7 research outputs found
Cryptanalysis of the Cryptosystems Based on the Generalized Hidden Discrete Logarithm Problem
In this paper, we will show the hidden discrete logarithm problem(HDLP) and the generalized form of HDLP(GHDLP) over non-commutative associative algebras (FNAAs) can be reduced to discrete logarithm problem(DLP) in a finite field through analyzing the eigenvalues of the representation matrix. Through the analysis of computational complexity, we will show that HDLP and GHDLP is not are not good improvements of DLP.With all the instruments in hand, we will show how some schemes based on GHDLP can be broken. Thus we can conclude that, all ideas of constructing cryptographic schemes based on the two problem are of no practical significance
Математические модели, методы и архитектуры для защиты компьютерных сетей: обзор перспективных исследований по результатам Международной конференции MMM–ACNS–2012
The paper provides an analytical review of perspective research directions according to the talks by leading foreign and domestic experts in the security of computer networks, presented at the 6th International Conference "Mathematical Methods, Models and Architectures for Computer Networks Security» (MMM–ACNS–2012), held in St. Petersburg from 17 to 19 October, 2012. World-known scientists, such as A. Stavrou, B. Livshits, L. Khan, and F. Martinelli, made invited talks. On sections of the conference there were discussed topical issues related to the intrusion prevention, detection, and response, anti-malware techniques, applied cryptography and security protocols, access control and information protection, security event and information management, security modeling and cloud security, and security policies.В статье приводится аналитический обзор перспективных направлений исследований по результатам докладов ведущих зарубежных и отечественных специалистов в области обеспечения безопасности компьютерных сетей, сделанных на шестой Международной конференции «Математические модели, методы и архитектуры для защиты компьютерных сетей» (MMM–ACNS–2012), проходившей в Санкт-Петербурге с 17 по 19 октября 2012 года. С приглашенными докладами выступили такие известные в мире ученые, как А. Ставро, Б. Лившиц, Л. Кхан и Ф. Мартинелли. На секциях конференции были рассмотрены актуальные вопросы, связанные с предотвращением, обнаружением и реагированием на вторжения, противодействием вредоносному программному обеспечению, прикладной криптографией и протоколами безопасности, разграничением доступа и защитой информации, управлением событиями и информацией безопасности, моделированием защиты информации и безопасностью облачных вычислений, политиками безопасности
Supporting differentiated classes of resilience in multilayer networks
Services provided over telecommunications networks typically have different resilience requirements and networks need to be able to support different levels of resilience in an efficient manner. This dissertation investigates the problem of supporting differentiated classes of resilience in multilayer networks, including the most stringent resilience class required by critical services. We incorporate an innovative technique of embedding a subnetwork, termed the spine, with comparatively higher availability values at the physical layer. The spine lays a foundation for differentiation between multiple classes of flows that can be leveraged to achieve both high resilience and differentiation. The aim of this research is mainly to explore, design, and evaluate the proposed spine concept model in multilayer networks. The dissertation has four major parts. First, we explore the spine concept through numerical analysis of simple topologies illustrating the potential benefits and the cost considerations of the spine. We develop heuristics algorithms to find suitable spines for a network based on the structural properties of the network topology. Second, an optimization problem is formulated to determine the spine. The problem encompasses estimates of link availability improvements, associated costs, and a total budget. Third, we propose a crosslayer mapping and spine-aware routing design problem with protection given mainly at the lower layer. The problem is designed to transfer lower layer differentiation capability to the upper layer network and flows. We provide two joint routing-mapping optimization formulations and evaluate their performance in a multilayer scenario. Fourth, the joint routing-mapping problem is redesigned with protection given in the upper network layer instead. This will create two isolated logical networks; one mapped to the spine and the other is mapped freely on the network. Flows are assigned a path or path-pair based on their class of resilience. This approach can provide more routing options yielding different availability levels. The joint routing-mapping design problems are formulated as Integer Linear Programming (ILP) models. The goal is to achieve a wider range of availability values across layers and high availability levels for mission-critical services without the need to use higher order protection configurations. The proposed models are evaluated with extensive numerical results using real network topologies
Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -
The Internet today provides the environment for novel applications and
processes which may evolve way beyond pre-planned scope and
purpose. Security analysis is growing in complexity with the increase
in functionality, connectivity, and dynamics of current electronic
business processes. Technical processes within critical
infrastructures also have to cope with these developments. To tackle
the complexity of the security analysis, the application of models is
becoming standard practice. However, model-based support for security
analysis is not only needed in pre-operational phases but also during
process execution, in order to provide situational security awareness
at runtime.
This cumulative thesis provides three major contributions to modelling
methodology.
Firstly, this thesis provides an approach for model-based analysis and
verification of security and safety properties in order to support
fault prevention and fault removal in system design or redesign.
Furthermore, some construction principles for the design of
well-behaved scalable systems are given.
The second topic is the analysis of the exposition of vulnerabilities
in the software components of networked systems to exploitation by
internal or external threats. This kind of fault forecasting allows
the security assessment of alternative system configurations and
security policies. Validation and deployment of security policies
that minimise the attack surface can now improve fault tolerance and
mitigate the impact of successful attacks.
Thirdly, the approach is extended to runtime applicability. An
observing system monitors an event stream from the observed system
with the aim to detect faults - deviations from the specified
behaviour or security compliance violations - at runtime.
Furthermore, knowledge about the expected behaviour given by an
operational model is used to predict faults in the near
future. Building on this, a holistic security management strategy is
proposed. The architecture of the observing system is described and
the applicability of model-based security analysis at runtime is
demonstrated utilising processes from several industrial scenarios.
The results of this cumulative thesis are provided by 19 selected
peer-reviewed papers