Your search keyword '"Halunen, K. (Kimmo)"' showing total 11 results

1. Vulnerabilities in IoT devices, backends, applications, and components

Author

Kaksonen, R. (Rauli), Halunen, K. (Kimmo), Röning, J. (Juha), Kaksonen, R. (Rauli), Halunen, K. (Kimmo), and Röning, J. (Juha)

Abstract

The Internet of Things (IoT) is the ecosystem of networked devices encountered in both work and home. IoT security is a great concern and vulnerabilities are reported daily. IoT is mixed into other digital infrastructure both in terms of sharing the same networks and using the same software components. In this paper, we analyze Common Vulnerabilities and Exposures (CVE) entries, including known exploited vulnerabilities, to describe the vulnerabilities in the IoT context. The results indicate that 88% of reported vulnerabilities are relevant to IoT systems. Half of the vulnerabilities are in the backend or frontend systems while 10‐20% concern the IoT devices. HTTP servers are the vulnerability hotspots wherever they are located. Software components are used in all IoT subsystems and tracking and updating them is essential for system security. The results can be used to understand where and what kind of vulnerabilities are in IoT systems.

Published

2023

2. Implementing post-quantum cryptography for developers

Author

Hekkala, J. (Julius), Muurman, M. (Mari), Halunen, K. (Kimmo), Vallivaara, V. (Visa), Hekkala, J. (Julius), Muurman, M. (Mari), Halunen, K. (Kimmo), and Vallivaara, V. (Visa)

Abstract

Widely used public key cryptography is threatened by the development of quantum computers. Post-quantum algorithms have been designed for the purpose of protecting sensitive data against attacks with quantum computers. National Institute of Standards and Technology has recently reached the end of the third round of post-quantum standardization process and has published three digital signatures and one key encapsulation mechanism for standardization. Three of the chosen algorithms are based on lattices. When implementing complex cryptographic algorithms, developers commonly use cryptographic libraries in their solutions to avoid mistakes. However, most of the open-source cryptography libraries do not yet have post-quantum algorithms integrated in them. We chose a C++ cryptography library, Crypto++, and created a fork where we integrated four lattice-based post-quantum algorithms. We analyzed the challenges in the process as well as the performance, correctness and security of the implemented algorithms. The performance of the integrated algorithms was overall good, but the integration process had its challenges, many of which were caused by the mathematical complexity of lattice-based algorithms. Different open-source implementations of post-quantum algorithms will be essential to their easier use for developers. Usability of the implementations is also important to avoid possible mistakes when using the algorithms.

Published

2023

3. Digi-HTA, assessment framework for digital healthcare services:information security and data protection in health technology – initial experiences

Author

Jääskelä, J. (Jari), Haverinen, J. (Jari), Kaksonen, R. (Rauli), Reponen, J. (Jarmo), Halunen, K. (Kimmo), Tokola, T. (Teemu), Röning, J. (Juha), Jääskelä, J. (Jari), Haverinen, J. (Jari), Kaksonen, R. (Rauli), Reponen, J. (Jarmo), Halunen, K. (Kimmo), Tokola, T. (Teemu), and Röning, J. (Juha)

Abstract

It is well-known that security issues in medical devices, services and applications have potentially catastrophic consequences. To avoid compromising patient data or information systems, it is essential that healthcare services and products meet the relevant information security and data protection requirements. For these reasons, the Digi-HTA assessment includes information security and data protection assessment domains. The outcome of the Digi-HTA process is a recommendation that decision-makers can use during the procurement process. We present results and experiences from the first assessments made in the Digi-HTA process. We have assessed six products so far and multiple assessments are in progress. The results indicate that healthcare product manufacturers have found the process useful, and usually, the manufacturers have had to improve the security of their product during the Digi-HTA process to get a favourable recommendation for their product. The assessment processes have taken longer than expected due to shortcomings and ambiguities in the provided self-assessment forms, and due to feedback cycles and meetings prompted by assessment findings. Of the six assessed products, four received a green light in information security and data protection, whereas two have received a yellow light due to issues that were not fixed during the process. In addition to shortcomings in adhering to best practices, we have also found exploitable security issues.

Published

2022

4. Models-based analysis of both user and attacker tasks:application to EEVEHAC

Author

Nikula, S. (Sara), Martinie, C. (Célia), Palanque, P. (Philippe), Hekkala, J. (Julius), Latvala, O.-M. (Outi-Marja), Halunen, K. (Kimmo), Nikula, S. (Sara), Martinie, C. (Célia), Palanque, P. (Philippe), Hekkala, J. (Julius), Latvala, O.-M. (Outi-Marja), and Halunen, K. (Kimmo)

Abstract

The design and development of security mechanisms, such as authentication, requires analysis techniques that take into account usability along with security. Although techniques that are grounded in the security domain target the identification and mitigation of possible threats, user centered design approaches have been proposed in order to also take into account the user’s perspective and needs. Approaches dealing with both usability and security focus on the extent to which the user can perform the authentication tasks, as well as on the possible types of attacks that may occur and the potential threats on user tasks. However, to some extent, attacker can be considered as user of the system (even if undesirable), and the analysis of attacker tasks provides useful information for the design and development of an authentication mechanism. We propose a models-based approach to analyse both user and attacker tasks. The modeling of attacker tasks enables to go deeper when analysing the threats on an authentication mechanism and the trade-offs between usability and security. We present the results of the application of this models-based approach to the EEVEHAC security mechanism, which enables the setup of a secure communication channel for users of shared public computers.

Published

2022

5. Applying a cryptographic metric to post-quantum lattice-based signature algorithms

Author

Rautell, M. (Markus), Latvala, O.-M. (Outi-Marja), Vallivaara, V. (Visa), Halunen, K. (Kimmo), Rautell, M. (Markus), Latvala, O.-M. (Outi-Marja), Vallivaara, V. (Visa), and Halunen, K. (Kimmo)

Abstract

Measuring the security of cryptographic systems is not a simple task. Nevertheless, there is an increasing need for a cryptographic metric which could assist in decision making when choosing between various candidates. The National Institute of Standards and Technology (NIST) has launched a process to standardize quantum-resistance public key encryption, key encapsulation and digital signature algorithms. This is NIST’s response to the threat posed by quantum computers against classical public key cryptography. In this paper, we apply a metric taxonomy, produced by earlier studies, to two NIST third round finalist digital signature algorithms Dilithium and Falcon in order to asses the effectiveness and extensiveness of the metric. Although, our results show that clear differences can be found with used metrics, we propose some improvements to them to allow more comprehensive analysis.

Published

2022

6. Common cybersecurity requirements in IoT standards, best practices, and guidelines

Author

Kaksonen, R. (Rauli), Halunen, K. (Kimmo), Röning, J. (Juha), Kaksonen, R. (Rauli), Halunen, K. (Kimmo), and Röning, J. (Juha)

Abstract

The cybersecurity of the Internet of Things (IoT) is an increasing concern and product vendors are advised to follow security standards, best practices, and guidelines. From the many requirement sources, a vendor is likely to choose only a few. How does this selection impact the security requirements of an IoT product? To answer the question, we collect requirements from 16 sources and divide them into categories for comparison. Common categories are identified, with all sources covering Security design, Interface security, Authentication, Data protection, and System updates. The agreement on the high-level categories does not hold in the subcategories and the selection of the sources have a big impact to the requirement details. Consolidation of the IoT security requirements would be desirable and possible.

Published

2022

7. Quantum-safe signing of notification messages in intelligent transport systems

Author

Nikula, S. (Sara), Halunen, K. (Kimmo), Vallivaara, V. (Visa), Nikula, S. (Sara), Halunen, K. (Kimmo), and Vallivaara, V. (Visa)

Abstract

In this work, we integrated three quantum-safe digital signature algorithms, CRYSTALS-Dilithium, FALCON and Rainbow, into notification messages used in intelligent transport systems. We evaluated the performance of the algorithms by measuring the time required to sign and verify messages, as well as the size of the signed messages, and compared the quantum-safe options to the elliptic curves currently accepted by the standards. Our results show that quantum-safe digital signature algorithms could be used for signing notification messages in intelligent transport systems, with only moderate changes to performance. The results also provide an evaluation of three quantum-safe digital signature algorithms’ suitability for this purpose, thus helping to choose suitable algorithms when migrating intelligent transport systems towards quantum resistance.

Published

2022

8. Involving Humans in the Cryptographic Loop: Introduction and Threat Analysis of EEVEHAC

Author

Hekkala, J. (Julius), Nikula, S. (Sara), Latvala, O.-M. (Outi-Marja), and Halunen, K. (Kimmo)

Subjects

Secure Channel, Visualizable Cryptography, Human Understandable Cryptography, Narrative Authentication

Abstract

Our digital lives rely on modern cryptography that is based on complicated mathematics average human users cannot follow. Previous attempts at adding the human user into the cryptographic loop include things like Human Authenticated Key Exchange and visualizable cryptography. This paper presents our proof-of-concept implementation of these ideas as a system called EEVEHAC. It utilizes human capabilities to achieve an endto- end encrypted channel between a user and a server that is authenticated with human senses and can be used through untrusted environments. The security of this complete system is analyzed. We find that the combination of the two different systems into EEVEHAC on a theoretical level retains the security of the individual systems. We also identify the weaknesses of this implementation and discuss options for overcoming them.

Published

2021

9. CryptoVault:a secure hardware wallet for decentralized key management

Author

Lehto, N. (Niko), Halunen, K. (Kimmo), Latvala, O.-M. (Outi-Marja), Karinsalo, A. (Anni), Salonen, J. (Jarno), Lehto, N. (Niko), Halunen, K. (Kimmo), Latvala, O.-M. (Outi-Marja), Karinsalo, A. (Anni), and Salonen, J. (Jarno)

Abstract

In traditional centralized internet services, third parties authenticate the transactions of the users. An important property of decentralized blockchain networks is the unrestricted and secured access to the private keys of users, which may often be threatened for several reasons. One considerable problem in systems based on blockchain technology is when users lose access to their keys due to, e.g., a broken or lost device. This paper, firstly, introduces an implementation that generates and maintains the private key in an Intel Software Guard Extension (SGX) enclave. The implementation allows using the private key in a process isolated from all other processes running on the same system. Secondly, the paper provides a method that enables the secure storage and recovery of a back-up key to and from an external repository, using an end-to-end secure connection. One proposed application, with which this technology could be exploited, is the social wallet.

Published

2021

10. Hash function security:cryptanalysis of the Very Smooth Hash and multicollisions in generalised iterated hash functions

Author

Halunen, K. (Kimmo) and Röning, J. (Juha)

Subjects

cryptography, multicollisions, information security, hash functions, Very Smooth Hash, monitörmäykset, tietoturva, hash-funktiot, kryptografia

Abstract

In recent years, the amount of electronic communication has grown enormously. This has posed some new problems in information security. In particular, the methods in cryptography have been under much scrutiny. There are several basic primitives that modern cryptographic protocols utilise. One of these is hash functions, which are used to compute short hash values from messages of any length. In this thesis, we study the security of hash functions from two different viewpoints. First of all, we analyse the security of the Very Smooth Hash against preimage attacks. We develop an improved method for finding preimages of Very Smooth Hash, compare this method with existing methods and demonstrate its efficiency with practical results. Furthermore, we generalise this method to the discrete logarithm variants of the Very Smooth Hash. Secondly, we describe the methods for finding multicollisions in traditional iterated hash functions and give some extensions and improvements to these. We also outline a method for finding multicollisions for generalised iterated hash functions and discuss the implications of these findings. In addition, we generalise these multicollision finding methods to some graph-based hash functions. Tiivistelmä Viime vuosina digitaaliseen tiedonsiirtoon perustuva tiedonsiirto on yleistynyt valtavasti. Tästä on seurannut monia uusia tietoturvaongelmia. Tässä yhteydessä erityisesti tiedon suojaamiseen käytetyt kryptografiset menetelmät ovat olleet tarkastelun kohteena. Hash-funktiot ovat yksi käytetyimmistä työkaluista nykyisissä kryptografisissa protokollissa. Tässä väitöskirjassa tarkastellaan hash-funktioiden turvallisuutta kahden eri tutkimusongelman kautta. Aluksi tutkitaan Very Smooth Hash -funktion turvallisuutta alkukuvien löytämistä vastaan. Alkukuvien löytämiseksi esitetään parannettu menetelmä, jota arvioidaan teoreettisilla ja käytännöllisillä menetelmillä. Tämä parannettu menetelmä yleistetään koskemaan myös Very Smooth Hashin muunnoksia, jotka perustuvat diskreetin logaritmin ongelmaan. Toisena tutkimuskohteena ovat iteroitujen hash-funktioiden yleistykset ja monitörmäykset. Aluksi esitellään perinteisiin iteroituihin hash-funktioihin liittyviä monitörmäysmenetelmiä. Tämän jälkeen tutkitaan iteroitujen hash-funktioiden yleistyksiä ja osoitetaan, että aiemmat monitörmäysmenetelmät voidaan laajentaa koskemaan myös näitä yleistyksiä. Lopuksi tutkitaan graafeihin perustuviin hash-funktioihin liittyviä monitörmäysmenetelmiä ja osoitetaan, että iteroitujen hash-funktioiden monitörmäysmenetelmä voidaan osittain yleistää koskemaan myös graafeihin perustuvia hash-funktioita.

Published

2012

11. Hash function security:cryptanalysis of the Very Smooth Hash and multicollisions in generalised iterated hash functions

Author

Röning, J. (Juha), Halunen, K. (Kimmo), Röning, J. (Juha), and Halunen, K. (Kimmo)

Abstract

In recent years, the amount of electronic communication has grown enormously. This has posed some new problems in information security. In particular, the methods in cryptography have been under much scrutiny. There are several basic primitives that modern cryptographic protocols utilise. One of these is hash functions, which are used to compute short hash values from messages of any length. In this thesis, we study the security of hash functions from two different viewpoints. First of all, we analyse the security of the Very Smooth Hash against preimage attacks. We develop an improved method for finding preimages of Very Smooth Hash, compare this method with existing methods and demonstrate its efficiency with practical results. Furthermore, we generalise this method to the discrete logarithm variants of the Very Smooth Hash. Secondly, we describe the methods for finding multicollisions in traditional iterated hash functions and give some extensions and improvements to these. We also outline a method for finding multicollisions for generalised iterated hash functions and discuss the implications of these findings. In addition, we generalise these multicollision finding methods to some graph-based hash functions., Tiivistelmä Viime vuosina digitaaliseen tiedonsiirtoon perustuva tiedonsiirto on yleistynyt valtavasti. Tästä on seurannut monia uusia tietoturvaongelmia. Tässä yhteydessä erityisesti tiedon suojaamiseen käytetyt kryptografiset menetelmät ovat olleet tarkastelun kohteena. Hash-funktiot ovat yksi käytetyimmistä työkaluista nykyisissä kryptografisissa protokollissa. Tässä väitöskirjassa tarkastellaan hash-funktioiden turvallisuutta kahden eri tutkimusongelman kautta. Aluksi tutkitaan Very Smooth Hash -funktion turvallisuutta alkukuvien löytämistä vastaan. Alkukuvien löytämiseksi esitetään parannettu menetelmä, jota arvioidaan teoreettisilla ja käytännöllisillä menetelmillä. Tämä parannettu menetelmä yleistetään koskemaan myös Very Smooth Hashin muunnoksia, jotka perustuvat diskreetin logaritmin ongelmaan. Toisena tutkimuskohteena ovat iteroitujen hash-funktioiden yleistykset ja monitörmäykset. Aluksi esitellään perinteisiin iteroituihin hash-funktioihin liittyviä monitörmäysmenetelmiä. Tämän jälkeen tutkitaan iteroitujen hash-funktioiden yleistyksiä ja osoitetaan, että aiemmat monitörmäysmenetelmät voidaan laajentaa koskemaan myös näitä yleistyksiä. Lopuksi tutkitaan graafeihin perustuviin hash-funktioihin liittyviä monitörmäysmenetelmiä ja osoitetaan, että iteroitujen hash-funktioiden monitörmäysmenetelmä voidaan osittain yleistää koskemaan myös graafeihin perustuvia hash-funktioita.

Published

2012