70,421 research outputs found
Efficient Implementations of Pairing-Based Cryptography on Embedded Systems
Many cryptographic applications use bilinear pairing such as identity based signature, instance identity-based key agreement, searchable public-key encryption, short signature scheme, certificate less encryption and blind signature. Elliptic curves over finite field are the most secure and efficient way to implement bilinear pairings for the these applications. Pairing based cryptosystems are being implemented on different platforms such as low-power and mobile devices. Recently, hardware capabilities of embedded devices have been emerging which can support efficient and faster implementations of pairings on hand-held devices. In this thesis, the main focus is optimization of Optimal Ate-pairing using special class of ordinary curves, Barreto-Naehring (BN), for different security levels on low-resource devices with ARM processors. Latest ARM architectures are using SIMD instructions based NEON engine and are helpful to optimize basic algorithms. Pairing implementations are being done using tower field which use field multiplication as the most important computation. This work presents NEON implementation of two multipliers (Karatsuba and Schoolbook) and compare the performance of these multipliers with different multipliers present in the literature for different field sizes. This work reports the fastest implementation timing of pairing for BN254, BN446 and BN638 curves for ARMv7 architecture which have security levels as 128-, 164-, and 192-bit, respectively. This work also presents comparison of code performance for ARMv8 architectures
PKI Scalability Issues
This report surveys different PKI technologies such as PKIX and SPKI and the
issues of PKI that affect scalability. Much focus is spent on certificate
revocation methodologies and status verification systems such as CRLs,
Delta-CRLs, CRS, Certificate Revocation Trees, Windowed Certificate Revocation,
OCSP, SCVP and DVCS.Comment: 23 pages, 2 figure
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
Security Analysis of Vehicular Ad Hoc Networks (VANET)
Vehicular Ad Hoc Networks (VANET) has mostly gained the attention of today's
research efforts, while current solutions to achieve secure VANET, to protect
the network from adversary and attacks still not enough, trying to reach a
satisfactory level, for the driver and manufacturer to achieve safety of life
and infotainment. The need for a robust VANET networks is strongly dependent on
their security and privacy features, which will be discussed in this paper. In
this paper a various types of security problems and challenges of VANET been
analyzed and discussed; we also discuss a set of solutions presented to solve
these challenges and problems.Comment: 6 pages; 2010 Second International Conference on Network
Applications, Protocols and Service
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Maintaining unlinkability in group based P2P environments
In the wake of the success of Peer-to-Peer (P2P) networking, security has arisen as one of its main concerns, becoming a key issue when evaluating a P2P system. Unfortunately, some systems' design focus targeted issues such as scalabil-ity or overall performance, but not security. As a result, security mechanisms must be provided at a later stage, after the system has already been designed and partially (or even fully) implemented, which may prove a cumbersome proposition. This work exposes how a security layer was provided under such circumstances for a specic Java based P2P framework: JXTA-Overlay.Arran de l'èxit de (P2P) peer-to-peer, la seguretat ha sorgit com una de les seves principals preocupacions, esdevenint una qüestió clau en l'avaluació d'un sistema P2P. Malauradament, alguns sistemes de disseny apunten focus de problemes com l'escalabilitat o l'acompliment general, però no de seguretat. Com a resultat d'això, els mecanismes de seguretat s¿han de proporcionar en una etapa posterior, després que el sistema ja ha estat dissenyat i parcialment (o fins i tot totalment) implementat, la qual cosa pot ser una proposició incòmode. Aquest article exposa com es va proveir una capa de seguretat sota aquestes circumstàncies per un Java específic basat en un marc P2P: JXTA-superposició.A raíz del éxito de (P2P) peer-to-peer, la seguridad ha surgido como una de sus principales preocupaciones, convirtiéndose en una cuestión clave en la evaluación de un sistema P2P. Desgraciadamente, algunos sistemas de diseño apuntan un foco de problemas como la escalabilidad o el desempeño general, pero no de seguridad. Como resultado de ello, los mecanismos de seguridad se proporcionarán en una etapa posterior, después de que el sistema ya ha sido diseñado y parcialmente (o incluso totalmente) implementado, lo que puede ser una proposición incómodo. Este artículo expone cómo se proveyó una capa de seguridad bajo estas circunstancias por un Java específico basado en un marco P2P: JXTA-superposición
- …