Secure architectures for pairing based public key cryptography

Along with the growing demand for cryptosystems in systems ranging from large servers to mobile devices, suitable cryptogrophic protocols for use under certain constraints are becoming more and more important. Constraints such as calculation time, area, efficiency and security, must be considered by the designer. Elliptic curves, since their introduction to public key cryptography in 1985 have challenged established public key and signature generation schemes such as RSA, offering more security per bit. Amongst Elliptic curve based systems, pairing based cryptographies are thoroughly researched and can be used in many public key protocols such as identity based schemes. For hardware implementions of pairing based protocols, all components which calculate operations over Elliptic curves can be considered. Designers of the pairing algorithms must choose calculation blocks and arrange the basic operations carefully so that the implementation can meet the constraints of time and hardware resource area. This thesis deals with different hardware architectures to accelerate the pairing based cryptosystems in the field of characteristic two. Using different top-level architectures the hardware efficiency of operations that run at different times is first considered in this thesis. Security is another important aspect of pairing based cryptography to be considered in practically Side Channel Analysis (SCA) attacks. The naively implemented hardware accelerators for pairing based cryptographies can be vulnerable when taking the physical analysis attacks into consideration. This thesis considered the weaknesses in pairing based public key cryptography and addresses the particular calculations in the systems that are insecure. In this case, countermeasures should be applied to protect the weak link of the implementation to improve and perfect the pairing based algorithms. Some important rules that the designers must obey to improve the security of the cryptosystems are proposed. According to these rules, three countermeasures that protect the pairing based cryptosystems against SCA attacks are applied. The implementations of the countermeasures are presented and their performances are investigated.

Hardware processors for pairing-based cryptography

Bilinear pairings can be used to construct cryptographic systems with very desirable properties. A pairing performs a mapping on members of groups on elliptic and genus 2 hyperelliptic curves to an extension of the finite field on which the curves are defined. The finite fields must, however, be large to ensure adequate security. The complicated group structure of the curves and the expensive field operations result in time consuming computations that are an impediment to the practicality of pairing-based systems. The Tate pairing can be computed efficiently using the ɳT method. Hardware architectures can be used to accelerate the required operations by exploiting the parallelism inherent to the algorithmic and finite field calculations. The Tate pairing can be performed on elliptic curves of characteristic 2 and 3 and on genus 2 hyperelliptic curves of characteristic 2. Curve selection is dependent on several factors including desired computational speed, the area constraints of the target device and the required security level. In this thesis, custom hardware processors for the acceleration of the Tate pairing are presented and implemented on an FPGA. The underlying hardware architectures are designed with care to exploit available parallelism while ensuring resource efficiency. The characteristic 2 elliptic curve processor contains novel units that return a pairing result in a very low number of clock cycles. Despite the more complicated computational algorithm, the speed of the genus 2 processor is comparable. Pairing computation on each of these curves can be appealing in applications with various attributes. A flexible processor that can perform pairing computation on elliptic curves of characteristic 2 and 3 has also been designed. An integrated hardware/software design and verification environment has been developed. This system automates the procedures required for robust processor creation and enables the rapid provision of solutions for a wide range of cryptographic applications.

An investigation of implicit measurement techniques amongst low risk and forensic samples

There are difficulties with utilising self- report and physiological measures of assessment amongst forensic populations. This study investigates implicit based measures amongst sexual offenders, nonsexual offenders and low risk samples. Implicit measurement is a term applied to measurement methods that makes it difficult to influence responses through conscious control. The test battery includes the Implicit Association Test (IAT), Rapid Serial Visual Presentation (RSVP), Viewing Time (VT) and the Structured Clinical interview for disorders. The IAT proposes that people will perform better on a task when they depend on well-practiced cognitive associations. The RSVP task requires participants to identify a single target image that is presented amongst a series of rapidly presented visual images. RSVP operates on the premise that if two target images are presented within 500milliseconds of each other, the possibility that the participant will recognize the second target is significantly reduced when the first target is of salience to the individual. This is the attentional blink phenomenon. VT is based on the principle that people will look longer at images that are of salience. Results showed that on the VT task, child sexual offenders took longer to view images of children than low risk groups. Nude over clothed images induced a greater attentional blink amongst low risk and offending samples on the RSVP task. Sexual offenders took longer than low risk groups on word pairing tasks where sexual words were paired with adult words on the IAT. The SCID highlighted differences between the offending and non offending groups on the sub scales for personality disorders. More erotic stimulus items on the VT and RSVP measures is recommended to better differentiate sexual preference between offending and non offending samples. A pictorial IAT is recommended. Findings provide the basis for further development of implicit measures within the assessment of sexual offenders.