207 research outputs found
Security Analysis of Integrated Diffie-Hellman Digital Signature Algorithm Protocols
Diffie-Hellman (DH) key exchange is a well known method for secure exchange of cryptographic keys and has been widely used in popular Internet protocols, such as IPsec, TLS, and SSH. To enable authenticated key establishment, the DH protocol has been integrated with the digital signature algorithm (DSA). In this paper, we analyze three variants of the integrated DH-DSA protocol. We study the protocol variants with respect to known types of attacks and security features. In particular, the focus is on the properties of forward secrecy, known-key security, and replay attack resilience
Integration of post-quantum cryptography in the TLS protocol (LWE Option)
Dissertação de mestrado em Computer ScienceWith the possibility of quantum computers making an appearance, possibly capable of
breaking several well established and widespread crytposystems (especially those that
implement public key cryptography), necessity has arisen to create new cryptographic
algorithms which remain safe even against adversaries using quantum computers.
Several algorithms based on different mathematical problems have been proposed which
are considered to be hard to solve with quantum computers. In recent years, a new
lattice-based mathematical problem called Learning With Errors (and its variant Ring -
Learning With Errors) was introduced, and several cryptosystems based on this problem
were introduced, some of which are becoming practical enough to compete with traditional
schemes that have been used for decades.
The primary focus in this work is the implementation of two Ring - Learning With Errors
based schemes (one key exchange mechanism and one digital signature scheme) on the TLS
protocol via the OpenSSL library as a way of checking their overall viability in real-world
scenarios, by comparing them to classical schemes implementing the same functionalities.Com a possibilidade do surgimento dos primeiros computadores quânticos, possivelmente
capazes de quebrar muitos dos cripto-sistemas bem difundidos e considerados seguros,
tornou-se necessário tomar precauções com a criação de novas técnicas criptográficas que
visam manter as suas propriedades de segurança mesmo contra adversários que usem
computadores quânticos.
Existem já muitas propostas de algoritmos baseados em problemas matemáticos
distintos que são considerados difíceis de resolver recorrendo a computadores quânticos.
Recentemente, foi introduzido um novo problema baseado em reticulados denominado de
Learning With Errors (e a sua variante Ring - Learning With Errors), e consequentemente
foram propostos vários cripto-sistemas baseados nesse problema, alguns dos quais começam
já a ser utilizáveis ao ponto de poderem ser comparados com os esquemas clássicos usados
há décadas.
O foco principal neste trabalho é a implementação de dois esquemas baseados no problema
Ring - Learning With Errors (mais precisamente, um esquema de troca de chaves e uma
assinatura digital) no protocolo TLS através da sua integração no OpenSSL como forma de
verificar a sua viabilidade em contextos reais, comparando-os com esquemas clássicos que
implementem as mesmas funcionalidades
Elliptic Curve Cryptography Services for Mobile Operating Systems
Mobile devices as smartphones, tablets and laptops, are nowadays considered indispensable objects
by most people in developed countries. A s personal and work assistant s , some of th e s e
devices store , process and transmit sensitive and private data. Naturally , the number of mobile
applications with integrated cryptographic mechanisms or offering security services has been
significantly increasing in the last few years. Unfortunately, not all of those applications are secure
by design, while other may not implement the cryptographic primitives correctly. Even the
ones that implement them correctly may suffer from longevity problems, since cryptographic
primitives that are considered secure nowadays may become obsolete in the next few years.
Rivest, Shamir and Adleman (RSA) is an example of an widely used cryptosystem that may become
depleted shorty . While the security issues in the mobile computing environment may be of
median severity for casual users, they may be critical for several professional classes, namely
lawyers, journalists and law enforcement agents. As such, it is important to approach these
problems in a structured manner.
This master’s program is focused on the engineering and implementation of a mobile application
offering a series of security services. The application was engineered to be secure by design
for the Windows Phone 8.1 Operating System (OS) which, at the time of writing this dissertation,
was the platform with the most discreet offer in terms of applications of this type. The
application provides services such as secure exchange of a cryptographic secret, encryption and
digital signature of messages and files, management of contacts and encryption keys and secure
password generation and storage. Part of the cryptographic primitives used in this work
are from the Elliptic Curve Cryptography (ECC) theory, for which the discrete logarithm problem
is believed to be harder and key handling is easier. The library defining a series of curves
and containing the procedures and operations supporting the ECC primitives was implemented
from scratch, since there was none available, comprising one of the contributions of this work.
The work evolved from the analysis of the state-of-the-art to the requirements analysis and
software engineering phase, thoroughly described herein, ending up with the development of a
prototype. The engineering of the application included the definition of a trust model for the
exchange of public keys and the modeling of the supporting database.
The most visible outcomes of this master’s program are the fully working prototype of a mobile
application offering the aforementioned security services, the implementation of an ECC
library for the .NET framework, and this dissertation. The source code for the ECC library was
made available online on GitHub with the name ECCryptoLib [Ana15]. Its development and
improvement was mostly dominated by unit testing. The library and the mobile application
were developed in C?. The level of security offered by the application is guaranteed via the
orchestration and combination of state-of-the-art symmetric key cryptography algorithms, as the Advanced Encryption Standard (AES) and Secure Hash Algorithm 256 (SHA256) with the ECC
primitives. The generation of passwords is done by using several sensors and inputs as entropy
sources, which are fed to a cryptographically secure hash function. The passwords are stored in
an encrypted database, whose encryption key changes every time it is opened, obtained using
a Password-Based Key Derivation Function 2 (PBKDF2) from a master password. The trust model
for the public keys designed in the scope of this work is inspired in Pretty Good Privacy (PGP),
but granularity of the trust levels is larger.Dispositivos móveis como computadores portáteis, smartphones ou tablets, são, nos dias de
hoje, considerados objectos indispensáveis pela grande maioria das pessoas residentes em países
desenvolvidos. Por serem utilizados como assistentes pessoais ou de trabalho, alguns destes
dispositivos guardam, processam e transmitem dados sensíveis ou privados. Naturalmente,
o número de aplicações móveis com mecanismos criptográficos integrados ou que oferecem
serviços de segurança, tem vindo a aumentar de forma significativa nos últimos anos. Infelizmente,
nem todas as aplicações são seguras por construção, e outras podem não implementar
as primitivas criptográficas corretamente. Mesmo aquelas que as implementam corretamente
podem sofrer de problemas de longevidade, já que primitivas criptográficas que são hoje em dia
consideradas seguras podem tornar-se obsoletas nos próximos anos. O Rivest, Shamir and Adleman
(RSA) constitui um exemplo de um sistema criptográfico muito popular que se pode tornar
obsoleto a curto prazo. Enquanto que os problemas de segurança em ambientes de computação
móvel podem ser de média severidade para utilizadores casuais, estes são normalmente críticos
para várias classes profissionais, nomeadamente advogados, jornalistas e oficiais da justiça. É,
por isso, importante, abordar estes problemas de uma forma estruturada.
Este programa de mestrado foca-se na engenharia e implementação de uma aplicação móvel
que oferece uma série de serviços de segurança. A aplicação foi desenhada para ser segura por
construção para o sistema operativo Windows Phone 8.1 que, altura em que esta dissertação foi
escrita, era a plataforma com a oferta mais discreta em termos de aplicações deste tipo. A aplicação
fornece funcionalidades como trocar um segredo criptográfico entre duas entidades de
forma segura, cifra, decifra e assinatura digital de mensagens e ficheiros, gestão de contactos
e chaves de cifra, e geração e armazenamento seguro de palavras-passe. Parte das primitivas
criptográficas utilizadas neste trabalho fazem parte da teoria da criptografia em curvas elípticas,
para a qual se acredita que o problema do logaritmo discreto é de mais difícil resolução
e para o qual a manipulação de chaves é mais simples. A biblioteca que define uma série de
curvas, e contendo os procedimentos e operações que suportam as primitivas criptográficas, foi
totalmente implementada no âmbito deste trabalho, dado ainda não existir nenhuma disponível
no seu início, compreendendo assim uma das suas contribuições. O trabalho evoluiu da análise
do estado da arte para o levantamento dos requisitos e para a fase de engenharia de software,
aqui descrita detalhadamente, culminando no desenvolvimento de um protótipo. A engenharia
da aplicação incluiu a definição de um sistema de confiança para troca de chaves públicas e
também modelação da base de dados de suporte.
Os resultados mais visíveis deste programa de mestrado são o protótipo da aplicação móvel, completamente
funcional e disponibilizando as funcionalidades de segurança acima mencionadas,
a implementação de uma biblioteca Elliptic Curve Cryptography (ECC) para framework .NET, e esta dissertação. O código fonte com a implementação da biblioteca foi publicada online.
O seu desenvolvimento e melhoramento foi sobretudo dominado por testes unitários. A biblioteca
e a aplicação móvel foram desenvolvidas em C?. O nível de segurança oferecido pela
aplicação é garantido através da orquestração e combinação de algoritmos da criptografia de
chave simétrica atuais, como o Advanced Encryption Standard (AES) e o Secure Hash Algorithm
256 (SHA256), com as primitivas ECC. A geração de palavras-passe é feita recorrendo utilizando
vários sensores e dispoitivos de entrada como fontes de entropia, que posteriormente são alimentadas
a uma função de hash criptográfica. As palavras-passe são guardadas numa base de
dados cifrada, cuja chave de cifra muda sempre que a base de dados é aberta, sendo obtida
através da aplicação de um Password-Based Key Derivation Function 2 (PBKDF2) a uma palavrapasse
mestre. O modelo de confiança para chaves públicas desenhado no âmbito deste trabalho
é inspirado no Pretty Good Privacy (PGP), mas a granularidade dos níveis de confiança é superior
The Cryptographic Security of the German Electronic Identity Card
In November 2010, the German government started to issue the new electronic identity card (eID) to its citizens. Besides its original utilization as a ’visual’ identification document, the eID card can be used by the cardholder to prove one’s identity at border control and to enhance security of authentication processes over the Internet, with the eID card serving as a token to reliably
transmit personal data to service providers or terminals, respectively. To this end, the German Federal Office for Information Security (BSI) proposed several cryptographic protocols now deployed on the eID card.
The Password Authenticated Connection Establishment (PACE) protocol secures the wireless communication between the eID card and the user’s local card reader, based on a cryptographically weak password like the PIN chosen by the card owner. Subsequently, the Extended Access Control (EAC) protocol is executed by the chip and the service provider to mutually authenticate and agree on a shared secret session key. This key is then used in the secure channel protocol, called Secure Messaging (SM). Finally, an optional protocol,
called Restricted Identification (RI), provides a method to use pseudonyms such that they can be linked by individual service providers, but not across different service providers (even not by malicious ones).
This thesis consists of two parts. First, we present the above protocols and provide a rigorous analysis on their security from a cryptographic point of view. We show that the Germen eID card provides reasonable security for authentication and exchange of sensitive information allaying concerns regarding its usage.
In the second part of this thesis, we introduce two possible modifications to enhance the security of these protocols even further. Namely, we show how to (a) add to PACE an additional efficient chip authentication step, and (b) augment RI to allow also for signatures under pseudonyms
Efficient Implementation on Low-Cost SoC-FPGAs of TLSv1.2 Protocol with ECC_AES Support for Secure IoT Coordinators
Security management for IoT applications is a critical research field, especially when taking into account the performance variation over the very different IoT devices. In this paper, we present high-performance client/server coordinators on low-cost SoC-FPGA devices for secure IoT data collection. Security is ensured by using the Transport Layer Security (TLS) protocol based on the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite. The hardware architecture of the proposed coordinators is based on SW/HW co-design, implementing within the hardware accelerator core Elliptic Curve Scalar Multiplication (ECSM), which is the core operation of Elliptic Curve Cryptosystems (ECC). Meanwhile, the control of the overall TLS scheme is performed in software by an ARM Cortex-A9 microprocessor. In fact, the implementation of the ECC accelerator core around an ARM microprocessor allows not only the improvement of ECSM execution but also the performance enhancement of the overall cryptosystem. The integration of the ARM processor enables to exploit the possibility of embedded Linux features for high system flexibility. As a result, the proposed ECC accelerator requires limited area, with only 3395 LUTs on the Zynq device used to perform high-speed, 233-bit ECSMs in 413 µs, with a 50 MHz clock. Moreover, the generation of a 384-bit TLS handshake secret key between client and server coordinators requires 67.5 ms on a low cost Zynq 7Z007S device
Performance assessment of security mechanisms for cooperative mobile health applications
Mobile health (m-Health) applications aim to deliver healthcare services through mobile applications regardless of time and place. An mHealth application makes use of wireless communications to sustain its health services and often providing a patient-doctor interaction. Therefore, m-Health applications present several challenging issues and constraints, such as, mobile devices battery and storage capacity, broadcast constraints, interferences, disconnections, noises, limited bandwidths, network delays, and of most importance, privacy and security concerns. In a typical m-Health system, information transmitted through wireless channels may contain sensitive information such as patient’s clinic history, patient’s personal diseases information (e.g. infectious disease as HIV - human immunodeficiency virus). Carrying such type of information presents many issues related to its privacy and protection. In this work, a cryptographic solution for m-Health applications under a cooperative environment is proposed in order to approach two common drawbacks in mobile health systems: the data privacy and protection. Two different approaches were proposed: i) DE4MHA that aims to guarantee the best confidentiality, integrity, and authenticity of mhealth systems users data and ii) eC4MHA that also focuses on assuring and guarantying the m-Health application data confidentiality, integrity, and authenticity, although with a different paradigm. While DE4MHA considers a peer-to-peer node message forward, with encryption/decryption tasks on each node, eC4MHA focuses on simply encrypting data at the requester node and decrypting it when it reaches the Web service. It relays information through cooperative mobile nodes, giving them the only strictly required information, in order to be able to forward a request, until it reaches the Web service responsible to manage the request, and possibly answer to that same request. In this sense, the referred solutions aim any mobile health application with cooperation mechanism embedded. For test purposes a specific mobile health application, namely SapoFit, was used. Cryptographic mechanisms were created and integrated in SapoFit application with built in cooperation mechanisms. A performance evaluation of both approaches in a real scenario with different mobile devices is performed and presented in this work. A comparison with the performance evaluations of both solutions is also presented.Fundação para a Ciência e a Tecnologia (FCT)European Community Fund FEDER through COMPETE – Programa Operacional Factores de Competitividad
Secure End-to-End Communications in Mobile Networks
2009 - 2010Cellular communication has become an important part of our daily life.
Besides using cell phones for voice communication, we are now able to access
the Internet, conduct monetary transactions, send voice, video and text
messages and new services continue to be added. The frequencies over
which voice is transmitted are public, so voice encryption is necessary to
avoid interception of the signal over the air. But once the signal reaches the
operators Base Station (BS), it will be transmitted to the receiver over a
wired or wireless mean. In either case, no protection is de ned. This does
not seem a problem, but this is not true. Along the path across operator
network, voice is at risk. It will only be encrypted again, with a di erent key,
from the BS to the receiver if the receiver is herself a mobile user. Moreover,
voice encryption is not mandatory. The choice whether or not to accept an
unprotected communication is up to the network. When adopted, the same
encryption algorithm is used for sending SMS messages between mobile
telephones and base stations and for encrypting of calls. Unfortunately,
vulnerabilities in this encryption systems were already revealed more than
10 years ago and more continue to be discovered.
Currently the most popular communication technologies are the GSM and
the UMTS. The UMTS is in use as a successor to GSM. Along with mobile
phone services, It provides rapid data communication. The security algo-
rithms in UMTS di ers from GSM in two important ways: encryption and
mutual authentication. Although security standards have been improved,
the end- to-end security is not provided... [edited by Author]IX n.s
A Mobile Secure Bluetooth-Enabled Cryptographic Provider
The use of digital X509v3 public key certificates, together with different standards
for secure digital signatures are commonly adopted to establish authentication proofs
between principals, applications and services. One of the robustness characteristics commonly
associated with such mechanisms is the need of hardware-sealed cryptographic
devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled
tokens or dongles. These devices support internal functions for management and storage
of cryptographic keys, allowing the isolated execution of cryptographic operations, with
the keys or related sensitive parameters never exposed.
The portable devices most widely used are USB-tokens (or security dongles) and internal
ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing
cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared,
also suitable to protect cryptographic operations and digital signatures for secure
identity and payment applications. The common characteristic of such devices is to offer
the required support to be used as secure cryptographic providers. Among the advantages
of those portable cryptographic devices is also their portability and ubiquitous use, but,
in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply
the need of readers, not always and not commonly available for generic smartphones
or users working with computing devices. Also, wireless-devices can be specialized or
require a development effort to be used as standard cryptographic providers.
An alternative to mitigate such problems is the possible adoption of conventional
Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely,
by client-side applications running in users’ devices, such as desktop or laptop
computers. However, the use of smartphones for safe storage and management of private
keys and sensitive parameters requires a careful analysis on the adversary model assumptions.
The design options to implement a practical and secure smartphone-enabled
cryptographic solution as a product, also requires the approach and the better use of
the more interesting facilities provided by frameworks, programming environments and
mobile operating systems services.
In this dissertation we addressed the design, development and experimental evaluation
of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and
supports on-demand Bluetooth-enabled cryptographic operations, including standard
digital signatures. The addressed mobile cryptographic provider can be used by applications
running on Windows-enabled computing devices, requesting digital signatures.
The solution relies on the secure storage of private keys related to X509v3 public certificates
and Android-based secure elements (SEs). With the materialized solution, an
application running in a Windows computing device can request standard digital signatures
of documents, transparently executed remotely by the smartphone regarded as a
standard cryptographic provider
- …