Global ETD Search

171	Digitala signaturer : ett verktyg för säkerhet? Rynmark, Anneli, Almkvist, Inger Lison January 2002 (has links) Statliga myndigheter använder i allt större utsträckning öppna system, så som Internet, i sin kommunikation med medborgare, företag och andra myndigheter, därmed ställs allt högre krav på säkerhet och tillit. I takt med den ökade användningen av elektronisk kommunikation uppstår nya problem. Några av dessa är att vi inte med säkerhet vet vem vi kommunicerar med, vem som beställer tjänster och att vi inte kan vara säkra på att information kommer till rätt person eller har ändrats på vägen. Verktyg som finns för att lösa dessa problem och öka säkerheten är digitala signaturer och elektronisk identifiering. Med detta som bakgrund ställde vi oss följande frågor, vilken teknik ska statliga myndigheter använda för elektronisk identifiering och signering? Vilken teknik ska användas för att uppfylla kraven på säker elektronisk överföring? Kan statliga myndigheter ersätta traditionella namnunderskrifter med kvalificerade elektroniska signaturer? Syftet med vår uppsats blir därför att i första hand redogöra för hur statliga myndigheter avser att ersätta traditionella namnunderskrifter med kvalificerade elektroniska signaturer. Genom litteraturstudierna skaffade vi oss kunskaper om både teknik och användningsområden för digitala signaturer och genom att beskriva dessa tekniker får läsarna en introduktion i ämnet. Våra intervjuer gav oss en övergripande bild av hur statliga myndigheter avser att ersätta traditionella namnunderskrifter och hur de tänker förse medborgare med elektroniska identitetshandlingar så att myndigheternas e-tjänster kan användas. Vid intervjuerna framkom också att lagen om kvalificerade elektroniska signaturer föreskriver Public Key Infrastructure, PKI, och inte accepterar några andra tekniska lösningar, därför har myndigheterna valt denna teknik. För att se hur statliga myndigheter, i verkligheten, har ersatt traditionella namnunderskrifter med kvalificerade elektroniska signaturer och hur kraven på säker elektronisk identifiering och överföring uppfylls har vi gjort en fallstudie på Riksskatteverket, RSV. Vi intervjuade en projektledare på RSVs IT- enhet och ansvarig på statskontorets enhet för IT- infrastruktur och såg att RSV har försett företag med elektroniska identitetshandlingar. Med hjälp av dessa handlingar kan företag lämna sin månatliga skattedeklaration, via Internet. Genom PKI har myndigheterna de tekniker och metoder som behövs för elektronisk identifiering, signering, kryptering och säker elektronisk överföring. Med PKI kan myndigheterna med säkerhet identifiera avsändare, signera elektroniskt, kryptera dokument och ersätta traditionella namnunderskrifter med elektroniska signaturer. Trots att alla ingredienser finns så kan myndigheterna i dagsläget inte nå den höga säkerhetsnivån som krävs för att kunna ersätta traditionella namnunderskrifter med kvalificerade elektroniska signaturer. Digitala signaturer elektroniska signaturer elektronisk identifiering kryptering kvalificerade elektroniska signaturer Public Key Infrastructure Computer Sciences Datavetenskap (datalogi)
172	Authentication in peer-to-peer systems / Autenticering i peer-to-peer system Åslund, Jonas January 2002 (has links) In the environment of the 3:rd generation Internet based on peer-to-peer architecture, well-trusted methods must exist to establish a secure environment. One main issue is the possibility to verify that a node actually is who it claims to be (authentication). Establishment of authentication between nodes in a peer-to-peer environment where nodes are exchanging information directly with each other requires more planning than in a typical client-server environment where the authentication methods are server-based. The peer-to-peer applications described in this report use authentication methods based on central authorities as well as solutions without central authorities. Lack of standards in the way peer-to-peer systems should communicate and apply security lead to a variety of “local” communication and security solutions. These local solutions make different applications incompatible with each other, meaning that a peer using one application will not be able to communicate and exchange information with other peers using some other application. Informationsteknik P2P peer-to-peer peer node authentication public key certificate ticket Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
173	Outils cryptographiques pour la protection des contenus et de la vie privée des utilisateurs Jambert, Amandine 15 March 2011 (has links) Les problématiques de respect de la vie privée sont aujourd'hui indissociables des technologies modernes. Dans ce contexte, cette thèse s'intéresse plus particulièrement aux outils cryptographiques et à la façon de les utiliser pour répondre à ces nouvelles questions.Dans ce mémoire, je m'intéresserai tout d'abord aux preuves de connaissance sans divulgation qui permettent notamment d'obtenir la propriété d'anonymat pour les usagers de services de télécommunications. Je proposerai ainsi une nouvelle solution de preuve de connaissance d'un secret appartenant à un intervalle, ainsi que la première étude comparative des preuves existantes sur ce sujet. Je décrirai ensuite une nouvelle méthode permettant de vérifier efficacement un ensemble de preuves de type "Groth-Sahaï'', accélérant ainsi considérablement le travail du vérifieur pour de telles preuves. Dans un second temps, je m'intéresserai aux signatures caméléons. Celles-ci permettent de modifier, sous certaines conditions, un message signé. Ainsi, pour ces schémas, il est possible d'exhiber, à l'aide d'une trappe, une signature valide du signataire initial sur le message modifié. Je proposerai d'abord un nouveau schéma qui est à ce jour le plus efficace dans le modèle simple. Je m'intéresserai ensuite à certaines extensions de ce modèle qui ont pour vocation de donner au signataire les moyens de garder un certain contrôle sur les modifications faites a posteriori sur le message initial. Je décrirai ainsi à la fois le nouveau modèle de sécurité et les schémas associés prenant en compte ces nouvelles extensions. Enfin, je présenterai un ensemble d'applications se basant sur les briques cryptographiques introduites ci-dessus et qui permettent d'améliorer la protection de la vie privée des utilisateurs. J'aborderai tout particulièrement les problématiques d'abonnement, d'utilisation ou de facturation de services, ainsi que la gestion de contenus protégés dans un groupe hiérarchisé. / Privacy is, nowadays, inseparable from modern technology. This is the context in which the present thesis proposes new cryptographic tools to meet current challenges.Firstly, I will consider zero-knowledge proofs of knowledge, which allow in particular to reach the anonymity property. More precisely, I will propose a new range proof system and next give the first comparison between all existing solutions to this problem. Then, I will describe a new method to verify a set of ``Groth-Sahaï'' proofs, which significantly decreases the verification time for such proofs.In a second part, I will consider sanitizable signatures which allow, under some conditions, to manipulate (we say ``sanitize'') a signed message while keeping a valid signature of the initial signer. I will first propose a new scheme in the classical case. Next, I will introduce several extensions which enable the signer to obtain better control of the modifications done by the ``sanitizer''. In particular, I will propose a new security model taking into account these extensions and give different schemes achieving those new properties.Finally, I will present different applications of the above cryptographic tools that enhance customer privacy. In particular, I will consider the questions of subscription, use and billing of services and also address the issue of managing protected content in a hierarchical group. Cryptographie à clé publique Respect de la Vie privée Signatures Caméléons Preuves de Connaissances Sanitizable Signatures Privacy Public Key Cryptography Proof of Knowledge
174	Anonymity With Authenticity Swaroop, D 12 1900 (has links) (PDF) Cryptography is science of secure message transmission. Cryptanalysis is involved with breaking these encrypted messages. Both cryptography and cryptanalysis constitute together to form cryptology. Anonymity means namelessness i.e., the quality or state of being unknown while authenticity translates to the quality or condition of being authentic or genuine. Anonymity and authenticity are two different embodiments of personal secrecy. Modern power has increased in its capacity to designate individuals, due to which they find it inconvenient to continue communicating, remaining anonymous. In this thesis we are going to describe an anonymous system which consists of a number of entities which are anonymous and are communicating with each other without revealing their identity and at the same time maintaining their authenticity such that an anonymous entity(sayE1)will be able to verify that, the message it received from another anonymous entity(sayE2)subsequent to an initial message from E2, are in fact from E2 itself. Later when E2 tries to recommend a similar communication to E1 with another anonymous entity E3 in the system, E1 must be able to verify that recommendation, without E2 losing its authenticity of its communication with E1 to E3. This thesis is divided into four chapters. The first chapter is an introduction to cryptography, symmetric key cryptography and public key cryptography. It also summarizes the contribution of this thesis. The second chapter gives various protocol for the above problem ’Anonymity with Authenticity’ along with its extension. Totally six protocols are proposed for the above problem. In third chapter all these six protocols are realized using four different schemes, where each scheme has its own pros and cons. The fourth and final chapter concludes with a note on what possible factors these four different realization schemes need to be chosen and other possible realization schemes. Cryptography Cryptanalysis Anonymous Systems (Communication) Symmetric Key Cryptography Public Key Cryptography Computer Science
175	Formules d'addition sur les jacobiennes de courbes hyperelliptiques : application à la cryptographie / Addition formulae on Jacobians of hyperelliptic curves : application to cryptography Tran, Christophe 01 December 2014 (has links) Dans cette thèse, j'étudie deux aspects distincts de la cryptographie basée sur les courbes elliptiques et hyperelliptiques. Dans une première partie, je confronte deux méthodes de calcul de couplages, originales car ne reposant pas sur le traditionnel algorithme de Miller. Ainsi, dans [42], K. Stange calcula le couplage de Tate sur une courbe elliptique à partir d'un nouvel outil, les elliptic nets. Y. Uchida et S. Uchiyama généralisèrent ces objets au cas hyperelliptique ([47]), mais ne donnèrent un algorithme pour le calcul de couplages que dans le cas des courbes de genre 2. Mon premier travail dans cette thèse fut de donner cet algorithme pour le cas général. De leur côté, D. Lubicz et D. Robert donnèrent dans [28] une autre méthode de calcul de couplage, basée sur les fonctions thêta. Le second résultat de ma thèse est de réunifier ces deux méthodes : je montre que la formule de récurrence à la base des nets est une conséquence des formules d'addition des fonctions thêta utilisées dans l'algorithme de Lubicz et Robert. Dans la seconde partie de ma thèse, je me suis intéressé à l'algorithme de calcul d'index attaquant le problème du logarithme discret sur les courbes elliptiques et hyperelliptiques. Dans le cas elliptique, une des étapes principales de cette attaque repose sur les polynômes de Semaev. Je donne une nouvelle construction ces polynômes en utilisant la fonction sigma de Weierstrass, pour pouvoir ensuite les généraliser pour la première fois au cas hyperelliptique. / In this thesis, I study two different aspects of elliptic and hyperelliptic curves based cryptography.In the first part, I confront two methods of pairings computation, whose original feature is that they are not based the traditional Miller algorithm. Therefore, in [42], K. Stange computed Tate pairings on elliptic curves using a new tool, the elliptic nets. Y. Uchida and S. Uchiyama generalized these objects to hyperelliptic case ([47]), but they gave an algorithm for pairing computation only for the genus 2 case. My first work in this thesis was to give this algorithm for the general case. Meanwhile, D. Lubicz and D. Robert gave in [28] an other pairing computation method, based on theta functions. The second result of my thesis is the reunification of these two methods : I show that the recurrence equation which is the basis of nets theory is a consequence of the addition law of theta functions used in the Lubicz and Robert’s algorithm. In the second part, I study the index calculus algorithm attacking the elliptic and hyperelliptic curve discrete logarithm problem. In the elliptic case, one of the main steps of this attack requires the Semaev polynomials. I reconstruct these polynomials using Weierstrass sigma function, with the purpose of giving their first hyperelliptic generalization. Cryptographie à clé publique Couplages Courbes hyperelliptiques Couplages Calcul d'index Public key cryptography Pairings Hyperelliptic curves Index calculus
176	Security Analysis and Recommendations for CONIKS as a PKI Solution for Mobile Apps Spendlove, George Bradley 01 December 2018 (has links) Secure mobile apps, including end-to-end encrypted messaging apps such as Whats-App and Signal, are increasingly popular today. These apps require trust in a centralized key directory to automatically exchange the public keys used to secure user communication. This trust may be abused by malicious, subpoenaed, or compromised directories. A public key infrastructure (PKI) solution that requires less trust would increase the security of these commonly used apps.CONIKS is a recent PKI proposal that features transparent key directories which publish auditable digests of the public keys they present to queriers. By monitoring its key every time a new digest is published, a client can verify that its key is published correctly, reducing the need to trust the directory. CONIKS features improved security at the cost of unique auditing and monitoring requirements. In this thesis, we examine CONIKS' suitability as a PKI solution for secure mobile apps. We present a threat analysis of possible attacks on the CONIKS protocol and explore several important implications of CONIKS' system description, including recommendations for whistleblowing and key change policies. We also analyze mobile device usage data to estimate whether typical mobile device Internet connectivity is sufficient to fulfill CONIKS' monitoring requirement. public key infrastructure CONIKS public ledger transparency log end-to-end encryption mobile devices Internet connectivity Computer Sciences
177	Realizace certifikační autority a digitálního podpisu / Implementation of certification authority and digital signature Troják, Martin January 2008 (has links) This master´s thesis deals with problems of certification authorities and digital signature. There are analyzed principles of digital certificates and certification authorities. It describes the the most widely used cryptosystems and hash functions, which are used in communications with certificates and digital signature. Analysis is focused on Public key infrastructure standard, which describes rules of creating of certification authority and digital signature. There is also described detailed principle of digital signature. Next chapters deals with studying of protocol SSL, principles of functions and usage of SSL. Practical part of this thesis realizes certification authority and information system. There is shown used software and configuration of it. Last part describes procedures during using aplication and her realization.
178	Kryptografie založená na polookruzích / Cryptography based on semirings Mach, Martin January 2019 (has links) Cryptography based on semirings can be one of the possible approaches for the post-quantum cryptography in the public-key schemes. In our work, we are interested in only one concrete semiring - tropical algebra. We are examining one concrete scheme for the key-agreement protocol - tropical Stickel's protocol. Although there was introduced an attack on it, we have implemented this attack and more importantly, stated its complexity. Further, we propose other variants of Stickel's protocol and we are investigating their potential for practical usage. During the process, we came across the theory of tropical matrix powers, thus we want to make an overview of it due to the use in cryptography based on matrices over the tropical algebra semiring. 1
179	The Performance of Post-Quantum Key Encapsulation Mechanisms : A Study on Consumer, Cloud and Mainframe Hardware Gustafsson, Alex, Stensson, Carl January 2021 (has links) Background. People use the Internet for communication, work, online banking and more. Public-key cryptography enables this use to be secure by providing confidentiality and trust online. Though these algorithms may be secure from attacks from classical computers, future quantum computers may break them using Shor’s algorithm. Post-quantum algorithms are therefore being developed to mitigate this issue. The National Institute of Standards and Technology (NIST) has started a standardization process for these algorithms. Objectives. In this work, we analyze what specialized features applicable for post-quantum algorithms are available in the mainframe architecture IBM Z. Furthermore, we study the performance of these algorithms on various hardware in order to understand what techniques may increase their performance. Methods. We apply a literature study to identify the performance characteristics of post-quantum algorithms as well as what features of IBM Z may accommodate and accelerate these. We further apply an experimental study to analyze the practical performance of the two prominent finalists NTRU and Classic McEliece on consumer, cloud and mainframe hardware. Results. IBM Z was found to be able to accelerate several key symmetric primitives such as SHA-3 and AES via the Central Processor Assist for Cryptographic Functions (CPACF). Though the available Hardware Security Modules (HSMs) did not support any of the studied algorithms, they were found to be able to accelerate them via a Field-Programmable Gate Array (FPGA). Based on our experimental study, we found that computers with support for the Advanced Vector Extensions (AVX) were able to significantly accelerate the execution of post-quantum algorithms. Lastly, we identified that vector extensions, Application-Specific Integrated Circuits (ASICs) and FPGAs are key techniques for accelerating these algorithms. Conclusions. When considering the readiness of hardware for the transition to post-quantum algorithms, we find that the proposed algorithms do not perform nearly as well as classical algorithms. Though the algorithms are likely to improve until the post-quantum transition occurs, improved hardware support via faster vector instructions, increased cache sizes and the addition of polynomial instructions may significantly help reduce the impact of the transition. / Bakgrund. Människor använder internet för bland annat kommunikation, arbete och bankärenden. Asymmetrisk kryptering möjliggör att detta sker säkert genom att erbjuda sekretess och tillit online. Även om dessa algoritmer förväntas vara säkra från attacker med klassiska datorer, riskerar framtida kvantdatorer att knäcka dem med Shors algoritm. Därför utvecklas kvantsäkra krypton för att mitigera detta problem. National Institute of Standards and Technology (NIST) har påbörjat en standardiseringsprocess för dessa algoritmer. Syfte. I detta arbete analyserar vi vilka specialiserade funktioner för kvantsäkra algoritmer som finns i stordator-arkitekturen IBM Z. Vidare studerar vi prestandan av dessa algoritmer på olika hårdvara för att förstå vilka tekniker som kan öka deras prestanda. Metod. Vi utför en litteraturstudie för att identifiera vad som är karaktäristiskt för kvantsäkra algoritmers prestanda samt vilka funktioner i IBM Z som kan möta och accelerera dessa. Vidare applicerar vi en experimentell studie för att analysera den praktiska prestandan av de två framträdande finalisterna NTRU och Classic McEliece på konsument-, moln- och stordatormiljöer. Resultat. Vi fann att IBM Z kunde accelerera flera centrala symmetriska primitiver så som SHA-3 och AES via en hjälpprocessor för kryptografiska funktioner (CPACF). Även om befintliga hårdvarusäkerhetsmoduler inte stödde några av de undersökta algoritmerna, fann vi att de kan accelerera dem via en på-plats-programmerbar grind-matris (FPGA). Baserat på vår experimentella studie, fann vi att datorer med stöd för avancerade vektorfunktioner (AVX) möjlggjorde en signifikant acceleration av kvantsäkra algoritmer. Slutligen identifierade vi att vektorfunktioner, applikationsspecifika integrerade kretsar (ASICs) och FPGAs är centrala tekniker som kan nyttjas för att accelerera dessa algortmer. Slutsatser. Gällande beredskapen hos hårdvara för en övergång till kvantsäkra krypton, finner vi att de föreslagna algoritmerna inte presterar närmelsevis lika bra som klassiska algoritmer. Trots att det är sannolikt att de kvantsäkra kryptona fortsatt förbättras innan övergången sker, kan förbättrat hårdvarustöd för snabbare vektorfunktioner, ökade cachestorlekar och tillägget av polynomoperationer signifikant bidra till att minska påverkan av övergången till kvantsäkra krypton. Public-Key Cryptography Benchmark x86 IBM Z z15 Asymmetrisk Kryptering Prestandatest x86 IBM Z z15 Computer Sciences Datavetenskap (datalogi)
180	Smart card fault attacks on public key and elliptic curve cryptography Ling, Jie January 2014 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key. Smart Card RSA ECC Fault Attack Smart Card Security Public Key NAF wNAF Counter Fault Attack Bit Flip Attack Doubling Attack Attack Simulation Data encryption (Computer science) Curves, Elliptic -- Data processing Cryptography -- Mathematics Public key cryptography -- Research Data protection -- Research Computer engineering -- Research Coding theory Computer security Data structures (Computer science) Embedded computer systems Smart card industry Computer networks -- Security measures Computers -- Access control

Search results