7 research outputs found
Securing group communication in dynamic, disadvantaged networks : implementation of an elliptic-curve pairing-based cryptography library
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 155-158).This thesis considers the problem of securing communication among dynamic groups of participants without relying on an online group keying service. As a solution, we offer the design and implementation of the Public Key Group Encryption (PKGE) service. It is a cryptography library, written in C, and designed to be shared among all communications applications on any particular system. PKGE imposes low communication overhead and embraces disconnected operation, making it especially appropriate for deployment in low-bandwidth tactical environments. PKGE provides forward-secure confidentiality and authentication among any subset of users using small communication overhead by bringing together a number of modern cryptographic developments, with the piece de resistance being the elliptic curve-based Collusion-Resistant Broadcast Encryption. The focus of this thesis is primarily the engineering and synthesis of known theoretical schemes; we also present novel extensions to the Boneh-Gentry-Waters encryption scheme. 1. Forward secrecy: Add forward secrecy to the scheme at a cost of T private keys for T security epochs. 2. Optimized session protocols: Sidestep the majority of costs in computation and bandwidth. 3. Cheap over-provisioning of system capacity: Support up to 232 users for resource costs proportional only to the number actually registered. 4. Chosen Ciphertext Attack (CCA) Security: Elevate security from CPA to CCA strength. Using PKGE, we have developed a plugin for Gaim2 as a motivating launch application. The plugin both demonstrates the use of PKGE and enables secure conferencing over the range of Gaim-supported protocols, including Jabber, IRC, AIM, and ICQ. PKGE and its Gaim plugin may be run and further developed under MS Windows, Mac OS X, and Linux operating systems.by Rob Figueiredo.M.Eng
Toward least-privilege isolation for software
Hackers leverage software vulnerabilities to disclose, tamper with, or destroy sensitive
data. To protect sensitive data, programmers can adhere to the principle of
least-privilege, which entails giving software the minimal privilege it needs to operate,
which ensures that sensitive data is only available to software components on a
strictly need-to-know basis. Unfortunately, applying this principle in practice is dif-
ļæ½cult, as current operating systems tend to provide coarse-grained mechanisms for
limiting privilege. Thus, most applications today run with greater-than-necessary
privileges. We propose sthreads, a set of operating system primitives that allows
ļæ½ne-grained isolation of software to approximate the least-privilege ideal. sthreads
enforce a default-deny model, where software components have no privileges by default,
so all privileges must be explicitly granted by the programmer.
Experience introducing sthreads into previously monolithic applications|thus,
partitioning them|reveals that enumerating privileges for sthreads is diļæ½cult in
practice. To ease the introduction of sthreads into existing code, we include Crowbar,
a tool that can be used to learn the privileges required by a compartment. We
show that only a few changes are necessary to existing code in order to partition
applications with sthreads, and that Crowbar can guide the programmer through
these changes. We show that applying sthreads to applications successfully narrows
the attack surface by reducing the amount of code that can access sensitive data.
Finally, we show that applications using sthreads pay only a small performance
overhead. We applied sthreads to a range of applications. Most notably, an SSL
web server, where we show that sthreads are powerful enough to protect sensitive
data even against a strong adversary that can act as a man-in-the-middle in the
network, and also exploit most code in the web server; a threat model not addressed
to date
QUIRE: Lightweight Provenance for Smart Phone Operating Systems
Smartphone applications(apps) often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a confused deputy attack). This thesis presents two new security mechanisms built into the Android operating system to address these issues. First, the call chain of all interprocess communications are tracked, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Additionally, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote endpoints visibility into the state of the phone when an RPC is made
Implementation of an API for distributed communication between processes in closed contexts
DissertaĆ§Ć£o de mestrado integrado em Engenharia de ComunicaƧƵesExistem atualmente diversas Application Programming Interfaces (APIs)
que ajudam na programaĆ§Ć£o de aplicaƧƵes distribuĆdas. Na maior parte dos
casos, estas utilizam de forma in exĆvel um Ćŗnico tipo de protocolo aplicacional
e interface, cando dependente dos protocolos de transporte jĆ” existentes
e do sistema operativo. Para o programador, a stack de protocolos e o tipo
de interface tĆŖm que ser decididos explicitamente antes do estabelecimento
da comunicaĆ§Ć£o entre os processos.
Algumas APIs facilitam a programaĆ§Ć£o ocultando alguns aspetos espec
Ć cos dos mecanismos e protocolos de comunicaĆ§Ć£o utilizados, disponibilizando
uma interface mais homogeneizada. No entanto, a programaĆ§Ć£o continua
a nĆ£o ser totalmente transparente e independente dos protocolos de
comunicaĆ§Ć£o utilizados, dos sistemas operativos e da localizaĆ§Ć£o relativa dos
processos comunicantes. AlĆ©m disso, estas APIs nĆ£o tomam decisƵes sobre
o mecanismo de comunicaĆ§Ć£o a utilizar quando existem vĆ”rias alternativas
possĆveis, sendo esta decisĆ£o da responsabilidade do programador.
Num contexto de implementaĆ§Ć£o de simuladores distribuĆdos e modulares
para protocolos de redes de computadores e sistemas de comunicaĆ§Ć£o,
seria vantajoso poder-se utilizar uma API para comunicaĆ§Ć£o dos processos
de simulaĆ§Ć£o que disponibilizasse apenas um Ćŗnico interface de programaĆ§Ć£o
e que decidisse de forma transparente o mecanismo ou protocolo comunicacional
mais e ciente, tendo em conta a localizaĆ§Ć£o relativa dos processos.
Nesta dissertaĆ§Ć£o sĆ£o abordadas as soluƧƵes semelhantes jĆ” existentes e
Ć© estudada uma API que pretende preencher estas lacunas. A arquitetura
desta API serĆ” depois apresentada, assim como uma soluĆ§Ć£o com base na
investigaĆ§Ć£o realizada. Por m, os resultados dos testes serĆ£o analizados e a
conclusĆ£o apresentada.
Esta dissertaĆ§Ć£o foi desenvolvida no contexto do projeto RoutUM, um
simulador de redes de computadores atualmente a ser desenvolvido pela Universidade
do Minho.There are several Application Programming Interfaces (APIs) available to
simplify the development of distributed applications. In most cases, they invariably
use one type of application protocol and interface, being dependent
of the existing transport protocols and operating system. To the programmer,
the protocol stack and the type of interface must be explicitly chosen
before initiating communication between processes.
Some APIs simplify programming by hiding some speci c aspects about
the communication protocols and mechanisms, revealing a more homogenized
interface. However, the programming is still not completely transparent
and independent from the communication protocols, the operating
system and the relative location of the communicating processes. Also, they
are unable to decide which communication mechanism to be used when there
are several available possibilities, leaving that responsibility to the programmer.
On the context of implementation of distributed and modular simulators
for network protocols and communication systems, it would be desirable to
be able to use an API that would allow communication between the processes
while providing only one programming interface. It would then transparently
decide the most e cient mechanism or communication protocol from the relative
location of the communicating processes.
This dissertation will present and discuss the currently available solutions
and the problems associated with the development of an API which
attempts to ll the missing features indicated above. The API's architecture
will then be shown and developed into a solution based on the results from
the investigation. In the end, this solution will be tested and the nal results
will be presented.
This dissertation was developed in the context of the RoutUM project,
a network simulator being currently developed in the University of Minho
Performance-efficient cryptographic primitives in constrained devices
PhD ThesisResource-constrained devices are small, low-cost, usually fixed function and very limitedresource devices. They are constrained in terms of memory, computational capabilities,
communication bandwidth and power. In the last decade, we have seen widespread use of
these devices in health care, smart homes and cities, sensor networks, wearables, automotive
systems, and other fields. Consequently, there has been an increase in the research activities
in the security of these devices, especially in how to design and implement cryptography that
meets the devicesā extreme resource constraints.
Cryptographic primitives are low-level cryptographic algorithms used to construct security protocols that provide security, authenticity, and integrity of the messages. The building
blocks of the primitives, which are built heavily on mathematical theories, are computationally complex and demands considerable computing resources. As a result, most of these
primitives are either too large to fit on resource-constrained devices or highly inefficient
when implemented on them.
There have been many attempts to address this problem in the literature where cryptography engineers modify conventional primitives into lightweight versions or build new
lightweight primitives from scratch. Unfortunately, both solutions suffer from either reduced
security, low performance, or high implementation cost.
This thesis investigates the performance of the conventional cryptographic primitives and
explores the effect of their different building blocks and design choices on their performance.
It also studies the impact of the various implementations approaches and optimisation
techniques on their performance. Moreover, it investigates the limitations imposed by the
tight processing and storage capabilities in constrained devices in implementing cryptography.
Furthermore, it evaluates the performance of many newly designed lightweight cryptographic
primitives and investigates the resources required to run them with acceptable performance.
The thesis aims to provide an insight into the performance of the cryptographic primitives and
the resource needed to run them with acceptable performance. This will help in providing
solutions that balance performance, security, and resource requirements for these devices.The Institute of
Public Administration in Riyadh, and the Saudi Arabian Cultural Bureau in
Londo
Performance Comparison of Projective Elliptic-curve Point Multiplication in 64-bit x86 Runtime Environment
For over two decades, mathematicians and cryptologists have evaluated and presented the theoretical performance of Elliptic-curve scalar point-multiplication in projective geometry. Because computation in projective domain is composed of a wide array of formulations and computing optimizations, there is not a comprehensive performance comparison of point-multiplication using projective transformation available to verify its realistic efficiency in 64-bit x86 computing platforms. Today, research on explicit mathematical formulations in projective domain continues to excel by seeking higher computational efficiency and ease of realization. An explicit performance evaluation will help implementers choose better implementation methods and improve Elliptic-curve scalar point-multiplication. This paper was founded on the practical solution that obtaining realistic performance figures should be based on more precise computational cost metrics and specific computing platforms. As part of that solution, an empirical performance benchmark comparison between two approaches implementing projective Elliptic-curve scalar point-multiplication will be presented to provide the selection of, and subsequently ways to improve scalar point-multiplication technology executing in a 64-bit x86 runtime environment
An Analysis of OpenSSL's Random Number Generator
In this work we demonstrate various weaknesses of the random number generator (RNG) in the OpenSSL cryptographic library. We
show how OpenSSLās RNG, knowingly in a low entropy state, potentially
leaks low entropy secrets in its output, which were never intentionally
fed to the RNG by client code, thus posing vulnerabilities even when in
the given usage scenario the low entropy state is respected by the client
application. Turning to the core cryptographic functionality of the RNG,
we show how OpenSSLās functionality for adding entropy to the RNG
state fails to be effectively a mixing function. If an initial low entropy
state of the RNG was falsely presumed to have 256 bits of entropy based
on wrong entropy estimations, this causes attempts to recover from this
state to succeed only in long term but to fail in short term. As a result,
the entropy level of generated cryptographic keys can be limited to 80
bits, even though thousands of bits of entropy might have been fed to
the RNG state previously. In the same scenario, we demonstrate an attack recovering the RNG state from later output with an off-line effort
between 282 and 284 hash evaluations, for seeds with an entropy level
n above 160 bits. We also show that seed data with an entropy of 160
bits, fed into the RNG, under certain circumstances, might be recovered from its output with an effort of 282 hash evaluations. These results
are highly relevant for embedded systems that fail to provide sufficient
entropy through their operating system RNG at boot time and rely on
subsequent reseeding of the OpenSSL RNG. Furthermore, we identify a
design flaw that limits the entropy of the RNGās output to 240 bits in
the general case even for an initially correctly seeded RNG, despite the
fact that a security level of 256 bits is intended