Authentication in virtual private networks based on quantum key distribution methods

Quantum physics has a major influence on modern computer science and communications. New quantum-based solutions continue to be proposed by researchers. However, only a few techniques are possible to implement in practice. One of them is quantum key distribution, which ensures the confidentiality of digital data. This article introduces a new concept: quantum distribution of pre-shared keys. This approach provides end-users with very secure authentication, impossible to achieve using currently-available techniques. Secure authentication is a key requirement in virtual private networks (VPN)—popular protection in computer networks. The authors simulated quantum-based distribution of a shared secret in a typical VPN connection. Using a dedicated simulator, all individual steps of the quantum key distribution process were presented. Based on the created secret, a secure IPsec tunnel in a StrongSwan environment was established between AGH (Poland) and VSB (Czech Republic). It allows end-users to communicate at very high security levels.Web of Science7517107071069

Security architecture for law enforcement agencies

In order to carry out their duty to serve and protect, law enforcement agencies (LEAs) must deploy new tools and applications to keep up with the pace of evolving technologies. However, police information and communication technology (ICT) systems have stringent security requirements that may delay the deployment of these new applications, since necessary security measures must be implemented first. This paper presents an integrated security architecture for LEAs that is able to provide common security services to novel and legacy ICT applications, while fulfilling the high security requirements of police forces. By reusing the security services provided by this architecture, new systems do not have to implement custom security mechanisms themselves, and can be easily integrated into existing police ICT infrastructures. The proposed LEA security architecture features state-of-the-art technologies, such as encrypted communications at network and application levels, or multifactor authentication based on certificates stored in smart cards.Web of Science7517107321070

Evaluación del rendimiento de la arquitectura de seguridad INDECT

This paper evaluates the performance of the key elements of the security architecture developed by the INDECT project. In particular it first evaluates three different concurrent error detection mechanism (parity check, Berger code, and cyclic redundancy check) developed in software- and hardware-based implementations of the INDECT block cipher. It also analyses the performance hit in secure web servers when enabling TLS/SSL with mutual authentication. Finally, it evaluates the throughput and delay of traffic in the virtual private network based on the OpenVPN software package with the implemented INDECT block cipher. The results of these evaluations demonstrate that the proposed mechanisms, and by extension the whole INDECT security architecture, are viable and can be used in high-performance Police information and communication systems.Este artículo evalúa el rendimiento de los principales elementos de la arquitectura de seguridad desarrollada por el proyecto INDECT. En particular, en primer lugar evalúa tres mecanismos diferentes de detección concurrente de errores (comprobación de paridad, códigos Berger y verificación por redundancia cíclica) desarrollados en las implementaciones software y hardware del algoritmo de cifrado de bloque INDECT. También se analiza el impacto en el rendimiento de los servidores web seguros cuando se activa TLS/SSL con autenticación mutua. Por último, evalúa el rendimiento y el retardo del tráfico en una red privada virtual, basada en el software OpenVPN con el algoritmo de cifrado INDECT. Los resultados de estas evaluaciones demuestran que los mecanismos propuestos, y el algoritmo de cifrado INDECT, son viables y pueden usarse en sistemas de información y comunicaciones de alto rendimiento para la Policía

Optimalizace EDCF přístupového mechanizmu u technologie Wi-Fi

Import 30/07/2008Prezenční454 - Katedra elektroniky a telekomunikační technikyNeuveden

Využití bezdrátových sítí WLAN v privátní síti

Import 20/04/2006Prezenční výpůjčkaVŠB - Technická univerzita Ostrava. Fakulta elektrotechniky a informatiky. Katedra (454) elektroniky a telekomunikační technik

Overview of the security components of INDECT project

In this paper an overview of the security components developed by the INDECT project is presented. This paper is focused on creating a multilevel security architecture, and describes the five basics areas for which new algorithms, components and tools are been created. In particular Virtual Private Networks, Symmetric Cryptography Block Ciphers, Quantum Cryptography, Federated ID Management and Secure Ad hoc Multipath Routing are described in detail.Scopu

Integrated security infrastructures for law enforcement agencies

This paper provides an overview of the security architecture for Law Enforcement Agencies (LEAs) designed by the INDECT project, and in particular the security infrastructures that have been deployed so far. These security infrastructures can be organized in the following main areas: Public Key Infrastructure (PKI) and user management, communications security, and new cryptographic algorithms. This paper presents the new ideas, architectures and deployed testbeds for these areas. In particular, it explains the inner structure of the INDECT PKI employed for federated identity management, the different technologies employed in the VPN testbed, the INDECT Block Cipher (IBC) – a novel cryptographic algorithm that has being integrated into OpenSSL library, and how IBC-enabled TLS/SSL sessions and X.509 certificates are employed to protect INDECT applications. All proposed mechanisms have been designed to work in an integrated fashion as the security foundation of all systems being developed by the INDECT project for LEAs.Web of Science74124468445

Security infrastructures: towards the INDECT system security

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI, the different technologies employed in the VPN testbed, the INDECT Block Cipher (IBC) – a new cryptography algorithm that is being integrated in OpenSSL/OpenVPN libraries, and how TLS/SSL and X.509 certificates stored in smart-cards are employed to protect INDECT applications and to implement the access control of the INDECT Portal. All the proposed mechanisms have been designed to work together as the security foundation of all systems being developed by the INDECT project.Scopu