Rozprawy doktorskie na temat „Infrastructures à clés publiques – Certification”
Utwórz poprawne odniesienie w stylach APA, MLA, Chicago, Harvard i wielu innych
Sprawdź 30 najlepszych rozpraw doktorskich naukowych na temat „Infrastructures à clés publiques – Certification”.
Przycisk „Dodaj do bibliografii” jest dostępny obok każdej pracy w bibliografii. Użyj go – a my automatycznie utworzymy odniesienie bibliograficzne do wybranej pracy w stylu cytowania, którego potrzebujesz: APA, MLA, Harvard, Chicago, Vancouver itp.
Możesz również pobrać pełny tekst publikacji naukowej w formacie „.pdf” i przeczytać adnotację do pracy online, jeśli odpowiednie parametry są dostępne w metadanych.
Przeglądaj rozprawy doktorskie z różnych dziedzin i twórz odpowiednie bibliografie.
Wazan, Ahmad Samer. "Gestion de la confiance dans les infrastructures à clés publiques". Toulouse 3, 2011. http://thesesups.ups-tlse.fr/1450/.
Pełny tekst źródłaToday, the Internet has become a universal community, where the openness to diverse application areas, has been accompanied by a natural change in the profile of users. However, in this environment, the maturity of the services and applications is suffering from a problem of trust. The establishment of trust in the Internet requires the intervention of several elements. We refer to these elements by the term: trust chain. In all chains of trust, public key infrastructure (PKI) is a central element. It serves to establish a link between a public key and a physical entity whose certificate signed by a central entity called a certification authority (CA). Thus, PKIs provide means for the management and the distribution of keys and certificates. All elements of the trust chain create a trust management problem. We have dedicated our work, however, to PKIs, and more precisely in trust management of CAs. We have performed the following steps: • We have proposed a formal definition of trust in CAs. • We have defined an architecture that operates a validation service deployed by an entity independent of CAs, and recognized by a community of interest. • We have defined a calculation model that enables us to obtain a score between 0 and 1 representing the quality of a certificate (QoCER). Finally, we have implemented a prototype that demonstrates our ideas. In particular, we have presented how end users can interact with the validation service to make informed decisions about certificates
Lesueur, François. "Autorité de certification distribuée pour des réseaux Pair-à-Pair structurés : modèle, mise en œuvre et exemples d'applications". Rennes 1, 2009. https://tel.archives-ouvertes.fr/tel-00443852.
Pełny tekst źródłaPeer-to-peer networks allow to design low cost and high availability large systems. Contrary to clients in client-server systems, peers of a peer-to-peer network play an active role in the network and give some bandwidth, computation power and storage to the network : the presence of attackers or misbehaving peers can break the proposed service. Guaranteeing security properties in peer-to-peer networks yields new problems since, contrary to current systems where, most of the times, a central authority allows or not asked operations, no peer should have a critical role for the whole network. The main contribution of this thesis is a distributed certification authority which allows the distributed signature of certificates. Contrary to currently used centralized certification authorities, even in peer-to-peer networks, the authority we propose is fully distributed in the peer-to-peer network and the peers themselves take the decisions, through the cooperation of a fixed percentage of them. We present in this thesis the cryptographic mechanisms used as well as two applications of this authority, in order to limit the sybil attack and to securely name users
Ben, Mbarka Moez. "Signatures électroniques avancées : modélisation de la validation à long terme et sécurité des autorités de certification". Thesis, Bordeaux 1, 2011. http://www.theses.fr/2011BOR14247/document.
Pełny tekst źródłaNowadays digital signature schemes and infrastructures have time limitations. This situation is disturbing considering that there are many cases, such as government records, where the signatures are required to be kept valid for a long period of time. In this thesis, we address this issue by modeling signature validation in the scope of a dispute between a verifier and a signer. The model is accompanied with a formal calculus to formalize several important concepts in the scope of long-term validation, such as judgment proof, proof expiration and renewal. Certificate revocation is one of the main issues considered by the model. Revocation is particularly critical for a Certification Authority (CA). We investigate this issue in the scope of the revocation settings allowed in X.509 and we show that some settings permit efficient countermeasures to prevent the revocation of the CA. For the same objective, we investigate approaches allowing to combine hardware protection with fine-tuned control on the usage of the CA's key. We propose a general solution which allows the execution of the of CA's certification policies at a processor which runs in an insecure environment under the control of the CA's secure module
Adja, Elloh. "Définition et conception d'un système optimal de la révocation de certificats". Electronic Thesis or Diss., Institut polytechnique de Paris, 2021. http://www.theses.fr/2021IPPAT012.
Pełny tekst źródłaThe Public Key Infrastructure (PKI) is a public key infrastructure whose objective is to meet needs such as public key authentication, access control and authorization functions. The support for these services determines the attributes contained in, as well as auxiliary control information such as policy and certification path constraints. The validation of the certificate goes through the verification of these attributes. A certificate is supposed to be used throughout its validity period. However, various circumstances may interrupt this validity. These circumstances include a name change, an association change, etc. Under such circumstances, the CA must revoke the certificate. Certificate revocation validation and verification services are expected or necessary in several contexts, we can cite some among many others: vehicular communications, (WWW), user authentication, etc. Vehicle communications are at the center of the vehicles of tomorrow and, more generally, of smart cities. Securing these communications is a critical element given the services in perspective. The security of inter-vehicle exchanges is based on the digital signature. This signature requires a key exchange infrastructure (PKI).RFC 5280 defines different revocation methods. Among these, we have a revocation method, which requires the periodic publication by the CA of a signed data structure called CRL (Certificate revocation list). This approach, which is the most widely used, is mature but expensive in terms of time and volume, and vehicular communications bring new constraints. This work relates to the verification of the revocation of X509 certificates and pseudonym certificates used in vehicular communications. Our goal is to reduce latency due to revocation checking of X509 and pseudonyms certificates. In this context, we have proposed a method of revocation, which implies the publication of the revocation lists in a public Blockchain. We then proposed a revocation method able to face the new constraints introduced by the vehicular environment. Our contributions have been validated by an implementation
Guette, Gilles. "Gestion de clés dans les extensions de sécurité DNS". Rennes 1, 2005. http://www.theses.fr/2005REN1S108.
Pełny tekst źródłaMasereel, Jean-Michel. "Analyse de la sécurité de protocoles cryptographiques de chiffrement et de signature à base de polynômes multivariables". Versailles-St Quentin en Yvelines, 2010. http://www.theses.fr/2010VERS0056.
Pełny tekst źródłaThe multivariate cryptography began in the early 1980s. It aimed to propose a new kind of protocols that are both reliable and efficient. In the mid-1990s however, it has grown and prospered with the emergence of algebraic cryptanalysis. This thesis focuses on the cryptanalysis of different multivariate protocols from various cryptographic fields. Initially, we are interested in obfuscation. Starting from an algebraic analysis of the obfuscation of DES (Data Encryption Standard), we mount an attack that can recover the secret key in a few seconds. In a second step, we study the links that may exist between a search of collisions on a multivariate system and solving a multivariate system. This work aims to provide avenues to prove the NP-completeness or non NP-Completeness of a search of collisions on a multivariate system. In a third step, we study the multivariate traitor tracing. We analyze how a traitor alone or with an accomplice, may succeed in forging an equivalent key while hiding his identity. Finally, we focus on stream ciphers and more particularly to Trivium. We use the coding theory and Walsh transforms to propose an improvement of an existing attack
Siad, Amar. "Protocoles de génération des clés pour le chiffrement basé sur de l'identité". Paris 8, 2012. http://www.theses.fr/2012PA083660.
Pełny tekst źródłaIdentity-Based Encryption suffers from the problem of trust in the key generation authority PKG (Private Key Generator), which results in the ability of this authority to produce and distribute, without the knowledge a genuine user, multiple private-keys or multiple copies of a single key. This problem makes the deployment of these systems limited to areas where trust in the PKG must have a fairly high level. An important and natural question is to ask how can we reduce the trust one should have in the PKG. In this thesis, after conducting a development of the state of the art on the subject, we answer this question by studying this problem in its theoretical and practical aspects. On the theoretical stage, we present constructions of distributed cryptographic protocols that reduce the trust to its lowest level never reached before. We develop protocols for private-key generation in different security models while presenting real-world applications using these new protocols in the setting of searchable encryption. Furthermore, we develop necessary infrastructures needed for the deployment of our protocols. In practical terms, we implement KGLib: the first complete, efficient and modular library which brings together the most known techniques for private-key generation for identity-based cryptosystems. This library aims at providing robust tools designed in a modular and reusable way to allow easy implementation and rapid prototyping of the latest results coming from theoretical cryptography
Duclos, Mathilde. "Méthodes pour la vérification des protocoles cryptographiques dans le modèle calculatoire". Thesis, Université Grenoble Alpes (ComUE), 2016. http://www.theses.fr/2016GREAM002/document.
Pełny tekst źródłaCritical and private information are exchanged on public environment. To protect it from dishonest users, we use cryptographic tools. Unfortunately, bad conception, poorly written security properties and required security hypothesis lead to attacks, and it may take years before one discover the attack and fix the security schemes involved. In this context, provable security provides formal definitions for security objectives and implied mathematical proofs that these objectives are fullfilled. On another hand, complexity and variety of cryptographic systems are increasing, and proofs by hand are too complicated to write and to verify (Bellare& Rogaway 2004, Shoup 2004, Halevi 2005). Thus, we need computer-assisted verification methods for cryptographic systems. The aim of this thesis is to progress in this direction. More precisely we want significant progress over formal proofs on cryptographic protocols. To verify cryptographic protocols we need to develop a theoritical framework providing: - a precise modelisation for cryptographic protocols and security properties we want to prove in the computationnal model, - designing tactics to automate proofs, - taking into account realistic models for adversary (side-channels...). By the end of the thesis we have enhanced a theoretical framework and computing tools helping verifying cryptographic protocols
Kunz-Jacques, Sébastien. "Preuves de sécurité et problèmes difficiles en cryptologie : études de cas". Paris 7, 2007. http://www.theses.fr/2007PA077068.
Pełny tekst źródłaProvable security enables to formalize what is expected from a cryptographic primitive, and to prove that some mechanisms actually meet these expectations. Security proofs neverthe-less rely on the hypothesis that some reference algorithmic problems are hard to solve. These hardness hypotheses are primarily justified by the lack of efficient algorithms to solve the corre-sponding problems. In the first part of this thesis, we study some authenticated key exchange protocols. After a close look to the security model involved, we prove the security of two classical protocols, MTI/CO and MQV, which was up to now only studied empirically. Then, we show how to extend the adversarial model to include active compromises. Neither MQV, nor HMQV, which is a proved variant of MQV, withstand these attacks. We propose a new protocol that solves this problem with a round and computational complexity similar to the one of MQV. In the second part of this thesis, we turn our attention to solving Systems of multivariate equations on a finite field. Several public key cryptosystems rely on the difficulty of this problem, for different families of Systems of equations. On the one hand, we cryptanalyze such a cryptosystem, TRMC. On the other hand, we improve a generic resolution algorithm, XL. The performance of the resulting algorithm is on par with the best currently known methods
Delaunay, Pascal. "Attaques physiques sur des algorithmes de chiffrement par flot". Versailles-St Quentin en Yvelines, 2011. http://www.theses.fr/2011VERS0006.
Pełny tekst źródłaSince 1999 and Paul Kocher's initial publication, several side-channel attacks have been published. Most of these attacks target public-key cryptosystems and bloc ciphers but only a few of them target stream ciphers, despite being widely used on daily applications. After some remids on side-channel attacks, linear and non-linear feedback shift registers and fast correlation attacks, we propose at first three fast correlation attacks targetting linear feedback shift registers and using side-channel information to improve their accuracy. Next, we present two flaws in non-linear feedback shift registers which allow full recovery of the internal state using well-chosen side-channel attacks. We finally use these vulnerabilities to mount two side-channel attacks against VEST, an eSTREAM candidate, to recover partial information from the internal state
Caragata, Daniel. "Protocoles de communications sécurisées par des séquences chaotiques : applications aux standards de communications , IP via DVB-S et l'UMTS". Nantes, 2011. http://archive.bu.univ-nantes.fr/pollux/show.action?id=ff503910-6dd7-42e4-9c45-c7e59996eaa2.
Pełny tekst źródłaIn this thesis we have studied new ways of using chaotic functions to ensure information security. Therefore, we have addressed three themes of research: the security of IP communications over satellite DVB, UMTS security and digital watermarking. Firstly we study the security of unicast and multicast IP communications over satellite DVB. We propose a new security solution for this type of communications that encrypts the IP packet and MAC code and that protects the authenticity and integrity of the ULE header and of the IP packet. This solution uses a multi layer key management system, chaotic functions for the encryption of the data and the generation of the secret keys, a customized PDU for the transport of the keys and an alarm message to restore the synchronization between the ISP and the client. We analyze and propose improvements for the security of the UMTS. The network access is at the heart of UMTS security. The enhancements we propose are: user identification using an improved protocol that ensures the protection of: the permanent identity, the secret key K against cryptographic attacks using a temporary key and the encryption of the messages. The modified protocols for security algorithms negotiation and TMSI updating that make the choices of the serving network visible to the users. Finally, we address the information integrity of JPEG images and we propose a new chaos based fragile watermarking algorithm that is efficient and robust. This algorithm is the result of the cryptanalysis that we have developed against the watermarking algorithm proposed by Wang in 2008. In addition we have also simulated the cryptanalysis using first order Markov chains
Mota, Gonzalez Sara del Socorro. "Modélisation et vérification de protocoles pour des communications sécurisées de groupes". Toulouse, INPT, 2008. http://ethesis.inp-toulouse.fr/archive/00000628/.
Pełny tekst źródłaSystems that implement communications in the form of group multicast have increasingly raised security problems. The protection mechanisms applied to that communication rely on symmetrical and asymmetrical key exchanges, and the way these mechanisms are selected does influence the system’s efficiency. Following an in depth analysis of the needs captured by these systems, we defined a model for representing the dynamics of groups, as well as communication among group members. We defined one system architecture which focuses on key creation, exchange and management functions. The system was modeled in UML 2. 0 and checked against security and temporal properties. The approach we followed to investigate temporal requirements may be extended to a broad variety of distributed systems
Ahmad, Kassem. "Protocoles, gestion et transmission sécurisée par chaos des clés secrètesPplications aux standards TCP/IP via DVB-S, UMTS, EPS". Nantes, 2013. http://archive.bu.univ-nantes.fr/pollux/show.action?id=819becae-9749-4a1d-80df-3cc673b27901.
Pełny tekst źródłaIP multicast is supported in the next generation of satellite systems implementing DVB-S (Digital Video Broadcasting via Satellite). In this type of communication, security, switching and scalability are the main challenges. In this context, we propose a new multicast security system based on: an enhanced ULE encapsulation standard, method which can operate with the switching approaches ‘label or selfswitching’ to ensure efficient filtering and multicast forwarding, a highly flexible security mechanism, and a scalable key management scheme with two LKH (Logical Key Hierarchy) layers. The usage of chaos is proposed for the new keys generation and data encryption. The analysis of the proposed system shows that it can handle a large number of members in a secure and efficient manner with minimal bandwidth consumption. Security in the 4th generation of mobile networks EPS is considered very robust. However, weaknesses inherited from UMTS and others identified in the specialized literature remain without effective treatment. These vulnerabilities affect precisely the authentication and key agreement protocol, EPS-AKA. Several protocols have been proposed to resolve these problems but without a significant success. In this context, we propose a new protocol called FP-AKA which provides a strong protection against the different attacks with minimal cost. The comparison of FP-AKA with the best existing protocols in the literature (SE-AKA, ECAKA,. . ) shows the superiority of FP-AKA in several parameters (security, cost, delay,. . )
Prigent, Nicolas. "Contributions à la sécurité des réseaux dynamiques auto-configurables : application aux réseaux domestiques". Rennes 1, 2005. http://www.theses.fr/2005REN1S157.
Pełny tekst źródłaKounga, Gina. "Strong authentification for providing secure services in ad hoc networks". Versailles-St Quentin en Yvelines, 2009. http://www.theses.fr/2009VERS0047.
Pełny tekst źródłaEntity authentification is a precondition to provide secure services in ad hoc networks. In order to define an entity authentification solution that suits the characteristics of ad hoc networks, we do an in-depth analysis of existing authentification solutions and how they have been adapted to work in mobile ad hoc networks. This permits to identify their limitations as well as the problems that still need to be solved. We then propose a first solution that solves these remaining problems. It is improved in a second solution that additionally permits each node to manage alone its cryptographic key pairs. The authenticity of such generated public keys can be verified without accessing any third party. We finally use this improved solution to define three secured applications that first highlight how that solution can be used to fulfil various security requirements and that second permits to generate some revenues in ad hoc networks. The first application permits individuals to buy some multimedia resources in ad hoc networks. Non-repudiation is provided to guarantee that at the end of a transaction the buying node receives the resource it has bought and is able to view or play it. It is further provided to guarantee that the selling node is sure that it will be paid for having sold the resource. The second application permits vehicles to exchange anonymously some safety information and to evaluate the reliability of this information. The third application finally permits nodes to negociate and provide the access to a fixed network in a way that avoids defrauding. The performances of the improved solution, on wich these applications rely, show that it can be used on mobile device
Misoczki, Rafael. "Two Approaches for Achieving Efficient Code-Based Cryptosystems". Phd thesis, Université Pierre et Marie Curie - Paris VI, 2013. http://tel.archives-ouvertes.fr/tel-00931811.
Pełny tekst źródłaGallais, Cécilia. "Formalisation et analyse algébrique et combinatoire de scénarios d'attaques généralisées". Thesis, Paris, ENSAM, 2017. http://www.theses.fr/2017ENAM0064/document.
Pełny tekst źródłaThe current definitions of a critical infrastructure are not adapted to the actual attacks which are observed these days. The problem is the same for the definition of an attack and therefore, the term « cyber attack » tends to reduce the conceptual and operational field of the person in charge of the security. Most of the approaches are reduced to identify the technical and IT domain only, and they forget the others domains specific to the intelligence. Then, the main methodologies to identify and to manage risk (EBIOS or some similar methodologies) take into account a definition of a critical infrastructure which is restrictive, static and local. The model of attacker and attack is also extremely narrowed as the technical approaches and the angles of attack of an attacker tend to be restricted to the IT domain only, even if the « cyber » angles may not exist or may only be a small part of an attack scenario.Therefore, it is necessary to have a new definition of a critical infrastructure, more complete and made according to the attacker point of view. Indeed, critical infrastructures can be protected by assessing the threats and vulnerability. This thesis aims to develop new models of infrastructure and attack accurately, models which will based on graph theory, with or without the cyber part. This graph-based representation is already used a lot to describe infrastructure, it will be enriched in order to have a more exhaustive view of an infrastructure environment. The dependencies with other entities (people, others critical infrastructures, etc.) have to be taken into account in order to obtain pertinent attack scenarios. This enriched representation must lead to new models of attackers, more realistic and implementing external components of the infrastructure which belong to its immediate environment. The main objective is the research of optimal paths or other mathematical structures which can be translated into attack scenarios. This global approach provides a finer (and therefore more realistic) definition of security as the lowest cost of the attack path.The research program is structured in five stages. The first two steps are aimed at defining the models and objects representing the security infrastructures as well as the attackers they are confronted with. The major difficulty encountered in developing a relevant infrastructure model is its ability to describe. Indeed, the more the model is rich, the more it can describe the infrastructure and the adversaries that attack it. The counterpart of developing a relevant model is its exponential characteristic. In these security models, we therefore expect that the problem of finding the vulnerabilities of a security infrastructure is equivalent to difficult problems, i.e. NP-hard or even NP-complete. The locks to be lifted will therefore consist in the design of heuristics to answer these problems in finite time with an ``acceptable" response. The third step is to define a generic methodology for assessing the safety of a security infrastructure. In order to validate the proposed models and methodology, the thesis program provides for the development of a research demonstrator in the form of an evaluation platform. Finally, the last step will be to evaluate an existing system from the platform by implementing the proposed methodology. The objective of this last step is to validate the models and the methodology and to propose an improvement if necessary
Bou, Diab Wafaa. "End-to-security of real-time services over beyond third generation networks". Versailles-St Quentin en Yvelines, 2010. http://www.theses.fr/2010VERS0011.
Pełny tekst źródłaSecurity presents a big challenge for transmitting real-time traffic over IP networks; the goal is to acquire the same security level offered by the standard telephony without affecting the performance and the quality of service. Securing real-time multimedia services over IP networks is a complex process; the security solutions must take into account the real-time constraints of voice and multimedia services and their mechanisms should address possible attacks and overhead associated with it. The need to provide certain level of Quality of Service (QoS) often results with weak security mechanisms. The problem of applying security mechanism for real-time sensitive applications is that security and efficiency are conflicting requirements and the security mechanisms may degrade the performance and the QoS of such applications. This is mainly because security mechanisms can be responsible for the increased latency and the packet loss; if latency is too high, it can be the most deteriorating constrain for the quality of the real-time multimedia communications. On the other hand, one of the major challenges for real-time applications over extgeneration mobile networks or the Beyond Third Generation Networks (B3G) is the seamless vertical handoff. Such latency and loss sensitive applications require fast and efficient handover control over various wireless technologies to realize service continuity and seamless mobility while preserving the security and the QoS. The aim of this thesis is to provide a robust security solution without compromising the QoS and the performance of the real-time multimedia applications. Because of the timecritical nature of multimedia applications and their low tolerance for disruption and packet loss, many security mechanisms implemented in data networks are not applicable to real-time services. We first investigate the different security mechanisms applying nowadays for protecting IP applications, and examine the various VPN security solutions presenting their advantages and drawbacks. Then, we analyze the mechanisms supporting real-time services and enabling to protect both the signaling and the media traffic, and compare the different
Kandi, Mohamed Ali. "Lightweight key management solutions for heterogeneous IoT". Thesis, Compiègne, 2020. http://www.theses.fr/2020COMP2575.
Pełny tekst źródłaThe Internet of Things (IoT) is an emerging technology that has the potential to improveour daily lives in a number of ways. It consists of extending connectivity beyond standard devices (such as computers, tablets and smartphones) to all everyday objects. The IoT devices, also called smart objects, can collect data from their surroundings, collaborate to process them and then act on their environment. This increases their functionalities and allow them to offer various services for the benefit of society. However, many challenges are slowing down the development of the IoT. Securing communication between its devices is one of the hardest issue that prevents this technology from revealing its full potential. Cryptography provides a set of mechanisms to secure data. For their proper functioning, these mechanisms require secret parameters called keys. The Key Management is a branch of cryptography that encompasses all operations involving the handling of these of extending the conventional mechanisms (including the Key Management) to the resource-limited devices. To be efficient in the IoT, the new mechanisms must offer a good compromise between security, performance and resource requirements. Lightweight Key Management is the essence of secure communication in the IoT and the core of our work. In this thesis, we propose a novel lightweight Key Management protocol to secure communication between the heterogeneous and dynamic IoT devices. To design our solution, we consider three modes of communication: device-to-device, group and multi-group communication. While most of the related works focus only on one of these modes of communication, our solution efficiently secures all three of them. It also automatically balances the loads between the heterogeneous devices according to their capabilities. We then prove that this makes our protocol more suitable for the IoT as it is e_cient and highly scalable. Furthermore, we propose a decentralization of our protocol based on the blockchain technology and smart contracts. We show that, by empowering multiple participants to manage the cryptographic keys, decentralization solves trust issues, lowers risk of system failure and improves security. We finally implement our solution on resource-constrained IoT motes that are based on the Contiki operating system. The objective is to experimentally evaluate the performance of our solution and to complete our theoretical analyses
Touati, Lyes. "Internet of things security : towards a robust interaction of systems of systems". Thesis, Compiègne, 2016. http://www.theses.fr/2016COMP2311/document.
Pełny tekst źródłaIn this thesis, we deal with security challenges in the Internet of Things. The evolution of the Internet toward an Internet of Things created new challenges relating to the way to secure communications given the new constraints of IoT, namely: resource constrained objects, heterogeneity of network components, the huge size of the network, etc. Indeed, the Internet evolved from a network of computers and servers toward a huge network connecting billions of smart communicating objects. These objects will be integrated into complex systems and use sensors and actuators to observe and interact with their physical environment. The security requirements of the interactions between smart objects depend on the context which evolves in time and space. Consequently, the definition of the security policies should be adaptive and context-aware. In this thesis, we were interested in the problem of access control in IoT relying on Attribute based Encryption (ABE). Indeed, ABE schemes present many advantages in implementing a cryptographic fine-grained access control. However, these schemes raise many implementation challenges because of their complexity and high computation and energy overheads. To overcome this challenge, we leveraged the heterogeneity of IoT to develop collaborative and distributed versions of ABE schemes. Our solutions reduce remarkably the overhead in terms of energy consumption and computation. The second limitation of ABE schemes is the absence of efficient attribute/key revocation techniques. We have proposed batch based mechanisms for attribute/key revocation in CP-ABE. We demonstrated the efficiency of the proposed solutions through simulations. Finally, we have proposed a CP-ABE based solution for the problem of grouping proof. This problem consists of providing the proof that a set of objects are present simultaneously (same time and same location). The propose solution has many applications such as enforcing the security of NFC based payments and the access to sensitive locations
Drira, Kaouther. "Coloration d’arêtes ℓ-distance et clustering : études et algorithmes auto-stabilisants". Thesis, Lyon 1, 2010. http://www.theses.fr/2010LYO10335/document.
Pełny tekst źródłaGraph coloring is a famous combinatorial optimization problem and is very attractive for its numerous applications. Many variants and generalizations of the graph-coloring problem have been introduced and studied. An edge-coloring assigns a color to each edge so that no two adjacent edges share the same color. In the first part of this thesis, we study the problem of the ℓ-distance-edge-coloring, which is a generalization of the classical edge-coloring. The study focuses on the following classes of graphs : paths, grids, hypercubes, trees and some power graphs. We are conducting a combinatorial and algorithmic study of the parameter. We give a sequential coloring algorithm for each class of graph. The ℓ-distance-edge-coloring is especially considered in large-scale networks. However, with the increasing number of nodes, networks are increasingly vulnerable to faults. In the second part, we focus on fault-tolerant algorithms and in particular self-stabilizing algorithms. We propose a self-stabilizing algorithm for proper edge-coloring. Our solution is based on Vizing’s result to minimize number of colors. Subsequently, we propose a selfstabilizing clustering algorithm for applications in the field of security in mobile ad hoc networks. Our solution is a partitioning into clusters based on trust relationships between nodes. We also propose a group key-management algorithm in mobile ad hoc networks based on the topology of clusters previously built. The security of our protocol is strengthened by its clustering criterion which constantly monitors trust relationships and expels malicious nodes out of the multicast session
Hoang, Van-Hoan. "Securing data access and exchanges in a heterogeneous ecosystem : An adaptive and context-sensitive approach". Thesis, La Rochelle, 2022. http://www.theses.fr/2022LAROS009.
Pełny tekst źródłaCloud-based data storage and sharing services have been proven successful since the last decades. The underlying model helps users not to expensively spend on hardware to store data while still being able to access and share data anywhere and whenever they desire. In this context, security is vital to protecting users and their resources. Regarding users, they need to be securely authenticated to prove their eligibility to access resources. As for user privacy, showing credentials enables the service provider to detect sharing-related people or build a profile for each. Regarding outsourced data, due to complexity in deploying an effective key management in such services, data is often not encrypted by users but service providers. This enables them to read users’ data. In this thesis, we make a set of contributions which address these issues. First, we design a password-based authenticated key exchange protocol to establish a secure channel between users and service providers over insecure environment. Second, we construct a privacy-enhancing decentralized public key infrastructure which allows building secure authentication protocols while preserving user privacy. Third, we design two revocable ciphertext-policy attribute-based encryption schemes. These provide effective key management systems to help a data owner to encrypt data before outsourcing it while still retaining the capacity to securely share it with others. Fourth, we build a decentralized data sharing platform by leveraging the blockchain technology and the IPFS network. The platform aims at providing high data availability, data confidentiality, secure access control, and user privacy
Ben, Saied Yosra. "Collaborative security for the internet of things". Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2013. http://www.theses.fr/2013TELE0013.
Pełny tekst źródłaThis thesis addresses new security challenges in the Internet of Things (IoT). The current transition from legacy Internet to Internet of Things leads to multiple changes in its communication paradigms. Wireless sensor networks (WSNs) initiated this transition by introducing unattended wireless topologies, mostly made of resource constrained nodes, in which radio spectrum therefore ceased to be the only resource worthy of optimization. Today's Machine to Machine (M2M) and Internet of Things architectures further accentuated this trend, not only by involving wider architectures but also by adding heterogeneity, resource capabilities inconstancy and autonomy to once uniform and deterministic systems. The heterogeneous nature of IoT communications and imbalance in resources capabilities between IoT entities make it challenging to provide the required end-to-end secured connections. Unlike Internet servers, most of IoT components are characterized by low capabilities in terms of both energy and computing resources, and thus, are unable to support complex security schemes. The setup of a secure end-to-end communication channel requires the establishment of a common secret key between both peers, which would be negotiated relying on standard security key exchange protocols such as Transport Layer Security (TLS) Handshake or Internet Key Exchange (IKE). Nevertheless, a direct use of existing key establishment protocols to initiate connections between two IoT entities may be impractical because of the technological gap between them and the resulting inconsistencies in their cryptographic primitives. The issue of adapting existing security protocols to fulfil these new challenges has recently been raised in the international research community but the first proposed solutions failed to satisfy the needs of resource-constrained nodes. In this thesis, we propose novel collaborative approaches for key establishment designed to reduce the requirements of existing security protocols, in order to be supported by resource-constrained devices. We particularly retained TLS handshake, Internet key Exchange and HIP BEX protocols as the best keying candidates fitting the end-to-end security requirements of the IoT. Then we redesigned them so that the constrained peer may delegate its heavy cryptographic load to less constrained nodes in neighbourhood exploiting the spatial heterogeneity of IoT nodes. Formal security verifications and performance analyses were also conducted to ensure the security effectiveness and energy efficiency of our collaborative protocols. However, allowing collaboration between nodes may open the way to a new class of threats, known as internal attacks that conventional cryptographic mechanisms fail to deal with. This introduces the concept of trustworthiness within a collaborative group. The trustworthiness level of a node has to be assessed by a dedicated security mechanism known as a trust management system. This system aims to track nodes behaviours to detect untrustworthy elements and select reliable ones for collaborative services assistance. In turn, a trust management system is instantiated on a collaborative basis, wherein multiple nodes share their evidences about one another's trustworthiness. Based on an extensive analysis of prior trust management systems, we have identified a set of best practices that provided us guidance to design an effective trust management system for our collaborative keying protocols. This effectiveness was assessed by considering how the trust management system could fulfil specific requirements of our proposed approaches for key establishment in the context of the IoT. Performance analysis results show the proper functioning and effectiveness of the proposed system as compared with its counterparts that exist in the literature
Mansour, Ismail. "Contribution à la sécurité des communications des réseaux de capteurs sans fil". Phd thesis, Université Blaise Pascal - Clermont-Ferrand II, 2013. http://tel.archives-ouvertes.fr/tel-00877033.
Pełny tekst źródłaSabt, Mohamed. "Outsmarting smartphones : trust based on provable security and hardware primitives in smartphones architectures". Thesis, Compiègne, 2016. http://www.theses.fr/2016COMP2320.
Pełny tekst źródłaThe landscape of mobile devices has been changed with the introduction of smartphones. Sincetheir advent, smartphones have become almost vital in the modern world. This has spurred many service providers to propose access to their services via mobile applications. Despite such big success, the use of smartphones for sensitive applications has not become widely popular. The reason behind this is that users, being increasingly aware about security, do not trust their smartphones to protect sensitive applications from attackers. The goal of this thesis is to strengthen users trust in their devices. We cover this trust problem with two complementary approaches: provable security and hardware primitives. In the first part, our goal is to demonstrate the limits of the existing technologies in smartphones architectures. To this end, we analyze two widely deployed systems in which careful design was applied in order to enforce their security guarantee: the Android KeyStore, which is the component shielding users cryptographic keys in Android smartphones, and the family of Secure Channel Protocols (SCPs) defined by the GlobalPlatform consortium. Our study relies on the paradigm of provable security. Despite being perceived as rather theoretical and abstract, we show that this tool can be handily used for real-world systems to find security vulnerabilities. This shows the important role that can play provable security for trust by being able to formally prove the absence of security flaws or to identify them if they exist. The second part focuses on complex systems that cannot cost-effectively be formally verified. We begin by investigating the dual-execution-environment approach. Then, we consider the case when this approach is built upon some particular hardware primitives, namely the ARM TrustZone, to construct the so-called Trusted Execution Environment (TEE). Finally, we explore two solutions addressing some of the TEE limitations. First, we propose a new TEE architecture that protects its sensitive data even when the secure kernel gets compromised. This relieves service providers of fully trusting the TEE issuer. Second, we provide a solution in which TEE is used not only for execution protection, but also to guarantee more elaborated security properties (i.e. self-protection and self-healing) to a complex software system like an OS kernel
Orfila, Jean-Baptiste. "Evaluation de la confiance dans les architectures de sécurité". Thesis, Université Grenoble Alpes (ComUE), 2018. http://www.theses.fr/2018GREAM034/document.
Pełny tekst źródłaIn a increasingly connected world, trust in information systems is essential. Thus, many questions about their security arise. Topics of these questions include individual data confidentiality as well as protection of Industrial Critical Systems(ICS). For instance, ICS are deployed in sectors including energy or transportation where security is of high importance. In this thesis, we address three problems related to the security architecture of information systems. We first propose an architecture for a protocol splitting device. This provides protection against networkattacks by isolating and filtering data exchanges. We show that this new security equipment is well suited for ICS. Then, we focus on end-user security. We define a user-centric Public Key Infrastructure (PKI) called LocalPKI. By using self-signed certificates, this infrastructure combines the user-friendliness of PGP-based PKI and the security of hierarchical PKI. Finally, we improve the trust anchormechanism. It is employed by Certification Authorities (CA) and especially used in PKIX or LocalPKI. In that respect, we first define multi-party protocols to securely compute dot and matrix products. Then, we explain how to apply them on trust aggregations and thus on the reputation of certification authorities
Ben, Saied Yosra. "Collaborative security for the internet of things". Phd thesis, Institut National des Télécommunications, 2013. http://tel.archives-ouvertes.fr/tel-00879790.
Pełny tekst źródłaFontan, Benjamin. "Méthodologie de conception de systèmes temps réel et distribués en contexte UML/SysML". Phd thesis, Université Paul Sabatier - Toulouse III, 2008. http://tel.archives-ouvertes.fr/tel-00258430.
Pełny tekst źródłaTan, Heng Chuan. "Vers des communications de confiance et sécurisées dans un environnement véhiculaire". Electronic Thesis or Diss., Paris, ENST, 2017. http://www.theses.fr/2017ENST0063.
Pełny tekst źródłaRouting and key management are the biggest challenges in vehicular networks. Inappropriate routing behaviour may affect the effectiveness of communications and affect the delivery of safety-related applications. On the other hand, key management, especially due to the use of PKI certificate management, can lead to high latency, which may not be suitable for many time-critical applications. For this reason, we propose two trust models to assist the routing protocol in selecting a secure end-to-end path for forwarding. The first model focusses on detecting selfish nodes, including reputation-based attacks, designed to compromise the “true” reputation of a node. The second model is intended to detect forwarders that modify the contents of a packet before retransmission. In key management, we have developed a Secure and Authentication Key Management Protocol (SA-KMP) scheme that uses symmetric cryptography to protect communication, including eliminating certificates during communication to reduce PKI-related delays
Tan, Heng Chuan. "Vers des communications de confiance et sécurisées dans un environnement véhiculaire". Thesis, Paris, ENST, 2017. http://www.theses.fr/2017ENST0063/document.
Pełny tekst źródłaRouting and key management are the biggest challenges in vehicular networks. Inappropriate routing behaviour may affect the effectiveness of communications and affect the delivery of safety-related applications. On the other hand, key management, especially due to the use of PKI certificate management, can lead to high latency, which may not be suitable for many time-critical applications. For this reason, we propose two trust models to assist the routing protocol in selecting a secure end-to-end path for forwarding. The first model focusses on detecting selfish nodes, including reputation-based attacks, designed to compromise the “true” reputation of a node. The second model is intended to detect forwarders that modify the contents of a packet before retransmission. In key management, we have developed a Secure and Authentication Key Management Protocol (SA-KMP) scheme that uses symmetric cryptography to protect communication, including eliminating certificates during communication to reduce PKI-related delays