16,172 research outputs found

    Very Low Cost Entropy Source Based on Chaotic Dynamics Retrofittable on Networked Devices to Prevent RNG Attacks

    Full text link
    Good quality entropy sources are indispensable in most modern cryptographic protocols. Unfortunately, many currently deployed networked devices do not include them and may be vulnerable to Random Number Generator (RNG) attacks. Since most of these systems allow firmware upgrades and have serial communication facilities, the potential for retrofitting them with secure hardware-based entropy sources exists. To this aim, very low-cost, robust, easy to deploy solutions are required. Here, a retrofittable, sub 10$ entropy source based on chaotic dynamics is illustrated, capable of a 32 kbit/s rate or more and offering multiple serial communication options including USB, I2C, SPI or USART. Operation is based on a loop built around the Analog to Digital Converter (ADC) hosted on a standard microcontroller.Comment: 4 pages, 6 figures. Pre-print from conference proceedings; IEEE 21th International Conference on Electronics, Circuits, and Systems (ICECS 2014), pp. 175-178, Dec. 201

    ANCHOR: logically-centralized security for Software-Defined Networks

    Get PDF
    While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. As a general concept, we propose ANCHOR, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on 'security' in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices. We claim and justify in the paper that centralizing such mechanisms is key for their effectiveness, by allowing us to: define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
    • …
    corecore