Oblivious transfer for secure communication

Over the past four decades, computational power and algorithmic strategies have advanced tremendously resulting in an enormous increase in the key sizes required for secure cryptosystems such as RSA. At the same time, the electronic devices have grown smaller and portable requiring algorithms running on them to be optimized in size and efficiency while providing security, at least, equivalent to that provided on a typical desktop computer. As a result, the industry is moving towards newer cryptosystems such as ECC and NTRU that are well suited for resource constrained environments. While, ECC claims to provide security equivalent to that of RSA for a fraction of key size, NTRU is inherently suited for embedded systems technology. However, implementation of new cryptosystems requires the development of protocols analogous to those developed using older cryptosystems. In this thesis, we fulfill a part of this requirement by providing protocols for Oblivious Transfer using ECC and NTRU. Oblivious Transfer, in turn, has applications in simultaneous contract signing, digital certified mail, simultaneous exchange of secrets, secure multiparty computations, private information retrieval, etc. Furthermore, we introduce the idea of basing Oblivious Transfer on public-key exchange protocols. The presentation in the thesis uses Diffie-Hellman Key Exchange, but the scheme is generalizable to any cryptosystem that has a public-key exchange strategy. In fact, our proposal may especially be suited for Quantum Cryptography where the security of key exchange protocols has been proven

Protection of Information and Communications in Distributed Systems and Microservices

Distributed systems have been a topic of discussion since the 1980s, but the adoption of microservices has raised number of system components considerably. With more decentralised distributed systems, new ways to handle authentication, authorisation and accounting (AAA) are needed, as well as ways to allow components to communicate between themselves securely. New standards and technologies have been created to deal with these new requirements and many of them have already found their way to most used systems and services globally. After covering AAA and separate access control models, we continue with ways to secure communications between two connecting parties, using Transport Layer Security (TLS) and other more specialised methods such as the Google-originated Secure Production Identity Framework for Everyone (SPIFFE). We also discuss X.509 certificates for ensuring identities. Next, both older time- tested and newer distributed AAA technologies are presented. After this, we are looking into communication between distributed components with both synchronous and asynchronous communication mechanisms, as well as into the publish/subscribe communication model popular with the rise of the streaming platform. This thesis also explores possibilities in securing communications between distributed endpoints and ways to handle AAA in a distributed context. This is showcased in a new software component that handles authentication through a separate identity endpoint using the OpenID Connect authentication protocol and stores identity in a Javascript object-notation formatted and cryptographically signed JSON Web Token, allowing stateless session handling as the token can be validated by checking its signature. This enables fast and scalable session management and identity handling for any distributed system

Digital certificates and threshold cryptography

This dissertation discusses the use of secret sharing cryptographic protocols for distributing and sharing of secret documents, in our case PDF documents. We discuss the advantages and uses of such a system in the context of collaborative environments. Description of the cryptographic protocol involved and the necessary Public Key Infrastructure (PKI) shall be presented. We also provide an implementation of this framework as a “proof of concept” and fundament the use of a certificate extension as the basis for threshold cryptography. Details of the shared secret distribution protocol and shared secret recovery protocol shall be given as well as the associated technical implementation details. The actual secret sharing algorithm implemented at this stage is based on an existing well known secret sharing scheme that uses polynomial interpolation over a finite field. Finally we conclude with a practical assessment of our prototype

The Complexity of Public-Key Cryptography

We survey the computational foundations for public-key cryptography. We discuss the computational assumptions that have been used as bases for public-key encryption schemes, and the types of evidence we have for the veracity of these assumptions. This survey/tutorial was published in the book Tutorials on the Foundations of Cryptography , dedicated to Oded Goldreich on his 60th birthday

Cryptology in the Crowd

Uhell skjer: Kanskje mistet du nøkkelen til huset, eller hadde PIN-koden til innbruddsalarmen skrevet på en dårlig plassert post-it lapp. Og kanskje endte de slik opp i hendene på feil person, som nå kan påføre livet ditt all slags ugagn: Sikkerhetssystemer gir ingen garantier når nøkler blir stjålet og PIN-koder lekket. Likevel burde naboen din, hvis nøkkel-og-PIN-kode rutiner er heller vanntette, kunne føle seg trygg i vissheten om at selv om du ikke evner å sikre huset ditt mot innbrudd, så forblir deres hjem trygt. Det er tilsvarende for kryptologi, som også lener seg på at nøkkelmateriale hemmeligholdes for å kunne garantere sikkerhet: Intuitivt forventer man at kjennskap til ett systems hemmelige nøkkel ikke burde være til hjelp for å bryte inn i andre, urelaterte systemer. Men det har vist seg overraskende vanskelig å sette denne intuisjonen på formell grunn, og flere konkurrerende sikkerhetsmodeller av varierende styrke har oppstått. Det blir dermed naturlig å spørre seg: Hvilken formalisme er den riktige når man skal modellere realistiske scenarioer med mange brukere og mulige lekkasjer? Eller: hvordan bygger man kryptografi i en folkemengde? Artikkel I begir seg ut på reisen mot et svar ved å sammenligne forskjellige flerbrukervarianter av sikkerhetsmodellen IND-CCA, med og uten evnen til å motta hemmelige nøkler tilhørende andre brukere. Vi finner et delvis svar ved å vise at uten denne evnen, så er noen modeller faktisk å foretrekke over andre. Med denne evnen, derimot, forblir situasjonen uavklart. Artikkel II tar et sidesteg til et sett relaterte sikkerhetsmodeller hvor, heller enn å angripe én enkelt bruker (ut fra en mengde av mulige ofre), angriperen ønsker å bryte kryptografien til så mange brukere som mulig på én gang. Man ser for seg en uvanlig mektig motstander, for eksempel en statssponset aktør, som ikke har problemer med å bryte kryptografien til en enkelt bruker: Målet skifter dermed fra å garantere trygghet for alle brukerne, til å gjøre masseovervåking så vanskelig som mulig, slik at det store flertall av brukere kan forbli sikret. Artikkel III fortsetter der Artikkel I slapp ved å sammenligne og systematisere de samme IND-CCA sikkerhetsmodellene med en større mengde med sikkerhetsmodeller, med det til felles at de alle modellerer det samme (eller lignende) scenarioet. Disse modellene, som går under navnene SOA (Selective Opening Attacks; utvalgte åpningsangrep) og NCE (Non-Committing Encryption; ikke-bindende kryptering), er ofte vesentlig sterkere enn modellene studert i Artikkel I. Med et system på plass er vi i stand til å identifisere en rekke hull i litteraturen; og dog vi tetter noen, etterlater vi mange som åpne problemer.Accidents happen: you may misplace the key to your home, or maybe the PIN to your home security system was written on an ill-placed post-it note. And so they end up in the hands of a bad actor, who is then granted the power to wreak all kinds of havoc in your life: the security of your home grants no guarantees when keys are stolen and PINs are leaked. Nonetheless your neighbour, whose key-and-pin routines leave comparatively little to be desired, should feel safe that just because you can’t keep your house safe from intruders, their home remains secured. It is likewise with cryptography, whose security also relies on the secrecy of key material: intuitively, the ability to recover the secret keys of other users should not help an adversary break into an uncompromised system. Yet formalizing this intuition has turned out tricky, with several competing notions of security of varying strength. This begs the question: when modelling a real-world scenario with many users, some of which may be compromised, which formalization is the right one? Or: how do we build cryptology in a crowd? Paper I embarks on the quest to answer the above questions by studying how various notions of multi-user IND-CCA compare to each other, with and without the ability to adaptively compromise users. We partly answer the question by showing that, without compromise, some notions of security really are preferable over others. Still, the situation is left largely open when compromise is accounted for. Paper II takes a detour to a related set of security notions in which, rather than attacking a single user, an adversary seeks to break the security of many. One imagines an unusually powerful adversary, for example a state-sponsored actor, for whom brute-forcing a single system is not a problem. Our goal then shifts from securing every user to making mass surveillance as difficult as possible, so that the vast majority of uncompromised users can remain secure. Paper III picks up where Paper I left off by comparing and systemizing the same security notions with a wider array of security notions that aim to capture the same (or similar) scenarios. These notions appear under the names of Selective Opening Attacks (SOA) and Non-Committing Encryption (NCE), and are typically significantly stronger than the notions of IND-CCA studied in Paper I. With a system in place, we identify and highlight a number of gaps, some of which we close, and many of which are posed as open problems.Doktorgradsavhandlin

An analysis of security protocols for lightweight systems

Mathematical Science

Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion

382 p.Libro ElectrónicoEach of us has been in the computing field for more than 40 years. The book is the product of a lifetime of observing and participating in the changes it has brought. Each of us has been both a teacher and a learner in the field. This book emerged from a general education course we have taught at Harvard, but it is not a textbook. We wrote this book to share what wisdom we have with as many people as we can reach. We try to paint a big picture, with dozens of illuminating anecdotes as the brushstrokes. We aim to entertain you at the same time as we provoke your thinking.Preface Chapter 1 Digital Explosion Why Is It Happening, and What Is at Stake? The Explosion of Bits, and Everything Else The Koans of Bits Good and Ill, Promise and Peril Chapter 2 Naked in the Sunlight Privacy Lost, Privacy Abandoned 1984 Is Here, and We Like It Footprints and Fingerprints Why We Lost Our Privacy, or Gave It Away Little Brother Is Watching Big Brother, Abroad and in the U.S. Technology Change and Lifestyle Change Beyond Privacy Chapter 3 Ghosts in the Machine Secrets and Surprises of Electronic Documents What You See Is Not What the Computer Knows Representation, Reality, and Illusion Hiding Information in Images The Scary Secrets of Old Disks Chapter 4 Needles in the Haystack Google and Other Brokers in the Bits Bazaar Found After Seventy Years The Library and the Bazaar The Fall of Hierarchy It Matters How It Works Who Pays, and for What? Search Is Power You Searched for WHAT? Tracking Searches Regulating or Replacing the Brokers Chapter 5 Secret Bits How Codes Became Unbreakable Encryption in the Hands of Terrorists, and Everyone Else Historical Cryptography Lessons for the Internet Age Secrecy Changes Forever Cryptography for Everyone Cryptography Unsettled Chapter 6 Balance Toppled Who Owns the Bits? Automated Crimes—Automated Justice NET Act Makes Sharing a Crime The Peer-to-Peer Upheaval Sharing Goes Decentralized Authorized Use Only Forbidden Technology Copyright Koyaanisqatsi: Life Out of Balance The Limits of Property Chapter 7 You Can’t Say That on the Internet Guarding the Frontiers of Digital Expression Do You Know Where Your Child Is on the Web Tonight? Metaphors for Something Unlike Anything Else Publisher or Distributor? Neither Liberty nor Security The Nastiest Place on Earth The Most Participatory Form of Mass Speech Protecting Good Samaritans—and a Few Bad Ones Laws of Unintended Consequences Can the Internet Be Like a Magazine Store? Let Your Fingers Do the Stalking Like an Annoying Telephone Call? Digital Protection, Digital Censorship—and Self-Censorship Chapter 8 Bits in the Air Old Metaphors, New Technologies, and Free Speech Censoring the President How Broadcasting Became Regulated The Path to Spectrum Deregulation What Does the Future Hold for Radio? Conclusion After the Explosion Bits Lighting Up the World A Few Bits in Conclusion Appendix The Internet as System and Spirit The Internet as a Communication System The Internet Spirit Endnotes Inde

Hardware design of cryptographic accelerators

With the rapid growth of the Internet and digital communications, the volume of sensitive electronic transactions being transferred and stored over and on insecure media has increased dramatically in recent years. The growing demand for cryptographic systems to secure this data, across a multitude of platforms, ranging from large servers to small mobile devices and smart cards, has necessitated research into low cost, flexible and secure solutions. As constraints on architectures such as area, speed and power become key factors in choosing a cryptosystem, methods for speeding up the development and evaluation process are necessary. This thesis investigates flexible hardware architectures for the main components of a cryptographic system. Dedicated hardware accelerators can provide significant performance improvements when compared to implementations on general purpose processors. Each of the designs proposed are analysed in terms of speed, area, power, energy and efficiency. Field Programmable Gate Arrays (FPGAs) are chosen as the development platform due to their fast development time and reconfigurable nature. Firstly, a reconfigurable architecture for performing elliptic curve point scalar multiplication on an FPGA is presented. Elliptic curve cryptography is one such method to secure data, offering similar security levels to traditional systems, such as RSA, but with smaller key sizes, translating into lower memory and bandwidth requirements. The architecture is implemented using different underlying algorithms and coordinates for dedicated Double-and-Add algorithms, twisted Edwards algorithms and SPA secure algorithms, and its power consumption and energy on an FPGA measured. Hardware implementation results for these new algorithms are compared against their software counterparts and the best choices for minimum area-time and area-energy circuits are then identified and examined for larger key and field sizes. Secondly, implementation methods for another component of a cryptographic system, namely hash functions, developed in the recently concluded SHA-3 hash competition are presented. Various designs from the three rounds of the NIST run competition are implemented on FPGA along with an interface to allow fair comparison of the different hash functions when operating in a standardised and constrained environment. Different methods of implementation for the designs and their subsequent performance is examined in terms of throughput, area and energy costs using various constraint metrics. Comparing many different implementation methods and algorithms is nontrivial. Another aim of this thesis is the development of generic interfaces used both to reduce implementation and test time and also to enable fair baseline comparisons of different algorithms when operating in a standardised and constrained environment. Finally, a hardware-software co-design cryptographic architecture is presented. This architecture is capable of supporting multiple types of cryptographic algorithms and is described through an application for performing public key cryptography, namely the Elliptic Curve Digital Signature Algorithm (ECDSA). This architecture makes use of the elliptic curve architecture and the hash functions described previously. These components, along with a random number generator, provide hardware acceleration for a Microblaze based cryptographic system. The trade-off in terms of performance for flexibility is discussed using dedicated software, and hardware-software co-design implementations of the elliptic curve point scalar multiplication block. Results are then presented in terms of the overall cryptographic system