Remote Identification and Authentication for High Security Access in Multi User Systems

Transcript

1. Remote Identification and Authentication for High Security Access in Multi

   User Systems Professor Nikos G. Bardis, Eng., PhD. March 22, 2019 Hellenic Army Academy, Section of Mathematics and Engineering Sciences, Greece

2. Outline  Some History… Cloud & IoT Cyber Security Cyber

   War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation

3. MILCOM 1990 Communications and Radar (Data Bases, Networks, Programming…) MILCOM

   2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (C4I, Internet, web programming…) MILCOM 2010 Waveforms and Signal Processing, Networking Protocols and Performance, Cyber Security and Network Management, Systems Perspectives (Smart Devices, Cloud Systems, Cyber Security)

4. Information Field The other engagement Information

5. Internetworking: is the practice of connecting a computer network with

   other networks through the use of gateways that provide a common method of routing information packets between the networks. What could be connected to this network? Computers Mobile Phones Smart Grids/Smart City IP cameras and Home Appliances Wearable Technology (Smart Watches, Pacemakers, etc) Sensors (made possible by IoT) Distributed Robotics Introduction Interconnected Devices 5

6. Internetworking: is the practice of connecting a computer network with

   other networks through the use of gateways that provide a common method of routing information packets between the networks. What could be connected to this network? Computers IP cameras Mobile phones Pacemakers Others like Sensors (made possible by IoT) ARPANET SRI Utah UCSB UCLA Current Internet Structure What is Internetworking? Kaspersky Lab; Internet Map

7. Firewalls, IPSEC, VPN/tunneling Security Policies Intrusion Detection Systems (IDSs) Signature-Based

   IDS – Match all incoming traffic with signatures stored in a database. If a traffic matches, then its an attack (SNORT, BRO IDS). Anomaly-Based IDS – Learn accepted network behavior, then use this learned behavior to identify future behaviors that do not conform to this baseline. Firewall What about hacking ?

8. Outline  Some History… Cloud & IoT Cyber Security Cyber

   War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation

9. Security Issues 1. Confidentiality 2. Authentication 3. Integrity 4. Non-repudiation

   5. Availability

10. Connectivity-Its Security Issues  Smart Grid Cyber Attacks These Cyber

    attacks against grids could bring down whole grids, something that could even kill people if it happens in winter.  2015-cyber attack against Ukrainian utility company with malware (The Blackenergy Malware).  2016-another cyber attack against Ukraine's energy sector in Kiev.  Israel experienced a serious hack attack on its electrical grid in January 2016 10 Grant: “Cyber Security Techniques the SCADA Military Environment,” for three years

11. «Cyber attack is Casus Belli» «Cyber warfare in United States

    is apart of the American military strategy of Proactive Cyber Defence and the use of cyber warfare as o platform for attack.» «The new United States military strategy makes explicit that a cyber attack is casus belli just as a traditional act of war.»

12. Headlines of recent cyber attacks All Rights Reserved 2015 12

    Center for Information Networking and Telecommunications • Russian Hacking of DNC/RNC and threat of US retaliation • Yahoo huge security breach; Loss of data for one billion accounts 2016  Equifax Data Breach – 145.5 Million Accounts  Uber Data Breach – 57 Million Records  WannaCry Cyber Attack – 300,000 Systems  Stolen NSA Cyber Weapons  Yahoo! Makes History, Again – 3 Billion Accounts 2017 2018 • Facebook – 87 million records hacked . Sacks Fifth Ave & Lord & Taylor - 5 million accounts

13. • Experian (T-Mobile) – 15 million records • Donald Trump

    Hotels • Sony Entertainment • Ashley Madison – 37 million records – 10 thousand government officials • Office of Personal Management (OPM) – 22 million records • Anthem health care – 80 million records 2015 Headlines of recent cyber attacks (Continued)

14. Man in the Middle vs Authentication

15. Denial-of-service (DOS) Attack vs Availability Denial-of-Service (DoS) attacks are strategies

    that are often used for occupying the communication resources in order to prohibit the transmission of measurement and nor control signals and that cause a maximum possible deterioration of the system performance. The most dangerous type of DoS attacks is the distributed DoS (DDoS) also called coordinated attack, in which a large number of compromised machines are used to perform the DoS attack. Moreover, DDoS is frequently occurred due to the simplicity of creating it, low coast and its high impact on systems including the ability of completely disconnect an organization. It is shown that this attack could cause instability of power grids and it could produce long delay jitter on NCS packets.

16. Denial-of-service (DOS) Attack vs Integrity (Continued) The DoS attacks in

    radio frequency identification (RFID) system can be categorized based on the factors causing them as follows: 1) System Jamming: Electromagnetic jamming is done in this type to prohibit tags from communicating with readers. 2) Desynchronization Attack: It is destroying synchronization between the tag and the RFID reader causing a permanent disabling of the authentication capability of an RFID tag. 3) Tag Data Modification: Changing the data to a random number which cannot be identified by the reader. 4) Kill Command Attack: The attacker send a kill command with the hacked password causing a permanent disabling of the tag. 5) Random DoS Attack: Which is affecting the system by injecting short periods of noise signals

17. Inside Attack vs Confidentiality One important factor in Cyber Physical

    Systems - CPS security is that attacks might not only come from outside of the system but also from inside, such as from employees who do not need much additional knowledge about the target system. The knowledge that insiders often gives them unrestricted access to steal or modify data in the system or to deactivate that system. So, it is important to have a secure control system to maintain the stability of the system during such an attack.

18. Structure of Remote Systems of Information Services, Information and Computer

    Resources User 1 User 2 User n Internet SYSTEM

19. Multi User Systems Multiuser Systems Legitimate user Legitimate user Legitimate

    user Illegitimate user Illegitimate user Illegitimate user

20. Attacker Action on the identification protocol Viruses Dishonest personnel Reading

    the passwords of legitimate users IDENTIFICATION SYSTEM Legitimate user Data transmission channel Password selection Interception of passwords and repetition Substitution of legitimate user during the session password data

21. Threats From the Attacker Side, Controlling the Transmission Line User

    Line of Data exchange Active attack: User Ousting after Identification ( middle attack ) SYSTEM Passive attack: listening of cycles of exchange of the identifying information of the user for its reproduction

22. User identification information А Viruses Staff Other users Accessing system

    resources under the user name А System Administration Imitation the use of resources by the user А SYSTEM Subject Goal Threats from the Side of the System

23. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation

24.          

             h r n h r n r n h r n y k k k x x x f y k k k x x x f y k k k x x x f y y y Y k k k K x x x X ) ,..., , , ,..., , ( ) ,..., , , ,..., , ( ) ,..., , , ,..., , ( ,..., , ,..., , , ,..., , 2 1 2 1 2 2 1 2 1 2 1 2 1 2 1 1 2 1 2 1 2 1  Cryptographic Algorithm Message X Key K Cryptogram Y Forward cryptography Cryptographic Algorithm Message X Key K Cryptogram Y Reverse cryptography UNSOLVED MATHEMATICAL TASK SOLVE OF SYSTEM OF NONLINEAR BOOLEAN EQUATIONS UNSOLVED MATHEMATICAL NUMBER THEORY TASK Block Ciphers Stream Ciphers Hash- Algorithms Public key Algorithms DES, RC-6 RIJNDAEL A5, SNOW, SOBER SHA-1, RIPEMD-160 RSA, DSA, ECC Cryptography – The Main Tool for Security

25.          

                                                                 3 2 1 4 3 2 1 4 1 2 3 2 1 3 1 4 1 3 2 4 2 3 1 4 2 1 4 1 4 3 2 1 3 2 1 2 4 3 2 2 1 3 1 4 3 1 1 1 2 1 2 1 1 1 2 2 2 1 1 1 1 1 4 2 2 1 2 1 1 2 1 1 2 2 2 2 1 3 2 1 2 1 1 2 2 2 2 1 2 1 2 2 2 1 2 1 1 1 4 2 2 1 1 1 1 1 1 1 1 y y y y y y y y y k y y y y y y y y y y y y k y y y y y y y y y y y y x y y y y y y y y y y x k x x x x k x k x k k k x k x y k x x k k x x x k x k x k k y k x k x k x k x x x x x y k x x x x k x k x k k y Block Cipher 1 x 2 x 3 x 1  n x n x 1 y 2 y 3 y 1  n y n y 1 k 2 k 1  r k r k Cryptography – The Main Tool for Security (Continued)

26. Cryptography – The Main Tool for Security (Continued) UNSOLVED MATHEMATICAL

    TASK SOLVE OF SYSTEM OF NONLINEAR BOOLEAN EQUATIONS UNSOLVED MATHEMATICAL NUMBER THEORY TASK Block Ciphers Stream Ciphers Hash- Algorithms Public key Algorithms DES, RC-6 RIJNDAEL A5, SNOW, SOBER SHA-1, RIPEMD-160 RSA, DSA, ECC

27. In a practical level the Boolean functions are not being

    used only in public key algorithms that have as mathematical base an unsolved tasks of the number theory The main advantage of the Boolean functions in cryptography is considered to be the high efficiency at their calculation by software and hardware means. So, for algorithms with roughly the same cryptoresistance, that are based on the Boolean functions is executed thousands times faster than modern public key algorithms. Cryptography – The Main Tool for Security (Continued)

28. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation

29. Identification is one of the three base Problems of Information

    Security Information Security Protection from unauthorized data access via encryption Data Integrity: Digital Signature Technology /hashing Identification of remote subscribers

30. As for the other two base tasks of the information

    security, the effectiveness of identification is determined by a compromise between two criteria: by security level and by the volume of available resources which is required for the implementation of the security functions The efficiency of remote subscriber identification schemes Level of security Amount of computational resources required for the implementation of the security functions Efficiency of Remote Access

31. Existing schemes for identification of remote users Non strict identification

    based on using of invariable (const) passwords Strict identification based on the Zero Knowledge concept The major advantage: High speed of authentication The main disadvantage: Low security level The major advantage: High level of security The main disadvantage: existing realizations demand long processing times Identification of Remote Users

32. Cryptographically strict identification should provide protection: From external threats From

    internal threats THE CONCEPT OF "ZERO KNOWLEDGE" USER SYSTEM The mechanism for generating the "correct" session passwords The mechanism for checking the "correctness" of session passwords Session password The system itself is not capable of generating a "correct" session password The Concept of Zero Knowledge Identification

33. Zero-Knowledge Identification Tool for password generation User Tool for checking

    of user password legitimacy System Password The Concept of Zero Knowledge Identification (Continued)

34. User System Session password generation mechanism Irreversible mechanism for validating

    the password Session password 1/0 The Concept of Zero Knowledge Identification (Continued)

35. Existing Zero-Knowledge Identification Schemes FFSIS (Feige Fiat Shamir Identification Scheme)

    Guillou-Quisquater Identification Scheme Schnorr Identification Scheme Based on analytically insoluble mathematical problem of number theory, namely: discrete logarithmic calculations: find X given XE mod M = Y To reduce the possibility of solving the equation XE mod M = Y by trial, the word lengths of X, Y, M must be greater than or equal to 1024 The procedure for checking of user password legitimacy requires long processing times The necessity of several cycles of information exchange between system and users

36. Existing identification schemes that implement the concept of "zero knowledge"

    Feige Fiat Shamir Identification Scheme (FFSIS) Scheme Guillou-Quisquater Scheme Schnorr A2V mod M Basic computing operation AEBG mod M Number of exchanges in one session of identification 18 - 22 3 The Concept of Zero Knowledge Identification (Continued)

37. MAJOR FAILURE OF EXISTING SCHEMES OF IMPLEMENTATION ZERO-KNOWLEDGE IDENTIFICATION LOW

    IDENTIFICATION SPEED Use of complex multiplicative operations of modular arithmetic, which are performed on numbers of large length 1024 or 2018 Use to identify multiple cycles of data exchange between the user and the system CAUSES The Concept of Zero Knowledge Identification (Continued)

38. NECESSITY OF ACCELERATING ZERO-KNOWLEDGE IDENTIFICATION PROCEDURES The most effective means

    of countering the middle attack is multi repeated identification within the interaction session Increase the number of systems with remote access working in real time Rapid growth in the number of users of systems with remote access The Concept of Zero Knowledge Identification (Continued)

39. Choosing two prime numbers p and q Calculation m =

    p∙q Selection v and v-1 such way that: s2 mod m = v d2 mod m = v-1 v∙v-1 mod m =1 m and v - Public key s – Private key Exists d and s Zero Knowledge Identification Scheme: FFSIS: Private and Public key generation

40. Verifies y∙y∙v mod m= x Send y Subscriber System Randomly

    selected number r Calculates x = r ∙r mod m Send x to system Receives x Calculates y = r ∙ s mod m, Randomly generates bit b Send b Send r Verifies r ∙r mod m = x if b=1 if b=0 1   v s If subscriber possesses s that y2v mod m = ( r2 s2)v mod m=…=r2 v-1v mod m = r2 mod m= х Zero Knowledge Identification Scheme : FFSIS : Identification Procedure

41. Choosing two prime numbers p and q such that q

    being a factor of p-1 Choosing a such that a q mod p=1 Calculation v = a-s mod p p and v - Public key s - Private key Calculation -s = q-s Randomly choosing s<q Zero Knowledge Identification Scheme : Schnorr Identification Schemes:Private and Public Key Generation

42. Send y Subscriber System Randomly selected number r Calculates x

    = ar mod p Send x to system Receives x Calculates y = (r+s∙e) mod q Send e Verifies ay ∙ ve mod p= x Randomly generates number e Zero Knowledge Identification Scheme : Schnoor Identification Procedure Send y Subscriber System Randomly selected number r Calculates x = ar mod p Send x to system Receives x Calculates y = (r+s∙e) mod q Send e Verifies ay ∙ ve mod p= x Randomly generates number e

43. Choosing two prime numbers p and q J, m and

    v - Public key B - Private key Choosing B such that (J∙Bv) mod m =1 Calculation m = p∙q Choosing open password J Randomly choosing v Zero Knowledge Identification Scheme Guillou-Quisquater identification schemes: Private and Public Key Generation

44. Send D Subscriber System Randomly selected number r Calculates T

    = rv mod m Send T to system Receives T Calculates D = r∙Bd mod m Send d Verifies Dv∙ Jd mod m= T Randomly generates number d Zero Knowledge Identification Scheme : Guillou-Quisquater Identification Procedure

45. Basic Calculations for Zero Knowledge Identification Schemes Schnorr schemes Guillou-Quisquater

    schemes FFSIS A2V mod M AEBG mod M The high computational complexity of zero knowledge identification schemes is the main reason that limits there of utility Zero Knowledge Identification Scheme (Continued)

46. Possible Approaches of Zero Knowledge Identification Schemes Computational Complexity Decreasing

    Using of Precomputation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation Zero Knowledge Identification Scheme (Continued)

47. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation

48. Utilizing of Alternative Algebra Operation in which have Low Computational

    Complexity - Galois Fields Arithmetic Possible Approaches of Zero Knowledge Identification Schemes Computational Complexity Decreasing Using of Precomputation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation

49. Operation in Galois fields GF(2m) Widespread use in modern cryptosystem

    (Rijndael, Ellipse Curve Cryptosystems) Addition - XOR ( denoted as  ) Multiplication ( denoted as AB rem M) Multiplication without the inter-bit carry transfers ( denoted as AB) Calculation of the remainder of the division of the polynomial that corresponds to the number А by the polynomial corresponding to M (denoted as A rem M ) Exponentiation - (denoted as AE rem M) AE - exponentiation without carry: AE = А  А  ...  А

50. Basic Calculations for Zero Knowledge Identification Schemes Schnorr schemes Guillou-Quisquater

    schemes FFSIS A2V mod M AEBG mod M AAV rem M AEBG rem M Modification In Galois field algebra Galois Fields Arithmetic (Continued)

51. Choosing prime polynomial P(x) =xn+1+xn+…+x+1 and corresponding number m. For

    example for n=4: P(x)=x5+x4+1 and m=25 Arbitrarily choosing (n-1) bit length number  (=4) Choosing d and s by such way that: d  s =   m  1. ( d =9 and s =13) Calculating v-1 =s s rem m (v-1 =1313 rem 25=7) Calculating v=d  d rem m (v =9  9 rem 25=7 ) vv-1 rem m =1 m and v - Public key s - Private key Galois Fields Arithmetic Modified FFSIS: Private and Public key generation

52. Sent y Subscriber System Randomly selected number r (r =10)

    Calculates x = r r rem m (x = 1010 rem 25)=11 Sent x to system Receives x =11 Calculates y = r  s rem m, y = (10 13 rem 25=15) Randomly generates bit b Sent b Sent r Verifies r r rem m = x if b=1 Verifies yyv rem m= x ( 151514 rem 25= 11) if b=0 Galois Fields Arithmetic Modified FFSIS : Identification procedure

53. Choosing two prime polynomials P(x) and W(x) to which correspondent

    numbers p and w ( for example P(x)=x5+x4+1 and W(x)=x5+x+1, correspondently p=25 and w=19) Choosing q and a such that aq rem p=1 (q=10; a=46) Calculation v = a-s rem m ( v = 467 rem 443 =117 ) m and v – Public key s - Private key Calculation -s = q-s (-s=10-3=7 ) Randomly choosing s<q (s =3) Calculating m = pw ( m=2519=443) Galois Fields Arithmetic Modified Schnorr identification schemes: Private and Public Key Generation

54. Verifies ay ve rem m= x (465  11729 rem

    443= 85 ) Sent y=5 Subscriber System Randomly selected number r<q (r=8) Calculates x = ar rem m, (x = 468 rem 443=85) Sent x to system Receives x =85 Sent e =29 Randomly generates number e (e=29) Calculates y = (r +s∙e) mod q, (y = (8+329) mod 11=5) Galois Fields Arithmetic Modified Schnoor Identification procedure

55. J, m and v - public key B - private

    key Choosing B(B=39) such that (JBv ) rem m =1 (18395 rem 443=1) Choosing open password J (J=18) Randomly choosing v (v=5) Choosing two prime polynomials P(x) and W(x) to which correspondent numbers p and w ( for example P(x)=x5+x4+1 and W(x)=x5+x+1, correspondently p=25 and w=19) Calculating m = pw ( m=2519=443) Galois Fields Arithmetic Modified Guillou-Quisquater identification schemes: Private and Public Key Generation

56. Sent D =187 Subscriber System Randomly selected number r (r=22)

    Calculates T = rv rem m, (T = 225 rem 443=159) Sent T =159 Receives T =159 Calculates D = rBd rem m, (D = 223928 rem43=187) Sent d=28 Verifies DvJd rem m= T (18751828rem 443= 159 ) Randomly generates number d (d=28) Galois Fields Arithmetic Modified Guillou-Quisquater identification schemes: Identification procedure

57. The main potentialities of Galois fields arithmetic for decreasing of

    computational complexity of basic operation A2∙V mod m AE mod m Not necessity to carry processing The specific property of the square of the number A without carry This property states that “the even bits of the binary code are equal to zero and the odd bits are identical to those of the number А”. Galois Fields Arithmetic (Continued)

58. EXAMPE OF SQUARE OF 4-BIT LENGTH NUMBER WITHOUT CARRY A

    = a 0 + 2a 1 + 4a 2 + 8a 3 A  A = a 3 a 0 a 2 a 0 a 1 a 0 a 0 a 0 + a 3 a 1 a 2 a 1 a 1 a 1 a 0 a 1 a 3 a 2 a 2 a 2 a 1 a 2 a 0 a 2 a 3 a 3 a 2 a 3 a 1 a 3 a 0 a 3 a 3 a 3 0 a 2 a 2 0 a 1 a 1 0 a 0 a 0 А  А = a 0 + 4a 1 + 16a 2 + 64a 3 Galois Fields Arithmetic (Continued)

59. ORGANIZATION OF YYV rem m CALCULATION For Y=y1 +y2 ∙2+…+yn

    ∙2n-1, where y1 ,…,yn {0,1} according to property of the square of the number without carry: YY = y1 + y2 ∙4 + y3 ∙42 + …. + yn ∙4n-1 and YY V = y1 ∙V + y2 ∙4∙V + y3 ∙42∙V + …. + yn ∙4n-1∙V and YY V rem m = y1 ∙V rem m + y2 ∙4∙V rem m + …. + yn ∙4n-1∙V rem m Since V and m are components of public key it can consider as constants. It can be one time calculated and stored in table: T[1]= V T[2]= 4∙V rem m T[3]= 42∙V rem m … T[n]= 4n-1∙V rem m Than YY V rem m = y1 ∙T[1] + y2 ∙T[2] + …. + yn ∙T[n] Galois Fields Arithmetic (Continued)

60. Estimation of the Effectiveness Software Implementation Modified FFSIS in Galois

    Fields s =k/w w - processor bit length k - number bit length Time T B calculating Y2∙V mod m for Barret modular multiplication algorithm: T B  24∙(s2 + 2∙s)∙ ,  - processor cycle time Time T calculating YYV rem m for proposed organization: T  0.5∙k∙s∙

61. Relationship of the implementation time in software implementation of the

    original and modified FFSIS for k=1024 Processor Word length w Algorithm using the standard FFSIS approach for modular multiplication Classic:2T c /T Barrett : 2T B /T 8 12.3 12.3 16 6.3 6.2 32 3.3 3.2 64 1.8 1.7 Galois Fields Arithmetic (Continued)

62. Organization of the Exponentiation YE rem m in Galois Fields

    Calculation R = YE rem m j >= 0 e j = 1 R = 1 Basic exponentiation schema j = k R = RR rem m R = RY rem m Yes j = j -1 Yes if e j-1 =1 and e j = 1 R j+1 = R j 2 Y rem m if e j-1 =0 and e j = 1 R j+1 = R j 4 Y rem m if e j-2 =0 and e j-1 =0 and e j = 1 R j+1 = R j 8  Y rem m if e j-3 =0=e j-2 and e j-1 =0 and e j = 1 R j+1 = R j 16  Y rem m

63. Number of tables 2 3 5 8 7 6 4

    9 10 11 12  = Т0 /Te – coefficient of acceleration Results of Experimental Investigation of Exponentiation Acceleration Dependence of Number Tables Pre-computations

64. Relation between the implementation times for software of the original

    and modified Schnorr and Guillou- Quisquater for k=1024 Processor Bits T M / T m2 8 16 32 64 29 14.5 7.4 3.8 where T M - time for exponentiation AE mod m using Montgomery algorithm T m2 - time for exponentiation AE rem m in Galois field using 4 tables precomputations

65. Relation between the time for execution and the complexity of

    the scheme with hardware implementation of the arithmetic and logic addition (in packets for k=1024) Efficiency Criterion Carry scheme for the arithmetic adder Sequential Parallel Time T ASC /T XOR =4.5k (4608) Т APC / T XOR =1.5log 2 k (15) Complexity S ASC /S XOR =6 S APC /S XOR =6k2 (6144) where T ASC - actuation time for serial forming carry scheme T APC - actuation time for parallel forming carry scheme S ASC - number of logical elements for serial forming carry scheme S APC - number of logical elements for parallel forming carry scheme

66. Zero Knowledge Identification Schemes based on Boolean Transformation Possible Approaches

    of Zero Knowledge Identification Schemes Computational Complexity Decreasing Using of Precomputation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation

67. A Scheme for the Deployment of the Proposed Boolean Transformation

    for Zero-knowledge Identification (I) REGISTRATION Subscriber A System Random selection of the secret session passwords: X1 , X2 , ...., Xm Forming Boolean transformation FA (X), which is depended of the secret codes X1 , X2 , ...., Xm and UA Transmission of the formed transformation FA (X) and UA Storage of the secret codes X1 , X2 , ...., Xm Transmission of the established program for forming Boolean transformations F(X) and codes U Storage the description of the Boolean transformation FA (X) and code UA

68. A Scheme for the Deployment of the Proposed Boolean Transformation

    for Zero-knowledge Identification (II) IDENTIFICATION SESSION Subscriber A System Selection of one of the codes X  {X1 , X2 , ...., Xm }, and elimination from the set of secret codes Transmission of selected code X Reception of the code X and calculation of Y = F(X) If Y= UA then access to the resources is allowed and the reuse of X is blocked

69. X x1 x2 … xk xk+1 ,…,x2k x(h-1)k ,…,xn u1

    u2 … uk uk+1 ,…,u2k u(h-1)k ,…,un U Operation of diffusion and confluence 1 2 h 1 2 h 1 2 h Operation of nonlinear transformation confluence h

70. Comparative Estimation of the Time for Identification (program implementation on

    a 64- bit processor) FFSIS (Feige Fiat Shamir Identification Scheme) for length 1024 Proposed method of Identification for key length -256 and number of fragments h=8 Required number of cycles exchange 32 1 Time for processing of the user code for one cycle exchange The realization of Boolean transformation requires 512 commands One cycle is carried out 165 times more rapidly The fulfillment of 3 operations of modular multiplication requires 84864 commands The proposed method identification ensures a decrease by 5280 times of the identification time in comparison with FFSIS Experimental research it showed that a real acceleration of identification by 3 orders of magnitude

71. At the heart of any cryptographic transformation is an irreversible

    transformation, that is, a transformation for which it is analytically impossible to find the opposite Irreversible transformations of modular arithmetic Irreversible Boolean transformations ARE USED ADVANTAGES Algorithms RSA, El-Gamal, DSS Algorithms DES, Rijndael, Hash -SHA, Ripemd-160 High speed The possibility of constructing complex cryptographic structures Zero Knowledge Identification Schemes based on Irreversible Boolean Transformation

72. (Block Ciphers - ВС) Algorithm for encryption / decryption of

    a data block D fixed length using a single key K. ВС Key К С D ВС Key К С D D=R(C,K). Standardized cipher blocks certified by the relevant authorities: Rijndael, DES, MARS, Serpend C=F(D,K)

73. 1) The system send the user's identification code U 2)

    The user determines the number n Identification cycles 3) The user generates a random code pn - Session password on the last, n-th identification cycle. Index j is assigned a value n-1: j =n-1. 4) The user calculates qj = F( j |U, pj ), where j | U - Concatenation of the identification cycle number and identification code. 5) The user calculates pj-1 = F(pj , qj ) 6) Index increment j: j = j-1. If j>0, Then it returns to the re-execution step.4. 7) The user sends the code p0 to the system. 8) Session Password Codes p0 , p1 ,…,pn stored in user memory. Formal Description of the User Registration Procedure

74. User System BC j pj-1  R U U BC

    j =? j U pj-1 =? pj-1  U =?U BC BC j+1 U pj-+1 BC j U BC =? pj-1  pj  pj- Figure 1 – Structure of cryptographic transformations performed at the j- th session of user authentication Interaction of Authentication between System and Users

75. User Registration Procedure 1) The system formulates randomly the user

    authentication code U. 2) The system encrypts the code U with user public key Kuo : L = (U, Kuo ) where  - a public key algorithm like RSA, with Kuo – the public user key of algorithm , and sends to the user the code L. 3) The user receives from the system the code L and using his private key Kup restores the code U=-1(L, Kup ). 4) The user defines the number n that represents the sequence number of the authentication cycle. 5) The user produces the random session password pn at the end of the nth authentication cycle. The index j assumes the value n-1: j = n-1. 6) The user calculates qj = F( j|U, pj ), where j|U is the concatenation of the number of the authentication cycle and the authentication code U. 7) The user calculates pj-1 = F(pj , qj ) 8) The index j is decremented: j=j-1. If j>0, then return to step 6. 9) The user encrypts the code р0 using the key U: X = F(p0 , U) and sends the code X to the system. 10) The system according to the received code Х restores the code p0 : p0 =F(X,U) and saves it in memory.

76. jth Cycle of User Authentication Procedure 1) Upon the user's

    request, the system generates a random code R. This code together with the number j of the authentication cycle, previous session password pj-1 and code U encrypted by the system using as identification key U of user: D = F( j |R | U | pj-1 , U) and the received code D is sent to the user. 2) The user receives code D, decrypts it with private key U, restoring the values j , U , pj-1 , and R. 3) The user compares received codes j, U and pj-1 with the values that are stored in it: if j = j, U=U and pj-1 = pj-1 , then confirms that the system knows the codes U, j and pj-1 , thus ensuring interaction with the system. For synchronization of system and users authentication cycle: (a). If j  j , U U and pj-1  pj-1 , then the user does not interact with system and session authentication. If j j, U=U and pj-1 pj-1 , then the user interacts with the system, but the synchronization of the parameters has been lost. (b) To restore the synchronization of identification parameters, the user determines =1+max( j, j). Encrypts codes  and p with the key U: W=F(| p , U) and the received code W send to the system. Sets the identification session number j=+1. System upon receipt the code W restores the values  and p via the transformation F(W,U). Sets the identification session number j=+1 and pj-1 =p . After restoring the synchronization goes to step 4. The user generates the code Qj as XOR of jth session password pj and the random code selected by the system R: Qj = pj  R. The generated in this way code Qj sent it to the system. 4) The system restores the value jth session password pj : pj = Qj  R and calculates d = F( j|U, pj ). The system calculates =F(pj , d). If  = pj-1 , then the user authentication was successful and access to system resources is permitted.

77. Special Means for Resistant Against Middle Attack User send Sequences

    of code Fast identification System Controlled jth session with user BC u Pd send BC u Pj ==

78. Experiment Results of Comparing Performance Analysis Proposed Scheme and Knows

    Known Zero Knowledge Schemes Acceleration Level Software Implementation Hardware Implementation FFSIS 2.3 103 ~ 105 Guillou-Quisquater 2.8 103 ~ 105 Schnorr 3.1 103 ~ 105 The basic reason for achieved accelerating consist of changing of Algebraic basis: substitution modular arithmetic algebra by Boolean Algebra

79. Modular Arithmetic Operations for IoT and Cloud Applications Possible Approaches

    of Zero Knowledge Identification Schemes Computational Complexity Decreasing Using of Pre-computation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation

80. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation The proposed technique for modular exponentiation is based on performing simple operations on the user computational resources, shifting the complex operations to high performance cloud resources and operates by separating the procedure for modular exponentiation in two components. An algorithm for the software implementation of modular multiplication is proposed, which uses pre-computations with a constant modulus to reduce the computational load imposed upon the processor. The developed modular multiplication algorithm provides faster execution on low complexity hardware in comparison with the existing algorithms and is oriented towards the variable value of the modulus, especially with the software implementation on micro controllers and smart cards whose architectures include a small number of bits A potential attacker receives no information by intercepting the data existing in the cloud

81. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation Τhe mathematical basis of the majority of public key algorithms is the modular exponentiation operation AE mod M. In practice, using cryptography with a public key module M is part of the public key, E - is a component of the private key, and A - is an informational component. Hence, the objective of hacking is to obtain code E. The level of protection provided by such algorithms directly depends on the bit depth n of numbers used in the operation of the modular exponentiation. In most practical applications, bit depth is 1024, 2048 or 4096. Computational complexity of modular exponentiation is O(n2). This means that while doubling the bit depth of used numbers, the amount of computation increases by approximately four times. Thus, the computational complexity of the tests for exponent selection code is of the order O(2n). Ιncreasing of bit depth significantly slows down calculations, related to information security functions. This situation may be overcome by using computing resources of cloud systems for modular exponentiation, in such a manner that that when calculating the AE mod M, the secret exponent E code and the processed number A are not disclosed.

82. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation The basic modular arithmetic operation used within the context of information security algorithms is modular multiplication, i.e., the calculation R=AB mod M The assumptions that need to be made are: that the result R, coefficient A, multiplicand B and modulus M are n bit binary numbers, that the most significant bit of the modulus is equal to 1, i.e. 2n-1M 2n that the co-factors are lower than the modulus, i.e. A<M, B<M

83. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation It is also assumed that the operation of modular multiplication is performed on a k bit general purpose processor, microprocessor or micro-controller. Consequently, each one of the numbers which participate in the operation of modular multiplication can be represented in the form of s=n/k bit words:                   1 0 1 0 1 0 2 , 2 , 2 s j s j k j j s j k j j k j j m M b B a A where aj , bj , mj are k bit words and j0,…,s-1. R=AB mod M

84. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation Elementary arithmetic considerations show that the product of two k – bit numbers requires (2 ∙ k) – bits for its accurate representation. By denoting:  qm – the number of multiplications required  tm – the execution time needed for each command  qa – the number of additions required  ta - the execution time of each addition the estimate for computational complexity of the particular software implementation of the n bit modular multiplication is: a a m m t q t q    If ratio of the execution times for the multiplication and addition commands on the processor is w = tmul /ta ,, then the execution time of the modular multiplication can be represented as ) ( a m a q q w t   

85. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation Algorithm 1: Classical scheme for word-by-word Modular Multiplication. R=0; for(i=0; i<s; i++) Y=0; for (j=0; j<s; j++) Y+= (ai *bj )<<(j*k); R += Reduce(Y); if (i<s–1) B<<=k; Reduce(B); Reduce(R);         1 0 2 s i k i i j j b a B a The operation of multiplication is performed on a word-by-word basis. More specifically, the jth (j=0,… , s-1) of the k bit word of the coefficient aj is multiplied by shifting each of the s words of multiplicand in B. The obtained products, which are 2∙k bits long, are added, forming (n+k) bits, a result which is a partial representation of the product shown in Equation. Following this, the modular reduction of the partial expression is carried out, obtaining jth partial residual Rj = aj B mod M. The result of the modular multiplication R=AB mod M is formed as the sum of the modular reductions of the partial expression of the product: R=(R0 +R1 +…+Rs-1 )mod M.

86. Acceleration of Modular Multiplication in Information Security Τhe extensively popular

    RSA algorithm uses a complex procedure to obtain the three numbers d, e and M with lengths n between 1024 and 2048 bits that satisfy the identity AdeA The process of the coding of the block A of a certain message consists of the calculation of C=Ae mod M and the decoding of block A is realized with the calculation of A=Cd mod M The pair of numbers <d,M> composes the public key, while the pair <e,M> composes the private key

87. Acceleration of Modular Multiplication in Information Security One of the

    above keys, depending on the protocol that the RSA uses, is public while the other one is private. The analysis of the practical use of an RSA algorithm shows that the keys change relatively rarely so that with the use of the same key, tens of thousands of information blocks are processed. This makes it possible to consider that in the process of computational implementation, the RSA key and consequently the modulus are both in effect constant. Analogous reasoning can also be applied to a number of other standardized information security algorithms that are widely applied in practice.

88. Acceleration of Modular Multiplication in Information Security The fact that

    the modulus M is constant makes it possible to simplify the calculation of modular reduction in the multiplication process via the use of pre-computed results. Such pre- computations depend only on the value of the modulus M and therefore they may be carried out off-line and be recovered whenever there is a change of the modulus. The results of the pre-computations can be stored in the tabular form in main memory and are used repeatedly with each modular multiplication calculation. In the modular multiplication implementation, part of the computational resources is strictly used for the calculation of multiplication and the other part for the implementation of modular reduction

89. Acceleration of Modular Multiplication in Information Security

90. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation

91. Performance & Evaluation TABLE OF REQUIRED CALCULATIONS AND CYCLES TABLE

    OF RELATIONSHIP WITH AES 256

92. 1. Bardis, Nikos G., et al. "Methods for increasing the

    efficiency of the remote user authentication in integrated systems." Trends in Computer Science 12.1 (2003): 99-107. 2. Bardis, Nikolaos G., et al. "Two level efficient user authentication scheme." 4th IEEE International Conference on Digital Ecosystems and Technologies. IEEE, 2010. 3. Stavroulakis, P., Markovskyi, O. P., Bardis, N. G., & Doukas, N. (2011, December). Efficient zero—Knowledge identification based on one way Boolean transformations. In 2011 IEEE GLOBECOM Workshops (GC Wkshps) (pp. 275-280). IEEE. 4. Bardis, N. G., Markovskyi, O. P., Doukas, N., & Drigas, A. (2012, October). Fast implementation zero knowledge identification schemes using the Galois Fields arithmetic. In 2012 IX International Symposium on Telecommunications (BIHTEL) (pp. 1-6). IEEE. 5. Doukas, Nikolaos, Nikolaos Bardis, and Oleksandr P. Markovskyi. "Authentication and Integrity in Streaming Video Transmission." Mathematics and Computers in Science and Engineering Series 12 (2013). 6. Doukas, N., Drigas, A., Bardis, N. G., & Karadimas, N. V. (2013). Accessible secure information society applications via the use of optimised cryptographic calculations. Journal of Applied Mathematics and Bioinformatics, 3(4), 181. 7. Bardis, Nikolaos. "Secure, green implementation of modular arithmetic operations for IoT and cloud applications." Green IT Engineering: Components, Networks and Systems Implementation. Springer, Cham, 2017. 43-64. 8. Kolisnyk, M., Kharchenko, V., Piskachova, I., & Bardis, N. G. (2017). A Markov Model of IoT System Availability Considering DDoS Attacks and Energy Modes of Server and Router. In ICTERI (pp. 699-712). 9. Bardis, Nikolaos G., Nikolaos Doukas, and Oleksandr P. Markovskyi. "Zero-Knowledge Identification Method Based on Block Ciphers." 2017 International Conference on Control, Artificial Intelligence, Robotics & Optimization (ICCAIRO). IEEE, 2017. 10. Stavroulakis, P., Kolisnyk, M., Kharchenko, V., Doukas, N., Markovskyi, O. P., & Bardis, N. G. (2017, July). Reliability, Fault Tolerance and Other Critical Components for Survivability in Information Warfare. In International Conference on E-Business and Telecommunications (pp. 346-370). Springer, Cham. 11. Doukas, Nikolaos, Oleksandr P. Markovskyi, and Nikolaos G. Bardis. "Reliability, Fault Tolerance and Other Critical Components for Survivability in Information Warfare." E-Business and Telecommunications: 14th International Joint Conference, ICETE 2017, Madrid, Spain, July 24–26, 2017, Revised Selected Paper. Springer, 2019. REFERENCES