Fast Public Key Cryptosystem Based On Matrix Rings

A public key cryptosystem is proposed, which is based on the assumption that finding the square root of an element in a large finite ring is computationally infeasible in the absence of a knowledge of the ring structure. The encryption and decryption operations are very fast, and the data expansion is 1:2.

Secure Routing with an Integrated Localized Key Management Protocol in MANETs

A routing protocol in a mobile ad hoc network (MANET) should be secure against both the outside attackers which do not hold valid security credentials and the inside attackers which are the compromised nodes in the network. The outside attackers can be prevented with the help of an efficient key management protocol and cryptography. However, to prevent inside attackers, it should be accompanied with an intrusion detection system (IDS). In this paper, we propose a novel secure routing with an integrated localized key management (SR-LKM) protocol, which is aimed to prevent both inside and outside attackers. The localized key management mechanism is not dependent on any routing protocol. Thus, unlike many other existing schemes, the protocol does not suffer from the key management - secure routing interdependency problem. The key management mechanism is lightweight as it optimizes the use of public key cryptography with the help of a novel neighbor based handshaking and Least Common Multiple (LCM) based broadcast key distribution mechanism. The protocol is storage scalable and its efficiency is confirmed by the results obtained from simulation experiments.

Criptografia: Da origem aos dias atuais

Esta pesquisa foi realizada com a intenção de motivar o estudo da criptografia, mostrando que a matemática e a comunicação estão presentes em diversos momentos, tanto no passado quanto no presente. Este trabalho mostra a origem da criptoanálise e toda a sua evolução dando ênfase nos mecanismos de codificação e decodificação através de exemplos práticos. Além disso, alguns métodos criptográficos são destacados como a cifra de substituição monoalfabética, a cifra de Vigenère, a criptografia RSA que é o método mais conhecido de criptografia de chave pública, as cifras de Hill, o método das transformações lineares e o método de Rabin, devido a sua grande importância para a evolução de sistemas computacionais e assinaturas digitais entre outros. Por fim, mostra-se a importância e a necessidade dos recursos criptográficos nos dias de hoje, na tentativa de impedir que hackers e pessoas que fazem mau uso do conhecimento matemático possam causar danos a sociedade, seja por uma simples mensagem ou até mesmo através de situações mais imprudentes como as transações bancárias indevidas

Hardware design of cryptographic accelerators

With the rapid growth of the Internet and digital communications, the volume of sensitive electronic transactions being transferred and stored over and on insecure media has increased dramatically in recent years. The growing demand for cryptographic systems to secure this data, across a multitude of platforms, ranging from large servers to small mobile devices and smart cards, has necessitated research into low cost, flexible and secure solutions. As constraints on architectures such as area, speed and power become key factors in choosing a cryptosystem, methods for speeding up the development and evaluation process are necessary. This thesis investigates flexible hardware architectures for the main components of a cryptographic system. Dedicated hardware accelerators can provide significant performance improvements when compared to implementations on general purpose processors. Each of the designs proposed are analysed in terms of speed, area, power, energy and efficiency. Field Programmable Gate Arrays (FPGAs) are chosen as the development platform due to their fast development time and reconfigurable nature. Firstly, a reconfigurable architecture for performing elliptic curve point scalar multiplication on an FPGA is presented. Elliptic curve cryptography is one such method to secure data, offering similar security levels to traditional systems, such as RSA, but with smaller key sizes, translating into lower memory and bandwidth requirements. The architecture is implemented using different underlying algorithms and coordinates for dedicated Double-and-Add algorithms, twisted Edwards algorithms and SPA secure algorithms, and its power consumption and energy on an FPGA measured. Hardware implementation results for these new algorithms are compared against their software counterparts and the best choices for minimum area-time and area-energy circuits are then identified and examined for larger key and field sizes. Secondly, implementation methods for another component of a cryptographic system, namely hash functions, developed in the recently concluded SHA-3 hash competition are presented. Various designs from the three rounds of the NIST run competition are implemented on FPGA along with an interface to allow fair comparison of the different hash functions when operating in a standardised and constrained environment. Different methods of implementation for the designs and their subsequent performance is examined in terms of throughput, area and energy costs using various constraint metrics. Comparing many different implementation methods and algorithms is nontrivial. Another aim of this thesis is the development of generic interfaces used both to reduce implementation and test time and also to enable fair baseline comparisons of different algorithms when operating in a standardised and constrained environment. Finally, a hardware-software co-design cryptographic architecture is presented. This architecture is capable of supporting multiple types of cryptographic algorithms and is described through an application for performing public key cryptography, namely the Elliptic Curve Digital Signature Algorithm (ECDSA). This architecture makes use of the elliptic curve architecture and the hash functions described previously. These components, along with a random number generator, provide hardware acceleration for a Microblaze based cryptographic system. The trade-off in terms of performance for flexibility is discussed using dedicated software, and hardware-software co-design implementations of the elliptic curve point scalar multiplication block. Results are then presented in terms of the overall cryptographic system.

Secure Key Generation from OFDM Subcarriers’ Channel Response

The ability to exchange keys between users is vital in any wireless based security system. A key generation technique exploits the randomness of the wireless channel is a promising alternative to existing key distribution techniques, e.g., public key cryptography. In this paper a secure key generation scheme based on the subcarriers’ channel responses in orthogonal frequencydivision multiplexing (OFDM) systems is proposed. We first implement a time-variant multipath channel with its channel impulse response modelled as a wide sense stationary (WSS) uncorrelated scattering random process and demonstrate that each subcarrier’s channel response is also a WSS random process. We then define the X% coherence time as the time required to produce an X% correlation coefficient in the autocorrelation function (ACF) of each channel tap, and find that when all the channel taps have the same Doppler power spectrum, all subcarriers’ channel responses has the same ACF as the channel taps. The subcarrier’s channel response is then sampled every X% coherence time and quantized into key bits. All the key sequences’ randomness is tested using National Institute of Standards and Technology (NIST) statistical test suite and the results indicate that the commonly used sampling interval as 50% coherence time cannot guarantee the randomness of the key sequence.

Secure key generation from OFDM subcarriers' channel responses

The ability to exchange keys between users is vital in any wireless based security system. A key generation technique which exploits the randomness of the wireless channel is a promising alternative to existing key distribution techniques, e.g., public key cryptography. In this paper, a secure key generation scheme based on the subcarriers' channel responses in orthogonal frequency-division multiplexing (OFDM) systems is proposed. We first implement a time-variant multipath channel with its channel impulse response modelled as a wide sense stationary (WSS) uncorrelated scattering random process and demonstrate that each subcarrier's channel response is also a WSS random process. We then define the X% coherence time as the time required to produce an X% correlation coefficient in the autocorrelation function (ACF) of each channel tap, and find that when all the channel taps have the same Doppler power spectrum, all subcarriers' channel responses has the same ACF as the channel taps. The subcarrier's channel response is then sampled every X% coherence time and quantized into key bits. All the key sequences' randomness is tested using National Institute of Standards and Technology (NIST) statistical test suite and the results indicate that the commonly used sampling interval as 50% coherence time cannot guarantee the randomness of the key sequence.

Key Generation from Wireless Channels: A Review

Key generation from the randomness of wireless channels is a promising alternative to public key cryptography for the establishment of cryptographic keys between any two users. This paper reviews the current techniques for wireless key generation. The principles, performance metrics and key generation procedure are comprehensively surveyed. Methods for optimizing the performance of key generation are also discussed. Key generation applications in various environments are then introduced along with the challenges of applying the approach in each scenario. The paper concludes with some suggestions for future studies.

Experimental Study on Channel Reciprocity in Wireless Key Generation

Key generation from wireless channels is a promising alternative to public key cryptography for the establishment of cryptographic keys. It is the first paper to experimentally study the channel reciprocity principle of key generation, through investigating and quantifying channel measurements' cross-correlation relationship affected by noise and non-simultaneous measurements. Channel measurements, both received signal strength and channel state information, are collected from a real experimental platform using the wireless open access research platform (WARP) in a multipath office room. We found that in a slow fading channel (e.g., with a coherence time of about 50~ms), the channel cross-correlation is impacted greatly by noise but little by non-simultaneous measurements with a small sampling time difference (e.g., 0.06 ms). The resolution of the sampling time difference can be satisfied by wireless systems such as IEEE 802.11 to maintain an acceptable cross-correlation coefficient without affecting the bandwidth and communication efficiency.

Modelling trust structures for public key infrastructures

The development of Public Key Infrastructures (PKIs) is highly desirable to support secure digital transactions and communications throughout existing networks. It is important to adopt a particular trust structure or PKI model at an early stage as this forms a basis for the PKI’s development. Many PKI models have been proposed but use only natural language descriptions. We apply a simple formal approach to describe the essential factors of a PKI model. Rule sets for some PKI models are given and can be used to distinguish and classify the different PKI models. Advantages for this approach with conglomerate PKIs, those that are built from multiple distinct PKI models, are discussed.

Further observations on certificateless public key encryption

Certificateless public key encryption can be classified into two types, namely, CLE and CLE † , both of which were introduced by Al-Riyami and Paterson in Asiacrypt 2003. Most works about certificateless public key encryption belong to CLE, where the partial secret key is uniquely determined by an entity’s identity. In CLE † , an entity’s partial secret key is not only determined by the identity information but also by his/her (partial) public key. Such techniques can enhance the resilience of certificateless public key encryption against a cheating KGC. In this paper, we first formalize the security definitions of CLE † . After that, we demonstrate the gap between the security model of CLE † and CLE, by showing the insecurity of a CLE † scheme proposed by Lai and Kou in PKC 2007. We give an attack that can successfully break the indistinguishability of their CLE † scheme, although their scheme can be proved secure in the security model of CLE. Therefore, it does not suffice to consider the security of CLE † in the security model of CLE. Finally, we show how to secure Lai-Kou’s scheme by providing a new scheme with the security proof in the model of CLE †

Security and reliability of LPDC based public-key cryptosystems

Security and reliability of LDPC based public-key cryptosystems are discussed and analysed. We study attacks on the cryptosystem when partial knowledge of one or more of the private key components and/or of the plaintext have been acquired.

Analysis of common attacks in public-key cryptosystems based on low-density parity-check codes

The security and reliability of a class of public-key cryptosystems against attacks by unauthorized parties, who had acquired partial knowledge of one or more of the private key components and/or of the message, were discussed. The standard statistical mechanical methods of dealing with diluted spin systems with replica symmetric considerations were analyzed. The dynamical transition which defined decryption success in practical situation was studied. The phase diagrams which showed the dynamical threshold as a function of the partial acquired knowledge of the private key were also presented.