Authentication Using Lightweight Cryptography

Disertační práce se zabývá kryptografickými protokoly zajišťující zabezpečenou autentizaci komunikujících stran, jenž jsou určeny primárně pro implementaci na nízkonákladových zařízeních využívaných v Internetu věcí. Nízkonákladová zařízení představují výpočetně, paměťově a napěťově omezená zařízení. Práce se zaměřuje především na možnosti využití matematicky nenáročných kryptografických prostředků pro zajištění integrity, bezpečné autentizace a důvěrnosti přenášených dat na nízkonákladových zařízeních. Hlavní cíle práce se zaměřují na návrh nových pokročilých kryptografických protokolů zajišťující integritu přenášených dat, autentizaci, zabezpečený přenos dat mezi dvěma nízkonákladovými zařízeními a autentizaci s nepopiratelností uskutečněných událostí. Práce popisuje návrhy tří autentizačních protokolů, jednoho jednosměrného autentizačního protokolu a dvou obousměrných autentizačních protokolů. Práce také popisuje návrhy dvou protokolů pro zabezpečený přenos dat mezi dvěma zařízeními, jednoho bez potvrzení příjmu dat a jednoho s potvrzením příjmu dat. V práci je dále provedena bezpečnostní analýza a diskuze k navrženým protokolům.The dissertation thesis deals with cryptographic protocols for secure authentication of communicating parties, which are intended primarily for low-cost devices used in Internet of Things. Low-cost devices represent computationally, memory and power constrained devices. The thesis focuses mainly on the possibilities of using mathematically undemanding cryptographic resorces for ensuring integrity of transmitted dat, authenticity of and secured transmission of data on low-cost devices. The main goals of the thesis focus on the design of new advanced cryptographic protocols for ensuring integrity of transmitted data, authenticity, confidentiality of transmitted data between low-cost devices and authenticity with non-repudiation of done events. The thesis describes proposal of three authentication protocols, one unilateral authentication protocol and two mutual authentication protocols. The thesis also describes proposals of two protocols for secured transmission of data between two devices, one protocol without a proof of receipt data and one protocol with proof of receipt data. In this thesis is also performed a security analysis and a discussion to proposed protocols.

Contracting still matters! Or: How to design a letter of intent

Any cooperation that profits from relation-specific investments suffers from the well-known hold-up problem. If investments are not enforceable by an outside authority, the gains fall prey to individual opportunism caused by a free-rider problem. If, in addition, individual investments exhibit positive cross effects, Che and Hausch (1999) provide a negative result and show that contracts cannot overcome the hold up due to a lack of verifiable commitment. This paper develops a mechanism that provides such a commitment device: (1) It introduces an acknowledgement game that procures reliable. (2) It embeds the original contracting problem into two institutional designs - a market based one and a private design - that support enforcement. These two devices reestablish efficient investments as enforceable results of a contract.

A secure and private RFID authentication protocol based on quadratic residue

Radio Frequency IDentification based systems are getting pervasively deployed in many real-life applications in various settings for identification and authentication of remote objects. However, the messages that are transmitted over a insecure channel, are vulnerable to security and privacy concerns such as data privacy, location privacy of tag owner and etc. Recently, Yeh et al.'s proposed a RFID authentication protocol based on quadratic residue which is claimed to provide location privacy and prevent possible attacks. In this paper, we formally analyzed the protocol and we proved that the protocol provides destructive privacy according to Vaudenay privacy model. Moreover, we proposed a unilateral authentication protocol and we prove that our protocol satisfies higher privacy level such as narrow strong privacy. Besides, we proposed an enhanced version of our proposed protocol, which has same privacy level as Yeh at al protocol, but has reader authentication against stronger adversaries. Furthermore, the enhanced version of our protocol uses smaller number of cryptographic operations when compared to Yeh at al protocol and it is also cost efficient at the server and tag side and requires O(1) complexity to identify a RFID tag

FPGA based remote code integrity verification of programs in distributed embedded systems

The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems

The Paperless Letter of Credit and Related Documents of Title

A normative analysis of paperless letters of credit that will categorize the various transactions and delineate the boundaries and relative standing of the competing sets of rules is now appropriate. The analysis will suggest when an official rule is needed and what its character should be

Tampering in RFID: A Survey on Risks and Defenses

RFID is a well-known pervasive technology, which provides promising opportunities for the implementation of new services and for the improvement of traditional ones. However, pervasive environments require strong efforts on all the aspects of information security. Notably, RFID passive tags are exposed to attacks, since strict limitations affect the security techniques for this technology. A critical threat for RFIDbased information systems is represented by data tampering, which corresponds to the malicious alteration of data recorded in the tag memory. The aim of this paper is to describe the characteristics and the effects of data tampering in RFID-based information systems, and to survey the approaches proposed by the research community to protect against it. The most important recent studies on privacy and security for RFID-based systems are examined, and the protection given against tampering is evaluated. This paper provides readers with an exhaustive overview on risks and defenses against data tampering, highlighting RFID weak spots and open issues

Design and Analysis for RFID Authentication Protocol

Radio frequency identification (RFID) technology has been widely used in ubiquitous infrastructures. On the other hand, the low-cost RFID system has potential risks such as privacy and security problems, which would be a big barrier for the application. First of all, we analyze the current security protocols for the RFID system. To protect user privacy and remove security vulnerabilities, we propose a robust and privacy preserving mutual authentication protocol that is suitable for the low-cost RFID environment. Finally, the correctness of the proposed authentication protocol is proved by the BAN logic.published_or_final_versio