Proper security mechanism are a crucial part of safe usage of Implantable Medical Devices. Multiple researchers presented various solutions to address this problem, basing them on different underlying principles. Within the scope of this thesis we perform a security analysis of the chosen authentication protocols. What is more, we present a new attack on a scheme based on physiological signal processing using a fuzzy vault cryptographic primitive. We exploit the fact that the signal generated by the heart beats does not change sufficiently in the frequency domain. Therefore it is possible that the adversary reuses signal recorded at some earlier point of time to authenticate to the implant in real time. We show in an experimental way that it is able to break the scheme with probability reaching 75%. Finally, we propose a novel lightweight authentication protocol based on hash chains. To ensure the applicability of our work, we have decided to use only energy efficient solutions, that is hash functions and block ciphers. In contrast to existing work, we have extended the threat model and considered the implant reader distrusted. We present a set of energy measurements to provide advantages of different elements to be used during implementation of our solution.

In a military environment, tactical networks enable information sharing between all the different entities in the field. In this environment, multiple groups of people from different organizations, and with different goals and policies have to share information. The information has to be shared without the risk of leaking information to unauthorized entities. Cryptography algorithms are used to encrypt information with a key to remain in control of when, where and to whom it is shared. All information is encrypted based on the concept of content-based encryption. In this unreliable environment, the cryptographic keys used to secure the data have to be available to continue collecting and processing information.

A key management architecture should be in place, to facilitate the generation and distribution of these keys. The purpose of this key management architecture is to provide the entities in the field with specific keys such that information access policies can be enforced. The challenge here is that in tactical networks, network partitionings are expected to happen. Therefore, the same keys have to be redundantly available at multiple locations to prevent a single point of failure. In a connected network, the keys can constantly be synchronized between these locations. However, the problem of key de-synchronization occurs if the network is split for some time, keys are changed on both sides, and then the network is recombined. This leads to possible conflicting keys because synchronization was temporarily not possible. The key management architecture must be able to handle such conflicts and reintegrate them as necessary.

In this thesis, we present a decentralized key management architecture with a solution for the key de-synchronization problem. We propose to use Conflict-free replicated data types, to store the keys at multiple locations and prevent conflicts. Conflict-free replicated data types is a concept to store and replicate data across multiple instances. This data type is characterized by the possibility to update the data in all instances independently, and concurrently, without coordination between the instances. Additionally, three approaches for the coordination of key creation are proposed with different levels of consistency and availability. The architecture and the three approaches are compared in experiments to evaluate the differences and prove the feasibility of the designs.

During military or peacekeeping operations it is often the case that coalitions are formed between nations or instances to achieve common objectives by joint decision making and resource sharing. Often a coalition partner participates for a certain period of time and other nations or instances might want to join the coalition in a later stage, resulting in a dynamic environment. In practice the members in these coalitions are dissimilar with regards to their disposition, requiring the coalition to be set up in a decentralised manner. In order to facilitate such an environment, a secure decentralised network should be in place that enables decision making, access control to shared information and the ability to join and leave in an appropriate way. To enable the coalition to put its signature on important decisions and to be able to provide certified public keys to enable access control, the network should include a signature scheme. A challenge for such a signature scheme is that it should not be able for previous compositions of the coalition to create valid signatures. In other words, Backlogging should be prevented in the system. Van der Lubbe et al. introduced a distributed (n,n) signature scheme for dynamic coalitions based on the distributed El Gamal signature scheme of Park et al., which can be expanded to a (n+1,n+1) signature scheme. The scheme prevents backlogging by the use of two Oblivious Third Parties. Van Elsas et al. then improved this signature scheme by enabling the signature scheme to be reduced to a (n-1,n-1) signature scheme and by replacing the Oblivious Third Parties by One-Way Accumulators, dismissing the need for Third Parties in general. Additionally, the currently popular Blockchain model has the capability to perform as a ledger. The ledger characteristics, specifically the chain of blocks, the Merkle Tree model and a consensus mechanism, can replace the functionality that prevents backlogging.

In this thesis we present a Blockchain-based Signature Scheme for Dynamic Coalitions. The signature scheme is a distributed (n,n)-signature scheme, that is able to expand to a distributed (n+1,n+1)-signature scheme and is able to reduce to a distributed (n-1,n-1)-signature scheme. The signature scheme uses the Blockchain model to tackle Backlogging Problem. In addition, we provide an analysis of aspects of the signature scheme that could introduce problems when implementing it.

In almost every device cryptographic functions are used to protect data and sensitive information from being intercepted. A commonly used encryption algorithm is the Advanced Encryption Standard (AES), which is a symmetric block cypher. Side-channel attacks against AES are well known and are often performed either directly on the surface of the integrated circuit or by attaching wires to the target device. These attacks are more difficult for devices with tamper protection, which can detect such an attack because the device enclosure must be removed. This limits the attack possibilities of these side-channel attacks for these real-world applications. Attacks using electromagnetic radiation from a further distance, called the far-field, can be used to prevent opening the enclosure.

For these power based side-channel attacks against AES, power traces must be recorded with the exact timing before an encryption or decryption starts. This is used to align the recorded traces and perform statistical analysis to extract the secret key. In order to achieve this often an GPIO trigger is used to indicate the start of a new trace. When such an GPIO trigger is not available a smart trigger can be used, which uses a pattern to generate a trigger based on the measured power. This removes the need for making a connection with the target device.

In this thesis an approach for performing non-invasive far-field side-channel attacks against multiple target devices is evaluated. For this approach near-field analysis is performed to analyse the target leakage, with the use of Test Vector Leakage Assessment. Then for each of these targets far-field side-channel attacks are attempted using a Software Defined Radio set-up and several smart triggers are tested in real-world scenarios. The results of these attacks showed that far-field side-channel attacks without an artificial trigger are possible, and thus the enclosure of the target device can stay in tact and non-invasive attacks can be performed. For the Microsemi SF2 Basic development kit attacks up to a distance of 15 cm can be achieved in an office environment. This means that far-field side-channel attacks against AES are possible in real world applications, and when designing cryptographic devices precautions must be made to protect against these attacks.

Android smartphones collect and compile a huge amount of sensitive information which is secured using cryptography. There is an unintended leakage of information during the physical implementation of a cryptosystem on a device. Such a leakage is often termed as side channel and is used to break the implementation of cryptographic algorithms. In this work, we utilize cache memory based side channels on android smartphones to retrieve crypto-process information. These side channels are based on the information leakage through the operating system, micro-architecture of the processor and the state of the processor's memory cache. We demonstrate the retrieval of data dependent memory access patterns using a spy application running in the background to recover the full secret key of cryptographic primitives such as AES T-table implementation in OpenSSL, all that would be necessary is a rogue app downloaded from an app store that is run under normal privileges.
We show that a mathematical correlation which depends on the guessed key and can be utilized to recover the \emph{complete} key in access-driven cache attacks (CAs). We show the effectiveness of the proposed method using access time measured in noisy environments. We analyze the changes in the correlation values with the number of plaintexts/ciphertexts for a successful attack using key estimation. Furthermore, we discuss and demonstrate the applicability of cache memory based side channel attacks on a white-box implementation of AES.

This thesis' objective is to provide privacy to mobile code. A practical example of mobile code is a mobile software agent that performs a task on behalf of its user. The agent travels over the network and is executed at different locations of which beforehand it is not known whether or not these can be trusted. Because a mobile software agent performs actions on behalf of its user, agent must be protected in order to provide privacy to the user. For example, a software agent must purchase a flight ticket. Other parties like airlines are then not entitled to know the agent's strategy when the agent will purchase the ticket.In this thesis, several solutions are provided to this problem, and to obtain more in depth knowledge on protecting privacy in mobile code a theoretical analysis was performed. Essential in this problem is that the execution environment cannot be trusted. It is curious in the content of the mobile code, although it does not change the content.Two approaches are covered in this thesis. First, a practical approach is given that presents several solutions to various aspects of the mobile code privacy problem. These solutions provide a level of privacy protection, however, it does not provide knowledge on what level of privacy can be provided. To answer this question a theoretical analysis is made to derivelimits of the maximum privacy level that can be achieved