Selection of EAP-authentication methods in WLANs

IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the question of how to select the authentication method that suits an organisation’s requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples

Of Cracks and Crackdowns: Five Translations of Recent Internet Postings

Page range: 37-5

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

Autonomic Vehicular Networks: Safety, Privacy, Cybersecurity and Societal Issues

Safety, efficiency, privacy, and cybersecurity can be achieved jointly in self-organizing networks of communicating vehicles of various automated driving levels. The underlying approach, solutions and novel results are briefly exposed. We explain why we are faced with a crucial choice regarding motorized society and cyber surveillance

Information Management in Product Development Workflows – A Novel Approach on the basis of Pseudonymization of Product Information

AbstractInformation stored in the documentation of a product constitutes in many aspects the intellectual property (IP) of an enterprise. This valuable knowledge, built over years of extensive research and development deserves special attention and protection. Especially the context of distributed product development activities and increased collaborations with external partners puts companies at a growing risk that unauthorized individuals obtain access to this prized capital. In this paper, we present a novel concept for managing and sharing sensitive information in product development processes. Product information is separated and subsequently pseudonymized into independent blocks of data fragments which can be reassembled to specific information levels depending on the requirements of the organization. Thus, a user can be given access to that level of information specifically required to complete the task. The product information itself is only available as unordered data fragments and no longer interpretable even in case of data theft. By doing so, a comprehensive protection against internal and external abuse of sensitive product information can be realized which can easily be combined with existing concepts in the field of information protection

Buyer Power through Producer's Differentiation

This paper shows that retailers may choose to offer products differentiated in quality, not to relax downstream competition, but to improve their buyer power in the negotiation with their supplier. We consider a simple vertical industry where two producers sell products differentiated in quality to two retailers who operate in separated markets. In the game, first retailers choose which product to carry, then each retailer and her chosen producer bargain over the terms of a two-part tariff contract and retailers finally choose the quantities. When upstream production costs are convex, the share of the total profits going to the retailer would be higher if they choose to differentiate. We thus isolate the wish to differentiate as “only” due to increasing buyer power: via producer’s differentiation, the retailer gets a larger share of smaller total profits. This result also holds when retailers compete downstream. We derive the consequences of a differentiation induced by buyer power motives for consumer surplus.Cet article montre que des distributeurs peuvent décider d'offrir des produits différenciés, non pas pour relâcher la concurrence horizontale, mais pour accroître leur pouvoir d'achat vis-à-vis de leur fournisseur. Nous analysons un modèle simple où deux producteurs offrent des produits différenciés en qualité à deux distributeurs en activité sur des marches séparés qui ne peuvent offrir qu'un seul produit aux consommateurs. A la première étape du jeu, les distributeurs choisissent quel produit mettre en rayon, puis chaque distributeur et son fournisseur négocient sur un contrat de tarif binôme. Enfin, les distributeurs choisissent leur quantités. Lorsque les coûts de production sont convexes, la part des profits joint revenant au distributeur est plus élevée lorsque les distributeurs choisissent de se différencier. L'origine de la différenciation peut donc être uniquement liée au désir des distributeurs d'accroître leur pouvoir d'achat: via la différenciation des fournisseurs, le distributeur obtient une plus large part de profits joints plus faibles. Ce résultat est robuste lorsque l'on introduit de la concurrence en aval. Nous mettons en évidence les conséquences de cette stratégie de différenciation sur le surplus des consommateurs

The Case for Quantum Key Distribution

Quantum key distribution (QKD) promises secure key agreement by using quantum mechanical systems. We argue that QKD will be an important part of future cryptographic infrastructures. It can provide long-term confidentiality for encrypted information without reliance on computational assumptions. Although QKD still requires authentication to prevent man-in-the-middle attacks, it can make use of either information-theoretically secure symmetric key authentication or computationally secure public key authentication: even when using public key authentication, we argue that QKD still offers stronger security than classical key agreement.Comment: 12 pages, 1 figure; to appear in proceedings of QuantumComm 2009 Workshop on Quantum and Classical Information Security; version 2 minor content revision

Simple-VPN: Simple IPsec Configuration

The IPsec protocol promised easy, ubiquitous encryption. That has never happened. For the most part, IPsec usage is confined to VPNs for road warriors, largely due to needless configuration complexity and incompatible implementations. We have designed a simple VPN configuration language that hides the unwanted complexities. Virtually no options are necessary or possible. The administrator specifies the absolute minimum of information: the authorized hosts, their operating systems, and a little about the network topology; everything else, including certificate generation, is automatic. Our implementation includes a multitarget compiler, which generates implementation-specific configuration files for three different platforms; others are easy to add