Threshold Signature of the On-line Certificate

Each member in the coalition checks the validity of the Config_Cert_Request message, looks
in its CRL and BL tables if no member of the coalition is malicious nor his public key is
revoked. If this holds, then each member starts the threshold signature protocol providing an
‘On-line Joint IP address and Public Key Certificate’ for the requester. The member of the
coalition with the lowest IP address will act as the combiner of the partial signatures, replies to
the requester by a Config_Cert_Reply message, and has in addition the task to inform all
nodes by a Config_Advert message that an IP address has been attributed to the node in
question. Then, all nodes increment its Requester Counter (RC) and delete this address from
the FAT and save it in the PAT. Hence, a new coming node will not have the possibility of
choosing this address.

If a malicious node has been discovered among the coalition members, a Config_Alert message
is sent to the honest members of the coalition and to the new joining node. This message
includes the list of approved malicious members and/or the list of approved revoked public
keys. The algorithm for this processing is shown in Figure 1.

The new joining node checks the correctness of this information by means of the On-line
Certificate Authority’s public key. Hence, it will be able to isolate the misbehaving nodes
(either the node sending the Config_Alert message or nodes appearing in this message).
Subsequently, the requester performs a new coalition selection while excluding the malicious
nodes

Figure 1:  Processing a certification request by a co-signer

Asymmetric Cryptography and Entity Recognition

Our CTK also supports traditional asymmetric (public-key) cryptographic signatures as yet
another possible technique for address authentication. Note that, unlike in the traditional
signature methods mentioned in the introduction, there is no need to bind the key to a
real-world identity – the key needs only to be bound to an email address the user has
already established a trusting relationship with. The creation of this trusting
relationship could take place in many different waysout of band, using a trust/risk
security framework as described in the next section, or using a CTK bootstrapping protocol
using C/R, which this time can be based on a cryptographic nonce challenge signed by the
receiver’s private key. The response must be signed by the sender’s private key and once
the bootstrapping is completed, it may be sufficient to rely on local checks of shared
hashes of past messages and not use challenge/response each time an email is received.
The extended sequence is described in Fig. 1.

Claim Tool Kit(CTK)

 

Fig. 1. Extended Newcomer Bootstrapping Sequence

By using a suitable trust-establishment protocol, effectively the requirement is changed
from the need to authenticate a realworld identity to the ability to recognise a
triggering entity for whom trust information can then be accessed. To allow for dynamic
enrolment of strangers and unknown entities (as it is required in the standard email system),
we have proposed an entity recognition (ER) process.

The ER process consists of four steps:
1. Triggering of the recognition mechanism.
2. Detective Work to recognize the entity using the available recognition scheme(s).
3. Discriminative Retention of information relevant for possible recall or recognition.
4. Upper-level Actions based on the outcome of recognition with a level of confidence in recognition.

Generally, in order to increase the level of confidence in whether it is a spoofing attack
or not, challenge/response, check of common hashes and signature verification as well as other
recognition/authentication schemes may be combined.

Power Analysis Attacks on Secure Embedded Systems

The power consumption of any hardware circuit (cryptographic ASICs or processors running
cryptographic software) is a function of the switching activity at the wires inside it.
Since the switching activity (and hence, power consumption) is data dependent, it is not
surprising that the key used in a cryptographic algorithm can be inferred from the power
consumption statistics gathered over a wide range of input data. These attacks are called
power analysis attacks and have been shown to be very effective in breaking embedded
systems such as smartcards. Power analysis attacks are categorized into two main classes:
Simple Power Analysis (SPA) attacks and Differential Power Analysis (DPA) attacks.

SPA attacks rely on the observation that in some systems, the power profile of
cryptographic computations can be directly used to reveal cryptographic information. For
example, Figure 1 shows the power consumption profile for an ASIC implementing the DES
algorithm. From the profile, one can easily identify the 16 rounds of the DES algorithm.
While SPA attacks have been useful in determining higher granularity information such as
the cryptographic algorithm used, the cryptographic operations being performed, etc.,
they require reasonably high resolution to reveal the cryptographic key directly. In
practice, SPA attacks have been found be useful in augmenting or simplifying brute-force
attacks. For example, it has been shown in that the brute-force search space for a SW DES
implementation on an 8-bit processor with 7 Bytes of key data can be reduced to 2^40 keys
from 2^56 keys with the help of SPA.

Figure 1: The power consumption profile of a custom hardware implementation
of the DES algorithm

DPA attacks employ statistical analysis to infer the cryptographic key from power
consumption data. These attacks use the notion of differential traces (difference between
traces) to overcome the disadvantages of measurement error and noise associated with SPA
techniques. DPA has been shown to be highly robust and effective in extracting keys from
several embedded systems, not limited to smartcards. Recent approaches such as enhance the
effectiveness of DPA attacks by providing techniques that improve the signal to noise
ratio. While the initial DPA attacks targeted DES implementations, DPA has also been used
to break public-key cryptosystems.

Encryption and Digital Signature

Digital signature

The process of digitally signing starts by taking a mathematical summary (called
a hash code) of the message. This hash code is a uniquely identifying digital
fingerprint of the message. If even a single bit of the message changes, the hash
code will dramatically change. The next step in creating a digital signature is to
sign the hash code with your private key. This signed hash code is then
appended to the message.

How is this a signature? Well, the recipient of your message can verify the hash
code sent by you, using your public key. At the same time, a new hash code can
be created from the received message and compared with the original signed
hash code. If the hash codes match, then the recipient has verified that the
message has not been altered. The recipient also knows that only you could
have sent the message because only you have the private key that signed the original
hash code.

Confidentiality and encryption

Once the electronic message is digitally signed, it can be encrypted using a highspeed
mathematical transformation with a key that will be used later to decrypt
the document. This is often referred to as a symmetric key system because the
same key is used at both ends of the process. As the message is sent over the
network, it is unreadable without the key. The next challenge is to securely
deliver the symmetric key to the bank.

Public-key cryptography for delivering symmetric keys

Public-key encryption is used to solve the problem of delivering the symmetric
encryption key to the bank in a secure manner. To do so, you would encrypt
the symmetric key using the receiver’s (Here Bank) public key. Since only the
receiver (Bank) has the corresponding private key, only the receiver will be able
to recover the symmetric key and decrypt the message.

Why use this combination of public-key and symmetric cryptography?

The reason is simple. Public-key cryptography is relatively slow and is only
suitable for encrypting small amounts of information – such as symmetric keys.
Symmetric cryptography is much faster and is suitable for encrypting large
amounts of information.

 

Limitations of Modern Cryptosystems

Before exploring quantum key distribution, it is important to understand the state
of modern cryptography and how quantum cryptography may address current
digital cryptography limitations. Since public key cryptography involves complex
calculations that are relatively slow, they are employed to exchange keys rather
than for the encryption of voluminous amounts of date. For example, widely
deployed solutions, such as the RSA and the Diffie-Hellman key negotiation
schemes, are typically used to distribute symmetric keys among remote parties.
However, because asymmetric encryption is significantly slower than symmetric
encryption, a hybrid approach is preferred by many institutions to take advantage
of the speed of a shared key system and the security of a public key system for
the initial exchange of the symmetric key. Thus, this approach exploits the speed
and performance of a symmetric key system while leveraging the scalability of a
public key infrastructure.

However, public key cryptosystems such as RSA and Diffie-Hellman are not
based on concrete mathematical proofs. Rather, these algorithms are
considered to be reasonably secure based on years of public scrutiny over the
fundamental process of factoring large integers into their primes, which is said to
be “intractable”. In other words, by the time the encryption algorithm could be
defeated, the information being protected would have already lost all of its value.
Thus, the power of these algorithms is based on the fact that there is no known
mathematical operation for quickly factoring very large numbers given today’s
computer processing power.

Secondly, there is uncertainty whether a theorem may be developed in the future
or perhaps already available that can factor large numbers into their primes in a
timely manner. At present, there is no existing proof stating that it is impossible
to develop such a factoring theorem. As a result, public key systems are thus
vulnerable to the uncertainty regarding the future creation of such a theorem,
which would have a significant affect on the algorithm being mathematical
intractable. This uncertainty provides potential risk to areas of national security
and intellectual property which require perfect security.

In sum, modern cryptography is vulnerable to both technological progress of
computing power and evolution in mathematics to quickly reverse one way
functions such as that of factoring large integers. If a factoring theorem were
publicized or computing became powerful enough to defeat public cryptography,
then business, governments, militaries and other affected institutions would have
to spend significant resources to research the risk of damage and potentially
deploy a new and costly cryptography system quickly.