45 research outputs found
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Modified Mclaren-marsaglia Pseudo-random Number Generator and Stochastic Key Agreement
A discussion of problems in cryptographic applications, with a brief survey of pseudo-random number generators (PRNG) used as synchronous stream ciphers, leads to a discussion of the McClaren-Marsaglia shuffling PRNG, and some means of altering its structure to both provide a more secure PRNG and to provide effective means by which to inject aperiodicity into a modified form of McClaren-Marsaglia. A discussion of two closely related protocols using this modified form of McClaren-Marsaglia as means by which correspondents may agree upon a set of random bits in a manner suitable for use in cryptographic applications is then presented, with implementation in the C programming language of the second protocol. Analysis of the protocols concludes that a reasonable expectation of confidentiality and cryptographic strength in the agreed bit-sequence is obtained.Computer Science Departmen
Regulating the technological actor: how governments tried to transform the technology and the market for cryptography and cryptographic services and the implications for the regulation of information and communications technologies
The formulation, adoption, and transformation of policy
involves the interaction of actors as they negotiate, accept, and
reject proposals. Traditional studies of policy discourse focus
on social actors. By studying cryptography policy discourses, I
argue that considering both social and technological actors in
detail enriches our understanding of policy discourse.
The case-based research looks at the various cryptography
policy strategies employed by the governments of the United
States of America and the United Kingdom. The research
method is qualitative, using hermeneutics to elucidate the
various actors’ interpretations. The research aims to
understand policy discourse as a contest of principles involving
various government actors advocating multiple regulatory
mechanisms to maintain their surveillance capabilities, and the
reactions of industry actors, non-governmental organisations,
parliamentarians, and epistemic communities.
I argue that studying socio-technological discourse helps us to
understand the complex dynamics involved in regulation and
regulatory change. Interests and alignments may be contingent
and unstable. As a result, technologies can not be regarded as
mere representations of social interests and relationships.
By capturing the interpretations and articulations of social and
technological actors we may attain a better understanding of
the regulatory landscape for information and communications
technologies
Emerging research directions in computer science : contributions from the young informatics faculty in Karlsruhe
In order to build better human-friendly human-computer interfaces,
such interfaces need to be enabled with capabilities to perceive
the user, his location, identity, activities and in particular his interaction
with others and the machine. Only with these perception capabilities
can smart systems ( for example human-friendly robots or smart environments) become posssible. In my research I\u27m thus focusing on the
development of novel techniques for the visual perception of humans and
their activities, in order to facilitate perceptive multimodal interfaces,
humanoid robots and smart environments. My work includes research
on person tracking, person identication, recognition of pointing gestures,
estimation of head orientation and focus of attention, as well as
audio-visual scene and activity analysis. Application areas are humanfriendly
humanoid robots, smart environments, content-based image and
video analysis, as well as safety- and security-related applications. This
article gives a brief overview of my ongoing research activities in these
areas
Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12
This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc
An Approach to Guide Users Towards Less Revealing Internet Browsers
When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed