Ejafa_protocol: A custom INC secure protocol

"EJAFA_PROTOCOL: A CUSTOM INC SECURE PROTOCOL" presents a cryptographic solution tailored for lightweight devices, striking a delicate balance between security and efficiency. The protocol incorporates modern cryptographic primitives, including X25519 for key exchange and ChaCha20 for encryption, while adhering to established RFC standards. The report explores the protocol's design, implementation over various network protocols, and its performance characteristics. A key feature of the protocol is its adaptability to resource-constrained environments without compromising on security. This work contributes to the evolving landscape of secure communication protocols, providing a robust solution for practical deployment across a spectrum of applications.Comment: Advanced Computer Network Course,Peking University,Beijing,Chin

Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks

This paper introduces Freestyle, a randomized and variable round version of the ChaCha cipher. Freestyle uses the concept of hash based halting condition where a decryption attempt with an incorrect key is likely to take longer time to halt. This makes Freestyle resistant to key-guessing attacks i.e. brute-force and dictionary based attacks. Freestyle demonstrates a novel approach for ciphertext randomization by using random number of rounds for each block, where the exact number of rounds are unknown to the receiver in advance. Freestyle provides the possibility of generating $2^{128}$ different ciphertexts for a given key, nonce, and message; thus resisting key and nonce reuse attacks. Due to its inherent random behavior, Freestyle makes cryptanalysis through known-plaintext, chosen-plaintext, and chosen-ciphertext attacks difficult in practice. On the other hand, Freestyle has costlier cipher initialization process, typically generates 3.125% larger ciphertext, and was found to be 1.6 to 3.2 times slower than ChaCha20. Freestyle is suitable for applications that favor ciphertext randomization and resistance to key-guessing and key reuse attacks over performance and ciphertext size. Freestyle is ideal for applications where ciphertext can be assumed to be in full control of an adversary, and an offline key-guessing attack can be carried out

Bricklayer Attack: A Side-Channel Analysis on the ChaCha Quarter Round

ChaCha is a family of stream ciphers that are very efficient on constrainted platforms. In this paper, we present electromagnetic side-channel analyses for two different software implementations of ChaCha20 on a 32-bit architecture: one compiled and another one directly written in assembly. On the device under test, practical experiments show that they have different levels of resistance to side-channel attacks. For the most leakage-resilient implementation, an analysis of the whole quarter round is required. To overcome this complication, we introduce an optimized attack based on a divide-and-conquer strategy named bricklayer attack

CRYSTALS - Kyber: A CCA-secure Module-Lattice-Based KEM

Rapid advances in quantum computing, together with the announcement by the National Institute of Standards and Technology (NIST) to define new standards for digital-signature, encryption, and key-establishment protocols, have created significant interest in post-quantum cryptographic schemes. This paper introduces Kyber (part of CRYSTALS - Cryptographic Suite for Algebraic Lattices - a package submitted to NIST post-quantum standardization effort in November 2017), a portfolio of post-quantum cryptographic primitives built around a key-encapsulation mechanism (KEM), based on hardness assumptions over module lattices. Our KEM is most naturally seen as a successor to the NEWHOPE KEM (Usenix 2016). In particular, the key and ciphertext sizes of our new construction are about half the size, the KEM offers CCA instead of only passive security, the security is based on a more general (and flexible) lattice problem, and our optimized implementation results in essentially the same running time as the aforementioned scheme. We first introduce a CPA-secure public-key encryption scheme, apply a variant of the Fujisaki-Okamoto transform to create a CCA-secure KEM, and eventually construct, in a black-box manner, CCA-secure encryption, key exchange, and authenticated-key-exchange schemes. The security of our primitives is based on the hardness of Module-LWE in the classical and quantum random oracle models, and our concrete parameters conservatively target more than 128 bits of post-quantum security

DAGLAP: a protocol suite for authenticating geolocation of cloud servers

Pilvipalveluiden yleistyminen on tuonut mukanaan uusia ongelmia, joista yksi liittyy maantieteelliseen sijaintiin. Nykyaikaisissa palveluissa on usein sijaintikohtaista sisältöä ja mahdollisesti jopa tietoa, jonka ei pidä päätyä tietyn alueen ulkopuolelle. Palveluntarjoajalla voi kuitenkin olla syynsä siirtää sovelluspalvelin muualle. Pilvipalvelussa ajettavan sovelluksen tulisi saada tietää, missä sitä ajetaan ja minne sen tiedot on tallennettu. Tämän työn aiheena on ratkaista tämä ongelma uudella tavalla käyttämällä hyväksi palvelinkeskukseen pysyvästi sijoitettua apulaitetta, joka tarjoaa sijaintitietoa samassa sisäverkossa oleville palvelimille. Työssä kehitetään suunnittelutieteen menetelmin uusi protokollasto, jolla sovellus voi tarkistaa sijaintinsa. Tuloksena syntynyt protokollasto rakentuu toimivaksi todettujen kryptografisten protokollien varaan. Palvelinkeskuksen sijaintitietoja tarjoavaan laitteeseen muodostetaan turvallinen yhteys, jonka yhteydessä laitteen aitous varmistetaan. Tietojen sijainti varmistetaan tarkistamalla, että tietopalvelimella on tosiaan tiedot saatavilla. Läheisyys todetaan mittaamalla kierrosaikoja ja asettamalla niille enimmäisraja. Työn aikana protokollaston ja sitä käyttävän ratkaisun todetaan ratkaisevan ongelman ja täyttävän sille asetetut tarkemmat vaatimukset aiemmin esitettyjä ratkaisuja paremmin. Protokollasto osoitetaan toteuttamiskelpoiseksi toteuttamalla siitä prototyyppi. Tarkempien yksityiskohtien suhteen on kuitenkin lisää tutkittavaa.One of the problems with the modern widespread use of cloud services pertains to geographical location. Modern services often employ location-dependent content, in some cases even data that should not end up outside a certain geographical region. A cloud service provider may however have reasons to move services to other locations. An application running in a cloud environment should have a way to verify the location of both it and its data. This thesis describes a new solution to this problem by employing a permanently deployed hardware device which provides geolocation data to other computers in the same local network. A protocol suite for applications to check their geolocation is developed using the methodology of design science research. The protocol suite thus created uses many tried-and-true cryptographic protocols. A secure connection is established between an application server and the geolocation device, during which the authenticity of the device is verified. The location of data is ensured by checking that a storage server indeed has access to the data. Geographical proximity is checked by measuring round-trip times and setting limits for them. The new solution, with the protocol suite and hardware, is shown to solve the problem and fulfill strict requirements. It improves on the results presented in earlier work. A prototype is implemented, showing that the protocol suite can be feasible both in theory and practice. Details will however require further research

On the Security of the PKCS#1 v1.5 Signature Scheme

The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for DSA or ECDSA. Despite the huge practical importance of RSA PKCS#1 v1.5 signatures, providing formal evidence for their security based on plausible cryptographic hardness assumptions has turned out to be very difficult. Therefore the most recent version of PKCS#1 (RFC 8017) even recommends a replacement the more complex and less efficient scheme RSA-PSS, as it is provably secure and therefore considered more robust. The main obstacle is that RSA PKCS#1 v1.5 signatures use a deterministic padding scheme, which makes standard proof techniques not applicable. We introduce a new technique that enables the first security proof for RSA-PKCS#1 v1.5 signatures. We prove full existential unforgeability against adaptive chosen-message attacks (EUF-CMA) under the standard RSA assumption. Furthermore, we give a tight proof under the Phi-Hiding assumption. These proofs are in the random oracle model and the parameters deviate slightly from the standard use, because we require a larger output length of the hash function. However, we also show how RSA-PKCS#1 v1.5 signatures can be instantiated in practice such that our security proofs apply. In order to draw a more complete picture of the precise security of RSA PKCS#1 v1.5 signatures, we also give security proofs in the standard model, but with respect to weaker attacker models (key-only attacks) and based on known complexity assumptions. The main conclusion of our work is that from a provable security perspective RSA PKCS#1 v1.5 can be safely used, if the output length of the hash function is chosen appropriately

Improved Linear Approximations to ARX Ciphers and Attacks Against ChaCha

In this paper, we present a new technique which can be used to find better linear approximations in ARX ciphers. Using this technique, we present the first explicitly derived linear approximations for 3 and 4 rounds of ChaCha and, as a consequence, it enables us to improve the recent attacks against ChaCha. Additionally, we present new differentials for 3 and 3.5 rounds of ChaCha that, when combined with the proposed technique, lead to further improvement in the complexity of the Differential-Linear attacks against ChaCha