Dynamic block encryption with self-authenticating key exchange

One of the greatest challenges facing cryptographers is the mechanism used for key exchange. When secret data is transmitted, the chances are that there may be an attacker who will try to intercept and decrypt the message. Having done so, he/she might just gain advantage over the information obtained, or attempt to tamper with the message, and thus, misguiding the recipient. Both cases are equally fatal and may cause great harm as a consequence. In cryptography, there are two commonly used methods of exchanging secret keys between parties. In the first method, symmetric cryptography, the key is sent in advance, over some secure channel, which only the intended recipient can read. The second method of key sharing is by using a public key exchange method, where each party has a private and public key, a public key is shared and a private key is kept locally. In both cases, keys are exchanged between two parties. In this thesis, we propose a method whereby the risk of exchanging keys is minimised. The key is embedded in the encrypted text using a process that we call `chirp coding', and recovered by the recipient using a process that is based on correlation. The `chirp coding parameters' are exchanged between users by employing a USB flash memory retained by each user. If the keys are compromised they are still not usable because an attacker can only have access to part of the key. Alternatively, the software can be configured to operate in a one time parameter mode, in this mode, the parameters are agreed upon in advance. There is no parameter exchange during file transmission, except, of course, the key embedded in ciphertext. The thesis also introduces a method of encryption which utilises dynamic blocks, where the block size is different for each block. Prime numbers are used to drive two random number generators: a Linear Congruential Generator (LCG) which takes in the seed and initialises the system and a Blum-Blum Shum (BBS) generator which is used to generate random streams to encrypt messages, images or video clips for example. In each case, the key created is text dependent and therefore will change as each message is sent. The scheme presented in this research is composed of five basic modules. The first module is the key generation module, where the key to be generated is message dependent. The second module, encryption module, performs data encryption. The third module, key exchange module, embeds the key into the encrypted text. Once this is done, the message is transmitted and the recipient uses the key extraction module to retrieve the key and finally the decryption module is executed to decrypt the message and authenticate it. In addition, the message may be compressed before encryption and decompressed by the recipient after decryption using standard compression tools

Improvement in the management of cryptographic keys in a HSM and proposal of an Outdoor Position Certification Authority

2017 - 2018The following doctoral thesis comprises two distinct sections, both describing a specific applied research concerning the macro-theme of computer security. The first section describes a proposal for the improvement and optimization of the storage space required for the management of cryptographic keys within a Hardware Security Module (HSM), whereas the second section outlines the design of an Outdoor Position Certification Authority (OPCA), a distributed client-server architecture aimed for the validation and certification of the positioning of a mobile device. A Hardware Security Module is a special device designed for cryptographic operations and cryptographic keys management. The latter keys are stored into the HSM and never exposed outside the device. All the operations carried out through the keys are performed inside the HSM so the operations result is indeed the only external outcome produced by the HSM. In order for the HSM to store all the keys that have to be managed, plenty of storage space is required. The biggest data centres, handling millions of cryptographic keys, need to host a large number of HSMs. The related costs are proportional to the number of HSMs used. These costs include: hardware, energy consumption, network hosting, network speed, management, etc. In this thesis, there can be found two methods to save the space useful for the storage of the keys in a HSM, so to reduce the number of HSMs needed and all related costs. While reducing costs on storage, expenses related to computation time will increase. The outlined Outdoor Position Certification Authority represents the project and design of a certification authority whose purpose is to certify the positioning of a mobile device equipped with a GNSS (Global Navigation Satellite System) receiver. In general, a GNSS receiver is capable of acquiring radio signals (lowlevel data) and navigation messages (high-level data) in the outdoor environments coming from different constellations of global/regional satellite navigation systems and satellite-based augmentation system (SBAS). To date, these data are not reliable from a security point of view, because they can be easily forged by malicious attackers through specialized spoofing techniques. An OPCA defines a client/server architecture through which a user can certify his position by sending to one or more remote servers the geo-localization information required for its verification. Once the truthfulness and reliability of the data received have been verified, the OPCA will issue and then send to the client a digitally signed document having legal force and certifying the position of the user in a given moment. The use of this service will concern different and multiple scenarios and the devices requiring it will extensively grow in number thanks to the spread of the Internet of Things (IoT). Here are some possible scenarios: remote digital signing of a document for users located in a specific place; certification of the geographical position of a user in a given moment; certification of geographical position related to the delivery of valuable goods; certification of geographical position in case of critical events, such as rescue operations, police actions, etc. The first section of this thesis has been carried out based on two scientific publications. The first one, entitled “Reducing Costs in HSM-Based Data Centres”, is a conference publication presented during the “International Conference on Green, Pervasive, and Cloud Computing 2017 (GPC 2017) at Cetara (SA)”. This paper offers a first experimental evaluation of what will be found in the next pages and referred to as “Enhanced HSM (EHSM)”. The second paper is a journal version, published in the “Journal of High Speed Networks (JHSN) - IOS Press”. In this publication, an alternative approach has been illustrated in relation to the issue of space storage in the key management of a HSM. The second section of the thesis is based on an International Patent registered at the European Patent Organization (EPO), its official number being EP 18724344.9, and on a related paper, being completed, entitled “Design of an Outdoor Position Certification Authority”. [edited by author]XVII n.s. (XXXI ciclo

A Security Architecture for Data Aggregation and Access Control in Smart Grids

We propose an integrated architecture for smart grids, that supports data aggregation and access control. Data can be aggregated by home area network, building area network and neighboring area network in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism gives selective access to consumer data stored in data repositories and used by different smart grid users. Users can be maintenance units, utility centers, pricing estimator units or analyzing and prediction groups. We solve this problem of access control using cryptographic technique of attribute-based encryption. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Users can decrypt information provided they have valid attributes. The access control scheme is distributed in nature and does not rely on a single KDC to distribute keys. Bobba \emph{et al.} \cite{BKAA09} proposed an access control scheme, which relies on a centralized KDC and is thus prone to single-point failure. The other requirement is that the KDC has to be online, during data transfer which is not required in our scheme. Our access control scheme is collusion resistant, meaning that users cannot collude and gain access to data, when they are not authorized to access. We theoretically analyze our schemes and show that the computation overheads are low enough to be carried out in smart grids. To the best of our knowledge, ours is the first work on smart grids, which integrates these two important security components (privacy preserving data aggregation and access control) and presents an overall security architecture in smart grids.Comment: 12 Pages, 3 figure

Aircraft Regional-Scale Flux Measurements over Complex Landscapes of Mangroves, Desert, and Marine Ecosystems of Magdalena Bay, Mexico

Natural ecosystems are rarely structurally simple or functionally homogeneous. This is true for the complex coastal region of Magdalena Bay, Baja California Sur, Mexico, where the spatial variability in ecosystem fluxes from the Pacific coastal ocean, eutrophic lagoon, mangroves, and desert were studied. The Sky Arrow 650TCN environmental research aircraft proved to be an effective tool in characterizing land–atmosphere fluxes of energy, CO2, and water vapor across a heterogeneous landscape at the scale of 1 km. The aircraft was capable of discriminating fluxes from all ecosystem types, as well as between nearshore and coastal areas a few kilometers distant. Aircraft-derived average midday CO2 fluxes from the desert showed a slight uptake of −1.32 μmol CO2 m−2 s−1, the coastal ocean also showed an uptake of −3.48 μmol CO2 m−2 s−1, and the lagoon mangroves showed the highest uptake of −8.11 μmol CO2 m−2 s−1. Additional simultaneous measurements of the normalized difference vegetation index (NDVI) allowed simple linear modeling of CO2 flux as a function of NDVI for the mangroves of the Magdalena Bay region. Aircraft approaches can, therefore, be instrumental in determining regional CO2 fluxes and can be pivotal in calculating and verifying ecosystem carbon sequestration regionally when coupled with satellite-derived products and ecosystem models

An assessment of the autonomous integrity monitoring performance of a combined GPS/Galileo Satellite Navigation System, and its impact on the case for the development of Galileo

In 1999 Europe, through the European Commission and the European Space Agency, began detailed definition of a second generation Global Navigation Satellite System (GNSS). This GNSS development programme, known as “Galileo”, was intended to both complement and compete against the existing US Global Positioning System (GPS). Unlike GPS, Galileo is intended to be privately financed, following the initial development investment from the EC and ESA, which implies that Galileo should provide some revenue-earning services. From its earliest inception, the basis of these services has been assumed to be through the provision of Signal Integrity through an Integrity Flag broadcast through the Galileo system– a service which GPS cannot provide without some external system augmentation. This thesis undertakes a critical evaluation of the value of this integrity system in Galileo. This thesis has two parts. The first demonstrates that the conditions required to attract adequate private finance to the Galileo programme are incompatible with the system architecture derived from the early Galileo system studies and taken forward into the system early deployment phase, which includes an Integrity system within Galileo. The second part of this thesis aims to demonstrate that receivers which can combine the signals from GPS and Galileo may offer a free Integrity service which meet the needs of the majority of users, possibly up to the standards required for aviation precision approach. A novel Receiver Autonomous Integrity Monitoring (RAIM) technique is described, using an Errors in Variables/Total Least Squares approach to the detection of inconsistencies in an over-determined set of GNSS signal measurements. The mathematical basis for this technique is presented, along with results which compare the simulated performance of receivers using this algorithm against the expected performance of Galileo’s internal integrity determination system.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Neighborhood Localization Method for Locating Construction Resources Based on RFID and BIM

Construction sites are changing every day, which brings some difficulties for different contractors to do their tasks properly. One of the key points for all entities who work on the same site is the location of resources including materials, tools, and equipment. Therefore, the lack of an integrated localization system leads to increase the time wasted on searching for resources. In this research, a localization method which does not need infrastructure is proposed to overcome this problem. Radio Frequency Identification (RFID) as a localization technology is integrated with Building Information Modeling (BIM) as a method of creating, sharing, exchanging and managing the building information throughout the lifecycle among all stakeholders. In the first stage, a requirements’ gathering and conceptual design are performed to add new entities, data types, and properties to the BIM, and relationships between RFID tags and building assets are identified. Secondly, it is proposed to distribute fixed tags with known positions as reference tags for the RFID localization approach. Then, a clustering method chooses the appropriate reference tags to provide them to an Artificial Neural Network (ANN) for further computations. Additionally, Virtual Reference Tags (VRTs) are added to the system to increase the resolution of localization while limiting the cost of the system deployment. Finally, different case studies and simulations are implemented and tested to explore the technical feasibility of the proposed approach