|
|
Lattice-Based Cryptography on Constrained Devises
Shapoval, Vladyslav ; Dzurenda, Petr (referee) ; Ricci, Sara (advisor)
Tato diplomová práce prezentuje modifikovanou softwarovou implementaci podpisového schématu založeného na modulové mřížce Dilithium a jeho distribuované varianty DS2 pro mikrokontrolér ARM Cortex-M4. Dilithium je součástí sady CRYSTALS a byl vybrán NIST jako nový postkvantový podpisový standard. Tato práce se zaměřuje na snížení paměťové náročnosti obou algoritmů, aby byly více aplikovatelné na širší spektrum mikrokontrolérů a omezených zařízení. Oba podpisy byly optimalizovány pro běh na mikrokontroléru STM32 Cortex-M4. Na jedné straně Dilithium podpis prezentoval již optimalizovanou implementaci, která může běžet na mikrokontroléru. Proto jsme se zaměřili na přidání hardwarové akcelerace pro AES pro generování pseudonáhodných čísel během generování podpisu. Na druhé straně je podpis DS2 více paměťově náročný a navrhli jsme dva optimalizační přístupy přizpůsobené mikrokontroléru. Tyto optimalizace mají za cíl snížit spotřebu paměti při zachování bezpečnostní síly. Experimentální výsledky a bezpečnostní analýza demonstrují účinnost a praktičnost našich řešení. V důsledku naší práce jsme úspěšně vyvinuli nové verze jak Dilithium, tak DS2 s paměťovou spotřebou sníženou o více než 50\% a 90\%, respektive, ve srovnání s originálem.
|
|
|
Postquantum cryptography on FPGA
Győri, Adam ; Jedlička, Petr (referee) ; Smékal, David (advisor)
This work describes the post-quantum algorithm FrodoKEM, its hardware implementation in VHDL and software simulation of implementation, subsequent implementation of the implementation on the FPGA process system. The work describes the issue of postquantum cryptography and VHDL programming language used to describe the functionality of hardware. Furthermore, the work deals with the functional implementation and simulation of all parts of the algorithm. Specifically, these are parts, key generation, encapsulation, and decapsulation. Algorithm implementation and simulations were performed in the Vivado software simulation environment, created by Xilinx. Subsequently, the synthesis and implementation was performed and the Intellectual property block was designed, the key part of which covered the functionality of the NEXYS A7 FPGA board was not available. The last part of the work deals with the workflow algorithm for implementation on FPGA board NEXYS A7.
|
|
|
Securing narrowband wireless communication in licensed band
Kolaja, David ; Brychta, Josef (referee) ; Fujdiak, Radek (advisor)
Contemporary demand for mobile devices and development of devices in the Internet of Things is constantly increasing. This reality also raises concerns about security and privacy of ongoing communication. This is no exception for expanding scale of Low Powered Wide Area Network (LPWAN) devices which communicate over Narrowband IoT and the customer of such devices who has to rely on security of provider’s network to secure customer’s data. This security is effective only in operator’s network while there is no end-to-end encryption enabled. Therefore, this thesis deals with the analysis of NB-IoT communication and its possible end-to-end security proposal, which also provides elements of post-quantum algorithms. Last but not least, this thesis deals with application of this proposal on constrained device and evaluation of its effectivness of time, energy and memory demands.
|
|
|
Security and Privacy on Android Devices
Michalec, Pavol ; Dzurenda, Petr (referee) ; Malina, Lukáš (advisor)
The bachelor thesis is about Android security. The main goal is to get acquainted with the security and cryptographic features of Android OS and then implement the knowledge gained into file encryption application. The theoretical part will familiarize readers with the new security mechanisms in Android 6, 7 and 8. We will also be dealing with malware and other forms of Android OS attacks. In the practical part, we will evaluate the cryptographic capabilities of Android as well as compare several libraries and applications for cryptography. Finally, we create our own cryptographic application with support for symmetric, asymetric and post-quantum cryptography.
|
|
|
Post-quantum cryptography on constrained devices
Matula, Lukáš ; Dzurenda, Petr (referee) ; Malina, Lukáš (advisor)
In recent years, there has been a lot of technological development, which among other things, brings the designs and implementation of quantum computing. Using Shor’s algorithm for quantum computing, it is highly likely that the mathematical problems, which underlie the cryptographic systems, will be computed in polynomial time. Therefore, it is necessary to pay attention to the development of post-quantum cryptography, which is able to secure systems against quantum attacks. This work includes the summary and the comparison of different types of post-quantum cryptography, followed by measuring and analysing its levels of difficulty in order to implement them into limited devices, such as smart cards. The measured values on the PC are used to determine the most suitable implementation on the circuit card and then the verification method itself is implemented on it.
|
|
|
Modern Privacy-Preserving Cryptography Protocols
Hlučková, Pavla ; Dzurenda, Petr (referee) ; Malina, Lukáš (advisor)
This thesis examines the intersection of two modern and growing branches of cryptography, namely privacy enhancing technologies and post-quantum cryptography. It describes selected privacy enhancing schemes (PETs) and families of post-quantum cryptography. In more detail, it focuses on group signatures based on mathematical problems that are difficult or intractable for both conventional and quantum computers. Furthermore, the thesis surveys the state of the art and compares the efficiency of mentioned schemes based on available data. The main part of this thesis is an implementation of a hash-based group signature and its comparison with lattice-based and code-based group signature implementations which were obtained directly from cryptographers active in this field. The post-quantum group signatures are subsequently compared to classic group signature schemes implemented by using the libgroupsig library.
|
|
|
Post-Quantum Ciphers
Novosadová, Tatiana ; Ricci, Sara (referee) ; Hajný, Jan (advisor)
Národný inštitút pre štandardy a technológie (NIST) zahájil proces na získanie, vyhodnotenie a štandardizáciu jedného alebo viacerých kryptografických algoritmov využívajúcich verejný kľúč prostredníctvom verejnej súťaže. Cieľom tejto dimplomovej práce je naštudovať dostupné postkvantové algoritmy pre ustanovenie kľúča, ktoré boli zverejnené v treťom kole tejto súťaže. Po dôkladnej analýze a porovnaní bol jeden zo študovaných algoritmov implementovaný s využitím knižníc dostupných pre daný algoritmus, následne bol program optimalizovaný a zdokumentovaný.
|
|
|
Measuring Post-Quantum Cryptography on Mobile Platforms
Ramiš, Karel ; Malina, Lukáš (referee) ; Dobiáš, Patrik (advisor)
This work concerns itself with the issue of post-quantum cryptography, particularly its implementation and performance on mobile devices. As part of the work, a mobile application capable of performing basic steps of post-quantum cryptographic schemes and subsequently measuring selected parameters is created. Furthermore, an own version of the CRYSTALS-Kyber scheme for key encapsulation is developed and evaluated.
|
|
|
Ensuring Long-term Data Integrity in Cloud Storage
Nohava, Martin ; Člupek, Vlastimil (referee) ; Malina, Lukáš (advisor)
The subject of the thesis is the design and development of a system to ensure the long-term integrity of data from the Nextcloud cloud storage, which manages and stores electronic evidence. In the introductory part, the terms and principles used for securing data integrity are presented, including quantum-resistant digital signature schemes. Subsequently, the architecture of the archiving system and the method of its connection with the Nextcloud cloud storage are proposed. The resulting system consists of two main components, the Archive application, which extends the web interface of the Nextcloud instance, and the archiving system, which ensures the integrity of the archived files themselves. In addition to time stamps, system also uses a quantum-resistant Dilithium signature scheme. At the end of the work, an evaluation of the implemented solution is carried out by measuring the performance of the archiving system, and options for its further development are proposed.
|
|
|
Modular network communication using post-quantum cryptography
Kopecký, Samuel ; Malina, Lukáš (referee) ; Smékal, David (advisor)
Súčasné kryptografické primitíva, ktoré sú popísané na začiatku tejto práce budú prelomené budúcimi kvantovými počítačmi. Táto práca popisuje proces lámania súčasnej krypografie spolu so základným popisom kvantovej mechaniky, ktorá je kľúčom k funkčným kvantovým počítačom. Taktiež predstavuje dostupné riešenia, ako je postkvantová kryptografia. Konkrétnejšie je predstavená kryptografia založená na kódoch, hašoch mriežkach. Najpodrobnejšie je opísaná kryptografia založená na mriežkach a sú predstavené špecifické NIST štandardizované algoritmy – Kyber a Dilithium. Spolu s teoretickým popisom je poskytnutá implementácia pre obidve algoritmy a porovnanie s existujúcimi implementáciami v programovacom jazyku Go. Praktické využitie týchto algoritmov je realizované modulárnou kvantovo odolnou komunikačnou aplikáciou. Je schopná posielať ľubovoľné dáta cez kvantovo odolný zabezpečený kanál a je dobre prispôsobená univerzálnemu textovému rozhraniu UNIX systmémoch. Viac špecificky, aplikácia je schopná vymieňať súbory medzi dvoma používateľmi a tiež vytvárať terminálové používateľské rozhranie, s ktorým môžu používatelia komunikovať. Protokol, ktorý je zodpovedný za vytvorenie zabezpečeného kanála, je dobre definovaný v posledných kapitolách tejto práce. Modularita aplikácie tiež umožňuje používateľom odstrániť a/alebo pridať akýkoľvek mechanizmus výmeny kľúčov alebo digitálny podpis, ktoré sú zodpovedné za vytvorenie zabezpečeného kanála s veľmi malými zmenami kódu a dobrou integráciou do existujúcich komponentov aplikácie.
|
guest ::
