Filetype
With the inclusion of external software components in their software, vendors also need to identify and evaluate vulnerabilities in the components they use. A growing number of external components makes this process more time-consuming, as vendors need to evaluate the severity and applicability of published vulnerabilities. The CVSS score is used to rank the severity of a vulnerability, but in its
With the inclusion of external software components in their software, vendors also need to identify and evaluate vulnerabilities in the components they use.A growing number of external components makes this process more time-consuming, as vendors need to evaluate the severity and applicability of published vulnerabilities.The CVSS score is used to rank the severity of a vulnerability, but in its s
The market of connected devices, IoT devices in particular, is hotter than ever. Today, lightweight IoT devices are used in several sectors, such as smart cities, smart homes, healthcare, and the manufacturing industry.IoT solutions help increase productivity by predictive maintenance and resource management in the industry. Devices with voice interfaces are spreading rapidly in the home automatio
This paper addresses the need for secure storage in virtualized services in the cloud. To this purpose, we evaluate the security properties of Intel's Software Guard Extensions (SGX) technology, which provides hardware protection for general applications, for securing virtual Hardware Security Modules (vHSM). In order for the analysis to be comparable with analyses of physical HSMs, the evaluation
It is well known that load balancing in data centers can lead to unnecessary energy usage if all servers are kept active. Usingdynamic server provisioning, the number of servers that serve requests can be reduced by turning off idle servers and thereby savingenergy. However, such a scheme, usually increases the risk of instability of server queues. In this work, we analyze the trade-offbetween ene
Side-channel attacks on cryptographic algorithms targets the implementation of the algorithm. Information can leak from the implementation in several different ways and, in this paper, electromagnetic radiation from an FPGA is considered. We examine to which extent key information from an AES implementation can be deduced using a low-end oscilloscope. Moreover, we examine how the antenna's distanc
Grain-128AEAD is a stream cipher supporting authenticated encryptionwith associated data, and it is currently in round 2 of the NIST lightweight cryptostandardization process. In this paper we present and benchmark software implementations of the cipher, targeting constrained processors. The processors chosen arethe 8-bit (AVR) and 16-bit (MSP) processors used in the FELICS-AEAD framework.Both hig
In the implementation of post-quantum primitives, it is well known that all computations that handle secret information need to be implemented to run in constant time. Using the Fujisaki-Okamoto transformation or any of its different variants, a CPA-secure primitive can be converted into an IND-CCA secure KEM. In this paper we show that although the transformation does not handle secret informatio
The Learning with Errors (LWE) problem is one of the main mathematical foundations of post-quantum cryptography. One of the main groups of algorithms for solving LWE is the Blum-Kalai-Wasserman (BKW) algorithm. This paper presents new improvements for BKW-style algorithms for solving LWE instances. We target minimum concrete complexity and we introduce a new reduction step where we partially reduc
Cryptography as it is used today relies on a foundational level on the assumptionthat either the Integer Factoring Problem (IFP) or the DiscreteLogarithm Problem (DLP) is computationally intractable. In the 1990s PeterShor developed a quantum algorithm that solves both problems in polynomialtime. Since then alternative foundational mathematical problems to replace IFPand DLP have been suggested. T
Smart vision sensor systems enable many computer vision applications such as autonomous drones and wearable devices. These battery-powered gadgets have very stringent power consumption requirements. Close-to-sensor feature extraction compressing the full image into descriptive keypoints, is crucial as it allows for several design optimizations. First, the amount of necessary on-chip memory can be
Organizations and individuals maintain and use an ever increasing amount of computer systems, either deployed locally, or in the cloud.These systems often store and handle vast amounts of data, some of which is sensitive and should be kept private.Regardless of where the data is located, there is a need to prevent data from falling into the wrong hands.To this end, this dissertation presents contr
Vehicle traffic management is becoming more complex due to increased traffic density in cities. Novel solutions are necessary for emergency vehicles, which despite growing congestion must be able to quickly reach their destination. Emergency vehicles are usually equipped with transmitters to control the traffic lights on their path and warn other vehicles with sirens. Transmitters are operated man
We study the notion of anonymous credentials with Publicly Auditable Privacy Revocation (PAPR). PAPR credentials simultaneously provide conditional user privacy and auditable privacy revocation. The first property implies that users keep their identity private when authenticating unless and until an appointed authority requests to revoke this privacy, retroactively. The second property enforces th
Properties of the Grain-128AEAD key re-introduction, as part of the cipher initialization, are analyzed and discussed. We consider and analyze several possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seems favorable to separate the state initialization, the key re-introduction, and the A/R register initialization into
Weaknesses in the Grain-128AEAD key re-introduction, as part of thecipher initialization, are analyzed and discussed. We consider and analyzeseveral possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seemsfavorable to separate the state initialization, the key re-introduction, andthe A/R register initialization into thr
