New Classes of Binary Random Sequences for Cryptography

In the vision for the 5G wireless communications advancement that yield new security prerequisites and challenges we propose a catalog of three new classes of pseudorandom random sequence generators. This dissertation starts with a review on the requirements of 5G wireless networking systems and the most recent development of the wireless security services applied to 5G, such as private-keys generation, key protection, and flexible authentication. This dissertation proposes new complexity theory-based, number-theoretic approaches to generate lightweight pseudorandom sequences, which protect the private information using spread spectrum techniques. For the class of new pseudorandom sequences, we obtain the generalization. Authentication issues of communicating parties in the basic model of Piggy Bank cryptography is considered and a flexible authentication using a certified authority is proposed

Distributed EaaS simulation using TEEs: A case study in the implementation and practical application of an embedded computer cluster

Internet of Things (IoT) devices with limited resources struggle to generate the high-quality entropy required for high-quality randomness. This results in weak cryptographic keys. As keys are a single point of failure in modern cryptography, IoT devices performing cryptographic operations may be susceptible to a variety of attacks. To address this issue, we develop an Entropy as a Service (EaaS) simulation. The purpose of EaaS is to provide IoT devices with high-quality entropy as a service so that they can use it to generate strong keys. Additionally, we utilise Trusted Execution Environments (TEEs) in the simulation. TEE is a secure processor component that provides data protection, integrity, and confidentiality for select applications running on the processor by isolating them from other system processes (including the OS). TEE thereby enhances system security. The EaaS simulation is performed on a computer cluster known as the Magi cluster. Magi cluster is a private computer cluster that has been designed, built, configured, and tested as part of this thesis to meet the requirements of Tampere University's Network and Information Security Group (NISEC). In this thesis, we explain how the Magi cluster is implemented and how it is utilised to conduct a distributed EaaS simulation utilising TEEs.Esineiden internetin (Internet of Things, IoT) laitteilla on tyypillisesti rajallisten resurssien vuoksi haasteita tuottaa tarpeeksi korkealaatuista entropiaa vahvan satunnaisuuden luomiseen. Tämä johtaa heikkoihin salausavaimiin. Koska salausavaimet ovat modernin kryptografian heikoin lenkki, IoT-laitteilla tehtävät kryptografiset operaatiot saattavat olla haavoittuvaisia useita erilaisia hyökkäyksiä vastaan. Ratkaistaksemme tämän ongelman kehitämme simulaation, joka tarjoaa IoT-laitteille vahvaa entropiaa palveluna (Entropy as a Service, EaaS). EaaS-simulaation ideana on jakaa korkealaatuista entropiaa palveluna IoT-laitteille, jotta ne pystyvät luomaan vahvoja salausavaimia. Hyödynnämme simulaatiossa lisäksi luotettuja suoritusympäristöjä (Trusted Execution Environment, TEE). TEE on prosessorilla oleva erillinen komponentti, joka tarjoaa eristetyn ja turvallisen ajoympäristön valituille ohjelmille. TEE:tä hyödyntämällä ajonaikaiselle ohjelmalle voidaan taata datan suojaus, luottamuksellisuus sekä eheys eristämällä se muista järjestelmällä ajetuista ohjelmista (mukaan lukien käyttöjärjestelmä). Näin ollen TEE parantaa järjestelmän tietoturvallisuutta. EaaS-simulaatio toteutetaan Magi-nimisellä tietokoneklusterilla. Magi on Tampereen Yliopiston Network and Information Security Group (NISEC) -tutkimusryhmän oma yksityinen klusteri, joka on suunniteltu, rakennettu, määritelty ja testattu osana tätä diplomityötä. Tässä diplomityössä käymme läpi, kuinka Magi-klusteri on toteutettu ja kuinka sillä toteutetaan hajautettu EaaS-simulaatio hyödyntäen TEE:itä

Quantum entropy expansion using n-qubit permutation matrices in Galois field

Random numbers are critical for any cryptographic application. However, the data that is flowing through the internet is not secure because of entropy deprived pseudo random number generators and unencrypted IoTs. In this work, we address the issue of lesser entropy of several data formats. Specifically, we use the large information space associated with the n-qubit permutation matrices to expand the entropy of any data without increasing the size of the data. We take English text with the entropy in the range 4 - 5 bits per byte. We manipulate the data using a set of n-qubit (n $\leq$ 10) permutation matrices and observe the expansion of the entropy in the manipulated data (to more than 7.9 bits per byte). We also observe similar behaviour with other data formats like image, audio etc. (n $\leq$ 15)

ЗАСТОСУВАННЯ ГЕНЕРАТОРІВ ПСЕВДОВИПАДКОВИХ ЧИСЕЛ ТА ПОСЛІДОВНОСТЕЙ В КІБЕРБЕЗПЕЦІ, МЕТОДИ ЇХ ПОБУДОВИ ТА ОЦІНКИ ЯКОСТІ

Due to the rapid development of computing and measurement technology, as well as the implementation of advanced technologies, the scope of application for pseudo-random number generators and pseudo-random sequences has significantly expanded, placing new demands on their design and quality evaluation methods. Quality pseudo-random sequences, although essentially deterministic, possess nearly all the properties of true random processes and successfully replace them, as the generation of random sequences is extremely complex. Due to the diversity and wide range of tasks that require the use of pseudo-random numerical sequences, new algorithms, methods, and tools for obtaining such sequences are constantly being developed and improved. Using pseudo-random sequence generators, one can obtain sequences of numbers where each element is practically independent of others and follows a specific prescribed distribution law, with the uniform distribution being the most common. Thanks to their statistical properties and generation speed, pseudo-random number and sequence generators are essential tools in various fields, including simulation modeling (economic, mathematical, physical, medical research, military applications), computer game development (generation of 3D models, textures, and worlds, as well as creating diversity and randomness in the behavior of characters and events), and measurement technology. Overall, it's important to note that developers of pseudo-random sequence generators face a set of stringent requirements regarding specific characteristics of the results they create using these generators. These requirements can vary depending on the generator's intended purpose and can be particularly high and demanding when pseudo-random sequences are used in cyber­security and information protection. For example, for cryptographic applications, the requirements are extremely rigorous and may sometimes even contradict each other. To verify whether the generated sequence meets the specified criteria and requirements, it is necessary to evaluate its quality, which involves assessing various features and parameters. Since the development of pseudo-random sequence generators aims to make them resemble sequences of truly random numbers, the basis for any evaluation of generators lies in comparing the statistical characteristics of the generated sequence with the characteristics of truly random sequences. For this purpose, various tests are used, which allow the detection of existing statistical regularities and, thus, the identification of low-quality pseudo-random sequences.У зв'язку з бурхливим розвитком обчислювальної і вимірювальної техніки, а також із впровадженням новітніх технологій значно розширилась сфера застосування генераторів псевдовипадкових чисел та псевдовипадкових послідовностей, що ставить нові вимоги до їх проектування та методів оцінки якості. Якісні псевдовипадкові послідовності, хоча і є за своєю суттю детермінованими, володіють проте практично всіма властивостями реалізацій істинно випадкових процесів і успішно їх замінюють, оскільки формування випадкових послідовностей надзвичайно складне. У зв'язку з різноманітністю і широким спектром завдань, які потребують використання псевдовипадкових числових послідовностей, постійно розробляються і вдосконалюються нові алгоритми, методи і засоби для отримання таких послідовностей. За допомогою генераторів псевдовипадкових послідовностей можна отримувати послідовності чисел, де кожен елемент практично незалежний від інших і відповідає певному заданому закону розподілу, найбільш поширеним з яких є рівномірний закон розподілу. Завдяки своїм статистичним властивостям та швидкості генерації генератори псевдовипадкових чисел та послідовностей є важливим інструментом для багатьох сфер діяльності: імітаційного моделювання (економічні, математичні, фізичні, медичні дослідження, військова справа), розробок комп’ютерних ігор (генерація 3D-моделей, текстур та світів, а також створення різноманітності та випадковості у поведінці персонажів та подій), вимірювальної техніки. Загалом важливо відзначити, що розробники генераторів псевдовипадкових послідовностей стикаються з низкою жорстких вимог, щодо певних характеристик результатів, які вони створюють за допомогою цих генераторів. Ці вимоги можуть варіюватися залежно від конкретного призначення генератора, і в разі використання псевдовипадкових послідовностей у сферах кібербезпеки та захисту інформації, вони можуть бути особливо високими і вимогливими. Наприклад, для криптографічних застосувань вимоги є надзвичайно суворими і часом навіть протирічать одна одній. Для перевірки відповідності згенерованої послідовності заданим критеріям та вимогам необхідно провести оцінювання її якості, під час якого проводиться оцінювання за різними ознаками та параметрами. Оскільки при розробці генераторів псевдовипадкових послідовностей прагнуть досягти того, щоб вони були схожі на послідовності чисел, що розподіляються дійсно випадково, то в основі будь-якого оцінювання генераторів лежить порівняння статистичних характеристик згенерованої послідовності з характеристиками істинно випадкових послідовностей. З цією метою використовуються різноманітні тести, які дозволяють виявляти наявні статистичні закономірності і, таким чином, виявляти низьку якість згенерованих псевдовипадкових послідовностей

A remark on the Discrete Fourier Transform statistical test

The study of randomness has always been a topic of significant relevance, and the importance of this topic in cryptography is undeniable. In this paper, we are going to provide a short introduction regarding pseudo-random number generators, their applications in cryptography and an analysis of the Discrete Fourier Transform statistical test. Our contribution is that of compiling the results of multiple runs on several popular pseudo-random number generators, and a Python implementation for computing the probability of a type II error. We intend to underline the weak points of the Discrete Fourier Transform test by showcasing results on large amounts of data, and showcase how testing bigger sequences of bits can help reduce the probability of type II errors

Performance analysis of secure elements for IoT

New protocol stacks provide wireless IPv6 connectivity down to low power embedded IoT devices. From a security point of view, this leads to high exposure of such IoT devices. Consequently, even though they are highly resource-constrained, these IoT devices need to fulfil similar security requirements as conventional computers. The challenge is to leverage well-known cybersecurity techniques for such devices without dramatically increasing power consumption (and therefore reducing battery lifetime) or the cost regarding memory sizes and required processor performance. Various semi-conductor vendors have introduced dedicated hardware devices, so-called secure elements that address these cryptographic challenges. Secure elements provide tamper-resistant memory and hardware-accelerated cryptographic computation support. Moreover, they can be used for mutual authentication with peers, ensuring data integrity and confidentiality, and various other security-related use cases. Nevertheless, publicly available performance figures on energy consumption and execution times are scarce. This paper introduces the concept of secure elements and provides a measurement setup for selected individual cryptographic primitives and a Datagram Transport Layer Security (DTLS) handshake over secure Constrained Application Protocol (CoAPs) in a realistic use case. Consequently, the paper presents quantitative results for the performance of five secure elements. Based on these results, we discuss the characteristics of the individual secure elements and supply developers with the information needed to select a suitable secure element for a specific application

Understanding and Enriching Randomness Within Resource-Constrained Devices

Random Number Generators (RNG) find use throughout all applications of computing, from high level statistical modeling all the way down to essential security primitives. A significant amount of prior work has investigated this space, as a poorly performing generator can have significant impacts on algorithms that rely on it. However, recent explosive growth of the Internet of Things (IoT) has brought forth a class of devices for which common RNG algorithms may not provide an optimal solution. Furthermore, new hardware creates opportunities that have not yet been explored with these devices. in this Dissertation, we present research fostering deeper understanding of and enrichment of the state of randomness within the context of resource-constrained devices. First, we present an exploratory study into methods of generating random numbers on devices with sensors. We perform a data collection study across 37 android devices to determine how much random data is consumed, and which sensors are capable of producing sufficiently entropic data. We use the results of our analysis to create an experimental framework called SensoRNG, which serves as a prototype to test the efficacy of a sensor-based RNG. SensoRNG employs opportunistic collection of data from on-board sensors and applies a light-weight mixing algorithm to produce random numbers. We evaluate SensoRNG with the National Institute of Standards and Technology (NIST) statistical testing suite and demonstrate that a sensor-based RNG can provide high quality random numbers with only little additional overhead. Second, we explore the design, implementation, and efficacy of a Collaborative and Distributed Entropy Transfer protocol (CADET), which explores moving random number generation from an individual task to a collaborative one. Through the sharing of excess random data, devices that are unable to meet their own needs can be aided by contributions from other devices. We implement and test a proof-of-concept version of CADET on a testbed of 49 Raspberry Pi 3B single-board computers, which have been underclocked to emulate resource-constrained devices. Through this, we evaluate and demonstrate the efficacy and baseline performance of remote entropy protocols of this type, as well as highlight remaining research questions and challenges. Finally, we design and implement a system called RightNoise, which automatically profiles the RNG activity of a device by using techniques adapted from language modeling. First, by performing offline analysis, RightNoise is able to mine and reconstruct, in the context of a resource-constrained device, the structure of different activities from raw RNG access logs. After recovering these patterns, the device is able to profile its own behavior in real time. We give a thorough evaluation of the algorithms used in RightNoise and show that, with only five instances of each activity type per log, RightNoise is able to reconstruct the full set of activities with over 90\% accuracy. Furthermore, classification is very quick, with an average speed of 0.1 seconds per block. We finish this work by discussing real world application scenarios for RightNoise