High-level Cryptographic Abstractions

The interfaces exposed by commonly used cryptographic libraries are clumsy, complicated, and assume an understanding of cryptographic algorithms. The challenge is to design high-level abstractions that require minimum knowledge and effort to use while also allowing maximum control when needed. This paper proposes such high-level abstractions consisting of simple cryptographic primitives and full declarative configuration. These abstractions can be implemented on top of any cryptographic library in any language. We have implemented these abstractions in Python, and used them to write a wide variety of well-known security protocols, including Signal, Kerberos, and TLS. We show that programs using our abstractions are much smaller and easier to write than using low-level libraries, where size of security protocols implemented is reduced by about a third on average. We show our implementation incurs a small overhead, less than 5 microseconds for shared key operations and less than 341 microseconds (< 1%) for public key operations. We also show our abstractions are safe against main types of cryptographic misuse reported in the literature

Combining message encryption and authentication

The first part of the paper explains the need for combining message encryption and authentication. We begin with the example to emphasize the fact that privacy‡ does not imply authenticity. Then we prove, one needs both privacy and authenticity, even if one's aim is just getting privacy. In the second part we present an overview of different methods for providing authenticated encryption (AE) i.e. generic compositions, single-pass modes and two-pass combined modes. We analyze what are the advantages and disadvantages of different AE constructions. In the third part of the paper we focus on nonce§ based authenticated encryption modes. Our motivation is the wish to know the methodology of designing authenticated encryption mode of operation. We take into consideration a few most important properties, e.g. parallelizability, memory requirements and pre-processing capability. We analyze possibilities of choice of underlying encryption and authentication components and their order in a message we also try to answer. What does single-key mode really mean? Finally we mention the importance of provable security theory in the security of authenticated encryption modes

Security protocols suite for machine-to-machine systems

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks

A system architecture, processor, and communication protocol for secure implants

Secure and energy-efficient communication between Implantable Medical Devices (IMDs) and authorized external users is attracting increasing attention these days. However, there currently exists no systematic approach to the problem, while solutions from neighboring fields, such as wireless sensor networks, are not directly transferable due to the peculiarities of the IMD domain. This work describes an original, efficient solution for secure IMD communication. A new implant system architecture is proposed, where security and main-implant functionality are made completely decoupled by running the tasks onto two separate cores. Wireless communication goes through a custom security ASIP, called SISC (Smart-Implant Security Core), which runs an energy-efficient security protocol. The security core is powered by RF-harvested energy until it performs external-reader authentication, providing an elegant defense mechanism agai

Enhancing Secure Sockets Layer Bulk Data Trnsfer Phase Performance With Parallel Cryptography Algorithm

With more than 2 billion people connected to the Internet, information security has become a top priority. Many applications such as electronic banking, medical database, and electronic commerce require the exchange of private information. Hashed Message Authentication Code (HMAC) is widely used to provide authenticity, while symmetric encryption algorithms provide confidentiality. Secure Socket Layer (SSL) is one of the most widely used security protocols on the Internet. In the current Bulk Data Transfer (BDT) phase in SSL, the server or the client firstly calculates the Message Authentication Code (MAC) of the data using HMAC operation, and then performs the symmetric encryption on the data together with the MAC. Despite steady improvements in SSL performance, BDT operation degrades CPU performance. This is due to the cryptography operations that include the HMAC and symmetric encryptions. The thesis proposes a new algorithm that provides a significant performance gain in bulk data transfer without compromising the security. The proposed algorithm performs the encryption of the data and the calculation of the MAC in parallel. The server calculates the MAC of the data the same time the encryption processes the data. Once the calculation of the MAC is completed, only then the MAC will be encrypted. The proposed algorithm was simulated using two processors with one performing the HMAC calculation and the other encrypting the data, simultaneously. Advanced Encryption Standard (AES) was chosen as encryption algorithm and HMAC Standard Hash Algorithm 1 (SHA1) was chosen as HMAC algorithm. The communication between the processors was done via Message Passing Interface (MPI). The existing sequential and the proposed parallel algorithms were simulated successfully while preserving security properties. Based on the performance simulations, the new parallel algorithm gained speedup of 1.74 with 85% efficiency over the current sequential algorithm. The parallel overheads that limit the maximum achievable speedup were also considered. Different block cipher modes were used in which the Cipher-Block Chaining (CBC) gives the best speedup among the feedback cipher modes. In addition, Triple Data Encryption Standard (3DES) was also simulated as the encryption algorithm to compare the speedup performance with AES encryption