Coping with a changing world: the UK Open University approach to teaching ICT

The rapid pace of change in the ICT field has affected all HE providers, but for the UK Open University (UKOU), used to print-based courses lasting eight years or more, it has been a particular challenge. This paper will present some of the ways the UKOU has been coping with this problem by discussing the design of three courses, the first developed almost a decade ago. All three are distance learning courses that are either core or optional in a variety of bachelors' degrees, including the BSc programmes in: Information and Communication Technology; IT and Computing; and Technology; as well as the BEng (Hons) engineering programme. The first course, Information and Communication Technology: people and interactions is a level 2 (second year undergraduate) course first presented in 2002. It is predominately a print-based course with an eight year lifetime. The second course Networked Living: exploring information and communication technologies is a level 1 (first year undergraduate) course first presented some three-and-a-half years later in 2005. It is expected to have a course life of five years, and uses a mix of print-based (60%) and computer-based (40%) material. Both these courses use assignments as key tools for annual updating. The third course, Keeping ahead in ICT is aimed primarily at equipping students with advanced information searching and evaluation skills that will serve them well in professional life, and is presented at level 3 (final year undergraduate). It was first presented in 2007 and has an expected course life of 8 years. It uses much less print than in most OU courses, and has a greater reliance on third-party resources such as newspaper, conference and journal articles, websites, and other electronic resources. Some elements in each block are designed to change from year to year, in order to retain currency. Finally, the paper will look forward to the development of a new level 2 course with an expected first presentation in 2010, drawing out the lessons learned about course updating, and predicting the approach that the course team may tak

Discrete-Time Chaotic-Map Truly Random Number Generators: Design, Implementation, and Variability Analysis of the Zigzag Map

In this paper, we introduce a novel discrete chaotic map named zigzag map that demonstrates excellent chaotic behaviors and can be utilized in Truly Random Number Generators (TRNGs). We comprehensively investigate the map and explore its critical chaotic characteristics and parameters. We further present two circuit implementations for the zigzag map based on the switched current technique as well as the current-mode affine interpolation of the breakpoints. In practice, implementation variations can deteriorate the quality of the output sequence as a result of variation of the chaotic map parameters. In order to quantify the impact of variations on the map performance, we model the variations using a combination of theoretical analysis and Monte-Carlo simulations on the circuits. We demonstrate that even in the presence of the map variations, a TRNG based on the zigzag map passes all of the NIST 800-22 statistical randomness tests using simple post processing of the output data.Comment: To appear in Analog Integrated Circuits and Signal Processing (ALOG

A Novel Approach to Transport-Layer Security for Spacecraft Constellations

Spacecraft constellations seek to provide transformational services from increased environmental awareness to reduced-latency international finance. This connected future requires trusted communications. Transport-layer security models presume link characteristics and encapsulation techniques that may not be sustainable in a networked constellation. Emerging transport layer protocols for space communications enable new transport security protocols that may provide a pragmatic alternative to deploying Internet security mechanisms in space. The Bundle Protocol (BP) and Bundle Protocol Security (BPSec) protocol have been designed to provide such an alternative. BP is a store-and-forward alternative to IP that carries session information as secondary headers. BPSec uses BP’s featureful secondary header mechanism to hold security information and security results. In doing so, BPSec provides an in-packet augmentation alternative to security by encapsulation. BPSec enables features such as security-at-rest, separate encryption/signing of individual protocol headers, and the ability to add secondary headers and secure them at waypoints in the network. These features provided by BPSec change the system trades associated with networked constellations. They enable security at rest, secure content caching, and deeper inspection at gateways otherwise obscured by tunneling

An Enhanced Dataflow Analysis to Automatically Tailor Side Channel Attack Countermeasures to Software Block Ciphers

Protecting software implementations of block ciphers from side channel attacks is a significant concern to realize secure embedded computation platforms. The relevance of the issue calls for the automation of the side channel vulnerability assessment of a block cipher implementation, and the automated application of provably secure defenses. The most recent methodology in the field is an application of a specialized data-flow analysis, performed by means of the LLVM compiler framework, detecting in the AES cipher the portions of the code amenable to key extraction via side channel analysis. The contribution of this work is an enhancement to the existing data-flow analysis which extending it to tackle any block cipher implemented in software. In particular, the extended strategy takes fully into account the data dependencies present in the key schedule of a block cipher, regardless of its complexity, to obtain consistently sound results. This paper details the analysis strategy and presents new results on the tailored application of power and electro-magnetic emission analysis countermeasures, evaluating the performances on both the ARM Cortex-M and the MIPS ISA. The experimental evaluation reports a case study on two block ciphers: the first designed to achieve a high security margin at a non-negligible computational cost, and a lightweight one. The results show that, when side-channel-protected implementations are considered, the high-security block cipher is indeed more efficient than the lightweight one

Trusted IP solution in multi-tenant cloud FPGA platform

Because FPGAs outperform traditional processing cores like CPUs and GPUs in terms of performance per watt and flexibility, they are being used more and more in cloud and data center applications. There are growing worries about the security risks posed by multi-tenant sharing as the demand for hardware acceleration increases and gradually gives way to FPGA multi-tenancy in the cloud. The confidentiality, integrity, and availability of FPGA-accelerated applications may be compromised if space-shared FPGAs are made available to many cloud tenants. We propose a root of trust-based trusted execution mechanism called \textbf{TrustToken} to prevent harmful software-level attackers from getting unauthorized access and jeopardizing security. With safe key creation and truly random sources, \textbf{TrustToken} creates a security block that serves as the foundation of trust-based IP security. By offering crucial security characteristics, such as secure, isolated execution and trusted user interaction, \textbf{TrustToken} only permits trustworthy connection between the non-trusted third-party IP and the rest of the SoC environment. The suggested approach does this by connecting the third-party IP interface to the \textbf{TrustToken} Controller and running run-time checks on the correctness of the IP authorization(Token) signals. With an emphasis on software-based assaults targeting unauthorized access and information leakage, we offer a noble hardware/software architecture for trusted execution in FPGA-accelerated clouds and data centers

2048XKS-F & 4096XKS-F - Two Software Oriented High Security Block Ciphers

2048XKS-F (eXtended Key Schedule - Feistel) is a Feistel cipher with a block length of 2048 bit and a key size of 4096 bit or 8192 bit, respectively. It uses the round function of the Subtitution-Permutation-Networks (SPN)1024 [11] and 1024XKS [12]as the f-function. 4096XKS-F is a Feistel cipher with a block length of 4096 bit and a key size of 8192 bit or 16384 bit, respectively. It uses the round function of the Substitution-Permutation-Network (SPN) 2048XKS as the f-function. Both 2048XKS-F and 4096XKS-F have 32 rounds. Additionally, there are #define statements in the reference implementation tocontrol which of the functions are compiled first, e.g. the diffusion layer or the s-box layer. In total, there are 6 #define statements in each reference implementation, making up 64 different ciphers. 2048XKS-F and 4096XKS-F are designed for 32 bit microprocessors with an integer hardware multiplier