Система оценивания эффективности применения криптографической защиты трафика NGN

В статье анализируются недостатки современных систем криптографической защиты трафика. Рассматриваются вопросы разработки системы оценивания эффективности внедрения новых алгоритмов и модификации сетевых протоколов с учетом параметров, задаваемых в соглашении о качестве обслуживания.In the article the shortcomings of modern cryptographic systems for the traffic security are analyzed. The issues of development assessment system efficiency of the implementation of new algorithms and modifying network protocols within the parameters defined in the agreement about the quality of service are considered

Совершенстование механизмов случайного множественного доступа в системах беспроводной связи

Проведен анализ алгоритмов множественного случайного доступа с разрешением конфликта, используемые в системах абонентного радиодоступа и их применимость в типовых условиях интенсивного и нестационарного трафика. Предложена адаптивная процедура, содержащая алгоритм оптимальной стохастической оценки и обнаружитель порога, который сигнализирует о необходимости перехода на новый алгоритм.The analysis of algorithms of plural casual access is conducted with permission of conflict applied in the systems of subscriber radioaccess and their applicability in the typical conditions of intensive and unstationary traffic. Adaptive procedure, containing the algorithm of optimum stochastic estimation and registr threshold signaling about the necessity of transition on a new algorithm, is offered

SGCM: The Sophie Germain Counter Mode

Sophie Germain Counter Mode (SGCM) is an authenticated encryption mode of operation, to be used with 128-bit block ciphers such as AES. SGCM is a variant of the NIST standardized Galois / Counter Mode (GCM) which has been found to be susceptible to weak key / short cycle forgery attacks. The GCM attacks are made possible by its extremely smooth-order multiplicative group which splits into 512 subgroups. Instead of GCM\u27s $GF(2^{128})$, we use $GF(p)$ with $p=2^{128}+12451$, where $\frac{p-1}{2}$ is also a prime. SGCM is intended for those who want a concrete, largely technically compatible alternative to GCM. In this memo we give a technical specification of SGCM, together with some elements of its implementation, security and performance analysis. Test vectors are also included

Моделювання режиму вибіркового гамування із прискореним виробленням імітовставки

This article discusses the selective Galois counter mode with rapid generation of Galois message authentication code (Galois/Counter Mode and GMAC - GCM & GMAC). Specification of this coding mode is presented in NIST SP 800-38D. This coding mode is designed for realization of rapid cryptotransformation in providing information security services using different cryptographic primitives, such as polynomial hashing, counter and other. Using of proposed coding mode ensures the integrity and confidentiality of information. The article developed a reduced model of the mode. Reduced model preserves the algebraic structure of all main cryptotransformations by their scaling. Developed reduced model will use for experimental studies of collision properties of generated message authentication codes using the methods of statistical testing of hypotheses and mathematical statistics. This article discusses practical examples of cryptoprimitives and cryptotransformations.Рассматривается режим выборочного гаммирования с ускоренной выработкой имитовставки (Galois/Counter Mode and GMAC), спецификация которого представлена в NIST SP 800-38D. Разрабатывается уменьшенная модель режима, которая сохраняет алгебраическую структуру всех основных криптопреобразований и позволяет за счёт их масштабирования провести экспериментальные исследования коллизионных свойств сформированных имитовставок с последующим прогнозированием уровня криптографической стойкости полной версии шифра.Розглядається режим вибіркового гамування із прискореним виробленням імітовставки (Galois/Counter Mode and GMAC), специфікацію якого наведено у стандарті NIST SP 800-38D. Розробляється зменшена модель режиму, яка зберігає алгебраїчну структуру всіх основних криптоперетворень та дозволяє за рахунок їхнього масштабування провести експериментальні дослідження колізійних властивостей формованих імітовставок з подальшим прогнозуванням рівня криптографічного стійкості повної версії шифру

Моделювання режиму вибіркового гамування із прискореним виробленням імітовставки

This article discusses the selective Galois counter mode with rapid generation of Galois message authentication code (Galois/Counter Mode and GMAC - GCM & GMAC). Specification of this coding mode is presented in NIST SP 800-38D. This coding mode is designed for realization of rapid cryptotransformation in providing information security services using different cryptographic primitives, such as polynomial hashing, counter and other. Using of proposed coding mode ensures the integrity and confidentiality of information. The article developed a reduced model of the mode. Reduced model preserves the algebraic structure of all main cryptotransformations by their scaling. Developed reduced model will use for experimental studies of collision properties of generated message authentication codes using the methods of statistical testing of hypotheses and mathematical statistics. This article discusses practical examples of cryptoprimitives and cryptotransformations.Рассматривается режим выборочного гаммирования с ускоренной выработкой имитовставки (Galois/Counter Mode and GMAC), спецификация которого представлена в NIST SP 800-38D. Разрабатывается уменьшенная модель режима, которая сохраняет алгебраическую структуру всех основных криптопреобразований и позволяет за счёт их масштабирования провести экспериментальные исследования коллизионных свойств сформированных имитовставок с последующим прогнозированием уровня криптографической стойкости полной версии шифра.Розглядається режим вибіркового гамування із прискореним виробленням імітовставки (Galois/Counter Mode and GMAC), специфікацію якого наведено у стандарті NIST SP 800-38D. Розробляється зменшена модель режиму, яка зберігає алгебраїчну структуру всіх основних криптоперетворень та дозволяє за рахунок їхнього масштабування провести експериментальні дослідження колізійних властивостей формованих імітовставок з подальшим прогнозуванням рівня криптографічного стійкості повної версії шифру

SELL v1.0: Searchable Encrypted Logging Library

We present a practical solution to design a secure logging system that provides confidentiality, integrity, completeness, and non-repudiation. To the best of our knowledge, our solution is the first practical implementation of a logging system that brings all the above security aspects together. Our proposed library makes use of a Dynamic Searchable Symmetric Encryption (DSSE) scheme to provide keyword search operations through encrypted logs without decryption. This helps us to keep each log confidential, preventing unauthorized users from decrypting the encrypted logs. Moreover, we deploy a set of new features such as log sequence generation and digital signatures on top of the DSSE scheme, which makes our library a complete proof of concept solution for a secure logging system, providing all the necessary security assurances. We also analyze the library\u27s performance on a real setting, bootstrapping with 10,000 lines of logs. Based on our observation, the entire search operation for a keyword takes about 10 milliseconds. Although SELL v1.0 is developed purely in Python without any low level optimization, the benchmarks show promising timing results for all the operations

A multilayer non-repudiation system: a Suite-B approach

&nbsp;Security provisioning is an essential part in the design of any communication systems, which becomes more critical for wireless systems. The consideration and comparisons of security algorithms in various Open Systems Interconnection layers is a difficult task, because there are many performance metrics involved. The aim of this novel research article is to present research results for the design of a wireless system revolving around the practical and low-cost implementation of Suite-B algorithms in different layers. Suite-B, promulgated by the National Security Agency, is a set of cryptographic algorithms, including non-repudiation. The end results include the deployment of Suite-B algorithms at the application, transport, and network layers and the protocol flow at each layer.<br /

On Weak Keys and Forgery Attacks Against Polynomial-Based MAC Schemes

Abstract. Universal hash functions are commonly used primitives for fast and secure message authentication in the form of Message Authentication Codes (MACs) or Authenticated Encryption with Associated Data (AEAD) schemes. These schemes are widely used and standardised, the most well known being McGrew and Viega’s Galois/Counter Mode (GCM). In this paper we identify some properties of hash functions based on polynomial evaluation that arise from the underlying algebraic structure. As a result we are able to describe a general forgery attack, of which Saarinen’s cycling attack from FSE 2012 is a special case. Our attack removes the requirement for long messages and applies regardless of the field in which the hash function is evaluated. Furthermore we provide a common description of all published attacks against GCM, by showing that the existing attacks are the result of these algebraic properties of the polynomial-based hash function. We also greatly expand the number of known weak GCM keys and show that almost every subset of the keyspace is a weak key class. Finally, we demonstrate that these algebraic properties and corresponding attacks are highly relevant to GCM/2 +, a variant of GCM designed to increase the efficiency in software

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment