Cryptography and its application to operating system security

Not provided

A Novel Method of Encryption using Modified RSA Algorithm and Chinese Remainder Theorem

Security can only be as strong as the weakest link. In this world of cryptography, it is now well established, that the weakest link lies in the implementation of cryptographic algorithms. This project deals with RSA algorithm implementation with and without Chinese Remainder Theorem and also using Variable Radix number System. In practice, RSA public exponents are chosen to be small which makes encryption and signature verification reasonably fast. Private exponents however should never be small for obvious security reasons. This makes decryption slow. One way to speed things up is to split things up, calculate modulo p and modulo q using Chinese Remainder Theorem. For smart cards which usually have limited computing power, this is a very important and useful technique. This project aims at implementing RSA algorithm using Chinese Remainder Theorem as well as to devise a modification using which it would be still harder to decrypt a given encrypted message by employing a Variable radix system in order to encrypt the given message at the first place

Scalable One-Time Pad --- From Information Theoretic Security to Information Conservational Security

Whereas it is widely deemed an impossible task to scale down One-Time Pad (OTP) key length without sacrificing information theoretic security or network traffic, this project started with the attempt to develop a paradigm of Scalable One-Time Pad (S-OTP) ciphers based on information conservational computing/cryptography (ICC). This line of research, however, hits a dead-end at the limitation of information entropy and computational precision for full information conservation when long messages are transmitted. The dead-end suggests a 2-phase study. First, to explore the boundaries of scalability with data compression to reduce a long message to a tiny minimum but assuming only partial information conservation. Second, to explore the possibility of scalability with full information conservation but with limited increase of network traffic for transmitting long messages with information theoretic security. This paper reports results of the first phase. This study suggests two future directions of ICC: (1) using S-OTP to scale down key length at the expense of limited increase of network traffic for full information conservation (See solution at https://eprint.iacr.org/2019/913.pdf ); (2) develop a type of quantum crypto machine for full information conservation

Unlocking Test-Driven Development

Women Partnering is non-profit organization that helps women who are financially vulnerable. This organization establishes relationships with the women and connects them to support services. This project created a software system to support Women Partnering\u27s daily operations and reporting needs, which replaced the previous manually intensive, paper-based system. There were many problems with the previous paper-based system including the following: data duplication, data not readily available, and lack of a reporting capability. Besides these problems, the previous system was not expected to support anticipated growth. The student followed a Test-Driven Development Methodology while building the software system. This is the first time that the student has used Test-Driven Development on a project. To help with his understanding, he compared and contrasted this methodology to the Zachman Framework Methodology. The student knew that he also had to secure the application, so he researched the Rijndael cipher. The analysis, design, and testing is handled differently in Test-Drive

Data Encryption and Decryption Using Hill Cipher Method and Self Repetitive Matrix

Since times immemorial, security of data to maintain its confidentiality, proper access control, integrity and availability has been a major issue in data communication. As soon as a sensitive message was etched on a clay tablet or written on the royal walls, then it must have been foremost in the sender’s mind that the information should not get intercepted and read by a rival. Codes, hence, form an important part of our history, starting from the paintings of Da Vinci and Michelangelo to the ancient Roman steganographic practices the necessity of data hiding was obvious

Crypto-processeur architecture, programmation et évaluation de la sécurité

Les architectures des processeurs et coprocesseurs cryptographiques se montrent fréquemment vulnérables aux différents types d attaques ; en particulier, celles qui ciblent une révélation des clés chiffrées. Il est bien connu qu une manipulation des clés confidentielles comme des données standards par un processeur peut être considérée comme une menace. Ceci a lieu par exemple lors d un changement du code logiciel (malintentionné ou involontaire) qui peut provoquer que la clé confidentielle sorte en clair de la zone sécurisée. En conséquence, la sécurité de tout le système serait irréparablement menacée. L objectif que nous nous sommes fixé dans le travail présenté, était la recherche d architectures matérielles reconfigurables qui peuvent fournir une sécurité élevée des clés confidentielles pendant leur génération, leur enregistrement et leur échanges en implantant des modes cryptographiques de clés symétriques et des protocoles. La première partie de ce travail est destinée à introduire les connaissances de base de la cryptographie appliquée ainsi que de l électronique pour assurer une bonne compréhension des chapitres suivants. Deuxièmement, nous présentons un état de l art des menaces sur la confidentialité des clés secrètes dans le cas où ces dernières sont stockées et traitées dans un système embarqué. Pour lutter contre les menaces mentionnées, nous proposons alors de nouvelles règles au niveau du design de l architecture qui peuvent augmenter la résistance des processeurs et coprocesseurs cryptographiques contre les attaques logicielles. Ces règles prévoient une séparation des registres dédiés à l enregistrement de clés et ceux dédiés à l enregistrement de données : nous proposons de diviser le système en zones : de données, du chiffreur et des clés et à isoler ces zones les unes des autres au niveau du protocole, du système, de l architecture et au niveau physique. Ensuite, nous présentons un nouveau crypto-processeur intitulé HCrypt, qui intègre ces règles de séparation et qui assure ainsi une gestion sécurisée des clés. Mises à part les instructions relatives à la gestion sécurisée de clés, quelques instructions supplémentaires sont dédiées à une réalisation simple des modes de chiffrement et des protocoles cryptographiques. Dans les chapitres suivants, nous explicitons le fait que les règles de séparation suggérées, peuvent également être étendues à l architecture d un processeur généraliste et coprocesseur. Nous proposons ainsi un crypto-coprocesseur sécurisé qui est en mesure d être utilisé en relation avec d autres processeurs généralistes. Afin de démontrer sa flexibilité, le crypto-coprocesseur est interconnecté avec les processeurs soft-cores de NIOS II, de MicroBlaze et de Cortex M1. Par la suite, la résistance du crypto-processeur par rapport aux attaques DPA est testée. Sur la base de ces analyses, l architecture du processeur HCrypt est modifiée afin de simplifier sa protection contre les attaques par canaux cachés (SCA) et les attaques par injection de fautes (FIA). Nous expliquons aussi le fait qu une réorganisation des blocs au niveau macroarchitecture du processeur HCrypt, augmente la résistance du nouveau processeur HCrypt2 par rapport aux attaques de type DPA et FIA. Nous étudions ensuite les possibilités pour pouvoir reconfigurer dynamiquement les parties sélectionnées de l architecture du processeur crypto-coprocesseur. La reconfiguration dynamique peut être très utile lorsque l algorithme de chiffrement ou ses implantations doivent être changés en raison de l apparition d une vulnérabilité Finalement, la dernière partie de ces travaux de thèse, est destinée à l exécution des tests de fonctionnalité et des optimisations stricts des deux versions du cryptoprocesseur HCryptArchitectures of cryptographic processors and coprocessors are often vulnerable to different kinds of attacks, especially those targeting the disclosure of encryption keys. It is well known that manipulating confidential keys by the processor as ordinary data can represent a threat: a change in the program code (malicious or unintentional) can cause the unencrypted confidential key to leave the security area. This way, the security of the whole system would be irrecoverably compromised. The aim of our work was to search for flexible and reconfigurable hardware architectures, which can provide high security of confidential keys during their generation, storage and exchange while implementing common symmetric key cryptographic modes and protocols. In the first part of the manuscript, we introduce the bases of applied cryptography and of reconfigurable computing that are necessary for better understanding of the work. Second, we present threats to security of confidential keys when stored and processed within an embedded system. To counteract these threats, novel design rules increasing robustness of cryptographic processors and coprocessors against software attacks are presented. The rules suggest separating registers dedicated to key storage from those dedicated to data storage: we propose to partition the system into the data, cipher and key zone and to isolate the zones from each other at protocol, system, architectural and physical levels. Next, we present a novel HCrypt crypto-processor complying with the separation rules and thus ensuring secure key management. Besides instructions dedicated to secure key management, some additional instructions are dedicated to easy realization of block cipher modes and cryptographic protocols in general. In the next part of the manuscript, we show that the proposed separation principles can be extended also to a processor-coprocessor architecture. We propose a secure crypto-coprocessor, which can be used in conjunction with any general-purpose processor. To demonstrate its flexibility, the crypto-coprocessor is interconnected with the NIOS II, MicroBlaze and Cortex M1 soft-core processors. In the following part of the work, we examine the resistance of the HCrypt cryptoprocessor to differential power analysis (DPA) attacks. Following this analysis, we modify the architecture of the HCrypt processor in order to simplify its protection against side channel attacks (SCA) and fault injection attacks (FIA). We show that by rearranging blocks of the HCrypt processor at macroarchitecture level, the new HCrypt2 processor becomes natively more robust to DPA and FIA. Next, we study possibilities of dynamically reconfiguring selected parts of the processor - crypto-coprocessor architecture. The dynamic reconfiguration feature can be very useful when the cipher algorithm or its implementation must be changed in response to appearance of some vulnerability. Finally, the last part of the manuscript is dedicated to thorough testing and optimizations of both versions of the HCrypt crypto-processor. Architectures of crypto-processors and crypto-coprocessors are often vulnerable to software attacks targeting the disclosure of encryption keys. The thesis introduces separation rules enabling crypto-processor/coprocessors to support secure key management. Separation rules are implemented on novel HCrypt crypto-processor resistant to software attacks targetting the disclosure of encryption keysST ETIENNE-Bib. électronique (422189901) / SudocSudocFranceF