Securing the digital signing process

Van den Berg, James Richard

25 March 2010

M.Comm. / Worldwide an increasing amount of legal credibility is being assigned to digital signatures and it is therefore of utmost importance to research and develop additional measures to secure the technology. The main goal of this dissertation is to research and identify areas in which the user’s private key, used for the digital signing of messages, is exposed to the risk of being compromised and then develop a prototype system (SecureSign) to overcome the identified vulnerabilities and secure the digital signing process. In order to achieve the above stated, use will be made of a cryptographic token, which will provide secure storage and a secure operational environment to the user’s private key. The cryptographic token is at the heart of SecureSign and it is where the user’s private key will be created, stored and used. All operations requiring the user’s private key will be performed on the token, which is equipped with its own processor for this purpose.

Digital signature

Computer security

Public key cryptography

A New Public-Key Cryptosystem

Hettinger, Christopher James

01 June 2014

Public key cryptosystems offer important advantages over symmetric methods, but the most important such systems rely on the difficulty of integer factorization (or the related discrete logarithm problem). Advances in quantum computing threaten to render such systems useless. In addition, public-key systems tend to be slower than symmetric systems because of their use of number-theoretic algorithms. I propose a new public key system which may be secure against both classical and quantum attacks, while remaining simple and very fast. The system's action is best described in terms of linear algebra, while its security is more naturally explained in the context of graph theory.

Cryptography

Public Key

Post-Quantum

Mathematics

Installation, configuration and operational testing of a PKI certificate server and its supporting services

Kelly, Amanda M., Ambers, Vanessa P.

06 1900

Approved for public release; distribution is unlimited / Public key infrastructure (PKI) was created to provide the basic services of confidentiality, authenticity, integrity and non-repudiation for sensitive information that may traverse public (un-trusted) networks. This thesis provides a brief description of the background and functional components of a PKI, and then "builds" a PKI to be used for research at the Naval Postgraduate School (NPS). Deficiencies of this PKI with respect to DoD PKI policy are delineated. The thesis addresses details of software selection, installation, configuration and operation; using Netscape's Certificate Management System as its Certificate Authority application of choice. The functionality of this PKI was validated by testing all major certificate lifecycle events (creation, archival, revocation, validation, etc.) All but two of these tests were successful-key escrow and revocation checking-and thus these two remain to be addressed by further work to make the NPS PKI fully functional. / First Lieutenant, United States Air Force / Lieutenant Commander, United States Navy

Public key cryptography

Computer networks

Security measures

Information technology

Management

Message authentication in an identity-based encryption scheme: 1-Key-Encrypt-Then-MAC

Unknown Date

We present an Identity-Based Encryption scheme, 1-Key-Encrypt-Then-MAC, in which we are able to verify the authenticity of messages using a MAC. We accomplish this authentication by combining an Identity-Based Encryption scheme given by Boneh and Franklin, with an Identity-Based Non-Interactive Key Distribution given by Paterson and Srinivasan, and attaching a MAC. We prove the scheme is chosen plaintext secure and chosen ciphertext secure, and the MAC is existentially unforgeable. / by Brittanney Jaclyn Amento. / Thesis (M.S.)--Florida Atlantic University, 2010. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2010. Mode of access: World Wide Web.

Data encryption (Computer science)

Public key cryptopgraphy

A client puzzle based public-key authentication and key establishment protocol.

January 2002

Fung Chun-Kan. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 105-114). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgements --- p.iv / List of Figures --- p.viii / List of Tables --- p.x / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivations and Objectives --- p.1 / Chapter 1.2 --- Authentication Protocol --- p.3 / Chapter 1.3 --- Security Technologies --- p.5 / Chapter 1.3.1 --- Cryptography --- p.5 / Chapter 1.3.2 --- Digital Certificate --- p.7 / Chapter 1.3.3 --- One-way Hash Function --- p.8 / Chapter 1.3.4 --- Digital Signature --- p.9 / Chapter 1.4 --- Thesis Organization --- p.9 / Chapter 2 --- Related Work --- p.11 / Chapter 2.1 --- Introduction --- p.11 / Chapter 2.2 --- Authentication and Key Establishment Protocols --- p.11 / Chapter 2.3 --- Denial-of-Service Attack Handling Methods --- p.15 / Chapter 2.4 --- Attacks on Authentication and Key Establishment Protocol --- p.18 / Chapter 2.4.1 --- Denial-of-Service Attack --- p.19 / Chapter 2.4.2 --- Replay Attack --- p.19 / Chapter 2.4.3 --- Man-in-the middle Attack --- p.21 / Chapter 2.4.4 --- Chosen-text Attack --- p.22 / Chapter 2.4.5 --- Interleaving Attack --- p.23 / Chapter 2.4.6 --- Reflection Attack --- p.25 / Chapter 2.5 --- Summary --- p.27 / Chapter 3 --- A DoS-resistant Authentication and Key Establishment Protocol --- p.29 / Chapter 3.1 --- Introduction --- p.29 / Chapter 3.2 --- Protocol Notations --- p.30 / Chapter 3.3 --- Protocol Descriptions --- p.30 / Chapter 3.4 --- An Improved Client Puzzle Protocol --- p.37 / Chapter 3.4.1 --- Review of Juels-Brainard Protocol --- p.37 / Chapter 3.4.2 --- Weaknesses of Juels-Brainard Protocol and Proposed Improvements --- p.39 / Chapter 3.4.3 --- Improved Client Puzzle Protocol --- p.42 / Chapter 3.5 --- Authentication Framework --- p.43 / Chapter 3.5.1 --- Client Architecture --- p.44 / Chapter 3.5.2 --- Server Architecture --- p.47 / Chapter 3.6 --- Implementations --- p.49 / Chapter 3.6.1 --- Software and Programming Tools --- p.49 / Chapter 3.6.2 --- The Message Formats --- p.50 / Chapter 3.5.3 --- Browser Interface --- p.51 / Chapter 3.6.4 --- Calculation of the Difficulty Level --- p.53 / Chapter 3.6.5 --- "(C, t) Non-Existence Verification" --- p.56 / Chapter 3.7 --- Summary --- p.57 / Chapter 4 --- Security Analysis and Formal Proof --- p.58 / Chapter 4.1 --- Introduction --- p.58 / Chapter 4.2 --- Security Analysis --- p.59 / Chapter 4.2.1 --- Denial-of-Service Attacks --- p.59 / Chapter 4.2.2 --- Replay Attacks.........； --- p.60 / Chapter 4.2.3 --- Chosen-text Attacks --- p.60 / Chapter 4.2.4 --- Interleaving Attacks --- p.61 / Chapter 4.2.5 --- Others --- p.62 / Chapter 4.3 --- Formal Proof Methods --- p.62 / Chapter 4.3.1 --- General-purpose Specification Languages and Verification Tools --- p.62 / Chapter 4.3.2 --- Expert System Approach --- p.63 / Chapter 4.3.3 --- Modal Logic Approach --- p.64 / Chapter 4.3.4 --- Algebraic Term-Rewriting Approach --- p.66 / Chapter 4.4 --- Formal Proof of the Proposed Protocol --- p.66 / Chapter 4.4.1 --- Notations --- p.67 / Chapter 4.4.2 --- The Proof --- p.68 / Chapter 4.5 --- Summary --- p.73 / Chapter 5 --- Experimental Results and Analysis --- p.75 / Chapter 5.1 --- Introduction --- p.75 / Chapter 5.2 --- Experimental Environment --- p.75 / Chapter 5.3 --- Experiments --- p.77 / Chapter 5.3.1 --- Computational Performance of the Puzzle Solving Operation at different Difficulty Levels --- p.77 / Chapter 5.3.2 --- Computational Performance of the Puzzle Generation and Puzzle Solution Verification --- p.79 / Chapter 5.3.3 --- Computational Performance of the Protocol Cryptographic Operations --- p.82 / Chapter 5.3.4 --- Computational Performance of the Overall Protocol Session --- p.84 / Chapter 5.3.5 --- Impact on the Server Load without Client Puzzles --- p.85 / Chapter 5.3.6 --- Impact on the Server Load with Client Puzzles --- p.88 / Chapter 5.3.7 --- Impact on the Server Response Time from the Puzzles --- p.97 / Chapter 5.4 --- Summary --- p.100 / Chapter 6 --- Conclusion and Future Work --- p.101 / Chapter 6.1 --- Concluding Remarks --- p.101 / Chapter 6.2 --- Contributions --- p.103 / Chapter 6.3 --- Future Work --- p.104 / Bibliography --- p.105

Public key cryptography

Data encryption (Computer science)

Computer networks--Security measures

Versatile Montgomery Multiplier Architectures

Gaubatz, Gunnar

30 April 2002

Several algorithms for Public Key Cryptography (PKC), such as RSA, Diffie-Hellman, and Elliptic Curve Cryptography, require modular multiplication of very large operands (sizes from 160 to 4096 bits) as their core arithmetic operation. To perform this operation reasonably fast, general purpose processors are not always the best choice. This is why specialized hardware, in the form of cryptographic co-processors, become more attractive. Based upon the analysis of recent publications on hardware design for modular multiplication, this M.S. thesis presents a new architecture that is scalable with respect to word size and pipelining depth. To our knowledge, this is the first time a word based algorithm for Montgomery's method is realized using high-radix bit-parallel multipliers working with two different types of finite fields (unified architecture for GF(p) and GF(2n)). Previous approaches have relied mostly on bit serial multiplication in combination with massive pipelining, or Radix-8 multiplication with the limitation to a single type of finite field. Our approach is centered around the notion that the optimal delay in bit-parallel multipliers grows with logarithmic complexity with respect to the operand size n, O(log3/2 n), while the delay of bit serial implementations grows with linear complexity O(n). Our design has been implemented in VHDL, simulated and synthesized in 0.5μ CMOS technology. The synthesized net list has been verified in back-annotated timing simulations and analyzed in terms of performance and area consumption.

computer arithmetic

modular multiplication

public key cryptography

montgomery

vlsi

high radix

Public key cryptography

Computer algorithms

A survey and security strength classification of PKI certificate revocation management implementations /

MacMichael, John L.

January 2003

Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, December 2003. / Thesis advisor(s): J.D. Fulp, D.F. Warren. Includes bibliographical references. Also available online.

Forward security and certificate management in mobile AD Hoc networks

Go, Hiu-wing., 吳曉頴.

January 2004

published_or_final_version / abstract / toc / Computer Science and Information Systems / Master / Master of Philosophy

Wireless communication systems

Public key cryptography.

Mobile communication systems.

Security of dynamic authorisation for IoT through Blockchain technology / Säkerheten av dynamisk autentisering för IoT genom Blockchain-teknik

Sandor, Alexander

January 2018

The use of Internet of Things devices is an integral part of our modern society. Communication with internet of things devices is secured with asymmetric key encryption that is handled by the centralized certificate authority infrastructure. The emerging Blockchain technology now provides a safe way to change ownership of digital resources through a decentralized system that challenges the traditional centralized view of trust in digital systems. This project studies the security of building public key infrastructures and access communication protocols on Blockchain technology for IoT devices. An informal cryptographic analysis that used proof by contradiction showed that it is cryptographically safe to build Blockchain based Public Key Infrastructures. The analysed Blockchain based public key infrastructure was implemented with smart contracts and tested on the Ethereum platform along with a dynamic access control protocol ensuring dynamic authentication and distributed logging. The project also concluded that advancements in the software clients of nodes are required before Blockchain can be used in Internet of Things devices. This is due to the high storage demands required by currently available nodes. / Användandet av "Internet of Things"-enheter är en integral del av vårt moderna samhälle. Kommunikation med "Internet of Things"-enheter är säkras genom asymmetrisk nyckelkryptering som hanteras i ett centraliserat system administrerat av certifieringsmyndigheter. Den banbrytande Blockchain-tekniken erbjuder nu ett säkert sätt att byta ägandeskap av digitala resurser i ett decentraliserat system, och utmanar den traditionella synen på tillit i digitala system. Det här projektet studerar säkerheten i att bygga en infrastruktur för publik nyckeldistribuering samt protokoll för accesskontrollering med hjälp av Blockchain-teknik för "Internet of Things"-enheter. Genom en informell kryptografisk analys och metoden motsägelsebevis visades det att det är kryptografiskt säkert att bygga infrastrukturer för publik nyckeldistribuering på Blockchain-teknik. En Blockchain-baserad infrastruktur för public nyckeldistribuering implementerades med smarta kontrakt och testades på Ethereum-plattformen tillsammans med ett protokoll för dynamisk accesskontroll som säkerställde dynamisk autentisering och distribuerad loggning. Projektet kom även fram till att ny mjukvara för noder behövs för att tekniken ska bli applicerbar i "Internet of Things"-enheter. Detta eftersom nuvarande noder behöver stort datautrymme för att fungera.

Blockchain

IoT

Public Key Encryption

Public Key Infrastructure

Computer Sciences

Datavetenskap (datalogi)

The Impact of the Common Data Security Architecture (CDSA) on Telemetry Post Processing Architectures

Kalibjian, Jeffrey R.

10 1900

International Telemetering Conference Proceedings / October 25-28, 1999 / Riviera Hotel and Convention Center, Las Vegas, Nevada / It is an increasing requirement that commercial satellite telemetry data product be protected from unauthorized access during transmission to ground stations. While the technology (cryptography) to secure telemetry data product is well known, the software infrastructure to support such security is costly, and very customized. Further, many software packages have difficulty interoperating. The Common Data Security Architecture [1] [2] [3] (originally proposed by the Intel Corporation, and now adopted by the Open Group), is a set of common cryptographic [4] and public key infrastructure (PKI) application programming interfaces (APIs) which will facilitate better cryptographic interoperability as well as making cryptographic resources more readily available in telemetry post processing environments.

cryptography

public key infrastructure (PKI)

Common Data Security Architecture (CDSA)