34 research outputs found
Verifiable Random Functions (VRFs)
A Verifiable Random Function (VRF) is the public-key version of a
keyed cryptographic hash. Only the holder of the private key can
compute the hash, but anyone with public key can verify the
correctness of the hash. VRFs are useful for preventing enumeration
of hash-based data structures. This document specifies several VRF
constructions that are secure in the cryptographic random oracle
model. One VRF uses RSA and the other VRF uses Eliptic Curves (EC).https://datatracker.ietf.org/doc/draft-irtf-cfrg-vrf/First author draf
Authentication and Authorization with Json Web Token
Ovim radom istraživala se tehnologija json web tokena i njegova upotreba. Također definirani su pojmovi autentikacije i autorizacije koji su osnova kod korištenja JWT-a. Nadalje detaljno su opisane kriptografske metode korištene kod digitalnog potpisa i šifriranja ključa JWT-a. Razrađene su prednosti i nedostaci korištenja tehnologije JWTa koje su detaljno poduprijete primjerima i načinu zaobilaska istih. Zadnji dio rada fokusirao se na izradu jednostavne aplikacije koja prikazuje upotrebu JWT-a kod autentikacije i autorizacije. Za izradu aplikacije korišteno je NodeJs okruženje, te mnoge biblioteke i paketi koji pomažu lakšoj implementaciji JWT-a poput bcrypt, nodemon, joi i drugi.This work explores the technology of Json web tokens and its use. Authentication and authorization concepts that are the basis for using JWT are also defined. The cryptographic methods used for digitally signing and encrypting the JWT key are further
described. The advantages and disadvantages of using JWT technology have been elaborated, which are backed up in detail by examples and how to avoid them. The last part of the paper focused on creating a simple application that demonstrates the
use of JWT for authentication and authorization. NodeJs environment was used to build the application, as well as many libraries and packages to help facilitate JWT implementation such as bcrypt, nodemon, joi and others
Certifying RSA public keys with an efficient NIZK
In many applications, it is important to verify that an RSA public key ( N,e ) specifies a permutation, in order to prevent attacks due to adversarially-generated public keys. We design and implement a simple and efficient noninteractive zero-knowledge protocol (in the random oracle model) for this task. The key feature of our protocol is compatibility with existing RSA implementations and standards. The protocol works for any choice of e. Applications concerned about adversarial key generation can just append our proof to the RSA public key without any other modifications to existing code or cryptographic libraries. Users need only perform a one- time verification of the proof to ensure that raising to the power e is a permutation of the integers modulo N . For typical parameter settings, the proof consists of nine integers modulo N; generating the proof and verifying it both require about nine modular exponentiations.https://eprint.iacr.org/2018/057.pdfFirst author draf
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
UTM UAS Service Supplier Specification
Within the Unmanned Aircraft Systems (UAS) Traffic Management (UTM) system, the UAS Service Supplier (USS) is a key component. The USS serves several functions. At a high level, those include the following: Bridging communication between UAS Operators and Flight Information Management System (FIMS) Supporting planning of UAS operations Assisting strategic deconfliction of the UTM airspace Providing information support to UAS Operators during operations Helping UAS Operators meet their formal requirements This document provides the minimum set of requirements for a USS. In order to be recognized as a USS within UTM, successful demonstration of satisfying the requirements described herein will be a prerequisite. To ensure various desired qualities (security, fairness, availability, efficiency, maintainability, etc.), this specification relies on references to existing public specifications whenever possible
Dokspot : securely linking healthcare products with online instructions
Printed instructions for products get replaced more and more by digital versions that are made available over the internet. In safety-sensitive fields such as healthcare products, availability and integrity of these instructions is of highest importance. However, providing and managing instructions online opens the door to a wide range of potential attacks, which may negatively affect availability and integrity. In this paper, dokspot is presented, which is an internet-based service that aims at solving this problem by securely linking healthcare products with online instructions. The key to achieve this is a sophisticated security architecture and the focus of this paper is on the core components of this architecture. This includes a secure workflow to manage online instructions, which prevents, e.g., attacks by malicious insiders. Also, the traditionally monolithic web application architecture was split into role-based microservices, which provides protection even if parts of the system are compromised. Furthermore, digital signatures are utilized to continuously safeguard the lifecycle of online instructions to guarantee their genuineness and integrity. And finally, a passwordless signature scheme is introduced to hide inconvenient extra steps from the users while still maintaining security. Overall, this security architecture makes dokspot highly resistant to a wide range of attacks
Efficient noninteractive certification of RSA moduli and beyond
In many applications, it is important to verify that an RSA public key (N; e) speci es a
permutation over the entire space ZN, in order to prevent attacks due to adversarially-generated
public keys. We design and implement a simple and e cient noninteractive zero-knowledge
protocol (in the random oracle model) for this task. Applications concerned about adversarial
key generation can just append our proof to the RSA public key without any other modi cations
to existing code or cryptographic libraries. Users need only perform a one-time veri cation of
the proof to ensure that raising to the power e is a permutation of the integers modulo N. For
typical parameter settings, the proof consists of nine integers modulo N; generating the proof
and verifying it both require about nine modular exponentiations.
We extend our results beyond RSA keys and also provide e cient noninteractive zero-
knowledge proofs for other properties of N, which can be used to certify that N is suitable
for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to
the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for
similar languages, our protocols are more e cient and do not require interaction, which enables
a broader class of applications.https://eprint.iacr.org/2018/057First author draf
Weakened Random Oracle Models with Target Prefix
Weakened random oracle models (WROMs) are variants of the random oracle model
(ROM). The WROMs have the random oracle and the additional oracle which breaks
some property of a hash function. Analyzing the security of cryptographic
schemes in WROMs, we can specify the property of a hash function on which the
security of cryptographic schemes depends. Liskov (SAC 2006) proposed WROMs and
later Numayama et al. (PKC 2008) formalized them as CT-ROM, SPT-ROM, and
FPT-ROM. In each model, there is the additional oracle to break collision
resistance, second preimage resistance, preimage resistance respectively. Tan
and Wong (ACISP 2012) proposed the generalized FPT-ROM (GFPT-ROM) which
intended to capture the chosen prefix collision attack suggested by Stevens et
al. (EUROCRYPT 2007). In this paper, in order to analyze the security of
cryptographic schemes more precisely, we formalize GFPT-ROM and propose
additional three WROMs which capture the chosen prefix collision attack and its
variants. In particular, we focus on signature schemes such as RSA-FDH, its
variants, and DSA, in order to understand essential roles of WROMs in their
security proofs
Робоча програма навчальної дисципліни "Інфраструктура відкритих ключів"
Робоча навчальна програма з курсу «Інфраструктура відкритих ключів» є нормативним документом Київського університету імені Бориса Грінченка, який розроблено кафедрою інформаційної та кібернетичної безпеки імені професора Володимира Бурячка на основі освітньо-професійної програми підготовки здобувачів першого (бакалаврського) рівня відповідно до навчального плану спеціальності 125 «Кібербезпека». Навчальна дисципліна «Інфраструктура відкритих ключів» складається з двох змістовних модулів: Основи побудови та застосування інфраструктури відкритих ключів; Практичні аспекти розгортання системи ІВК та забезпечення її функціонування. Обсяг дисципліни – 180 год. (6 кредитів)