Low-Cost Concurrent Error Detection for GCM and CCM

In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) are the AE modes recommended by the National Institute of Standards and Technology. To support high data rates, AE modes are usually implemented in hardware. However, natural faults reduce its reliability and may undermine both its encryption and authentication capability. We present a low-cost concurrent error detection (CED) scheme for 7 AE architectures. The proposed technique explores idle cycles of the AE mode architectures. Experimental results shows that the performance overhead can be lower than 100% for all architectures depending on the workload. FPGA implementation results show that the hardware overhead in the 0.1-23.3% range and the power overhead is in the 0.2-23.2% range. ASIC implementation results show that the hardware overhead in the 0.1-22.8% range and the power overhead is in the 0.3-12.6% range. The underlying block cipher and hash module need not have CED built in. Thus, it allows system designers to integrate block cipher and hash function intellectual property from different vendors

Programming distributed and adaptable autonomous components--the GCM/ProActive framework

International audienceComponent-oriented software has become a useful tool to build larger and more complex systems by describing the application in terms of encapsulated, loosely coupled entities called components. At the same time, asynchronous programming patterns allow for the development of efficient distributed applications. While several component models and frameworks have been proposed, most of them tightly integrate the component model with the middleware they run upon. This intertwining is generally implicit and not discussed, leading to entangled, hard to maintain code. This article describes our efforts in the development of the GCM/ProActive framework for providing distributed and adaptable autonomous components. GCM/ProActive integrates a component model designed for execution on large-scale environments, with a programming model based on active objects allowing a high degree of distribution and concurrency. This new integrated model provides a more powerful development, composition, and execution environment than other distributed component frameworks. We illustrate that GCM/ProActive is particularly adapted to the programming of autonomic component systems, and to the integration into a service-oriented environment

Surface radiation budget for climate applications

The Surface Radiation Budget (SRB) consists of the upwelling and downwelling radiation fluxes at the surface, separately determined for the broadband shortwave (SW) (0 to 5 micron) and longwave (LW) (greater than 5 microns) spectral regions plus certain key parameters that control these fluxes, specifically, SW albedo, LW emissivity, and surface temperature. The uses and requirements for SRB data, critical assessment of current capabilities for producing these data, and directions for future research are presented

Soft Error Resistant Design of the AES Cipher Using SRAM-based FPGA

This thesis presents a new architecture for the reliable implementation of the symmetric-key algorithm Advanced Encryption Standard (AES) in Field Programmable Gate Arrays (FPGAs). Since FPGAs are prone to soft errors caused by radiation, and AES is highly sensitive to errors, reliable architectures are of significant concern. Energetic particles hitting a device can flip bits in FPGA SRAM cells controlling all aspects of the implementation. Unlike previous research, heterogeneous error detection techniques based on properties of the circuit and functionality are used to provide adequate reliability at the lowest possible cost. The use of dual ported block memory for SubBytes, duplication for the control circuitry, and a new enhanced parity technique for MixColumns is proposed. Previous parity techniques cover single errors in datapath registers, however, soft errors can occur in the control circuitry as well as in SRAM cells forming the combinational logic and routing. In this research, propagation of single errors is investigated in the routed netlist. Weaknesses of the previous parity techniques are identified. Architectural redesign at the register-transfer level is introduced to resolve undetected single errors in both the routing and the combinational logic. Reliability of the AES implementation is not only a critical issue in large scale FPGA-based systems but also at both higher altitudes and in space applications where there are a larger number of energetic particles. Thus, this research is important for providing efficient soft error resistant design in many current and future secure applications

Toward an Integrated Regional Research Program on Global Change and the Nation\u27s Major Grasslands: Second Annual Report

I DIRECTOR\u27S REPORT: A GPRC Research Framework and Thrusts B FY94 GPRC Grant Competition C Synopsis of Current Projects 1 Thrust 1: Impacts of Climate Change 2 Thrust 2: Measuring and Modeling Net Carbon Exchange 3 Other Projects D Summary and Recommendations of FY94 GPRC PI\u27s Workshop 1 Biogeochemical Cycling Group 2 Climate Scenarios Group 3 Managed and Unmanaged Ecosystem Impacts Group 4 Scaling Group 5 Actions Prompted by the Workshop E Research Integration with ARM-CART: Eco-ARM F Future Directions for the GPRC Appendix I-A: Biogeochemical Cycling Group Workshop Report • Appendix I-B: Climate Change Scenarios Group Workshop Report • Appendix I-C: Managed and Unmanaged Ecosystem Impacts Group Workshop Report • Appendix 1-0: Funded Projects Table • Appendix I-E: Core Research Program Diagram • Appendix I-F: Regional Map II RESEARCH PROGRESS REPORTS (Title, Principal Investigator, Institution): A IMPACTS OF CLIMATE CHANGE 1 Process Studies Effects of Altered Soil Moisture and Temperature on Soil Communities, Primary Producers and Ecological Processes in Grassland Ecosystems · John M Blair, Kansas State University Impacts of global climate change on phytoplankton productivity in lakes along a thermal gradient · Kyle D Hoagland, University of Nebraska-Lincoln Natural Responses of Shallow Lakes and Wetlands for Detecting Climatic/Environmental Change · Donald C Rundquist, University of Nebraska-Lincoln 2 Climate Scenarios for Impact Analysis Space-time Local Hydrology Influenced by Changing Climatology: Disaggregation, Prediction and Comparison · Istvan Bogardi, University of Nebraska-Lincoln Observational and Numerical Study for Interannual and Interdecadel Variabilities of the Atmospheric Circulation · Tsing-Chang Chen, Iowa State University The Effect of Ecosystems on Cloud Microphysics and Aerosol Distribution · Qinghuan Han, South Dakota School of Mines and Technology Development of a Nested Regional Model for the Conterminous United States and Formation of High Resolution Climate Change Scenarios with an Application to Crop Climate Models · Linda Mearns, National Center for Atmospheric Research The detection of Climate Change Using Long Term Daily Climate Records Over Grassland Regions of the Northern Hemisphere · Michael A Palecki, University of Nebraska-Lincoln 3 Modeling Impacts of Climate Change Assessment of Climate Change on a Mixed Agricultural Landscape on the North American Great Plains · James R Brandle, University of Nebraska-Lincoln The Economic and Environmental Impact of Major Shifts in Land Use into Energy Biomass Production for Part of the Great Plains · Paul T Dyke, Texas A&M University Local and Regional Scaling With a Spatially Explicit Ecological Model · George P Malanson, University of Iowa Potential Global Warming Impacts on Vegetation Distribution, Productivity, and Hydrology at Landscape to Regional Scales in the Great Plains Region · Ronald P Neilson, Oregon State University B MEASUREMENT AND MODELING OF NET CARBON EXCHANGE 1 Process Studies Carbon, Water, and Energy Fluxes From a Tallgrass Prairie: A Long-term investigation of Biological, Environmental, and Land Use Factors · Jay M Ham, Kansas State University An Integrated Investigation of Methane and Carbon Dioxide Fluxes in Mid-Latitude Prairie Wetlands: Micrometeorological Measurements, Process-Level Studies and Modeling · Shashi B Verma, University of Nebraska-Lincoln 2 Modeling Studies Regional projections of C Dynamics with Global Change in the Central US Edward T Elliott, Colorado State University Assessment of Climate and Management Induced Directional Changes in Great Plains Vegetation with NDVI and Stable Carbon Isotopes Larry L Tieszen, Augustana College C DETECTION OF CLIMATE CHANGE Climate Change in the Mid-continent of North America William D Gosnold, University of North Dakota 105 Satellite Observation of Lake Ice as a Robust Indicator of Regional Climate Change Thomas M Ullesand, University of Wisconsin-Madison Appendix II-A: Author Index Great Plains Regional Center for Global Environmental Change 20 LW Chase Hall University of Nebraska-Lincoln PO Box 830725 Lincoln, NE 68583-0725 Phone 4021472-7887 Fax 4021472-6614 E-mail agme022@unlvmunledu ACKNOWLEDGEMENT This material is based upon work supported by the US Department of Energy under Cooperative Agreement No DE-FC03-90ER61 01 O Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the US Department of Energ

On the Edge of Secure Connectivity via Software-Defined Networking

Securing communication in computer networks has been an essential feature ever since the Internet, as we know it today, was started. One of the best known and most common methods for secure communication is to use a Virtual Private Network (VPN) solution, mainly operating with an IP security (IPsec) protocol suite originally published in 1995 (RFC1825). It is clear that the Internet, and networks in general, have changed dramatically since then. In particular, the onset of the Cloud and the Internet-of-Things (IoT) have placed new demands on secure networking. Even though the IPsec suite has been updated over the years, it is starting to reach the limits of its capabilities in its present form. Recent advances in networking have thrown up Software-Defined Networking (SDN), which decouples the control and data planes, and thus centralizes the network control. SDN provides arbitrary network topologies and elastic packet forwarding that have enabled useful innovations at the network level. This thesis studies SDN-powered VPN networking and explains the benefits of this combination. Even though the main context is the Cloud, the approaches described here are also valid for non-Cloud operation and are thus suitable for a variety of other use cases for both SMEs and large corporations. In addition to IPsec, open source TLS-based VPN (e.g. OpenVPN) solutions are often used to establish secure tunnels. Research shows that a full-mesh VPN network between multiple sites can be provided using OpenVPN and it can be utilized by SDN to create a seamless, resilient layer-2 overlay for multiple purposes, including the Cloud. However, such a VPN tunnel suffers from resiliency problems and cannot meet the increasing availability requirements. The network setup proposed here is similar to Software-Defined WAN (SD-WAN) solutions and is extremely useful for applications with strict requirements for resiliency and security, even if best-effort ISP is used. IPsec is still preferred over OpenVPN for some use cases, especially by smaller enterprises. Therefore, this research also examines the possibilities for high availability, load balancing, and faster operational speeds for IPsec. We present a novel approach involving the separation of the Internet Key Exchange (IKE) and the Encapsulation Security Payload (ESP) in SDN fashion to operate from separate devices. This allows central management for the IKE while several separate ESP devices can concentrate on the heavy processing. Initially, our research relied on software solutions for ESP processing. Despite the ingenuity of the architectural concept, and although it provided high availability and good load balancing, there was no anti-replay protection. Since anti-replay protection is vital for secure communication, another approach was required. It thus became clear that the ideal solution for such large IPsec tunneling would be to have a pool of fast ESP devices, but to confine the IKE operation to a single centralized device. This would obviate the need for load balancing but still allow high availability via the device pool. The focus of this research thus turned to the study of pure hardware solutions on an FPGA, and their feasibility and production readiness for application in the Cloud context. Our research shows that FPGA works fluently in an SDN network as a standalone IPsec accelerator for ESP packets. The proposed architecture has 10 Gbps throughput, yet the latency is less than 10 µs, meaning that this architecture is especially efficient for data center use and offers increased performance and latency requirements. The high demands of the network packet processing can be met using several different approaches, so this approach is not just limited to the topics presented in this thesis. Global network traffic is growing all the time, so the development of more efficient methods and devices is inevitable. The increasing number of IoT devices will result in a lot of network traffic utilising the Cloud infrastructures in the near future. Based on the latest research, once SDN and hardware acceleration have become fully integrated into the Cloud, the future for secure networking looks promising. SDN technology will open up a wide range of new possibilities for data forwarding, while hardware acceleration will satisfy the increased performance requirements. Although it still remains to be seen whether SDN can answer all the requirements for performance, high availability and resiliency, this thesis shows that it is a very competent technology, even though we have explored only a minor fraction of its capabilities

Tropospheric Ozone Assessment Report: assessment of global-scale model performance for global and regional ozone distributions, variability, and trends

The goal of the Tropospheric Ozone Assessment Report (TOAR) is to provide the research community with an up-to-date scientific assessment of tropospheric ozone, from the surface to the tropopause. While a suite of observations provides significant information on the spatial and temporal distribution of tropospheric ozone, observational gaps make it necessary to use global atmospheric chemistry models to synthesize our understanding of the processes and variables that control tropospheric ozone abundance and its variability. Models facilitate the interpretation of the observations and allow us to make projections of future tropospheric ozone and trace gas distributions for different anthropogenic or natural perturbations. This paper assesses the skill of current-generation global atmospheric chemistry models in simulating the observed present-day tropospheric ozone distribution, variability, and trends. Drawing upon the results of recent international multi-model intercomparisons and using a range of model evaluation techniques, we demonstrate that global chemistry models are broadly skillful in capturing the spatio-temporal variations of tropospheric ozone over the seasonal cycle, for extreme pollution episodes, and changes over interannual to decadal periods. However, models are consistently biased high in the northern hemisphere and biased low in the southern hemisphere, throughout the depth of the troposphere, and are unable to replicate particular metrics that define the longer term trends in tropospheric ozone as derived from some background sites. When the models compare unfavorably against observations, we discuss the potential causes of model biases and propose directions for future developments, including improved evaluations that may be able to better diagnose the root cause of the model-observation disparity. Overall, model results should be approached critically, including determining whether the model performance is acceptable for the problem being addressed, whether biases can be tolerated or corrected, whether the model is appropriately constituted, and whether there is a way to satisfactorily quantify the uncertainty

Un meta-modèle de composants pour la réalisation d'applications temps-réel flexibles et modulaires

The increase of software complexity along the years has led researchers in the software engineering field to look for approaches for conceiving and designing new systems. For instance, the service-oriented architectures approach is considered nowadays as the most advanced way to develop and integrate fastly modular and flexible applications. One of the software engineering solutions principles is re-usability, and consequently generality, which complicates its appilication in systems where optimizations are often used, like real-time systems. Thus, create real-time systems is expensive, because they must be conceived from scratch. In addition, most real-time systems do not beneficiate of the advantages which comes with software engineering approches, such as modularity and flexibility. This thesis aim to take real time aspects into account on popular and standard SOA solutions, in order to ease the design and development of modular and flexible applications. This will be done by means of a component-based real-time application model, which allows the dynamic reconfiguration of the application architecture. The component model will be an extension to the SCA standard, which integrates quality of service attributs onto the service consumer and provider in order to stablish a real-time specific service level agreement. This model will be executed on the top of a OSGi service platform, the standard de facto for development of modular applications in Java.La croissante complexité du logiciel a mené les chercheurs en génie logiciel à chercher des approcher pour concevoir et projéter des nouveaux systèmes. Par exemple, l'approche des architectures orientées services (SOA) est considérée actuellement comme le moyen le plus avancé pour réaliser et intégrer rapidement des applications modulaires et flexibles. Une des principales préocuppations des solutions en génie logiciel et la réutilisation, et par conséquent, la généralité de la solution, ce qui peut empêcher son application dans des systèmes où des optimisation sont souvent utilisées, tels que les systèmes temps réels. Ainsi, créer un système temps réel est devenu très couteux. De plus, la plupart des systèmes temps réel ne beneficient pas des facilités apportées par le genie logiciel, tels que la modularité et la flexibilité. Le but de cette thèse c'est de prendre en compte ces aspects temps réel dans des solutions populaires et standards SOA pour faciliter la conception et le développement d'applications temps réel flexibles et modulaires. Cela sera fait à l'aide d'un modèle d'applications temps réel orienté composant autorisant des modifications dynamiques dans l'architecture de l'application. Le modèle de composant sera une extension au standard SCA qui intègre des attributs de qualité de service sur le consomateur et le fournisseur de services pour l'établissement d'un accord de niveau de service spécifique au temps réel. Ce modèle sera executé sur une plateforme de services OSGi, le standard de facto pour le developpement d'applications modulaires en Java

Resilience to cyber-attacks in critical infrastructures of Portugal

As infraestruturas críticas são sempre um potencial alvo para ciberataques, uma vez que a repercussão de um ataque bem-sucedido pode ser catastrófica, visto que esses sistemas controlam e permitem o acesso aos principais serviços do país. Um dos sistemas que fazem parte deste grupo de infraestruturas críticas de um país são os Sistemas de Controlo Industrial (ICSs), utilizados para automatizar e controlar os processos das várias infraestruturas industriais. No passado, os ICSs eram utilizados em ambiente isolado, no entanto, com o passar do tempo e para satisfazer as exigências do mercado moderno, começaram a estar ligados com o ambiente externo. Isto trouxe muitos benefícios, mas também aumentou o nível de exposição e vulnerabilidade dos mesmos. Embora estes sistemas sejam vitais para o bom funcionamento de um país, não há nenhum trabalho público que avalie o estado de segurança destes sistemas em Portugal. Este trabalho teve como maior objetivo, identificar os ICSs expostos na Internet em Portugal e investigar o nível de risco dos mesmos em termos de segurança. Com base nisso, foi desenvolvido uma metodologia que implicou a identificação dos ICSs, o cálculo do risco dos mesmos de acordo com as características que apresentam, e o desenvolvimento de uma data warehouse para juntar e organizar os dados, e permitir uma análise de forma fácil. Ao analisar os resultados verificamos que existem muitos ICSs expostos e facilmente encontrados na Internet em Portugal. A maioria deles estão localizados em Lisboa e têm pelo menos uma característica que apresenta um risco elevado à segurança do sistema. A maioria dos sistemas não têm disponível um algoritmo de encriptação para assegurar a segurança da ligação. Dos que têm, uma enorme percentagem utiliza algoritmos que não são considerados seguros. A maioria dos sistemas identificados têm pelo menos uma porta a correr o protocolo HTTP, uma ligação que há muito tempo já não é considerada segura. Dos sistemas que estão a correr portas com risco elevado, a maioria está a correr o protocolo FTP, um protocolo não construído para ser seguro. Muitas das organizações não possuem infraestruturas próprias para gerir as políticas de rede dos seus sistemas. Nesta situação, não é possível identificar as organizações porque escondem atrás dos ISPs. Isto pode ser vantajoso porque as organizações não são facilmente identificadas pelos hackers, no entanto, ficam dependentes dos ISPs, no sentido de que, se este sofrer um ataque, todas as organizações ligadas a ela podem ser severamente afetadas. Os resultados encontrados neste trabalho permitem à Dognædis ter uma base de conhecimento sobre o estado dos ICSs expostos na Internet em Portugal, tornando possível sugerir melhorias de segurança. Também permite que a indústria e todas as organizações que têm ICSs estejam conscientes de quão expostos e vulneráveis estão os seus sistemas, de forma a dedicarem mais atenção aos sistemas que possam estar em risco de um ataque cibernético

A Detailed Characterization of 60 GHz Wi-Fi (IEEE 802.11ad)

The emergence of wireless local area network (WLAN) standards and the global system of mobile communication (GSM) in the early 1990s incited tremendous growth in the demand for wireless connectivity. Iterative technological enhancements to cellular and WLAN improved wireless capacity and created a breadth of new mobile applications. The continued increase in display resolutions and image quality combined with streaming displacing satellite/cable has created unprecedented demands on wireless infrastructure. Data-caps on cellular networks deter over consumption and increasingly shift the growing burden to Wi-Fi networks. The traditional 2.4/5 GHz Wi-Fi bands have become overloaded and the increasing number of wireless devices in the home, public, and workplace create difficult challenges to deliver quality service to large numbers of client stations. In dense urban areas, the wireless medium is subjected to increased interference due to overlapping networks and other devices communicating in the same frequency bands. Improvements to conventional Wi-Fi are approaching their theoretical limits and higher order enhancements require idealized conditions which are seldom attainable in practice. In an effort to supplant to scaling capacity requirements a very high frequency WLAN amendment has been proposed (IEEE 802.11ad). IEEE 802.11ad, also referred to as Wireless Gigabit (WiGig), operates in the globally unlicensed 60 GHz band and offers channel bandwidths nearly 100x as wide as 802.11n. The higher bandwidth facilitates multi-Gbps throughput even with the use of lower complexity modulation coding schemes (MCS). IEEE 802.11ad relies heavily on rate adaptation and high beamforming gain to mitigate interference and fading as signals in the 60 GHz band suffer from higher atmospheric ab- sorption and free space path loss (FSPL). Due to the unique nature of 60 GHz wireless there have been numerous research efforts. Many studies have been directed at simulation and modeling of the 60 GHz channel. However modeling the channel is difficult as real- world environments are highly dynamic with varying link quality and conditions which cannot be accurately predicted by conventional techniques. Some research is focused on medium access control (MAC) enhancements to improve overall capacity by coordinating concurrent links or reducing communication overhead for example. Lastly, there has been a limited amount of real world testing of 802.11ad due to lack of availability of commercial platforms and measurement instrumentation. Some researchers tested early generation devices in certain use cases such as in vehicles for media streaming, in data centers to augment the wired network, or in basic indoor and outdoor environments. This research contains two main components. In the first study, analytical models are applied to estimate line of sight (LOS) 802.11ad performance for realistic antenna param- eters. The second part contains a comprehensive evaluation of performance and reliability of early generation 802.11ad hardware. This characterization emphasizes environmen- tal performance (e.g. conference room, cubical farm, open office), multiple-client testing (multiclient), multiple network interference (spatial re-use), and stability in the presence of station mobility, physical obstructions, and antenna misalignment. In order to evaluate 802.11ad, early generation platforms from technology vendors were used in extensive test suites. The hardware tested included docks for wireless personal area networking (WPAN) applications, client laptop stations, and reference design access points (APs). Finally, a customized proof-of-concept (PoC) platform was engineered which allowed finer control over front end antenna configuration parameters such as: topology, placement and orienta- tion. The PoC also served as a suitable means to identify practical limitations and system design engineering challenges associated with supporting directional multi-Gbps (DMG) communication in the 60 GHz band