Reconfiguring Crypto Hardware Accelerators on Wireless Sensor Nodes

Running strong cryptographic algorithms on wireless sensor nodes is extremely difficult due to their limited resources. Hardware accelerators are a suitable means to speed up the computation and reduce power consumption. The drawback of crypto ASICs is the loss of flexibility. In this paper we will shortly introduce a modular design of elliptic curve accelerators which allows to be adjusted to several NIST recommended curves by replacing its reduction unit. This partial reconfiguration will be executed on a Spartan 3 FPGA. The visualization will be done in the following way. Standard motes will be connected to the FPG. On the motes the algorithms will be executed in software. Switching between ECC with a long key, i.e. 571 bit and those with short key length, e.g. to a key length of 163 bit, has a remarkable effect on the execution time. En-/decrypting messages sent to and received from the motes at the FPGA will show that ECC implementation has been reconfigured according to the selected curve on the mote

Investigation of the efficiency of the Elliptic Curve Cryptosystem for multi-application smart card

Thesis (M.E.Sc.) -- University of Adelaide, Dept. of Engineering, 199

GORAM -- Group ORAM for Privacy and Access Control in Outsourced Personal Records

Cloud storage has rapidly become a cornerstone of many IT infrastructures, constituting a seamless solution for the backup, synchronization, and sharing of large amounts of data. Putting user data in the direct control of cloud service providers, however, raises security and privacy concerns related to the integrity of outsourced data, the accidental or intentional leakage of sensitive information, the profiling of user activities and so on. Furthermore, even if the cloud provider is trusted, users having access to outsourced files might be malicious and misbehave. These concerns are particularly serious in sensitive applications like personal health records and credit score systems. To tackle this problem, we present GORAM, a cryptographic system that protects the secrecy and integrity of outsourced data with respect to both an untrusted server and malicious clients, guarantees the anonymity and unlinkability of accesses to such data, and allows the data owner to share outsourced data with other clients, selectively granting them read and write permissions. GORAM is the first system to achieve such a wide range of security and privacy properties for outsourced storage. In the process of designing an efficient construction, we developed two new, generally applicable cryptographic schemes, namely, batched zero-knowledge proofs of shuffle and an accountability technique based on chameleon signatures, which we consider of independent interest. We implemented GORAM in Amazon Elastic Compute Cloud (EC2) and ran a performance evaluation demonstrating the scalability and efficiency of our construction

Cryptographic techniques for privacy and access control in cloud-based applications

Digitization is one of the key challenges for today’s industries and society. It affects more and more business areas and also user data and, in particular, sensitive information. Due to its sensitivity, it is important to treat personal information as secure and private as possible yet enabling cloud-based software to use that information when requested by the user. In this thesis, we focus on the privacy-preserving outsourcing and sharing of data, the querying of outsourced protected data, and the usage of personal information as an access control mechanism for rating platforms, which should be protected from coercion attacks. In those three categories, we present cryptographic techniques and protocols that push the state of the art. In particular, we first present multi-client oblivious RAM (ORAM), which augments standard ORAM with selective data sharing through access control, confidentiality, and integrity. Second, we investigate on recent work in frequency-hiding order-preserving encryption and show that the state of the art misses rigorous treatment, allowing for simple attacks against the security of the existing scheme. As a remedy, we show how to fix the security definition and that the existing scheme, slightly adapted, fulfills it. Finally, we design and develop a coercion-resistant rating platform. Coercion-resistance has been dealt with mainly in the context of electronic voting yet also affects other areas of digital life such as rating platforms.Die Digitalisierung ist eine der größten Herausforderungen für Industrie und Gesellschaft. Neben vielen Geschäftsbereichen betrifft diese auch, insbesondere sensible, Nutzerdaten. Daher sollten persönliche Informationen so gut wie möglich gesichert werden. Zugleich brauchen Cloud-basierte Software-Anwendungen, die der Nutzer verwenden möchte, Zugang zu diesen Daten. Diese Dissertation fokussiert sich auf das sichere Auslagern und Teilen von Daten unter Wahrung der Privatsphäre, auf das Abfragen von geschützten, ausgelagerten Daten und auf die Nutzung persönlicher Informationen als Zugangsberechtigung für erpressungsresistente Bewertungsplattformen. Zu diesen drei Themen präsentieren wir kryptographische Techniken und Protokolle, die den Stand der Technik voran treiben. Der erste Teil stellt Multi-Client Oblivious RAM (ORAM) vor, das ORAM durch die Möglichkeit, Daten unter Wahrung von Vertraulichkeit und Integrität mit anderen Nutzern zu teilen, erweitert. Der zweite Teil befasst sich mit Freuquency-hiding Order-preserving Encryption. Wir zeigen, dass dem Stand der Technik eine formale Betrachtung fehlt, was zu Angriffen führt. Um Abhilfe zu schaffen, verbessern wir die Sicherheitsdefinition und beweisen, dass das existierende Verschlüsselungsschema diese durch minimale Änderung erfüllt. Abschließend entwickeln wir ein erpressungsresistentes Bewertungsportal. Erpressungsresistenz wurde bisher hauptsächlich im Kontext von elektronischen Wahlen betrachtet