Enhancing Security to Protect e-passport against Photo Forgery

Electronic Passport (e-passport) is one of the results of the electronic revolution in the World; since the passport is the document of the person in terms of identity and nationality and is the property of the country. One of the most important challenges is to protect this document from forgery. The common forgery for the passport is replacing its holder photo. The proposed system concentrates on the security part of the e-passport. It consists of two parts; the first part is hiding of the security code by using steganography and storing the same code in the RFID tag by the issuing country of the epassport. The other part will be operated at the control point of the destination country to make sure of the e-passport validity by checking the hidden code using NFC and verify it with the one in the RFID tag. If the two values are equal, then the system will compute a key using Diffie-Hellman Key Exchange. This key will be used to read the secret information in the tag

An Enhancement of Security Standards based on Pseudonyms

ABSTRACT: Nowadays, numerous mobile terminals have been released into market with NFC which stands for Near Field Communication. The smart devices equipped with NFC have made to improve the effective utility range of NFC. Particularly, NFC electronic payment is expected to take place of credit cards in epayment. Regarding that, it is necessary to direct the attention of security issues in NFC. At present, the security standards make use of user's public key at a fixed value in key agreement process. The message's relevancy can be obtained at the public key of NFC. Based on, malicious attacker can form a profile by collecting the required messages which leads to the infringement of privacy of user. The planned work presents conditional privacy protection method based on pseudonyms to overcome the problems mentioned earlier. Two users can communicate to each other based on some set of rules by sending the conditional privacy preserved Protocol Data Unit through NFC terminals. Additionally, the communicating party's identity can be computed to resolve problem if occurs. The proposal is implemented in hardware using ARM 7processor and NFC readers. It works well in decreasing the update cost and computation overhead by taking the merit of physical characteristics of NFC

Subthreshold circuits: Design, implementation and application

Digital circuits operating in the subthreshold region of the transistor are being used as an ideal option for ultra low power complementary metal-oxide-semiconductor (CMOS) design. The use of subthreshold circuit design in cryptographic systems is gaining importance as a counter measure to power analysis attacks. A power analysis attack is a non-invasive side channel attack in which the power consumption of the cryptographic system can be analyzed to retrieve the encrypted data. A number of techniques to increase the resistance to power attacks have been proposed at algorithmic and hardware levels, but these techniques suffer from large area and power overheads. The main aim of this research is to understand the viability of implementing subthreshold systems for cryptographic applications. Standard cell libraries in subthreshold are designed and a methodology to identify the minimum energy point, aspect ratio, frequency range and operating voltage for CMOS standard cells is defined. As scalar multiplication is the fundamental operation in elliptic curve cryptographic systems, a digit-level gaussian normal basis (GNB) multiplier is implemented using the aforementioned standard cells. A similar standard-cell library is designed for the multiplier to operate in the superthreshold regime. The subthreshold and superthreshold multipliers are then subjected to a differential power analysis attack. Power performance and signal-to-noise ratio (SNR) of both these systems are compared to evaluate the usefulness of the subthreshold design. The power consumption of the subthreshold multiplier is 4.554 uW, the speed of the multiplier is 65.1 KHz and the SNR is 40 dB. The superthreshold multiplier has a power consumption of 4.005 mW, the speed of the multiplier is 330 MHz and the SNR is 200 dB. Reduced power consumption, hence reduced SNR, increases the resistance of the subthreshold multiplier against power analysis attacks. (Refer to PDF for exact formulas)

07381 Abstracts Collection -- Cryptography

From 16.09.2007 to 21.09.2007 the Dagstuhl Seminar 07381 ``Cryptography\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead

On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes

Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elämme, on muovautunut teknologian kehityksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tämän kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenäisen viestinnän ennennäkemättömässä mittakaavassa. Internet on muovautunut ehkä keskeisimmäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän olemassaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työkalut eivät vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettä, vaan myös vaarantavat kaiken Internet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltaisia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnallisesta näkökulmasta. Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia ratkaisuja ja avauksia eri näkökulmista. Työn tavoitteena on osaltaan mahdollistaa entistä turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkökulmasta työssä esitetään suunnitteluvuo kryptografisia primitiivejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetuviiille järjestelmille, analysoidaan biometrisiin passeihin, kansainväliseen passijärjestelmään, sekä sähköiseen äänestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehitetään menetelmiä parempaan tietoturvaopetukseen kaikilla koulutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen merkitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin

Cloud Storage Protection Scheme Based on Fully Homomorphic Encryption

Cloud computing allows enterprises and individuals to have a less physical infrastructure of software and hardware. Nevertheless, there are some concerns regarding privacy protection which may turn out to be a strong barrier. Traditional encryption schemes have been used to encrypt the data before sending them to the cloud. However, the private key has to be provided to the server before any calculations on the data. To solve this security problem, this paper proposes a fully homomorphic encryption scheme for securing cloud data at rest. The scheme is based on prime modular operation, its security depends on factoring multiple large prime numbers (p1, p2,...pn) up to n, which is formed from very large prime numbers up to hundreds of digits as this is an open problem in mathematics. In addition, the elements of the secret key are derived from a series of mathematical operations and the calculation of an Euler coefficient within the modular of integers. Furthermore, it adds the complexity of noise to the plaintext using the number of users of the Cloud Service Provider. Moreover, its randomness is evaluated by the National Institute of Standards and Technology statistical tests, and the results demonstrating that the best statistical performance was obtained with this algorithm

Improving Dependability of Networks with Penalty and Revocation Mechanisms

Both malicious and non-malicious faults can dismantle computer networks. Thus, mitigating faults at various layers is essential in ensuring efficient and fair network resource utilization. In this thesis we take a step in this direction and study several ways to deal with faults by means of penalties and revocation mechanisms in networks that are lacking a centralized coordination point, either because of their scale or design. Compromised nodes can pose a serious threat to infrastructure, end-hosts and services. Such malicious elements can undermine the availability and fairness of networked systems. To deal with such nodes, we design and analyze protocols enabling their removal from the network in a fast and a secure way. We design these protocols for two different environments. In the former setting, we assume that there are multiple, but independent trusted points in the network which coordinate other nodes in the network. In the latter, we assume that all nodes play equal roles in the network and thus need to cooperate to carry out common functionality. We analyze these solutions and discuss possible deployment scenarios. Next we turn our attention to wireless edge networks. In this context, some nodes, without being malicious, can still behave in an unfair manner. To deal with the situation, we propose several self-penalty mechanisms. We implement the proposed protocols employing a commodity hardware and conduct experiments in real-world environments. The analysis of data collected in several measurement rounds revealed improvements in terms of higher fairness and throughput. We corroborate the results with simulations and an analytic model. And finally, we discuss how to measure fairness in dynamic settings, where nodes can have heterogeneous resource demands