Elliptic Curve Cryptography Services for Mobile Operating Systems

Mobile devices as smartphones, tablets and laptops, are nowadays considered indispensable objects by most people in developed countries. A s personal and work assistant s , some of th e s e devices store , process and transmit sensitive and private data. Naturally , the number of mobile applications with integrated cryptographic mechanisms or offering security services has been significantly increasing in the last few years. Unfortunately, not all of those applications are secure by design, while other may not implement the cryptographic primitives correctly. Even the ones that implement them correctly may suffer from longevity problems, since cryptographic primitives that are considered secure nowadays may become obsolete in the next few years. Rivest, Shamir and Adleman (RSA) is an example of an widely used cryptosystem that may become depleted shorty . While the security issues in the mobile computing environment may be of median severity for casual users, they may be critical for several professional classes, namely lawyers, journalists and law enforcement agents. As such, it is important to approach these problems in a structured manner. This master’s program is focused on the engineering and implementation of a mobile application offering a series of security services. The application was engineered to be secure by design for the Windows Phone 8.1 Operating System (OS) which, at the time of writing this dissertation, was the platform with the most discreet offer in terms of applications of this type. The application provides services such as secure exchange of a cryptographic secret, encryption and digital signature of messages and files, management of contacts and encryption keys and secure password generation and storage. Part of the cryptographic primitives used in this work are from the Elliptic Curve Cryptography (ECC) theory, for which the discrete logarithm problem is believed to be harder and key handling is easier. The library defining a series of curves and containing the procedures and operations supporting the ECC primitives was implemented from scratch, since there was none available, comprising one of the contributions of this work. The work evolved from the analysis of the state-of-the-art to the requirements analysis and software engineering phase, thoroughly described herein, ending up with the development of a prototype. The engineering of the application included the definition of a trust model for the exchange of public keys and the modeling of the supporting database. The most visible outcomes of this master’s program are the fully working prototype of a mobile application offering the aforementioned security services, the implementation of an ECC library for the .NET framework, and this dissertation. The source code for the ECC library was made available online on GitHub with the name ECCryptoLib [Ana15]. Its development and improvement was mostly dominated by unit testing. The library and the mobile application were developed in C?. The level of security offered by the application is guaranteed via the orchestration and combination of state-of-the-art symmetric key cryptography algorithms, as the Advanced Encryption Standard (AES) and Secure Hash Algorithm 256 (SHA256) with the ECC primitives. The generation of passwords is done by using several sensors and inputs as entropy sources, which are fed to a cryptographically secure hash function. The passwords are stored in an encrypted database, whose encryption key changes every time it is opened, obtained using a Password-Based Key Derivation Function 2 (PBKDF2) from a master password. The trust model for the public keys designed in the scope of this work is inspired in Pretty Good Privacy (PGP), but granularity of the trust levels is larger.Dispositivos móveis como computadores portáteis, smartphones ou tablets, são, nos dias de hoje, considerados objectos indispensáveis pela grande maioria das pessoas residentes em países desenvolvidos. Por serem utilizados como assistentes pessoais ou de trabalho, alguns destes dispositivos guardam, processam e transmitem dados sensíveis ou privados. Naturalmente, o número de aplicações móveis com mecanismos criptográficos integrados ou que oferecem serviços de segurança, tem vindo a aumentar de forma significativa nos últimos anos. Infelizmente, nem todas as aplicações são seguras por construção, e outras podem não implementar as primitivas criptográficas corretamente. Mesmo aquelas que as implementam corretamente podem sofrer de problemas de longevidade, já que primitivas criptográficas que são hoje em dia consideradas seguras podem tornar-se obsoletas nos próximos anos. O Rivest, Shamir and Adleman (RSA) constitui um exemplo de um sistema criptográfico muito popular que se pode tornar obsoleto a curto prazo. Enquanto que os problemas de segurança em ambientes de computação móvel podem ser de média severidade para utilizadores casuais, estes são normalmente críticos para várias classes profissionais, nomeadamente advogados, jornalistas e oficiais da justiça. É, por isso, importante, abordar estes problemas de uma forma estruturada. Este programa de mestrado foca-se na engenharia e implementação de uma aplicação móvel que oferece uma série de serviços de segurança. A aplicação foi desenhada para ser segura por construção para o sistema operativo Windows Phone 8.1 que, altura em que esta dissertação foi escrita, era a plataforma com a oferta mais discreta em termos de aplicações deste tipo. A aplicação fornece funcionalidades como trocar um segredo criptográfico entre duas entidades de forma segura, cifra, decifra e assinatura digital de mensagens e ficheiros, gestão de contactos e chaves de cifra, e geração e armazenamento seguro de palavras-passe. Parte das primitivas criptográficas utilizadas neste trabalho fazem parte da teoria da criptografia em curvas elípticas, para a qual se acredita que o problema do logaritmo discreto é de mais difícil resolução e para o qual a manipulação de chaves é mais simples. A biblioteca que define uma série de curvas, e contendo os procedimentos e operações que suportam as primitivas criptográficas, foi totalmente implementada no âmbito deste trabalho, dado ainda não existir nenhuma disponível no seu início, compreendendo assim uma das suas contribuições. O trabalho evoluiu da análise do estado da arte para o levantamento dos requisitos e para a fase de engenharia de software, aqui descrita detalhadamente, culminando no desenvolvimento de um protótipo. A engenharia da aplicação incluiu a definição de um sistema de confiança para troca de chaves públicas e também modelação da base de dados de suporte. Os resultados mais visíveis deste programa de mestrado são o protótipo da aplicação móvel, completamente funcional e disponibilizando as funcionalidades de segurança acima mencionadas, a implementação de uma biblioteca Elliptic Curve Cryptography (ECC) para framework .NET, e esta dissertação. O código fonte com a implementação da biblioteca foi publicada online. O seu desenvolvimento e melhoramento foi sobretudo dominado por testes unitários. A biblioteca e a aplicação móvel foram desenvolvidas em C?. O nível de segurança oferecido pela aplicação é garantido através da orquestração e combinação de algoritmos da criptografia de chave simétrica atuais, como o Advanced Encryption Standard (AES) e o Secure Hash Algorithm 256 (SHA256), com as primitivas ECC. A geração de palavras-passe é feita recorrendo utilizando vários sensores e dispoitivos de entrada como fontes de entropia, que posteriormente são alimentadas a uma função de hash criptográfica. As palavras-passe são guardadas numa base de dados cifrada, cuja chave de cifra muda sempre que a base de dados é aberta, sendo obtida através da aplicação de um Password-Based Key Derivation Function 2 (PBKDF2) a uma palavrapasse mestre. O modelo de confiança para chaves públicas desenhado no âmbito deste trabalho é inspirado no Pretty Good Privacy (PGP), mas a granularidade dos níveis de confiança é superior

Practical implementation and performance analysis on security of sensor networks

A wireless sensor network (WSN) is a network made of thousands of sensing elements called as nodes with wireless capabilities. Their application is varied and diverse ranging from military to domestic and household. As the world of self-organizing sensor networks tip to the edge of maximum utilization, their wider deployment is adding pressure on the security front. Powerful laptops and workstations make it more challenging for small sensors. In addition, there are many security challenges in WSN, e.g- confidentiality, authentication, freshness, integrity etc. Contributions of this work are as follows: “Symmetric” security implementation: This thesis work designs a symmetric-key based security in sensor hardware in the Link layer of sensor network protocols. Link Layer security can protect a wireless network by denying access to the network itself before a user is successfully authenticated. This prevents attacks against the network infrastructure and protects the network from devastating attacks. “Public key” implementation in sensor hardware: Asymmetric key techniques are attractive for authentication data or session keys. Traditional schemes like RSA require considerable amounts of resources which in the past has limited their use. This thesis has implemented Elliptic Curve Cryptography (ECC) in Mica2 hardware, which is an approach to public-key cryptography based on the mathematics of elliptic curves. Quantitative overhead analysis: This thesis work analyzes the wireless communication overhead (No. of packets transmitted) vs the (transmit and receive) energy consumed in mJoules and memory storage overhead (bytes) for ECC as compared to the symmetric counterpart for the implemented WSN security protocols

Improved Image Security in Internet of Thing (IOT) Using Multiple Key AES

الصورة هي معلومات رقمية مهمة تستخدم في العديد من تطبيقات إنترنت الأشياء (IoT) مثل النقل والرعاية الصحية والزراعة والتطبيقات العسكرية والمركبات والحياة البرية .. إلخ. كذلك تتميز الصورة بسمات مهمة جدًا مثل الحجم الكبير والارتباط القوي والتكرار الهائل وبالتالي  تشفيرها باستخدام معيار التشفير المتقدم (AES) بمفتاح واحد من خلال تقنيات اتصالات إنترنت الأشياء تجعله عرضة للعديد من التهديدات. مساهمة هذا العمل هي لزيادة أمن الصورة المنقولة. لذلك اقترحت هذه الورقة خوارزمية AES متعددةالمفاتيح (MECCAES) لتحسين الأمان للصورة المرسلة من خلال إنترنت الأشياء. يتم تقييم هذا النهج من خلال تطبيقه على صور RGB bmp وتحليل النتائج باستخدام المقاييس القياسية مثل الإنتروبيا( Entropy ) ،المدرج التكراري histogram) )، الارتباط( correlation ) ، مقاييس نسبة الذروة للأشارة إلى الضوضاء (PSNR) ومتوسط ​​ مربع خطأ (MES). تظهر نتائج التجارب أن الطريقة المقترحة تحقق مستوى عالي من السرية كما أنها واعدة باستخدامها بشكل فعال في مجالات واسعة من تشفير الصور في إنترنت الأشياء.  Image is an important digital information that used in many internet of things (IoT) applications such as transport, healthcare, agriculture, military, vehicles and wildlife. etc. Also, any image has very important characteristic such as large size, strong correlation and huge redundancy, therefore, encrypting it by using single key Advanced Encryption Standard (AES) through IoT communication technologies makes it vulnerable to many threats, thus, the pixels that have the same values will be encrypted to another pixels that have same values when they use the same key. The contribution of this work is to increase the security of transferred image. This paper proposed multiple key AES algorithm (MECCAES) to improve the security of the transmitted image through IoT. This approach is evaluated via applying it on RGB bmp images and analyzing the results using standard metrics such as entropy, histogram, correlation, Peak Signal-to-Noise Ratio (PSNR) and Mean Square Error (MES) metrics. Also, the time for encryption and decryption for the proposed MECCAES is the same time consumed by original single key AES is 12 second(the used image size is 12.1MB therefore time is long). The performance experiments show that this scheme achieves confidentiality also it encourages to use effectively in a wide IoTs fields to secure transmitted image

Implementation of an identity based encryption sub-system for secure e-mail and other applications

This thesis describes the requirements for, and design of, a suite of a sub-systems which support the introduction of Identity Based Encryption (IBE) to Intrenet communications. Current methods for securing Internet transmission are overly complex to users and require expensive and complex supporting infrastructure for distributing credentials such as certificates or public keys. Identity Based Encryption holds a promise of simplifying the process without compromising the security. In this thesis I will outline the theory behind the cryptography required , give a background to e-M ail and messaging protocols,the current security methods, the infrastructure used, the issues with these methods, and the break through that recent innovations in Identity Based Encryption hopes to deliver.I will describe an implementation of a sub-system that secures e-Mail and other protocolsin desktop platforms with as little impact on the end user as possible

Efficient signature system using optimized elliptic curve cryptosystem over GF(2(n)).

Elliptic curve cryptography was proposed independently by Neil Koblitz and Victor Miller in the middle of 80\u27s. The security of Elliptic Curve Cryptography depends upon the elliptic curve discrete logarithm problem. For providing the same strength, it uses a smaller key size than that for RSA. This advantage makes it particularly suitable for some devices and applications, which have a resource constraint. Digital Signature Systems are one of the most important applications of cryptography. In Y2K IEEE has included two Elliptic Cryptography based methods in its new standard P1363. The elliptic curve cryptosystem uses point operations like point doubling and addition. As a consequence, optimization of, point operations plays a key role in determining the efficiency of computation. Today\u27s technology easily permits the fabrication of multiple simple processors on a single chip. For such devices, a serial-parallel computation has been proposed by Adnan and Mohammad [AM03][AM03a] for a faster computation of elliptic algorithms. This thesis presents a new optimized point operations algorithm for elliptic curve cryptosystems over GF(2 n). We have designed and implemented the new algorithm for a more efficient digital signature system. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .W37. Source: Masters Abstracts International, Volume: 43-01, page: 0247. Adviser: Akshai Aggarwal. Thesis (M.Sc.)--University of Windsor (Canada), 2004

Efficient implementation of elliptic curve cryptography.

Elliptic Curve Cryptosystems (ECC) were introduced in 1985 by Neal Koblitz and Victor Miller. Small key size made elliptic curve attractive for public key cryptosystem implementation. This thesis introduces solutions of efficient implementation of ECC in algorithmic level and in computation level. In algorithmic level, a fast parallel elliptic curve scalar multiplication algorithm based on a dual-processor hardware system is developed. The method has an average computation time of n3 Elliptic Curve Point Addition on an n-bit scalar. The improvement is n Elliptic Curve Point Doubling compared to conventional methods. When a proper coordinate system and binary representation for the scalar k is used the average execution time will be as low as n Elliptic Curve Point Doubling, which makes this method about two times faster than conventional single processor multipliers using the same coordinate system. In computation level, a high performance elliptic curve processor (ECP) architecture is presented. The processor uses parallelism in finite field calculation to achieve high speed execution of scalar multiplication algorithm. The architecture relies on compile-time detection rather than of run-time detection of parallelism which results in less hardware. Implemented on FPGA, the proposed processor operates at 66MHz in GF(2 167) and performs scalar multiplication in 100muSec, which is considerably faster than recent implementations.Dept. of Electrical and Computer Engineering. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .A57. Source: Masters Abstracts International, Volume: 44-03, page: 1446. Thesis (M.A.Sc.)--University of Windsor (Canada), 2005

Cryptographic Key Distribution In Wireless Sensor Networks Using Bilinear Pairings

It is envisaged that the use of cheap and tiny wireless sensors will soon bring a third wave of evolution in computing systems. Billions of wireless senor nodes will provide a bridge between information systems and the physical world. Wireless nodes deployed around the globe will monitor the surrounding environment as well as gather information about the people therein. It is clear that this revolution will put security solutions to a great test. Wireless Sensor Networks (WSNs) are a challenging environment for applying security services. They differ in many aspects from traditional fixed networks, and standard cryptographic solutions cannot be used in this application space. Despite many research efforts, key distribution in WSNs still remains an open problem. Many of the proposed schemes suffer from high communication overhead and storage costs, low scalability and poor resilience against different types of attacks. The exclusive usage of simple and energy efficient symmetric cryptography primitives does not solve the security problem. On the other hand a full public key infrastructure which uses asymmetric techniques, digital signatures and certificate authorities seems to be far too complex for a constrained WSN environment. This thesis investigates a new approach to WSN security which addresses many of the shortcomings of existing mechanisms. It presents a detailed description on how to provide practical Public Key Cryptography solutions for wireless sensor networks. The contributions to the state-of-the-art are added on all levels of development beginning with the basic arithmetic operations and finishing with complete security protocols. This work includes a survey of different key distribution protocols that have been developed for WSNs, with an evaluation of their limitations. It also proposes Identity- Based Cryptography (IBC) as an ideal technique for key distribution in sensor networks. It presents the first in-depth study of the application and implementation of Pairing- Based Cryptography (PBC) to WSNs. This is followed by a presentation of the state of the art on the software implementation of Elliptic Curve Cryptography (ECC) on typical WSNplatforms. New optimized algorithms for performing multiprecision multiplication on a broad range of low-end CPUs are introduced as well. Three novel protocols for key distribution are proposed in this thesis. Two of these are intended for non-interactive key exchange in flat and clustered networks respectively. A third key distribution protocol uses Identity-Based Encryption (IBE) to secure communication within a heterogeneous sensor network. This thesis includes also a comprehensive security evaluation that shows that proposed schemes are resistant to various attacks that are specific to WSNs. This work shows that by using the newest achievements in cryptography like pairings and IBC it is possible to deliver affordable public-key cryptographic solutions and to apply a sufficient level of security for the most demanding WSN applications

Token Based Authentication and Authorization with Zero-Knowledge Proofs for Enhancing Web API Security and Privacy

This design science study showcases an innovative artifact that utilizes Zero-Knowledge Proofs for API Authentication and Authorization. A comprehensive examination of existing literature and technology is conducted to evaluate the effectiveness of this alternative approach. The study reveals that existing APIs are using slower techniques that don’t scale, can’t take advantage of newer hardware, and have been unable to adequately address current security issues. In contrast, the novel technique presented in this study performs better, is more resilient in privacy sensitive and security settings, and is easy to implement and deploy. Additionally, this study identifies potential avenues for further research that could help advance the field of Web API development in terms of security, privacy, and simplicity

Bitcoin Wallet for Android with TREZOR Hardware Wallet Support

Tato práce se zabývá návrhem Bitcoinové peněženky pro OS Android, která využívá zařízení TREZOR jako úložiště privátních klíčů. Navržená aplikace umožňuje zobrazit seznam transakcí, vytvořit novou transakci, podepsat ji pomocí zařízení a odeslat do sítě. Vedlejším přínosem této práce je navržení Android knihovny pro usnadnění komunikace se zařízením TREZOR.The goal of this thesis is to design a Bitcoin wallet for the Android OS, using the TREZOR device as a secure private key storage. The implemented application allows to see transactions history, to compose a new transaction, sign it and broadcast it to the network. The secondary contribution of this thesis is designing an Android library simplifying the communication with the TREZOR device