(De-)Constructing TLS 1.3

SSL/TLS is one of the most widely deployed cryptographic protocols on the Internet. It is used to protect the confidentiality and integrity of transmitted data in various client-server applications. The currently specified version is TLS 1.2, and its security has been analyzed extensively in the cryptographic literature. The IETF working group is actively developing a new version, TLS 1.3, which is designed to address several flaws inherent to previous versions. In this paper, we analyze the security of a slightly modified version of the current TLS 1.3 draft. (We do not encrypt the server’s certificate.) Our security analysis is performed in the constructive cryptography framework. This ensures that the resulting security guarantees are composable and can readily be used in subsequent protocol steps, such as password-based user authentication over a TLS-based communication channel in which only the server is authenticated. Most steps of our proof hold in the standard model, with the sole exception that the key derivation function HKDF is used in a way that has a proof only in the random-oracle model. Beyond the technical results on TLS 1.3, this work also exemplifies a novel approach towards proving the security of complex protocols by a modular, step-by-step decomposition, in which smaller sub-steps are proved in isolation and then the security of the protocol follows by the composition theorem

Cascaded- and Modular-Multilevel Converter Laboratory Test System Options: A Review

The increasing importance of cascaded multilevel converters (CMCs), and the sub-category of modular multilevel converters (MMCs), is illustrated by their wide use in high voltage DC connections and in static compensators. Research is being undertaken into the use of these complex pieces of hardware and software for a variety of grid support services, on top of fundamental frequency power injection, requiring improved control for non-traditional duties. To validate these results, small-scale laboratory hardware prototypes are often required. Such systems have been built by many research teams around the globe and are also increasingly commercially available. Few publications go into detail on the construction options for prototype CMCs, and there is a lack of information on both design considerations and lessons learned from the build process, which will hinder research and the best application of these important units. This paper reviews options, gives key examples from leading research teams, and summarizes knowledge gained in the development of test rigs to clarify design considerations when constructing laboratory-scale CMCs.This work was supported in part by The University of Manchester supported by the National Innovation Allowance project ``VSC-HVDC Model Validation and Improvement'' and Dr. Heath's iCASE Ph.D. studentship supported through Engineering and Physical Sciences Research Council (EPSRC) and National Grid, in part by the Imperial College London supported by EPSRC through the HubNet Extension under Grant EP/N030028/1, in part by an iCASE Ph.D. Studentship supported by EPSRC and EDF Energy and the CDT in Future Power Networks under Grant EP/L015471/1, in part by University of New South Wales (UNSW) supported by the Solar Flagships Program through the Education Infrastructure Fund (EIF), in part by the Australian Research Council through the Discovery Early Career Research Award under Grant DECRA_DE170100370, in part by the Basque Government through the project HVDC-LINK3 under Grant ELKARTEK KK-2017/00083, in part by the L2EP research group at the University of Lille supported by the French TSO (RTE), and in part by the Hauts-de-France region of France with the European Regional Development Fund under Grant FEDER 17007725

Communication blades: modular communications for tangible and embedded interfaces

Bladed Tiles is a modular hardware toolkit for building tangible and embedded interface devices. It includes “function blades” and “interaction tiles,” which can provide a flexible, inexpensive, open-ended platform for constructing a wide variety of tangible and embedded interfaces. In this paper, we propose Communication Blades. These are a class of electronic modules with varied computational capabilities for interfacing devices built using bladed tiles toolkit and also for interfacing embedded devices as adapters with external communication networks. These blades provide flexibility by offering the ability to select between different communication technologies and connectivity by providing devices with interoperability over different communication mediums. Furthermore, the modular blade architecture allows different types of communication blades to be plugged in on demand. This reduces the need for development and knowledge of communication protocols by the developers, thus abstracting the underlying complexity. My research work includes studying and designing various communication blades i.e. Serial, USB, Bluetooth and Gumstix. It also includes prototyping, testing and implementing the communication blades

Powering a Biosensor Using Wearable Thermoelectric Technology

Wearable medical devices such as insulin pumps, glucose monitors, hearing aids, and electrocardiograms provide necessary medical aid and monitoring to millions of users worldwide. These battery powered devices require battery replacement and frequent charging that reduces the freedom and peace of mind of users. Additionally, the significant portion of the world without access to electricity is unable to use these medical devices as they have no means to power them constantly. Wearable thermoelectric power generation aims to charge these medical device batteries without a need for grid power. Our team has developing a wristband prototype that uses body heat, ambient air, and heat sinks to create a temperature difference across thermoelectric modules thus generating ultra-low voltage electrical power. A boost converter is implemented to boost this voltage to the level required by medical device batteries. Our goal was to use this generated power to charge medical device batteries off-the-grid, increasing medical device user freedom and allowing medical device access to those without electricity. We successfully constructed a wearable prototype that generates the voltage required by an electrocardiogram battery; however, further thermoelectric module and heat dissipation optimization is necessary to generate sufficient current to charge the battery

Analysis And Design Of A Modular Solar-fed Fault-tolerant Power System With Maximum Power Point Tracking

Solar power is becoming ever more popular in a variety of applications. It is particularly attractive because of its abundance, renewability, and environment friendliness. Solar powered spacecraft systems have ever-expanding loads with stringent power regulation specifications. Moreover, they require a light and compact design of their power system. These constraints make the optimization of power harvest from solar arrays a critical task. Florida Power Electronics Center (FPEC) at UCF set to develop a modular fault-tolerant power system architecture for space applications. This architecture provides a number of very attractive features including Maximum Power Point Tracking (MPPT) and uniform power stress distribution across the system. MPPT is a control technique that leads the system to operate its solar sources at the point where they provide maximum power. This point constantly moves following changes in ambient operating conditions. A digital controller is setup to locate it in real time while optimizing other operating parameters. This control scheme can increase the energy yield of the system by up to 45%, and thus significantly reduces the size and weight of the designed system. The modularity of the system makes it easy to prototype and expand. It boosts its reliability and allows on-line reconfiguration and maintenance, thus reducing down-time upon faults. This thesis targets the analysis and optimization of this architecture. A new modeling technique is introduced for MPPT in practical environments, and a novel digital power stress distribution scheme is proposed in order to properly distribute peak and thermal stress and improve reliability. A 2kW four-channel prototype of the system was built and tested. Experimental results confirm the theoretical improvements, and promise great success in the field

Modular Interoperable Synthetic Environment: Final Report

Report on Modular interoperable synthetic environment which is an attempt to research and address difficulties with interoperablility among systems which incorporate varying levels of fidelity and diverse communications protocols in the absence of a definitive and comprehensive set of standards

Design and performance of a compact and stationary microSPECT system

Purpose: Over the last ten years, there has been an extensive growth in the development of microSPECT imagers. Most of the systems are based on the combination of conventional, relatively large gamma cameras with poor intrinsic spatial resolution and multipinhole collimators working in large magnification mode. Spatial resolutions range from 0.58 to 0.76 mm while peak sensitivities vary from 0.06% to 0.4%. While pushing the limits of performance is of major importance, the authors believe that there is a need for smaller and less complex systems that bring along a reduced cost. While low footprint and low-cost systems can make microSPECT available to more researchers, the ease of operation and calibration and low maintenance cost are additional factors that can facilitate the use of microSPECT in molecular imaging. In this paper, the authors simulate the performance of a microSPECT imager that combines high space-bandwidth detectors and pinholes with truncated projection, resulting in a small and stationary system. Methods: A system optimization algorithm is used to determine the optimal SPECT systems, given our high resolutions detectors and a fixed field-of-view. These optimal system geometries are then used to simulate a Defrise disk phantom and a hot rod phantom. Finally, a MOBY mouse phantom, with realistic concentrations of Tc99m-tetrofosmin is simulated. Results: Results show that the authors can successfully reconstruct a Defrise disk phantom of 24 mm in diameter without any rotating system components or translation of the object. Reconstructed spatial resolution is approximately 800 mu m while the peak sensitivity is 0.23%. Finally, the simulation of the MOBY mouse phantom shows that the authors can accurately reconstruct mouse images. Conclusions: These results show that pinholes with truncated projections can be used in small magnification or minification mode to obtain a compact and stationary microSPECT system. The authors showed that they can reach state-of-the-art system performance and can successfully reconstruct images with realistic noise levels in a preclinical context. Such a system can be useful for dynamic SPECT imaging. 2013 American Association of Physicists in Medicine

(De-)Constructing TLS

TLS is one of the most widely deployed cryptographic protocols on the Internet; it is used to protect the confidentiality and integrity of transmitted data in various client-server protocols. Its non-standard use of cryptographic primitives, however, makes it hard to formally assess its security. It is in fact difficult to use traditional (well-understood) security notions for the key-exchange (here: handshake) and the encryption/authentication (here: record layer) parts of the protocol due to the fact that, on the one hand, traditional game-based notions do not easily support composition, and on the other hand, all TLS versions up to and including 1.2 combine the two phases in a non-standard way. In this paper, we provide a modular security analysis of the handshake in TLS version 1.2 and a slightly sanitized version of the handshake in the current draft of TLS version 1.3, following the constructive cryptography approach of Maurer and Renner (ICS 2011). We provide a deconstruction of the handshake into modular sub-protocols and a security proof for each such sub-protocol. We also show how these results can be combined with analyses of the respective record layer protocols, and the overall result is that in all cases the protocol constructs (unilaterally) secure channels between the two parties from insecure channels and a public-key infrastructure. This approach ensures that (1) each sub-protocol is proven in isolation and independently of the other sub-protocols, (2) the overall security statement proven can easily be used in higher-level protocols, and (3) TLS can be used in any composition with other secure protocols. In more detail, for the key-exchange step of TLS 1.2, we analyze the RSA-based and both Diffie-Hellman-based variants (with static and ephemeral server key share) under a non-randomizability assumption for RSA-PKCS and the Gap Diffie-Hellman assumption, respectively; in all cases we make use of random oracles. For the respective step of TLS 1.3, we prove security under the Decisional Diffie-Hellman assumption in the standard model. In all statements, we require additional standard computational assumptions on other primi- tives. In general, since the design of TLS is not modular, the constructive decomposition is less fine-grained than one might wish to have and than it is for a modular design. This paper therefore also suggests new insights into the intrinsic problems incurred by a non-modular protocol design such as that of TLS

Constructing Confidential Channels from Authenticated Channels---Public-Key Encryption Revisited

The security of public-key encryption (PKE), a widely-used cryptographic primitive, has received much attention in the cryptographic literature. Many security notions for PKE have been proposed, including several versions of CPA-security, CCA-security, and non-malleability. These security notions are usually defined in terms of a certain game that an efficient adversary cannot win with non-negligible probability or advantage. If a PKE scheme is used in a larger protocol, then the security of this protocol is proved by showing a reduction of breaking a certain security property of the PKE scheme to breaking the security of the protocol. A major problem is that each protocol requires in principle its own tailor-made security reduction. Moreover, which security notion of the PKE should be used in a given context is a priori not evident; the employed games model the use of the scheme abstractly through oracle access to its algorithms, and the sufficiency for specific applications is neither explicitly stated nor proven. In this paper we propose a new approach to investigating the application of PKE, following the constructive cryptography paradigm of Maurer and Renner (ICS~2011). The basic use of PKE is to enable confidential communication from a sender A to a receiver B, assuming A is in possession of B\u27s public key. One can distinguish two relevant cases: The (non-confidential) communication channel from A to B can be authenticated (e.g., because messages are signed) or non-authenticated. The application of PKE is shown to provide the construction of a secure channel from A to B from two (assumed) authenticated channels, one in each direction, or, alternatively, if the channel from A to B is completely insecure, the construction of a confidential channel without authenticity. Composition then means that the assumed channels can either be physically realized or can themselves be constructed cryptographically, and also that the resulting channels can directly be used in any applications that require such a channel. The composition theorem shows that several construction steps can be composed, which guarantees the soundness of this approach and eliminates the need for separate reduction proofs. We also revisit several popular game-based security notions (and variants thereof) and give them a constructive semantics by demonstrating which type of construction is achieved by a PKE scheme satisfying which notion. In particular, the necessary and sufficient security notions for the above two constructions to work are CPA-security and a variant of CCA-security, respectively