SIGNCRYPTION ANALYZE

The aim of this paper is to provide an overview for the research that has been done so far in signcryption area. The paper also presents the extensions for the signcryption scheme and discusses the security in signcryption. The main contribution to this paper represents the implementation of the signcryption algorithm with the examples provided.ElGamal, elliptic curves, encryption, identity-based, proxy-signcryption, public key, ring-signcryption, RSA, signcryption

A Cloud Authentication Protocol using One-Time Pad

There is a significant increase in the amount of data breaches in corporate servers in the cloud environments. This includes username and password compromise in the cloud and account hijacking, thus leading to severe vulnerabilities of the cloud service provisioning. Traditional authentication schemes rely on the users to use their credentials to gain access to cloud service. However once the credential is compromised, the attacker will gain access to the cloud service easily. This paper proposes a novel scheme that does not require the user to present his credentials, and yet is able to prove ownership of access to the cloud service using a variant of zero-knowledge proof. A challenge-response protocol is devised to authenticate the user, requiring the user to compute a one-time pad (OTP) to authenticate himself to the server without revealing password to the server. A prototype has been implemented to facilitate the authentication of the user when accessing Dropbox, and the experiment results showed that the overhead incurred is insignificant

Cryptanalysis and Performance Evaluation of Enhanced Threshold Proxy Signature Scheme Based on RSA for Known Signers

In these days there are plenty of signature schemes such as the threshold proxy signature scheme (Kumar and Verma 2010). The network is a shared medium so that the weakness security attacks such as eavesdropping, replay attack, and modification attack. Thus, we have to establish a common key for encrypting/decrypting our communications over an insecure network. In this scheme, a threshold proxy signature scheme based on RSA, any or more proxy signers can cooperatively generate a proxy signature while or fewer of them cannot do it. The threshold proxy signature scheme uses the RSA cryptosystem to generate the private and the public key of the signers (Rivest et al., 1978). Comparison is done on the basis of time complexity, space complexity, and communication overhead. We compare the performance of four schemes (Hwang et al. (2003), Kuo and Chen (2005), Yong-Jun et al. (2007), and Li et al. (2007), with the performance of a scheme that has been proposed earlier by the authors of this paper. In the proposed scheme, both the combiner and the secret share holder can verify the correctness of the information that they are receiving from each other. Therefore, the enhanced threshold proxy signature scheme is secure and efficient against notorious conspiracy attacks

New Public Key Authentication Frameworks with Lite Certification Authority

Two variants of CA-based public key authentication framework are proposed in this paper. The one is termed as public key cryptosystem without certificate management center (PKCwCMC) and the other is termed as proxy signature based authentication framework (PS-based AF). Moreover, we give an implementation of the former based on quadratic residue theory and an implementation of the latter from RSA. Both of the two variants can be looked as lite-CA based authentication frameworks since the workload and deployment of CAs in these systems are much lighter and easier than those of in the traditional CA-based PKC

Security Pitfalls of a Provably Secure Identity-based Multi-Proxy Signature Scheme

An identity-based multi-proxy signature is a type of proxy signatures in which the delegation of signing right is distributed among a number of proxy signers. In this type of cryptographic primitive, cooperation of all proxy signers in the proxy group generates the proxy signatures of roughly the same size as that of standard proxy signatures on behalf of the original signer, which is more efficient than transmitting individual proxy signatures. Since identity-based multi-proxy signatures are useful in distributed systems, grid computing, presenting a provably secure identity-based multi-proxy scheme is desired. In 2013, Sahu and Padhye proposed the first provably secure identity-based multi-proxy signature scheme in the random oracle model, and proved that their scheme is existential unforgeable against adaptive chosen message and identity attack. Unfortunately, in this paper, we show that their scheme is insecure. We present two forgery attacks on their scheme. Furthermore, their scheme is not resistant against proxy key exposure attack. As a consequence, there is no provably secure identity-based multi-proxy signature scheme secure against proxy key exposure attack to date

Invoice factoring through blockchain technology

(English) Invoice factoring has been a popular way to provide cash flow for businesses. The primary function of a factoring system is to prevent an invoice from being factored twice. In order to prevent double factoring, many factoring ecosystems use one or several centralized entities to register factoring agreements. However, this puts a lot of power in the hands of these centralized entities and makes it difficult for users to dispute situations in which factoring data is unavailable, wrongly recorded or manipulated by negligence or on purpose. This thesis presents our research around the current problems of invoice factoring and our new solutions to solve this process using the blockchain technology. A public blockchain can keep a permanent, secure, ordered and transparent record of transactions which are then available for everyone at any time to view and verify. In this thesis, we start proposing a base solution, and we gradually enhance it. In the base protocol, we propose an architecture for invoicing registration based on a general blockchain. The blockchain platform builds trust between the parties by executing transactions correctly. We employed a smart contract to complete the registration process, and prevent double factoring. The smart contract provides for auditing and dispute resolution in such a way that privacy is protected and relevant information is always available. In the second protocol, we add a relayer to our architecture for easier on-boarding. Only the relayer is required to submit blockchain transactions, and pay the corresponding fees. Other participants can proxy their transactions through the relayer, and pay the relayer in fiat money. We also enhance our identity management and authentication using the concept of verifiable credentials (VC) in order to better comply with the Know-Your-Customer (KYC) regulation. In fact, in this architecture, participants use their decentralized identifiers (DIDs) and the DIDComm protocol for asynchronous and secure off-chain interactions. In the final protocol, we greatly enhance our smart contract with respect to the conditions it checks before registering an invoice factoring. We integrate non-interactive zero-knowledge proofs and cryptographic commitments into our solution. With these cryptographic tools in place, we can prevent a special type of denial of service (DoS) attack and better verify invoice details without compromising privacy. Our protocols are very efficient in terms of blockchain costs. In particular, we only need one transaction to register an invoice factoring, and most of the details are recorded in low-cost blockchain storage. Our evaluations and comparison with the literature reveals that our protocols are superior to the related works with respect to efficiency, security, privacy, and ease of use.(Català) La venda de factures o "invoice factoring" ha estat una forma popular de proporcionar flux de caixa a les empreses. La funció principal d'un sistema de venda de factures és evitar que una factura sigui venuda dues vegades. Per evitar la doble venda, molts ecosistemes de factoring utilitzen entitats centralitzades per registrar els acords de venda de factures. Això, però, posa molt poder en mans d'aquestes entitats centralitzades i dificulta que els usuaris puguin impugnar o rebatre situacions en què les dades de venda no estan disponibles, es registren erròniament o es manipulen ja sigui per negligència o a propòsit. Aquesta tesi presenta la nostra recerca al voltant dels problemes actuals dels sistemes de registre de venda de factures i les nostres novedosses solucions per resoldre aquest procés utilitzant la tecnologia "blockchain" (cadena de blocs). Mitjançant una blockchain pública es pot mantenir un registre permanent, segur, ordenat i transparent de transaccions que estan disponibles per a tothom en qualsevol moment per poder ser observades i verificades. A la tesi, comencem proposant una solució base i la anem ampliant i millorant gradualment. La primera proposta és un protocol que utilitza una arquitectura amb blockchain. La plataforma blockchain genera confiança entre les parts ja que garanteix la correcta execució de les transaccions. En aquest sentit, fem servir un contracte intel·ligent per completar el procés de registre i evitar la doble venda. El contracte intel·ligent permet l'auditoria i la resolució de disputes de manera que protegim la privadesa i fem que la informació rellevant estigui sempre disponible. Al segon protocol, afegim un "relay" o retransmissor a la nostra arquitectura per facilitar la incorporació d'usuaris al sistema. El retransmissor és l'únic que envia transaccions a la cadena de blocs i el que paga les taxes corresponents. Els altres participants poden delegar l'enviament de les seves transaccions al repetidor i pagar amb diners fiduciaris. En aquesta proposta també millorem la gestió de la identitat i de l'autenticació utilitzant el concepte de credencials verificables (Verifiable Credentials o VC) per complir millor amb la normativa "Conegui el seu client" (Know Your Customer o KYC). De fet, en aquesta arquitectura, els participants utilitzen els seus identificadors descentralitzats (Decentralized Identifier o DID) i el protocol DIDComm per a les interaccions asíncrones i segures fora de la cadena. Al protocol final, millorem en gran mesura el nostre contracte intel·ligent pel que fa a les condicions que comprova abans de registrar una venda de factura. En aquesta última solució, integrem proves no interactives de coneixement nul (Zero Knowledge Proofs o ZKP) i compromisos criptogràfics. Amb aquestes eines, podem evitar un tipus especial d'atac de denegació de servei (Denial of Service o DoS) i verificar millor els detalls de les factures sense comprometre la privadesa. Els nostres protocols són molt eficients en termes de cost per comissions. En particular, només necessitem una transacció per registrar una factura i la majoria dels detalls es registren a l'emmagatzematge de la cadena de blocs de baix cost. Les nostres avaluacions i la comparació amb la literatura revelen que els nostres protocols són superiors als treballs relacionats pel que fa a l'eficiència, la seguretat, la privadesa i facilitat d'ús.Enginyeria telemàtic

Invoice factoring through blockchain technology

(English) Invoice factoring has been a popular way to provide cash flow for businesses. The primary function of a factoring system is to prevent an invoice from being factored twice. In order to prevent double factoring, many factoring ecosystems use one or several centralized entities to register factoring agreements. However, this puts a lot of power in the hands of these centralized entities and makes it difficult for users to dispute situations in which factoring data is unavailable, wrongly recorded or manipulated by negligence or on purpose. This thesis presents our research around the current problems of invoice factoring and our new solutions to solve this process using the blockchain technology. A public blockchain can keep a permanent, secure, ordered and transparent record of transactions which are then available for everyone at any time to view and verify. In this thesis, we start proposing a base solution, and we gradually enhance it. In the base protocol, we propose an architecture for invoicing registration based on a general blockchain. The blockchain platform builds trust between the parties by executing transactions correctly. We employed a smart contract to complete the registration process, and prevent double factoring. The smart contract provides for auditing and dispute resolution in such a way that privacy is protected and relevant information is always available. In the second protocol, we add a relayer to our architecture for easier on-boarding. Only the relayer is required to submit blockchain transactions, and pay the corresponding fees. Other participants can proxy their transactions through the relayer, and pay the relayer in fiat money. We also enhance our identity management and authentication using the concept of verifiable credentials (VC) in order to better comply with the Know-Your-Customer (KYC) regulation. In fact, in this architecture, participants use their decentralized identifiers (DIDs) and the DIDComm protocol for asynchronous and secure off-chain interactions. In the final protocol, we greatly enhance our smart contract with respect to the conditions it checks before registering an invoice factoring. We integrate non-interactive zero-knowledge proofs and cryptographic commitments into our solution. With these cryptographic tools in place, we can prevent a special type of denial of service (DoS) attack and better verify invoice details without compromising privacy. Our protocols are very efficient in terms of blockchain costs. In particular, we only need one transaction to register an invoice factoring, and most of the details are recorded in low-cost blockchain storage. Our evaluations and comparison with the literature reveals that our protocols are superior to the related works with respect to efficiency, security, privacy, and ease of use.(Català) La venda de factures o "invoice factoring" ha estat una forma popular de proporcionar flux de caixa a les empreses. La funció principal d'un sistema de venda de factures és evitar que una factura sigui venuda dues vegades. Per evitar la doble venda, molts ecosistemes de factoring utilitzen entitats centralitzades per registrar els acords de venda de factures. Això, però, posa molt poder en mans d'aquestes entitats centralitzades i dificulta que els usuaris puguin impugnar o rebatre situacions en què les dades de venda no estan disponibles, es registren erròniament o es manipulen ja sigui per negligència o a propòsit. Aquesta tesi presenta la nostra recerca al voltant dels problemes actuals dels sistemes de registre de venda de factures i les nostres novedosses solucions per resoldre aquest procés utilitzant la tecnologia "blockchain" (cadena de blocs). Mitjançant una blockchain pública es pot mantenir un registre permanent, segur, ordenat i transparent de transaccions que estan disponibles per a tothom en qualsevol moment per poder ser observades i verificades. A la tesi, comencem proposant una solució base i la anem ampliant i millorant gradualment. La primera proposta és un protocol que utilitza una arquitectura amb blockchain. La plataforma blockchain genera confiança entre les parts ja que garanteix la correcta execució de les transaccions. En aquest sentit, fem servir un contracte intel·ligent per completar el procés de registre i evitar la doble venda. El contracte intel·ligent permet l'auditoria i la resolució de disputes de manera que protegim la privadesa i fem que la informació rellevant estigui sempre disponible. Al segon protocol, afegim un "relay" o retransmissor a la nostra arquitectura per facilitar la incorporació d'usuaris al sistema. El retransmissor és l'únic que envia transaccions a la cadena de blocs i el que paga les taxes corresponents. Els altres participants poden delegar l'enviament de les seves transaccions al repetidor i pagar amb diners fiduciaris. En aquesta proposta també millorem la gestió de la identitat i de l'autenticació utilitzant el concepte de credencials verificables (Verifiable Credentials o VC) per complir millor amb la normativa "Conegui el seu client" (Know Your Customer o KYC). De fet, en aquesta arquitectura, els participants utilitzen els seus identificadors descentralitzats (Decentralized Identifier o DID) i el protocol DIDComm per a les interaccions asíncrones i segures fora de la cadena. Al protocol final, millorem en gran mesura el nostre contracte intel·ligent pel que fa a les condicions que comprova abans de registrar una venda de factura. En aquesta última solució, integrem proves no interactives de coneixement nul (Zero Knowledge Proofs o ZKP) i compromisos criptogràfics. Amb aquestes eines, podem evitar un tipus especial d'atac de denegació de servei (Denial of Service o DoS) i verificar millor els detalls de les factures sense comprometre la privadesa. Els nostres protocols són molt eficients en termes de cost per comissions. En particular, només necessitem una transacció per registrar una factura i la majoria dels detalls es registren a l'emmagatzematge de la cadena de blocs de baix cost. Les nostres avaluacions i la comparació amb la literatura revelen que els nostres protocols són superiors als treballs relacionats pel que fa a l'eficiència, la seguretat, la privadesa i facilitat d'ús.Postprint (published version

Virtualized Reconfigurable Resources and Their Secured Provision in an Untrusted Cloud Environment

The cloud computing business grows year after year. To keep up with increasing demand and to offer more services, data center providers are always searching for novel architectures. One of them are FPGAs, reconfigurable hardware with high compute power and energy efficiency. But some clients cannot make use of the remote processing capabilities. Not every involved party is trustworthy and the complex management software has potential security flaws. Hence, clients’ sensitive data or algorithms cannot be sufficiently protected. In this thesis state-of-the-art hardware, cloud and security concepts are analyzed and com- bined. On one side are reconfigurable virtual FPGAs. They are a flexible resource and fulfill the cloud characteristics at the price of security. But on the other side is a strong requirement for said security. To provide it, an immutable controller is embedded enabling a direct, confidential and secure transfer of clients’ configurations. This establishes a trustworthy compute space inside an untrusted cloud environment. Clients can securely transfer their sensitive data and algorithms without involving vulnerable software or a data center provider. This concept is implemented as a prototype. Based on it, necessary changes to current FPGAs are analyzed. To fully enable reconfigurable yet secure hardware in the cloud, a new hybrid architecture is required.Das Geschäft mit dem Cloud Computing wächst Jahr für Jahr. Um mit der steigenden Nachfrage mitzuhalten und neue Angebote zu bieten, sind Betreiber von Rechenzentren immer auf der Suche nach neuen Architekturen. Eine davon sind FPGAs, rekonfigurierbare Hardware mit hoher Rechenleistung und Energieeffizienz. Aber manche Kunden können die ausgelagerten Rechenkapazitäten nicht nutzen. Nicht alle Beteiligten sind vertrauenswürdig und die komplexe Verwaltungssoftware ist anfällig für Sicherheitslücken. Daher können die sensiblen Daten dieser Kunden nicht ausreichend geschützt werden. In dieser Arbeit werden modernste Hardware, Cloud und Sicherheitskonzept analysiert und kombiniert. Auf der einen Seite sind virtuelle FPGAs. Sie sind eine flexible Ressource und haben Cloud Charakteristiken zum Preis der Sicherheit. Aber auf der anderen Seite steht ein hohes Sicherheitsbedürfnis. Um dieses zu bieten ist ein unveränderlicher Controller eingebettet und ermöglicht eine direkte, vertrauliche und sichere Übertragung der Konfigurationen der Kunden. Das etabliert eine vertrauenswürdige Rechenumgebung in einer nicht vertrauenswürdigen Cloud Umgebung. Kunden können sicher ihre sensiblen Daten und Algorithmen übertragen ohne verwundbare Software zu nutzen oder den Betreiber des Rechenzentrums einzubeziehen. Dieses Konzept ist als Prototyp implementiert. Darauf basierend werden nötige Änderungen von modernen FPGAs analysiert. Um in vollem Umfang eine rekonfigurierbare aber dennoch sichere Hardware in der Cloud zu ermöglichen, wird eine neue hybride Architektur benötigt

Applying mobile agents technology to intrusion detection and response

Master'sMASTER OF SCIENC