Теоретико-концептуальный подход к проблеме качества и ценности информации в эргасистеме

The theoretical and conceptual approach to information quality and value problem is considered. The approach includes the choice and determination of types and qualitative forms of information manifestation that are characteristic of the ergatic systems, the efficient distribution in ergatic system of the accepted information measures, the main requirements on measures of quantity and quality of structural and content information, the principal of information value.Рассматривается теоретико-концептуальный подход к проблеме качества и ценности информации в эргасистеме, включающий выбор и определение видов и качественных форм проявления информации, характерных для эргасистем, рациональное распределение в эргасистеме апробированных информационных мер, основные требования к мерам количества и качества структурной и содержательной информации, принцип информационной ценности

Symmetric block ciphers with a block length of 32 bit

Subject of the thesis at hand is the analysis of symmetric block ciphers with a block length of 32 bit. It is meant to give a comprising overview over the topic of 32 bit block ciphers. The topic is divided in the examination of three questions. It contains a list of state of the art block ciphers with a block length of 32 bit. The block ciphers are being described, focussing on the encryption function. An SPN-based cipher with 32 bit block length is being proposed by rescaling the AES cipher. The 32 bit block length results in certain security issues. These so called risk factors are analysed and mitigating measures are proposed. The result of the thesis is, that 32 bit block ciphers can be implemented in a secure manner. The use of 32 bit ciphers should be limited to specific use-cases and with a profound risk analysis, to determine the protection class of the data to be encrypted

Алгебраїчна атака на двійкові SNOW2.0-подібні потокові шифри

У цій роботі зроблен детальний аналіз існуючої алгебраїчної атаки на спрощену версію потокового шифру SNOW2.0 та теоретичних матеріалів, що потрібні для її розуміння, а також на базі цієї атаки запропонован спосіб побудови алгебраїчної атаки на двійкові SNOW2.0-подiбнi потокові шифри. Тема роботи: алгебраїчна атака на двійкові SNOW2.0-подiбнi потокові шифри. Мета роботи: визначення параметрів систем нелінійних булевих рівнянь, які впливають на стійкість шифів відносно зазначеної алгебраїчної атаки на двійкові SNOW2.0-подiбнi потокові шифри. Задача роботи: узагальнення відомої алгебраїчної атаки на спрощену версію SNOW2.0 на довільні двійкові SNOW2.0-подiбнi потокові шифри. Об’єкт дослідження: процес перетворення інформації у двійкових SNOW2.0-подiбних потокових шифрах. Предмет дослідження: властивості компонент алгоритмів шифрування, що визначають їх стійкість відносно алгебраїчних атак. Методи дослідження: методи теорії булевих функцій, абстрактної алгебри; методи системи компютерної алгебри SageMath. У результаті цієї роботи запропоноване розширення відомої алгебраїчної атаки на спрощену версію потокового шифру SNOW2.0 на двійкові SNOW2.0-подiбнi потокові шифрів, яке у силу їх структури полягає у розробці алгоритму побудови системи рівнянь найменшого степеня, що описує нелінійну фунцію між регістрами пам’яті, яка може базуватися на будь-якому S'-блоці, та у способі створення системи рівнянь, рішення якої надасть змогу відновити початковий стан двійкового SNOW2.0-подiбного потокового шифру. Також представлена практична реалізація алгоритму побудови системи рівнянь найменшого степеня за допомогою системи компютерної алгебри SageMath.In this thesis, a detailed analysis was made of the existing algebraic attack on a simplified version of the stream cipher SNOW2.0 and the theoretical materials that are needed for its understanding, and based on this attack, an algorithm was proposed that allows the attack to be extended to any binary SNOW2.0-type stream ciphers. The theme of this thesis is an algebraic attack on binary SNOW2.0-type stream ciphers. The goal of this thesis is definition of parameters of systems of nonlinear boolean equations that influence the stability of ciphers relative to the specified algebraic attack on binary SNOW2.0-type stream ciphers. The task of this work is to generalize the well-known algebraic attack on the simplified version of SNOW2.0 to arbitrary binary SNOW2.0-type stream ciphers. The object of the research is the process of the mapping information in binary SNOW2.0-type stream ciphers. The subject of the research are properties of the components of encryption algorithms, which determine their resistance against algebraic attacks. Methods of research are methods of the theory of boolean functions, abstract algebra; methods of the system of computer algebra SageMath were used. As a result of this work, an extension of the known algebraic attack to the simplified version of the SNOW2.0 stream cipher is proposed on binary SNOW2.0-type stream ciphers, which, by their structure, consists in developing an algorithm for constructing a system of equations of the least degree describing a nonlinear function between registers of memory, which can be based on any S-block, and in a method for creating a system of equations, the solution of which will enable the initial state of the binary SNOW2.0-type stream cipher to be restored. The practical implementation of the algorithm for constructing a system of equates of the lowest degree using the system of the computer algebra SageMath is also presented.В данной работе сделан детальный анализ существующей алгебраической атаки на упрощенную версию поточного шифра SNOW2.0 и теоретических материалов, необходимые для её понимания, на основе этой атаки предложен алгоритм, позволяющий расширить эту атаку на любые двоичные SNOW2.0-подобные потоковые шифры. Тема работы: алгебраическая атака на двоичные SNOW2.0-подобные потоковые шифры. Цель работы: формирование условий, которые определяют стойкость двоичных SNOW2.0-подобных потоковых шифров относительно известных алгебраических атак. Задача работы: обобщить известную алгебраическую атаку на упрощенную версию SNOW2.0 на произвольные двоичные SNOW2.0-подобные потоковые шифры. Объект исследования: процесс преобразования информации в двоичных SNOW2.0-подобных потоковых шифрах. Предмет исследования: свойства компонент алгоритмов шифрования, определяющих их стойкость относительно алгебраических атак. Методы исследования: методы теории булевых функций, абстрактной алгебры; методы системы компьютерной алгебры SageMath. В результате этой работы предложено расширение известной алгебраической атаки на упрощенную версию потокового шифра SNOW2.0 на двоичные SNOW2.0-подобные потоковые шифры, которое в силу их структуры заключается в разработке алгоритма построения системы уравнений наименьшей степени, описывающая нелинейную фунцию между регистрами памяти, которая может базироваться на любом S -блоке, и в способе создания системы уравнений, решение которой позволит восстановить исходное состояние двоичного SNOW2.0-подобного потокового шифра. Также представлена практическая реализация алгоритма построения системы уравнений наименьшей степени с помощью системы компьтерной алгебры SageMath

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Implementation and analysis of the generalised new Mersenne number transforms for encryption

PhD ThesisEncryption is very much a vast subject covering myriad techniques to conceal and safeguard data and communications. Of the techniques that are available, methodologies that incorporate the number theoretic transforms (NTTs) have gained recognition, specifically the new Mersenne number transform (NMNT). Recently, two new transforms have been introduced that extend the NMNT to a new generalised suite of transforms referred to as the generalised NMNT (GNMNT). These two new transforms are termed the odd NMNT (ONMNT) and the odd-squared NMNT (O2NMNT). Being based on the Mersenne numbers, the GNMNTs are extremely versatile with respect to vector lengths. The GNMNTs are also capable of being implemented using fast algorithms, employing multiple and combinational radices over one or more dimensions. Algorithms for both the decimation-in-time (DIT) and -frequency (DIF) methodologies using radix-2, radix-4 and split-radix are presented, including their respective complexity and performance analyses. Whilst the original NMNT has seen a significant amount of research applied to it with respect to encryption, the ONMNT and O2NMNT can utilise similar techniques that are proven to show stronger characteristics when measured using established methodologies defining diffusion. Analyses in diffusion using a small but reasonably sized vector-space with the GNMNTs will be exhaustively assessed and a comparison with the Rijndael cipher, the current advanced encryption standard (AES) algorithm, will be presented that will confirm strong diffusion characteristics. Implementation techniques using general-purpose computing on graphics processing units (GPGPU) have been applied, which are further assessed and discussed. Focus is drawn upon the future of cryptography and in particular cryptology, as a consequence of the emergence and rapid progress of GPGPU and consumer based parallel processing

Policy-Driven Adaptive Protection Systems.

PhDThe increasing number and complexity of security attacks on IT infrastructure demands for the development of protection systems capable of dealing with the security challenges of today’s highly dynamic environments. Several converging trends including mobilisation, externalisation and collaboration, virtualisation, and cloud computing are challenging traditional silo approaches to providing security. IT security policies should be considered as being inherently dynamic and flexible enough to trigger decisions efficiently and effectively taking into account not only the current execution environment of a protection system and its runtime contextual factors, but also dynamically changing the security requirements introduced by external entities in the operational environment. This research is motivated by the increasing need for security systems capable of supporting security decisions in dynamic operational environments and advocates for a policy-driven adaptive security approach. The first main contribution of this thesis is to articulate the property of specialisation in adaptive software systems and propose a novel methodological framework for the realisation of policy-driven adaptive systems capable of specialisation via adaptive policy transformation. Furthermore, this thesis proposes three distinctive novel protection mechanisms, all three mechanisms exhibit adaptation via specialisation, but each one presenting its own research novelty in its respective field. They are: 1. A Secure Execution Context Enforcement based on Activity Detection; 2. Privacy and Security Requirements Enforcement Framework in Internet-Centric Services; 3. A Context-Aware Multifactor Authentication Scheme Based On Dynamic Pin. 3 Along with a comprehensive study of the state of the art in policy based adaptive systems and a comparative analysis of those against the main objectives of the framework this thesis proposes, these three protection mechanisms serve as a foundation and experimental work from which core characteristics, methods, components, and other elements are analysed in detail towards the investigation and the proposition of the methodological framework presented in this thesis

Current security trends in mobile networks

Diplomová práce je zaměřena na problematiku zabezpečení mobilních komunikačních systémů GSM a UMTS. V práci jsou popsány principy autentizace a šifrování obou mobilních systémů. Dále jsou uvedeny jednotlivé algoritmy používané k ověření totožnosti, generování klíčů a šifrování. Používané algoritmy jsou popsány včetně jejich slabin. V další části této práce jsou uvedeny známé útoky na systém GSM. V části práce zabývající se systémem UMTS jsou popsány algoritmy používané v tomto systému, které zvyšují zabezpečení přenášených dat a autentizace oproti systému GSM. Celý proces autentizace a šifrování je proto popsán samostatně. V poslední části je popsána tvorba programových modelů autentizace a šifrování v GSM a šifrování v UMTS. Tyto modely jsou realizovány v prostředí Matlab verze 2009b.This master's thesis deals with the issue of the security of GSM and UMTS mobile communication systems. In the thesis the principles of the authentication and encryption of both the mobile systems are described. Further, the constituent algorithms used for identity verification, key generation and encryption are mentioned. The commonly used algorithms are described along with their weaknesses. In the following part of this thesis, well-known attacks on GSM system are mentioned. In the part where UMTS system is dealt with one can find the algorithms used in this system to increase the security of transmitted data and authentication in comparison with GSM system. Therefore the whole process of authentication and encryption is described separately. In the last part the creation of programming models of authentication and encryption in GSM and encryption in UMTS is described. These models are created in the environment of Matlab version 2009b.

Performance Evaluation, Comparison and Improvement of the Hardware Implementations of the Advanced Encryption Standard S-box

The Advanced Encryption Standard (AES) is the most popular algorithm used in symmetric key cryptography. The efficient computation of AES is essential for many computing platforms. The S-box is the only nonlinear transformation step of the AES algorithm. Efficient implementation of the AES S-box is very crucial for AES hardware. The AES S-box could be implemented by using look-up table method or by using finite field arithmetic. The finite field arithmetic design approach to implement the AES S-box is superior in saving the hardware resources. The main objective of this thesis is to evaluate, compare and improve the hardware implementations of the forward, inverse and combined AES S-box in terms of area and/or delay. Both the composite field GF((2^4)^2) and the tower field GF(((2^2)^2)^2) are considered. Our first improvement is the optimization of the input and output linear mappings of the S- box in order to design a more compact circuit. Our second improvement aims at modifying the architecture of the S-box to achieve a higher speed. We used multiplication of the S-box input by an 8-bit binary field element to optimize the input and output transformation matrices of the S-box. A Matlab® search is then conducted to find more compact linear mappings for the S-box. We also modified the fast S-box architecture, in addition to optimizing and searching the extended linear input mappings to improve the speed of Reyhani et al. fast S-box. The improved fast S-box, Fast 3, is the fastest and most efficient (measured by area × delay) AES S-box available in the literature, up to our knowledge. We also improved the area and delay of the inversion circuit of the lightweight and fast S-boxes in [69], by slightly modifying the exponentiation block and designing a new subfield inverter block. The improved inversion circuit leads to a more compact and a faster lightweight S-box and it yields a lower area fast S-box. Moreover, we show that the “tech. XORs” concept proposed by Maximov et al. [54] to estimate the delay of the S-box is not accurate. We show how to use the logical effort method [74] instead to estimate and compare the delay of previous and improved S-boxes, regardless of the CMOS technology library used for the implementation. We verified all the codes at the RTL level using Mentor Graphics Modelsim®, by comparing against the legitimate S-box outputs. We synthesized the designs using STM 65nm CMOS standard cell library and we used VHDL coding as the design entry method to Synopsys Design Compiler®. The synthesis results confirm the lower area and / or delay of the improved S-box designs and match our space and timing analyses

Studies on high-speed hardware implementation of cryptographic algorithms

Cryptographic algorithms are ubiquitous in modern communication systems where they have a central role in ensuring information security. This thesis studies efficient implementation of certain widely-used cryptographic algorithms. Cryptographic algorithms are computationally demanding and software-based implementations are often too slow or power consuming which yields a need for hardware implementation. Field Programmable Gate Arrays (FPGAs) are programmable logic devices which have proven to be highly feasible implementation platforms for cryptographic algorithms because they provide both speed and programmability. Hence, the use of FPGAs for cryptography has been intensively studied in the research community and FPGAs are also the primary implementation platforms in this thesis. This thesis presents techniques allowing faster implementations than existing ones. Such techniques are necessary in order to use high-security cryptographic algorithms in applications requiring high data rates, for example, in heavily loaded network servers. The focus is on Advanced Encryption Standard (AES), the most commonly used secret-key cryptographic algorithm, and Elliptic Curve Cryptography (ECC), public-key cryptographic algorithms which have gained popularity in the recent years and are replacing traditional public-key cryptosystems, such as RSA. Because these algorithms are well-defined and widely-used, the results of this thesis can be directly applied in practice. The contributions of this thesis include improvements to both algorithms and techniques for implementing them. Algorithms are modified in order to make them more suitable for hardware implementation, especially, focusing on increasing parallelism. Several FPGA implementations exploiting these modifications are presented in the thesis including some of the fastest implementations available in the literature. The most important contributions of this thesis relate to ECC and, specifically, to a family of elliptic curves providing faster computations called Koblitz curves. The results of this thesis can, in their part, enable increasing use of cryptographic algorithms in various practical applications where high computation speed is an issue