Accelerating NTRUEncrypt for in-browser cryptography utilising graphical processing units and WebGL

One of the challenges encryption faces is it is computationally intensive and therefore slow, it is vital to find faster methods to accelerate modern encryption algorithms to keep performance high whilst also preserving information security. Users often do not want to wait for applications to become responsive, applications on limited devices such as mobiles often compromise security in order to keep execution times quick. Often they use algorithms and key sizes which are not considered cryptographically secure in order to maintain a smooth user experience. Emerging approaches have begun using a devices Graphics Processing Unit (GPU) to offload some of the computational burden from the Central Processing Unit (CPU) in an effort to parallelize and accelerate the encryption algorithms. Programming for a GPU often involves the use of CUDA or OpenCL programming, however these approaches are platform dependant. This research focuses on utilizing a GPU to perform in-browser cryptography using WebGL and JavaScript. This allows any GPU-enabled device capable of launching an OpenGL compatible browser to perform GPU accelerated cryptography. A GPU based implementation of the NTRUEncrypt algorithm was created and tested against a CPU based version on a range of hardware devices with results, challenges and limitations discussed

Usando sistemas dedicados para computación paralela de propósito general

Los sistemas diseñados para resolver problemas específicos como los procesadores gráficos(GPU), tienen características (bajo precio en relación a su potencia de cálculo, gran paralelismo, optimización para cálculos en coma flotante) muy atractivas para su uso en aplicaciones de propósito general, en problemas relacionados al ámbito científico, de simulación, ingeniería, entre otros. Esto llevó al desarrollo de herramientas y técnicas para facilitar su utilización y transformarlos en una alternativa válida y casera para resolver la mayor cantidad de problemas. En este trabajo se presentan las características básicas de las GPU y las distintas líneas de trabajo a seguir. Estas líneas tienen en común la consideración de la GPU como computadora masivamente paralela. Los problemas a tratar están relacionados a las Redes de Computadoras y las Bases de Datos.Eje: Procesamiento distribuido y paraleloRed de Universidades con Carreras en Informática (RedUNCI

Usando sistemas dedicados para computación paralela de propósito general

Los sistemas diseñados para resolver problemas específicos como los procesadores gráficos(GPU), tienen características (bajo precio en relación a su potencia de cálculo, gran paralelismo, optimización para cálculos en coma flotante) muy atractivas para su uso en aplicaciones de propósito general, en problemas relacionados al ámbito científico, de simulación, ingeniería, entre otros. Esto llevó al desarrollo de herramientas y técnicas para facilitar su utilización y transformarlos en una alternativa válida y casera para resolver la mayor cantidad de problemas. En este trabajo se presentan las características básicas de las GPU y las distintas líneas de trabajo a seguir. Estas líneas tienen en común la consideración de la GPU como computadora masivamente paralela. Los problemas a tratar están relacionados a las Redes de Computadoras y las Bases de Datos.Eje: Procesamiento distribuido y paraleloRed de Universidades con Carreras en Informática (RedUNCI

A Study on the Security of Password Hashing Based on GPU Based, Password Cracking using High-Performance Cloud Computing

In This paper the current security of various password hashing schemes that are in use today will be investigated through practical proof of concept – GPU based, password hash dump cracking using the power of cloud computing. The focus of this paper is to show the possible use of cloud computing in cracking hash dumps and the way to countermeasures them by using secure hashing algorithm and using complex passwords

Cryptanalysis and Secure Implementation of Modern Cryptographic Algorithms

Cryptanalytic attacks can be divided into two classes: pure mathematical attacks and Side Channel Attacks (SCAs). Pure mathematical attacks are traditional cryptanalytic techniques that rely on known or chosen input-output pairs of the cryptographic function and exploit the inner structure of the cipher to reveal the secret key information. On the other hand, in SCAs, it is assumed that attackers have some access to the cryptographic device and can gain some information from its physical implementation. Cold-boot attack is a SCA which exploits the data remanence property of Random Access Memory (RAM) to retrieve its content which remains readable shortly after its power has been removed. Fault analysis is another example of SCAs in which the attacker is assumed to be able to induce faults in the cryptographic device and observe the faulty output. Then, by careful inspection of faulty outputs, the attacker recovers the secret information, such as secret inner state or secret key. Scan-based Design-For-Test (DFT) is a widely deployed technique for testing hardware chips. Scan-based SCAs exploit the information obtained by analyzing the scanned data in order to retrieve secret information from cryptographic hardware devices that are designed with this testability feature. In the first part of this work, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the Advance Encryption Standard (AES-128) key schedules from its corresponding decayed memory images which can be obtained using cold-boot attacks. We also present a fault analysis on both NTRUEncrypt and NTRUSign cryptosystems. For this specific original instantiation of the NTRU encryption system with parameters $(N,p,q)$, our attack succeeds with probability $\approx 1-\frac{1}{p}$ and when the number of faulted coefficients is upper bounded by $t$, it requires $O((pN)^t)$ polynomial inversions in $\mathbb Z/p\mathbb Z[x]/(x^{N}-1)$. We also investigate several techniques to strengthen hardware implementations of NTRUEncrypt against this class of attacks. For NTRUSign with parameters ($N$, $q=p^l$, $\mathcal{B}$, \emph{standard}, $\mathcal{N}$), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault to succeed with probability $\approx 1-\frac{1}{p}$ and requires $O((qN)^t)$ steps when the number of faulted polynomial coefficients is upper bounded by $t$. The attack is also applicable to NTRUSign utilizing the \emph{transpose} NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are also investigated. Furthermore, we present a scan-based SCA on NTRUEncrypt hardware implementations that employ scan-based DFT techniques. Our attack determines the scan chain structure of the polynomial multiplication circuits used in the decryption algorithm which allows the cryptanalyst to efficiently retrieve the secret key. Several key agreement schemes based on matrices were recently proposed. For example, \'{A}lvarez \emph{et al.} proposed a scheme in which the secret key is obtained by multiplying powers of block upper triangular matrices whose elements are defined over $\mathbb{Z}_p$. Climent \emph{et al.} identified the elements of the endomorphisms ring $End(\mathbb{Z}_p \times \mathbb{Z}_{p^2})$ with elements in a set, $E_p$, of matrices of size $2\times 2$, whose elements in the first row belong to $\mathbb{Z}_{p}$ and the elements in the second row belong to $\mathbb{Z}_{p^2}$. Keith Salvin presented a key exchange protocol using matrices in the general linear group, $GL(r,\mathbb{Z}_n)$, where $n$ is the product of two distinct large primes. The system is fully specified in the US patent number 7346162 issued in 2008. In the second part of this work, we present mathematical cryptanalytic attacks against these three schemes and show that they can be easily broken for all practical choices of their security parameters

Algorithms and Software for High-Performance Fracture Simulation on GPU Architectures

Computer simulation of fracture in materials with nonlinear mechanical response can be computationally expensive. These simulations often require a large number of degrees of freedom, and the nonlinearity in the problem can pose difficulties when computing solutions. This work focuses on two material models. The first model consists of rigid bricks interacting through nonlinear cohesive springs. Fracture in the material occurs through the rupture of the cohesive springs. The second, more complicated, model consists of deformable elements interacting through nonlinear cohesive springs. In the first model, we assume the bricks are under a quasi-static loading scenario. With this assumption, the problem can be solved using a global Monte Carlo minimization algorithm to minimize the energy of the system. The energy in the system comes from the deformation and rupture of the nonlinear cohesive springs. Since these simulations have a high computational cost, we have developed a GPU-based (Graphics Processing Unit) Monte Carlo minimization algorithm that offers a significant speedup compared to a conventional multithreaded CPU-based algorithm. With the second model, we have dynamic simulations with explicit time discretization. In this case we compute the force, acceleration, velocity, and position explicitly. The force in the system comes from both the deformation of the elements as well as the deformation of the nonlinear cohesive springs. We have developed explicit, CPU-based methods and implicit-explict methods on both CPUs and GPUs. Our implicit-explict GPU-based method achieves substantial performance improvement compared to the explicit, CPU-based method. We present our GPU-based implementation of AES (Advanced Encryption Standard), which is used in the Monte Carlo minimization algorithm to generate random numbers. Our implementation is substantially faster than CPU-based implementation of AES. It is also faster than previous GPU implementations of AES

The Proceedings of 14th Australian Information Security Management Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fourteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Fifteen papers were submitted from Australia and overseas, of which ten were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conferences. To our sponsors also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference