Authentication Codes Based on Resilient Boolean Maps

We introduce new constructions of systematic authentication codes over finite fields and Galois rings. One code is built over finite fields using resilient functions and it provides optimal impersonation and substitution probabilities. Other two proposed codes are defined over Galois rings, one is based on resilient maps and it attains optimal probabilities as well, while the other uses maps whose Fourier transforms get higher values. Being the finite fields special cases of Galois rings, the first code introduced for Galois rings apply also at finite fields. For the special case of characteristic $p^2$, the maps used at the second case in Galois rings are bent indeed, and this case is subsumed by our current general construction of characteristic $p^s$, with $s\geq 2$

On Message Authentication in 4G LTE System

After decades of evolution, the cellular system has become an indispensable part of modern life. Together with the convenience brought by the cellular system, many security issues have arisen. Message integrity protection is one of the urgent problems. The integrity of a message is usually protected by message authentication code (MAC). Forgery attacks are the primary threat to message integrity. By Simon's definition, forgery is twofold. The first is impersonation forgery, in which the opponent can forge a MAC without knowing any message-MAC pairs. The second is substitution forgery, in which the opponent can forge a MAC by knowing certain message-MAC pairs. In the 4G LTE system, MAC is applied not only to RRC control messages and user data, but also to authentication of the identities in the radio network during the authentication and key agreement (AKA) procedure. There is a set of functions used in AKA, which is called A3/A8. Originally, only one cipher suite called MILENAGE followed the definition of A3/A8. Recently, Vodafone has proposed another candidate called TUAK. This thesis first analyzes a MAC algorithm of the 4G LTE system called EIA1. The analysis shows that because of its linear structure, given two valid message-MAC pairs generated by EIA1, attackers can forge up to $2^{32}$ valid MACs by the algorithm called linear forgery attack proposed in this thesis. This thesis also proposes a well-designed scenario, in which attackers can apply the linear forgery attack to the real system. The second work presented in this thesis fixes the gap between the almost XOR universal property and the substitution forgery probability, and assesses the security of EIA1 under different attack models. After the security analysis, an optimized EIA1 using an efficient polynomial evaluation method is proposed. This polynomial evaluation method is analog to the fast Fourier transform. Compared with Horner's rule, which is used in the official implementation of EIA1, this method reduces the number of multiplications over finite field dramatically. The improvement is shown by the experiment results, which suggests that the optimized code is much faster than the official implementation, and the polynomial evaluation method is better than Horner's rule. The third work in this thesis assesses the security of TUAK, and proves TUAK is a secure algorithm set, which means $f_1$, $f_1^*$, and $f_2$ are resistant to forgery attacks, and key recovery attacks; $f_3$ - $f_5$, and $f_5^*$ are resistant to key recovery attacks and collision. A novel technique called multi-output filtering model is proposed in this work in order to study the non-randomness property of TUAK and other cryptographic primitives, such as AES, KASUMI, and PRESENT. A multi-output filtering model consists of a linear feedback shift register (LFSR) and a multi-output filtering function. The contribution of this research is twofold. First, an attack technique under IND-CPA using the multi-output filtering model is proposed. By introducing a distinguishing function, we theoretically determine the success rate of this attack. In particular, we construct a distinguishing function based on the distribution of the linear complexity of component sequences, and apply it on studying TUAK's $f_1$ algorithm, AES, KASUMI and PRESENT. The experiments demonstrate that the success rate of the attack on KASUMI and PRESENT is non-negligible, but $f_1$ and AES are resistant to this attack. Second, this research studies the distribution of the cryptographic properties of component functions of a random primitive in the multi-output filtering model. The experiments show some non-randomness in the distribution of the algebraic degree and nonlinearity for KASUMI. The last work is constructing two MACs. The first MAC called WGIA-128 is a variant of EIA1, and requires the underlying stream cipher to generate uniform distributed key streams. WG-16, a stream cipher with provable security, is a good choice to be the underlying cipher of WGIA-128 because it satisfies the requirement. The second MAC called AMAC is constructed upon APN functions. we propose two different constructions of AMAC, and both of these two constructions have provable security. The probability of substitution forgery attacks against both constructions of AMAC is upper bounded by a negligible value. Compared with EIA1 and EIA3, two message authentication codes used in the 4G LTE system, both constructions of AMAC are slower than EIA3, but much faster than EIA1. Moreover, both constructions of AMAC are resistant to cycling and linear forgery attacks, which can be applied to both EIA1 and EIA3

Digital watermarking and novel security devices

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

ID Photograph hashing : a global approach

This thesis addresses the question of the authenticity of identity photographs, part of the documents required in controlled access. Since sophisticated means of reproduction are publicly available, new methods / techniques should prevent tampering and unauthorized reproduction of the photograph. This thesis proposes a hashing method for the authentication of the identity photographs, robust to print-and-scan. This study focuses also on the effects of digitization at hash level. The developed algorithm performs a dimension reduction, based on independent component analysis (ICA). In the learning stage, the subspace projection is obtained by applying ICA and then reduced according to an original entropic selection strategy. In the extraction stage, the coefficients obtained after projecting the identity image on the subspace are quantified and binarized to obtain the hash value. The study reveals the effects of the scanning noise on the hash values of the identity photographs and shows that the proposed method is robust to the print-and-scan attack. The approach focusing on robust hashing of a restricted class of images (identity) differs from classical approaches that address any imageCette thèse traite de la question de l’authenticité des photographies d’identité, partie intégrante des documents nécessaires lors d’un contrôle d’accès. Alors que les moyens de reproduction sophistiqués sont accessibles au grand public, de nouvelles méthodes / techniques doivent empêcher toute falsification / reproduction non autorisée de la photographie d’identité. Cette thèse propose une méthode de hachage pour l’authentification de photographies d’identité, robuste à l’impression-lecture. Ce travail met ainsi l’accent sur les effets de la numérisation au niveau de hachage. L’algorithme mis au point procède à une réduction de dimension, basée sur l’analyse en composantes indépendantes (ICA). Dans la phase d’apprentissage, le sous-espace de projection est obtenu en appliquant l’ICA puis réduit selon une stratégie de sélection entropique originale. Dans l’étape d’extraction, les coefficients obtenus après projection de l’image d’identité sur le sous-espace sont quantifiés et binarisés pour obtenir la valeur de hachage. L’étude révèle les effets du bruit de balayage intervenant lors de la numérisation des photographies d’identité sur les valeurs de hachage et montre que la méthode proposée est robuste à l’attaque d’impression-lecture. L’approche suivie en se focalisant sur le hachage robuste d’une classe restreinte d’images (d’identité) se distingue des approches classiques qui adressent une image quelconqu

RF Location Tracking: A Modular Antenna System Implementation

From the Amazon Prime Air drone delivery service to the usage of unmanned aerial vehicles (UAV) in military operations, recent years have seen the development of autonomous flight technologies becoming one of the major research topics in the drone industry. Tracking the geographic position of drones is a crucial part of any autonomous flight, but the common methods of drone location tracking either have too large of an error margin or require extensive environmental setup. The aforementioned issues are major roadblocks in the advancement of autonomous flight operations. The proposed solution is a new and improved method to track the location of a drone relative to a single reference point. This method will not require any environmental setup and offers a greater degree of precision than the commonly used Global Positioning System (GPS). The designed proof of concept model, which is a completely modular and self-reliant radio-frequency (RF) based location tracking system, was built to show the viability of this new drone tracking method. The tracking system can determine the relative location of a radio-frequency source with only one receiver module. By requiring only one receiver, this tracking system eliminates the need to set up a triangulation zone. Additionally, optimizing the tracking system to generate a location from the RF telemetry signals needed in user-drone communication, the solution effectively presents an efficient manner to track a drone without the need for additional attachments. The proposed solution introduces a novel method that has the potential to vastly improve autonomous flight development and push it to full realization and fruition

Visible Light Communication Cyber Security Vulnerabilities For Indoor And Outdoor Vehicle-To-Vehicle Communication

Light fidelity (Li-Fi), developed from the approach of Visible Light Communication (VLC), is a great replacement or complement to existing radio frequency-based (RF) networks. Li-Fi is expected to be deployed in various environments were, due to Wi-Fi congestion and health limitations, RF should not be used. Moreover, VLC can provide the future fifth generation (5G) wireless technology with higher data rates for device connectivity which will alleviate the traffic demand. 5G is playing a vital role in encouraging the modern applications. In 2023, the deployment of all the cellular networks will reach more than 5 billion users globally. As a result, the security and privacy of 5G wireless networks is an essential problem as those modern applications are in people\u27s life everywhere. VLC security is as one of the core physical-layer security (PLS) solutions for 5G networks. Due to the fact that light does not penetrate through solid objects or walls, VLC naturally has higher security and privacy for indoor wireless networks compared to RF networks. However, the broadcasting nature of VLC caused concerns, e.g., eavesdropping, have created serious attention as it is a crucial step to validate the success of VLC in wild. The aim of this thesis is to properly address the security issues of VLC and further enhance the VLC nature security. We analyzed the secrecy performance of a VLC model by studying the characteristics of the transmitter, receiver and the visible light channel. Moreover, we mitigated the security threats in the VLC model for the legitimate user, by 1) implementing more access points (APs) in a multiuser VLC network that are cooperated, 2) reducing the semi-angle of LED to help improve the directivity and secrecy and, 3) using the protected zone strategy around the AP where eavesdroppers are restricted. According to the model\u27s parameters, the results showed that the secrecy performance in the proposed indoor VLC model and the vehicle-to-vehicle (V2V) VLC outdoor model using a combination of multiple PLS techniques as beamforming, secure communication zones, and friendly jamming is enhanced. The proposed model security performance was measured with respect to the signal to noise ratio (SNR), received optical power, and bit error rate (BER) Matlab simulation results