7,456 research outputs found
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
A Novel Latin Square Image Cipher
In this paper, we introduce a symmetric-key Latin square image cipher (LSIC)
for grayscale and color images. Our contributions to the image encryption
community include 1) we develop new Latin square image encryption primitives
including Latin Square Whitening, Latin Square S-box and Latin Square P-box ;
2) we provide a new way of integrating probabilistic encryption in image
encryption by embedding random noise in the least significant image bit-plane;
and 3) we construct LSIC with these Latin square image encryption primitives
all on one keyed Latin square in a new loom-like substitution-permutation
network. Consequently, the proposed LSIC achieve many desired properties of a
secure cipher including a large key space, high key sensitivities, uniformly
distributed ciphertext, excellent confusion and diffusion properties,
semantically secure, and robustness against channel noise. Theoretical analysis
show that the LSIC has good resistance to many attack models including
brute-force attacks, ciphertext-only attacks, known-plaintext attacks and
chosen-plaintext attacks. Experimental analysis under extensive simulation
results using the complete USC-SIPI Miscellaneous image dataset demonstrate
that LSIC outperforms or reach state of the art suggested by many peer
algorithms. All these analysis and results demonstrate that the LSIC is very
suitable for digital image encryption. Finally, we open source the LSIC MATLAB
code under webpage https://sites.google.com/site/tuftsyuewu/source-code.Comment: 26 pages, 17 figures, and 7 table
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
Security and privacy aspects of mobile applications for post-surgical care
Mobile technologies have the potential to improve patient monitoring, medical decision making and in general the efficiency and quality of health delivery. They also pose new security and privacy challenges. The objectives of this work are to (i) Explore and define security and privacy requirements on the example of a post-surgical care application, and (ii) Develop and test a pilot implementation Post-Surgical Care Studies of surgical out- comes indicate that timely treatment of the most common complications in compliance with established post-surgical regiments greatly improve success rates. The goal of our pilot application is to enable physician to optimally synthesize and apply patient directed best medical practices to prevent post-operative complications in an individualized patient/procedure specific fashion. We propose a framework for a secure protocol to enable doctors to check most common complications for their patient during in-hospital post- surgical care. We also implemented our construction and cryptographic protocols as an iPhone application on the iOS using existing cryptographic services and libraries
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Recommended from our members
Pico without public keys
This document is the Accepted Manuscript version of the following paper: Frank Stajano, Bruce Christianson, Mark Lomas, Graeme Jenkinson, Jeunese Payne, Max Spencer, and Quentin Stafford Fraser, 'Pico without Public Keys', Security Protocols XXIII, 23rd International Workshop Cambridge, March 31- April 2, 2015, Revised Selected Papers, pp. 195-211, part of the Lecture Notes in Computer Science book series (LNCS, Vol. 9379), first online 25 November 2015, ISBN: 978-3-319-26095-2. The final publication is available at Springer via: https://link.springer.com/chapter/10.1007%2F978-3-319-26096-9_21v.Pico is a user authentication system that does not require remembering secrets. It is based on a personal handheld token that holds the user’s credentials and that is unlocked by a “personal aura” generated by digital accessories worn by the owner. The token, acting as prover, engages in a public-key-based authentication protocol with the verifier. What would happen to Pico if success of the mythical quantum computer meant secure public key primitives were no longer available, or if for other reasons such as energy consumption we preferred not to deploy them? More generally, what would happen under those circumstances to user authentication on the web, which relies heavily on public key cryptography through HTTPS/TLS? Although the symmetric-key-vs-public-key debate dates back to the 1990s, we note that the problematic aspects of public key deployment that were identified back then are still ubiquitous today. In particular, although public key cryptography is widely deployed on the web, revocation still doesn’t work. We discuss ways of providing desirable properties of public-key-based user authentication systems using symmetric-key primitives and tamperevident tokens. In particular, we present a protocol through which a compromise of the user credentials file at one website does not require users to change their credentials at that website or any other. We also note that the current prototype of Pico, when working in compatibility mode through the Pico Lens (i.e. with websites that are unaware of the Pico protocols), doesn’t actually use public key cryptography, other than that implicit in TLS. With minor tweaks we adopt this as the native mode for Pico, dropping public key cryptography and achieving much greater deployability without any noteworthy loss in security
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
- …