DOCSLIB.ORG

Articulo Final Omar Perez

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Working from Home and Data Protection Omar A. Pérez Master in Computer Science Dr. Jeffrey Duffany Electrical and Computer Engineering and Computer Science Department Polytechnic University of Puerto Rico Abstract ⎯ Thanks to the pandemic the new order If the human has been trying to secure is working from home. When you work from the massages since Egypt nowadays with all the office the security of the data is responsibility of technological advance, easy communication, you as employee and the corporation to provide a Internet, emails, cloud storage, etc. is very safe network. Maybe you see it but working from important to keep your data safe. Beyond the home you have a lot of responsibility to keep that obvious benefit of protecting private information data save no matter what. Imagen working for a from being stolen or compromised, encryption also company that is building a Top-Secret Jet and you provides a means of proving that information is are just happy working from home and sending this authentic and comes from the point of origin it information using an unsecure method and claims to come from. It can be used to verify the someone managed to get that information. In the origin of a message and confirm that it hasn't been next couple of months, you will see a “great value” altered during transmission [3]. In this project we jet from another country and probably you will get are going to talk about encryption methods as fired. Working from home you have more asymmetric, symmetric and hybrid encryption. responsibility to keep the data and network secure The History of Encryption all the time. Key Terms ⎯ Asymmetric key, Cryptography, The Caesar cipher, also called a Caesar shift, Decryption, Encryption, Hybrid Encryption, Public gets its name from Julius Caesar, who occasionally Key, Symmetric Key. used this encoding method in his own private messages. As one of the most basic encryption INTRODUCTION techniques, the Caesar cipher works by replacing each letter in the original plaintext message with a Since the beginning of the times when people different letter based off a fixed shift of the started to communicate, they looked a way to hide alphabet (figure 1). the message from another person, enemy, country etc. Since then at war armies have been trying to keep any information they share from the enemy because this can be the leverage between winning or lost. If you share a battle strategic and your enemy managed to intercept the message, then the enemy have the advantage. There are several possibilities to exactly how encryption first started, but it is known that it did start in ancient Egypt. Figure 1 One of the beliefs of how encryption started is that Caesar cipher the Egyptians wished to preserve the secrecy of the religious rituals from the casual observer or another To encode a secret message using a Caesar reason is it might have been a political move to shift of 7 to the right. First, we create our promote their religion [1]. But Julius Caesar was substitution table by printing the alphabet followed the first person to use the encryption for military by the alphabet shifted 7 places to the right. purposes. Original: building block of data security and is the simplest ABCDEFGHIJKLMNOPQRSTUVWXYZ and most important way to ensure a computer Shifted: system's information can't be stolen and read by TUVWXYZABCDEFGHIJKLMNOPQRS someone who wants to use it for nefarious means. Next, we take each letter of our plaintext Utilized by both individual users and large message and replace it with its corresponding letter corporations, encryption is widely used on the in the shifted alphabet. internet to ensure the sanctity of user information Plaintext: that's sent between a browser and a server. That THISISASECRETMESSAGEBURNAFTERREA information could include everything from payment DING data to personal information. Firms of all sizes Ciphertext: typically use encryption to protect sensitive data on MABLBLTLXVKXMFXLLTZXUNKGTYMXK their servers and databases [3]. KXTWBGZ [2] With the rise of computers, cryptography To revert the encoded message back into its reached much higher levels of progress than in the readable plaintext form, the recipient must re-create analog age. 128-bit mathematical encryption, much the substitution table using the appropriate shift and stronger than any ancient or medieval encryption, is then substitute each encoded character with its now the standard for many sensitive devices and original character, according to the shift [2]. computer systems. In 1990, a whole new form of Cryptographic science would continue to cryptography, dubbed quantum cryptography, progress in the following centuries. A remarkable would be launched by computer scientists who advance in cryptography would be described, but hoped to once again raise the level of protection perhaps never built, by Thomas Jefferson in the offered by modern encryption. 1790s. His invention, known as a cipher wheel, More recently, cryptographic techniques have consisted of 36 letter rings on movable wheels, also been used to make cryptocurrencies possible. which could be used to achieve complex coding. Cryptocurrencies take advantage of several This concept was so advanced that it would serve as advanced cryptographic techniques such as hash the basis for American military cryptography until functions, public key cryptography, and digital World War II. signatures. These techniques are mainly used to World War II would bring with it the perfect ensure the security of data stored in blockchains example of analog cryptography: The Enigma and to authenticate transactions. A specialized form machine. Like the encryption wheel, this device, of cryptography, called the Elliptic Curve Digital employed by the Axis powers, used rotating wheels Signature Algorithm (ECDSA), serves as a prop to to encrypt a message - making it virtually Bitcoin and other cryptocurrency systems, by impossible to read without another Enigma providing supplemental security and ensuring that machine. Early forms of computer technology funds can only be used by their rightful owners. would be employed to eventually help break Cryptographic Usage Enigma's encryption. The successful decryption of Enigma messages is still considered a critical • Confidentiality: Keep information secret from component of the subsequent Allied victory. everyone except for those who have access authorization. Computers and Cryptography • Integrity: Ensure that the data hasn’t been In the computing world, encryption is the altered. conversion of data from a readable format into an • Message Authentication: Confirm the source encoded format that can only be read or processed of the message. after it's been decrypted. Encryption is the basic • Identification: Check the identity of the entity. • Digital signature: Verify entity with the symmetric keys must be created using an RNG that message. is certified according to industry standards, such • Certification: Approval of certain information as FIPS 140-2 [4]. by a trusted entity Some examples of symmetric encryption • Anonymity: Hide the identity of an entity algorithms are: involved in some process. • AES (Advanced Encryption Standard) • Revocation: Withdraw from any certification • DES (Data Encryption Standard) or authorization. • IDEA (International Data Encryption • Disavowal: Prevent the denial of previous Algorithm) • Blowfish (Drop-in replacement for DES or agreements or actions. IDEA) • RC4 (Rivest Cipher 4) SYMMETRIC KEY ENCRYPTION • RC5 (Rivest Cipher 5) • RC6 (Rivest Cipher 6) Symmetric encryption (figure 2) is a type of encryption where only one key (a secret key) is AES, DES, IDEA, Blowfish, RC5 and RC6 are used to both encrypt and decrypt electronic block ciphers. RC4 is stream cipher. information. The entities communicating via Advantages of Symmetric Encryption symmetric encryption must exchange the key so • A symmetric system is faster. that it can be used in the decryption process. This • Symmetric systems the encrypted data can be encryption method differs from asymmetric transferred on the link even if there is a encryption where a pair of keys, one public and one possibility that the data will be intercepted. private, is used to encrypt and decrypt messages Since there is no key transmitted with the data, [4]. the chances of data being decrypted are null. • The Symmetric System uses a password for the authentication to verify the receiver identity. • The system that has the secret keys is the only one capable of decrypt the message [6]. Disadvantages of Symmetric Encryption • Symmetric cryptosystems have a problem of Figure 2 key transportation. The secret key is to be Symmetric encryption transmitted to the receiving system before the actual message is to be transmitted. Every By using symmetric encryption algorithms, means of electronic communication is insecure data is converted to a form that cannot be as it is impossible to guarantee that no one will understood by anyone who does not possess the be able to tap communication channels. The secret key to decrypt it. Once the intended recipient only secure way of exchanging keys would be who possesses the key has the message, the exchanging them personally. algorithm reverses its action so that the message is • Cannot provide digital signatures that cannot returned to its original and understandable form. be repudiated [6]. The secret key that the sender and recipient both use could be a specific password/code or it can be ASYMMETRIC KEY ENCRYPTION random string of letters or numbers that have been generated by a secure random number generator Asymmetrical encryption (figure 3) is also (RNG). For banking-grade encryption, the known as public key cryptography, which is a relatively new method, compared to symmetric keys do not ever need to be transmitted or encryption. Asymmetric encryption uses two keys revealed to anyone. to encrypt a plain text. Secret keys are exchanged • Can provide digital signatures that can be over the Internet or a large network. It ensures that repudiated [6]. malicious persons do not misuse the keys.
Recommended publications
  • Cryptography

    Cryptography

    Pattern Recognition and Applications Lab CRYPTOGRAPHY Giorgio Giacinto [email protected] University of Cagliari, Italy Spring Semester 2019-2020 Department of Electrical and Electronic Engineering Cryptography and Security • Used to hide the content of a message • Goals – Confidentiality – Authenticity – Integrity • The text is modified by an encryption function – An interceptor should not be able to understand all or part of the message content http://pralab.diee.unica.it 2 Encryption/Decryption Process Key Key (Optional) (Optional) Original Plaintext Encryption Ciphertext Decryption Plaintext http://pralab.diee.unica.it 3 Keys and Locks http://pralab.diee.unica.it 4 Keys L F A Y B D E T C A R C S E E T Y H G S O U S U D H R D F C E I D B T E M E P Q X N R C I D S F T U A E T C A U R M F N P E C J N A C R D B E M K C I O P F B E W U X I Y M C R E P F N O G I D C N T M http://pralab.diee.unica.it 5 Keys L F A Y B D E T C A R C S E E T Y H G S O U S U D H R D F C E I D B T E M E P Q X N R C I D S F T U A E T C A U R M F N P E C J N A C R D B E M K C I O P F B E W U X I Y M C R E P F N O G I D C N T M http://pralab.diee.unica.it 6 Steganography - = http://pralab.diee.unica.it https://towardsdatascience.com/steganography-hiding-an-image-inside-another-77ca66b2acb1 7 Definitions • Cryptography algorithm C = E(K,M) A function E with two inputs – a message M – a key K that outputs – the encrypted message C The algorithm is based on a shared secret between the sender and the receiver K The Encryption Key http://pralab.diee.unica.it 8 Symmetric
  • N2N: a Layer Two Peer-To-Peer VPN

    N2N: a Layer Two Peer-To-Peer VPN

    N2N: A Layer Two Peer-to-Peer VPN Luca Deri1, Richard Andrews2 ntop.org, Pisa, Italy1 Symstream Technologies, Melbourne, Australia2 {deri, andrews}@ntop.org Abstract. The Internet was originally designed as a flat data network delivering a multitude of protocols and services between equal peers. Currently, after an explosive growth fostered by enormous and heterogeneous economic interests, it has become a constrained network severely enforcing client-server communication where addressing plans, packet routing, security policies and users’ reachability are almost entirely managed and limited by access providers. From the user’s perspective, the Internet is not an open transport system, but rather a telephony-like communication medium for content consumption. This paper describes the design and implementation of a new type of peer-to- peer virtual private network that can allow users to overcome some of these limitations. N2N users can create and manage their own secure and geographically distributed overlay network without the need for central administration, typical of most virtual private network systems. Keywords: Virtual private network, peer-to-peer, network overlay. 1. Motivation and Scope of Work Irony pervades many pages of history, and computing history is no exception. Once personal computing had won the market battle against mainframe-based computing, the commercial evolution of the Internet in the nineties stepped the computing world back to a substantially rigid client-server scheme. While it is true that the today’s Internet serves as a good transport system for supplying a plethora of data interchange services, virtually all of them are delivered by a client-server model, whether they are centralised or distributed, pay-per-use or virtually free [1].
  • Security & Savings with Virtual Private Networks

    Security & Savings with Virtual Private Networks

    Everybody’s connecting. Security & Savings with Virtual Private Networks In today’s New Economy, small businesses that might have dealt with just local or regional concerns now have to consider global markets and logistics. Many companies even have facilities spread across the country or throughout the world. At the same time security concerns of their network from hackers, Denial-of-Service (DoS) attacks and sending data over the Internet have become more widespread. Whether companies have a local, national, or global presence, they all need one thing: a way to maintain fast, secure, and reliable communications wherever their offices and workers are located. Until recently, such communications were only available by using leased telephone lines to maintain a Wide Area Network (WAN). Leased lines enabled companies to expand their private network beyond their immediate geographic area. Moreover, a WAN provided advantages over a public network like the Internet when it came to reliability, performance, and security. Unfortunately, leased lines are expensive to maintain, with costs rising as the distance between the offices increases. As the popularity of the Internet grew, businesses turned to it as a cost-effective way to extend their networks. The continuing popularity with the Internet has led to the evolution of Virtual Private Networks (VPNs). A VPN is a connection that allows private data to be sent securely over a shared or public network, such as the Internet. In fact, one of the driving forces behind VPNs is the Internet and its global presence. With VPNs, communication links between users and sites can be achieved quickly, inexpensively, and safely across the world.
  • Crypto Wars of the 1990S

    Crypto Wars of the 1990S

    Danielle Kehl, Andi Wilson, and Kevin Bankston DOOMED TO REPEAT HISTORY? LESSONS FROM THE CRYPTO WARS OF THE 1990S CYBERSECURITY June 2015 | INITIATIVE © 2015 NEW AMERICA This report carries a Creative Commons license, which permits non-commercial re-use of New America content when proper attribution is provided. This means you are free to copy, display and distribute New America’s work, or in- clude our content in derivative works, under the following conditions: ATTRIBUTION. NONCOMMERCIAL. SHARE ALIKE. You must clearly attribute the work You may not use this work for If you alter, transform, or build to New America, and provide a link commercial purposes without upon this work, you may distribute back to www.newamerica.org. explicit prior permission from the resulting work only under a New America. license identical to this one. For the full legal code of this Creative Commons license, please visit creativecommons.org. If you have any questions about citing or reusing New America content, please contact us. AUTHORS Danielle Kehl, Senior Policy Analyst, Open Technology Institute Andi Wilson, Program Associate, Open Technology Institute Kevin Bankston, Director, Open Technology Institute ABOUT THE OPEN TECHNOLOGY INSTITUTE ACKNOWLEDGEMENTS The Open Technology Institute at New America is committed to freedom The authors would like to thank and social justice in the digital age. To achieve these goals, it intervenes Hal Abelson, Steven Bellovin, Jerry in traditional policy debates, builds technology, and deploys tools with Berman, Matt Blaze, Alan David- communities. OTI brings together a unique mix of technologists, policy son, Joseph Hall, Lance Hoffman, experts, lawyers, community organizers, and urban planners to examine the Seth Schoen, and Danny Weitzner impacts of technology and policy on people, commerce, and communities.
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

    Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
  • Analysis of Recent Attacks on Ssl/Tls Protocols A

    Analysis of Recent Attacks on Ssl/Tls Protocols A

    ANALYSIS OF RECENT ATTACKS ON SSL/TLS PROTOCOLS A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF APPLIED MATHEMATICS OF MIDDLE EAST TECHNICAL UNIVERSITY BY DUYGU OZDEN¨ IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN CRYPTOGRAPHY SEPTEMBER 2016 Approval of the thesis: ANALYSIS OF RECENT ATTACKS ON SSL/TLS PROTOCOLS submitted by DUYGU OZDEN¨ in partial fulfillment of the requirements for the de- gree of Master of Science in Department of Cryptography, Middle East Technical University by, Prof. Dr. Bulent¨ Karasozen¨ Director, Graduate School of Applied Mathematics Prof. Dr. Ferruh Ozbudak¨ Head of Department, Cryptography Assoc. Prof. Dr. Murat Cenk Supervisor, Cryptography, METU Examining Committee Members: Assoc. Prof. Dr. Murat Cenk Cryptography, METU Assoc. Prof. Dr. Ali Doganaksoy˘ Mathematics, METU Asst. Prof. Dr. Fatih Sulak Mathematics, ATILIM UNIVERSITY Date: I hereby declare that all information in this document has been obtained and presented in accordance with academic rules and ethical conduct. I also declare that, as required by these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. Name, Last Name: DUYGU OZDEN¨ Signature : v vi ABSTRACT ANALYSIS OF RECENT ATTACKS ON SSL/TLS PROTOCOLS Ozden,¨ Duygu M.S., Department of Cryptography Supervisor : Assoc. Prof. Dr. Murat Cenk September 2016, 46 pages Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems.
  • Cryptographic Control Standard, Version

    Cryptographic Control Standard, Version

    Nuclear Regulatory Commission Office of the Chief Information Officer Computer Security Standard Office Instruction: OCIO-CS-STD-2009 Office Instruction Title: Cryptographic Control Standard Revision Number: 2.0 Issuance: Date of last signature below Effective Date: October 1, 2017 Primary Contacts: Kathy Lyons-Burke, Senior Level Advisor for Information Security Responsible Organization: OCIO Summary of Changes: OCIO-CS-STD-2009, “Cryptographic Control Standard,” provides the minimum security requirements that must be applied to the Nuclear Regulatory Commission (NRC) systems which utilize cryptographic algorithms, protocols, and cryptographic modules to provide secure communication services. This update is based on the latest versions of the National Institute of Standards and Technology (NIST) Guidance and Federal Information Processing Standards (FIPS) publications, Committee on National Security System (CNSS) issuances, and National Security Agency (NSA) requirements. Training: Upon request ADAMS Accession No.: ML17024A095 Approvals Primary Office Owner Office of the Chief Information Officer Signature Date Enterprise Security Kathy Lyons-Burke 09/26/17 Architecture Working Group Chair CIO David Nelson /RA/ 09/26/17 CISO Jonathan Feibus 09/26/17 OCIO-CS-STD-2009 Page i TABLE OF CONTENTS 1 PURPOSE ............................................................................................................................. 1 2 INTRODUCTION ..................................................................................................................
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s
  • Dell EMC Unity: Data at Rest Encryption a Detailed Review

    Dell EMC Unity: Data at Rest Encryption a Detailed Review

    Technical White Paper Dell EMC Unity: Data at Rest Encryption A Detailed Review Abstract This white paper explains the Data at Rest Encryption feature, which provides controller-based encryption of data stored on Dell EMC™ Unity storage systems to protect against unauthorized access to lost or stolen drives or system. The encryption technology as well as its implementation on Dell EMC Unity storage systems are discussed. June 2021 H15090.6 Revisions Revisions Date Description May 2016 Initial release – Unity OE 4.0 July 2017 Updated for Unity OE 4.2 June 2021 Template and format updates. Updated for Unity OE 5.1 Acknowledgments Author: Ryan Poulin The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. This document may contain certain words that are not consistent with Dell's current language guidelines. Dell plans to update the document over subsequent future releases to revise these words accordingly. This document may contain language from third party content that is not under Dell's control and is not consistent with Dell's current guidelines for Dell's own content. When such third party content is updated by the relevant third parties, this document will be revised accordingly. Copyright © 2016-2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc.
  • Encryption in SAS 9.4, Sixth Edition

    Encryption in SAS 9.4, Sixth Edition

    Encryption in SAS® 9.4, Sixth Edition SAS® Documentation July 31, 2020 The correct bibliographic citation for this manual is as follows: SAS Institute Inc. 2016. Encryption in SAS® 9.4, Sixth Edition. Cary, NC: SAS Institute Inc. Encryption in SAS® 9.4, Sixth Edition Copyright © 2016, SAS Institute Inc., Cary, NC, USA All Rights Reserved. Produced in the United States of America. For a hard copy book: No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, or otherwise, without the prior written permission of the publisher, SAS Institute Inc. For a web download or e-book: Your use of this publication shall be governed by the terms established by the vendor at the time you acquire this publication. The scanning, uploading, and distribution of this book via the Internet or any other means without the permission of the publisher is illegal and punishable by law. Please purchase only authorized electronic editions and do not participate in or encourage electronic piracy of copyrighted materials. Your support of others' rights is appreciated. U.S. Government License Rights; Restricted Rights: The Software and its documentation is commercial computer software developed at private expense and is provided with RESTRICTED RIGHTS to the United States Government. Use, duplication, or disclosure of the Software by the United States Government is subject to the license terms of this Agreement pursuant to, as applicable, FAR 12.212, DFAR 227.7202-1(a), DFAR 227.7202-3(a), and DFAR 227.7202-4, and, to the extent required under U.S.
  • Dynamic Cryptographic Hash Functions

    Dynamic Cryptographic Hash Functions

    Dynamic Cryptographic Hash Functions William R. Speirs II and Samuel S. Wagstaff, Jr. Center for Education and Research in Information Assurance and Security (CERIAS) Department of Computer Sciences, Purdue University Abstract. We present the dynamic cryptographic hash function, a new type of hash function which takes two parameters instead of one. The additional parameter, the security parameter, specifies the internal work- ings and size of the digest produced. We provide a formal definitions for a dynamic cryptographic hash function and for the traditional security properties, modified for dynamic hash functions. Two additional prop- erties, security parameter collision resistance and digest resistance, are also defined. The additional properties are motivated by scenarios where a dynamic hash functions more cleanly provides a solution to a typical cryptographic problem. Keywords: Hash function, dynamic hash function, security parameter. 1 Introduction In this paper we introduce a new type of cryptographic hash function that is a natural extension of traditional hash functions. We call this new type of hash function a dynamic hash function. Dynamic hash functions take a second input, besides the message, that specifies the level of security required from the func- tion. By changing the security parameter the function dynamically changes the way a digest is computed, hence the reason for the name. The change might be as simple as changing the number of rounds used for processing a message block or the size of the output of the function. Requiring a hash function to have a security parameter is advantageous for a number of reasons. First, it allows designers to more easily test functions by scaling down the number of rounds to a manageable number and then launching attacks against this reduced version.
  • Modern End-To-End Encrypted Messaging for the Desktop

    Modern End-To-End Encrypted Messaging for the Desktop

    Die approbierte Originalversion dieser Diplom-/ Masterarbeit ist in der Hauptbibliothek der Tech- nischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Modern End-to-End Encrypted Messaging for the Desktop DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering and Internet Computing eingereicht von Richard Bayerle Matrikelnummer 1025259 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Mitwirkung: Dr. Martin Schmiedecker Wien, 2. Oktober 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Modern End-to-End Encrypted Messaging for the Desktop DIPLOMA THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering and Internet Computing by Richard Bayerle Registration Number 1025259 to the Faculty of Informatics at the TU Wien Advisor: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Assistance: Dr. Martin Schmiedecker Vienna, 2nd October, 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Erklärung zur Verfassung der Arbeit Richard Bayerle Seestraße 67 78315 Radolfzell am Bodensee Deutschland Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die verwen- deten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit – einschließlich Tabellen, Karten und Abbildungen –, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe.