|
|
Security of Contactless Smart Card Protocols
Henzl, Martin ; Rosa, Tomáš (referee) ; Staudek, Jan (referee) ; Hanáček, Petr (advisor)
Tato práce analyzuje hrozby pro protokoly využívající bezkontaktní čipové karty a představuje metodu pro poloautomatické hledání zranitelností v takových protokolech pomocí model checkingu. Návrh a implementace bezpečných aplikací jsou obtížné úkoly, i když je použit bezpečný hardware. Specifikace na vysoké úrovni abstrakce může vést k různým implementacím. Je důležité používat čipovou kartu správně, nevhodná implementace protokolu může přinést zranitelnosti, i když je protokol sám o sobě bezpečný. Cílem této práce je poskytnout metodu, která může být využita vývojáři protokolů k vytvoření modelu libovolné čipové karty, se zaměřením na bezkontaktní čipové karty, k vytvoření modelu protokolu a k použití model checkingu pro nalezení útoků v tomto modelu. Útok může být následně proveden a pokud není úspěšný, model je upraven pro další běh model checkingu. Pro formální verifikaci byla použita platforma AVANTSSAR, modely jsou psány v jazyce ASLan++. Jsou poskytnuty příklady pro demonstraci použitelnosti navrhované metody. Tato metoda byla použita k nalezení slabiny bezkontaktní čipové karty Mifare DESFire. Tato práce se dále zabývá hrozbami, které není možné pokrýt navrhovanou metodou, jako jsou útoky relay.
|
|
|
Side channel attack in cryptanalysis of symmetri and asymmetric schemes
Hlaváč, Martin ; Rosa, Tomáš (advisor) ; Klíma, Vlastimil (referee) ; Tůma, Jiří (referee)
The work summarizes author's three main results during the doctoral studies published at SAC '06 and CHES '09 conferences and the journal IET Information Security. The first two results are the side channel attacks on asymmetric schemes RSA and DSA. They are both based on the theory of lattices and are motivated by modern technologies such as Intel Pentium 4 HTT processor and the electronic passport. The last result is more technology related. It describes the method that provides optical side information and that was empoyed for the first time for the cryptanalytic purposes by the author. As an application, an attack on symmetric cipher AES running on a simple and widespread microcontroller PIC16F84A is presented.
|
|
|
Attacks based on side channels
Hlaváč, Martin ; Rosa, Tomáš (advisor) ; Tůma, Jiří (referee)
The work extends the Hidden Number Problem (HNP) introduced by Boneh and Venkatesan in 1996. HNP is to find an unknown integer if several approximations of its multiples modulo N are known. New method for solving an extension of HNP (EHNP) is elaborated, taking into account the ragmentation of the information on the multiples and on the hidden number itself, as well. A real scenario application of the approach is presented - the private DSA key is extracted with the knowledge of side information on 5 signing operations. Such an information can be obtained if the signatures are generated in the unsecured environment of a Pentium 4 processor with Hyper-Threading technology.
|
|
|
Side information based cryptanalysis
Primas, Martin ; Rosa, Tomáš (advisor) ; Jedlička, Přemysl (referee)
This thesis presents the side channel attack on implementation of RSA scheme where Montgomery multiplication and Chinese remainder theorem are used. The attack is based on already published Tomoeda`s attack that is studied more exactly in this thesis. Tomoeda`s attack is revised and especially the theoretical bound for probability of success of this attack is found. Next we provide new formal de nition used in searching for approximate greatest common divisors where well known LLL algorithm for searching for approximated shortest vector in lattices is used. Original connection between Tomoeda`s attack and algorithm for searching for approximate greatest common divisors is the main contribution of this work as the connection provide better attack on RSA scheme. In the last part we search for optimal connection of these algorithms and particular attacks are described.
|
|
|
Algebraic and combinatorial methods for the study of hash functions
Joščák, Daniel ; Tůma, Jiří (advisor) ; El Bashir, Robert (referee) ; Rosa, Tomáš (referee)
The work summarizes author's research during the doctoral studies in the field of hash functions. The first part of the thesis presents a generalised theory of equations built from two basic building blocks of cryptographic primitives: modular addition and eXclusive OR. In particular we study AX-equations of depth 1. The second and third sections were written after Wang's publication of collisions in MD5 and show that minor modifications of the hash function does not work. We present collisions in the 3C and 3C+ constructions of hash function suggested by Gauravaram and feedback ring-iterative structure by Su et al. The results were published at the conferences ICISC 2006 and SPI 2007. The last part presents a newly constructed type of collisions in MD5 with a newly proposed message differences. The result was published and presented at the conference Indocrypt 2008. Powered by TCPDF (www.tcpdf.org)
|
|
|
Side channel attack in cryptanalysis of symmetri and asymmetric schemes
Hlaváč, Martin ; Rosa, Tomáš (advisor) ; Klíma, Vlastimil (referee) ; Tůma, Jiří (referee)
The work summarizes author's three main results during the doctoral studies published at SAC '06 and CHES '09 conferences and the journal IET Information Security. The first two results are the side channel attacks on asymmetric schemes RSA and DSA. They are both based on the theory of lattices and are motivated by modern technologies such as Intel Pentium 4 HTT processor and the electronic passport. The last result is more technology related. It describes the method that provides optical side information and that was empoyed for the first time for the cryptanalytic purposes by the author. As an application, an attack on symmetric cipher AES running on a simple and widespread microcontroller PIC16F84A is presented.
|
|
|
Algebraic and combinatorial methods for the study of hash functions
Joščák, Daniel ; Tůma, Jiří (advisor) ; El Bashir, Robert (referee) ; Rosa, Tomáš (referee)
The work summarizes author's research during the doctoral studies in the field of hash functions. The first part of the thesis presents a generalised theory of equations built from two basic building blocks of cryptographic primitives: modular addition and eXclusive OR. In particular we study AX-equations of depth 1. The second and third sections were written after Wang's publication of collisions in MD5 and show that minor modifications of the hash function does not work. We present collisions in the 3C and 3C+ constructions of hash function suggested by Gauravaram and feedback ring-iterative structure by Su et al. The results were published at the conferences ICISC 2006 and SPI 2007. The last part presents a newly constructed type of collisions in MD5 with a newly proposed message differences. The result was published and presented at the conference Indocrypt 2008. Powered by TCPDF (www.tcpdf.org)
|
|
|
Postranní útok na RSA-CRT s využitím SFT algoritmu
Ruppeldtová, Ria ; Hlaváč, Martin (advisor) ; Rosa, Tomáš (referee)
The work deals with the side channel attack on RSA using Chinese Remainder Theorem and Montgomery multiplication. The core of the attack lies in finding a Significant Fourier Transform coefficient for appropriately chosen function. In the theoretical part the functionality of SFT algorithm is described and special properties of function coming from the side channel during Montgomery exponentiation in RSA signing are shown. Based on these results a new algorithm for finding a single significant coefficient is proposed. At the end of the work appropriate input parameters are explored and experimentally determined time results of algorithms are presented.
|
|
|
Side information based cryptanalysis
Primas, Martin ; Rosa, Tomáš (advisor) ; Jedlička, Přemysl (referee)
This thesis presents the side channel attack on implementation of RSA scheme where Montgomery multiplication and Chinese remainder theorem are used. The attack is based on already published Tomoeda`s attack that is studied more exactly in this thesis. Tomoeda`s attack is revised and especially the theoretical bound for probability of success of this attack is found. Next we provide new formal de nition used in searching for approximate greatest common divisors where well known LLL algorithm for searching for approximated shortest vector in lattices is used. Original connection between Tomoeda`s attack and algorithm for searching for approximate greatest common divisors is the main contribution of this work as the connection provide better attack on RSA scheme. In the last part we search for optimal connection of these algorithms and particular attacks are described.
|
|
|
Experimental verification and extension of Coppersmith's attack on RSA
Ruppeldtová, Ria ; Hlaváč, Martin (advisor) ; Rosa, Tomáš (referee)
Nazov prace: Expcriinenfahie ovoreuie a, rozsi'reuie Coppersmithovho litoku im RSA Autor: Ria Ruppeldtuva Katcdra: Katedra. algcbry Veduci bakalarskej prace: Mgr. Martin Hlavac c-rnail vcduccho: hlavrrilam@arta.x.karlin. mff.cuni.oz Abstrakt: Praca sa zaobera Coppersmithovym ulokoni na RSA a verejnym kiueom 3 a krafkym paddingom. Jadro utoku spociva v probleme bl'a- daiiia nialych koreiiov niodularnych pulyiioiuialnych roviiic s jedno\ ncxnarnoii. V tcorclickcj rasti pracc snu; popiaali a podrobuc dokazali How^rave-Graluuuovu inctijclu rie.scnia tohto problcirni, ktora jo zalo- /nrifi na trorii rnrinznk a algoritino TJJ;. V rxix'riincntaliK^ cast! sine; skumali inaxiinahiu dl/kn iia.pa.dmitchi{'hi) paddiiign a i)rczentovali nasc vyslodky. Tic uka/ujii, '/.( tconit.icky doka/ana inaxiinahia dl/ka paddin^u an.lisi od v praxi zistenoj rllzky Ion o niokoOiO bitov. Kl'ucova slova: Coppcnuitliov utok na RSA, male korcuu inodularnych polynoinialnyc'h rovin'c, mriozka. algoritmus LLL Title: Experimental verification and extension of Coppersmith's attack on RSA Author: Ria Ruppeldtova Department: D(^partiricint of Algebra, Supervisor: Mgr. Martin Illavac Supervisor's e-mail address: hlavinlam^iartax.karlin.mff.cuiii.c:/, Abstract: The work flrals with Coppersmith's attack on RSA with the public key equal to 3 and...
|
guest ::
