Critical analyses of some public-key cryptosystems for high-speed satellite transmission applications

Thesis (M.S.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1981.MICROFICHE COPY AVAILABLE IN ARCHIVES AND ENGINEERING.Vita.Bibliography: leaves 83-86.by Moses Hsingwen Ma.M.S

Performance Evaluation of Optimal Ate Pairing on Low-Cost Single Microprocessor Platform

The framework of low-cost interconnected devices forms a new kind of cryptographic environment with diverse requirements. Due to the minimal resource capacity of the devices, light-weight cryptographic algorithms are favored. Many applications of IoT work autonomously and process sensible data, which emphasizes security needs, and might also cause a need for specific security measures. A bilinear pairing is a mapping based on groups formed by elliptic curves over extension fields. The pairings are the key-enabler for versatile cryptosystems, such as certificateless signatures and searchable encryption. However, they have a major computational overhead, which coincides with the requirements of the low-cost devices. Nonetheless, the bilinear pairings are the only known approach for many cryptographic protocols so their feasibility should certainly be studied, as they might turn out to be necessary for some future IoT solutions. Promising results already exist for high-frequency CPU:s and platforms with hardware extensions. In this work, we study the feasibility of computing the optimal ate pairing over the BN254 curve, on a 64 MHz Cortex-M33 based platform by utilizing an optimized open-source library. The project is carried out for the company Nordic Semiconductor. As a result, the pairing was effectively computed in under 26* 10^6 cycles, or in 410 ms. The resulting pairing enables a limited usage of pairing-based cryptography, with a capacity of at most few cryptographic operations, such as ID-based key verifications per second. Referring to other relevant works, a competent pairing application would require either a high-frequency - and thus high consuming - microprocessor, or a customized FPGA. Moreover, it is noted that the research in efficient pairing-based cryptography is constantly taking steps forward in every front-line: efficient algorithms, protocols, and hardware-solutions

Generic attacks on iterated hash functions

Includes bibliographical references (leaves 126-132).We survery the existing generic attacks on hash functions based on the Merkle­Damgard construction: that is, attacks in which the compression function is treated as a black box

The zheng-seberry public key cryptosystem and signcryption

In 1993 Zheng-Seberry presented a public key cryptosystem that was considered efficient and secure in the sense of indistinguishability of encryptions (IND) against an adaptively chosen ciphertext adversary (CCA2). This thesis shows the Zheng-Seberry scheme is not secure as a CCA2 adversary can break the scheme in the sense of IND. In 1998 Cramer-Shoup presented a scheme that was secure against an IND-CCA2 adversary and whose proof relied only on standard assumptions. This thesis modifies this proof and applies it to a modified version of the El-Gamal scheme. This resulted in a provably secure scheme relying on the Random Oracle (RO) model, which is more efficient than the original Cramer-Shoup scheme. Although the RO model assumption is needed for security of this new El-Gamal variant, it only relies on it in a minimal way

A Distributed Security Architecture for Large Scale Systems

This thesis describes the research leading from the conception, through development, to the practical implementation of a comprehensive security architecture for use within, and as a value-added enhancement to, the ISO Open Systems Interconnection (OSI) model. The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can allow any of the ISO recommended security facilities to be provided at any layer of the model. It is suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications. For large scale, distributed processing operations, a network of security management centres (SMCs) is suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided in an efficient manner. The background to the OSI standards are covered in detail, followed by an introduction to security in open systems. A survey of existing techniques in formal analysis and verification is then presented. The architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed by an extension of the CSS concept to a large scale network controlled by SMCs. A new approach to formal security analysis is described which is based on two main methodologies. Firstly, every function within the system is built from layers of provably secure sequences of finite state machines, using a recursive function to monitor and constrain the system to the desired state at all times. Secondly, the correctness of the protocols generated by the sequences to exchange security information and control data between agents in a distributed environment, is analysed in terms of a modified temporal Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system as a result of actions performed by entities within the system, including the notion of timeliness. The two fundamental problems in number theory upon which the assumptions about the security of the finite state machine model rest are described, together with a comprehensive survey of the very latest progress in this area. Having assumed that the two problems will remain computationally intractable in the foreseeable future, the method is then applied to the formal analysis of some of the components of the Comprehensive Security System. A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out in Chapter 1. This implementation is described, and finally some comments are made on the possible future of research into security aspects of distributed systems.IBM (United Kingdom) Laboratories Hursley Park, Winchester, U

Technical advances in mass spectrometry-based proteomics and its application to the characterisation of glioma-initiating cells

Der derzeit klassische Ablauf einer Peptid/Protein Identifikation mittels Flüssigkeitschromatography mit gekoppeltem Massenspektrometer (LC-MS) beruht auf Masse, Ladung und Fragmentierung der Peptide. In dieser Doktorarbeit wende ich diese Technik zur Charakterisierung von zellulären Proteomen an, um Gliomstammzellen und neuronale Stammzellen zu analysieren um so Einblicke in die Krebssignatur der frühen Zellarten zu erhalten. Parallel untersuche ich in proteomischen Arbeitsabläufen Verbesserungen durch bessere Ausnutzung von experimentellen Parametern, die in proteomischen Experimenten auftreten. Besonders die Isotopenverteilungen von Peptiden wird generell nicht in proteomischen Methoden verwendet, obwohl sie in jedem akquirierten Spektrum enthalen sind. Daher untersuchten wir die Verwendung von Isotopenmustern in MS1 Massenspektren, um die Peptididentifikation zu unterstützen. Wir belegten, dass der relative Isotopenhäufigkeits (RIA)-Fehler 4-5% beträgt und dieser nur gering von Spektrumintensität, Auflösung und Anzahl an MS1 Spektren abhängt. In kompletten Proteomanalysen hat die derzeitige RIA-Genauigkeit eine limitierende Trennschärfe. Mit einherging, dass die Analyse durch die Schwierigkeit der FDR Berechnung beeinträchtigt wurde, insbesonders bei der Erstellung richtiger Zufallsdatenbanken, die ähnlich in der Größe aber unterschiedlich in der molekularen Zusammensetzung aller enthaltener Peptide der Zieldatenbank sind. Alternative Strategien zur Berechnung der FDR werden vonnöten sein um dieses Problem in komplexen Proteomanalysen Herr zu werden. Trotzdem wird die Nützlichkeit von RIA mit künftigen instrumentellen Entwicklungen vielleicht relevant werden, wenn berücksichtigt wird dass eine nur geringe Senkung des RIA-Fehlers unter 1% eine starke Verbesserung der Trennschärfe bewirkt. Alternativ wäre mit Zunahme der Massengenauigkeit vielleicht sogar der derzeitige RIA Genauigkeitslevel ausreichend, um Isotopenmustern als Nebenbedingung in Peptididentifikationen einzubinden, da sie als Parameter „umsonst“ in jedem MS-basierden proteomischen Experiment vorhanden sind. Das Glioblastom ist der häufigste bösartigste Gehirntumor und es gibt starke Hinweise, dass Gehirntumore aus einer geringen Population von Zellen, bekannt als Krebsstammzellen (CSCs) erstehen. Der Tumor weist normale Stammzell-Charakteristika auf, wie langfristige Selbsterneuerung, Langlebigkeit und die Fähigkeit sich in adulte Zellen zu differenzieren. Um die Unterschiede der globalen Proteinexpression zwischen bösartigen neuralen Stammzellen, die aus adulten Gliomen (GNSs) entstehen und unveränderten, karyotypischen normalen fötalen neuronalen Stammzellen [1] zu lüften, erbrachten wir massenspektrometrische Analysen von beidem, dem totalen Zellproteom und dem sekretierten Proteom dieser Zellen. Dies resultierte in ~7500 und ~2000 quantifizierten Proteinen und 446 unterschiedlich exprimierten Proteinen (152 hoch- und 294 herunterreguliert in GNSs) beziehungsweise 167 unterschiedlich exprimierten Proteinen (144 hoch- und 23 herunterreguliert). Nach der Datenanalyse konnten mehrere Proteinkandidaten als Oberflächenmarker zwischen NSs und GNSs unterschieden und mittels Immunozytochemie validiert werden. Weiterhin wurden Kandidaten der GNS-sekretierten Faktoren, die eine tumorgenetische Veränderung der NSs vermitteln können, mittels Zeitraffer Aufnahmen und koloniebildende Assays evaluiert. Beide Experimente lieferten positive Ergebnisse, die die Bedeutung der Protoemics demonstiert. Allerdings sind weitere Experimente nötig, um diese Resultate zu festigen

Design and Analysis of Cryptographic Hash Functions

Wydział Matematyki i InformatykiKryptograficzne funkcje haszujące stanowią element składowy wielu algorytmów kryptograficznych. Przykładowymi zastosowaniami kryptograficznych funkcji haszujących są podpisy cyfrowe oraz kody uwierzytelniania wiadomości. Ich własności kryptograficzne mają znaczący wpływ na poziom bezpieczeństwa systemów kryptograficznych wykorzystujących haszowanie. W dysertacji analizowane są kryptograficzne funkcje haszujące oraz omówione główne zasady tworzenia bezpiecznych kryptograficznych funkcji haszujących. Analizujemy bezpieczeństwo dedykowanych funkcji haszujących (BMW, Shabal, SIMD, BLAKE2, Skein) oraz funkcji haszujących zbudowanych z szyfrów blokowych (Crypton, Hierocrypt-3, IDEA, SAFER++, Square). Głównymi metodami kryptoanalizy użytymi są skrócona analiza różnicowa, analiza rotacyjna i przesuwna. Uzyskane wyniki pokazują słabości analizowanych konstrukcji.Cryptographic Hash Functions (CHFs) are building blocks of many cryptographic algorithms. For instance, they are indispensable tools for efficient digital signature and authentication tags. Their security properties have tremendous impact on the security level of systems, which use cryptographic hashing. This thesis analyzes CHFs and studies the design principles for construction of secure and efficient CHFs. The dissertation investigates security of both dedicated hash functions (BMW, Shabal, SIMD, BLAKE2, Skein) and hash functions based on block ciphers (Crypton, Hierocrypt-3, IDEA, SAFER++, Square). The main cryptographic tools applied are truncated differentials, rotational and shift analysis. The findings show weaknesses in the designs

The transformation of the small master economy in the boot and shoe industry 1887-1914 : with special reference to Northampton

The footwear industry is one of the important examples of late industrial transformation in nineteenth century  Britain. The aim here is to investigate shoe manufacturers' reactions to this period of structural and  organisational change. The thesis is in three parts:(I) Chapters One-Three explore the character and scope of industrialisation in the industry. The literature on  British entrepreneurship, evaluates the shifts in attitude and strategy of dominant groups within each industry;  much less attention has been given to the often wide divergence of experience within business communities as a whole. In small master-dominated industries, like shoemaking, there existed a range of business experience  - both business success and failure - which has not been the subject of close empirical study. Here, the  assumption of an orderly, progressive concentration of capital is challenged. The small shoe masters' role  during industrialisation was more complex than the literature allows. Secondly, the chronology and  determinants of change are reappraised. And, finally, the size, character and structure of the Northampton footwear business community is studied.(II) Chapters Four-Six take up this theme of business failure. Little previous systematic, empirical investigation  of patterns of failure has been carried out by historians. Thus, initially, general issues of methodology and theory are broached. The data presented, not only allows failure trends to be analysed, but is also used to explore  small masters' attitudes and reactions to change. Three facets of failure were isolated. Failure linked to  business cycle effects (Chapter Four). The high endemic levels of failure linked to normal trading pressures  with reference particularly to infant firms. Here questions of credit provision, failure causation and small master  motivation are examined (Chapter Five), in addition to normal and hiatus failures amongst mature firms (Chapter Six). Lastly, failures linked to industrialisation are investigated (Chapter Six). There are two features:  the contraction of the small master base and the failure of old established firms.(III) As a counterpoint to Section II, Chapters Seven and Eight study those firms that survive to 1914. These  included a small, dominant elite group of established firms, whose industrial policies, family business  organisation and striving for social acceptance are examined

Stream ciphers for secure display

In any situation where private, proprietary or highly confidential material is being dealt with, the need to consider aspects of data security has grown ever more important. It is usual to secure such data from its source, over networks and on to the intended recipient. However, data security considerations typically stop at the recipient's processor, leaving connections to a display transmitting raw data which is increasingly in a digital format and of value to an adversary. With a progression to wireless display technologies the prominence of this vulnerability is set to rise, making the implementation of 'secure display' increasingly desirable. Secure display takes aspects of data security right to the display panel itself, potentially minimising the cost, component count and thickness of the final product. Recent developments in display technologies should help make this integration possible. However, the processing of large quantities of time-sensitive data presents a significant challenge in such resource constrained environments. Efficient high- throughput decryption is a crucial aspect of the implementation of secure display and one for which the widely used and well understood block cipher may not be best suited. Stream ciphers present a promising alternative and a number of strong candidate algorithms potentially offer the hardware speed and efficiency required. In the past, similar stream ciphers have suffered from algorithmic vulnerabilities. Although these new-generation designs have done much to respond to this concern, the relatively short 80-bit key lengths of some proposed hardware candidates, when combined with ever-advancing computational power, leads to the thesis identifying exhaustive search of key space as a potential attack vector. To determine the value of protection afforded by such short key lengths a unique hardware key search engine for stream ciphers is developed that makes use of an appropriate data element to improve search efficiency. The simulations from this system indicate that the proposed key lengths may be insufficient for applications where data is of long-term or high value. It is suggested that for the concept of secure display to be accepted, a longer key length should be used