Year 2010 Issues on Cryptographic Algorithms

In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST. This paper also shows several points to be discussed when dealing with Year 2010 issues.Cryptographic algorithm; Symmetric cipher; Asymmetric cipher; Security; Year 2010 issues; Hash function

An Efficient Key Management Scheme For In-Vehicle Network

Vehicle technology has developed rapidly these years, however, the security measures for in-vehicle network does not keep up with the trend. Controller area network(CAN) is the most used protocol in the in-vehicle network. With the characteristic of CAN, there exists many vulnerabilities including lacks of integrity and confidentiality, and hence CAN is vulnerable to various attacks such as impersonation attack, replay attack, etc. In order to implement the authentication and encryption, secret key derivation is necessary. In this work, we proposed an efficient key management scheme for in-vehicle network. In particular, the scheme has five phases. In the first and second phase, we utilize elliptic curve cryptography-based key encapsulation mechanism(KEM) to derive a pairwise secret between each ECU and a central secure ECU in the same group. Then in the third phase, we design secure communication to derive group shared secret among all ECU in a group. In the last two phases, SECU is not needed, regular ECU can derive session key on their own. We presented a possible attack analysis(chosen-ciphertext attack as the main threat) and a security property analysis for our scheme. Our scheme is evaluated based on a hardware-based experiment of three different microcontrollers and a software-based simulation of IVNS. We argue that based on our estimation and the experiment result, our scheme performs better in communication and computation overhead than similar works

Exclusion-intersection encryption

Identity-based encryption (IBE) has shown to be a useful cryptographic scheme enabling secure yet flexible role-based access control. We propose a new variant of IBE named as exclusion-intersection encryption: during encryption, the sender can specify the targeted groups that are legitimate and interested in reading the documents; there exists a trusted key generation centre generating the intersection private decryption keys on request. This special private key can only be used to decrypt the ciphertext which is of all the specified groups' interests, its holders are excluded from decrypting when the documents are not targeted to all these groups (e.g., the ciphertext of only a single group's interest). While recent advances in cryptographic techniques (e.g., attribute-based encryption or wicked IBE) can support a more general access control policy, the private key size may be as long as the number of attributes or identifiers that can be specified in a ciphertext, which is undesirable, especially when each user may receive a number of such keys for different decryption power. One of the applications of our notion is to support an ad-hoc joint project of two or more groups which needs extra helpers that are not from any particular group. © 2011 IEEE.published_or_final_versionThe 1st IEEE International Workshop on Security in Computers, Networking and Communications (SCNC 2011) in conjuntion with IEEE INFOCOM 2011, Shanghai, China, 10-15 April 2011. In Conference Proceedings of INFOCOM WKSHPS, 2011, p. 1048-1053The 1st IEEE International Workshop on Security in Computers, Networking and Communications (SCNC 2011) in conjuntion with IEEE INFOCOM 2011, Shanghai, China, 10-15 April 2011. In Conference Proceedings of INFOCOM WKSHPS, 2011, p. 1048-105

WDM/TDM PON bidirectional networks single-fiber/wavelength RSOA-based ONUs layer 1/2 optimization

This Thesis proposes the design and the optimization of a hybrid WDM/TDM PON at the L1 (PHY) and L2 (MAC) layers, in terms of minimum deployment cost and enhanced performance for Greenfield NGPON. The particular case of RSOA-based ONUs and ODN using a single-fibre/single-wavelength is deeply analysed. In this WDM/TDM PON relevant parameters are optimized. Special attention has been given at the main noise impairment in this type of networks: the Rayleigh Backscattering effect, which cannot be prevented. To understand its behaviour and mitigate its effects, a novel mathematical model for the Rayleigh Backscattering in burst mode transmission is presented for the first time, and it has been used to optimize the WDM/TDM RSOA based PON. Also, a cost-effective, simple design SCM WDM/TDM PON with rSOA-based ONU, was optimized and implemented. This prototype was successfully tested showing high performance, robustness, versatility and reliability. So, the system is able to give coverage up to 1280 users at 2.5 Gb/s / 1.25 Gb/s downstream/upstream, over 20 Km, and being compatible with the GPON ITU-T recommendation. This precedent has enabled the SARDANA network to extend the design, architecture and capabilities of a WDM/TDM PON for a long reach metro-access network (100 km). A proposal for an agile Transmission Convergence sub-layer is presented as another relevant contribution of this work. It is based on the optimization of the standards GPON and XG-PON (for compatibility), but applied to a long reach metro-access TDM/WDM PON rSOA-based network with higher client count. Finally, a proposal of physical implementation for the SARDANA layer 2 and possible configurations for SARDANA internetworking, with the metro network and core transport network, are presented

Architectures for Code-based Post-Quantum Cryptography

L'abstract è presente nell'allegato / the abstract is in the attachmen