Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Remote Identification and Authentication for High Security Access in Multi User Systems

Remote Identification and Authentication for High Security Access in Multi User Systems

MACSPro'2019 - Modeling and Analysis of Complex Systems and Processes, Vienna
21 - 23 March 2019

Prof. Nikos G. Bardis

Conference website http://macspro.club/

Website https://exactpro.com/
Linkedin https://www.linkedin.com/company/exactpro-systems-llc
Instagram https://www.instagram.com/exactpro/
Twitter https://twitter.com/exactpro
Facebook https://www.facebook.com/exactpro/
Youtube Channel https://www.youtube.com/c/exactprosystems

Exactpro

March 22, 2019
Tweet

More Decks by Exactpro

Other Decks in Research

Transcript

  1. Remote Identification and Authentication for High Security Access in Multi

    User Systems Professor Nikos G. Bardis, Eng., PhD. March 22, 2019 Hellenic Army Academy, Section of Mathematics and Engineering Sciences, Greece
  2. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation
  3. MILCOM 1990 Communications and Radar (Data Bases, Networks, Programming…) MILCOM

    2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (C4I, Internet, web programming…) MILCOM 2010 Waveforms and Signal Processing, Networking Protocols and Performance, Cyber Security and Network Management, Systems Perspectives (Smart Devices, Cloud Systems, Cyber Security)
  4. Internetworking: is the practice of connecting a computer network with

    other networks through the use of gateways that provide a common method of routing information packets between the networks. What could be connected to this network? Computers Mobile Phones Smart Grids/Smart City IP cameras and Home Appliances Wearable Technology (Smart Watches, Pacemakers, etc) Sensors (made possible by IoT) Distributed Robotics Introduction Interconnected Devices 5
  5. Internetworking: is the practice of connecting a computer network with

    other networks through the use of gateways that provide a common method of routing information packets between the networks. What could be connected to this network? Computers IP cameras Mobile phones Pacemakers Others like Sensors (made possible by IoT) ARPANET SRI Utah UCSB UCLA Current Internet Structure What is Internetworking? Kaspersky Lab; Internet Map
  6. Firewalls, IPSEC, VPN/tunneling Security Policies Intrusion Detection Systems (IDSs) Signature-Based

    IDS – Match all incoming traffic with signatures stored in a database. If a traffic matches, then its an attack (SNORT, BRO IDS). Anomaly-Based IDS – Learn accepted network behavior, then use this learned behavior to identify future behaviors that do not conform to this baseline. Firewall What about hacking ?
  7. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation
  8. Connectivity-Its Security Issues  Smart Grid Cyber Attacks These Cyber

    attacks against grids could bring down whole grids, something that could even kill people if it happens in winter.  2015-cyber attack against Ukrainian utility company with malware (The Blackenergy Malware).  2016-another cyber attack against Ukraine's energy sector in Kiev.  Israel experienced a serious hack attack on its electrical grid in January 2016 10 Grant: “Cyber Security Techniques the SCADA Military Environment,” for three years
  9. «Cyber attack is Casus Belli» «Cyber warfare in United States

    is apart of the American military strategy of Proactive Cyber Defence and the use of cyber warfare as o platform for attack.» «The new United States military strategy makes explicit that a cyber attack is casus belli just as a traditional act of war.»
  10. Headlines of recent cyber attacks All Rights Reserved 2015 12

    Center for Information Networking and Telecommunications • Russian Hacking of DNC/RNC and threat of US retaliation • Yahoo huge security breach; Loss of data for one billion accounts 2016  Equifax Data Breach – 145.5 Million Accounts  Uber Data Breach – 57 Million Records  WannaCry Cyber Attack – 300,000 Systems  Stolen NSA Cyber Weapons  Yahoo! Makes History, Again – 3 Billion Accounts 2017 2018 • Facebook – 87 million records hacked . Sacks Fifth Ave & Lord & Taylor - 5 million accounts
  11. • Experian (T-Mobile) – 15 million records • Donald Trump

    Hotels • Sony Entertainment • Ashley Madison – 37 million records – 10 thousand government officials • Office of Personal Management (OPM) – 22 million records • Anthem health care – 80 million records 2015 Headlines of recent cyber attacks (Continued)
  12. Denial-of-service (DOS) Attack vs Availability Denial-of-Service (DoS) attacks are strategies

    that are often used for occupying the communication resources in order to prohibit the transmission of measurement and nor control signals and that cause a maximum possible deterioration of the system performance. The most dangerous type of DoS attacks is the distributed DoS (DDoS) also called coordinated attack, in which a large number of compromised machines are used to perform the DoS attack. Moreover, DDoS is frequently occurred due to the simplicity of creating it, low coast and its high impact on systems including the ability of completely disconnect an organization. It is shown that this attack could cause instability of power grids and it could produce long delay jitter on NCS packets.
  13. Denial-of-service (DOS) Attack vs Integrity (Continued) The DoS attacks in

    radio frequency identification (RFID) system can be categorized based on the factors causing them as follows: 1) System Jamming: Electromagnetic jamming is done in this type to prohibit tags from communicating with readers. 2) Desynchronization Attack: It is destroying synchronization between the tag and the RFID reader causing a permanent disabling of the authentication capability of an RFID tag. 3) Tag Data Modification: Changing the data to a random number which cannot be identified by the reader. 4) Kill Command Attack: The attacker send a kill command with the hacked password causing a permanent disabling of the tag. 5) Random DoS Attack: Which is affecting the system by injecting short periods of noise signals
  14. Inside Attack vs Confidentiality One important factor in Cyber Physical

    Systems - CPS security is that attacks might not only come from outside of the system but also from inside, such as from employees who do not need much additional knowledge about the target system. The knowledge that insiders often gives them unrestricted access to steal or modify data in the system or to deactivate that system. So, it is important to have a secure control system to maintain the stability of the system during such an attack.
  15. Multi User Systems Multiuser Systems Legitimate user Legitimate user Legitimate

    user Illegitimate user Illegitimate user Illegitimate user
  16. Attacker Action on the identification protocol Viruses Dishonest personnel Reading

    the passwords of legitimate users IDENTIFICATION SYSTEM Legitimate user Data transmission channel Password selection Interception of passwords and repetition Substitution of legitimate user during the session password data
  17. Threats From the Attacker Side, Controlling the Transmission Line User

    Line of Data exchange Active attack: User Ousting after Identification ( middle attack ) SYSTEM Passive attack: listening of cycles of exchange of the identifying information of the user for its reproduction
  18. User identification information А Viruses Staff Other users Accessing system

    resources under the user name А System Administration Imitation the use of resources by the user А SYSTEM Subject Goal Threats from the Side of the System
  19. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation
  20.          

             h r n h r n r n h r n y k k k x x x f y k k k x x x f y k k k x x x f y y y Y k k k K x x x X ) ,..., , , ,..., , ( ) ,..., , , ,..., , ( ) ,..., , , ,..., , ( ,..., , ,..., , , ,..., , 2 1 2 1 2 2 1 2 1 2 1 2 1 2 1 1 2 1 2 1 2 1  Cryptographic Algorithm Message X Key K Cryptogram Y Forward cryptography Cryptographic Algorithm Message X Key K Cryptogram Y Reverse cryptography UNSOLVED MATHEMATICAL TASK SOLVE OF SYSTEM OF NONLINEAR BOOLEAN EQUATIONS UNSOLVED MATHEMATICAL NUMBER THEORY TASK Block Ciphers Stream Ciphers Hash- Algorithms Public key Algorithms DES, RC-6 RIJNDAEL A5, SNOW, SOBER SHA-1, RIPEMD-160 RSA, DSA, ECC Cryptography – The Main Tool for Security
  21.          

                                                                 3 2 1 4 3 2 1 4 1 2 3 2 1 3 1 4 1 3 2 4 2 3 1 4 2 1 4 1 4 3 2 1 3 2 1 2 4 3 2 2 1 3 1 4 3 1 1 1 2 1 2 1 1 1 2 2 2 1 1 1 1 1 4 2 2 1 2 1 1 2 1 1 2 2 2 2 1 3 2 1 2 1 1 2 2 2 2 1 2 1 2 2 2 1 2 1 1 1 4 2 2 1 1 1 1 1 1 1 1 y y y y y y y y y k y y y y y y y y y y y y k y y y y y y y y y y y y x y y y y y y y y y y x k x x x x k x k x k k k x k x y k x x k k x x x k x k x k k y k x k x k x k x x x x x y k x x x x k x k x k k y Block Cipher 1 x 2 x 3 x 1  n x n x 1 y 2 y 3 y 1  n y n y 1 k 2 k 1  r k r k Cryptography – The Main Tool for Security (Continued)
  22. Cryptography – The Main Tool for Security (Continued) UNSOLVED MATHEMATICAL

    TASK SOLVE OF SYSTEM OF NONLINEAR BOOLEAN EQUATIONS UNSOLVED MATHEMATICAL NUMBER THEORY TASK Block Ciphers Stream Ciphers Hash- Algorithms Public key Algorithms DES, RC-6 RIJNDAEL A5, SNOW, SOBER SHA-1, RIPEMD-160 RSA, DSA, ECC
  23. In a practical level the Boolean functions are not being

    used only in public key algorithms that have as mathematical base an unsolved tasks of the number theory The main advantage of the Boolean functions in cryptography is considered to be the high efficiency at their calculation by software and hardware means. So, for algorithms with roughly the same cryptoresistance, that are based on the Boolean functions is executed thousands times faster than modern public key algorithms. Cryptography – The Main Tool for Security (Continued)
  24. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation
  25. Identification is one of the three base Problems of Information

    Security Information Security Protection from unauthorized data access via encryption Data Integrity: Digital Signature Technology /hashing Identification of remote subscribers
  26. As for the other two base tasks of the information

    security, the effectiveness of identification is determined by a compromise between two criteria: by security level and by the volume of available resources which is required for the implementation of the security functions The efficiency of remote subscriber identification schemes Level of security Amount of computational resources required for the implementation of the security functions Efficiency of Remote Access
  27. Existing schemes for identification of remote users Non strict identification

    based on using of invariable (const) passwords Strict identification based on the Zero Knowledge concept The major advantage: High speed of authentication The main disadvantage: Low security level The major advantage: High level of security The main disadvantage: existing realizations demand long processing times Identification of Remote Users
  28. Cryptographically strict identification should provide protection: From external threats From

    internal threats THE CONCEPT OF "ZERO KNOWLEDGE" USER SYSTEM The mechanism for generating the "correct" session passwords The mechanism for checking the "correctness" of session passwords Session password The system itself is not capable of generating a "correct" session password The Concept of Zero Knowledge Identification
  29. Zero-Knowledge Identification Tool for password generation User Tool for checking

    of user password legitimacy System Password The Concept of Zero Knowledge Identification (Continued)
  30. User System Session password generation mechanism Irreversible mechanism for validating

    the password Session password 1/0 The Concept of Zero Knowledge Identification (Continued)
  31. Existing Zero-Knowledge Identification Schemes FFSIS (Feige Fiat Shamir Identification Scheme)

    Guillou-Quisquater Identification Scheme Schnorr Identification Scheme Based on analytically insoluble mathematical problem of number theory, namely: discrete logarithmic calculations: find X given XE mod M = Y To reduce the possibility of solving the equation XE mod M = Y by trial, the word lengths of X, Y, M must be greater than or equal to 1024 The procedure for checking of user password legitimacy requires long processing times The necessity of several cycles of information exchange between system and users
  32. Existing identification schemes that implement the concept of "zero knowledge"

    Feige Fiat Shamir Identification Scheme (FFSIS) Scheme Guillou-Quisquater Scheme Schnorr A2V mod M Basic computing operation AEBG mod M Number of exchanges in one session of identification 18 - 22 3 The Concept of Zero Knowledge Identification (Continued)
  33. MAJOR FAILURE OF EXISTING SCHEMES OF IMPLEMENTATION ZERO-KNOWLEDGE IDENTIFICATION LOW

    IDENTIFICATION SPEED Use of complex multiplicative operations of modular arithmetic, which are performed on numbers of large length 1024 or 2018 Use to identify multiple cycles of data exchange between the user and the system CAUSES The Concept of Zero Knowledge Identification (Continued)
  34. NECESSITY OF ACCELERATING ZERO-KNOWLEDGE IDENTIFICATION PROCEDURES The most effective means

    of countering the middle attack is multi repeated identification within the interaction session Increase the number of systems with remote access working in real time Rapid growth in the number of users of systems with remote access The Concept of Zero Knowledge Identification (Continued)
  35. Choosing two prime numbers p and q Calculation m =

    p∙q Selection v and v-1 such way that: s2 mod m = v d2 mod m = v-1 v∙v-1 mod m =1 m and v - Public key s – Private key Exists d and s Zero Knowledge Identification Scheme: FFSIS: Private and Public key generation
  36. Verifies y∙y∙v mod m= x Send y Subscriber System Randomly

    selected number r Calculates x = r ∙r mod m Send x to system Receives x Calculates y = r ∙ s mod m, Randomly generates bit b Send b Send r Verifies r ∙r mod m = x if b=1 if b=0 1   v s If subscriber possesses s that y2v mod m = ( r2 s2)v mod m=…=r2 v-1v mod m = r2 mod m= х Zero Knowledge Identification Scheme : FFSIS : Identification Procedure
  37. Choosing two prime numbers p and q such that q

    being a factor of p-1 Choosing a such that a q mod p=1 Calculation v = a-s mod p p and v - Public key s - Private key Calculation -s = q-s Randomly choosing s<q Zero Knowledge Identification Scheme : Schnorr Identification Schemes:Private and Public Key Generation
  38. Send y Subscriber System Randomly selected number r Calculates x

    = ar mod p Send x to system Receives x Calculates y = (r+s∙e) mod q Send e Verifies ay ∙ ve mod p= x Randomly generates number e Zero Knowledge Identification Scheme : Schnoor Identification Procedure Send y Subscriber System Randomly selected number r Calculates x = ar mod p Send x to system Receives x Calculates y = (r+s∙e) mod q Send e Verifies ay ∙ ve mod p= x Randomly generates number e
  39. Choosing two prime numbers p and q J, m and

    v - Public key B - Private key Choosing B such that (J∙Bv) mod m =1 Calculation m = p∙q Choosing open password J Randomly choosing v Zero Knowledge Identification Scheme Guillou-Quisquater identification schemes: Private and Public Key Generation
  40. Send D Subscriber System Randomly selected number r Calculates T

    = rv mod m Send T to system Receives T Calculates D = r∙Bd mod m Send d Verifies Dv∙ Jd mod m= T Randomly generates number d Zero Knowledge Identification Scheme : Guillou-Quisquater Identification Procedure
  41. Basic Calculations for Zero Knowledge Identification Schemes Schnorr schemes Guillou-Quisquater

    schemes FFSIS A2V mod M AEBG mod M The high computational complexity of zero knowledge identification schemes is the main reason that limits there of utility Zero Knowledge Identification Scheme (Continued)
  42. Possible Approaches of Zero Knowledge Identification Schemes Computational Complexity Decreasing

    Using of Precomputation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation Zero Knowledge Identification Scheme (Continued)
  43. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation
  44. Utilizing of Alternative Algebra Operation in which have Low Computational

    Complexity - Galois Fields Arithmetic Possible Approaches of Zero Knowledge Identification Schemes Computational Complexity Decreasing Using of Precomputation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation
  45. Operation in Galois fields GF(2m) Widespread use in modern cryptosystem

    (Rijndael, Ellipse Curve Cryptosystems) Addition - XOR ( denoted as  ) Multiplication ( denoted as AB rem M) Multiplication without the inter-bit carry transfers ( denoted as AB) Calculation of the remainder of the division of the polynomial that corresponds to the number А by the polynomial corresponding to M (denoted as A rem M ) Exponentiation - (denoted as AE rem M) AE - exponentiation without carry: AE = А  А  ...  А
  46. Basic Calculations for Zero Knowledge Identification Schemes Schnorr schemes Guillou-Quisquater

    schemes FFSIS A2V mod M AEBG mod M AAV rem M AEBG rem M Modification In Galois field algebra Galois Fields Arithmetic (Continued)
  47. Choosing prime polynomial P(x) =xn+1+xn+…+x+1 and corresponding number m. For

    example for n=4: P(x)=x5+x4+1 and m=25 Arbitrarily choosing (n-1) bit length number  (=4) Choosing d and s by such way that: d  s =   m  1. ( d =9 and s =13) Calculating v-1 =s s rem m (v-1 =1313 rem 25=7) Calculating v=d  d rem m (v =9  9 rem 25=7 ) vv-1 rem m =1 m and v - Public key s - Private key Galois Fields Arithmetic Modified FFSIS: Private and Public key generation
  48. Sent y Subscriber System Randomly selected number r (r =10)

    Calculates x = r r rem m (x = 1010 rem 25)=11 Sent x to system Receives x =11 Calculates y = r  s rem m, y = (10 13 rem 25=15) Randomly generates bit b Sent b Sent r Verifies r r rem m = x if b=1 Verifies yyv rem m= x ( 151514 rem 25= 11) if b=0 Galois Fields Arithmetic Modified FFSIS : Identification procedure
  49. Choosing two prime polynomials P(x) and W(x) to which correspondent

    numbers p and w ( for example P(x)=x5+x4+1 and W(x)=x5+x+1, correspondently p=25 and w=19) Choosing q and a such that aq rem p=1 (q=10; a=46) Calculation v = a-s rem m ( v = 467 rem 443 =117 ) m and v – Public key s - Private key Calculation -s = q-s (-s=10-3=7 ) Randomly choosing s<q (s =3) Calculating m = pw ( m=2519=443) Galois Fields Arithmetic Modified Schnorr identification schemes: Private and Public Key Generation
  50. Verifies ay ve rem m= x (465  11729 rem

    443= 85 ) Sent y=5 Subscriber System Randomly selected number r<q (r=8) Calculates x = ar rem m, (x = 468 rem 443=85) Sent x to system Receives x =85 Sent e =29 Randomly generates number e (e=29) Calculates y = (r +s∙e) mod q, (y = (8+329) mod 11=5) Galois Fields Arithmetic Modified Schnoor Identification procedure
  51. J, m and v - public key B - private

    key Choosing B(B=39) such that (JBv ) rem m =1 (18395 rem 443=1) Choosing open password J (J=18) Randomly choosing v (v=5) Choosing two prime polynomials P(x) and W(x) to which correspondent numbers p and w ( for example P(x)=x5+x4+1 and W(x)=x5+x+1, correspondently p=25 and w=19) Calculating m = pw ( m=2519=443) Galois Fields Arithmetic Modified Guillou-Quisquater identification schemes: Private and Public Key Generation
  52. Sent D =187 Subscriber System Randomly selected number r (r=22)

    Calculates T = rv rem m, (T = 225 rem 443=159) Sent T =159 Receives T =159 Calculates D = rBd rem m, (D = 223928 rem43=187) Sent d=28 Verifies DvJd rem m= T (18751828rem 443= 159 ) Randomly generates number d (d=28) Galois Fields Arithmetic Modified Guillou-Quisquater identification schemes: Identification procedure
  53. The main potentialities of Galois fields arithmetic for decreasing of

    computational complexity of basic operation A2∙V mod m AE mod m Not necessity to carry processing The specific property of the square of the number A without carry This property states that “the even bits of the binary code are equal to zero and the odd bits are identical to those of the number А”. Galois Fields Arithmetic (Continued)
  54. EXAMPE OF SQUARE OF 4-BIT LENGTH NUMBER WITHOUT CARRY A

    = a 0 + 2a 1 + 4a 2 + 8a 3 A  A = a 3 a 0 a 2 a 0 a 1 a 0 a 0 a 0 + a 3 a 1 a 2 a 1 a 1 a 1 a 0 a 1 a 3 a 2 a 2 a 2 a 1 a 2 a 0 a 2 a 3 a 3 a 2 a 3 a 1 a 3 a 0 a 3 a 3 a 3 0 a 2 a 2 0 a 1 a 1 0 a 0 a 0 А  А = a 0 + 4a 1 + 16a 2 + 64a 3 Galois Fields Arithmetic (Continued)
  55. ORGANIZATION OF YYV rem m CALCULATION For Y=y1 +y2 ∙2+…+yn

    ∙2n-1, where y1 ,…,yn {0,1} according to property of the square of the number without carry: YY = y1 + y2 ∙4 + y3 ∙42 + …. + yn ∙4n-1 and YY V = y1 ∙V + y2 ∙4∙V + y3 ∙42∙V + …. + yn ∙4n-1∙V and YY V rem m = y1 ∙V rem m + y2 ∙4∙V rem m + …. + yn ∙4n-1∙V rem m Since V and m are components of public key it can consider as constants. It can be one time calculated and stored in table: T[1]= V T[2]= 4∙V rem m T[3]= 42∙V rem m … T[n]= 4n-1∙V rem m Than YY V rem m = y1 ∙T[1] + y2 ∙T[2] + …. + yn ∙T[n] Galois Fields Arithmetic (Continued)
  56. Estimation of the Effectiveness Software Implementation Modified FFSIS in Galois

    Fields s =k/w w - processor bit length k - number bit length Time T B calculating Y2∙V mod m for Barret modular multiplication algorithm: T B  24∙(s2 + 2∙s)∙ ,  - processor cycle time Time T calculating YYV rem m for proposed organization: T  0.5∙k∙s∙
  57. Relationship of the implementation time in software implementation of the

    original and modified FFSIS for k=1024 Processor Word length w Algorithm using the standard FFSIS approach for modular multiplication Classic:2T c /T Barrett : 2T B /T 8 12.3 12.3 16 6.3 6.2 32 3.3 3.2 64 1.8 1.7 Galois Fields Arithmetic (Continued)
  58. Organization of the Exponentiation YE rem m in Galois Fields

    Calculation R = YE rem m j >= 0 e j = 1 R = 1 Basic exponentiation schema j = k R = RR rem m R = RY rem m Yes j = j -1 Yes if e j-1 =1 and e j = 1 R j+1 = R j 2 Y rem m if e j-1 =0 and e j = 1 R j+1 = R j 4 Y rem m if e j-2 =0 and e j-1 =0 and e j = 1 R j+1 = R j 8  Y rem m if e j-3 =0=e j-2 and e j-1 =0 and e j = 1 R j+1 = R j 16  Y rem m
  59. Number of tables 2 3 5 8 7 6 4

    9 10 11 12  = Т0 /Te – coefficient of acceleration Results of Experimental Investigation of Exponentiation Acceleration Dependence of Number Tables Pre-computations
  60. Relation between the implementation times for software of the original

    and modified Schnorr and Guillou- Quisquater for k=1024 Processor Bits T M / T m2 8 16 32 64 29 14.5 7.4 3.8 where T M - time for exponentiation AE mod m using Montgomery algorithm T m2 - time for exponentiation AE rem m in Galois field using 4 tables precomputations
  61. Relation between the time for execution and the complexity of

    the scheme with hardware implementation of the arithmetic and logic addition (in packets for k=1024) Efficiency Criterion Carry scheme for the arithmetic adder Sequential Parallel Time T ASC /T XOR =4.5k (4608) Т APC / T XOR =1.5log 2 k (15) Complexity S ASC /S XOR =6 S APC /S XOR =6k2 (6144) where T ASC - actuation time for serial forming carry scheme T APC - actuation time for parallel forming carry scheme S ASC - number of logical elements for serial forming carry scheme S APC - number of logical elements for parallel forming carry scheme
  62. Zero Knowledge Identification Schemes based on Boolean Transformation Possible Approaches

    of Zero Knowledge Identification Schemes Computational Complexity Decreasing Using of Precomputation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation
  63. A Scheme for the Deployment of the Proposed Boolean Transformation

    for Zero-knowledge Identification (I) REGISTRATION Subscriber A System Random selection of the secret session passwords: X1 , X2 , ...., Xm Forming Boolean transformation FA (X), which is depended of the secret codes X1 , X2 , ...., Xm and UA Transmission of the formed transformation FA (X) and UA Storage of the secret codes X1 , X2 , ...., Xm Transmission of the established program for forming Boolean transformations F(X) and codes U Storage the description of the Boolean transformation FA (X) and code UA
  64. A Scheme for the Deployment of the Proposed Boolean Transformation

    for Zero-knowledge Identification (II) IDENTIFICATION SESSION Subscriber A System Selection of one of the codes X  {X1 , X2 , ...., Xm }, and elimination from the set of secret codes Transmission of selected code X Reception of the code X and calculation of Y = F(X) If Y= UA then access to the resources is allowed and the reuse of X is blocked
  65. X x1 x2 … xk xk+1 ,…,x2k x(h-1)k ,…,xn u1

    u2 … uk uk+1 ,…,u2k u(h-1)k ,…,un U Operation of diffusion and confluence 1 2 h 1 2 h 1 2 h Operation of nonlinear transformation confluence h
  66. Comparative Estimation of the Time for Identification (program implementation on

    a 64- bit processor) FFSIS (Feige Fiat Shamir Identification Scheme) for length 1024 Proposed method of Identification for key length -256 and number of fragments h=8 Required number of cycles exchange 32 1 Time for processing of the user code for one cycle exchange The realization of Boolean transformation requires 512 commands One cycle is carried out 165 times more rapidly The fulfillment of 3 operations of modular multiplication requires 84864 commands The proposed method identification ensures a decrease by 5280 times of the identification time in comparison with FFSIS Experimental research it showed that a real acceleration of identification by 3 orders of magnitude
  67. At the heart of any cryptographic transformation is an irreversible

    transformation, that is, a transformation for which it is analytically impossible to find the opposite Irreversible transformations of modular arithmetic Irreversible Boolean transformations ARE USED ADVANTAGES Algorithms RSA, El-Gamal, DSS Algorithms DES, Rijndael, Hash -SHA, Ripemd-160 High speed The possibility of constructing complex cryptographic structures Zero Knowledge Identification Schemes based on Irreversible Boolean Transformation
  68. (Block Ciphers - ВС) Algorithm for encryption / decryption of

    a data block D fixed length using a single key K. ВС Key К С D ВС Key К С D D=R(C,K). Standardized cipher blocks certified by the relevant authorities: Rijndael, DES, MARS, Serpend C=F(D,K)
  69. 1) The system send the user's identification code U 2)

    The user determines the number n Identification cycles 3) The user generates a random code pn - Session password on the last, n-th identification cycle. Index j is assigned a value n-1: j =n-1. 4) The user calculates qj = F( j |U, pj ), where j | U - Concatenation of the identification cycle number and identification code. 5) The user calculates pj-1 = F(pj , qj ) 6) Index increment j: j = j-1. If j>0, Then it returns to the re-execution step.4. 7) The user sends the code p0 to the system. 8) Session Password Codes p0 , p1 ,…,pn stored in user memory. Formal Description of the User Registration Procedure
  70. User System BC j pj-1  R U U BC

    j =? j U pj-1 =? pj-1  U =?U BC BC j+1 U pj-+1 BC j U BC =? pj-1  pj  pj- Figure 1 – Structure of cryptographic transformations performed at the j- th session of user authentication Interaction of Authentication between System and Users
  71. User Registration Procedure 1) The system formulates randomly the user

    authentication code U. 2) The system encrypts the code U with user public key Kuo : L = (U, Kuo ) where  - a public key algorithm like RSA, with Kuo – the public user key of algorithm , and sends to the user the code L. 3) The user receives from the system the code L and using his private key Kup restores the code U=-1(L, Kup ). 4) The user defines the number n that represents the sequence number of the authentication cycle. 5) The user produces the random session password pn at the end of the nth authentication cycle. The index j assumes the value n-1: j = n-1. 6) The user calculates qj = F( j|U, pj ), where j|U is the concatenation of the number of the authentication cycle and the authentication code U. 7) The user calculates pj-1 = F(pj , qj ) 8) The index j is decremented: j=j-1. If j>0, then return to step 6. 9) The user encrypts the code р0 using the key U: X = F(p0 , U) and sends the code X to the system. 10) The system according to the received code Х restores the code p0 : p0 =F(X,U) and saves it in memory.
  72. jth Cycle of User Authentication Procedure 1) Upon the user's

    request, the system generates a random code R. This code together with the number j of the authentication cycle, previous session password pj-1 and code U encrypted by the system using as identification key U of user: D = F( j |R | U | pj-1 , U) and the received code D is sent to the user. 2) The user receives code D, decrypts it with private key U, restoring the values j , U , pj-1 , and R. 3) The user compares received codes j, U and pj-1 with the values that are stored in it: if j = j, U=U and pj-1 = pj-1 , then confirms that the system knows the codes U, j and pj-1 , thus ensuring interaction with the system. For synchronization of system and users authentication cycle: (a). If j  j , U U and pj-1  pj-1 , then the user does not interact with system and session authentication. If j j, U=U and pj-1 pj-1 , then the user interacts with the system, but the synchronization of the parameters has been lost. (b) To restore the synchronization of identification parameters, the user determines =1+max( j, j). Encrypts codes  and p with the key U: W=F(| p , U) and the received code W send to the system. Sets the identification session number j=+1. System upon receipt the code W restores the values  and p via the transformation F(W,U). Sets the identification session number j=+1 and pj-1 =p . After restoring the synchronization goes to step 4. The user generates the code Qj as XOR of jth session password pj and the random code selected by the system R: Qj = pj  R. The generated in this way code Qj sent it to the system. 4) The system restores the value jth session password pj : pj = Qj  R and calculates d = F( j|U, pj ). The system calculates =F(pj , d). If  = pj-1 , then the user authentication was successful and access to system resources is permitted.
  73. Special Means for Resistant Against Middle Attack User send Sequences

    of code Fast identification System Controlled jth session with user BC u Pd send BC u Pj ==
  74. Experiment Results of Comparing Performance Analysis Proposed Scheme and Knows

    Known Zero Knowledge Schemes Acceleration Level Software Implementation Hardware Implementation FFSIS 2.3 103 ~ 105 Guillou-Quisquater 2.8 103 ~ 105 Schnorr 3.1 103 ~ 105 The basic reason for achieved accelerating consist of changing of Algebraic basis: substitution modular arithmetic algebra by Boolean Algebra
  75. Modular Arithmetic Operations for IoT and Cloud Applications Possible Approaches

    of Zero Knowledge Identification Schemes Computational Complexity Decreasing Using of Pre-computation and Parallel Computation for Decreasing of Computational Complexity of Modular Reduction Utilizing of Alternative Algebra Operation in which have low Computational Complexity Working out Zero Knowledge Identification Schemes based on Boolean Transformation
  76. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation The proposed technique for modular exponentiation is based on performing simple operations on the user computational resources, shifting the complex operations to high performance cloud resources and operates by separating the procedure for modular exponentiation in two components. An algorithm for the software implementation of modular multiplication is proposed, which uses pre-computations with a constant modulus to reduce the computational load imposed upon the processor. The developed modular multiplication algorithm provides faster execution on low complexity hardware in comparison with the existing algorithms and is oriented towards the variable value of the modulus, especially with the software implementation on micro controllers and smart cards whose architectures include a small number of bits A potential attacker receives no information by intercepting the data existing in the cloud
  77. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation Τhe mathematical basis of the majority of public key algorithms is the modular exponentiation operation AE mod M. In practice, using cryptography with a public key module M is part of the public key, E - is a component of the private key, and A - is an informational component. Hence, the objective of hacking is to obtain code E. The level of protection provided by such algorithms directly depends on the bit depth n of numbers used in the operation of the modular exponentiation. In most practical applications, bit depth is 1024, 2048 or 4096. Computational complexity of modular exponentiation is O(n2). This means that while doubling the bit depth of used numbers, the amount of computation increases by approximately four times. Thus, the computational complexity of the tests for exponent selection code is of the order O(2n). Ιncreasing of bit depth significantly slows down calculations, related to information security functions. This situation may be overcome by using computing resources of cloud systems for modular exponentiation, in such a manner that that when calculating the AE mod M, the secret exponent E code and the processed number A are not disclosed.
  78. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation The basic modular arithmetic operation used within the context of information security algorithms is modular multiplication, i.e., the calculation R=AB mod M The assumptions that need to be made are: that the result R, coefficient A, multiplicand B and modulus M are n bit binary numbers, that the most significant bit of the modulus is equal to 1, i.e. 2n-1M 2n that the co-factors are lower than the modulus, i.e. A<M, B<M
  79. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation It is also assumed that the operation of modular multiplication is performed on a k bit general purpose processor, microprocessor or micro-controller. Consequently, each one of the numbers which participate in the operation of modular multiplication can be represented in the form of s=n/k bit words:                   1 0 1 0 1 0 2 , 2 , 2 s j s j k j j s j k j j k j j m M b B a A where aj , bj , mj are k bit words and j0,…,s-1. R=AB mod M
  80. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation Elementary arithmetic considerations show that the product of two k – bit numbers requires (2 ∙ k) – bits for its accurate representation. By denoting:  qm – the number of multiplications required  tm – the execution time needed for each command  qa – the number of additions required  ta - the execution time of each addition the estimate for computational complexity of the particular software implementation of the n bit modular multiplication is: a a m m t q t q    If ratio of the execution times for the multiplication and addition commands on the processor is w = tmul /ta ,, then the execution time of the modular multiplication can be represented as ) ( a m a q q w t   
  81. Modular Arithmetic Operations for IoT and Cloud Applications Secure Parallel

    Modular Exponentiation Algorithm 1: Classical scheme for word-by-word Modular Multiplication. R=0; for(i=0; i<s; i++) Y=0; for (j=0; j<s; j++) Y+= (ai *bj )<<(j*k); R += Reduce(Y); if (i<s–1) B<<=k; Reduce(B); Reduce(R);         1 0 2 s i k i i j j b a B a The operation of multiplication is performed on a word-by-word basis. More specifically, the jth (j=0,… , s-1) of the k bit word of the coefficient aj is multiplied by shifting each of the s words of multiplicand in B. The obtained products, which are 2∙k bits long, are added, forming (n+k) bits, a result which is a partial representation of the product shown in Equation. Following this, the modular reduction of the partial expression is carried out, obtaining jth partial residual Rj = aj B mod M. The result of the modular multiplication R=AB mod M is formed as the sum of the modular reductions of the partial expression of the product: R=(R0 +R1 +…+Rs-1 )mod M.
  82. Acceleration of Modular Multiplication in Information Security Τhe extensively popular

    RSA algorithm uses a complex procedure to obtain the three numbers d, e and M with lengths n between 1024 and 2048 bits that satisfy the identity AdeA The process of the coding of the block A of a certain message consists of the calculation of C=Ae mod M and the decoding of block A is realized with the calculation of A=Cd mod M The pair of numbers <d,M> composes the public key, while the pair <e,M> composes the private key
  83. Acceleration of Modular Multiplication in Information Security One of the

    above keys, depending on the protocol that the RSA uses, is public while the other one is private. The analysis of the practical use of an RSA algorithm shows that the keys change relatively rarely so that with the use of the same key, tens of thousands of information blocks are processed. This makes it possible to consider that in the process of computational implementation, the RSA key and consequently the modulus are both in effect constant. Analogous reasoning can also be applied to a number of other standardized information security algorithms that are widely applied in practice.
  84. Acceleration of Modular Multiplication in Information Security The fact that

    the modulus M is constant makes it possible to simplify the calculation of modular reduction in the multiplication process via the use of pre-computed results. Such pre- computations depend only on the value of the modulus M and therefore they may be carried out off-line and be recovered whenever there is a change of the modulus. The results of the pre-computations can be stored in the tabular form in main memory and are used repeatedly with each modular multiplication calculation. In the modular multiplication implementation, part of the computational resources is strictly used for the calculation of multiplication and the other part for the implementation of modular reduction
  85. Outline  Some History… Cloud & IoT Cyber Security Cyber

    War  Security Issues for Access Control  Cryptography – The main tool for security  Zero-knowledge Identification Schemes  Modification of Zero-knowledge Identification Schemes  Performance & Evaluation
  86. 1. Bardis, Nikos G., et al. "Methods for increasing the

    efficiency of the remote user authentication in integrated systems." Trends in Computer Science 12.1 (2003): 99-107. 2. Bardis, Nikolaos G., et al. "Two level efficient user authentication scheme." 4th IEEE International Conference on Digital Ecosystems and Technologies. IEEE, 2010. 3. Stavroulakis, P., Markovskyi, O. P., Bardis, N. G., & Doukas, N. (2011, December). Efficient zero—Knowledge identification based on one way Boolean transformations. In 2011 IEEE GLOBECOM Workshops (GC Wkshps) (pp. 275-280). IEEE. 4. Bardis, N. G., Markovskyi, O. P., Doukas, N., & Drigas, A. (2012, October). Fast implementation zero knowledge identification schemes using the Galois Fields arithmetic. In 2012 IX International Symposium on Telecommunications (BIHTEL) (pp. 1-6). IEEE. 5. Doukas, Nikolaos, Nikolaos Bardis, and Oleksandr P. Markovskyi. "Authentication and Integrity in Streaming Video Transmission." Mathematics and Computers in Science and Engineering Series 12 (2013). 6. Doukas, N., Drigas, A., Bardis, N. G., & Karadimas, N. V. (2013). Accessible secure information society applications via the use of optimised cryptographic calculations. Journal of Applied Mathematics and Bioinformatics, 3(4), 181. 7. Bardis, Nikolaos. "Secure, green implementation of modular arithmetic operations for IoT and cloud applications." Green IT Engineering: Components, Networks and Systems Implementation. Springer, Cham, 2017. 43-64. 8. Kolisnyk, M., Kharchenko, V., Piskachova, I., & Bardis, N. G. (2017). A Markov Model of IoT System Availability Considering DDoS Attacks and Energy Modes of Server and Router. In ICTERI (pp. 699-712). 9. Bardis, Nikolaos G., Nikolaos Doukas, and Oleksandr P. Markovskyi. "Zero-Knowledge Identification Method Based on Block Ciphers." 2017 International Conference on Control, Artificial Intelligence, Robotics & Optimization (ICCAIRO). IEEE, 2017. 10. Stavroulakis, P., Kolisnyk, M., Kharchenko, V., Doukas, N., Markovskyi, O. P., & Bardis, N. G. (2017, July). Reliability, Fault Tolerance and Other Critical Components for Survivability in Information Warfare. In International Conference on E-Business and Telecommunications (pp. 346-370). Springer, Cham. 11. Doukas, Nikolaos, Oleksandr P. Markovskyi, and Nikolaos G. Bardis. "Reliability, Fault Tolerance and Other Critical Components for Survivability in Information Warfare." E-Business and Telecommunications: 14th International Joint Conference, ICETE 2017, Madrid, Spain, July 24–26, 2017, Revised Selected Paper. Springer, 2019. REFERENCES