24 research outputs found
A practical evaluation on RSA and ECC-based cipher suites for IoT high-security energy-efficient Fog and mist computing devices
[Abstract] The latest Internet of Things (IoT) edge-centric architectures allow for unburdening higher layers from part of their computational and data processing requirements. In the specific case of fog computing systems, they reduce greatly the requirements of cloud-centric systems by processing in fog gateways part of the data generated by end devices, thus providing services that were previously offered by a remote cloud. Thanks to recent advances in System-on-Chip (SoC) energy efficiency, it is currently possible to create IoT end devices with enough computational power to process the data generated by their sensors and actuators while providing complex services, which in recent years derived into the development of the mist computing paradigm. To allow mist computing nodes to provide the previously mentioned benefits and guarantee the same level of security as in other architectures, end-to-end standard security mechanisms need to be implemented. In this paper, a high-security energy-efficient fog and mist computing architecture and a testbed are presented and evaluated. The testbed makes use of Transport Layer Security (TLS) 1.2 Elliptic Curve Cryptography (ECC) and Rivest-Shamir-Adleman (RSA) cipher suites (that comply with the yet to come TLS 1.3 standard requirements), which are evaluated and compared in terms of energy consumption and data throughput for a fog gateway and two mist end devices. The obtained results allow a conclusion that ECC outperforms RSA in both energy consumption and data throughput for all the tested security levels. Moreover, the importance of selecting a proper ECC curve is demonstrated, showing that, for the tested devices, some curves present worse energy consumption and data throughput than other curves that provide a higher security level. As a result, this article not only presents a novel mist computing testbed, but also provides guidelines for future researchers to find out efficient and secure implementations for advanced IoT devices.Xunta de Galicia; ED431C 2016-045Xunta de Galicia; ED341D R2016/012Xunta de Galicia; ED431G/01Agencia Estatal de Investigación de España; TEC2013-47141-C4-1-RAgencia Estatal de Investigación de España; TEC2015-69648-REDCAgencia Estatal de Investigación de España; TEC2016-75067-C4-1-
New Secure IoT Architectures, Communication Protocols and User Interaction Technologies for Home Automation, Industrial and Smart Environments
Programa Oficial de Doutoramento en Tecnoloxías da Información e das Comunicacións en Redes Móbiles. 5029V01Tese por compendio de publicacións[Abstract]
The Internet of Things (IoT) presents a communication network where heterogeneous
physical devices such as vehicles, homes, urban infrastructures or industrial machinery
are interconnected and share data. For these communications to be successful, it is
necessary to integrate and embed electronic devices that allow for obtaining environmental
information (sensors), for performing physical actuations (actuators) as well as
for sending and receiving data (network interfaces).
This integration of embedded systems poses several challenges. It is needed for these
devices to present very low power consumption. In many cases IoT nodes are powered by
batteries or constrained power supplies. Moreover, the great amount of devices needed in
an IoT network makes power e ciency one of the major concerns of these deployments,
due to the cost and environmental impact of the energy consumption. This need for low
energy consumption is demanded by resource constrained devices, con
icting with the
second major concern of IoT: security and data privacy. There are critical urban and
industrial systems, such as tra c management, water supply, maritime control, railway
control or high risk industrial manufacturing systems such as oil re neries that will
obtain great bene ts from IoT deployments, for which non-authorized access can posse
severe risks for public safety. On the other hand, both these public systems and the
ones deployed on private environments (homes, working places, malls) present a risk for
the privacy and security of their users. These IoT deployments need advanced security
mechanisms, both to prevent access to the devices and to protect the data exchanged
by them.
As a consequence, it is needed to improve two main aspects: energy e ciency of IoT
devices and the use of lightweight security mechanisms that can be implemented by
these resource constrained devices but at the same time guarantee a fair degree of
security.
The huge amount of data transmitted by this type of networks also presents another
challenge. There are big data systems capable of processing large amounts of data,
but with IoT the granularity and dispersion of the generated information presents a
new scenario very di erent from the one existing nowadays. Forecasts anticipate that there will be a growth from the 15 billion installed devices in 2015 to more than 75
billion devices in 2025. Moreover, there will be much more services exploiting the data
produced by these networks, meaning the resulting tra c will be even higher. The
information must not only be processed in real time, but data mining processes will
have to be performed to historical data.
The main goal of this Ph.D. thesis is to analyze each one of the previously described
challenges and to provide solutions that allow for an adequate adoption of IoT in
Industrial, domestic and, in general, any scenario that can obtain any bene t from the
interconnection and
exibility that IoT brings.[Resumen]
La internet de las cosas (IoT o Internet of Things) representa una red de intercomunicaciones
en la que participan dispositivos físicos de toda índole, como vehículos,
viviendas, electrodomésticos, infraestructuras urbanas o maquinaria y dispositivos industriales.
Para que esta comunicación se pueda llevar a cabo es necesario integrar
elementos electr onicos que permitan obtener informaci on del entorno (sensores), realizar
acciones f sicas (actuadores) y enviar y recibir la informaci on necesaria (interfaces de
comunicaciones de red).
La integración y uso de estos sistemas electrónicos embebidos supone varios retos. Es
necesario que dichos dispositivos presenten un consumo reducido. En muchos casos
deberían ser alimentados por baterías o fuentes de alimentación limitadas. Además,
la gran cantidad de dispositivos que involucra la IoT hace necesario que la e ciencia
energética de los mismos sea una de las principales preocupaciones, por el coste e
implicaciones medioambientales que supone el consumo de electricidad de los mismos.
Esta necesidad de limitar el consumo provoca que dichos dispositivos tengan unas
prestaciones muy limitadas, lo que entra en conflicto con la segunda mayor preocupación
de la IoT: la seguridad y privacidad de los datos. Por un lado existen sistemas críticos
urbanos e industriales, como puede ser la regulación del tráfi co, el control del suministro
de agua, el control marítimo, el control ferroviario o los sistemas de producción industrial
de alto riesgo, como refi nerías, que son claros candidatos a benefi ciarse de la IoT, pero
cuyo acceso no autorizado supone graves problemas de seguridad ciudadana. Por otro
lado, tanto estos sistemas de naturaleza publica, como los que se desplieguen en entornos
privados (viviendas, entornos de trabajo o centros comerciales, entre otros) suponen
un riesgo para la privacidad y también para la seguridad de los usuarios. Todo esto
hace que sean necesarios mecanismos de seguridad avanzados, tanto de acceso a los
dispositivos como de protección de los datos que estos intercambian.
En consecuencia, es necesario avanzar en dos aspectos principales: la e ciencia energética de los dispositivos y el uso de mecanismos de seguridad e ficientes, tanto
computacional como energéticamente, que permitan la implantación de la IoT sin
comprometer la seguridad y la privacidad de los usuarios. Por otro lado, la ingente cantidad de información que estos sistemas puede llegar
a producir presenta otros dos retos que deben ser afrontados. En primer lugar, el
tratamiento y análisis de datos toma una nueva dimensión. Existen sistemas de big
data capaces de procesar cantidades enormes de información, pero con la internet de
las cosas la granularidad y dispersión de los datos plantean un escenario muy distinto
al actual. La previsión es pasar de 15.000.000.000 de dispositivos instalados en 2015
a más de 75.000.000.000 en 2025. Además existirán multitud de servicios que harán
un uso intensivo de estos dispositivos y de los datos que estos intercambian, por lo
que el volumen de tráfico será todavía mayor. Asimismo, la información debe ser
procesada tanto en tiempo real como a posteriori sobre históricos, lo que permite
obtener información estadística muy relevante en diferentes entornos.
El principal objetivo de la presente tesis doctoral es analizar cada uno de estos retos
(e ciencia energética, seguridad, procesamiento de datos e interacción con el usuario)
y plantear soluciones que permitan una correcta adopción de la internet de las cosas
en ámbitos industriales, domésticos y en general en cualquier escenario que se pueda
bene ciar de la interconexión y
flexibilidad de acceso que proporciona el IoT.[Resumo]
O internet das cousas (IoT ou Internet of Things) representa unha rede de intercomunicaci
óns na que participan dispositivos físicos moi diversos, coma vehículos, vivendas,
electrodomésticos, infraestruturas urbanas ou maquinaria e dispositivos industriais.
Para que estas comunicacións se poidan levar a cabo é necesario integrar elementos
electrónicos que permitan obter información da contorna (sensores), realizar accións
físicas (actuadores) e enviar e recibir a información necesaria (interfaces de comunicacións
de rede).
A integración e uso destes sistemas electrónicos integrados supón varios retos. En
primeiro lugar, é necesario que estes dispositivos teñan un consumo reducido. En
moitos casos deberían ser alimentados por baterías ou fontes de alimentación limitadas.
Ademais, a gran cantidade de dispositivos que se empregan na IoT fai necesario que a
e ciencia enerxética dos mesmos sexa unha das principais preocupacións, polo custo e
implicacións medioambientais que supón o consumo de electricidade dos mesmos. Esta
necesidade de limitar o consumo provoca que estes dispositivos teñan unhas prestacións
moi limitadas, o que entra en con
ito coa segunda maior preocupación da IoT: a
seguridade e privacidade dos datos. Por un lado existen sistemas críticos urbanos e
industriais, como pode ser a regulación do tráfi co, o control de augas, o control marítimo,
o control ferroviario ou os sistemas de produción industrial de alto risco, como refinerías,
que son claros candidatos a obter benefi cios da IoT, pero cuxo acceso non autorizado
supón graves problemas de seguridade cidadá. Por outra parte tanto estes sistemas de
natureza pública como os que se despreguen en contornas privadas (vivendas, contornas
de traballo ou centros comerciais entre outros) supoñen un risco para a privacidade e
tamén para a seguridade dos usuarios. Todo isto fai que sexan necesarios mecanismos
de seguridade avanzados, tanto de acceso aos dispositivos como de protección dos datos
que estes intercambian.
En consecuencia, é necesario avanzar en dous aspectos principais: a e ciencia enerxética
dos dispositivos e o uso de mecanismos de seguridade re cientes, tanto computacional
como enerxéticamente, que permitan o despregue da IoT sen comprometer a seguridade
e a privacidade dos usuarios.
Por outro lado, a inxente cantidade de información que estes sistemas poden chegar
a xerar presenta outros retos que deben ser tratados. O tratamento e a análise de
datos toma unha nova dimensión. Existen sistemas de big data capaces de procesar
cantidades enormes de información, pero coa internet das cousas a granularidade e
dispersión dos datos supón un escenario moi distinto ao actual. A previsión e pasar
de 15.000.000.000 de dispositivos instalados no ano 2015 a m ais de 75.000.000.000 de
dispositivos no ano 2025. Ademais existirían multitude de servizos que farían un uso
intensivo destes dispositivos e dos datos que intercambian, polo que o volume de tráfico
sería aínda maior. Do mesmo xeito a información debe ser procesada tanto en tempo
real como posteriormente sobre históricos, o que permite obter información estatística
moi relevante en diferentes contornas.
O principal obxectivo da presente tese doutoral é analizar cada un destes retos
(e ciencia enerxética, seguridade, procesamento de datos e interacción co usuario) e
propor solucións que permitan unha correcta adopción da internet das cousas en ámbitos
industriais, domésticos e en xeral en todo aquel escenario que se poda bene ciar da
interconexión e
flexibilidade de acceso que proporciona a IoT
In search of CurveSwap: Measuring elliptic curve implementations in the wild
We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 0.77% of HTTPS hosts, 0.04% of SSH hosts, and 4.04% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms
An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for Securing Internet-of-Things Applications
This paper presents the first hardware implementation of the Datagram
Transport Layer Security (DTLS) protocol to enable end-to-end security for the
Internet of Things (IoT). A key component of this design is a reconfigurable
prime field elliptic curve cryptography (ECC) accelerator, which is 238x and 9x
more energy-efficient compared to software and state-of-the-art hardware
respectively. Our full hardware implementation of the DTLS 1.3 protocol
provides 438x improvement in energy-efficiency over software, along with code
size and data memory usage as low as 8 KB and 3 KB respectively. The
cryptographic accelerators are coupled with an on-chip low-power RISC-V
processor to benchmark applications beyond DTLS with up to two orders of
magnitude energy savings. The test chip, fabricated in 65 nm CMOS, demonstrates
hardware-accelerated DTLS sessions while consuming 44.08 uJ per handshake, and
0.89 nJ per byte of encrypted data at 16 MHz and 0.8 V.Comment: Published in IEEE Journal of Solid-State Circuits (JSSC
Elliptic Curve Cryptography Services for Mobile Operating Systems
Mobile devices as smartphones, tablets and laptops, are nowadays considered indispensable objects
by most people in developed countries. A s personal and work assistant s , some of th e s e
devices store , process and transmit sensitive and private data. Naturally , the number of mobile
applications with integrated cryptographic mechanisms or offering security services has been
significantly increasing in the last few years. Unfortunately, not all of those applications are secure
by design, while other may not implement the cryptographic primitives correctly. Even the
ones that implement them correctly may suffer from longevity problems, since cryptographic
primitives that are considered secure nowadays may become obsolete in the next few years.
Rivest, Shamir and Adleman (RSA) is an example of an widely used cryptosystem that may become
depleted shorty . While the security issues in the mobile computing environment may be of
median severity for casual users, they may be critical for several professional classes, namely
lawyers, journalists and law enforcement agents. As such, it is important to approach these
problems in a structured manner.
This master’s program is focused on the engineering and implementation of a mobile application
offering a series of security services. The application was engineered to be secure by design
for the Windows Phone 8.1 Operating System (OS) which, at the time of writing this dissertation,
was the platform with the most discreet offer in terms of applications of this type. The
application provides services such as secure exchange of a cryptographic secret, encryption and
digital signature of messages and files, management of contacts and encryption keys and secure
password generation and storage. Part of the cryptographic primitives used in this work
are from the Elliptic Curve Cryptography (ECC) theory, for which the discrete logarithm problem
is believed to be harder and key handling is easier. The library defining a series of curves
and containing the procedures and operations supporting the ECC primitives was implemented
from scratch, since there was none available, comprising one of the contributions of this work.
The work evolved from the analysis of the state-of-the-art to the requirements analysis and
software engineering phase, thoroughly described herein, ending up with the development of a
prototype. The engineering of the application included the definition of a trust model for the
exchange of public keys and the modeling of the supporting database.
The most visible outcomes of this master’s program are the fully working prototype of a mobile
application offering the aforementioned security services, the implementation of an ECC
library for the .NET framework, and this dissertation. The source code for the ECC library was
made available online on GitHub with the name ECCryptoLib [Ana15]. Its development and
improvement was mostly dominated by unit testing. The library and the mobile application
were developed in C?. The level of security offered by the application is guaranteed via the
orchestration and combination of state-of-the-art symmetric key cryptography algorithms, as the Advanced Encryption Standard (AES) and Secure Hash Algorithm 256 (SHA256) with the ECC
primitives. The generation of passwords is done by using several sensors and inputs as entropy
sources, which are fed to a cryptographically secure hash function. The passwords are stored in
an encrypted database, whose encryption key changes every time it is opened, obtained using
a Password-Based Key Derivation Function 2 (PBKDF2) from a master password. The trust model
for the public keys designed in the scope of this work is inspired in Pretty Good Privacy (PGP),
but granularity of the trust levels is larger.Dispositivos móveis como computadores portáteis, smartphones ou tablets, são, nos dias de
hoje, considerados objectos indispensáveis pela grande maioria das pessoas residentes em países
desenvolvidos. Por serem utilizados como assistentes pessoais ou de trabalho, alguns destes
dispositivos guardam, processam e transmitem dados sensíveis ou privados. Naturalmente,
o número de aplicações móveis com mecanismos criptográficos integrados ou que oferecem
serviços de segurança, tem vindo a aumentar de forma significativa nos últimos anos. Infelizmente,
nem todas as aplicações são seguras por construção, e outras podem não implementar
as primitivas criptográficas corretamente. Mesmo aquelas que as implementam corretamente
podem sofrer de problemas de longevidade, já que primitivas criptográficas que são hoje em dia
consideradas seguras podem tornar-se obsoletas nos próximos anos. O Rivest, Shamir and Adleman
(RSA) constitui um exemplo de um sistema criptográfico muito popular que se pode tornar
obsoleto a curto prazo. Enquanto que os problemas de segurança em ambientes de computação
móvel podem ser de média severidade para utilizadores casuais, estes são normalmente críticos
para várias classes profissionais, nomeadamente advogados, jornalistas e oficiais da justiça. É,
por isso, importante, abordar estes problemas de uma forma estruturada.
Este programa de mestrado foca-se na engenharia e implementação de uma aplicação móvel
que oferece uma série de serviços de segurança. A aplicação foi desenhada para ser segura por
construção para o sistema operativo Windows Phone 8.1 que, altura em que esta dissertação foi
escrita, era a plataforma com a oferta mais discreta em termos de aplicações deste tipo. A aplicação
fornece funcionalidades como trocar um segredo criptográfico entre duas entidades de
forma segura, cifra, decifra e assinatura digital de mensagens e ficheiros, gestão de contactos
e chaves de cifra, e geração e armazenamento seguro de palavras-passe. Parte das primitivas
criptográficas utilizadas neste trabalho fazem parte da teoria da criptografia em curvas elípticas,
para a qual se acredita que o problema do logaritmo discreto é de mais difícil resolução
e para o qual a manipulação de chaves é mais simples. A biblioteca que define uma série de
curvas, e contendo os procedimentos e operações que suportam as primitivas criptográficas, foi
totalmente implementada no âmbito deste trabalho, dado ainda não existir nenhuma disponível
no seu início, compreendendo assim uma das suas contribuições. O trabalho evoluiu da análise
do estado da arte para o levantamento dos requisitos e para a fase de engenharia de software,
aqui descrita detalhadamente, culminando no desenvolvimento de um protótipo. A engenharia
da aplicação incluiu a definição de um sistema de confiança para troca de chaves públicas e
também modelação da base de dados de suporte.
Os resultados mais visíveis deste programa de mestrado são o protótipo da aplicação móvel, completamente
funcional e disponibilizando as funcionalidades de segurança acima mencionadas,
a implementação de uma biblioteca Elliptic Curve Cryptography (ECC) para framework .NET, e esta dissertação. O código fonte com a implementação da biblioteca foi publicada online.
O seu desenvolvimento e melhoramento foi sobretudo dominado por testes unitários. A biblioteca
e a aplicação móvel foram desenvolvidas em C?. O nível de segurança oferecido pela
aplicação é garantido através da orquestração e combinação de algoritmos da criptografia de
chave simétrica atuais, como o Advanced Encryption Standard (AES) e o Secure Hash Algorithm
256 (SHA256), com as primitivas ECC. A geração de palavras-passe é feita recorrendo utilizando
vários sensores e dispoitivos de entrada como fontes de entropia, que posteriormente são alimentadas
a uma função de hash criptográfica. As palavras-passe são guardadas numa base de
dados cifrada, cuja chave de cifra muda sempre que a base de dados é aberta, sendo obtida
através da aplicação de um Password-Based Key Derivation Function 2 (PBKDF2) a uma palavrapasse
mestre. O modelo de confiança para chaves públicas desenhado no âmbito deste trabalho
é inspirado no Pretty Good Privacy (PGP), mas a granularidade dos níveis de confiança é superior
Set It and Forget It! Turnkey ECC for Instant Integration
Historically, Elliptic Curve Cryptography (ECC) is an active field of applied
cryptography where recent focus is on high speed, constant time, and formally
verified implementations. While there are a handful of outliers where all these
concepts join and land in real-world deployments, these are generally on a
case-by-case basis: e.g.\ a library may feature such X25519 or P-256 code, but
not for all curves. In this work, we propose and implement a methodology that
fully automates the implementation, testing, and integration of ECC stacks with
the above properties. We demonstrate the flexibility and applicability of our
methodology by seamlessly integrating into three real-world projects: OpenSSL,
Mozilla's NSS, and the GOST OpenSSL Engine, achieving roughly 9.5x, 4.5x,
13.3x, and 3.7x speedup on any given curve for key generation, key agreement,
signing, and verifying, respectively. Furthermore, we showcase the efficacy of
our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and
a specification-level vulnerability in a Russian standard. Our work bridges the
gap between significant applied cryptography research results and deployed
software, fully automating the process
Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
We systematically analyze WPA3 and EAP-pwd, find denial-of-service and downgrade attacks, present severe vulnerabilities in all implementations, reveal side-channels that enable offline dictionary attacks, and propose design fixes which are being officially adopted.
The WPA3 certification aims to secure home networks, while EAP-pwd is used by certain enterprise Wi-Fi networks to authenticate users. Both use the Dragonfly handshake to provide forward secrecy and resistance to dictionary attacks. In this paper, we systematically evaluate Dragonfly\u27s security.
First, we audit implementations, and present timing leaks and authentication bypasses in EAP-pwd and WPA3 daemons.
We then study Dragonfly\u27s design and discuss downgrade and denial-of-service attacks.
Our next and main results are side-channel attacks against Dragonfly\u27s password encoding method (e.g.~hash-to-curve). We believe that these side-channel leaks are inherent to Dragonfly. For example, after our initial disclosure, patched software was still affected by a novel side-channel leak.
We also analyze the complexity of using the leaked information to brute-force the password. For instance, brute-forcing a dictionary of size requires less than 1 in Amazon EC2 instances.
These results are also of general interest due to ongoing standardization efforts on Dragonfly as a TLS handshake, Password-Authenticated Key Exchanges (PAKEs), and hash-to-curve.
Finally, we discuss backwards-compatible defenses, and propose protocol fixes that prevent attacks.
Our work resulted in a new draft of the protocols incorporating our proposed design changes
Automatic generation of high speed elliptic curve cryptography code
Apparently, trust is a rare commodity when power, money or life itself are at stake. History is full of examples. Julius Caesar did not trust his generals, so that: ``If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others.''
And so the history of cryptography began moving its first steps. Nowadays, encryption has decayed from being an emperor's prerogative and became a daily life operation. Cryptography is pervasive, ubiquitous and, the best of all, completely transparent to the unaware user. Each time we buy something on the Internet we use it. Each time we search something on Google we use it. Everything without (almost) realizing that it silently protects our privacy and our secrets.
Encryption is a very interesting instrument in the "toolbox of security" because it has very few side effects, at least on the user side. A particularly important one is the intrinsic slow down that its use imposes in the communications. High speed cryptography is very important for the Internet, where busy servers proliferate. Being faster is a double advantage: more throughput and less server overhead. In this context, however, the public key algorithms starts with a big handicap. They have very bad performances if compared to their symmetric counterparts. Due to this reason their use is often reduced to the essential operations, most notably key exchanges and digital signatures. The high speed public key cryptography challenge is a very practical topic with serious repercussions in our technocentric world. Using weak algorithms with a reduced key length to increase the performances of a system can lead to catastrophic results.
In 1985, Miller and Koblitz independently proposed to use the group of rational points of an elliptic curve over a finite field to create an asymmetric algorithm. Elliptic Curve Cryptography (ECC) is based on a problem known as the ECDLP (Elliptic Curve Discrete Logarithm Problem) and offers several advantages with respect to other more traditional encryption systems such as RSA and DSA. The main benefit is that it requires smaller keys to provide the same security level since breaking the ECDLP is much harder. In addition, a good ECC implementation can be very efficient both in time and memory consumption, thus being a good candidate for performing high speed public key cryptography. Moreover, some elliptic curve based techniques are known to be extremely resilient to quantum computing attacks, such as the SIDH (Supersingular Isogeny Diffie-Hellman).
Traditional elliptic curve cryptography implementations are optimized by hand taking into account the mathematical properties of the underlying algebraic structures, the target machine architecture and the compiler facilities. This process is time consuming, requires a high degree of expertise and, ultimately, error prone. This dissertation' ultimate goal is to automatize the whole optimization process of cryptographic code, with a special focus on ECC. The framework presented in this thesis is able to produce high speed cryptographic code by automatically choosing the best algorithms and applying a number of code-improving techniques inspired by the compiler theory. Its central component is a flexible and powerful compiler able to translate an algorithm written in a high level language and produce a highly optimized C code for a particular algebraic structure and hardware platform. The system is generic enough to accommodate a wide array of number theory related algorithms, however this document focuses only on optimizing primitives based on elliptic curves defined over binary fields
RSA, DH, and DSA in the Wild
This book chapter outlines techniques for breaking cryptography by taking advantage of implementation mistakes made in practice, with a focus on those that exploit the mathematical structure of the most widely used public-key primitives
Security technologies for wireless access to local area networks
In today’s world, computers and networks are connected to all life aspects and professions.
The amount of information, personal and organizational, spread over the network
is increasing exponentially. Simultaneously, malicious attacks are being developed at the
same speed, which makes having a secure network system a crucial factor on every level
and in any organization. Achieving a high protection level has been the goal of many
organizations, such as the Wi-Fi Alliance
R , and many standards and protocols have been
developed over time.
This work addresses the historical development of WLAN security technologies, starting
from the oldest standard, WEP, and reaching the newly released standard WPA3, passing
through the several versions in between,WPA, WPS, WPA2, and EAP. Along with WPA3,
this work addresses two newer certificates, Enhanced OpenTM and Easy ConnectTM. Furthermore,
a comparative analysis of the previous standards is also presented, detailing
their security mechanisms, flaws, attacks, and the measures they have adopted to prevent
these attacks. Focusing on the new released WPA3, this work presents a deep study
on both WPA3 and EAP-pwd. The development of WPA3 had the objective of providing
strong protection, even if the network’s password is considered weak. However, this
objective was not fully accomplished and some recent research work discovered design
flaws in this new standard.
Along with the above studies, this master thesis’ work builds also a network for penetration
testing using a set of new devices that support the new standard. A group of possible
attacks onWi-Fi latest security standards was implemented on the network, testing the response
against each of them, discussing the reason behind the success or the failure of the
attack, and providing a set of countermeasures applicable against these attacks. Obtained results show that WPA3 has overcome many of WPA2’s issues, however, it is still unable to overcome some major Wi-Fi vulnerabilities.No mundo de hoje, os computadores e as redes estão conectados praticamente a todos
os aspectos da nossa vida pessoal e profissional. A quantidade de informações, pessoais
e organizacionais, espalhadas pela rede está a aumentar exponencialmente. Simultaneamente,
também os ataques maliciosos estão a aumentar à mesma velocidade, o que faz
com que um sistema de rede seguro seja um fator crucial a todos os níveis e em qualquer
organização. Alcançar altos níveis de proteção tem sido o objetivo de trabalho de muitas
organizações, como a Wi-Fi Alliance
R , tendo muitos standards e protocolos sido desenvolvidos
ao longo do tempo.
Este trabalho aborda o desenvolvimento histórico das tecnologias de segurança para WLANs,
começando pelo standard mais antigo, WEP, e acabando no recém-chegado WPA3, passando
pelas várias versões intermedias, WPA, WPS, WPA2 e EAP. Juntamente com o
WPA3, este trabalho aborda os dois certificados mais recentes, Enhanced OpenTM e Easy
ConnectTM. Além disso, também é apresentada uma análise comparativa dos standards
anteriores, detalhando os seus principais mecanismos de segurança, falhas, ataques a que
são susceptíveis e medidas adotadas para evitar esses ataques. Quanto ao novo WPA3
e EAP-pwd, este trabalho apresenta um estudo aprofundado sobre os seus modos "Personal"
e "Enterprise". O desenvolvimento do WPA3 teve por objetivo fornecer proteção
forte, mesmo que a password de rede seja considerada fraca. No entanto, esse objetivo
não foi totalmente alcançado e alguma investigação realizada recentemente detectou falhas
de desenho nesse novo padrão.
Juntamente com os estudo dos standards acima referidos, o trabalho realizado para esta
tese de mestrado também constrói uma rede para testes de penetração usando um conjunto
de novos dispositivos que já suportam o novo standard. São aplicados vários ataques aos
mais recentes padrões de segurança Wi-Fi, é testada a sua resposta contra cada um deles,
é discutindo o motivo que justifica o sucesso ou a falha do ataque, e são indicadas
contramedidas aplicáveis a esses ataques. Os resultados obtidos mostram que o WPA3
superou muitos dos problemas do WPA2 mas que, no entanto, ainda é incapaz de superar
algumas das vulnerabilidades presentes nas redes Wi-Fi.First, I would like to express my deepest appreciation to those who gave me the possibility
to complete my study and get my Master degree, the Aga Khan Foundation, who has
supported me financiall