405 research outputs found
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
The semiconductor industry is fully globalized and integrated circuits (ICs)
are commonly defined, designed and fabricated in different premises across the
world. This reduces production costs, but also exposes ICs to supply chain
attacks, where insiders introduce malicious circuitry into the final products.
Additionally, despite extensive post-fabrication testing, it is not uncommon
for ICs with subtle fabrication errors to make it into production systems.
While many systems may be able to tolerate a few byzantine components, this is
not the case for cryptographic hardware, storing and computing on confidential
data. For this reason, many error and backdoor detection techniques have been
proposed over the years. So far all attempts have been either quickly
circumvented, or come with unrealistically high manufacturing costs and
complexity.
This paper proposes Myst, a practical high-assurance architecture, that uses
commercial off-the-shelf (COTS) hardware, and provides strong security
guarantees, even in the presence of multiple malicious or faulty components.
The key idea is to combine protective-redundancy with modern threshold
cryptographic techniques to build a system tolerant to hardware trojans and
errors. To evaluate our design, we build a Hardware Security Module that
provides the highest level of assurance possible with COTS components.
Specifically, we employ more than a hundred COTS secure crypto-coprocessors,
verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to
realize high-confidentiality random number generation, key derivation, public
key decryption and signing. Our experiments show a reasonable computational
overhead (less than 1% for both Decryption and Signing) and an exponential
increase in backdoor-tolerance as more ICs are added
Customisable arithmetic hardware designs
Imperial Users onl
Reconfigurable elliptic curve cryptography
Elliptic Curve Cryptosystems (ECC) have been proposed as an alternative to other established public key cryptosystems such as RSA (Rivest Shamir Adleman). ECC provide more security per bit than other known public key schemes based on the discrete logarithm problem. Smaller key sizes result in faster computations, lower power consumption and memory and bandwidth savings, thus making ECC a fast, flexible and cost-effective solution for providing security in constrained environments. Implementing ECC on reconfigurable platform combines the speed, security and concurrency of hardware along with the flexibility of the software approach.
This work proposes a generic architecture for elliptic curve cryptosystem on a Field Programmable Gate Array (FPGA) that performs an elliptic curve scalar multiplication in 1.16milliseconds for GF (2163), which is considerably faster than most other documented implementations. One of the benefits of the proposed processor architecture is that it is easily reprogrammable to use different algorithms and is adaptable to any field order. Also through reconfiguration the arithmetic unit can be optimized for different area/speed requirements. The mathematics involved uses binary extension field of the form GF (2n) as the underlying field and polynomial basis for the representation of the elements in the field. A significant gain in performance is obtained by using projective coordinates for the points on the curve during the computation process
Towards a Secure Smart Grid Storage Communications Gateway
This research in progress paper describes the role of cyber security measures
undertaken in an ICT system for integrating electric storage technologies into
the grid. To do so, it defines security requirements for a communications
gateway and gives detailed information and hands-on configuration advice on
node and communication line security, data storage, coping with backend M2M
communications protocols and examines privacy issues. The presented research
paves the road for developing secure smart energy communications devices that
allow enhancing energy efficiency. The described measures are implemented in an
actual gateway device within the HORIZON 2020 project STORY, which aims at
developing new ways to use storage and demonstrating these on six different
demonstration sites.Comment: 6 pages, 2 figure
Comparing AI Algorithms for Optimizing Elliptic Curve Cryptography Parameters in Third-Party E-Commerce Integrations: A Pre-Quantum Era Analysis
This paper presents a comparative analysis between the Genetic Algorithm (GA)
and Particle Swarm Optimization (PSO), two vital artificial intelligence
algorithms, focusing on optimizing Elliptic Curve Cryptography (ECC)
parameters. These encompass the elliptic curve coefficients, prime number,
generator point, group order, and cofactor. The study provides insights into
which of the bio-inspired algorithms yields better optimization results for ECC
configurations, examining performances under the same fitness function. This
function incorporates methods to ensure robust ECC parameters, including
assessing for singular or anomalous curves and applying Pollard's rho attack
and Hasse's theorem for optimization precision. The optimized parameters
generated by GA and PSO are tested in a simulated e-commerce environment,
contrasting with well-known curves like secp256k1 during the transmission of
order messages using Elliptic Curve-Diffie Hellman (ECDH) and Hash-based
Message Authentication Code (HMAC). Focusing on traditional computing in the
pre-quantum era, this research highlights the efficacy of GA and PSO in ECC
optimization, with implications for enhancing cybersecurity in third-party
e-commerce integrations. We recommend the immediate consideration of these
findings before quantum computing's widespread adoption.Comment: 14 page
1. Kryptotag - Workshop über Kryptographie
Der Report enthält eine Sammlung aller Beiträge der Teilnehmer des 1. Kryptotages am 1. Dezember 2004 in Mannheim
Secure Integer Comparisons Using the Homomorphic Properties of Prime Power Subgroups
Secure multi party computation allows two or more parties to jointly compute a function under encryption without leaking information about their private inputs. These secure computations are vital in many fields including law enforcement, secure voting and bioinformatics because the privacy of the information is of paramount importance.
One common reference problem for secure multi party computation is the Millionaires\u27 problem which was first introduced by Turing Award winner Yao in his paper Protocols for secure computation . The Millionaires\u27 problem considers two millionaires who want to know who is richer without disclosing their actual worth.
There are public-key cryptosystems that currently solve this problem, however they use bitwise decomposition and Boolean algebra on encrypted bits. This type of solution is costly as it requires each bit requires its own encryption and decryption.
Our solution to the Millionaires\u27 problem and secure integer comparison looks at a new approach which doesn\u27t use the decomposition method and instead encrypts the full length of the message in one encryption (within scope). This method also extends in a linear fashion, so larger integers remain efficient to compare.
In this thesis, we present a new cryptosystem with a novel homomorphic property used for secure integer comparison, as well as a protocol implementing the cryptosystem and a simulation security proof for the protocol. Finally, we implemented the system and compared it to systems that are being used today
An Optimized Node Level Lightweight Security Algorithm for Cloud Assisted-IoT
The fastest-evolving technology, the Internet of Things (IoT), will advance the fields of agriculture, defense, and medical electronics. IoT is focused on giving every object a purpose. IoT with cloud assistance offers a potential remedy for the issue of data expansion for individual objects with restricted capabilities. With the increasing use of cloud technology, the Internet of Things (IoT) has encountered additional security hurdles when it comes to exchanging data between two parties. To address this issue, a thorough investigation was conducted into a secure cloud-assisted strategy for managing IoT data, which ensures the safety of data during its collection, storage, and retrieval via the cloud, while also considering the growing number of users. To achieve this, a lightweight security mechanism that is optimized at the node level is implemented in the proposed system. By utilizing our technology, a secure IoT infrastructure can be established to prevent the majority of data confidentiality threats posed by both insiders and outsiders. Using a heartbeat sensor and a node MCU, we create a heartbeat monitoring system. At the node MCU level, giving security to the patient's health data and preventing unauthorized users from attacking it. Smaller key sizes and lightweight security techniques for IoT devices with minimal power, lower power and memory consumption and Execution time, transmission capacity reserve is used to achieve security. In order to achieve this. The performance of the RSA and ECC algorithms in terms of execution time, power consumption, and memory use have been tabulated for this experimental arrangement. The ECC method occurs to produce the best results in tiny devices
Blockchain-based end-to-end encryption for Matrix instant messaging
Privacy and security in online communication is an important topic today, especially in the context of instant messaging. A lot of progress has been made in recent years to ensure that conversations are secure against attacks by third parties, but privacy from the service provider itself remains difficult. There are a number of solutions offering end-to-end encryption, but most of them rely on a centralized server, proprietary clients, or both.
In order to have fully secure instant messaging conversations, a decentralized and end-to-end encrypted communication protocol is needed. This means there is no single point of control, and each message is encryped directly on the user's device such that only the recipient can decrypt it.
This work proposes an end-to-end encryption system for the Matrix protocol based on blockchain technology. Matrix is a decentralized protocol and network for real-time communication that is currently mostly used for instant messaging. This protocol was selected because of its versatility and extensibility.
Using the Secret Store feature in OpenEthereum, the proposed system encrypts data using keys stored on the Ethereum blockchain. Access control to the keys is also handled by the Secret Store via a smart contract.
The proposed encryption system has multiple advantages over alternative schemes: The underlying blockchain technology reduces the risk of data loss because of its decentralized and distributed nature. Thanks to the use of smart contracts this system also allows for the creation of an advanced access control system to decryption keys.
In order to test and analyze the proposed design, a reference implementation was created in the form of a library. This library can be used for future research, but also as a building block for different applications to easily implement end-to-end encryption based on blockchain technology
- …