970 resultados para certificate-based encryption
Resumo:
Now a days, email has become the most widely communication way in daily life. The main reason for using email is probably because of the convenience and speed in which it can be transmitted irrespective of geographical distances. To improve security and efficiency of email system, most of the email system adopt PKI and IBE encryption schemes. However, both PKI and IBE encryption schemes have their own shortcomings and consequently bring security issues to email systems. This paper proposes a new secure email system based on IBE which combines finger print authentication and proxy service for encryption and decryption
Resumo:
L'objectiu principal del projecte és l'estudi, la implementació d'algoritmes i protocols amb criptografia basada en la identitat. Aquesta o Identity Based Encryption (IBE) s'utilitza per simplificar el procés de comunicacions segures, com per exemple el correu electrònic. IBE permet a les polítiques de seguretat ser codificades directament sense la necessitat d'usar certificats. Aquests esquemes van ser proposats inicialment per A. Shamir a l'any 1984 i han estat objecte d'estudi per D. Boneh, S. Galbraith, etc. En aquest farem l'estudi dels emparellaments de Werl i Tate a través de l'algorisme de Miller, que ens permetrà implementar aquests emparellaments sobre corbes el·líptiques supersingulars.
Resumo:
Collaborative sharing of information is becoming much more needed technique to achieve complex goals in today's fast-paced tech-dominant world. Personal Health Record (PHR) system has become a popular research area for sharing patients informa- tion very quickly among health professionals. PHR systems store and process sensitive information, which should have proper security mechanisms to protect patients' private data. Thus, access control mechanisms of the PHR should be well-defined. Secondly, PHRs should be stored in encrypted form. Cryptographic schemes offering a more suitable solution for enforcing access policies based on user attributes are needed for this purpose. Attribute-based encryption can resolve these problems, we propose a patient-centric framework that protects PHRs against untrusted service providers and malicious users. In this framework, we have used Ciphertext Policy Attribute Based Encryption scheme as an efficient cryptographic technique, enhancing security and privacy of the system, as well as enabling access revocation. Patients can encrypt their PHRs and store them on untrusted storage servers. They also maintain full control over access to their PHR data by assigning attribute-based access control to selected data users, and revoking unauthorized users instantly. In order to evaluate our system, we implemented CP-ABE library and web services as part of our framework. We also developed an android application based on the framework that allows users to register into the system, encrypt their PHR data and upload to the server, and at the same time authorized users can download PHR data and decrypt it. Finally, we present experimental results and performance analysis. It shows that the deployment of the proposed system would be practical and can be applied into practice.
Resumo:
Bilinear pairings can be used to construct cryptographic systems with very desirable properties. A pairing performs a mapping on members of groups on elliptic and genus 2 hyperelliptic curves to an extension of the finite field on which the curves are defined. The finite fields must, however, be large to ensure adequate security. The complicated group structure of the curves and the expensive field operations result in time consuming computations that are an impediment to the practicality of pairing-based systems. The Tate pairing can be computed efficiently using the ɳT method. Hardware architectures can be used to accelerate the required operations by exploiting the parallelism inherent to the algorithmic and finite field calculations. The Tate pairing can be performed on elliptic curves of characteristic 2 and 3 and on genus 2 hyperelliptic curves of characteristic 2. Curve selection is dependent on several factors including desired computational speed, the area constraints of the target device and the required security level. In this thesis, custom hardware processors for the acceleration of the Tate pairing are presented and implemented on an FPGA. The underlying hardware architectures are designed with care to exploit available parallelism while ensuring resource efficiency. The characteristic 2 elliptic curve processor contains novel units that return a pairing result in a very low number of clock cycles. Despite the more complicated computational algorithm, the speed of the genus 2 processor is comparable. Pairing computation on each of these curves can be appealing in applications with various attributes. A flexible processor that can perform pairing computation on elliptic curves of characteristic 2 and 3 has also been designed. An integrated hardware/software design and verification environment has been developed. This system automates the procedures required for robust processor creation and enables the rapid provision of solutions for a wide range of cryptographic applications.
Resumo:
Bildbasierte Authentifizierung und Verschlüsselung: Identitätsbasierte Kryptographie (oft auch identity Based Encryption, IBE) ist eine Variation der asymmetrischen Schlüsselverfahren, bei der der öffentliche Schlüssel des Anwenders eine beliebig wählbare Zeichenfolge sein darf, die dem Besitzer offensichtlich zugeordnet werden kann. Adi Shamir stellte 1984 zunächst ein solches Signatursystem vor. In der Literatur wird dabei als öffentlicher Schlüssel meist die Email-Adresse oder eine Sozialversicherungsnummer genannt. Der Preis für die freie Schlüsselwahl ist die Einbeziehung eines vertrauenswürdigen Dritten, genannt Private Key Generator, der mit seinem privaten Generalschlüssel den privaten Schlüssel des Antragstellers generiert. Mit der Arbeit von Boneh und Franklin 2001 zum Einsatz der Weil-Paarbildung über elliptischen Kurven wurde IBE auf eine sichere und praktikable Grundlage gestellt. In dieser Arbeit wird nach einer allgemeinen Übersicht über Probleme und Lösungsmöglichkeiten für Authentifizierungsaufgaben im zweiten Teil als neue Idee der Einsatz eines Bildes des Anwenders als öffentlicher Schlüssel vorgeschlagen. Dazu wird der Ablauf der Schlüsselausgabe, die Bestellung einer Dienstleistung, z. B. die Ausstellung einer personengebundenen Fahrkarte, sowie deren Kontrolle dargestellt. Letztere kann offline auf dem Gerät des Kontrolleurs erfolgen, wobei Ticket und Bild auf dem Handy des Kunden bereitliegen. Insgesamt eröffnet sich dadurch die Möglichkeit einer Authentifizierung ohne weitere Preisgabe einer Identität, wenn man davon ausgeht, dass das Bild einer Person angesichts allgegenwärtiger Kameras sowieso öffentlich ist. Die Praktikabilität wird mit einer Implementierung auf der Basis des IBE-JCA Providers der National University of Ireland in Maynooth demonstriert und liefert auch Aufschluss auf das in der Praxis zu erwartende Laufzeitverhalten.
Resumo:
Nowadays due to the security vulnerability of distributed systems, it is needed mechanisms to guarantee the security requirements of distributed objects communications. Middleware Platforms component integration platforms provide security functions that typically offer services for auditing, for guarantee messages protection, authentication, and access control. In order to support these functions, middleware platforms use digital certificates that are provided and managed by external entities. However, most middleware platforms do not define requirements to get, to maintain, to validate and to delegate digital certificates. In addition, most digital certification systems use X.509 certificates that are complex and have a lot of attributes. In order to address these problems, this work proposes a digital certification generic service for middleware platforms. This service provides flexibility via the joint use of public key certificates, to implement the authentication function, and attributes certificates to the authorization function. It also supports delegation. Certificate based access control is transparent for objects. The proposed service defines the digital certificate format, the store and retrieval system, certificate validation and support for delegation. In order to validate the proposed architecture, this work presents the implementation of the digital certification service for the CORBA middleware platform and a case study that illustrates the service functionalities
Resumo:
La Criptografía Basada en la Identidad hace uso de curvas elípticas que satisfacen ciertas condiciones (pairingfriendly curves), en particular, el grado de inmersión de dichas curvas debe ser pequeño. En este trabajo se obtienen familias explicitas de curvas elípticas idóneas para este escenario. Dicha criptografía está basada en el cálculo de emparejamientos sobre curvas, cálculo factible gracias al algoritmo de Miller. Proponemos una versión más eficiente que la clásica de este algoritmo usando la representación de un número en forma no adyacente (NAF).
Resumo:
Cloud storage has rapidly become a cornerstone of many businesses and has moved from an early adopters stage to an early majority, where we typically see explosive deployments. As companies rush to join the cloud revolution, it has become vital to create the necessary tools that will effectively protect users' data from unauthorized access. Nevertheless, sharing data between multiple users' under the same domain in a secure and efficient way is not trivial. In this paper, we propose Sharing in the Rain – a protocol that allows cloud users' to securely share their data based on predefined policies. The proposed protocol is based on Attribute-Based Encryption (ABE) and allows users' to encrypt data based on certain policies and attributes. Moreover, we use a Key-Policy Attribute-Based technique through which access revocation is optimized. More precisely, we show how to securely and efficiently remove access to a file, for a certain user that is misbehaving or is no longer part of a user group, without having to decrypt and re-encrypt the original data with a new key or a new policy.
Resumo:
A phase-only encryption/decryption scheme with the readout based on the zeroth-order phase-contrast technique (ZOPCT), without the use of a phase-changing plate on the Fourier plane of an optical system based on the 4f optical correlator, is proposed. The encryption of a gray-level image is achieved by multiplying the phase distribution obtained directly from the gray-level image by a random phase distribution. The robustness of the encoding is assured by the nonlinearity intrinsic to the proposed phase-contrast method and the random phase distribution used in the encryption process. The experimental system has been implemented with liquid-crystal spatial modulators to generate phase-encrypted masks and a decrypting key. The advantage of this method is the easy scheme to recover the gray-level information from the decrypted phase-only mask applying the ZOPCT. An analysis of this decryption method was performed against brute force attacks. (C) 2009 Society of Photo-Optical Instrumentation Engineers. [DOI: 10.1117/1.3223629]
Resumo:
Human Computer Interaction (HCl) is to interaction between computers and each person. And context-aware (CA) is very important one of HCI composition. In particular, if there are sequential or continuous tasks between users and devices, among users, and among devices etc, it is important to decide the next action using right CA. And to take perfect decision we have to get together all CA into a structure. We define that structure is Context-Aware Matrix (CAM) in this article. However to make exact decision is too hard for some problems like low accuracy, overhead and bad context by attacker etc. Many researcher has been studying to solve these problems. Moreover, still it has weak point HCI using in safety. In this Article, we propose CAM making include best selecting Server in each area. As a result, moving users could be taken the best way.
Resumo:
Based on third order linear sequences, an improvement version of the Diffie-Hellman distribution key scheme and the ElGamal public key cryptosystem scheme are proposed, together with an implementation and computational cost. The security relies on the difficulty of factoring an RSA integer and on the difficulty of computing the discrete logarithm.
Resumo:
In this paper we propose a cryptographic transformation based on matrix manipulations for image encryption. Substitution and diffusion operations, based on the matrix, facilitate fast conversion of plaintext and images into ciphertext and cipher images. The paper describes the encryption algorithm, discusses the simulation results and compares with results obtained from Advanced Encryption Standard (AES). It is shown that the proposed algorithm is capable of encrypting images eight times faster than AES.
Resumo:
In symmetric block ciphers, substitution and diffusion operations are performed in multiple rounds using sub-keys generated from a key generation procedure called key schedule. The key schedule plays a very important role in deciding the security of block ciphers. In this paper we propose a complex key generation procedure, based on matrix manipulations, which could be introduced in symmetric ciphers. The proposed key generation procedure offers two advantages. First, the procedure is simple to implement and has complexity in determining the sub-keys through crypt analysis. Secondly, the procedure produces a strong avalanche effect making many bits in the output block of a cipher to undergo changes with one bit change in the secret key. As a case study, matrix based key generation procedure has been introduced in Advanced Encryption Standard (AES) by replacing the existing key schedule of AES. The key avalanche and differential key propagation produced in AES have been observed. The paper describes the matrix based key generation procedure and the enhanced key avalanche and differential key propagation produced in AES. It has been shown that, the key avalanche effect and differential key propagation characteristics of AES have improved by replacing the AES key schedule with the Matrix based key generation procedure
Resumo:
A chaotic encryption algorithm is proposed based on the "Life-like" cellular automata (CA), which acts as a pseudo-random generator (PRNG). The paper main focus is to use chaos theory to cryptography. Thus, CA was explored to look for this "chaos" property. This way, the manuscript is more concerning on tests like: Lyapunov exponent, Entropy and Hamming distance to measure the chaos in CA, as well as statistic analysis like DIEHARD and ENT suites. Our results achieved higher randomness quality than others ciphers in literature. These results reinforce the supposition of a strong relationship between chaos and the randomness quality. Thus, the "chaos" property of CA is a good reason to be employed in cryptography, furthermore, for its simplicity, low cost of implementation and respectable encryption power. (C) 2012 Elsevier Ltd. All rights reserved.
Resumo:
This article presents a solution to the problem of strong authentication, portable and expandable using a combination of Java technology and storage of X.509 digital certificate in Java cards to access services offered by an institution, in this case, the technology of the University of Panama, ensuring the authenticity, confidentiality, integrity and non repudiation.
