229 research outputs found
Asymptotic Analysis of Plausible Tree Hash Modes for SHA-3
Discussions about the choice of a tree hash mode of operation for a
standardization have recently been undertaken. It appears that a single tree
mode cannot address adequately all possible uses and specifications of a
system. In this paper, we review the tree modes which have been proposed, we
discuss their problems and propose remedies. We make the reasonable assumption
that communicating systems have different specifications and that software
applications are of different types (securing stored content or live-streamed
content). Finally, we propose new modes of operation that address the resource
usage problem for the three most representative categories of devices and we
analyse their asymptotic behavior
Swiftmend: Data Synchronization in Open mHealth Applications with Restricted Connectivity
Open mHealth applications often include mobile devices and cloud services with replicated data between components. These replicas need periodical synchronization to remain consistent. However, there are no guarantee of connectivity to networks which do not bill users on the quantity of data usage. This thesis propose Swiftmend, a system with synchronization that minimize the quantity of I/O used on the network.
Swiftmend includes two reconciliation algorithms; Rejuvenation and Regrowth. The latter utilizes the efficiency of the Merkle tree data structure to reduce the I/O. Merkle trees can sum up the consistency of replicas into compact fingerprints. While the first reconciliation algorithm, Rejuvenation simply inspects the entire replica to identify consistency. Regrowth is shown to produce less quantity of I/O than Rejuvenation when synchronizing replicas. This is due to the compact fingerprints
Flexible Memory Protection with Dynamic Authentication Trees
As computing appliances increase in use and handle more critical information and functionalities, the importance of security grows even greater. In cases where the device processes sensitive data or performs important functionality, an attacker may be able to read or manipulate it by accessing the data bus between the processor and memory itself. As it is impossible to provide physical protection to the piece of hardware in use, it is important to provide protection against revealing confidential information and securing the device\u27s intended operation. Defense against bus attacks such as spoofing, splicing, and replay attacks are of particular concern. Traditional memory authentication techniques, such as hashes and message authentication codes, are costly when protecting off-chip memory during run-time. Balanced authentication trees such as the well-known Merkle tree or TEC-Tree are widely used to reduce this cost. While authentication trees are less costly than conventional techniques it still remains expensive. This work proposes a new method of dynamically updating an authentication tree structure based on a processor\u27s memory access pattern. Memory addresses that are more frequently accessed are dynamically shifted to a higher tree level to reduce the number of memory accesses required to authenticate that address. The block-level AREA technique is applied to allow for data confidentiality with no additional cost. An HDL design for use in an FPGA is provided as a transparent and highly customizable AXI-4 memory controller. The memory controller allows for data confidentiality and authentication for random-access memory with different speed or memory size constraints. The design was implemented on a Zynq 7000 system-on-chip using the processor to communicate with the hardware design. The performance of the dynamic tree design is comparable to the TEC-Tree in several memory access patterns. The TEC-Tree performs better than a dynamic design in particular applications; however, speedup over the TEC-Tree is possible to achieve when applied in scenarios that frequently accessed previously processed data
One-Time Signatures Revisited: Have They Become Practical?
One-time signatures have been known for more than two decades, and
have been studied mainly due to their theoretical value. Recent
works motivated us to examine the practical use of one-time
signatures in high-performance applications. In this paper we
describe FMTseq - a signature scheme that merges recent
improvements in hash tree traversal into Merkle\u27s one-time signature
scheme. Implementation results show that the scheme provides a
signature speed of up to 35 times faster than a 2048-bit RSA
signature scheme, for about one million signatures, and a signature
size of only a few kilobytes. We provide an analysis of practical
parameter selection for the scheme, and improvements that can be
applied in more specific scenarios
- …