Analysis of threats and design flaws in hardware and software cryptographic systems

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Focardi, Riccardo it_IT
dc.contributor.author Palmarini, Francesco <1986> it_IT
dc.date.accessioned 2018-12-12 it_IT
dc.date.accessioned 2019-07-24T08:06:43Z
dc.date.available 2019-07-24T08:06:43Z
dc.date.issued 2019-03-20 it_IT
dc.identifier.uri http://hdl.handle.net/10579/15005
dc.description.abstract In the past two decades the use of cryptography in computer systems has constantly increased. Ranging from personal devices to critical infrastructures, cryptography is pervasive and variegated. It is crucial to perform the security evaluation of existing cryptographic design and implementations. In this thesis we first investigate on Java keystores, the standard password-protected facility to securely store keys in Java. We define a threat model, distil a set of security properties and disclose unpublished attacks and weaknesses in keystores that do not adhere to state-of-the-art standards or use ad-hoc cryptographic mechanisms. Typically, security sensitive applications employ dedicated cryptographic hardware. We study the low-level APDU protocol used to communicate with PKCS#11 devices such as smartcards. We describe a threat model and discuss new attacks that exploit proprietary implementation weaknesses enabling attackers to leak sensitive keys as cleartext. Complex cryptography can also be found in the firmware of embedded and Internet-Of-Things devices. The research for security flaws in the firmware by reverse-engineering can be blocked by mechanisms preventing memory content readout to protect the IPs. We present novel firmware extraction attacks from six microcontrollers and we introduce a new voltage fault injection technique for improving the attack performance. Then we conduct a thorough evaluation of the results against the voltage glitching state-of-the-art. it_IT
dc.language.iso en it_IT
dc.publisher Università Ca' Foscari Venezia it_IT
dc.rights © Francesco Palmarini, 2019 it_IT
dc.title Analysis of threats and design flaws in hardware and software cryptographic systems it_IT
dc.title.alternative it_IT
dc.type Doctoral Thesis it_IT
dc.degree.name Informatica it_IT
dc.degree.level Dottorato di ricerca it_IT
dc.degree.grantor Dipartimento di Scienze Ambientali, Informatica e Statistica it_IT
dc.description.academicyear Dottorato - 31° Ciclo - 2015-2017 it_IT
dc.description.cycle 31
dc.degree.coordinator Focardi, Riccardo it_IT
dc.location.shelfmark D001957
dc.location Venezia, Archivio Università Ca' Foscari, Tesi Dottorato it_IT
dc.rights.accessrights openAccess it_IT
dc.thesis.matricno 823027 it_IT
dc.format.pagenumber IX, 99 p.
dc.subject.miur INF/01 INFORMATICA it_IT
dc.description.note it_IT
dc.degree.discipline it_IT
dc.contributor.co-advisor it_IT
dc.provenance.upload Francesco Palmarini (823027@stud.unive.it), 2018-12-12 it_IT
dc.provenance.plagiarycheck Riccardo Focardi (focardi@unive.it), 2019-01-18 it_IT


Files in this item

This item appears in the following Collection(s)

Show simple item record