- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 1 to 7 of 7 (0.07 seconds)| 1 |
Techniques of Side Channel CryptanalysisMuir, James January 2001 (has links)
The traditional model of cryptography examines the security of cryptographic primitives as mathematical functions. This approach does not account for the physical side effects of using these primitives in the real world. A more realistic model employs the concept of a <I>side channel</I>. A side channel is a source of information that is inherent to a physical implementation of a primitive. Research done in the last half of the 1990s has shown that the information transmitted by side channels, such as execution time, computational faults and power consumption, can be detrimental to the security of ciphers like DES and RSA. This thesis surveys the techniques of side channel cryptanalysis presented in [Kocher1996], [Boneh1997], and [Kocher1998] and shows how side channel information can be used to break implementations of DES and RSA. Some specific techniques covered include the timing attack, differential fault analysis, simple power analysis and differential power analysis. Possible defenses against each of these side channel attacks are also discussed.
|
| 2 |
Techniques of Side Channel CryptanalysisMuir, James January 2001 (has links)
The traditional model of cryptography examines the security of cryptographic primitives as mathematical functions. This approach does not account for the physical side effects of using these primitives in the real world. A more realistic model employs the concept of a <I>side channel</I>. A side channel is a source of information that is inherent to a physical implementation of a primitive. Research done in the last half of the 1990s has shown that the information transmitted by side channels, such as execution time, computational faults and power consumption, can be detrimental to the security of ciphers like DES and RSA. This thesis surveys the techniques of side channel cryptanalysis presented in [Kocher1996], [Boneh1997], and [Kocher1998] and shows how side channel information can be used to break implementations of DES and RSA. Some specific techniques covered include the timing attack, differential fault analysis, simple power analysis and differential power analysis. Possible defenses against each of these side channel attacks are also discussed.
|
| 3 |
Anomaly based Detection of Attacks on Security ProtocolsKazi, Shehab January 2010 (has links)
Abstract. Security and privacy in digital communications is the need of the hour. SSL/TLS has become widely adopted to provide the same. Multiple application layer protocols can be layered on top of it. However protection is this form results in all the data being encrypted causing problems for an intrusion detection system which relies on a sniffer that analyses packets on a network. We thus hypothesise that a host based intrusion detection system that analyses packets after decryption would be able to detect attacks against security protocols. To this effect we conduct two experiments where we attack a web server and a mail server, collect data, analyse it and conclude with methods to detect such attacks. These methods are in the form of peudocode.
|
| 4 |
The Performance Cost of SecurityBowen, Lucy R 01 June 2019 (has links)
Historically, performance has been the most important feature when optimizing computer hardware. Modern processors are so highly optimized that every cycle of computation time matters. However, this practice of optimizing for performance at all costs has been called into question by new microarchitectural attacks, e.g. Meltdown and Spectre. Microarchitectural attacks exploit the effects of microarchitectural components or optimizations in order to leak data to an attacker. These attacks have caused processor manufacturers to introduce performance impacting mitigations in both software and silicon.
To investigate the performance impact of the various mitigations, a test suite of forty-seven different tests was created. This suite was run on a series of virtual machines that tested both Ubuntu 16 and Ubuntu 18. These tests investigated the performance change across version updates and the performance impact of CPU core number vs. default microarchitectural mitigations. The testing proved that the performance impact of the microarchitectural mitigations is non-trivial, as the percent difference in performance can be as high as 200%.
|
| 5 |
Identification of Users via SSH Timing AttackFlucke, Thomas J 01 July 2020 (has links) (PDF)
Secure Shell, a tool to securely access and run programs on a remote machine, is an important tool for both system administrators and developers alike. The technology landscape is becoming increasingly distributed and reliant on tools such as Secure Shell to protect information as a user works on a system remotely. While Secure Shell accounts for the abuses the security of older tools such as telnet overlook, it still has fundamental vulnerabilities which leak information about both the user and their activities through timing attacks. The OpenSSH client, the implementation included in all Linux, Mac, and Windows computers, sends each keystroke entered to the server as soon as it becomes available. As a result, an attacker can observe the network patterns to know when a user presses a key and draw conclusions based on that information such as what a user is typing or who they are. In this thesis, we demonstrate that such an attack allows a malicious observer to identify a user with a concerning level of accuracy without having direct access to either the client or server systems. Using machine learning classifiers, we identify individual users in a crowd based solely on the size and timing of packets traveling across the network. We find that our classifiers were able to identify users with 20\% accuracy using as little as one hour of network traffic. Two of them promise to scale well to the number of users.
|
| 6 |
Odolnost AES proti časovací analýze / AES Tolerance to Timing AnalysisOndruš, Juraj Unknown Date (has links)
This thesis deals with timing analysis of the AES (Advanced Encryption Standard). The design of {\em Rijndael\/}, which is the AES algorithm, is described here. For the side channel attacks is necessary to know the principles of the cache memory in CPU and its architecture. In this thesis are involved major security problems of AES which can be used for successful attacks. Several different implementations of AES are discussed too. Several types of timing attaks are also described. According to the experimentations these attacks should be efficient to the most presently used AES implementations. Finally, the results of this work are described, possible countermeasures against this attack and motions for the next research.
|
| 7 |
Implantation sécurisée de protocoles cryptographiques basés sur les codes correcteurs d'erreurs / Secure implementation of cryptographic protocols based on error-correcting codesRichmond, Tania 24 October 2016 (has links)
Le premier protocole cryptographique basé sur les codes correcteurs d'erreurs a été proposé en 1978 par Robert McEliece. La cryptographie basée sur les codes est dite post-quantique car il n'existe pas à l'heure actuelle d'algorithme capable d'attaquer ce type de protocoles en temps polynomial, même en utilisant un ordinateur quantique, contrairement aux protocoles basés sur des problèmes de théorie des nombres. Toutefois, la sécurité du cryptosystème de McEliece ne repose pas uniquement sur des problèmes mathématiques. L'implantation, logicielle ou matérielle, a également un rôle très important pour sa sécurité et l'étude de celle-ci face aux attaques par canaux auxiliaires/cachés n'a débuté qu'en 2008. Des améliorations sont encore possibles. Dans cette thèse, nous proposons de nouvelles attaques sur le déchiffrement du cryptosystème de McEliece, utilisé avec les codes de Goppa classiques, ainsi que des contre-mesures correspondantes. Les attaques proposées sont des analyses de temps d'exécution ou de consommation d'énergie. Les contre-mesures associées reposent sur des propriétés mathématiques et algorithmiques. Nous montrons qu'il est essentiel de sécuriser l'algorithme de déchiffrement en le considérant dans son ensemble et non pas seulement étape par étape / The first cryptographic protocol based on error-correcting codes was proposed in 1978 by Robert McEliece. Cryptography based on codes is called post-quantum because until now, no algorithm able to attack this kind of protocols in polynomial time, even using a quantum computer, has been proposed. This is in contrast with protocols based on number theory problems like factorization of large numbers, for which efficient Shor's algorithm can be used on quantum computers. Nevertheless, the McEliece cryptosystem security is based not only on mathematical problems. Implementation (in software or hardware) is also very important for its security. Study of side-channel attacks against the McEliece cryptosystem have begun in 2008. Improvements can still be done. In this thesis, we propose new attacks against decryption in the McEliece cryptosystem, used with classical Goppa codes, including corresponding countermeasures. Proposed attacks are based on evaluation of execution time of the algorithm or its power consumption analysis. Associate countermeasures are based on mathematical and algorithmic properties of the underlying algorithm. We show that it is necessary to secure the decryption algorithm by considering it as a whole and not only step by step
|
Page generated in 0.0728 seconds