstração de segurança para um esquema cuja segurança ainda era um problema em aberto (§ 4.4.2); o explicação de falhas em demonstrações de segurança de alguns esquemas (§ 4.4.4, § 4.4.5, § 4.4.7); o um ataque desconhecido a um esquema anteriormente suposto seguro (§ 4.4.4); o proposta de um modelo de segurança para agregação de assinaturas no modelo CLPKC (§ 5.4); o proposta de um novo esquema de assinaturas CL-PKC que permite agregação, assim como sua prova de segurança (§ 5.2) / Abstract: In this thesis is presented a broad view of the field of Certificateless Public Key Signatures (CL-PKC), final result of the research undertaken by the author during his masters at the Campinas State University. Our approach is strongly based on the ideas behind Provable Security; we analyze the security models for CL-PKC, all schemes available in the literature, and their security proofs. We also contribute a few novel results, namely: o applicability of the Forking Lemma in the CL-PKC paradigm (§ 4.3.3); o small optimizations to secure schemes (§ 4.4.1); o security proof for a scheme whose security was an open problem (§ 4.4.2); o investigation of the problems in the security proofs of a few schemes (§ 4.4.4, § 4.4.5, § 4.4.7); o an attack on a scheme previously thought to be secure (§ 4.4.4); o proposal of a security model for aggregation of signatures in the CL-PKC paradigm (§ 5.4); o proposal of a new scheme for Certificateless Signatures that allows aggregation, along with its security proof (§ 5.2) / Mestrado / Sistemas de Computação / Mestre em Ciência da Computação Criptografia de chaves públicas Criptografia - Certificados e licenças Public key cryptography Cryptography - Certificate and license
124	Especialização de arquiteturas para criptografia em curvas elipticas / Architecture specialization for elliptic curve cryptography Juliato, Marcio Rogerio 08 August 2006 (has links) Orientador: Guido Costa Souza de Araujo / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-07T08:29:26Z (GMT). No. of bitstreams: 1 Juliato_MarcioRogerio_M.pdf: 2212870 bytes, checksum: a0f8b09f80dbc648772b9b3160c6fd8f (MD5) Previous issue date: 2006 / Resumo: O aumento na comunicação utilizando-se sistemas eletrônicos tem demandado a troca de informações cifradas, permitindo a comunicação entre dois sistemas desconhecidos através de um canal inseguro (como a Internet). Criptografia baseada em curvas elípticas (ECC) é um mecanismo de chave pública que requer apenas que as entidades, que desejam se comunicar, troquem material de chave que é autêntico e possuem a propriedade de ser computacionalmente infactível descobrir a chave privada somente com informações da chave pública. A principal operação de sistemas ECC é a multiplicação de ponto (kP) que gasta 90% de seu tempo de execução na multiplicação em corpos finitos. Assim, a velocidade de um sistema ECC é altamente dependente do desempenho das operações aritméticas em corpos finitos. Nesse trabalho, estudamos a especialização de um processador NIOS2 para aplicações criptográficas em curvas elípticas. Mais precisamente,implementamos operações em corpos finitos e a multiplicação de pontos sobre F2163 como instruções especializadas e periféricos do NIOS2, e as analisamos em termos de área e speedup. Determinamos também, quais implementações s¿ao mais apropriadas para sistemas voltados a desempenho e para ambientes restritos. Nossa melhor implementação em hardware da multiplicação de pontos é capaz de acelerar o cálculo de kP em 2900 vezes, quando comparado com a melhor implementação em software executando no NIOS2. De acordo com a literatura especializada, obtivemos a mais rápida implementação da multiplicação de pontos sobre F2163 , comprovando que bases normais Gaussianas s¿ao bastante apropriadas para implementações em hardware / Abstract: The increase in electronic communication has lead to a high demand for encrypted information exchange between unfamiliar hosts over insecure channels (such as the Internet). Elliptic curve cryptography (ECC) is a public-key mechanism that requires the communicating entities exchange key material that is authentic and has the property of being computationally infeasible to determine the private key from the knowledge of the public key. The fundamental ECC operation is the point multiplication (kP), which spends around 90% of its running time in the finite field multiplication. Therefore, the speed of an ECC scheme is highly dependent on the performance of its underlying finite field arithmetic. In this work, we studied the specialization of the NIOS2 processor for ECC applications. More precisely, we implemented the finite field operations and the point multiplication over F2163 as NIOS2 custom instructions and peripherals, and thus, we analyzed them in terms of area and speedup. We also determined which implementations are best suited for performance-driven and area-constrained environments. Our best hardware implementation of the point multiplication is capable of accelerating the kP computation in 2900 times, when compared to the best software implementation running in the NIOS2. According to the literature, we obtained the fastest point multiplier in hardware over F2163 , proving that Gaussian normal bases are quite appropriate for hardware implementations / Mestrado / Arquitetura e Sistemas de Computação / Mestre em Ciência da Computação Arquitetura de computador Criptografia de chaves públicas Computer architecture Public key cryptography Field programmable gate arrays
125	Annulering av ogiltiga certifikat i Public-Key Infrastructures / Revocation of invalid certificates in Public-Key Infrastructures Nilsson, Christoffer January 2005 (has links) According to numerous sources, computer security can be explained as; how to address the three major aspects, namely Confidentiality, Integrity and Availability. Public-key infrastructure is a certificate based technology used to accomplish these aspects over a network. One major concern involving PKIs is the way they handle revocation of invalid certificates. The proposed solution will make revocation more secure; validation will be handled completely by the certificate authority, and revokes will be instant, without use of certificate revocation lists. / I enlighet med flertalet källor, kan datorsäkerhet beskrivas som; hur man adresserar de tre mest betydelsefulla aspekterna, nämligen Confidentiality (Tillit), Integrity (Integritet) och Availability (tillgänglighet). PKI är en certifikat baserad teknologi som används för att uppfylla dessa aspekter över ett nätverk. Ett huvudsakligt orosmoment rörande PKI är hur man skall hantera annullering av ogiltiga certifikat. Den föreslagna lösningen kommer att hantera annullering på ett mer säkert sätt; validering av certifikat hanteras uteslutandes av ”certifikat instansen” (the certificate authority), och annulleringar sker omedelbart, utan användning av ”annullerings listor” (certificate revocation lists). public-key private-key certificate revocation network-security Computer Sciences Datavetenskap (datalogi) Software Engineering Programvaruteknik
126	Design and development of an on-line vending system for selling prepaid electricity via the Internet Hearn, Gareth 07 March 2006 (has links) The sale of prepaid electricity is prevalent in South Africa due to the current economic, social, and political conditions. The system currently used for the distribution of tokens for prepaid electricity, CVS, has a design flaw that leads to many security vulnerabilities. The design flaw is that the security devices that generate the tokens are distributed in the field and operate independently of centralised control. This was done because of the limited communication infrastructure in South Africa 10 years ago, but is no longer necessary. An improvement to the system is suggested that removes the security vulnerabilities by making the system on-line. By employing the communication infrastructure that is available today to provide access to the security devices, the security devices can be located in a secure environment. Changing the mode of operation to on-line also has other advantages such as simplifying auditing and removing synchronisation problems. This improved system works by communicating on-line with a centralised server and database for every transaction that a customer makes. By doing this, all of the parties involved are kept up to date with the most recent transactions. There can no longer be financial discrepancies and the risk of all parties involved is thus reduced. It is no longer meaningful to steal the vending machines because they no longer have the ability to generate tokens independently. In order to implement such a system, however, there are many security aspects that need to be addressed, such as the confidentiality of the information within the system and proving that a transaction did occur between two specific parties. To this end, cryptographic functions and protocols are selected that meet the requirements of the system. Public key cryptography was found to be a necessary ingredient in making the system work effectively and efficiently. In order to use public key cryptography in the new system, Public Key Infrastructure is required to manage public keys and provide authentication services. A suitable system is developed and described that employs certificate authorities and X.509 certificates. The procedures that are required from each party are listed. A set of messages that is required for the functions of the system is given. For each message, the contents of the message is given, the parts of the message that must be encrypted are defined and the parts of the message that must be digitally signed are given. Finally, the security of the individual parts of the system is critically analysed to show that all of the design goals have been achieved. Particular attention is given to the authentication of parties involved in the communication. The security of the system as a whole is also evaluated with respect to the X.810 security framework and it is shown that the system is robust from a security perspective. The result of the research is a system that meets the required functionality to replace the existing system, and at the same time meets all of the security requirements. It is shown that the proposed system does not have the security flaws of the existing system and thus is more effective in its purpose of vending prepaid electricity. / Dissertation (MEng (Electronic))--University of Pretoria, 2007. / Electrical, Electronic and Computer Engineering / unrestricted X.509 Public key infrastructure Xml Cryptography Security On-line Cvs Sts Prepaid electricity Soap UCTD
127	Initial Comparative Empirical Usability Testing for the Collaborative Authentication System Bursum, Kim 14 March 2017 (has links) The Collaborative Authentication (co-authentication) system is an authentication system that relies on some or all members of a pre-registered set of secure hardware tokens being concurrently present to an authentication server at the moment of authentication. Previous researchers have compared various embodiments of the co-authentication system to each other including using Quick Response (QR) codes/cellphone cameras and Near Field Communication (NFC) between tokens. This thesis concerns the initial design and implementation of empirical comparative testing mechanisms between one embodiment of the co-authentication system and other commonly used authentication systems. One contribution is the simulated standard user ID and password login in a computer browser and a simulated RSA SecureID ® one time password (OTP) and login with embedded usability testing mechanisms. Another contribution is the development and implementation of a new Bluetooth communication functionality between tokens. A third contribution is the addition of usability testing mechanisms to two versions of this new functionality. device authentication smart devices token communication access control public key cryptography Computer Sciences
128	Přístupy k auditu infrastruktury veřejných klíčů / Public Key Infrastructure audit approaches Pěnka, Michal January 2010 (has links) The aim of this work is to introduce fundamental concepts of public key infrastructure. Basic requirements for communication and related problems are presented. The solution of these problems can be found in cryptography. Different types of cyphers and infrastructures based on assymetric cryptography are described. The infrastructure types involve hierarchical system of certificate authorities and the web of trust. Furthermore, there is a list and description of cryptography software which can be used in the field of public key infrastructre. The main topic of this thesis is the audit of public key infrastructure. Audit can be supported by several available standards, e.g. WebTrust for Certificate Authorities, ETSI TS 101 456, ETSI TS 102 042 and ISO 21188:2006. This paper systematically describes these standards and using statistical methods compares and evaluates their complexity.
129	Sécurité des générateurs pseudo-aléatoires et des implémentations de schémas de signature à clé publique / Security of the pseudorandom number generators and implementations of public key signature schemes Zapalowicz, Jean-Christophe 21 November 2014 (has links) Dans cette thèse, nous nous intéressons à la sécurité de générateurs pseudo-aléatoires et d'implémentations de schémas de signature. Concernant les schémas de signature, nous proposons, dans le cas d'une implémentation répandue de RSA, différentes attaques par injection de faute effectives quelque soit l'encodage du message. Nous présentons par ailleurs une contre-mesure infective prouvée sûre pour protéger le schéma RSA--PSS contre un certain nombre de fautes non aléatoires. Nous étudions également le schéma ECDSA couplé aux techniques d'accélération GLV/GLS. En fonction des implémentations, nous prouvons soit la bonne distribution du nonce utilisé, soit qu'il présente un biais permettant une attaque. Enfin, nous élaborons un outil qui recherche automatiquement des attaques par faute à partir d'une implémentation et d'une politique de faute, outil appliqué avec succès sur des implémentations de RSA et de ECDSA. Concernant les générateurs pseudo-aléatoires algébriques, nous étudions les générateurs non-linéaires et améliorons certaines attaques en diminuant l'information donnée à l'adversaire. Nous nous intéressons également à la sécurité du générateur Micali-Schnorr à travers quelques attaques et une étude statistique de son hypothèse de sécurité. Finalement nous proposons une cryptanalyse de tout schéma à clé publique basé sur la factorisation ou le logarithme discret dont la clé secrète est générée à partir d'un générateur linéaire. / In this thesis, we are interested in the security of pseudorandom number generators and of implementations of signature schemes. Regarding the signature schemes, we propose, in the case of a widespread implementation of RSA, various fault attacks which apply to any padding function. In addition we present a proven secure infective countermeasure to protect the RSA--PSS scheme against some non-random faults. Furthermore we study the ECDSA scheme coupled with the GLV/GLS speed-up techniques. Depending on the implementations, we prove either the good distribution of the used nonce, or that it has a bias, thereby enabling an attack. Finally we develop a tool for automatically finding fault attacks given an implementation and a fault policy, which is successfully applied to some RSA and ECDSA implementations. Regarding pseudorandom number generators, we study the nonlinear ones and improve some attacks by reducing the information available to the adversary. We also are interested in the security of the Micali-Schnorr generator through various attacks and a statistical study of its security assumption. Finally we propose a cryptanalysis of any public-key scheme based on the factorization or the discrete logarithm when the secret key is generated using a linear generator. Cryptographie Signature électronique Pseudorandom number generators Public key cryptography Digital signatures
130	Acordo de chaves criptográficas hierárquico e sem certificado / Hierarchical certificateless criptographic key agreement Vilc Queupe Rufino 19 November 2009 (has links) Apresentamos um novo esquema de acordo de chaves criptográficas hierárquico, não Interativo e seguro contra comprometimento de múltiplos nós. Esquemas para Acordo de chaves criptográficas (KAS - Key Agreement Scheme), são usados quando duas ou mais entidades desejam compartilhar uma chave secreta única, afim de para realizar uma comunicação segura por meio de um protocolo de criptografia simétrico. O acordo de chaves proposto possui as seguintes características: Não interativo: Chaves compartilhadas são calculadas sem interação dos nós participantes; Chaves Públicas sem certificados (Certificateless): Para o cálculo da chave compartilhada o nó utiliza sua chave secreta e a chave pública do destinatário, que é certificada pela identidade do destinatário; Hierárquico: Permite que seja utilizado um gerenciamento hierárquico, para concessão, revogação e distribuição de chaves; e Resistente: Permite segurança do sistema mesmo quando nós dentro da hierarquia são comprometidos em qualquer ordem e quantidade. Este trabalho é uma nova abordagem do artigo \"Strongly-Resilent and Non-Interactive Hierarchical Key-Agreement in MANETs\" onde substituímos o uso de sistemas baseados na identidade por sistemas sem certificado, eliminando a custódia de chaves em todos os níveis hierárquicos, aumentando a segurança do sistema quanto ao comprometimento de nós. É apresentado ainda uma discussão sobre a segurança do esquema proposto e de acordos de chaves não interativos. / This work presents a new resilient, hierarchical, non-interactive and certificateless key agreement scheme. Cryptographic key agreement schemes (KAS) are used when two or more entities want to share a secret key, in order to realize secure communication using a symmetric encryption protocol. The proposed key agreement has the following characteristics: Non-interactive: Any two nodes can compute a unique shared secret key without interaction; Certificateless: To compute the shared secret key, each node only needs its own secret key, the identity of its peer and his public key implicitly certified; Hierarchical: The scheme is decentralized through a hierarchy where all nodes in the hierarchy can derive the secret keys for each of its children without any limitations or prior knowledge on the number of such children or their identities; Resilient: The scheme is resilient against compromise of any number of nodes in the hierarchy. This work is a new approach about article ``Strongly-Resilient and Non-Interactive Hierarchical Key-Agreement in MANETs\" which replaces id based system for certificateless system, eliminating the key escrow on all levels, increasing system security against compromised nodes. It also presents a discussion on the security of the proposed scheme and non-interactive key agreement. chave pública criptografia hierarquia segurança sem certificado certificateless criptography hierarchy key agreement public key security

Search results