Aymen Boudguiga

Significantly improved performances of the cryptographically generated addresses thanks to ECC and GPGPU

Cryptographically Generated Addresses (CGA) are today mainly used with the Secure Neighbor Discovery Protocol (SEND). Despite CGA generalization, current standards only show how to construct CGA with the RSA algorithm and SHA-1 hash function. This limitation may prevent new usages of CGA and SEND in mobile environments where nodes are energy and storage limited. In this paper, we present the results of a performance and security study of the CGA and SEND. To significantly improve the performances of the CGA, we investigate first replacing RSA with ECC (Elliptic Curve Cryptography) and ECDSA (Elliptic Curve DSA), and second using the General-Purpose computing on Graphical Processing Units (GPGPU). Finally, a performance comparison between different hash algorithms (SHA-256, WHIRLPOOL,...) allows to prepare a better transition for the CGA when SHA-1 will be deprecated.

ID Based Cryptography for Cloud Data Storage

This paper addresses the security issues of storing sensitive data in a cloud storage service and the need for users to trust the commercial cloud providers. It proposes a cryptographic scheme for cloud storage, based on an original usage of ID-Based Cryptography. Our solution has several advantages. First, it provides secrecy for encrypted data which are stored in public servers. Second, it offers controlled data access and sharing among users, so that unauthorized users or untrusted servers cannot access or search over data without clients authorization.

An ID-based authentication scheme for the IEEE 802.11s Mesh Network

Nowadays authentication in Wireless Mesh Networks (WMN) refers to the 802.1X authentication methods or a Preshared key authentication, and makes use of certificates or shared secrets. In wireless environments, management of certificates is disadvantageous. Certificates require deploying a Public Key Infrastructure (PKI) and Certification Authorities (CA) and they require defining a certificate management policy to control the generation, transmission and revocation of certificates. Management of certificates is a cumbersome task and does not match the limited (power and memory) resources available at wireless nodes. Moreover it does not match the non permanent connectivity to CA. In this paper, we propose an ID-based method, as an alternative to the PKI, to provide nodes with private and public keys, and we present an authentication scheme that uses the ID-based cryptographic concepts. As illustrated in the paper, the authentication scheme is shown as suitable to the WMN networks.

Key-escrow resistant ID-based authentication scheme for IEEE 802.11s mesh networks

Nowadays, ID-based cryptography is reported as an alternative to Public Key Infrastructures (PKI). It proposes to derive the public key from the nodes identity directly. As such, there is no need for public key certifcates, and direct beneft of this is to remove the burdensome management of certifcates. However, the drawback is the need for a Private Key Generator (PKG) entity which can perform a key escrow attack. In this article, we present an ID-based authentication scheme that is adapted to the IEEE 802.11s mesh networks and resistant against key escrow attacks.

A simple intrusion detection method for controller area network

The Controller Area Network (CAN) is established as the main communication channel inside vehicles. CAN relies on frame broadcast to share data between different microcontrollers managing critical or comfort functions such as cruise control or air conditioning. CAN is distinguished by its simplicity, its real-time application compatibility and its low deployment cost. However, CAN major drawback is its lack of security support. That is, CAN fails to provide protections against attacks such as intrusion, denial of service or impersonation. We propose in this work a simple intrusion detection method for CAN. Our main idea is to make each microcontroller monitor the CAN bus to detect malicious frames.