LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi Lisansüstü Programı
Bu topluluk için Kalıcı Uri
Gözat
Çıkarma tarihi ile LEE- Bilgi Güvenliği Mühendisliği ve Kriptografi Lisansüstü Programı'a göz atma
Sayfa başına sonuç
Sıralama Seçenekleri
-
ÖgeGroup authentication for next generation networks(Graduate School, 2022-05-12) Aydın, Yücel ; Özdemir, Enver ; Kurt Karabulut, Güneş Zeynep ; 707172003 ; Cybersecurity Engineering and CryptographyIn this thesis, it is proposed and simulated to perform handover operations as a group to decrease time latency and the number of communication. The security aspects of the authentication and handover for drone swarms are presented in the thesis. The reason to select drone swarms is to examine the authentication in a group and to raise the use of drones everywhere in daily life. The number of drones used for military or commercial applications is getting higher every day. Border security, visual shows, and cargo delivery can be some examples of drone applications. Due to their flying time and limited coverage area, a single drone cannot perform intensive tasks. While providing mobile service via aerial base stations, some UxNBs can turn back to the control station and new drones can be sent to the area to accomplish the tasks. Due to these reasons, it is preferred to use drone swarms for intensive tasks rather than a single drone. The first security problem for the drone swarm is the authentication of the new drones sent by the drone control station join to the swarm. If it is possible to include a drone in the swarm without authentication, any intruders can impersonate a drone and send it to the swarm for various attacks. In addition to the authentication, the communication inside the swarm should be encrypted and each party should use a group key. The group key may also be shared with the new authenticated drone. The next security requirement for the drone swarm is the mutual authentication of two drone swarms to perform more intensive tasks. If the authentication solution for the UAV authentication in 5G is exploited for mutual authentication, the number of communication and scalability should be taken into consideration since each party from a different swarm should perform authentication with the UAVs from another swarm. Group authentication solutions may be used to overcome scalability and the high number of communication issues. Drone swarms also have security and latency issues for the handover operations. There are two kinds of handover operations for drone swarms. One is the handover of drone swarms from serving terrestrial base station to the new base station. The next one is the handover of UxNBs if the base station is not terrestrial but an aerial. The serving UxNB may be out of flying time and drone swarm may start to receive service from new UxNB. The lightweight group authentication scheme is applied to the authentication and handover operations for the drone swarms in the thesis. 5G UAV authentication and handover methods and group-based solutions are implemented in the simulation and the results are compared. According to the results, the group authentication solutions provide better time, and less communication for the drone swarms.
-
ÖgeA hierarchical key assignment scheme for access control in cloud computing(Graduate School, 2022-06-10) Çeliktaş, Barış ; Özdemir, Enver ; 707182002 ; Cyber Security Engineering and CryptographyToday, organizations no longer have to spend huge amounts of money on physical servers, related information technologies infrastructures such as server rooms or data centers because large initial capital expenditure and operational expenditures are significantly reduced due to relatively new method called cloud computing. In addition, administrative challenges include establishing well-designed disaster recovery and business continuity plans, building fault-tolerant and scalable systems, full-time availability, and greater collaboration with stakeholders needed by organizations. These all lead companies to outsource the services such as storage systems, large-scale computations and hosting. Among cloud deployment models, the public cloud is currently the most preferred by companies due to its cost-effectiveness, although it raises many concerns, especially for military, health, and banking organizations, where confidentiality and privacy are crucial. The main concerns of these organizations, which operate in a hierarchical manner, are confidentiality, privacy, availability, integrity, reliability, data lock-in, and regulatory compliance. Besides the above-mentioned concerns, the integration of data access control policy to any cloud deployment models by the data owner is also a challenging topic in the research community. In this thesis, we will focus on finding a solution to confidentiality and privacy concerns. The first solution that comes to mind for the focused concerns should be found in cryptography tools. It is very crucial to follow a secure key management policy by organizations to ensure the confidentiality of sensitive data using encryption. What motivates us to conduct this research is to introduce a secure, flexible, hierarchical, and practical key access control mechanism that eliminates or minimizes confidentiality and privacy concerns in the transition to the cloud for hierarchical organizations utilizing sensitive data. In this context, we will present two different hierarchical access control schemes to be used in the secure adoption of the public cloud for hierarchical organizational structures and demonstrate that the use of these schemes provides a flexible, efficient, and secure hierarchical key access control mechanism for the entirety of hierarchy. Note that these schemes can also be used for organizations that do not consume cloud services to manage their internal key management and access controls. The first proposed scheme is based on an inner product space and orthogonal projection method, whereas the second is based on Shamir's secret sharing algorithm and polynomial interpolation method. These are also different in approach. The first one adopts a top-down approach where a user of any security level can access the key/data of the same and/or lower security level by default, while the second one needs the approval of the users at the same and/or higher security level to access the key/data, in other words, it adopts a bottom-up approach. The first scheme is based on an inner product space and can be utilized in any cloud delivery model where the data owner implements a hierarchical access control policy. While distributing a basis for each class by the data owner, a left-to-right and bottom-up policy can ensure much more flexibility and efficiency, especially during any change in the structure. For each class, the secret keys can be derived only when a predetermined subspace is available. This scheme is resistant to collusion/collaboration attacks and privilege creep problems, as well as provides key recovery and key indistinguishability security. The performance analysis also shows us that the data storage overhead is much more tolerable than other schemes in the literature. In addition, the other advantage is that it requires only one operation to derive the secret key of child classes securely and efficiently. In other words, these experimental results satisfy all of the desired performance and security requirements. The second scheme is based on Shamir's secret sharing algorithm and polynomial interpolation method. We provide a secure method for each user of this entity to access the public cloud from both inside and outside the company's network. The scheme offers a secure, flexible, and hierarchical key access mechanism for organizations utilizing sensitive data. It also minimizes concerns about moving sensitive data to the public cloud and ensures that only users with sufficient approvals from the same or higher privileged users can access the data by making use of the topological ordering of a directed graph, including self-loop. Our policy in this scheme is to obtain permission approval for bottom-up access. Main overheads such as public and private storage needs are reduced to a tolerable level, and the key derivation is cost-effective. From a security perspective, this scheme is both resistant to collusion/collaboration attacks and provides key indistinguishability security. Since the key does not need to be kept anywhere, the key disclosure risk is also eliminated. In summary, in this thesis, to take full advantage of these different approaches, the data owner can choose the best one that is suitable for the security policy and hierarchical structure of the organization. If required, the data owner can also design an infrastructure that is a mixture of these two approaches.
-
Ögeİkili kuadratik form ̇ile grup kimlik doğrulaması(Lisansüstü Eğitim Enstitüsü, 2023-01-31) Aksoy, Filiz ; Özdemir, Enver ; Özer, Özen ; 707191004 ; Bilgi Güvenligi Mühendisli ˘ gi ve KriptografKriptoloji, dijital ortamda taraflar arasında güvenli iletişimin gerçekleşmesi için gerekli algoritma ve protokol dizaynını amaç edinen bilim dalıdır. Sanal ortamdaki herhangi bir veri akışının güvenliği kriptografik temel taşlar ile sağlanır, Günümüzde teknolojinin gelişmesi ve internetin yaygınlaşması ile bilgi paylaşımı da kritik bir önem kazanmakta ve güvenli bilgi paylaşımı için sürekli yeni modeller geliştirilmektedir. Kriptografi biliminin amacı yalnızca mesajları şifreleme ve deşifre algoritmaları geliştirmek değil, aynı zamanda bilgi güvenliği gerektiren gerçek dünya sorunlarını çözüme kavuşturmayı sağlamaktır. Diğer bir deyişle sanal ortamda akan verilerin güvenli transferini sağlayacak uygun yapıtaşları hazırlamaktır. Bu yapıtaşların uygunluğu birçok faktöre bağlıdır. Mevcut donanım yapısına ve kullanıcıların beklediği veri akış hızına uygunluğu en öncelikli hedefler arasındadır. Dijital ortamdaki haberleşmenin güvenliği önceden belirlenen dört hedefin sağlanması ile mümkün olabilmektedir. Bu hedeflerin ilki mesajın gizliliği olarak ifade edilen gizlilik (confidentiality) kavramıdır. Mesajın karşı tarafa güvenli bir şekilde iletilmesi için tasarlanan algoritmaların ana amacı mesajın üçüncü taraflar tarafından okumasını engellemektir. Dijital ortam herkes tarafından görülebilir kabul edilmektedir. Dolayısı ile yalın halde gönderilecek bir mesaj herkes tarafından okunabilecektir. Mesajın sadece önceden belirlenen alıcılar tarafından okunabilmesi güvenli haberleşmenin en önemli öğelerinden biridir. Bir diğer amaç ise veri bütünlüğü (data integrity) yani mesajın içeriğinin değişmesini önlemektir. Mesajın içeriği iletim esnasında oluşabilecek hatalardan veya araya giren kişilerden kaynaklı değişikliğe uğrayabilmektedir. Bu tür manipülasyon ve değişimleri engellemek için genellikle özet (hash) fonksiyonları kullanılmaktadır. Güvenli haberleşmenin sağlaması gereken amaçlardan bir diğeri ise kimlik doğrulama (authentication), yani mesajın kaynağının ve alıcının doğrulanmasıdır. Bunun için mesajı oluşturan kişi ve zaman damgası gibi bilgileri içeren dijital imza gibi yöntemler kullanılmaktadır. Son olarak ise gönderilen mesajın gönderici tarafından inkar edilememesi (Non-repudiation), yani mesajı gönderenin mesajı kendisinin göndermediğini iddia edememesidir. Dijital imza gibi yöntemler kimlik doğrulaması ile birlikte mesajı gönderenin inkar etme durumunu da ortadan kaldırmaktadır. Güvenli haberleşmenin en önemli sac ayağı gizlilik simetrik kriptografik algoritmalar ile sağlanmaktadır. 1974 ten günümüze kadar nerdeyse tüm dijital haberleşme kanalları standart olan simetrik anahtarlı algoritmaları kullanmaktadır. Simetrik anahtarlı kriptografik sistemlerde gönderen ve alıcı taraflarının her ikisi de aynı anahtara sahip olmak zorundadır. Her ne kadar gizlilik standart simetrik şifreleme metotları ile sağlanıyor olsa da, tarafların aynı anahtarı elde etmesi en önemli problem halini almaktadır. Tarafların anahtar paylaşımı yapmadan önce birbirlerinin kim olduklarını tespit etmesi yani kimlik doğrulama yapması beklenmektedir. Kimlik doğrulama sonrasında anahtar değişimi yapılmaktadır. Kimlik doğrulama ve anahtar değişimi algoritmaları şu ana kadar sadece bir alıcı ve bir göndericinin olduğu ortamları göz önünde bulundurarak dizayn edilmiştir. Fakat günümüzde artık haberleşme birebir değil onlarca hatta binlerce aletin aynı anda veri alış verişi yaptığı iletişim sistemlerinden oluşmaktadır. Mesela nesnelerin interneti (Internet of Things - IoT) gibi teknolojilerin de gelişmesi ile hem aynı anda bir çok aynı amaç için kullanılan aletler hızlı kimlik doğrulaması ve anahtar değişimi yapması gerekmektedir. Veri akışı her bir aletten diğerlerine gittiği için ortamda bulunan onlarca belki de binlerce aletin her biri için kimlik doğrulaması yapması ve anahtar paylaşımı yapması beklenmektedir. Ayrıca, iletişim ağına dahil olan tüm cihazların teknik kapasitelerinin aynı olmadığı düşünüldüğünde düşük işlemcili cihazları da destekleyen bir modele ihtiyaç günden güne artmaktadır. Daha fazla cihazın veri akış trafiğine dahil olacağı beklenildiğinden, kısa süre içerisinde çoklu kimlik doğrulama ve çoklu ortam için etkin anahtar değişimi algoritmalarının daha fazla ihtiyaç haline geleceği açıktır. Bu çoklu ortamlar için etkin kimlik doğrulama algoritması geliştirilecektir. Bunun yanında pratikte kullanılabilecek anahtar belirleme algoritmasında sunulacaktır. Sunulan algoritmaların performans değerleri analiz edilecek ve kripto analizleri yapılarak güvenlik parametreleri sunulacaktır. Dizayn edilen algoritmalarda yeni bir matematiksel aygıt kullanılacaktır. Bu aygıt uzun zamandır sayılar teorisi alanında bilinen ikili kuadratik formlardır. İlk bölümde kriptografiye kısa bir giriş yapılarak, simetrik ve asimetrik anahtar algoritmalarının temel yapıtaşları ve bu algoritmaların güvenilirliğinden örneklerle bahsedilecektir. Mevcut kriptografik yapıtaşlarının güvenli haberleşmede istenilen özellikleri sağlamada nasıl kullanıldığı örneklendirilecektir. Bu bağlamda elektronik posta servislerinin güvenliğini sağlayan en önemli protokollarden PGP uygulamasından bahsedilecek ve yapıtaşların etkin bir şekilde kullanımına örnek verilecektir. İkinci bölümde ise, birebir kimlik doğrulama ve grup kimlik doğrulama detaylı olarak anlatılacaktır. Daha sonra son zamanlarda çoklu kimlik doğrulama ve çoklu anahtar paylaşımı için dizayn edilmiş grup kimlik doğrulaması üzerine yapılan çalışmalardan bahsedilecektir. Üçüncü bölümde sunacağımız grup kimlik doğrulama ve anahtar değişimi algoritmaları için matematiksel yapıtaşları olan ikili kuadratik formlardan detaylı bahsedilecektir. İkili kuadratik formlar, primitif formlar, pozitif belirli formlar, kuadratik formların denkliği, denklik sınıfı, indirgenmiş formlar bu bölümde anlatılmaktadır. Üçüncü ve son bölümde ise, ikili kuadratik form ile grup kimlik doğrulama için önerilen modelin detayları ve teorik performansının diğer grup kimlik doğrulama modelleri ile karşılaştırılması yer almaktadır.
-
ÖgeA new public key algorithm and complexity analysis(Graduate School, 2023-06-23) Çağlar, Selin ; Özdemir, Enver ; 707201029 ; Cybersecurity Engineering and CryptographyWith the development of technology, many processes have begun to digitize. As a result of this digitalization, digital communication has become inevitable in our lives. Digital communication is faster and easier to access than traditional communication methods. Especially with the Covid-19 pandemic, the contribution of digitalized processes to our daily life has been visibly felt. As a result of digitization, a lot of data belonging to different data classes has been transferred to the digital environment. The transfer of information to digital media has brought about a change in the methods of storing and using data. At this point, the importance of issues such as data privacy and security has increased and the concept of secure digital communication has come to the fore. Secure digital communication deals with the provision of cornerstones of security such as confidentiality, integrity, and authentication while transferring data over digital channels. Confidentiality is the process of preventing unauthorized parties from viewing sensitive data and ensuring that only those who have been given permission can do so. This can be achieved through data encryption, access controls, and secure channels. Integrity refers to the assurance that data remains unaltered and uncorrupted during transmission, storage, and processing, ensuring that the data can be trusted and relied upon. Techniques such as digital signatures and hash functions can be used to verify the integrity of data. Verifying a user's or a device's identity when they want to access data or services is referred to as authentication. This is typically achieved through the use of digital signatures, which are cryptographic techniques that provide a way to verify the authenticity of data by verifying the identity of the sender. Together, these three principles form the foundation of secure communication. When sharing data in a public environment, the data to be transferred must be protected. In other words, there is a need to ensure that the principle of confidentiality, which is the main starting point of this study, can be provided. Cryptography, which enables encryption structures, is used to ensure confidentiality. Symmetric key cryptography, which is more efficient in terms of key length and cryptographic operation and uses the same key in encryption and decryption processes, is widely used in encryption processes. In symmetric key cryptography, the party that encrypts and decrypts the data must use the same cryptographic key. Sharing of this cryptographic key must be done securely between the parties. Asymmetric key cryptography is used at the point of sharing the symmetric key, especially in processes that are established in a public environment and where there is no opportunity for the parties to directly share keys physically. Symmetric key cryptography is based on the use of a key pair consisting of a public and private key. A public key is a key that can be shared publicly with the parties used to send encrypted data. The private key, on the other hand, is the key used in decrypting the sent encrypted data, which the owner of the key pair must keep securely. Asymmetric key cryptography is used to provide confidentiality and authentication. The fact that it can also provide authentication is a factor that increases security in key exchange processes. After the parties verify each other cryptographically at the key exchange, asymmetric key cryptography provides an environment for sharing the symmetric key to be used to secure the communication. The RSA algorithm is one of the oldest and most widely used asymmetric key algorithms. The security of the algorithm is based on the difficulty of factoring integers. In the RSA algorithm, the public key modulus is equal to the product of two large prime numbers of the same size. Revealing these two prime numbers is enough to break the algorithm. At the same time, there is the possibility of returning the message without factoring from the encrypted data. This is called the RSA problem. Research studies have shown that there may be an easier way to return a message from encrypted data without factoring. If an effective method is developed for the RSA problem, the security of many RSA-based systems will be under threat. In this thesis, a new public key algorithm, which can be an alternative to the RSA algorithm, is proposed in the case of solving the RSA problem. This algorithm is based on the use of nodal curves and the group structure is different from the RSA algorithm. In the proposed algorithm, the discrete logarithm problem is thought to be harder, since the group structure in which the algorithm works is based on polynomial arithmetic and is also inspired by elliptic/hyperelliptic curves. At this point, it is assumed that the proposed new algorithm may be more durable to the problem in the RSA algorithm. At the same time, a new group operation algorithm, which is an addition algorithm, is presented by modification of the Mumford Representation and Cantor Algorithm in order to perform the group operation on the nodal curves. The performance comparison of the group operation presented on the nodal curves and the Cantor algorithm has been made. Compared to the Cantor algorithm, the presented new group operation was found to be more effective. In addition, the proposed algorithm has a probabilistic behavior. In other words, even if the data to be encrypted does not change, a structure is presented that can enable the encrypted data to be formed differently. The RSA algorithm has a deterministic behavior, additional padding is needed to produce different encrypted results from the same data. Since the proposed public key algorithm is based on polynomial arithmetic, there is no performance advantage compared to the RSA algorithm. We can state that there is a trade-off between security and performance. In order to show the practical applicability of the presented new solution, a performance comparison with the RSA algorithm has also been made. The performance problem is caused by the exponential increase in the secret key with the increase in the degree of the nodal curve used. In other words, it has been seen that the algorithm proposed in the decryption phase is slower than the RSA algorithm. However, since the decryption process in asymmetric key cryptography is generally not performed by individual users, it is thought that powerful servers will not be affected by this performance problem. During the tests, the SageMath library and the Python programming language were used.