New models for efficient authenticated dictionaries

International audienceWe propose models for data authentication which take into account the behavior of the clients who perform queries. Our models reduce the size of the authenticated proof when the frequency of the query corresponding to a given data is higher. Existing models implicitly assume the frequency distribution of queries to be uniform, but in reality, this distribution generally follows Zipf's law. Our models better reflect reality and the communication cost between clients and the server provider is reduced allowing the server to save bandwidth. The obtained gain on the average proof size compared to existing schemes depends on the parameter of Zipf law. The greater the parameter, the greater the gain. When the frequency distribution follows a perfect Zipf's law, we obtain a gain that can reach 26%. Experiments show the existence of applications for which Zipf parameter is greater than 1, leading to even higher gains

Mecanisms and tools to secure remote access systems

Cette thèse a pour objet l'amélioration de la sécurité de systèmes à accès distant par l'utilisation d'outils cryptographiques. Elle s'applique en particulier aux applications de gestion de documents numériques pour leurs problématiques de communication, d'authentification et de gestion de droits. Contrairement aux approches classiques consistant à utiliser des moyens de protections ponctuels, nous proposons ici un ensemble d'outils conçu pour collaborer afin de renforcer la sécurité du système. La sécurisation des communications est réalisée grâce à la conception d'un protocole de communications sécurisée adapté aux applications distribuées. Les problématiques d'authentification ont donné lieu à l'élaboration de solutions permettant d'apporter un support cryptographique pour toutes modalités d'authentification. La gestion des droits fait l'objet d'un développement spécifique permettant d'associer des droits à des applications cryptographiques. Un point clé de ces réflexions est l'importance de l'accessibilité de ces outils de sécurité pour les utilisateurs du système. Cela a influé sur les propositions pour qu'elles perturbent le moins possible l'expérience utilisateur. Le résultat est l'intégration en un système global de différents outils et mécanismes apportant une sécurité complète à un système de gestion de documents numériques. Cette sécurité est basée sur des algorithmes cryptographiques afin de disposer de propriétés de sécurité prouvables et vérifiables. Comme support de ces mécanismes, une plate-forme de sécurité logicielle a été conçu pour fournir les outils cryptographiques de façon portable.This thesis' goal is the improvement of the security of remotely accessed systems with the use of cryptographic tools. Specifically it is applied to digital documents management software that raise issues in three fields~: communication, authentication and rights management. Unlike common approaches that involve the use of individual protections for these three fields, we offer a set of tools made to work together to improve the system's security. Securing communication is done thanks to a new secure communication protocol designed for distributed applications. Authentication issues led to the development of two tailored solutions providing cryptographic support to the application for any authentication method. Rights management is handled through new associations between a given access right and specific cryptographic applications. A key element of those solutions is the emphasis put on the usability of these secure tools. It swayed the development of our proposals toward more transparent solutions that would not disturb the user experience. As a result, we obtained a secure system made of these tools and mechanisms that work together to provide full and transparent security for a digital documents management software. This security is fully based on cryptographic algorithms to provide provable and verifiable security properties. As a supporting layer for these mechanisms, a secure software library was designed to provide all the required tools for cryptographic uses in a portable way

A New Secure Virtual Connector Approach for Communication within Large Distributed Systems

International audienceCommunicating entities in distributed systems and large scale applications require specific message exchange protocols which can be adjusted for multiple networks. Some secure networking protocols exist and provide different security properties. Such protocols include Transport Layer Security (TLS) and Secure Shell (SSH). We propose here a more specific approach for constructing a new model of distribution using connectors which implement a protocol as a support for securing exchanges over heterogeneous networks used for distributed applications. The Secure Virtual Connector (SVC) protocol provides enhanced security for exchanges between components of distributed applications. This protocol avoids existing shortcomings within existing secure communications protocols which have been designed to fit a wide variety of situations. This flexibility leads to potential vulnerabilities, most of which are avoidable. We consider here a full set of essential security properties for large distributed application such as confidentiality, authenticity, and a certain form of privacy. Other considerations include the use of heterogeneous networks, as well as the mobility of users using secure virtual connectors. The SVC protocol proposed here provides all the required security properties while keeping a low performance overhead which makes it efficient for both fixed and mobile networks. As such SVC is a suitable alternative to existing secure communication protocols

AN EFFICIENT PARALLEL ALGORITHM FOR SKEIN HASH FUNCTIONS

Recently, cryptanalysts have found collisions on the MD4, MD5, and SHA-0 algorithms; moreover, a method for finding SHA1 collisions with less than the expected calculus complexity has been published. The NIST [1] has thus decided to develop a new hash algorithm, so called SHA-3, which will be developed through a public competition [3]. From the set of accepted proposals for the further steps of the competition, we have decided to explore the design of an efficient parallel algorithm for the Skein [12] hash function family. The main reason for designing such an algorithm is to obtain optimal performances when dealing with critical applications which require efficiently tuned implementations on multi-core target processors. This preliminary work presents one of the first parallel implementation and associated performance evaluation of Skein available in the literature. To parallelize Skein we have used the tree hash mode in which we create one virtual thread for each node of the tree