Cryptanalysis of the Cryptosystems Based on the Generalized Hidden Discrete Logarithm Problem

In this paper, we will show the hidden discrete logarithm problem(HDLP) and the generalized form of HDLP(GHDLP) over non-commutative associative algebras (FNAAs) can be reduced to discrete logarithm problem(DLP) in a finite field through analyzing the eigenvalues of the representation matrix. Through the analysis of computational complexity, we will show that HDLP and GHDLP is not are not good improvements of DLP.With all the instruments in hand, we will show how some schemes based on GHDLP can be broken. Thus we can conclude that, all ideas of constructing cryptographic schemes based on the two problem are of no practical significance

Математические модели, методы и архитектуры для защиты компьютерных сетей: обзор перспективных исследований по результатам Международной конференции MMM–ACNS–2012

The paper provides an analytical review of perspective research directions according to the talks by leading foreign and domestic experts in the security of computer networks, presented at the 6th International Conference "Mathematical Methods, Models and Architectures for Computer Networks Security» (MMM–ACNS–2012), held in St. Petersburg from 17 to 19 October, 2012. World-known scientists, such as A. Stavrou, B. Livshits, L. Khan, and F. Martinelli, made invited talks. On sections of the conference there were discussed topical issues related to the intrusion prevention, detection, and response, anti-malware techniques, applied cryptography and security protocols, access control and information protection, security event and information management, security modeling and cloud security, and security policies.В статье приводится аналитический обзор перспективных направлений исследований по результатам докладов ведущих зарубежных и отечественных специалистов в области обеспечения безопасности компьютерных сетей, сделанных на шестой Международной конференции «Математические модели, методы и архитектуры для защиты компьютерных сетей» (MMM–ACNS–2012), проходившей в Санкт-Петербурге с 17 по 19 октября 2012 года. С приглашенными докладами выступили такие известные в мире ученые, как А. Ставро, Б. Лившиц, Л. Кхан и Ф. Мартинелли. На секциях конференции были рассмотрены актуальные вопросы, связанные с предотвращением, обнаружением и реагированием на вторжения, противодействием вредоносному программному обеспечению, прикладной криптографией и протоколами безопасности, разграничением доступа и защитой информации, управлением событиями и информацией безопасности, моделированием защиты информации и безопасностью облачных вычислений, политиками безопасности

Supporting differentiated classes of resilience in multilayer networks

Services provided over telecommunications networks typically have different resilience requirements and networks need to be able to support different levels of resilience in an efficient manner. This dissertation investigates the problem of supporting differentiated classes of resilience in multilayer networks, including the most stringent resilience class required by critical services. We incorporate an innovative technique of embedding a subnetwork, termed the spine, with comparatively higher availability values at the physical layer. The spine lays a foundation for differentiation between multiple classes of flows that can be leveraged to achieve both high resilience and differentiation. The aim of this research is mainly to explore, design, and evaluate the proposed spine concept model in multilayer networks. The dissertation has four major parts. First, we explore the spine concept through numerical analysis of simple topologies illustrating the potential benefits and the cost considerations of the spine. We develop heuristics algorithms to find suitable spines for a network based on the structural properties of the network topology. Second, an optimization problem is formulated to determine the spine. The problem encompasses estimates of link availability improvements, associated costs, and a total budget. Third, we propose a crosslayer mapping and spine-aware routing design problem with protection given mainly at the lower layer. The problem is designed to transfer lower layer differentiation capability to the upper layer network and flows. We provide two joint routing-mapping optimization formulations and evaluate their performance in a multilayer scenario. Fourth, the joint routing-mapping problem is redesigned with protection given in the upper network layer instead. This will create two isolated logical networks; one mapped to the spine and the other is mapped freely on the network. Flows are assigned a path or path-pair based on their class of resilience. This approach can provide more routing options yielding different availability levels. The joint routing-mapping design problems are formulated as Integer Linear Programming (ILP) models. The goal is to achieve a wider range of availability values across layers and high availability levels for mission-critical services without the need to use higher order protection configurations. The proposed models are evaluated with extensive numerical results using real network topologies

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers