-
Notifications
You must be signed in to change notification settings - Fork 2
/
README
149 lines (105 loc) · 8.79 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
The goal of this project is to develop a Cryptographic Toolkit for common applications of cryptography techniques in distributed embedded control systems.
1) Stream ciphers:
-----------------
EXP[1] Danger with many time pad stream cipher: Problem with using the same stream cypher key multiple times.
- CypherText.py: This script will help you to generate keys and cypher texts
- CryptoUtils.py: This script will provide you tools and experiments to analyse the cypher.
EXP[2] Brute-force attack or exhaustive key search: Analyze a weak PRG whose output can be predicted in roughly 2^28 time.
- WeakPRG.py: With random seeds, each 28 bits, this algorithm will output 9 psuedo-random numbers.
- BreakPRG.py: This experiment will predict it's 10th output in roughly 2^28 time.
2) Block ciphers:
-----------------
EXP[3] Generic birthday attack - SHA-256 case study: Collision resistence is necesary for security (Message Integrity)
Let H:M→{0,1}^n be a hash function (|M| >> 2^n). There is an algorithm to find a collision in time O(2^(n/2)) hashes.
- GenericBirthDayAttack.py: Consider the hash function obtained by truncating the output of SHA-256 to 50 bits, say H(x)=LSB50(SHA256(x)), that is we drop all but the right most 50 bits of the output. Our goal is to implement a generic birthday attack to find a collision on this hash function. Find two strings x≠y such that LSB50(SHA256(x))=LSB50(SHA256(y)).
EXP[4] Meet in the middle attack: Compute discrete log modulo a prime p.
Let g be some element in Zp* (Set of invertible evlements in Zp = {0,1,2...,p-1}) and suppose we are given h in Zp∗
such that h=g^x where 1≤x≤2^40. Our goal is to find x! We will use meet in the middle attack to find x.
Let B=2^20. Since x is less than B2 we can write the unknown x base B as x=x0*B+x1 where x0,x1 are in the range [0,B−1].
Then,
h=g^x=g^(x0*B+x1)=(g^B)^x0 * g^x1 in Zp.
By moving the term g^x1 to the other side we obtain,
h/g^x1=(g^B)^x0 in Zp. From this equality, we can find (x0,x1) such that there is a collision between LHS and RHS.
- mod_arithm.py:
* First build a hash table of all possible values of the left hand side h/g^x1 for x1=0,1,…,2^20.
* Then for each value x0=0,1,2,…,2^20 check if the right hand side (g^B)^x0 is in this hash table.
* If a collision is found, then x = x0*B+x1
To do modular arithmatic with large numbers, we will use gmpy.
3) Sample application to generate Key diversification test vectors conforming to NXP application note AN10922:
--------------------------------------------------------------------------------------------------------------
Refer section: 2.2.1 AES-128 key diversification example in NXP application note AN10922.
https://www.nxp.com/docs/en/application-note/AN10922.pdf
4) Sample application to generate ECDSA signature test vectors for given inputs that conform to FIPS 186-4: Digital Signature Standard:
---------------------------------------------------------------------------------------------------------------------------------------
The signature uses ECDSA with SHA-256 and curve point NIST P-256 as specified in 'FIPS 186-4: Digital Signature Standard'.
Reference section: 3.3 Digital Signature Verification and Validation in FIPS 186-4: Digital Signature Standard.
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
5) An implementation of Shamir's Secret Sharing scheme for distributed embedded systems. The test application generates fragements of a secret (Eg: AES128 Key)
for the purpose of distributing it in a distributed embedded control system. TODO: Secure storage and trasport of secret cryptographic materials.
Reference:
https://github.com/twhiteman/pyDes
https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
https://en.wikipedia.org/wiki/Key_checksum_value
6) An implementation of generic software based cryptographic endorsement and attestation mechanism for distributed embedded systems.
The test application uses a combination of assymetric and symmetric cryptography techniques to establish an end-to-end verifiable trust between any 2 independent
entities in a distributed system. This also has applications in privacy by design patterns.
Reference:
https://en.wikipedia.org/wiki/Trusted_Platform_Module#Endorsement_keys
https://en.wikipedia.org/wiki/Direct_Anonymous_Attestation
7) A test Root CA to generate X509 certificates. The attestation and edorsement applications described in (6) can read, describe and make use of the certificates
in the cryptographic operations.
Referecene:
https://en.wikipedia.org/wiki/Root_certificate
8) Dynamic QR Code based on dynamic URL generated using SHA256 hash, ECDSA signature and timestamp
Reference:
https://en.wikipedia.org/wiki/QR_code
https://en.wikipedia.org/wiki/URL
https://qrdate.org/
9) Standard browsers and http libraries (curl, pthon requests etc.) do not send URL Fragments (part of URL that comes after #) to server. But by intercepting the URL,
an attacker can convert the URL fragment to URL query string and force the browser or library to send the information in fragment to the Server. In many cases the fragment
contains security tokens, personally identifiable IDs and sensitive information which are not intended to be send to the server. Depending upon the criticality of
information leaked, such exploitations can lead to privacy issues.
Reference:
https://curl.se/mail/lib-2011-11/0178.html
https://what.thedailywtf.com/topic/19087/uri-fragment-sent-to-server/12
10) Dynamic QR Code based on dynamic URL generated using TOTP (Time-based one-time password)
Reference:
https://en.wikipedia.org/wiki/Time-based_one-time_password
11) Dynamic QR Code based on dynamic URL generated using JWT(JSON_Web_Token)
Reference:
https://en.wikipedia.org/wiki/JSON_Web_Token
12) Secure UUID (A universally unique identifier) generator from X509 certificate
Reference:
https://en.wikipedia.org/wiki/Universally_unique_identifier
13) The manual pairing code and QR code generation method in Matter specification has the vulnarability that it encodes the SPAKE2+ passcode in the method.
The new method addresses the vulnarability by using a random code for manual pairing code.
Reference:
Matter 1.0 Core Specification: Table 38. Manual Pairing Code Elements, Table 34. Packing of the onboarding payload
https://csa-iot.org/wp-content/uploads/2022/11/22-27349-001_Matter-1.0-Core-Specification.pdf
14) Globally unique identifiers: URIs provide a way to create globally unique identifiers for resources, ensuring that there are no conflicts or ambiguities between
different datasets or systems. Eg: https://example.org/floors/1547809435. The example generates GUIDs for all the entities in a Building ontology.
Reference:
https://en.wikipedia.org/wiki/Ontology
https://en.wikipedia.org/wiki/Universally_unique_identifier
15) A simple key store that securely stores cryptographic keys in a json file using a password.
Usage: python .\SimpleKeyStore.py af787sas7dfa78s6a7sd7asfa my_api_key_1
Reference:
https://en.wikipedia.org/wiki/Key_management
16) WeakPRG: How miss use or wrong selection of algorithms can result in weak PRG or waek cypher text.
https://csrc.nist.gov/glossary/term/entropy#:~:text=A%20measure%20of%20the%20amount,the%20value%20of%20a%20secret.
17) A security mechanism model for key exchange ceremony in a distributed embedded control system.
# TODO: Secure storage and trasport of secret cryptographic materials
18) A security mechanism model for using BLE Beacon as a secure wakeup mechanism for usecases such as wake up and connect to sensors
in a distributed embedded system for setup and configuration assistance.
19) A security mechanism model for managing distributed symmetric keys. The challenge in this case is to securely generate and distribute symmetric keys in multiple nodes/cliets/devices.
20) The protection of encryption keys is important, and they often have to be protected. This is especially important for symmetric keys and the private key of a public key pair. Two standards for this are RFC3394 and RFC 5649. These support the Advanced Encryption Standard (AES) Key Wrap algorithm [AES-KW1, AES-KW2].
The basic idea is to create a derived key from the base master key (The symmetric key that needs protection) using a known salt and secret pass phrase.
Reference: https://asecuritysite.com/openssl/openssl_keywrap
21) With JWT we can encrypt our data, using 128-bit, 192-bit or 256-bit AES encryption. This is expecially needed when you need authenticated encryption for exchanging confidential claims (Claims that have personal data or secrets).
Reference: https://asecuritysite.com/jwt/jwt_python_encrypt
22) Cyber security related definitions from popular legal and regulatory text
Reference: https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Digital+Homepage
23) Selective disclosure JWT attestation for privacy by design use cases
Use cases:
Selectively disclosing personal data.
Zero knowledge proof.