Algoritmos criptográficos e o seu desempenho no Arduíno

O Arduíno é uma plataforma muito robusta e multifacetada utilizada em diversas situações e, cada vez mais, um elemento relevante na arquitetura da Internet das Coisas. Ao disponibilizar várias interfaces de comunicação sem fios, pode ser utilizado para controlar eletrodomésticos, portas, sensores de temperatura, etc. permitindo implementar facilmente a comunicação entre estas “coisas”. Nesta tese foram estudadas as principais redes sem fios utilizadas pelo Arduíno (Bluetooth Low Energy [BLE], Wi-Fi e ZigBee) para tentar perceber qual a que tem o melhor desempenho, vantagens e desvantagens de cada uma, quais os módulos necessários para permitir ao Arduíno utilizar esse tipo de rede sem fios, quais as principais funções para que foram projetadas quando criadas e qual o sistema de segurança utilizado nestas redes. Estas diferentes tecnologias sem fios permitem uma maior mobilidade e uma maior flexibilidade no desenho das estruturas de rede do que as redes com fios convencionais. Porém, este tipo de redes têm uma grande desvantagem já que qualquer um dentro do alcance da rede sem fios consegue intercetar o sinal que está a ser transmitido. Para solucionar e proteger a informação que é transmitida por estas redes foram desenvolvidos vários algoritmos de criptografia. Estes dados encriptados só podem ser lidos por dispositivos que tenham uma determinada chave. Os algoritmos de criptografia Data Encryption Standard (DES), Triple DES (TDES), Advanced Encryption Standard (AES), eXtended TEA (XTEA) Corrected Block TEA (XXTEA) estão entre as técnicas mais conhecidos e usadas tualmente. Nesta tese foram analisados estes algoritmos e as suas vulnerabilidades, tendo também sido feito um levantamento dos principais ataques existentes para avaliar se ainda são seguros atualmente. De forma a avaliar a possibilidade de utilizar o Arduíno em aplicações que utilizem comunicações sem fios com segurança, foram realizados testes de desempenho com os algoritmos de criptografia estudados, usando bibliotecas já existentes. Nos testes de desempenho implementados verificou-se que o AES é bastante mais rápido do que as outras soluções, oferecendo ainda uma maior segurança. Já o TDES verificou-se ser bastante lento, justificando o porquê de o algoritmo ser pouco usado, sendo ao longo dos anos substituído pelo AES. O XXTEA ficou em posição intermédia no teste de desempenho, tendo uma relação segurança/desempenho interessante e revelando-se assim uma escolha melhor do que o TDES.The Arduino is a very robust and multifaceted platform used in many situations and, increasingly, a relevant element in the Internet of Things. By providing several wireless communication interfaces, it can be used to control household appliances, doors, temperature sensors, etc. Allowing easy implementation of communication between these "things". In this thesis the main wireless networks used by Arduino (Bluetooth Low Energy [BLE], Wi-Fi and ZigBee) were studied to try to understand which one has the best performance, the advantages and disadvantages of each one, the modules needed to implement each wireless network and what security system are used. These different wireless technologies allow for greater mobility and greater flexibility in the design of network structures than conventional wired networks. However, such networks have a major disadvantage since anyone within the range of the wireless network can intercept the signal being transmitted. Several cryptographic algorithms have been developed to solve and protect the information that is transmitted by these networks. This encrypted data can only be read by devices that have a certain key. Triple Encryption Standard (DES), Advanced Encryption Standard (AES), eXtended TEA (XTEA) and Corrected Block TEA (XXTEA) encryption algorithms are among the best known and currently used algorithms. In this thesis these algorithms have been analyzed to compare their vulnerabilities and to identify the main existing attacks. In order to evaluate the possibility of using Arduino in applications that use wireless communications with security, performance tests were implemented using existing libraries. The results show that the AES is much faster than the other algorithms, offering even greater security. TDES was found to be quite slow, justifying why the algorithm has little used, and why over the years has been replaced by AES. The XXTEA was ranked in the middle of the performance test, having an interesting safety/performance ratio proving it to be a better choice than TDES

The Role of the Adversary Model in Applied Security Research

Adversary models have been integral to the design of provably-secure cryptographic schemes or protocols. However, their use in other computer science research disciplines is relatively limited, particularly in the case of applied security research (e.g., mobile app and vulnerability studies). In this study, we conduct a survey of prominent adversary models used in the seminal field of cryptography, and more recent mobile and Internet of Things (IoT) research. Motivated by the findings from the cryptography survey, we propose a classification scheme for common app-based adversaries used in mobile security research, and classify key papers using the proposed scheme. Finally, we discuss recent work involving adversary models in the contemporary research field of IoT. We contribute recommendations to aid researchers working in applied (IoT) security based upon our findings from the mobile and cryptography literature. The key recommendation is for authors to clearly define adversary goals, assumptions and capabilities

Anonymous Attestation for IoT

Internet of Things (IoT) have seen tremendous growth and are being deployed pervasively in areas such as home, surveillance, health-care and transportation. These devices collect and process sensitive data with respect to user\u27s privacy. Protecting the privacy of the user is an essential aspect of security, and anonymous attestation of IoT devices are critical to enable privacy-preserving mechanisms. Enhanced Privacy ID (EPID) is an industry-standard cryptographic scheme that offers anonymous attestation. It is based on group signature scheme constructed from bilinear pairings, and provides anonymity and sophisticated revocation capabilities (private-key based revocation and signature-based revocation). Despite the interesting privacy-preserving features, EPID operations are very computational and memory intensive. In this paper, we present a small footprint anonymous attestation solution based on EPID that can meet the stringent resource requirements of IoT devices. A specific modular-reduction technique targeting the EPID prime number has been developed resulting in 50% latency reduction compared to conventional reduction techniques. Furthermore, we developed a multi-exponentiation technique that significantly reduces the runtime memory requirements. Our proposed design can be implemented as SW-only, or it can utilize an integrated Elliptic Curve and Galois Field HW accelerator. The EPID SW stack has a small object code footprint of 22kB. We developed a prototype on a 32-bit microcontroller that computes EPID signature generation in 17.9s at 32MHz

Cryptanalysis of Some Block Cipher Constructions

When the public-key cryptography was introduced in the 1970s, symmetric-key cryptography was believed to soon become outdated. Nevertheless, we still heavily rely on symmetric-key primitives as they give high-speed performance. They are used to secure mobile communication, e-commerce transactions, communication through virtual private networks and sending electronic tax returns, among many other everyday activities. However, the security of symmetric-key primitives does not depend on a well-known hard mathematical problem such as the factoring problem, which is the basis of the RSA public-key cryptosystem. Instead, the security of symmetric-key primitives is evaluated against known cryptanalytic techniques. Accordingly, the topic of furthering the state-of-the-art of cryptanalysis of symmetric-key primitives is an ever-evolving topic. Therefore, this thesis is dedicated to the cryptanalysis of symmetric-key cryptographic primitives. Our focus is on block ciphers as well as hash functions that are built using block ciphers. Our contributions can be summarized as follows: First, we tackle the limitation of the current Mixed Integer Linear Programming (MILP) approaches to represent the differential propagation through large S-boxes. Indeed, we present a novel approach that can efficiently model the Difference Distribution Table (DDT) of large S-boxes, i.e., 8-bit S-boxes. As a proof of the validity and efficiency of our approach, we apply it on two out of the seven AES-round based constructions that were recently proposed in FSE 2016. Using our approach, we improve the lower bound on the number of active S-boxes of one construction and the upper bound on the best differential characteristic of the other. Then, we propose meet-in-the-middle attacks using the idea of efficient differential enumeration against two Japanese block ciphers, i.e., Hierocrypt-L1 and Hierocrypt-3. Both block ciphers were submitted to the New European Schemes for Signatures, Integrity, and Encryption (NESSIE) project, selected as one of the Japanese e-Government recommended ciphers in 2003 and reselected in the candidate recommended ciphers list in 2013. We construct five S-box layer distinguishers that we use to recover the master keys of reduced 8 S-box layer versions of both block ciphers. In addition, we present another meet-in-the-middle attack on Hierocrypt-3 with slightly higher time and memory complexities but with much less data complexity. Afterwards, we shift focus to another equally important cryptanalytic attack, i.e., impossible differential attack. SPARX-64/128 is selected among the SPARX family that was recently proposed to provide ARX based block cipher whose security against differential and linear cryptanalysis can be proven. We assess the security of SPARX-64/128 against impossible differential attack and show that it can reach the same number of rounds the division-based integral attack, proposed by the designers, can reach. Then, we pick Kiasu-BC as an example of a tweakable block cipher and prove that, on contrary to its designers’ claim, the freedom in choosing the publicly known tweak decreases its security margin. Lastly, we study the impossible differential properties of the underlying block cipher of the Russian hash standard Streebog and point out the potential risk in using it as a MAC scheme in the secret-IV mode

SUNDAE: Small Universal Deterministic Authenticated Encryption for the Internet of Things

Lightweight cryptography was developed in response to the increasing need to secure devices for the Internet of Things. After significant research effort, many new block ciphers have been designed targeting lightweight settings, optimizing efficiency metrics which conventional block ciphers did not. However, block ciphers must be used in modes of operation to achieve more advanced security goals such as data confidentiality and authenticity, a research area given relatively little attention in the lightweight setting. We introduce a new authenticated encryption (AE) mode of operation, SUNDAE, specially targeted for constrained environments. SUNDAE is smaller than other known lightweight modes in implementation area, such as CLOC, JAMBU, and COFB, however unlike these modes, SUNDAE is designed as a deterministic authenticated encryption (DAE) scheme, meaning it provides maximal security in settings where proper randomness is hard to generate, or secure storage must be minimized due to expense. Unlike other DAE schemes, such as GCM-SIV, SUNDAE can be implemented efficiently on both constrained devices, as well as the servers communicating with those devices. We prove SUNDAE secure relative to its underlying block cipher, and provide an extensive implementation study, with results in both software and hardware, demonstrating that SUNDAE offers improved compactness and power consumption in hardware compared to other lightweight AE modes, while simultaneously offering comparable performance to GCM-SIV on parallel high-end platforms

Withdrawable Signature: How to Call off a Signature

Digital signatures are a cornerstone of security and trust in cryptography, providing authenticity, integrity, and non-repudiation. Despite their benefits, traditional digital signature schemes suffer from inherent immutability, offering no provision for a signer to retract a previously issued signature. This paper introduces the concept of a withdrawable signature scheme, which allows for the retraction of a signature without revealing the signer\u27s private key or compromising the security of other signatures the signer created before. This property, defined as ``withdrawability\u27\u27, is particularly relevant in decentralized systems, such as e-voting, blockchain-based smart contracts, and escrow services, where signers may wish to revoke or alter their commitment. The core idea of our construction of a withdrawable signature scheme is to ensure that the parties with a withdrawable signature are not convinced whether the signer signed a specific message. This ability to generate a signature while preventing validity from being verified is a fundamental requirement of our scheme, epitomizing the property of withdrawability. After formally defining security notions for withdrawable signatures, we present two constructions of the scheme based on the pairing and the discrete logarithm. We provide proofs that both constructions are unforgeable under insider corruption and satisfy the criteria of withdrawability. We anticipate our new type of signature will significantly enhance flexibility and security in digital transactions and communications

Improved Meet-in-the-Middle Attacks on Reduced-Round Kalyna-128/256 and Kalyna-256/512

Kalyna is an SPN-based block cipher that was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine. In this paper, we focus on the key-recovery attacks on reduced-round Kalyna-128/256 and Kalyna-256/512 with meet-in-the-middle method. The differential enumeration technique and key-dependent sieve technique which are popular to analyze AES are used to attack them. Using the key-dependent sieve technique to improve the complexity is not an easy task, we should build some tables to achieve this. Since the encryption procedure of Kalyna employs a pre- and post-whitening operations using addition modulo $2^{64}$ applied on the state columns independently, we carefully study the propagation of this operation and propose an addition plaintext structure to solve this. For Kalyna-128/256, we propose a 6-round distinguisher, and achieve a 9-round (out of total 14-round) attack. For Kalyna-256/512, we propose a 7-round distinguisher, then achieve an 11-round (out of total 18-round) attack. As far as we know, these are currently the best results on Kalyna-128/256 and Kalyna-256/512

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Efficient Random Grid Visual Cryptographic Schemes having Essential Members

In this paper we consider ``OR based monochrome random grid visual cryptographic schemes (RGVCS) for $t$-$(k,n)^*$ access structure which is a generalization of the threshold $(k,n)$ access structure in the sense that in all the successful attempts to recover the secret image, the $t$ essential participants must always be present. Up to the best of our knowledge, the current proposed work is the first in the literature of RGVCS which provides efficient direct constructions for the $t$-$(k,n)^*$-RGVCS for ``OR based model. Finding the closed form of light contrast is a challenging work. However, in this paper we come up with the closed form of the light contrast for the ``OR based model. In literature, there are visual cryptographic schemes where the secret reconstruction is done by binary ``XOR operation instead of ``OR operation to increase the relative contrast of the decoded image. In this paper, we also propose an extended grid based $t$-$(k,n)^*$-RGVCS in which we replace the traditional ``OR operation by ``XOR operation. Note that the use of XOR operation indicates that the decoding must be performed computationally and not visually. We justified our schemes using both experimental as well as simulation based data