Global ETD Search

141	A Distributed Public Key Infrastructure for the Web Backed by a Blockchain / En distribuerad publik nyckel-infrastruktur för webben uppbackad av en blockkedja Fredriksson, Bastian January 2017 (has links) The thesis investigates how a blockchain can be used to build a decentralised public key infrastructure for the web, by proposing a custom federation blockchain relying on honest majority. Our main contribution is the design of a Proof of Stake protocol based on a stake tree, which builds upon an idea called follow-the-satoshi used in previous papers. Digital identities are stored in an authenticated self-balancing tree maintained by blockchain nodes. Our back-of-the-envelope calculations, based on the size of the domain name system, show that the block size must be set to at least 5.2 MB, while each blockchain node with a one-month transaction history would need to store about 243 GB. Thin clients would have to synchronise about 13.6 MB of block headers per year, and download an additional 3.7 KB of proof data for every leaf certificate which is to be checked. / Uppsatsen undersöker hur en blockkedja kan användas för att bygga en decentraliserad publik nyckel-infrastruktur för webben. Vi ger ett designförslag på en blockkedja som drivs av en pålitlig grupp av noder, där en majoritet antas vara ärliga. Vårt huvudsakliga bidrag är utformningen av ett Proof of Stake-protokoll baserat på ett staketräd, vilket bygger på en idé som kallas follow-the-satoshi omnämnd i tidigare publikationer. Digitala identiteter sparas i ett autentiserat, självbalanserande träd som underhålls av noder anslutna till blockkedjenätverket. Våra preliminära beräkningar baserade på storleken av DNS-systemet visar att blockstorleken måste sättas till åtminstone 5.2 MB, medan varje nod med en månads transaktionshistorik måste spara ungefär 243 GB. Webbläsare och andra resurssnåla klienter måste synkronisera 13.6 MB data per år, och ladda ner ytterligare 3.7 KB för varje användarcertifikat som skall valideras. Public key infrastructure Blockchain Merkle tree Proof of Stake Certificate authority Computer Sciences Datavetenskap (datalogi)
142	Tutorial on Elliptic Curve Arithmetic and Introduction to Elliptic Curve Cryptography (ECC) Bommireddipalli, Nithesh Venkata Ramana Surya January 2017 (has links) No description available. Computer Engineering Elliptic Curve Cryptography ECC Software Public-Key Cryptography RSA
143	Structure of Permutation Polynomials Diene, Adama 30 September 2005 (has links) No description available. Mathematics public-key multivariable quadratic polynomials linearization equations linear polynomials Dickson polynomials symmetric group
144	Infinite Groebner Bases And Noncommutative Polly Cracker Cryptosystems Rai, Tapan S. 30 March 2004 (has links) We develop a public key cryptosystem whose security is based on the intractability of the ideal membership problem for a noncommutative algebra over a finite field. We show that this system, which is the noncommutative analogue of the Polly Cracker cryptosystem, is more secure than the commutative version. This is due to the fact that there are a number of ideals of noncommutative algebras (over finite fields) that have infinite reduced Groebner bases, and can be used to generate a public key. We present classes of such ideals and prove that they do not have a finite Groebner basis under any admissible order. We also examine various techniques to realize finite Groebner bases, in order to determine whether these ideals can be used effectively in the design of a public key cryptosystem. We then show how some of these classes of ideals, which have infinite reduced Groebner bases, can be used to design a public key cryptosystem. We also study various techniques of encryption. Finally, we study techniques of cryptanalysis that may be used to attack the cryptosystems that we present. We show how poorly constructed public keys can in fact, reveal the private key, and discuss techniques to design public keys that adequately conceal the private key. We also show how linear algebra can be used in ciphertext attacks and present a technique to overcome such attacks. This is different from the commutative version of the Polly Cracker cryptosystem, which is believed to be susceptible to "intelligent" linear algebra attacks. / Ph. D. Computational Algebra Public Key Cryptography Noncommutative Groebner Bases Information Security Polly Cracker
145	Exploring the Evolution of the TLS Certificate Ecosystem Farhan, Syed Muhammad 01 June 2022 (has links) A vast majority of popular communication protocols for the internet employ the use of TLS (Transport Layer Security) to secure communication. As a result, there have been numerous efforts including the introduction of Certificate Transparency logs and Free Automated CAs to improve the SSL certificate ecosystem. Our work highlights the effectiveness of these efforts using the Certificate Transparency dataset as well as certificates collected via full IPv4 scans. We show that a large proportion of invalid certificates still exists and outline reasons why these certificates are invalid and where they are hosted. Moreover, we show that the incorrect use of template certificates has led to incorrect SCTs being embedded in the certificates. Taken together, our results emphasize continued involvement for the research community to improve the web's PKI ecosystem. / Master of Science / Security and Privacy for communication over the internet is increasingly important. TLS (Transport Layer Security) is the most popular protocol used to secure communications over the internet today. This work explores how this protocol has evolved over the past 9 years and how effective the measures undertaken by the community have been to improve the adherence to best practices in the wild. TLS employs the use of certificates to initialize secure communication and make sure the other party is indeed who they say they are. We show that while security has improved over the years, a majority of certificates are invalid and outline reasons why. We also observe the growth of Certificate Transparency logs and show how the use of template certificates cause unexpected issues. Taken together, our results emphasize a continued involvement for the research community to improve the TLS certificate ecosystem. Security TLS Certificates Network Security Cryptography Public Key Cryptography Web Security Protocol Measurement
146	Energy-harvested Lightweight Cryptosystems Mane, Deepak Hanamant 21 May 2014 (has links) The Internet of Things will include many resource-constrained lightweight wireless sensing devices, hungry for energy, bandwidth and compute cycles. The sheer amount of devices involved will require new solutions to handle issues such as identification and power provisioning. First, to simplify identity management, device identification is moving from symmetric-key solutions to public-key solutions. Second, to avoid the endless swapping of batteries, passively-powered energy harvesting solutions are preferred. In this contribution, we analyze some of the feasible solutions from this challenging design space. We have built an autonomous, energy-harvesting sensor node which includes a micro-controller, RF-unit, and energy harvester. We use it to analyze the computation and communication energy requirements for Elliptic Curve Digital Signature Algorithm (ECDSA) with different security levels. The implementation of Elliptic Curve Cryptography (ECC) on small microcontrollers is challenging. Most of the earlier literature has considered optimizing the performance of ECC (with respect to cycle count and software footprint) on a given architecture. This thesis addresses a different aspect of the resource-constrained ECC implementation wherein the most suitable architecture parameters are identified for any given application profile. At the high level, an application profile for an ECC-based lightweight device, such as wireless sensor node or RFID tag, is defined by the required security level, signature generation latency and the available energy/power budget. The target architecture parameters of interest include core-voltage, core-frequency, and/or the need for hardware acceleration. We present a methodology to derive and optimize the architecture parameters starting from the application requirements. We demonstrate our methodology on a MSP430F5438A microcontroller, and present the energy/architecture design space for 80-bit and 128-bit security-levels, for prime field curves secp160r1 and nistp256. Our results show that energy cost per authentication is minimized if a microcontroller is operated at the maximum possible frequency. This is because the energy consumed by leakage (i.e., static power dissipation) becomes proportionally less important as the runtime of the application decreases. Hence, in a given energy harvesting method, it is always better to wait as long as possible before initiating ECC computations which are completed at the highest frequency when sufficient energy is available. / Master of Science Public Key Cryptography Elliptic Curves RFID Wireless Sensor Node Energy harvesting Throughput Digital signatures
147	Architecture for Issuing DoD Mobile Derived Credentials Sowers, David Albert 01 July 2014 (has links) With an increase in performance, dependency and ubiquitousness, the necessity for secure mobile device functionality is rapidly increasing. Authentication of an individual's identity is the fundamental component of physical and logical access to secure facilities and information systems. Identity management within the Department of Defense relies on Public Key Infrastructure implemented through the use of X.509 certificates and private keys issued on smartcards called Common Access Cards (CAC). However, use of CAC credentials on smartphones is difficult due to the lack of effective smartcard reader integration with mobile devices. The creation of a mobile phone derived credential, a new X.509 certificate and key pair based off the credentials of the CAC certificates, would eliminate the need for CAC integration with mobile devices This thesis describes four architectures for securely and efficiently generating and delivering a derived credential to a mobile device for secure communications with mobile applications. Two architectures generate credentials through a software cryptographic module providing a LOA-3 credential. The other two architectures provide a LOA-4 credential by utilizing a hardware cryptographic module for the generation of the key pair. In two of the architectures, the Certificate Authority']s (CA) for the new derived credentials is the digital signature certificate from the CAC. The other two architectures utilize a newly created CA, which would reside on the DoD network and be used to approve and sign the derived credentials. Additionally, this thesis demonstrates the prototype implementations of the two software generated derived credential architectures using CAC authentication and outlines the implementation of the hardware cryptographic derived credential. / Master of Science Derived Credentials Public Key Infrastructure Common Access Card Department of Defense x509 Mobile Phone
148	MiniCA: A web-based certificate authority Macdonell, James Patrick 01 January 2007 (has links) The MiniCA project is proposed and developed to address growing demand for inexpensive access to security features such as privacy, strong authentication, and digital signatures. These features are integral to public-key encryption technologies. The audience for whom the software project is intended includes, technical staff requiring certificates for use in SSL applications (i.e. a secure web-site) at California State University, San Bernardino. Computer networks Security measures Computer networks Access control Public key cryptography Data encryption (Computer science) Data protection Computer networks Access control Computer networks Security measures Data encryption (Computer science) Data protection Public key cryptography. Information Security
149	The use of technology to automate the registration process within the Torrens system and its impact on fraud : an analysis Low, Rouhshi January 2008 (has links) Improvements in technology and the Internet have seen a rapid rise in the use of technology in various sectors such as medicine, the courts and banking. The conveyancing sector is also experiencing a similar revolution, with technology touted as able to improve the effectiveness of the land registration process. In some jurisdictions, such as New Zealand and Canada, the paper-based land registration system has been replaced with one in which creation, preparation, and lodgement of land title instruments are managed in a wholly electronic environment. In Australia, proposals for an electronic registration system are under way. The research question addressed by this thesis is what would be the impact on fraud of automating the registration process. This is pertinent because of the adverse impact of fraud on the underlying principles of the Torrens system, particularly security of title. This thesis first charts the importance of security of title, examining how security of title is achieved within the Torrens system and the effects that fraud has on this. Case examples are used to analyse perpetration of fraud under the paper registration system. Analysis of functional electronic registration systems in comparison with the paper-based registration system is then undertaken to reveal what changes might be made to conveyancing practices were an electronic registration system implemented. Whether, and if so, how, these changes might impact upon paper based frauds and whether they might open up new opportunities for fraud in an electronic registration system forms the next step in the analysis. The final step is to use these findings to propose measures that might be used to minimise fraud opportunities in an electronic registration system, so that as far as possible the Torrens system might be kept free from fraud, and the philosophical objectives of the system, as initially envisaged by Sir Robert Torrens, might be met.
150	X.509 Certificate-Based Authentication for NETCONF and RESTCONF : Design Evaluation between Native and External Implementation / X.509 Certifikatbaserad autentisering för NETCONF och RESTCONF : Designutvärdering mellan inhemsk och extern implementering Li, Qi January 2023 (has links) The Network Service Ochestrator (NSO) is a network automation system provided by Cisco that is used to automate large network changes with the ability to roll back in case of errors. It provides a rich northbound interface to communicate with the user and a southbound interface to orchestrate network devices securely. On these northbound and southbound interfaces, NSO supports NETCONF and RESTCONF, which is an IETF standard for network automation. NSO native implementation of NETCONF and RESTCONF lacks support for Public-Key Infrastructure (X.509) (PKIX) infrastructure and SSH and SSL/TLS as transport. Instead, Cisco suggests that customers use external relay agents such as PKIX-SSH for SSH and GNUTLS for TLS for NETCONF. The certificates and keys are saved on the hard drive and loaded for every connection via RESTCONF. This workaround solution provides authentication and authorization without audit logging within NSO. In this work, a native implementation of the X509 certification with PKIX infrastructure on SSH and SSL/TLS for NETCONF and RESTCONF is investigated. The project evaluates design alternatives with respect to security, computational complexity, maintainability, and user-friendliness, and concludes by highlighting the pros and cons of both native and workaround implementation. / Ciscos NSO är en nätverksorkestreringsplatform som används för att automatisera stora ändringar i nätverk med egenheten att ändringarna kan backas tillbaka om inte samtliga kan kan utföras. NSO tillhandahåller användare gränssnitt (northbound) för att säkert kommunicera (southbound) med nätverksenheterna. Gränssnitten stödjer de standardiserade protokollen Netconf och Restconf. Båda dessa protokoll saknar inbyggts stöd för PKIX över SSH, SSL och TSL. När detta önskas rekommenderar Cisco sina kunder att externa klienter som PKIX-SSH eller GNUTLS. När detta görs sparas certifikat och nyklar lokalt för varje Restconf koppel och ingen läggning av flödet kommer att ske i NSO. I detta arbete presenteras ett inbyggt stöd för X509 certifiering med PKIX för SSH, SSL, och TLS. Stödet kan användas för Netconf och Restconf. Olikheter mellan dagens tillgängliga stöd och det inbyggda stödet med avseende på säkerhet, komplexitet, underhållbarhet, och användarvänlighet jämförs. Avslutningsvis belyses för- respektive nackdelar med de olika implementateringarna. NETCONF RESTCONF x509 over SSH Erlang Network Automation PKIX Public Key Infrastructure (X.509) NETCONF RESTCONF x509 over SSH Erlang Nätverksautomatiserng PKIX Public Key Infrastructure (X.509) Computer and Information Sciences Data- och informationsvetenskap

Search results