Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Web-based application for cryptographic protocols visualization

Práce se zabývá vytvořením interaktivní webové aplikace pro substituční šifry a jejich interaktivní kryptoanalýzu. V práci je implementováno šest šifer a zástupci monoalfabetických šifer jsou Caesarova šifra, Atbaš a substituce s klíčovým slovem. Dále zástupci polyalfabetických šifer jsou Vigenrova šifra, Kryptos a Vernamova šifra. Pro interaktivní analýzu je použita frekvenční analýza, index koincidence a n-gramová statistika jako fitness funkce. Výsledek byl dosažen za pomoci HTML5, CSS a skriptovacího jazyka ReactJS což je JavaScriptová knihovna s možností typové kontroly proměnných.The thesis deals with the creation of an interactive web application for substitution ciphers and their interactive cryptanalysis. Six ciphers are implemented in the work. Representatives of monoalphabetic ciphers are Caesar’s cipher, Atbash, and Keyword cipher and representatives of polyalphabetic ciphers are Vigenre cipher, Kryptos and Vernam cipher. Frequency analysis, index of coincidence and n-gram statistics as a fitness function are used for interactive cryptanalysis. The result is achieved by using HTML5, CSS and ReactJS scripting language which is a JavaScript library with the ability of variable type-check.

Security and Privacy for the Modern World

The world is organized around technology that does not respect its users. As a precondition of participation in digital life, users cede control of their data to third-parties with murky motivations, and cannot ensure this control is not mishandled or abused. In this work, we create secure, privacy-respecting computing for the average user by giving them the tools to guarantee their data is shielded from prying eyes. We first uncover the side channels present when outsourcing scientific computation to the cloud, and address them by building a data-oblivious virtual environment capable of efficiently handling these workloads. Then, we explore stronger privacy protections for interpersonal communication through practical steganography, using it to hide sensitive messages in realistic cover distributions like English text. Finally, we discuss at-home cryptography, and leverage it to bind a user’s access to their online services and important files to a secure location, such as their smart home. This line of research represents a new model of digital life, one that is both full-featured and protected against the security and privacy threats of the modern world

Journal of Telecommunications and Information Technology, 2009, nr 2

kwartalni

Designing a secure ubiquitous mammography consultation system

This thesis attempts to design and develop a prototype for mammography image consultation that can work securely within a ubiquitous environment. Mammogram images differ largely from other type of images and it requires special and dedicated techniques to identify the required regions of interest. Thus in Chapter 2 we started to explore the affectivity of the various traditional techniques based on convolution operators (e.g. Sobol, Pretwitt, Canny) for mammography edge detection. The second part of chapter 2 tries to enhance the results obtained via the traditional techniques by hybriding some of them. The hybriding technique is called in our thesis as Pipelined Operators. In this direction we proposed four pipeline operators, which contribute to the edge enhancement as well as abnormalities rendering through the introduction of an additional coloring mechanism. Although the visualization pipelines represent in our view an advancement on the traditional techniques applied to mammograms, such pipelines expose healthcare users to further usage complexities. For this purpose we extended our research work in chapter 2 to find a better single technique that can work smoothly within the healthcare system. In this direction, we developed in the third part of chapter 2 a novel technique for finding edges based on analyzing the dynamic and fuzzy nature of edges in mammograms. We called our developed method as "Dynamic Fuzzy Classifier or the DFC"

Hardware-Assisted Secure Computation

The theory community has worked on Secure Multiparty Computation (SMC) for more than two decades, and has produced many protocols for many settings. One common thread in these works is that the protocols cannot use a Trusted Third Party (TTP), even though this is conceptually the simplest and most general solution. Thus, current protocols involve only the direct players---we call such protocols self-reliant. They often use blinded boolean circuits, which has several sources of overhead, some due to the circuit representation and some due to the blinding. However, secure coprocessors like the IBM 4758 have actual security properties similar to ideal TTPs. They also have little RAM and a slow CPU.We call such devices Tiny TTPs. The availability of real tiny TTPs opens the door for a different approach to SMC problems. One major challenge with this approach is how to execute large programs on large inputs using the small protected memory of a tiny TTP, while preserving the trust properties that an ideal TTP provides. In this thesis we have investigated the use of real TTPs to help with the solution of SMC problems. We start with the use of such TTPs to solve the Private Information Retrieval (PIR) problem, which is one important instance of SMC. Our implementation utilizes a 4758. The rest of the thesis is targeted at general SMC. Our SMC system, Faerieplay, moves some functionality into a tiny TTP, and thus avoids the blinded circuit overhead. Faerieplay consists of a compiler from high-level code to an arithmetic circuit with special gates for efficient indirect array access, and a virtual machine to execute this circuit on a tiny TTP while maintaining the typical SMC trust properties. We report on Faerieplay\u27s security properties, the specification of its components, and our implementation and experiments. These include comparisons with the Fairplay circuit-based two-party system, and an implementation of the Dijkstra graph shortest path algorithm. We also provide an implementation of an oblivious RAM which supports similar tiny TTP-based SMC functionality but using a standard RAM program. Performance comparisons show Faerieplay\u27s circuit approach to be considerably faster, at the expense of a more constrained programming environment when targeting a circuit

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security