Remote Identification and Authentication for High Security Access in Multi User Systems

Remote Identification and Authentication for High Security Access in
Multi User Systems
Professor Nikos G. Bardis, Eng., PhD.
March 22, 2019
Hellenic Army Academy, Section of Mathematics and Engineering Sciences, Greece

View Slide

Outline
 Some History…
Cloud & IoT
Cyber Security
Cyber War
 Security Issues for Access Control
 Cryptography – The main tool for security
 Zero-knowledge Identification Schemes
 Modification of Zero-knowledge Identification Schemes
 Performance & Evaluation

View Slide

MILCOM 1990 Communications and Radar (Data Bases, Networks, Programming…)
MILCOM 2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information
Superiority (C4I, Internet, web programming…)
MILCOM 2010 Waveforms and Signal Processing, Networking Protocols and Performance, Cyber Security and Network
Management, Systems Perspectives (Smart Devices, Cloud Systems, Cyber Security)

View Slide

Information Field
The other engagement
Information

View Slide

Internetworking: is the practice of connecting a computer
network with other networks through the use of gateways that
provide a common method of routing information packets
between the networks.
What could be connected to this network?
Computers
Mobile Phones
Smart Grids/Smart City
IP cameras and Home Appliances
Wearable Technology (Smart Watches, Pacemakers, etc)
Sensors (made possible by IoT)
Distributed Robotics
Introduction
Interconnected Devices
5

View Slide

Internetworking: is the practice of
connecting a computer network with other
networks through the use of gateways that
provide a common method of routing
information packets between the networks.
What could be connected to this network?
Computers
IP cameras
Mobile phones
Pacemakers
Others like Sensors (made possible by IoT)
ARPANET
SRI
Utah UCSB
UCLA
Current Internet Structure
What is Internetworking?
Kaspersky Lab; Internet Map

View Slide

Firewalls, IPSEC, VPN/tunneling
Security Policies
Intrusion Detection Systems (IDSs)
Signature-Based IDS – Match all incoming traffic with
signatures stored in a database. If a traffic matches,
then its an attack (SNORT, BRO IDS).
Anomaly-Based IDS – Learn accepted network behavior,
then use this learned behavior to identify future
behaviors that do not conform to this baseline.
Firewall
What about hacking ?

View Slide

Outline
 Some History…
Cloud & IoT
Cyber Security
Cyber War

View Slide

Security Issues
1. Confidentiality
2. Authentication
3. Integrity
4. Non-repudiation
5. Availability

View Slide

Connectivity-Its Security Issues
 Smart Grid Cyber Attacks
These Cyber attacks against grids could bring
down whole grids, something that could even kill
people if it happens in winter.
 2015-cyber attack against Ukrainian utility
company with malware (The Blackenergy
Malware).
 2016-another cyber attack against Ukraine's
energy sector in Kiev.
 Israel experienced a serious hack attack on
its electrical grid in January 2016
10
Grant: “Cyber Security Techniques the SCADA Military Environment,” for three years

View Slide

«Cyber attack is Casus Belli»
«Cyber warfare in United States is apart of the American military strategy
of Proactive Cyber Defence and the use of cyber warfare as o platform
for attack.»
«The new United States military strategy makes explicit that a cyber
attack is casus belli just as a traditional act of war.»

View Slide

Headlines of recent cyber attacks
All Rights Reserved 2015 12
Center for Information Networking and
Telecommunications
• Russian Hacking of DNC/RNC and threat of US retaliation
• Yahoo huge security breach; Loss of data for one billion accounts
2016
 Equifax Data Breach – 145.5 Million Accounts
 Uber Data Breach – 57 Million Records
 WannaCry Cyber Attack – 300,000 Systems
 Stolen NSA Cyber Weapons
 Yahoo! Makes History, Again – 3 Billion
Accounts
2017
2018 • Facebook – 87 million records hacked
. Sacks Fifth Ave & Lord & Taylor - 5 million accounts

View Slide

• Experian (T-Mobile)
– 15 million records
• Donald Trump Hotels
• Sony Entertainment
• Ashley Madison
– 10 thousand government officials
• Office of Personal Management (OPM)
• Anthem health care
2015
Headlines of recent cyber attacks (Continued)

View Slide

Man in the Middle vs Authentication

View Slide

Denial-of-service (DOS) Attack vs Availability
Denial-of-Service (DoS) attacks are strategies that
are often used for occupying the communication
resources in order to prohibit the transmission of
measurement and nor control signals and that
cause a maximum possible deterioration of the
system performance.
The most dangerous type of DoS attacks is the
distributed DoS (DDoS) also called coordinated
attack, in which a large number of compromised
machines are used to perform the DoS attack.
Moreover, DDoS is frequently occurred due to the
simplicity of creating it, low coast and its high
impact on systems including the ability of
completely disconnect an organization. It is shown
that this attack could cause instability of power
grids and it could produce long delay jitter on NCS
packets.

View Slide

Denial-of-service (DOS) Attack vs Integrity (Continued)
The DoS attacks in radio frequency identification
(RFID) system can be categorized based on the
factors causing them as follows:
1) System Jamming: Electromagnetic jamming is
done in this type to prohibit tags from
communicating with readers.
2) Desynchronization Attack: It is destroying
synchronization between the tag and the RFID
reader causing a permanent disabling of the
authentication capability of an RFID tag.
3) Tag Data Modification: Changing the data to a
random number which cannot be identified by the
reader.
4) Kill Command Attack: The attacker send a kill
command with the hacked password causing a
permanent disabling of the tag.
5) Random DoS Attack: Which is affecting the
system by injecting short periods of noise signals

View Slide

Inside Attack vs Confidentiality
One important factor in Cyber Physical
Systems - CPS security is that attacks
might not only come from outside of the
system but also from inside, such as
from employees who do not need much
additional knowledge about the target
system.
The knowledge that insiders often gives
them unrestricted access to steal or
modify data in the system or to
deactivate that system. So, it is
important to have a secure control
system to maintain the stability of the
system during such an attack.

View Slide

Structure of Remote Systems of Information Services,
Information and Computer Resources
User 1
User 2
User n
Internet
SYSTEM

View Slide

Multi User
Systems
Multiuser
Systems
Legitimate
user
Legitimate
user
Legitimate
user
Illegitimate
user
Illegitimate
user
Illegitimate
user

View Slide

Attacker
Action on the identification
protocol
Viruses Dishonest
personnel
Reading the passwords of
legitimate users
IDENTIFICATION
SYSTEM
Legitimate user
Data transmission channel
Password
selection
Interception of
passwords and
repetition
Substitution of
legitimate user
during the session
password
data

View Slide

Threats From the Attacker Side, Controlling the Transmission Line
User Line of Data
exchange
Active attack: User Ousting
after Identification
( middle attack )
SYSTEM
Passive attack: listening of
cycles of exchange of the
identifying information of the
user for its reproduction

View Slide

User identification
information А
Viruses
Staff
Other users
Accessing system
resources under
the user name А
System
Administration
Imitation the use of
resources by the
user А
SYSTEM
Subject Goal
Threats from the Side of the System

View Slide

Outline
 Some History…
Cloud & IoT
Cyber Security
Cyber War

View Slide

     













h
r
n
h
r
n
r
n
h
r
n
y
k
k
k
x
x
x
f
y
k
k
k
x
x
x
f
y
k
k
k
x
x
x
f
y
y
y
Y
k
k
k
K
x
x
x
X
)
,...,
,
,
,...,
,
(
)
,...,
,
,
,...,
,
(
)
,...,
,
,
,...,
,
(
,...,
,
,...,
,
,
,...,
,
2
1
2
1
2
2
1
2
1
2
1
2
1
2
1
1
2
1
2
1
2
1

Cryptographic
Algorithm
Message X
Key K
Cryptogram Y
Forward cryptography
Cryptographic
Algorithm
Message X
Key K
Cryptogram Y
Reverse cryptography
UNSOLVED MATHEMATICAL TASK
SOLVE OF SYSTEM OF
NONLINEAR BOOLEAN
EQUATIONS
UNSOLVED
MATHEMATICAL
NUMBER THEORY TASK
Block
Ciphers
Stream
Ciphers
Hash-
Algorithms
Public key
Algorithms
DES, RC-6
RIJNDAEL
A5, SNOW,
SOBER
SHA-1,
RIPEMD-160
RSA, DSA,
ECC
Cryptography – The Main Tool for Security

View Slide








































































3
2
1
4
3
2
1
4
1
2
3
2
1
3
1
4
1
3
2
4
2
3
1
4
2
1
4
1
4
3
2
1
3
2
1
2
4
3
2
2
1
3
1
4
3
1
1
1
2
1
2
1
1
1
2
2
2
1
1
1
1
1
4
2
2
1
2
1
1
2
1
1
2
2
2
2
1
3
2
1
2
1
1
2
2
2
2
1
2
1
2
2
2
1
2
1
1
1
4
2
2
1
1
1
1
1
1
1
1
y
y
y
y
y
y
y
y
y
k
y
y
y
y
y
y
y
y
y
y
y
y
k
y
y
y
y
y
y
y
y
y
y
y
y
x
y
y
y
y
y
y
y
y
y
y
x
k
x
x
x
x
k
x
k
x
k
k
k
x
k
x
y
k
x
x
k
k
x
x
x
k
x
k
x
k
k
y
k
x
k
x
k
x
k
x
x
x
x
x
y
k
x
x
x
x
k
x
k
x
k
k
y
Block Cipher
1
x
2
x
3
x
1

n
x
n
x
1
y
2
y
3
y
1

n
y
n
y
1
k
2
k
1

r
k
r
k
Cryptography – The Main Tool for Security (Continued)

View Slide

UNSOLVED MATHEMATICAL TASK
SOLVE OF SYSTEM OF
NONLINEAR BOOLEAN
EQUATIONS
UNSOLVED
MATHEMATICAL
NUMBER THEORY TASK
Block
Ciphers
Stream
Ciphers
Hash-
Algorithms
Public key
Algorithms
DES, RC-6
RIJNDAEL
A5, SNOW,
SOBER
SHA-1,
RIPEMD-160
RSA, DSA,
ECC

View Slide

In a practical level the Boolean functions
are not being used only in public key algorithms
that have as mathematical base an unsolved tasks of the number theory
The main advantage of the Boolean functions in cryptography is
considered to be the high efficiency at their calculation by software and
hardware means.
So, for algorithms with roughly the same cryptoresistance, that are based on
the Boolean functions is executed thousands times faster than modern
public key algorithms.

View Slide

Outline
 Some History…
Cloud & IoT
Cyber Security
Cyber War

View Slide

Identification is one of the three base Problems of Information
Security
Information Security
Protection from
unauthorized data
access via
encryption
Data Integrity:
Digital Signature
Technology /hashing
Identification of
remote
subscribers

View Slide

As for the other two base tasks of the information security, the effectiveness of identification is
determined by a compromise between two criteria: by security level and by the volume of
available resources which is required for the implementation of the security functions
The efficiency of remote subscriber
identification schemes
Level of security
Amount of
computational
resources required for
the implementation of
the security functions
Efficiency of Remote Access

View Slide

Existing schemes for identification of remote users
Non strict identification based on
using of invariable (const)
passwords
Strict identification based on the Zero
Knowledge concept
The major
advantage:
High speed of
authentication
The main
disadvantage:
Low security
level
The major
advantage:
High level of
security
The main disadvantage:
existing realizations
demand long processing
times
Identification of Remote Users

View Slide

Cryptographically strict identification should provide
protection:
From external threats From internal threats
THE CONCEPT OF "ZERO KNOWLEDGE"
USER SYSTEM
The mechanism for
generating the "correct"
session passwords
The mechanism for
checking the
"correctness" of
session passwords
Session
password
The system itself is not capable of generating a
"correct" session password
The Concept of Zero Knowledge Identification

View Slide

Zero-Knowledge Identification
Tool for password
generation
User
Tool for checking of
user password
legitimacy
System
Password
The Concept of Zero Knowledge Identification (Continued)

View Slide

User System
Session password
generation
mechanism
Irreversible
mechanism for
validating the
password
Session
password
1/0

View Slide

Existing Zero-Knowledge Identification Schemes
FFSIS (Feige Fiat
Shamir Identification
Scheme)
Guillou-Quisquater
Identification Scheme
Schnorr Identification
Scheme
Based on analytically insoluble mathematical problem of number theory, namely:
discrete logarithmic calculations: find X given XE mod M = Y
To reduce the possibility of solving the equation XE mod M = Y by trial, the word
lengths of X, Y, M must be greater than or equal to 1024
The procedure for checking of user
password legitimacy requires long
processing times
The necessity of several cycles
of information exchange
between system and users

View Slide

Existing identification schemes that implement the concept
of "zero knowledge"
Feige Fiat Shamir Identification
Scheme (FFSIS)
Scheme Guillou-Quisquater Scheme
Schnorr
A2V mod M
Basic computing
operation AEBG mod M
Number of exchanges in
one session of
identification
18 - 22 3

View Slide

MAJOR FAILURE OF EXISTING SCHEMES OF
IMPLEMENTATION ZERO-KNOWLEDGE IDENTIFICATION
LOW IDENTIFICATION SPEED
Use of complex
multiplicative operations of
modular arithmetic, which
are performed on numbers
of large length 1024 or 2018
Use to identify multiple
cycles of data exchange
between the user and the
system
CAUSES

View Slide

NECESSITY OF ACCELERATING ZERO-KNOWLEDGE
IDENTIFICATION PROCEDURES
The most effective means of countering the
middle attack is multi repeated identification
within the interaction session
Increase the number of systems
with remote access working in
real time
Rapid growth in the number of
users of systems with remote
access

View Slide

Choosing two prime numbers p and q
Calculation m = p∙q
Selection v and v-1 such way that:
s2 mod m = v
d2 mod m = v-1
v∙v-1 mod m =1
m and v - Public key s – Private key
Exists d and s
Zero Knowledge Identification Scheme:
FFSIS: Private and Public key generation

View Slide

Verifies y∙y∙v mod m= x
Send y
Subscriber System
Randomly selected number r
Calculates x = r ∙r mod m
Send x to system Receives x
Calculates
y = r ∙ s mod m,
Randomly generates bit b
Send b
Send r
Verifies r ∙r mod m = x
if b=1
if b=0
1

 v
s
If subscriber possesses s that
y2v mod m = ( r2 s2)v mod m=…=r2 v-1v mod m = r2 mod m= х
Zero Knowledge Identification Scheme :
FFSIS : Identification Procedure

View Slide

Choosing two prime numbers p and q such that q being a factor of p-1
Choosing a such that a q mod p=1
Calculation v = a-s mod p
p and v - Public key s - Private key
Calculation -s = q-s
Randomly choosing sZero Knowledge Identification Scheme :
Schnorr Identification Schemes:Private and Public Key Generation

View Slide

Send y
Subscriber
System
Randomly selected
number r
Calculates
x = ar mod p
Send x to system
Receives
x
Calculates
y = (r+s∙e) mod q
Send e
Verifies
ay ∙ ve mod p= x
Randomly generates
number e
Schnoor Identification Procedure
Send y
Subscriber
System
Randomly selected
number r
Calculates
x = ar mod p
Send x to system
Receives
x
Calculates
y = (r+s∙e) mod q
Send e
Verifies
ay ∙ ve mod p= x
Randomly generates
number e

View Slide

Choosing two prime numbers p and q
J, m and v - Public key B - Private key
Choosing B such that
(J∙Bv) mod m =1
Calculation m = p∙q
Choosing open password J
Randomly choosing v
Zero Knowledge Identification Scheme
Guillou-Quisquater identification schemes:
Private and Public Key Generation

View Slide

Send D
Subscriber System
Randomly selected
number r
Calculates
T = rv mod m
Send T to system
Receives
T
Calculates
D = r∙Bd mod m
Send d
Verifies
Dv∙ Jd mod m= T
Randomly generates number
d
Guillou-Quisquater Identification Procedure

View Slide

Basic Calculations for Zero Knowledge
Identification Schemes
Schnorr schemes
Guillou-Quisquater
schemes
FFSIS
A2V mod M AEBG mod M
The high computational complexity of zero knowledge identification schemes is
the main reason that limits there of utility
Zero Knowledge Identification Scheme (Continued)

View Slide

Possible Approaches of Zero Knowledge Identification
Schemes Computational Complexity Decreasing
Using of Precomputation and Parallel Computation for
Decreasing of Computational Complexity of Modular
Reduction
Utilizing of Alternative Algebra
Operation in which have low
Computational Complexity
Working out Zero
Knowledge Identification
Schemes based on Boolean
Transformation
Zero Knowledge Identification Scheme (Continued)

View Slide

Outline
 Some History…
Cloud & IoT
Cyber Security
Cyber War

View Slide

Utilizing of Alternative Algebra Operation in which have Low
- Galois Fields Arithmetic
Possible Approaches of Zero Knowledge Identification Schemes
Computational Complexity Decreasing
Decreasing of Computational Complexity of Modular Reduction
Working out Zero Knowledge
Identification Schemes based on
Boolean Transformation

View Slide

Operation in Galois fields GF(2m)
Widespread use in modern cryptosystem
(Rijndael, Ellipse Curve Cryptosystems)
Addition - XOR ( denoted as  )
Multiplication
( denoted as AB rem M)
Multiplication without the inter-bit carry transfers
( denoted as AB)
Calculation of the remainder of the division of the
polynomial that corresponds to the number А by the
polynomial corresponding to M
(denoted as A rem M )
Exponentiation -
(denoted as AE rem M)
AE - exponentiation without carry:
AE = А  А  ...  А

View Slide

Basic Calculations for Zero Knowledge
Identification Schemes
Schnorr schemes Guillou-Quisquater schemes
FFSIS
A2V mod M AEBG mod M
AAV rem M AEBG rem M
Modification
In Galois field algebra
Galois Fields Arithmetic (Continued)

View Slide

Choosing prime polynomial P(x) =xn+1+xn+…+x+1 and corresponding number m.
For example for n=4: P(x)=x5+x4+1 and m=25
Arbitrarily choosing (n-1) bit length number  (=4)
Choosing d and s by such way that: d  s =   m  1. ( d =9 and s =13)
Calculating
v-1 =s s rem m
(v-1 =1313 rem 25=7)
Calculating
v=d  d rem m
(v =9  9 rem 25=7 )
vv-1 rem m =1
m and v - Public key s - Private key
Galois Fields Arithmetic
Modified FFSIS: Private and Public key generation

View Slide

Sent y
Subscriber
System
Randomly selected number r (r =10)
Calculates
x = r r rem m
(x = 1010 rem 25)=11
Sent x to system Receives
x =11
Calculates
y = r  s rem m,
y = (10 13 rem 25=15)
Randomly generates bit b
Sent b
Sent r
Verifies
r r rem m = x
if b=1
Verifies
yyv rem m= x
( 151514 rem 25= 11)
if b=0
Modified FFSIS : Identification procedure

View Slide

Choosing two prime polynomials P(x) and W(x) to which correspondent
numbers p and w ( for example P(x)=x5+x4+1 and W(x)=x5+x+1,
correspondently p=25 and w=19)
Choosing q and a such that aq rem p=1 (q=10; a=46)
Calculation v = a-s rem m
( v = 467 rem 443 =117 )
m and v – Public key s - Private key
Calculation -s = q-s
(-s=10-3=7 )
Randomly choosing sCalculating m = pw ( m=2519=443)
Modified Schnorr identification schemes:

View Slide

Verifies
ay ve rem m= x
(465  11729 rem 443= 85 )
Sent y=5
Subscriber
System
Randomly selected
number rCalculates
x = ar rem m,
(x = 468 rem 443=85)
Sent x to system Receives
x =85
Sent e =29
Randomly generates
number e (e=29)
Calculates
y = (r +s∙e) mod q,
(y = (8+329) mod 11=5)
Modified Schnoor Identification procedure

View Slide

J, m and v - public key B - private key
Choosing B(B=39) such that
(JBv ) rem m =1
(18395 rem 443=1)
Choosing open password J
(J=18)
Randomly choosing v
(v=5)
Choosing two prime polynomials P(x) and W(x) to which correspondent numbers p and w ( for
example P(x)=x5+x4+1 and W(x)=x5+x+1, correspondently p=25 and w=19)
Calculating m = pw ( m=2519=443)
Modified Guillou-Quisquater identification schemes:

View Slide

Sent D =187
Subscriber
System
Randomly selected number
r (r=22)
Calculates
T = rv rem m,
(T = 225 rem 443=159)
Sent T =159 Receives
T =159
Calculates
D = rBd rem m,
(D = 223928 rem43=187)
Sent d=28
Verifies
DvJd rem m= T
(18751828rem 443= 159 )
Randomly generates
number d (d=28)
Modified Guillou-Quisquater identification schemes:
Identification procedure

View Slide

The main potentialities of Galois fields arithmetic for
decreasing of computational complexity of basic operation
A2∙V mod m AE mod m
Not necessity to carry
processing
The specific property of
the square of the number A
without carry
This property states that “the even bits of the binary code are
equal to zero and the odd bits are identical to those of the
number А”.

View Slide

EXAMPE OF SQUARE OF 4-BIT LENGTH NUMBER WITHOUT CARRY
A = a
0
+ 2a
1
+ 4a
2
+ 8a
3
A  A = a
3
a
0
a
2
a
0
a
1
a
0
a
0
a
0
+ a
3
a
1
a
2
a
1
a
1
a
1
a
0
a
1
a
3
a
2
a
2
a
2
a
1
a
2
a
0
a
2
a
3
a
3
a
2
a
3
a
1
a
3
a
0
a
3
a
3
a
3
0 a
2
a
2
0 a
1
a
1
0 a
0
a
0
А  А = a
0
+ 4a
1
+ 16a
2
+ 64a
3

View Slide

ORGANIZATION OF YYV rem m CALCULATION
For Y=y1
+y2
∙2+…+yn
∙2n-1, where y1
,…,yn
{0,1} according to property of the square of the
number without carry:
YY = y1
+ y2
∙4 + y3
∙42 + …. + yn
∙4n-1 and
YY V = y1
∙V + y2
∙4∙V + y3
∙42∙V + …. + yn
∙4n-1∙V and
YY V rem m = y1
∙V rem m + y2
∙4∙V rem m + …. + yn
∙4n-1∙V rem m
Since V and m are components of public key it can consider as constants. It can be one time
calculated and stored in table:
T[1]= V T[2]= 4∙V rem m T[3]= 42∙V rem m … T[n]= 4n-1∙V rem m
Than YY V rem m = y1
∙T[1] + y2
∙T[2] + …. + yn
∙T[n]

View Slide

Estimation of the Effectiveness Software Implementation Modified
FFSIS in Galois Fields
s =k/w
w - processor bit length
k - number bit length
Time T
B
calculating Y2∙V mod m for Barret modular
multiplication algorithm:
T
B
 24∙(s2 + 2∙s)∙ ,  - processor cycle time
Time T calculating YYV rem m for proposed organization:
T  0.5∙k∙s∙

View Slide

Relationship of the implementation time in software implementation of the
original and modified FFSIS for k=1024
Processor
Word length w
Algorithm using the standard FFSIS approach for modular
multiplication
Classic:2T
c
/T Barrett : 2T
B
/T
8 12.3 12.3
16 6.3 6.2
32 3.3 3.2
64 1.8 1.7

View Slide

Organization of the Exponentiation YE rem m
in Galois Fields Calculation
R = YE rem m
j >= 0
e
j
= 1
R = 1
Basic exponentiation schema
j = k
R = RR rem m
R = RY rem m
Yes
j = j -1
Yes
if e
j-1
=1 and e
j
= 1
R
j+1
= R
j
2 Y rem m
if e
j-1
=0 and e
j
= 1
R
j+1
= R
j
4 Y rem m
if e
j-2
=0 and e
j-1
=0 and e
j
= 1
R
j+1
= R
j
8  Y rem m
if e
j-3
=0=e
j-2
and e
j-1
=0 and e
j
= 1
R
j+1
= R
j
16  Y rem m

View Slide

Number
of tables
2 3 5 8
7
6
4
9
10
11
12
 = Т0
/Te
– coefficient of acceleration
Results of Experimental Investigation of Exponentiation Acceleration
Dependence of Number Tables Pre-computations

View Slide

Relation between the implementation times for software of the original and
modified Schnorr and Guillou- Quisquater for k=1024
Processor Bits
T
M
/ T
m2
8 16 32 64
29 14.5 7.4 3.8
where T
M
- time for exponentiation AE mod m using Montgomery algorithm
T
m2
- time for exponentiation AE rem m in Galois
field using 4 tables precomputations

View Slide

Relation between the time for execution and the complexity of the scheme
with hardware implementation of the arithmetic and logic addition (in
packets for k=1024)
Efficiency
Criterion
Carry scheme for the arithmetic adder
Sequential Parallel
Time T
ASC
/T
XOR
=4.5k
(4608)
Т
APC
/ T
XOR
=1.5log
2
k (15)
Complexity S
ASC
/S
XOR
=6 S
APC
/S
XOR
=6k2 (6144)
where T
ASC
- actuation time for serial forming carry scheme
T
APC
- actuation time for parallel forming carry scheme
S
ASC
- number of logical elements for serial forming carry scheme
S
APC
- number of logical elements for parallel forming carry scheme

View Slide

Zero Knowledge Identification Schemes based on Boolean
Transformation

View Slide

A Scheme for the Deployment of the Proposed Boolean Transformation
for Zero-knowledge Identification (I)
REGISTRATION
Subscriber A System
Random selection of the secret
session passwords:
X1
, X2
, ...., Xm
Forming Boolean transformation FA
(X),
which is depended of the secret codes
X1
, X2
, ...., Xm
and UA
Transmission of the formed
transformation FA
(X) and UA
Storage of the secret codes
X1
, X2
, ...., Xm
Transmission of the
established program
for forming Boolean
transformations F(X)
and codes U
Storage the description
of the Boolean
transformation FA
(X)
and code UA

View Slide

A Scheme for the Deployment of the Proposed Boolean Transformation
for Zero-knowledge Identification (II)
IDENTIFICATION SESSION
Subscriber A System
Selection of one of the codes
X  {X1
, X2
, ...., Xm
}, and
elimination from the set of secret
codes
Transmission of selected code X
Reception of the code X
and calculation of Y =
F(X)
If Y= UA
then access to
the resources is allowed
and the reuse of X is
blocked

View Slide

X
x1
x2
… xk
xk+1
,…,x2k
x(h-1)k
,…,xn
u1
u2
… uk
uk+1
,…,u2k
u(h-1)k
,…,un
U
Operation of diffusion
and confluence
1
2
h
1
2
h
1
2
h
Operation of
nonlinear
transformation
confluence
h

View Slide

Comparative Estimation of the Time for Identification
(program implementation on a 64- bit processor)
FFSIS (Feige Fiat Shamir Identification
Scheme) for length 1024
Proposed method of Identification for
key length -256 and number of
fragments h=8
Required number
of cycles
exchange
32 1
Time for processing of the user code for
one cycle exchange
The realization of Boolean
transformation requires 512 commands
One cycle is carried out 165 times more rapidly
The fulfillment of 3 operations of modular
multiplication requires 84864 commands
The proposed method identification ensures a decrease by 5280 times of the
identification time in comparison with FFSIS
Experimental research it showed that a real acceleration of identification by 3 orders of
magnitude

View Slide

At the heart of any cryptographic transformation is an irreversible
transformation, that is, a transformation for which it is analytically
impossible to find the opposite
Irreversible transformations of
modular arithmetic
Irreversible Boolean
transformations
ARE USED
ADVANTAGES
Algorithms RSA, El-Gamal, DSS Algorithms DES, Rijndael, Hash -SHA,
Ripemd-160
High speed
The possibility of constructing complex
cryptographic structures
Zero Knowledge Identification Schemes based on Irreversible Boolean Transformation

View Slide

(Block Ciphers - ВС) Algorithm for encryption / decryption of a data
block D fixed length using a single key K.
ВС
Key К
С
D
ВС
Key К
С D
D=R(C,K).
Standardized cipher blocks certified by the relevant authorities:
Rijndael, DES, MARS, Serpend
C=F(D,K)

View Slide

1) The system send the user's identification code U
2) The user determines the number n Identification cycles
3) The user generates a random code pn
- Session password on the last, n-th
identification cycle. Index j is assigned a value n-1: j =n-1.
4) The user calculates qj
= F( j |U, pj
), where j | U - Concatenation of the identification
cycle number and identification code.
5) The user calculates pj-1
= F(pj
, qj
)
6) Index increment j: j = j-1. If j>0, Then it returns to the re-execution step.4.
7) The user sends the code p0
to the system.
8) Session Password Codes p0
, p1
,…,pn
stored in user memory.
Formal Description of the User Registration
Procedure

View Slide

User
System
BC
j
pj-1

R
U
U
BC
j =? j
U
pj-1
=? pj-1

U =?U
BC
BC
j+1
U
pj-+1
BC
j
U
BC
=? pj-1

pj

pj-
Figure 1 – Structure of cryptographic transformations performed at the j- th session of user authentication
Interaction of Authentication between System and Users

View Slide

User Registration Procedure
1) The system formulates randomly the user authentication code U.
2) The system encrypts the code U with user public key Kuo
: L = (U, Kuo
) where  - a public key algorithm like
RSA, with Kuo
– the public user key of algorithm , and sends to the user the code L.
3) The user receives from the system the code L and using his private key Kup
restores the code U=-1(L, Kup
).
4) The user defines the number n that represents the sequence number of the authentication cycle.
5) The user produces the random session password pn at the end of the nth authentication cycle. The index j
assumes the value n-1: j = n-1.
6) The user calculates qj = F( j|U, pj
), where j|U is the concatenation of the number of the authentication cycle
and the authentication code U.
7) The user calculates pj-1
= F(pj
, qj
)
8) The index j is decremented: j=j-1. If j>0, then return to step 6.
9) The user encrypts the code р0
using the key U: X = F(p0
, U) and sends the code X to the system.
10) The system according to the received code Х restores the code p0
: p0
=F(X,U) and saves it in memory.

View Slide

jth Cycle of User Authentication Procedure
1) Upon the user's request, the system generates a random code R. This code together with the
number j of the authentication cycle, previous session password pj-1
and code U encrypted by
the system using as identification key U of user: D = F( j |R | U | pj-1
, U) and the received code
D is sent to the user.
2) The user receives code D, decrypts it with private key U, restoring the values j , U , pj-1
, and R.
3) The user compares received codes j, U and pj-1
with the values that are stored in it: if j = j, U=U
and pj-1
= pj-1
, then confirms that the system knows the codes U, j and pj-1
, thus ensuring
interaction with the system.
For synchronization of system and users authentication cycle:
(a). If j  j , U U and pj-1
 pj-1
, then the user does not interact with system and session
authentication.
If j j, U=U and pj-1
pj-1
, then the user interacts with the system, but the synchronization of the
parameters has been lost.
(b) To restore the synchronization of identification parameters, the user determines =1+max( j, j).
Encrypts codes  and p with the key U: W=F(| p
, U) and the received code W send to the
system. Sets the identification session number j=+1.
System upon receipt the code W restores the values  and p
via the transformation F(W,U). Sets the
identification session number j=+1 and pj-1
=p
. After restoring the synchronization goes to step 4.
The user generates the code Qj
as XOR of jth session password pj
and the random code selected by
the system R: Qj
= pj
 R. The generated in this way code Qj
sent it to the system.
4) The system restores the value jth session password pj
: pj
= Qj
 R and calculates d = F( j|U, pj
).
The system calculates =F(pj
, d). If  = pj-1
, then the user authentication was successful and
access to system resources is permitted.

View Slide

Special Means for Resistant Against Middle Attack
User send Sequences of code
Fast identification
System Controlled
jth session with user
BC
u
Pd send BC
u
Pj ==

View Slide

Experiment Results of Comparing Performance Analysis Proposed
Scheme and Knows
Known Zero Knowledge
Schemes Acceleration Level
Software Implementation Hardware Implementation
FFSIS 2.3 103 ~ 105
Guillou-Quisquater 2.8 103 ~ 105
Schnorr 3.1 103 ~ 105
The basic reason for achieved accelerating consist of changing of
Algebraic basis: substitution modular arithmetic algebra by
Boolean Algebra

View Slide

Modular Arithmetic Operations for IoT and Cloud
Applications
Using of Pre-computation and Parallel Computation for

View Slide

Modular Arithmetic Operations for IoT and Cloud Applications
Secure Parallel Modular Exponentiation
The proposed technique for modular exponentiation is based on performing simple operations
on the user computational resources, shifting the complex operations to high performance
cloud resources and operates by separating the procedure for modular exponentiation
in two components.
An algorithm for the software implementation of modular multiplication is proposed, which
uses pre-computations with a constant modulus to reduce the computational load
imposed upon the processor. The developed modular multiplication algorithm provides
faster execution on low complexity hardware in comparison with the existing algorithms
and is oriented towards the variable value of the modulus, especially with the software
implementation on micro controllers and smart cards whose architectures include a small
number of bits
A potential attacker receives no information by intercepting the data existing in the cloud

View Slide

Τhe mathematical basis of the majority of public key algorithms is the modular exponentiation operation
AE mod M. In practice, using cryptography with a public key module M is part of the public key, E - is a
component of the private key, and A - is an informational component. Hence, the objective of hacking
is to obtain code E. The level of protection provided by such algorithms directly depends on the bit
depth n of numbers used in the operation of the modular exponentiation. In most practical applications,
bit depth is 1024, 2048 or 4096. Computational complexity of modular exponentiation is O(n2). This
means that while doubling the bit depth of used numbers, the amount of computation increases by
approximately four times. Thus, the computational complexity of the tests for exponent selection code is
of the order O(2n).
Ιncreasing of bit depth significantly slows down calculations, related to information security
functions. This situation may be overcome by using computing resources of cloud systems for
modular exponentiation, in such a manner that that when calculating the AE mod M, the secret
exponent E code and the processed number A are not disclosed.

View Slide

The basic modular arithmetic operation used within the context of information security
algorithms is modular multiplication, i.e., the calculation
R=AB mod M
The assumptions that need to be made are:
that the result R, coefficient A, multiplicand B and modulus M are n bit binary numbers,
that the most significant bit of the modulus is equal to 1, i.e. 2n-1M 2n
that the co-factors are lower than the modulus, i.e. A

View Slide

It is also assumed that the operation of modular multiplication is performed on a
k bit general purpose processor, microprocessor or micro-controller.
Consequently, each one of the numbers which participate in the operation of
modular multiplication can be represented in the form of s=n/k bit words:
 









 





1
0
1
0
1
0
2
,
2
,
2
s
j
s
j
k
j
j
s
j
k
j
j
k
j
j
m
M
b
B
a
A
where aj
, bj
, mj
are k bit words and j0,…,s-1.
R=AB mod M

View Slide

Elementary arithmetic considerations show that the product of two k – bit numbers
requires (2 ∙ k) – bits for its accurate representation. By denoting:
 qm
– the number of multiplications required
 tm
– the execution time needed for each command
 qa
– the number of additions required
 ta
- the execution time of each addition
the estimate for computational complexity of the particular software implementation
of the n bit modular multiplication is:
a
a
m
m
t
q
t
q 


If ratio of the execution times for the multiplication and addition commands on the
processor is w = tmul
/ta
,, then the execution time of the modular multiplication can be
represented as
)
( a
m
a
q
q
w
t 



View Slide

Algorithm 1: Classical scheme for word-by-word Modular Multiplication.
R=0;
for(i=0; iY=0;
for (j=0; jY+= (ai
*bj
)<R += Reduce(Y);
if (iB<<=k;
Reduce(B);
Reduce(R);








1
0
2
s
i
k
i
i
j
j
b
a
B
a
The operation of multiplication is performed on a word-by-word
basis. More specifically, the jth (j=0,… , s-1) of the k bit word of
the coefficient aj
is multiplied by shifting each of the s words of
multiplicand in B. The obtained products, which are 2∙k bits long,
are added, forming (n+k) bits, a result which is a partial
representation of the product shown in Equation.
Following this, the modular reduction of the partial expression is
carried out, obtaining jth partial residual Rj
= aj
B mod M. The
result of the modular multiplication R=AB mod M is formed as
the sum of the modular reductions of the partial expression of the
product: R=(R0
+R1
+…+Rs-1
)mod M.

View Slide

Acceleration of Modular Multiplication in Information Security
Τhe extensively popular RSA algorithm uses a complex procedure to obtain the three
numbers d, e and M with lengths n between 1024 and 2048 bits that satisfy the identity
AdeA
The process of the coding of the block A of a certain message consists of the calculation of
C=Ae mod M
and the decoding of block A is realized with the calculation of
A=Cd mod M
The pair of numbers composes the public key, while the pair composes the private key

View Slide

One of the above keys, depending on the protocol that the RSA uses, is public while the other one is
private.
The analysis of the practical use of an RSA algorithm shows that the keys change relatively rarely
so that with the use of the same key, tens of thousands of information blocks are processed.
This makes it possible to consider that in the process of computational implementation, the RSA key and
consequently the modulus are both in effect constant. Analogous reasoning can also be applied to a
number of other standardized information security algorithms that are widely applied in practice.

View Slide

The fact that the modulus M is constant makes it possible to simplify the calculation of modular
reduction in the multiplication process via the use of pre-computed results. Such pre-
computations depend only on the value of the modulus M and therefore they may be carried
out off-line and be recovered whenever there is a change of the modulus.
The results of the pre-computations can be stored in the tabular form in main memory and are
used repeatedly with each modular multiplication calculation.
In the modular multiplication implementation,
part of the computational resources is strictly used for the calculation of multiplication
and the
other part for the implementation of modular reduction

View Slide


View Slide

Outline
 Some History…
Cloud & IoT
Cyber Security
Cyber War

View Slide

Performance & Evaluation
TABLE OF REQUIRED CALCULATIONS AND CYCLES TABLE OF RELATIONSHIP WITH AES 256

View Slide

1. Bardis, Nikos G., et al. "Methods for increasing the efficiency of the remote user authentication in integrated systems." Trends in
Computer Science 12.1 (2003): 99-107.
2. Bardis, Nikolaos G., et al. "Two level efficient user authentication scheme." 4th IEEE International Conference on Digital
Ecosystems and Technologies. IEEE, 2010.
3. Stavroulakis, P., Markovskyi, O. P., Bardis, N. G., & Doukas, N. (2011, December). Efficient zero—Knowledge identification based
on one way Boolean transformations. In 2011 IEEE GLOBECOM Workshops (GC Wkshps) (pp. 275-280). IEEE.
4. Bardis, N. G., Markovskyi, O. P., Doukas, N., & Drigas, A. (2012, October). Fast implementation zero knowledge identification
schemes using the Galois Fields arithmetic. In 2012 IX International Symposium on Telecommunications (BIHTEL) (pp. 1-6). IEEE.
5. Doukas, Nikolaos, Nikolaos Bardis, and Oleksandr P. Markovskyi. "Authentication and Integrity in Streaming Video Transmission."
Mathematics and Computers in Science and Engineering Series 12 (2013).
6. Doukas, N., Drigas, A., Bardis, N. G., & Karadimas, N. V. (2013). Accessible secure information society applications via the use of
optimised cryptographic calculations. Journal of Applied Mathematics and Bioinformatics, 3(4), 181.
7. Bardis, Nikolaos. "Secure, green implementation of modular arithmetic operations for IoT and cloud applications." Green IT
Engineering: Components, Networks and Systems Implementation. Springer, Cham, 2017. 43-64.
8. Kolisnyk, M., Kharchenko, V., Piskachova, I., & Bardis, N. G. (2017). A Markov Model of IoT System Availability Considering DDoS
Attacks and Energy Modes of Server and Router. In ICTERI (pp. 699-712).
9. Bardis, Nikolaos G., Nikolaos Doukas, and Oleksandr P. Markovskyi. "Zero-Knowledge Identification Method Based on Block
Ciphers." 2017 International Conference on Control, Artificial Intelligence, Robotics & Optimization (ICCAIRO). IEEE, 2017.
10. Stavroulakis, P., Kolisnyk, M., Kharchenko, V., Doukas, N., Markovskyi, O. P., & Bardis, N. G. (2017, July). Reliability, Fault
Tolerance and Other Critical Components for Survivability in Information Warfare. In International Conference on E-Business and
Telecommunications (pp. 346-370). Springer, Cham.
11. Doukas, Nikolaos, Oleksandr P. Markovskyi, and Nikolaos G. Bardis. "Reliability, Fault Tolerance and Other Critical Components
for Survivability in Information Warfare." E-Business and Telecommunications: 14th International Joint Conference, ICETE 2017,
Madrid, Spain, July 24–26, 2017, Revised Selected Paper. Springer, 2019.
REFERENCES

View Slide

Remote Identification and Authentication for High Security Access in Multi User Systems

Remote Identification and Authentication for High Security Access in Multi User Systems

Exactpro
PRO

More Decks by Exactpro

Other Decks in Research

Featured

Transcript

Remote Identification and Authentication for High Security Access in Multi User Systems

Remote Identification and Authentication for High Security Access in Multi User Systems

Exactpro PRO

More Decks by Exactpro

Other Decks in Research

Featured

Transcript

Exactpro
PRO