Performance analysis of a security architecture for active networks in Java

Internacional Association of Science and Technology for Development - IASTED, Benalmadena, Spain: 8-10 Septiembre, 2003.Active network technology supports the deployment and execution on the fly of new active services, without interrupting the network operation. Active networks are composed of special nodes (named Active Router) that are able to execute active code to offer the active services. This technology introduces some security threats that must be solved using a security architecture. We have developed a security architecture (ROSA) for an active network platform (SARA). Java has been used as programming language in order to provide portability, but it imposes some performance limitations. This paper analyses the penalty of using Java and proposes some mechanisms to improve the performance of cryptographic implementations in Java.Publicad

DSA with SHA-1 for Space Telecommand Authentication: Analysis and Results

The issue of securing Telecommand data communications in civil and commercial space missions, by means of properly located security services and primitives, has been debated within the Security Working Group of the Consultative Committee for Space Data Systems since several months. In the context of Telecommand transmissions, that can be vital in determining a successful operational behavior of a space system, the interest is mainly focused on authentication, more than encryption. The object of this paper is to investigate, under the perspective of computational overhead, the possible applicability of a standard scheme, Digital Signature Algorithm with SHA- 1, to the authentication of Telecommand data structures, and to discuss the pros and cons related to its adoption in such a peculiar context, through numerical simulations and comparison with an alternative solution relying on the widely used MD5 hash algorithm

Energy Efficient Security Framework for Wireless Local Area Networks

Wireless networks are susceptible to network attacks due to their inherentvulnerabilities. The radio signal used in wireless transmission canarbitrarily propagate through walls and windows; thus a wireless networkperimeter is not exactly known. This leads them to be more vulnerable toattacks such as eavesdropping, message interception and modifications comparedto wired-line networks. Security services have been used as countermeasures toprevent such attacks, but they are used at the expense of resources that arescarce especially, where wireless devices have a very limited power budget.Hence, there is a need to provide security services that are energy efficient.In this dissertation, we propose an energy efficient security framework. Theframework aims at providing security services that take into account energyconsumption. We suggest three approaches to reduce the energy consumption ofsecurity protocols: replacement of standard security protocol primitives thatconsume high energy while maintaining the same security level, modification ofstandard security protocols appropriately, and a totally new design ofsecurity protocol where energy efficiency is the main focus. From ourobservation and study, we hypothesize that a higher level of energy savings isachievable if security services are provided in an adjustable manner. Wepropose an example tunable security or TuneSec system, which allows areasonably fine-grained security tuning to provide security services at thewireless link level in an adjustable manner.We apply the framework to several standard security protocols in wirelesslocal area networks and also evaluate their energy consumption performance.The first and second methods show improvements of up to 70% and 57% inenergy consumption compared to plain standard security protocols,respectively. The standard protocols can only offer fixed-level securityservices, and the methods applied do not change the security level. The thirdmethod shows further improvement compared to fixed-level security by reducing(about 6% to 40%) the energy consumed. This amount of energy saving can bevaried depending on the configuration and security requirements

On the Exploitation of a High-throughput SHA-256 FPGA Design for HMAC

High-throughput and area-efficient designs of hash functions and corresponding mechanisms for Message Authentication Codes (MACs) are in high demand due to new security protocols that have arisen and call for security services in every transmitted data packet. For instance, IPv6 incorporates the IPSec protocol for secure data transmission. However, the IPSec's performance bottleneck is the HMAC mechanism which is responsible for authenticating the transmitted data. HMAC's performance bottleneck in its turn is the underlying hash function. In this article a high-throughput and small-size SHA-256 hash function FPGA design and the corresponding HMAC FPGA design is presented. Advanced optimization techniques have been deployed leading to a SHA-256 hashing core which performs more than 30% better, compared to the next better design. This improvement is achieved both in terms of throughput as well as in terms of throughput/area cost factor. It is the first reported SHA-256 hashing core that exceeds 11Gbps (after place and route in Xilinx Virtex 6 board)

Elliptic Curve Cryptography Services for Mobile Operating Systems

Mobile devices as smartphones, tablets and laptops, are nowadays considered indispensable objects by most people in developed countries. A s personal and work assistant s , some of th e s e devices store , process and transmit sensitive and private data. Naturally , the number of mobile applications with integrated cryptographic mechanisms or offering security services has been significantly increasing in the last few years. Unfortunately, not all of those applications are secure by design, while other may not implement the cryptographic primitives correctly. Even the ones that implement them correctly may suffer from longevity problems, since cryptographic primitives that are considered secure nowadays may become obsolete in the next few years. Rivest, Shamir and Adleman (RSA) is an example of an widely used cryptosystem that may become depleted shorty . While the security issues in the mobile computing environment may be of median severity for casual users, they may be critical for several professional classes, namely lawyers, journalists and law enforcement agents. As such, it is important to approach these problems in a structured manner. This master’s program is focused on the engineering and implementation of a mobile application offering a series of security services. The application was engineered to be secure by design for the Windows Phone 8.1 Operating System (OS) which, at the time of writing this dissertation, was the platform with the most discreet offer in terms of applications of this type. The application provides services such as secure exchange of a cryptographic secret, encryption and digital signature of messages and files, management of contacts and encryption keys and secure password generation and storage. Part of the cryptographic primitives used in this work are from the Elliptic Curve Cryptography (ECC) theory, for which the discrete logarithm problem is believed to be harder and key handling is easier. The library defining a series of curves and containing the procedures and operations supporting the ECC primitives was implemented from scratch, since there was none available, comprising one of the contributions of this work. The work evolved from the analysis of the state-of-the-art to the requirements analysis and software engineering phase, thoroughly described herein, ending up with the development of a prototype. The engineering of the application included the definition of a trust model for the exchange of public keys and the modeling of the supporting database. The most visible outcomes of this master’s program are the fully working prototype of a mobile application offering the aforementioned security services, the implementation of an ECC library for the .NET framework, and this dissertation. The source code for the ECC library was made available online on GitHub with the name ECCryptoLib [Ana15]. Its development and improvement was mostly dominated by unit testing. The library and the mobile application were developed in C?. The level of security offered by the application is guaranteed via the orchestration and combination of state-of-the-art symmetric key cryptography algorithms, as the Advanced Encryption Standard (AES) and Secure Hash Algorithm 256 (SHA256) with the ECC primitives. The generation of passwords is done by using several sensors and inputs as entropy sources, which are fed to a cryptographically secure hash function. The passwords are stored in an encrypted database, whose encryption key changes every time it is opened, obtained using a Password-Based Key Derivation Function 2 (PBKDF2) from a master password. The trust model for the public keys designed in the scope of this work is inspired in Pretty Good Privacy (PGP), but granularity of the trust levels is larger.Dispositivos móveis como computadores portáteis, smartphones ou tablets, são, nos dias de hoje, considerados objectos indispensáveis pela grande maioria das pessoas residentes em países desenvolvidos. Por serem utilizados como assistentes pessoais ou de trabalho, alguns destes dispositivos guardam, processam e transmitem dados sensíveis ou privados. Naturalmente, o número de aplicações móveis com mecanismos criptográficos integrados ou que oferecem serviços de segurança, tem vindo a aumentar de forma significativa nos últimos anos. Infelizmente, nem todas as aplicações são seguras por construção, e outras podem não implementar as primitivas criptográficas corretamente. Mesmo aquelas que as implementam corretamente podem sofrer de problemas de longevidade, já que primitivas criptográficas que são hoje em dia consideradas seguras podem tornar-se obsoletas nos próximos anos. O Rivest, Shamir and Adleman (RSA) constitui um exemplo de um sistema criptográfico muito popular que se pode tornar obsoleto a curto prazo. Enquanto que os problemas de segurança em ambientes de computação móvel podem ser de média severidade para utilizadores casuais, estes são normalmente críticos para várias classes profissionais, nomeadamente advogados, jornalistas e oficiais da justiça. É, por isso, importante, abordar estes problemas de uma forma estruturada. Este programa de mestrado foca-se na engenharia e implementação de uma aplicação móvel que oferece uma série de serviços de segurança. A aplicação foi desenhada para ser segura por construção para o sistema operativo Windows Phone 8.1 que, altura em que esta dissertação foi escrita, era a plataforma com a oferta mais discreta em termos de aplicações deste tipo. A aplicação fornece funcionalidades como trocar um segredo criptográfico entre duas entidades de forma segura, cifra, decifra e assinatura digital de mensagens e ficheiros, gestão de contactos e chaves de cifra, e geração e armazenamento seguro de palavras-passe. Parte das primitivas criptográficas utilizadas neste trabalho fazem parte da teoria da criptografia em curvas elípticas, para a qual se acredita que o problema do logaritmo discreto é de mais difícil resolução e para o qual a manipulação de chaves é mais simples. A biblioteca que define uma série de curvas, e contendo os procedimentos e operações que suportam as primitivas criptográficas, foi totalmente implementada no âmbito deste trabalho, dado ainda não existir nenhuma disponível no seu início, compreendendo assim uma das suas contribuições. O trabalho evoluiu da análise do estado da arte para o levantamento dos requisitos e para a fase de engenharia de software, aqui descrita detalhadamente, culminando no desenvolvimento de um protótipo. A engenharia da aplicação incluiu a definição de um sistema de confiança para troca de chaves públicas e também modelação da base de dados de suporte. Os resultados mais visíveis deste programa de mestrado são o protótipo da aplicação móvel, completamente funcional e disponibilizando as funcionalidades de segurança acima mencionadas, a implementação de uma biblioteca Elliptic Curve Cryptography (ECC) para framework .NET, e esta dissertação. O código fonte com a implementação da biblioteca foi publicada online. O seu desenvolvimento e melhoramento foi sobretudo dominado por testes unitários. A biblioteca e a aplicação móvel foram desenvolvidas em C?. O nível de segurança oferecido pela aplicação é garantido através da orquestração e combinação de algoritmos da criptografia de chave simétrica atuais, como o Advanced Encryption Standard (AES) e o Secure Hash Algorithm 256 (SHA256), com as primitivas ECC. A geração de palavras-passe é feita recorrendo utilizando vários sensores e dispoitivos de entrada como fontes de entropia, que posteriormente são alimentadas a uma função de hash criptográfica. As palavras-passe são guardadas numa base de dados cifrada, cuja chave de cifra muda sempre que a base de dados é aberta, sendo obtida através da aplicação de um Password-Based Key Derivation Function 2 (PBKDF2) a uma palavrapasse mestre. O modelo de confiança para chaves públicas desenhado no âmbito deste trabalho é inspirado no Pretty Good Privacy (PGP), mas a granularidade dos níveis de confiança é superior

Performance Analysis of Encryption Capabilities of ARM-based Single Board Microcomputers

In the few years since the Raspberry Pi was released in 2012, countless microcomputers based on the ARM architecture have been introduced.Their small size, high performance relative to their power consumption, and the ability to run the popular Linux operating system make them ideal for a wide range of tasks. Information security is an area of particular importance. Different encryption and encoding algorithms play an important role in almost all areas of information security. However, these algorithms are very computationally intensive, so it is important to investigate which microcomputers can be used for these tasks, and under which trade-offs. The performance of ten different microcomputers is investigated and presented for the application of common symmetric and public-key encryption and decryption, digest creation and message authentication protocols, such as RSA, AES, HMAC, MD5, SHA. Reliable encryption requires the generation of reliable (pseudo)random numbers (Cryptographically Secure Random Numbers, CSRN), and microcomputers based on ARM SoCs usually have hardware implemented (pseudo)random number generators. The applicability of the random number generat er generators. The applicability of the random number generators of different microcomputers are investigated and presented; test methoods are described , and recommendations are made