3,909 research outputs found
Multilevel adaptive security system
Recent trends show increased demand for content-rich media such as images, videos and text in ad-hoc communication. Since such content often tends to be private, sensitive, or paid for, there exists a requirement for securing such information over resource constrained ad hoc networks. In this work, traditional data security mechanisms, existing ad hoc secure routing protocols and multilevel security are first reviewed. Then a new system, called the Multilevel Adaptive Security System, which incorporates the multilevel security concept at both the application layer and the network layer, is proposed to provide adaptive security services for data and routing processes.
MLASS is composed of two subsystems: Content-Based Multi-level Data Security (CB-MLDS) for content-rich data protection and Multi-Level On-demand Secure Mobile Ad hoc Routing (MOSAR) for secure route selection. The structure of each sub-system is explained in detail; experiments for each sub-system were conducted and the performance was analyzed. It is shown that MLASS is a practical security solution that is flexible enough to adapt to a range of security requirements and applies appropriate level of security services to data and its distribution over ad hoc networks. MLASS provides a balance between security, performance and resource
Research on fully distributed data processing systems
Issued as Quarterly progress reports, nos. 1-11, and Project report, Project no. G-36-64
A Novel Latin Square Image Cipher
In this paper, we introduce a symmetric-key Latin square image cipher (LSIC)
for grayscale and color images. Our contributions to the image encryption
community include 1) we develop new Latin square image encryption primitives
including Latin Square Whitening, Latin Square S-box and Latin Square P-box ;
2) we provide a new way of integrating probabilistic encryption in image
encryption by embedding random noise in the least significant image bit-plane;
and 3) we construct LSIC with these Latin square image encryption primitives
all on one keyed Latin square in a new loom-like substitution-permutation
network. Consequently, the proposed LSIC achieve many desired properties of a
secure cipher including a large key space, high key sensitivities, uniformly
distributed ciphertext, excellent confusion and diffusion properties,
semantically secure, and robustness against channel noise. Theoretical analysis
show that the LSIC has good resistance to many attack models including
brute-force attacks, ciphertext-only attacks, known-plaintext attacks and
chosen-plaintext attacks. Experimental analysis under extensive simulation
results using the complete USC-SIPI Miscellaneous image dataset demonstrate
that LSIC outperforms or reach state of the art suggested by many peer
algorithms. All these analysis and results demonstrate that the LSIC is very
suitable for digital image encryption. Finally, we open source the LSIC MATLAB
code under webpage https://sites.google.com/site/tuftsyuewu/source-code.Comment: 26 pages, 17 figures, and 7 table
Performance study of a COTS Distributed DBMS adapted for multilevel security
Multilevel secure database management system (MLS/DBMS) products
no longer enjoy direct commercial-off-the-shelf (COTS) support.
Meanwhile, existing users of these MLS/DBMS products continue to
rely on them to satisfy their multilevel security requirements.
This calls for a new approach to developing MLS/DBMS systems, one
that relies on adapting the features of existing COTS database
products rather than depending on the traditional custom design
products to provide continuing MLS support.
We advocate fragmentation as a good basis for implementing
multilevel security in the new approach because it is well
supported in some current COTS database management systems. We
implemented a prototype that utilises the inherent advantages of
the distribution scheme in distributed databases for controlling
access to single-level fragments; this is achieved by augmenting
the distribution module of the host distributed DBMS with MLS code
such that the clearance of the user making a request is always
compared to the classification of the node containing the
fragments referenced; requests to unauthorised nodes are simply
dropped.
The prototype we implemented was used to instrument a series of
experiments to determine the relative performance of the tuple,
attribute, and element level fragmentation schemes. Our
experiments measured the impact on the front-end and the network
when various properties of each scheme, such as the number of
tuples, attributes, security levels, and the page size, were
varied for a Selection and Join query. We were particularly
interested in the relationship between performance degradation and
changes in the quantity of these properties. The performance of
each scheme was measured in terms of its response time.
The response times for the element level fragmentation scheme
increased as the numbers of tuples, attributes, security levels,
and the page size were increased, more significantly so than when
the number of tuples and attributes were increased. The response
times for the attribute level fragmentation scheme was the
fastest, suggesting that the performance of the attribute level
scheme is superior to the tuple and element level fragmentation
schemes. In the context of assurance, this research has also shown
that the distribution of fragments based on security level is a
more natural approach to implementing security in MLS/DBMS
systems, because a multilevel database is analogous to a
distributed database based on security level.
Overall, our study finds that the attribute level fragmentation
scheme demonstrates better performance than the tuple and element
level schemes. The response times (and hence the performance) of
the element level fragmentation scheme exhibited the worst
performance degradation compared to the tuple and attribute level
schemes
- …