93,684 research outputs found
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Recommended from our members
SAnoVs: Secure Anonymous Voting Scheme for clustered ad hoc networks
In this paper we propose a secure anonymous voting scheme (SAnoVS) for re-clustering in the ad-hoc network. SAnoVS extends our previous work of degree-based clustering algorithms by achieving anonymity and confidentiality of the voting procedure applied to select new cluster heads. The security of SAnoVS is based on the difficulty of computing discrete logarithms over elliptic curves, the intractability of inverting a one-way hash function and the fact that only neighboring nodes contribute to the generation of a shared secret. Furthermore, we achieve anonymity since our scheme does not require any identification information as we make use of a polynomial equation system combined with pseudo-random coordinates. The security analysis of our scheme is demonstrated with several attacks scenarios.examined with several attack scenarios and experimental results
Mixing multi-core CPUs and GPUs for scientific simulation software
Recent technological and economic developments have led to widespread availability of
multi-core CPUs and specialist accelerator processors such as graphical processing units
(GPUs). The accelerated computational performance possible from these devices can be very
high for some applications paradigms. Software languages and systems such as NVIDIA's
CUDA and Khronos consortium's open compute language (OpenCL) support a number of
individual parallel application programming paradigms. To scale up the performance of some
complex systems simulations, a hybrid of multi-core CPUs for coarse-grained parallelism and
very many core GPUs for data parallelism is necessary. We describe our use of hybrid applica-
tions using threading approaches and multi-core CPUs to control independent GPU devices.
We present speed-up data and discuss multi-threading software issues for the applications
level programmer and o er some suggested areas for language development and integration
between coarse-grained and ne-grained multi-thread systems. We discuss results from three
common simulation algorithmic areas including: partial di erential equations; graph cluster
metric calculations and random number generation. We report on programming experiences
and selected performance for these algorithms on: single and multiple GPUs; multi-core CPUs;
a CellBE; and using OpenCL. We discuss programmer usability issues and the outlook and
trends in multi-core programming for scienti c applications developers
Bit-Vectorized GPU Implementation of a Stochastic Cellular Automaton Model for Surface Growth
Stochastic surface growth models aid in studying properties of universality
classes like the Kardar--Paris--Zhang class. High precision results obtained
from large scale computational studies can be transferred to many physical
systems. Many properties, such as roughening and some two-time functions can be
studied using stochastic cellular automaton (SCA) variants of stochastic
models. Here we present a highly efficient SCA implementation of a surface
growth model capable of simulating billions of lattice sites on a single GPU.
We also provide insight into cases requiring arbitrary random probabilities
which are not accessible through bit-vectorization.Comment: INES 2016, Budapest http://www.ines-conf.org/ines-conf/2016index.htm
An Epitome of Multi Secret Sharing Schemes for General Access Structure
Secret sharing schemes are widely used now a days in various applications,
which need more security, trust and reliability. In secret sharing scheme, the
secret is divided among the participants and only authorized set of
participants can recover the secret by combining their shares. The authorized
set of participants are called access structure of the scheme. In Multi-Secret
Sharing Scheme (MSSS), k different secrets are distributed among the
participants, each one according to an access structure. Multi-secret sharing
schemes have been studied extensively by the cryptographic community. Number of
schemes are proposed for the threshold multi-secret sharing and multi-secret
sharing according to generalized access structure with various features. In
this survey we explore the important constructions of multi-secret sharing for
the generalized access structure with their merits and demerits. The features
like whether shares can be reused, participants can be enrolled or dis-enrolled
efficiently, whether shares have to modified in the renewal phase etc., are
considered for the evaluation
HORNET: High-speed Onion Routing at the Network Layer
We present HORNET, a system that enables high-speed end-to-end anonymous
channels by leveraging next generation network architectures. HORNET is
designed as a low-latency onion routing system that operates at the network
layer thus enabling a wide range of applications. Our system uses only
symmetric cryptography for data forwarding yet requires no per-flow state on
intermediate nodes. This design enables HORNET nodes to process anonymous
traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal
processing overhead per additional anonymous channel. We discuss design and
implementation details, as well as a performance and security evaluation.Comment: 14 pages, 5 figure
Remote attestation mechanism for embedded devices based on physical unclonable functions
Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved
- …