Simple group password-based authenticated key agreements for the integrated EPR information system.

PubMed

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

On the security of semi-device-independent QKD protocols

NASA Astrophysics Data System (ADS)

Chaturvedi, Anubhav; Ray, Maharshi; Veynar, Ryszard; Pawłowski, Marcin

2018-06-01

While fully device-independent security in (BB84-like) prepare-and-measure quantum key distribution (QKD) is impossible, it can be guaranteed against individual attacks in a semi-device-independent (SDI) scenario, wherein no assumptions are made on the characteristics of the hardware used except for an upper bound on the dimension of the communicated system. Studying security under such minimal assumptions is especially relevant in the context of the recent quantum hacking attacks wherein the eavesdroppers can not only construct the devices used by the communicating parties but are also able to remotely alter their behavior. In this work, we study the security of a SDIQKD protocol based on the prepare-and-measure quantum implementation of a well-known cryptographic primitive, the random access code (RAC). We consider imperfect detectors and establish the critical values of the security parameters (the observed success probability of the RAC and the detection efficiency) required for guaranteeing security against eavesdroppers with and without quantum memory. Furthermore, we suggest a minimal characterization of the preparation device in order to lower the requirements for establishing a secure key.

A Hybrid Key Management Scheme for WSNs Based on PPBR and a Tree-Based Path Key Establishment Method

PubMed Central

Zhang, Ying; Liang, Jixing; Zheng, Bingxin; Chen, Wei

2016-01-01

With the development of wireless sensor networks (WSNs), in most application scenarios traditional WSNs with static sink nodes will be gradually replaced by Mobile Sinks (MSs), and the corresponding application requires a secure communication environment. Current key management researches pay less attention to the security of sensor networks with MS. This paper proposes a hybrid key management schemes based on a Polynomial Pool-based key pre-distribution and Basic Random key pre-distribution (PPBR) to be used in WSNs with MS. The scheme takes full advantages of these two kinds of methods to improve the cracking difficulty of the key system. The storage effectiveness and the network resilience can be significantly enhanced as well. The tree-based path key establishment method is introduced to effectively solve the problem of communication link connectivity. Simulation clearly shows that the proposed scheme performs better in terms of network resilience, connectivity and storage effectiveness compared to other widely used schemes. PMID:27070624

Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations

DTIC Science & Technology

2001-09-25

establishing the certification program. This regulation is particularly significant because it is to include requirements mandated by the Airport Security Improvement...Assessment of Airport Security Screener Performance and Retention, Sept. 15, 2000. Page 8 GAO-01-1171T Criteria for Assessing Shifting responsibility for...airline and airport security officials to assess each option for reassigning screening responsibility against the key criteria- Specifically, we asked

Satellite-Relayed Intercontinental Quantum Network.

PubMed

Liao, Sheng-Kai; Cai, Wen-Qi; Handsteiner, Johannes; Liu, Bo; Yin, Juan; Zhang, Liang; Rauch, Dominik; Fink, Matthias; Ren, Ji-Gang; Liu, Wei-Yue; Li, Yang; Shen, Qi; Cao, Yuan; Li, Feng-Zhi; Wang, Jian-Feng; Huang, Yong-Mei; Deng, Lei; Xi, Tao; Ma, Lu; Hu, Tai; Li, Li; Liu, Nai-Le; Koidl, Franz; Wang, Peiyuan; Chen, Yu-Ao; Wang, Xiang-Bin; Steindorfer, Michael; Kirchner, Georg; Lu, Chao-Yang; Shu, Rong; Ursin, Rupert; Scheidl, Thomas; Peng, Cheng-Zhi; Wang, Jian-Yu; Zeilinger, Anton; Pan, Jian-Wei

2018-01-19

We perform decoy-state quantum key distribution between a low-Earth-orbit satellite and multiple ground stations located in Xinglong, Nanshan, and Graz, which establish satellite-to-ground secure keys with ∼kHz rate per passage of the satellite Micius over a ground station. The satellite thus establishes a secure key between itself and, say, Xinglong, and another key between itself and, say, Graz. Then, upon request from the ground command, Micius acts as a trusted relay. It performs bitwise exclusive or operations between the two keys and relays the result to one of the ground stations. That way, a secret key is created between China and Europe at locations separated by 7600 km on Earth. These keys are then used for intercontinental quantum-secured communication. This was, on the one hand, the transmission of images in a one-time pad configuration from China to Austria as well as from Austria to China. Also, a video conference was performed between the Austrian Academy of Sciences and the Chinese Academy of Sciences, which also included a 280 km optical ground connection between Xinglong and Beijing. Our work clearly confirms the Micius satellite as a robust platform for quantum key distribution with different ground stations on Earth, and points towards an efficient solution for an ultralong-distance global quantum network.

Satellite-Relayed Intercontinental Quantum Network

NASA Astrophysics Data System (ADS)

Liao, Sheng-Kai; Cai, Wen-Qi; Handsteiner, Johannes; Liu, Bo; Yin, Juan; Zhang, Liang; Rauch, Dominik; Fink, Matthias; Ren, Ji-Gang; Liu, Wei-Yue; Li, Yang; Shen, Qi; Cao, Yuan; Li, Feng-Zhi; Wang, Jian-Feng; Huang, Yong-Mei; Deng, Lei; Xi, Tao; Ma, Lu; Hu, Tai; Li, Li; Liu, Nai-Le; Koidl, Franz; Wang, Peiyuan; Chen, Yu-Ao; Wang, Xiang-Bin; Steindorfer, Michael; Kirchner, Georg; Lu, Chao-Yang; Shu, Rong; Ursin, Rupert; Scheidl, Thomas; Peng, Cheng-Zhi; Wang, Jian-Yu; Zeilinger, Anton; Pan, Jian-Wei

2018-01-01

We perform decoy-state quantum key distribution between a low-Earth-orbit satellite and multiple ground stations located in Xinglong, Nanshan, and Graz, which establish satellite-to-ground secure keys with ˜kHz rate per passage of the satellite Micius over a ground station. The satellite thus establishes a secure key between itself and, say, Xinglong, and another key between itself and, say, Graz. Then, upon request from the ground command, Micius acts as a trusted relay. It performs bitwise exclusive or operations between the two keys and relays the result to one of the ground stations. That way, a secret key is created between China and Europe at locations separated by 7600 km on Earth. These keys are then used for intercontinental quantum-secured communication. This was, on the one hand, the transmission of images in a one-time pad configuration from China to Austria as well as from Austria to China. Also, a video conference was performed between the Austrian Academy of Sciences and the Chinese Academy of Sciences, which also included a 280 km optical ground connection between Xinglong and Beijing. Our work clearly confirms the Micius satellite as a robust platform for quantum key distribution with different ground stations on Earth, and points towards an efficient solution for an ultralong-distance global quantum network.

Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

NASA Astrophysics Data System (ADS)

Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

2017-12-01

Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

Tight finite-key analysis for quantum cryptography

PubMed Central

Tomamichel, Marco; Lim, Charles Ci Wen; Gisin, Nicolas; Renner, Renato

2012-01-01

Despite enormous theoretical and experimental progress in quantum cryptography, the security of most current implementations of quantum key distribution is still not rigorously established. One significant problem is that the security of the final key strongly depends on the number, M, of signals exchanged between the legitimate parties. Yet, existing security proofs are often only valid asymptotically, for unrealistically large values of M. Another challenge is that most security proofs are very sensitive to small differences between the physical devices used by the protocol and the theoretical model used to describe them. Here we show that these gaps between theory and experiment can be simultaneously overcome by using a recently developed proof technique based on the uncertainty relation for smooth entropies. PMID:22252558

Tight finite-key analysis for quantum cryptography.

PubMed

Tomamichel, Marco; Lim, Charles Ci Wen; Gisin, Nicolas; Renner, Renato

2012-01-17

Despite enormous theoretical and experimental progress in quantum cryptography, the security of most current implementations of quantum key distribution is still not rigorously established. One significant problem is that the security of the final key strongly depends on the number, M, of signals exchanged between the legitimate parties. Yet, existing security proofs are often only valid asymptotically, for unrealistically large values of M. Another challenge is that most security proofs are very sensitive to small differences between the physical devices used by the protocol and the theoretical model used to describe them. Here we show that these gaps between theory and experiment can be simultaneously overcome by using a recently developed proof technique based on the uncertainty relation for smooth entropies.

Critical Infrastructure Protection and Federal Statutory Authority for the Departments of Homeland Security and Defense to Perform Two Key Tasks

DTIC Science & Technology

2017-04-13

Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law , no person shall be...policy, and law . The research question is whether the Departments of Homeland Security (DHS) and Defense (DOD) have federal statutory authority to... law ); Department of Homeland Security; Department of Defense; establish standards; physical protection and security; national security 16. SECURITY

The MANPAD Threat to Civilian Airliners

DTIC Science & Technology

2006-03-03

PAGES: 19 KEY TERMS: Homeland Security; Non-Proliferation; Airport Security CLASSIFICATION: Unclassified This paper investigates strategic approaches...technological solutions and law enforcement operations to provide a competent airport security perimeter.”18 To combat this ominous threat of MANPADS...sites for phone and computer tips should be established with access for airport security , local and federal law enforcement, as well as intelligence

Experimental extraction of secure correlations from a noisy private state.

PubMed

Dobek, K; Karpiński, M; Demkowicz-Dobrzański, R; Banaszek, K; Horodecki, P

2011-01-21

We report experimental generation of a noisy entangled four-photon state that exhibits a separation between the secure key contents and distillable entanglement, a hallmark feature of the recently established quantum theory of private states. The privacy analysis, based on the full tomographic reconstruction of the prepared state, is utilized in a proof-of-principle key generation. The inferiority of distillation-based strategies to extract the key is exposed by an implementation of an entanglement distillation protocol for the produced state.

Quantum cryptography with entangled photons

PubMed

Jennewein; Simon; Weihs; Weinfurter; Zeilinger

2000-05-15

By realizing a quantum cryptography system based on polarization entangled photon pairs we establish highly secure keys, because a single photon source is approximated and the inherent randomness of quantum measurements is exploited. We implement a novel key distribution scheme using Wigner's inequality to test the security of the quantum channel, and, alternatively, realize a variant of the BB84 protocol. Our system has two completely independent users separated by 360 m, and generates raw keys at rates of 400-800 bits/s with bit error rates around 3%.

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

PubMed Central

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-01-01

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

PubMed

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-02-11

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

Security of six-state quantum key distribution protocol with threshold detectors

PubMed Central

Kato, Go; Tamaki, Kiyoshi

2016-01-01

The security of quantum key distribution (QKD) is established by a security proof, and the security proof puts some assumptions on the devices consisting of a QKD system. Among such assumptions, security proofs of the six-state protocol assume the use of photon number resolving (PNR) detector, and as a result the bit error rate threshold for secure key generation for the six-state protocol is higher than that for the BB84 protocol. Unfortunately, however, this type of detector is demanding in terms of technological level compared to the standard threshold detector, and removing the necessity of such a detector enhances the feasibility of the implementation of the six-state protocol. Here, we develop the security proof for the six-state protocol and show that we can use the threshold detector for the six-state protocol. Importantly, the bit error rate threshold for the key generation for the six-state protocol (12.611%) remains almost the same as the one (12.619%) that is derived from the existing security proofs assuming the use of PNR detectors. This clearly demonstrates feasibility of the six-state protocol with practical devices. PMID:27443610

J-PAKE: Authenticated Key Exchange without PKI

NASA Astrophysics Data System (ADS)

Hao, Feng; Ryan, Peter

Password Authenticated Key Exchange (PAKE) is one of the important topics in cryptography. It aims to address a practical security problem: how to establish secure communication between two parties solely based on a shared password without requiring a Public Key Infrastructure (PKI). After more than a decade of extensive research in this field, there have been several PAKE protocols available. The EKE and SPEKE schemes are perhaps the two most notable examples. Both techniques are however patented. In this paper, we review these techniques in detail and summarize various theoretical and practical weaknesses. In addition, we present a new PAKE solution called J-PAKE. Our strategy is to depend on well-established primitives such as the Zero-Knowledge Proof (ZKP). So far, almost all of the past solutions have avoided using ZKP for the concern on efficiency. We demonstrate how to effectively integrate the ZKP into the protocol design and meanwhile achieve good efficiency. Our protocol has comparable computational efficiency to the EKE and SPEKE schemes with clear advantages on security.

The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks

NASA Astrophysics Data System (ADS)

Ristenpart, Thomas; Yilek, Scott

Multiparty signature protocols need protection against rogue-key attacks, made possible whenever an adversary can choose its public key(s) arbitrarily. For many schemes, provable security has only been established under the knowledge of secret key (KOSK) assumption where the adversary is required to reveal the secret keys it utilizes. In practice, certifying authorities rarely require the strong proofs of knowledge of secret keys required to substantiate the KOSK assumption. Instead, proofs of possession (POPs) are required and can be as simple as just a signature over the certificate request message. We propose a general registered key model, within which we can model both the KOSK assumption and in-use POP protocols. We show that simple POP protocols yield provable security of Boldyreva's multisignature scheme [11], the LOSSW multisignature scheme [28], and a 2-user ring signature scheme due to Bender, Katz, and Morselli [10]. Our results are the first to provide formal evidence that POPs can stop rogue-key attacks.

Multi-party quantum key agreement protocol secure against collusion attacks

NASA Astrophysics Data System (ADS)

Wang, Ping; Sun, Zhiwei; Sun, Xiaoqiang

2017-07-01

The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting N-1 coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants' cooperation. Here, t < N. We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.

Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

PubMed

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

An Efficient Identity-Based Key Management Scheme for Wireless Sensor Networks Using the Bloom Filter

PubMed Central

Qin, Zhongyuan; Zhang, Xinshuai; Feng, Kerong; Zhang, Qunfang; Huang, Jie

2014-01-01

With the rapid development and widespread adoption of wireless sensor networks (WSNs), security has become an increasingly prominent problem. How to establish a session key in node communication is a challenging task for WSNs. Considering the limitations in WSNs, such as low computing capacity, small memory, power supply limitations and price, we propose an efficient identity-based key management (IBKM) scheme, which exploits the Bloom filter to authenticate the communication sensor node with storage efficiency. The security analysis shows that IBKM can prevent several attacks effectively with acceptable computation and communication overhead. PMID:25264955

Underground Test Area Activity Communication/Interface Plan, Nevada National Security Site, Nevada, Revision 0

DOE Office of Scientific and Technical Information (OSTI.GOV)

Farnham, Irene; Rehfeldt, Kenneth

The purpose of this plan is to provide guidelines for effective communication and interfacing between Underground Test Area (UGTA) Activity participants, including the U.S. Department of Energy (DOE), National Nuclear Security Administration Nevada Field Office (NNSA/NFO) and its contractors. This plan specifically establishes the following: • UGTA mission, vision, and core values • Roles and responsibilities for key personnel • Communication with stakeholders • Guidance in key interface areas • Communication matrix

A Study on the Secure User Profiling Structure and Procedure for Home Healthcare Systems.

PubMed

Ko, Hoon; Song, MoonBae

2016-01-01

Despite of various benefits such as a convenience and efficiency, home healthcare systems have some inherent security risks that may cause a serious leak on personal health information. This work presents a Secure User Profiling Structure which has the patient information including their health information. A patient and a hospital keep it at that same time, they share the updated data. While they share the data and communicate, the data can be leaked. To solve the security problems, a secure communication channel with a hash function and an One-Time Password between a client and a hospital should be established and to generate an input value to an OTP, it uses a dual hash-function. This work presents a dual hash function-based approach to generate the One-Time Password ensuring a secure communication channel with the secured key. In result, attackers are unable to decrypt the leaked information because of the secured key; in addition, the proposed method outperforms the existing methods in terms of computation cost.

Full-field implementation of a perfect eavesdropper on a quantum cryptography system.

PubMed

Gerhardt, Ilja; Liu, Qin; Lamas-Linares, Antía; Skaar, Johannes; Kurtsiefer, Christian; Makarov, Vadim

2011-06-14

Quantum key distribution (QKD) allows two remote parties to grow a shared secret key. Its security is founded on the principles of quantum mechanics, but in reality it significantly relies on the physical implementation. Technological imperfections of QKD systems have been previously explored, but no attack on an established QKD connection has been realized so far. Here we show the first full-field implementation of a complete attack on a running QKD connection. An installed eavesdropper obtains the entire 'secret' key, while none of the parameters monitored by the legitimate parties indicate a security breach. This confirms that non-idealities in physical implementations of QKD can be fully practically exploitable, and must be given increased scrutiny if quantum cryptography is to become highly secure.

Informing Food Protection Education: A Project to Define and Classify Resources for a Cross-Disciplinary Expert Community

ERIC Educational Resources Information Center

Schenck-Hamlin, Donna; Pierquet, Jennifer; McClellan, Chuck

2011-01-01

In the wake of the September 2001 attacks, the U.S. government founded the Department of Homeland Security (DHS) with responsibility to develop a National Infrastructure Protection Plan for securing critical infrastructures and key resources. DHS established interdisciplinary networks of academic expertise administered through Centers of…

RUASN: a robust user authentication framework for wireless sensor networks.

PubMed

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

Curriculum evaluation and revision in a nascent field: the utility of the retrospective pretest--posttest model in a homeland security program of study.

PubMed

Pelfrey, William V; Pelfrey, William V

2009-02-01

Although most academic disciplines evolve at a measured pace, the emerging field of homeland security must, for reasons of safety and security, evolve rapidly. The Department of Homeland Security sponsored the establishment of a graduate educational program for key officials holding homeland security roles. Because homeland security is a nascent field, the establishment of a program curriculum was forced to draw from a variety of disciplines. Curriculum evaluation was complicated by the rapid changes occurring in the emerging discipline, producing response shift bias, and interfering with the pre-post assessments. To compensate for the validity threat associated with response shift bias, a retrospective pretest-posttest evaluative methodology was used. Data indicate the program has evolved in a significant and orderly fashion and these data support the use of this innovative evaluation approach in the development of any discipline.

Novel Multi-Party Quantum Key Agreement Protocol with G-Like States and Bell States

NASA Astrophysics Data System (ADS)

Min, Shi-Qi; Chen, Hua-Ying; Gong, Li-Hua

2018-03-01

A significant aspect of quantum cryptography is quantum key agreement (QKA), which ensures the security of key agreement protocols by quantum information theory. The fairness of an absolute security multi-party quantum key agreement (MQKA) protocol demands that all participants can affect the protocol result equally so as to establish a shared key and that nobody can determine the shared key by himself/herself. We found that it is difficult for the existing multi-party quantum key agreement protocol to withstand the collusion attacks. Put differently, it is possible for several cooperated and untruthful participants to determine the final key without being detected. To address this issue, based on the entanglement swapping between G-like state and Bell states, a new multi-party quantum key agreement protocol is put forward. The proposed protocol makes full use of EPR pairs as quantum resources, and adopts Bell measurement and unitary operation to share a secret key. Besides, the proposed protocol is fair, secure and efficient without involving a third party quantum center. It demonstrates that the protocol is capable of protecting users' privacy and meeting the requirement of fairness. Moreover, it is feasible to carry out the protocol with existing technologies.

Novel Multi-Party Quantum Key Agreement Protocol with G-Like States and Bell States

NASA Astrophysics Data System (ADS)

Min, Shi-Qi; Chen, Hua-Ying; Gong, Li-Hua

2018-06-01

A significant aspect of quantum cryptography is quantum key agreement (QKA), which ensures the security of key agreement protocols by quantum information theory. The fairness of an absolute security multi-party quantum key agreement (MQKA) protocol demands that all participants can affect the protocol result equally so as to establish a shared key and that nobody can determine the shared key by himself/herself. We found that it is difficult for the existing multi-party quantum key agreement protocol to withstand the collusion attacks. Put differently, it is possible for several cooperated and untruthful participants to determine the final key without being detected. To address this issue, based on the entanglement swapping between G-like state and Bell states, a new multi-party quantum key agreement protocol is put forward. The proposed protocol makes full use of EPR pairs as quantum resources, and adopts Bell measurement and unitary operation to share a secret key. Besides, the proposed protocol is fair, secure and efficient without involving a third party quantum center. It demonstrates that the protocol is capable of protecting users' privacy and meeting the requirement of fairness. Moreover, it is feasible to carry out the protocol with existing technologies.

[Principles and methodology for ecological rehabilitation and security pattern design in key project construction].

PubMed

Chen, Li-Ding; Lu, Yi-He; Tian, Hui-Ying; Shi, Qian

2007-03-01

Global ecological security becomes increasingly important with the intensive human activities. The function of ecological security is influenced by human activities, and in return, the efficiency of human activities will also be affected by the patterns of regional ecological security. Since the 1990s, China has initiated the construction of key projects "Yangtze Three Gorges Dam", "Qinghai-Tibet Railway", "West-to-East Gas Pipeline", "West-to-East Electricity Transmission" and "South-to-North Water Transfer" , etc. The interaction between these projects and regional ecological security has particularly attracted the attention of Chinese government. It is not only important for the regional environmental protection, but also of significance for the smoothly implementation of various projects aimed to develop an ecological rehabilitation system and to design a regional ecological security pattern. This paper made a systematic analysis on the types and characteristics of key project construction and their effects on the environment, and on the basis of this, brought forward the basic principles and methodology for ecological rehabilitation and security pattern design in this construction. It was considered that the following issues should be addressed in the implementation of a key project: 1) analysis and evaluation of current regional ecological environment, 2) evaluation of anthropogenic disturbances and their ecological risk, 3) regional ecological rehabilitation and security pattern design, 4) scenario analysis of environmental benefits of regional ecological security pattern, 5) re-optimization of regional ecological system framework, and 6) establishment of regional ecosystem management plan.

PKI-based secure mobile access to electronic health services and data.

PubMed

Kambourakis, G; Maglogiannis, I; Rouskas, A

2005-01-01

Recent research works examine the potential employment of public-key cryptography schemes in e-health environments. In such systems, where a Public Key Infrastructure (PKI) is established beforehand, Attribute Certificates (ACs) and public key enabled protocols like TLS, can provide the appropriate mechanisms to effectively support authentication, authorization and confidentiality services. In other words, mutual trust and secure communications between all the stakeholders, namely physicians, patients and e-health service providers, can be successfully established and maintained. Furthermore, as the recently introduced mobile devices with access to computer-based patient record systems are expanding, the need of physicians and nurses to interact increasingly with such systems arises. Considering public key infrastructure requirements for mobile online health networks, this paper discusses the potential use of Attribute Certificates (ACs) in an anticipated trust model. Typical trust interactions among doctors, patients and e-health providers are presented, indicating that resourceful security mechanisms and trust control can be obtained and implemented. The application of attribute certificates to support medical mobile service provision along with the utilization of the de-facto TLS protocol to offer competent confidentiality and authorization services is also presented and evaluated through experimentation, using both the 802.11 WLAN and General Packet Radio Service (GPRS) networks.

Quantum-key-distribution protocol with pseudorandom bases

NASA Astrophysics Data System (ADS)

Trushechkin, A. S.; Tregubov, P. A.; Kiktenko, E. O.; Kurochkin, Y. V.; Fedorov, A. K.

2018-01-01

Quantum key distribution (QKD) offers a way for establishing information-theoretical secure communications. An important part of QKD technology is a high-quality random number generator for the quantum-state preparation and for post-processing procedures. In this work, we consider a class of prepare-and-measure QKD protocols, utilizing additional pseudorandomness in the preparation of quantum states. We study one of such protocols and analyze its security against the intercept-resend attack. We demonstrate that, for single-photon sources, the considered protocol gives better secret key rates than the BB84 and the asymmetric BB84 protocols. However, the protocol strongly requires single-photon sources.

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

PubMed Central

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme. PMID:25276847

Semiquantum key distribution with secure delegated quantum computation

PubMed Central

Li, Qin; Chan, Wai Hong; Zhang, Shengyu

2016-01-01

Semiquantum key distribution allows a quantum party to share a random key with a “classical” party who only can prepare and measure qubits in the computational basis or reorder some qubits when he has access to a quantum channel. In this work, we present a protocol where a secret key can be established between a quantum user and an almost classical user who only needs the quantum ability to access quantum channels, by securely delegating quantum computation to a quantum server. We show the proposed protocol is robust even when the delegated quantum server is a powerful adversary, and is experimentally feasible with current technology. As one party of our protocol is the most quantum-resource efficient, it can be more practical and significantly widen the applicability scope of quantum key distribution. PMID:26813384

Finite-key security analyses on passive decoy-state QKD protocols with different unstable sources.

PubMed

Song, Ting-Ting; Qin, Su-Juan; Wen, Qiao-Yan; Wang, Yu-Kun; Jia, Heng-Yue

2015-10-16

In quantum communication, passive decoy-state QKD protocols can eliminate many side channels, but the protocols without any finite-key analyses are not suitable for in practice. The finite-key securities of passive decoy-state (PDS) QKD protocols with two different unstable sources, type-II parametric down-convention (PDC) and phase randomized weak coherent pulses (WCPs), are analyzed in our paper. According to the PDS QKD protocols, we establish an optimizing programming respectively and obtain the lower bounds of finite-key rates. Under some reasonable values of quantum setup parameters, the lower bounds of finite-key rates are simulated. The simulation results show that at different transmission distances, the affections of different fluctuations on key rates are different. Moreover, the PDS QKD protocol with an unstable PDC source can resist more intensity fluctuations and more statistical fluctuation.

Analysis of Counterfactual Quantum Certificate Authorization

NASA Astrophysics Data System (ADS)

Wang, Tian-Yin; Li, Yan-Ping; Zhang, Rui-Ling

2016-12-01

A counterfactual quantum certificate authorization protocol was proposed recently (Shenoy et al., Phys. Rev. A 89, 052307 (20)), in which a trusted third party, Alice, authenticates an entity Bob (e.g., a bank) that a client Charlie wishes to securely transact with. However, this protocol requires a classical authenticated channel between Bob and Charlie to prevent possible attacks from the third party Alice, which is in conflict with the task of certificate authorization in the sense that Bob and Charlie can establish an unconditionally-secure key by a quantum key distribution protocol if there is a classical authenticated channel between them and hence securely transact with each other even without the assistance of the third party Alice.

Some conservative estimates in quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Molotkov, S. N.

2006-08-15

Relationship is established between the security of the BB84 quantum key distribution protocol and the forward and converse coding theorems for quantum communication channels. The upper bound Q{sub c} {approx} 11% on the bit error rate compatible with secure key distribution is determined by solving the transcendental equation H(Q{sub c})=C-bar({rho})/2, where {rho} is the density matrix of the input ensemble, C-bar({rho}) is the classical capacity of a noiseless quantum channel, and H(Q) is the capacity of a classical binary symmetric channel with error rate Q.

A Cluster-Based Framework for the Security of Medical Sensor Environments

NASA Astrophysics Data System (ADS)

Klaoudatou, Eleni; Konstantinou, Elisavet; Kambourakis, Georgios; Gritzalis, Stefanos

The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

Identifying Regional Key Eco-Space to Maintain Ecological Security Using GIS

PubMed Central

Xie, Hualin; Yao, Guanrong; Wang, Peng

2014-01-01

Ecological security and environmental sustainability are the foundations of sustainable development. With the acceleration of urbanization, increasing human activities have promoted greater impacts on the eco-spaces that maintain ecological security. Regional key eco-space has become the primary need to maintain environmental sustainability and can offer society with continued ecosystem services. In this paper, considering the security of water resources, biodiversity conservation, disaster avoidance and protection and natural recreation, an integrated index of eco-space importance was established and a method for identifying key eco-space was created using GIS, with Lanzhou City, China as a case study. The results show that the area of core eco-space in the Lanzhou City is approximately 50,908.7 hm2, accounting for 40% of the region’s total area. These areas mainly consist of geological hazard protection zones and the core zones of regional river systems, wetlands, nature reserves, forest parks and scenic spots. The results of this study provide some guidance for the management of ecological security, ecological restoration and environmental sustainability. PMID:24590051

Quantum cryptography as a retrodiction problem.

PubMed

Werner, A H; Franz, T; Werner, R F

2009-11-27

We propose a quantum key distribution protocol based on a quantum retrodiction protocol, known as the Mean King problem. The protocol uses a two way quantum channel. We show security against coherent attacks in a transmission-error free scenario, even if Eve is allowed to attack both transmissions. This establishes a connection between retrodiction and key distribution.

Satellite-to-ground quantum key distribution.

PubMed

Liao, Sheng-Kai; Cai, Wen-Qi; Liu, Wei-Yue; Zhang, Liang; Li, Yang; Ren, Ji-Gang; Yin, Juan; Shen, Qi; Cao, Yuan; Li, Zheng-Ping; Li, Feng-Zhi; Chen, Xia-Wei; Sun, Li-Hua; Jia, Jian-Jun; Wu, Jin-Cai; Jiang, Xiao-Jun; Wang, Jian-Feng; Huang, Yong-Mei; Wang, Qiang; Zhou, Yi-Lin; Deng, Lei; Xi, Tao; Ma, Lu; Hu, Tai; Zhang, Qiang; Chen, Yu-Ao; Liu, Nai-Le; Wang, Xiang-Bin; Zhu, Zhen-Cai; Lu, Chao-Yang; Shu, Rong; Peng, Cheng-Zhi; Wang, Jian-Yu; Pan, Jian-Wei

2017-09-07

Quantum key distribution (QKD) uses individual light quanta in quantum superposition states to guarantee unconditional communication security between distant parties. However, the distance over which QKD is achievable has been limited to a few hundred kilometres, owing to the channel loss that occurs when using optical fibres or terrestrial free space that exponentially reduces the photon transmission rate. Satellite-based QKD has the potential to help to establish a global-scale quantum network, owing to the negligible photon loss and decoherence experienced in empty space. Here we report the development and launch of a low-Earth-orbit satellite for implementing decoy-state QKD-a form of QKD that uses weak coherent pulses at high channel loss and is secure because photon-number-splitting eavesdropping can be detected. We achieve a kilohertz key rate from the satellite to the ground over a distance of up to 1,200 kilometres. This key rate is around 20 orders of magnitudes greater than that expected using an optical fibre of the same length. The establishment of a reliable and efficient space-to-ground link for quantum-state transmission paves the way to global-scale quantum networks.

Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report

DTIC Science & Technology

2011-08-24

REPORT Ultra-Dense Quantum Communication Using Integrated Photonic Architecture: First Annual Report 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: The...goal of this program is to establish a fundamental information-theoretic understand of quantum secure communication and to devise a practical...scalable implementation of quantum key distribution protocols in an integrated photonic architecture. We report our progress on experimental and

RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

PubMed Central

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost. PMID:22163888

Security Analysis and Improvement of an Anonymous Authentication Scheme for Roaming Services

PubMed Central

Lee, Youngsook; Paik, Juryon

2014-01-01

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme. PMID:25302330

Security analysis and improvement of an anonymous authentication scheme for roaming services.

PubMed

Lee, Youngsook; Paik, Juryon

2014-01-01

An anonymous authentication scheme for roaming services in global mobility networks allows a mobile user visiting a foreign network to achieve mutual authentication and session key establishment with the foreign-network operator in an anonymous manner. In this work, we revisit He et al.'s anonymous authentication scheme for roaming services and present previously unpublished security weaknesses in the scheme: (1) it fails to provide user anonymity against any third party as well as the foreign agent, (2) it cannot protect the passwords of mobile users due to its vulnerability to an offline dictionary attack, and (3) it does not achieve session-key security against a man-in-the-middle attack. We also show how the security weaknesses of He et al.'s scheme can be addressed without degrading the efficiency of the scheme.

Quantum network with trusted and untrusted relays

NASA Astrophysics Data System (ADS)

Ma, Xiongfeng; Annabestani, Razieh; Fung, Chi-Hang Fred; Lo, Hoi-Kwong; Lütkenhaus, Norbert; PitkäNen, David; Razavi, Mohsen

2012-02-01

Quantum key distribution offers two distant users to establish a random secure key by exploiting properties of quantum mechanics, whose security has proven in theory. In practice, many lab and field demonstrations have been performed in the last 20 years. Nowadays, quantum network with quantum key distribution systems are tested around the world, such as in China, Europe, Japan and US. In this talk, I will give a brief introduction of recent development for quantum network. For the untrusted relay part, I will introduce the measurement-device-independent quantum key distribution scheme and a quantum relay with linear optics. The security of such scheme is proven without assumptions on the detection devices, where most of quantum hacking strategies are launched. This scheme can be realized with current technology. For the trusted relay part, I will introduce so-called delayed privacy amplification, with which no error correction and privacy amplification is necessarily to be performed between users and the relay. In this way, classical communications and computational power requirement on the relay site will be reduced.

Information security: from classical to quantum

NASA Astrophysics Data System (ADS)

Barnett, Stephen M.; Brougham, Thomas

2012-09-01

Quantum cryptography was designed to provide a new approach to the problem of distributing keys for private-key cryptography. The principal idea is that security can be ensured by exploiting the laws of quantum physics and, in particular, by the fact that any attempt to measure a quantum state will change it uncontrollably. This change can be detected by the legitimate users of the communication channel and so reveal to them the presence of an eavesdropper. In this paper I explain (briefly) how quantum key distribution works and some of the progress that has been made towards making this a viable technology. With the principles of quantum communication and quantum key distribution firmly established, it is perhaps time to consider how efficient it can be made. It is interesting to ask, in particular, how many bits of information might reasonably be encoded securely on each photon. The use of photons entangled in their time of arrival might make it possible to achieve data rates in excess of 10 bits per photon.

Finite-key security analyses on passive decoy-state QKD protocols with different unstable sources

PubMed Central

Song, Ting-Ting; Qin, Su-Juan; Wen, Qiao-Yan; Wang, Yu-Kun; Jia, Heng-Yue

2015-01-01

In quantum communication, passive decoy-state QKD protocols can eliminate many side channels, but the protocols without any finite-key analyses are not suitable for in practice. The finite-key securities of passive decoy-state (PDS) QKD protocols with two different unstable sources, type-II parametric down-convention (PDC) and phase randomized weak coherent pulses (WCPs), are analyzed in our paper. According to the PDS QKD protocols, we establish an optimizing programming respectively and obtain the lower bounds of finite-key rates. Under some reasonable values of quantum setup parameters, the lower bounds of finite-key rates are simulated. The simulation results show that at different transmission distances, the affections of different fluctuations on key rates are different. Moreover, the PDS QKD protocol with an unstable PDC source can resist more intensity fluctuations and more statistical fluctuation. PMID:26471947

SEAODV: A Security Enhanced AODV Routing Protocol for Wireless Mesh Networks

NASA Astrophysics Data System (ADS)

Li, Celia; Wang, Zhuang; Yang, Cungang

In this paper, we propose a Security Enhanced AODV routing protocol (SEAODV) for wireless mesh networks (WMN). SEAODV employs Blom's key pre-distribution scheme to compute the pairwise transient key (PTK) through the flooding of enhanced HELLO message and subsequently uses the established PTK to distribute the group transient key (GTK). PTK and GTK authenticate unicast and broadcast routing messages respectively. In WMN, a unique PTK is shared by each pair of nodes, while GTK is shared secretly between the node and all its one-hop neighbours. A message authentication code (MAC) is attached as the extension to the original AODV routing message to guarantee the message's authenticity and integrity in a hop-by-hop fashion. Security analysis and performance evaluation show that SEAODV is more effective in preventing identified routing attacks and outperforms ARAN and SAODV in terms of computation cost and route acquisition latency.

Entanglement-based Free Space Quantum Cryptography in Daylight

NASA Astrophysics Data System (ADS)

Gerhardt, Ilja; Peloso, Matthew P.; Ho, Caleb; Lamas-Linares, Antia; Kurtsiefer, Christian

2009-05-01

In quantum key distribution (QKD) two families of protocols are established: One, based on preparing and sending approximations of single photons, the other based on measurements on entangled photon pairs, which allow to establish a secret key using less assumptions on the size of a Hilbert space. The larger optical bandwidth of photon pairs in comparison with light used for the first family makes establishing a free space link challenging. We present a complete entanglement based QKD system following the BBM92 protocol, which generates a secure key continuously 24 hours a day between distant parties. Spectral, spatial and temporal filtering schemes were introduced to a previous setup, suppressing more than 30,B of background. We are able to establish the link during daytime, and have developed an algorithm to start and maintain time synchronization with simple crystal oscillators.

Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

PubMed

Harrop, Wayne; Matteson, Ashley

This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

Physical-layer security analysis of PSK quantum-noise randomized cipher in optically amplified links

NASA Astrophysics Data System (ADS)

Jiao, Haisong; Pu, Tao; Xiang, Peng; Zheng, Jilin; Fang, Tao; Zhu, Huatao

2017-08-01

The quantitative security of quantum-noise randomized cipher (QNRC) in optically amplified links is analyzed from the perspective of physical-layer advantage. Establishing the wire-tap channel models for both key and data, we derive the general expressions of secrecy capacities for the key against ciphertext-only attack and known-plaintext attack, and that for the data, which serve as the basic performance metrics. Further, the maximal achievable secrecy rate of the system is proposed, under which secrecy of both the key and data is guaranteed. Based on the same framework, the secrecy capacities of various cases can be assessed and compared. The results indicate perfect secrecy is potentially achievable for data transmission, and an elementary principle of setting proper number of photons and bases is given to ensure the maximal data secrecy capacity. But the key security is asymptotically perfect, which tends to be the main constraint of systemic maximal secrecy rate. Moreover, by adopting cascaded optical amplification, QNRC can realize long-haul transmission with secure rate up to Gb/s, which is orders of magnitude higher than the perfect secrecy rates of other encryption systems.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

PubMed Central

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

Anatomy of a Security Operations Center

NASA Technical Reports Server (NTRS)

Wang, John

2010-01-01

Many agencies and corporations are either contemplating or in the process of building a cyber Security Operations Center (SOC). Those Agencies that have established SOCs are most likely working on major revisions or enhancements to existing capabilities. As principle developers of the NASA SOC; this Presenters' goals are to provide the GFIRST community with examples of some of the key building blocks of an Agency scale cyber Security Operations Center. This presentation viII include the inputs and outputs, the facilities or shell, as well as the internal components and the processes necessary to maintain the SOC's subsistence - in other words, the anatomy of a SOC. Details to be presented include the SOC architecture and its key components: Tier 1 Call Center, data entry, and incident triage; Tier 2 monitoring, incident handling and tracking; Tier 3 computer forensics, malware analysis, and reverse engineering; Incident Management System; Threat Management System; SOC Portal; Log Aggregation and Security Incident Management (SIM) systems; flow monitoring; IDS; etc. Specific processes and methodologies discussed include Incident States and associated Work Elements; the Incident Management Workflow Process; Cyber Threat Risk Assessment methodology; and Incident Taxonomy. The Evolution of the Cyber Security Operations Center viII be discussed; starting from reactive, to proactive, and finally to proactive. Finally, the resources necessary to establish an Agency scale SOC as well as the lessons learned in the process of standing up a SOC viII be presented.

Low-power cryptographic coprocessor for autonomous wireless sensor networks

NASA Astrophysics Data System (ADS)

Olszyna, Jakub; Winiecki, Wiesław

2013-10-01

The concept of autonomous wireless sensor networks involves energy harvesting, as well as effective management of system resources. Public-key cryptography (PKC) offers the advantage of elegant key agreement schemes with which a secret key can be securely established over unsecure channels. In addition to solving the key management problem, the other major application of PKC is digital signatures, with which non-repudiation of messages exchanges can be achieved. The motivation for studying low-power and area efficient modular arithmetic algorithms comes from enabling public-key security for low-power devices that can perform under constrained environment like autonomous wireless sensor networks. This paper presents a cryptographic coprocessor tailored to the autonomous wireless sensor networks constraints. Such hardware circuit is aimed to support the implementation of different public-key cryptosystems based on modular arithmetic in GF(p) and GF(2m). Key components of the coprocessor are described as GEZEL models and can be easily transformed to VHDL and implemented in hardware.

Open source system OpenVPN in a function of Virtual Private Network

NASA Astrophysics Data System (ADS)

Skendzic, A.; Kovacic, B.

2017-05-01

Using of Virtual Private Networks (VPN) can establish high security level in network communication. VPN technology enables high security networking using distributed or public network infrastructure. VPN uses different security and managing rules inside networks. It can be set up using different communication channels like Internet or separate ISP communication infrastructure. VPN private network makes security communication channel over public network between two endpoints (computers). OpenVPN is an open source software product under GNU General Public License (GPL) that can be used to establish VPN communication between two computers inside business local network over public communication infrastructure. It uses special security protocols and 256-bit Encryption and it is capable of traversing network address translators (NATs) and firewalls. It allows computers to authenticate each other using a pre-shared secret key, certificates or username and password. This work gives review of VPN technology with a special accent on OpenVPN. This paper will also give comparison and financial benefits of using open source VPN software in business environment.

Immune Inspired Security Approach for Manets: a Case Study

NASA Astrophysics Data System (ADS)

Mohamed, Yasir Abdelgadir

2011-06-01

This paper extends the work that has earlier been established. Immune inspired approach for securing mobile ad hoc networks is specified there. Although it is clearly indicated there that the research scope is the wireless networks in general and hybrid mobile ad hoc networks in particular, we have seen that specifying the security system in one of the communications applications that need further security approach may help to understand how effectively the system can contribute to this vital and important networks sector. Security in this type of networks is important and controversial as it plays a key role in users' eagerness or reluctance for the services provided by these networks. In this paper, the immune inspired security system is specified to secure web services in converged networks.

Completely device-independent quantum key distribution

NASA Astrophysics Data System (ADS)

Aguilar, Edgar A.; Ramanathan, Ravishankar; Kofler, Johannes; Pawłowski, Marcin

2016-08-01

Quantum key distribution (QKD) is a provably secure way for two distant parties to establish a common secret key, which then can be used in a classical cryptographic scheme. Using quantum entanglement, one can reduce the necessary assumptions that the parties have to make about their devices, giving rise to device-independent QKD (DIQKD). However, in all existing protocols to date the parties need to have an initial (at least partially) random seed as a resource. In this work, we show that this requirement can be dropped. Using recent advances in the fields of randomness amplification and randomness expansion, we demonstrate that it is sufficient for the message the parties want to communicate to be (partially) unknown to the adversaries—an assumption without which any type of cryptography would be pointless to begin with. One party can use her secret message to locally generate a secret sequence of bits, which can then be openly used by herself and the other party in a DIQKD protocol. Hence our work reduces the requirements needed to perform secure DIQKD and establish safe communication.

Robust ECC-based authenticated key agreement scheme with privacy protection for Telecare medicine information systems.

PubMed

Zhang, Liping; Zhu, Shaohui

2015-05-01

To protect the transmission of the sensitive medical data, a secure and efficient authenticated key agreement scheme should be deployed when the healthcare delivery session is established via Telecare Medicine Information Systems (TMIS) over the unsecure public network. Recently, Islam and Khan proposed an authenticated key agreement scheme using elliptic curve cryptography for TMIS. They claimed that their proposed scheme is provably secure against various attacks in random oracle model and enjoys some good properties such as user anonymity. In this paper, however, we point out that any legal but malicious patient can reveal other user's identity. Consequently, their scheme suffers from server spoofing attack and off-line password guessing attack. Moreover, if the malicious patient performs the same time of the registration as other users, she can further launch the impersonation attack, man-in-the-middle attack, modification attack, replay attack, and strong replay attack successfully. To eliminate these weaknesses, we propose an improved ECC-based authenticated key agreement scheme. Security analysis demonstrates that the proposed scheme can resist various attacks and enables the patient to enjoy the remote healthcare services with privacy protection. Through the performance evaluation, we show that the proposed scheme achieves a desired balance between security and performance in comparisons with other related schemes.

Chaotic maps and biometrics-based anonymous three-party authenticated key exchange protocol without using passwords

NASA Astrophysics Data System (ADS)

Xie, Qi; Hu, Bin; Chen, Ke-Fei; Liu, Wen-Hao; Tan, Xiao

2015-11-01

In three-party password authenticated key exchange (AKE) protocol, since two users use their passwords to establish a secure session key over an insecure communication channel with the help of the trusted server, such a protocol may suffer the password guessing attacks and the server has to maintain the password table. To eliminate the shortages of password-based AKE protocol, very recently, according to chaotic maps, Lee et al. [2015 Nonlinear Dyn. 79 2485] proposed a first three-party-authenticated key exchange scheme without using passwords, and claimed its security by providing a well-organized BAN logic test. Unfortunately, their protocol cannot resist impersonation attack, which is demonstrated in the present paper. To overcome their security weakness, by using chaotic maps, we propose a biometrics-based anonymous three-party AKE protocol with the same advantages. Further, we use the pi calculus-based formal verification tool ProVerif to show that our AKE protocol achieves authentication, security and anonymity, and an acceptable efficiency. Project supported by the Natural Science Foundation of Zhejiang Province, China (Grant No. LZ12F02005), the Major State Basic Research Development Program of China (Grant No. 2013CB834205), and the National Natural Science Foundation of China (Grant No. 61070153).

Managing U.S. Military Technology and Arms Release Policy to Israel

DTIC Science & Technology

2009-04-01

in the world. In accordance with the laws governing defense export, the Defense Technology Security Administration ( DTSA ) is chartered to be the...Marines, Air Force) Defense Technology Security Administration ( DTSA ) Figure 1. U.S. Defense Technology Trade Key Players Most of the U.S. laws...within each military establishment that lend themselves to the necessary collaboration. For the U.S., the DoD’s DTSA would be the appropriate

High-rate measurement-device-independent quantum cryptography

NASA Astrophysics Data System (ADS)

Pirandola, Stefano; Ottaviani, Carlo; Spedalieri, Gaetana; Weedbrook, Christian; Braunstein, Samuel L.; Lloyd, Seth; Gehring, Tobias; Jacobsen, Christian S.; Andersen, Ulrik L.

2015-06-01

Quantum cryptography achieves a formidable task—the remote distribution of secret keys by exploiting the fundamental laws of physics. Quantum cryptography is now headed towards solving the practical problem of constructing scalable and secure quantum networks. A significant step in this direction has been the introduction of measurement-device independence, where the secret key between two parties is established by the measurement of an untrusted relay. Unfortunately, although qubit-implemented protocols can reach long distances, their key rates are typically very low, unsuitable for the demands of a metropolitan network. Here we show, theoretically and experimentally, that a solution can come from the use of continuous-variable systems. We design a coherent-state network protocol able to achieve remarkably high key rates at metropolitan distances, in fact three orders of magnitude higher than those currently achieved. Our protocol could be employed to build high-rate quantum networks where devices securely connect to nearby access points or proxy servers.

State of security at US colleges and universities: a national stakeholder assessment and recommendations.

PubMed

Greenberg, Sheldon F

2007-09-01

In 2004 the US Department of Justice, Office of Community Oriented Policing Services, sponsored a National Summit on Campus Public Safety. The summit brought together various stakeholders including campus police and security officials, local police chiefs, college and university faculty and administrators, federal officials, students and parents, and community leaders to address the issues and complexities of campus safety. Delegates to the summit identified key issues in campus safety and security, which included establishing a national center on campus safety, balancing traditional open environments with the need to secure vulnerable sites, improving coordination with state and local police, reducing internal fragmentation, elevating professionalism, and increasing eligibility of campus police and security agencies to compete for federal law enforcement funds. Focus on "active shooters" on campus, resulting from the Virginia Tech incident, should not diminish attention placed on the broader, more prevalent safety and security issues facing the nation's educational campuses. Recommendations resulting from the summit called for establishing a national agenda on campus safety, formation of a national center on campus public safety, and increased opportunity for campus police and security agencies to compete for federal and state funds.

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

PubMed

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

Unconditional security of entanglement-based continuous-variable quantum secret sharing

NASA Astrophysics Data System (ADS)

Kogias, Ioannis; Xiang, Yu; He, Qiongyi; Adesso, Gerardo

2017-01-01

The need for secrecy and security is essential in communication. Secret sharing is a conventional protocol to distribute a secret message to a group of parties, who cannot access it individually but need to cooperate in order to decode it. While several variants of this protocol have been investigated, including realizations using quantum systems, the security of quantum secret sharing schemes still remains unproven almost two decades after their original conception. Here we establish an unconditional security proof for entanglement-based continuous-variable quantum secret sharing schemes, in the limit of asymptotic keys and for an arbitrary number of players. We tackle the problem by resorting to the recently developed one-sided device-independent approach to quantum key distribution. We demonstrate theoretically the feasibility of our scheme, which can be implemented by Gaussian states and homodyne measurements, with no need for ideal single-photon sources or quantum memories. Our results contribute to validating quantum secret sharing as a viable primitive for quantum technologies.

Flexible session management in a distributed environment

NASA Astrophysics Data System (ADS)

Miller, Zach; Bradley, Dan; Tannenbaum, Todd; Sfiligoi, Igor

2010-04-01

Many secure communication libraries used by distributed systems, such as SSL, TLS, and Kerberos, fail to make a clear distinction between the authentication, session, and communication layers. In this paper we introduce CEDAR, the secure communication library used by the Condor High Throughput Computing software, and present the advantages to a distributed computing system resulting from CEDAR's separation of these layers. Regardless of the authentication method used, CEDAR establishes a secure session key, which has the flexibility to be used for multiple capabilities. We demonstrate how a layered approach to security sessions can avoid round-trips and latency inherent in network authentication. The creation of a distinct session management layer allows for optimizations to improve scalability by way of delegating sessions to other components in the system. This session delegation creates a chain of trust that reduces the overhead of establishing secure connections and enables centralized enforcement of system-wide security policies. Additionally, secure channels based upon UDP datagrams are often overlooked by existing libraries; we show how CEDAR's structure accommodates this as well. As an example of the utility of this work, we show how the use of delegated security sessions and other techniques inherent in CEDAR's architecture enables US CMS to meet their scalability requirements in deploying Condor over large-scale, wide-area grid systems.

The Safe and Effective Use of Shared Data Underpinned by Stakeholder Engagement and Evaluation Practice.

PubMed

Georgiou, Andrew; Magrabi, Farah; Hypponen, Hannele; Wong, Zoie Shui-Yee; Nykänen, Pirkko; Scott, Philip J; Ammenwerth, Elske; Rigby, Michael

2018-04-22

 The paper draws attention to: i) key considerations involving the confidentiality, privacy, and security of shared data; and ii) the requirements needed to build collaborative arrangements encompassing all stakeholders with the goal of ensuring safe, secure, and quality use of shared data.  A narrative review of existing research and policy approaches along with expert perspectives drawn from the International Medical Informatics Association (IMIA) Working Group on Technology Assessment and Quality Development in Health Care and the European Federation for Medical Informatics (EFMI) Working Group for Assessment of Health Information Systems.  The technological ability to merge, link, re-use, and exchange data has outpaced the establishment of policies, procedures, and processes to monitor the ethics and legality of shared use of data. Questions remain about how to guarantee the security of shared data, and how to establish and maintain public trust across large-scale shared data enterprises. This paper identifies the importance of data governance frameworks (incorporating engagement with all stakeholders) to underpin the management of the ethics and legality of shared data use. The paper also provides some key considerations for the establishment of national approaches and measures to monitor compliance with best practice. Data sharing endeavours can help to underpin new collaborative models of health care which provide shared information, engagement, and accountability amongst all stakeholders. We believe that commitment to rigorous evaluation and stakeholder engagement will be critical to delivering health data benefits and the establishment of collaborative models of health care into the future. Georg Thieme Verlag KG Stuttgart.

Development and application of a new grey dynamic hierarchy analysis system (GDHAS) for evaluating urban ecological security.

PubMed

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-05-21

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management.

Development and Application of a New Grey Dynamic Hierarchy Analysis System (GDHAS) for Evaluating Urban Ecological Security

PubMed Central

Shao, Chaofeng; Tian, Xiaogang; Guan, Yang; Ju, Meiting; Xie, Qiang

2013-01-01

Selecting indicators based on the characteristics and development trends of a given study area is essential for building a framework for assessing urban ecological security. However, few studies have focused on how to select the representative indicators systematically, and quantitative research is lacking. We developed an innovative quantitative modeling approach called the grey dynamic hierarchy analytic system (GDHAS) for both the procedures of indicator selection and quantitative assessment of urban ecological security. Next, a systematic methodology based on the GDHAS is developed to assess urban ecological security comprehensively and dynamically. This assessment includes indicator selection, driving force-pressure-state-impact-response (DPSIR) framework building, and quantitative evaluation. We applied this systematic methodology to assess the urban ecological security of Tianjin, which is a typical coastal super megalopolis and the industry base in China. This case study highlights the key features of our approach. First, 39 representative indicators are selected for the evaluation index system from 62 alternative ones available through the GDHAS. Second, the DPSIR framework is established based on the indicators selected, and the quantitative assessment of the eco-security of Tianjin is conducted. The results illustrate the following: urban ecological security of Tianjin in 2008 was in alert level but not very stable; the driving force and pressure subsystems were in good condition, but the eco-security levels of the remainder of the subsystems were relatively low; the pressure subsystem was the key to urban ecological security; and 10 indicators are defined as the key indicators for five subsystems. These results can be used as the basis for urban eco-environmental management. PMID:23698700

Supporting reputation based trust management enhancing security layer for cloud service models

NASA Astrophysics Data System (ADS)

Karthiga, R.; Vanitha, M.; Sumaiya Thaseen, I.; Mangaiyarkarasi, R.

2017-11-01

In the existing system trust between cloud providers and consumers is inadequate to establish the service level agreement though the consumer’s response is good cause to assess the overall reliability of cloud services. Investigators recognized the significance of trust can be managed and security can be provided based on feedback collected from participant. In this work a face recognition system that helps to identify the user effectively. So we use an image comparison algorithm where the user face is captured during registration time and get stored in database. With that original image we compare it with the sample image that is already stored in database. If both the image get matched then the users are identified effectively. When the confidential data are subcontracted to the cloud, data holders will become worried about the confidentiality of their data in the cloud. Encrypting the data before subcontracting has been regarded as the important resources of keeping user data privacy beside the cloud server. So in order to keep the data secure we use an AES algorithm. Symmetric-key algorithms practice a shared key concept, keeping data secret requires keeping this key secret. So only the user with private key can decrypt data.

Secure communication in fiber optic systems via transmission of broad-band optical noise.

PubMed

Buskila, O; Eyal, A; Shtaif, M

2008-03-03

We propose a new scheme for data encryption in the physical layer. Our scheme is based on the distribution of a broadband optical noise-like signal between Alice and Bob. The broadband signal is used for the establishment of a secret key that can be used for the secure transmission of information by using the one-time-pad method. We characterize the proposed scheme and study its applicability to the existing fiber-optics communications infrastructure.

Secure key storage and distribution

DOEpatents

Agrawal, Punit

2015-06-02

This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Matching food security analysis to context: the experience of the Somalia food security assessment unit.

PubMed

Hemrich, Günter

2005-06-01

This case study reviews the experience of the Somalia Food Security Assessment Unit (FSAU) of operating a food security information system in the context of a complex emergency. In particular, it explores the linkages between selected features of the protracted crisis environment in Somalia and conceptual and operational aspects of food security information work. The paper specifically examines the implications of context characteristics for the establishment and operations of the FSAU field monitoring component and for the interface with information users and their diverse information needs. It also analyses the scope for linking food security and nutrition analysis and looks at the role of conflict and gender analysis in food security assessment work. Background data on the food security situation in Somalia and an overview of some key features of the FSAU set the scene for the case study. The paper is targeted at those involved in designing, operating and funding food security information activities.

Securing quantum key distribution systems using fewer states

NASA Astrophysics Data System (ADS)

Islam, Nurul T.; Lim, Charles Ci Wen; Cahall, Clinton; Kim, Jungsang; Gauthier, Daniel J.

2018-04-01

Quantum key distribution (QKD) allows two remote users to establish a secret key in the presence of an eavesdropper. The users share quantum states prepared in two mutually unbiased bases: one to generate the key while the other monitors the presence of the eavesdropper. Here, we show that a general d -dimension QKD system can be secured by transmitting only a subset of the monitoring states. In particular, we find that there is no loss in the secure key rate when dropping one of the monitoring states. Furthermore, it is possible to use only a single monitoring state if the quantum bit error rates are low enough. We apply our formalism to an experimental d =4 time-phase QKD system, where only one monitoring state is transmitted, and obtain a secret key rate of 17.4 ±2.8 Mbits/s at a 4 dB channel loss and with a quantum bit error rate of 0.045 ±0.001 and 0.037 ±0.001 in time and phase bases, respectively, which is 58.4% of the secret key rate that can be achieved with the full setup. This ratio can be increased, potentially up to 100%, if the error rates in time and phase basis are reduced. Our results demonstrate that it is possible to substantially simplify the design of high-dimensional QKD systems, including those that use the spatial or temporal degrees of freedom of the photon, and still outperform qubit-based (d =2 ) protocols.

A secure RFID authentication protocol adopting error correction code.

PubMed

Chen, Chien-Ming; Chen, Shuai-Min; Zheng, Xinying; Chen, Pei-Yu; Sun, Hung-Min

2014-01-01

RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance.

A Secure RFID Authentication Protocol Adopting Error Correction Code

PubMed Central

Zheng, Xinying; Chen, Pei-Yu

2014-01-01

RFID technology has become popular in many applications; however, most of the RFID products lack security related functionality due to the hardware limitation of the low-cost RFID tags. In this paper, we propose a lightweight mutual authentication protocol adopting error correction code for RFID. Besides, we also propose an advanced version of our protocol to provide key updating. Based on the secrecy of shared keys, the reader and the tag can establish a mutual authenticity relationship. Further analysis of the protocol showed that it also satisfies integrity, forward secrecy, anonymity, and untraceability. Compared with other lightweight protocols, the proposed protocol provides stronger resistance to tracing attacks, compromising attacks and replay attacks. We also compare our protocol with previous works in terms of performance. PMID:24959619

Secure and lightweight network admission and transmission protocol for body sensor networks.

PubMed

He, Daojing; Chen, Chun; Chan, Sammy; Bu, Jiajun; Zhang, Pingxin

2013-05-01

A body sensor network (BSN) is a wireless network of biosensors and a local processing unit, which is commonly referred to as the personal wireless hub (PWH). Personal health information (PHI) is collected by biosensors and delivered to the PWH before it is forwarded to the remote healthcare center for further processing. In a BSN, it is critical to only admit eligible biosensors and PWH into the network. Also, securing the transmission from each biosensor to PWH is essential not only for ensuring safety of PHI delivery, but also for preserving the privacy of PHI. In this paper, we present the design, implementation, and evaluation of a secure network admission and transmission subsystem based on a polynomial-based authentication scheme. The procedures in this subsystem to establish keys for each biosensor are communication efficient and energy efficient. Moreover, based on the observation that an adversary eavesdropping in a BSN faces inevitable channel errors, we propose to exploit the adversary's uncertainty regarding the PHI transmission to update the individual key dynamically and improve key secrecy. In addition to the theoretical analysis that demonstrates the security properties of our system, this paper also reports the experimental results of the proposed protocol on resource-limited sensor platforms, which show the efficiency of our system in practice.

Physical unclonable functions: A primer

DOE PAGES

Bauer, Todd; Hamlet, Jason

2014-11-01

Physical unclonable functions (PUFs) make use of the measurable intrinsic randomness of physical systems to establish signatures for those systems. Thus, PUFs provide a means to generate unique keys that don't need to be stored in nonvolatile memory, and they offer exciting opportunities for new authentication and supply chain security technologies.

An approach to quality and security of supply for single-use bioreactors.

PubMed

Barbaroux, Magali; Gerighausen, Susanne; Hackel, Heiko

2014-01-01

Single-use systems (also referred to as disposables) have become a huge part of the bioprocessing industry, which raised concern in the industry regarding quality and security of supply. Processes must be in place to assure the supply and control of outsourced activities and quality of purchased materials along the product life cycle. Quality and security of supply for single-use bioreactors (SUBs) are based on a multidisciplinary approach. Developing a state-of-the-art SUB-system based on quality by design (QbD) principles requires broad expertise and know-how including the cell culture application, polymer chemistry, regulatory requirements, and a deep understanding of the biopharmaceutical industry. Using standardized products reduces the complexity and strengthens the robustness of the supply chain. Well-established supplier relations including risk mitigation strategies are the basis for achieving long-term security of supply. Well-developed quality systems including change control approaches aligned with the requirements of the biopharmaceutical industry are a key factor in supporting long-term product availability. This chapter outlines the approach to security of supply for key materials used in single-use production processes for biopharmaceuticals from a supplier perspective.

Security of Continuous-Variable Quantum Key Distribution via a Gaussian de Finetti Reduction

NASA Astrophysics Data System (ADS)

Leverrier, Anthony

2017-05-01

Establishing the security of continuous-variable quantum key distribution against general attacks in a realistic finite-size regime is an outstanding open problem in the field of theoretical quantum cryptography if we restrict our attention to protocols that rely on the exchange of coherent states. Indeed, techniques based on the uncertainty principle are not known to work for such protocols, and the usual tools based on de Finetti reductions only provide security for unrealistically large block lengths. We address this problem here by considering a new type of Gaussian de Finetti reduction, that exploits the invariance of some continuous-variable protocols under the action of the unitary group U (n ) (instead of the symmetric group Sn as in usual de Finetti theorems), and by introducing generalized S U (2 ,2 ) coherent states. Crucially, combined with an energy test, this allows us to truncate the Hilbert space globally instead as at the single-mode level as in previous approaches that failed to provide security in realistic conditions. Our reduction shows that it is sufficient to prove the security of these protocols against Gaussian collective attacks in order to obtain security against general attacks, thereby confirming rigorously the widely held belief that Gaussian attacks are indeed optimal against such protocols.

Security of Continuous-Variable Quantum Key Distribution via a Gaussian de Finetti Reduction.

PubMed

Leverrier, Anthony

2017-05-19

Establishing the security of continuous-variable quantum key distribution against general attacks in a realistic finite-size regime is an outstanding open problem in the field of theoretical quantum cryptography if we restrict our attention to protocols that rely on the exchange of coherent states. Indeed, techniques based on the uncertainty principle are not known to work for such protocols, and the usual tools based on de Finetti reductions only provide security for unrealistically large block lengths. We address this problem here by considering a new type of Gaussian de Finetti reduction, that exploits the invariance of some continuous-variable protocols under the action of the unitary group U(n) (instead of the symmetric group S_{n} as in usual de Finetti theorems), and by introducing generalized SU(2,2) coherent states. Crucially, combined with an energy test, this allows us to truncate the Hilbert space globally instead as at the single-mode level as in previous approaches that failed to provide security in realistic conditions. Our reduction shows that it is sufficient to prove the security of these protocols against Gaussian collective attacks in order to obtain security against general attacks, thereby confirming rigorously the widely held belief that Gaussian attacks are indeed optimal against such protocols.

Investigating weaknesses in Android certificate security

NASA Astrophysics Data System (ADS)

Krych, Daniel E.; Lange-Maney, Stephen; McDaniel, Patrick; Glodek, William

2015-05-01

Android's application market relies on secure certificate generation to establish trust between applications and their users; yet, cryptography is often not a priority for application developers and many fail to take the necessary security precautions. Indeed, there is cause for concern: several recent high-profile studies have observed a pervasive lack of entropy on Web-systems leading to the factorization of private keys.1 Sufficient entropy, or randomness, is essential to generate secure key pairs and combat predictable key generation. In this paper, we analyze the security of Android certificates. We investigate the entropy present in 550,000 Android application certificates using the Quasilinear GCD finding algorithm.1 Our results show that while the lack of entropy does not appear to be as ubiquitous in the mobile markets as on Web-systems, there is substantial reuse of certificates only one third of the certificates in our dataset were unique. In other words, we find that organizations frequently reuse certificates for different applications. While such a practice is acceptable under Google's specifications for a single developer, we find that in some cases the same certificates are used for a myriad of developers, potentially compromising Android's intended trust relationships. Further, we observed duplicate certificates being used by both malicious and non-malicious applications. The top 3 repeated certificates present in our dataset accounted for a total of 11,438 separate APKs. Of these applications, 451, or roughly 4%, were identified as malicious by antivirus services.

Practical scheme to share a secret key through a quantum channel with a 27.6% bit error rate

NASA Astrophysics Data System (ADS)

Chau, H. F.

2002-12-01

A secret key shared through quantum key distribution between two cooperative players is secure against any eavesdropping attack allowed by the laws of physics. Yet, such a key can be established only when the quantum channel error rate due to eavesdropping or imperfect apparatus is low. Here, a practical quantum key distribution scheme by making use of an adaptive privacy amplification procedure with two-way classical communication is reported. Then, it is proven that the scheme generates a secret key whenever the bit error rate of the quantum channel is less than 0.5-0.1(5)≈27.6%, thereby making it the most error resistant scheme known to date.

The engineering of a scalable multi-site communications system utilizing quantum key distribution (QKD)

NASA Astrophysics Data System (ADS)

Tysowski, Piotr K.; Ling, Xinhua; Lütkenhaus, Norbert; Mosca, Michele

2018-04-01

Quantum key distribution (QKD) is a means of generating keys between a pair of computing hosts that is theoretically secure against cryptanalysis, even by a quantum computer. Although there is much active research into improving the QKD technology itself, there is still significant work to be done to apply engineering methodology and determine how it can be practically built to scale within an enterprise IT environment. Significant challenges exist in building a practical key management service (KMS) for use in a metropolitan network. QKD is generally a point-to-point technique only and is subject to steep performance constraints. The integration of QKD into enterprise-level computing has been researched, to enable quantum-safe communication. A novel method for constructing a KMS is presented that allows arbitrary computing hosts on one site to establish multiple secure communication sessions with the hosts of another site. A key exchange protocol is proposed where symmetric private keys are granted to hosts while satisfying the scalability needs of an enterprise population of users. The KMS operates within a layered architectural style that is able to interoperate with various underlying QKD implementations. Variable levels of security for the host population are enforced through a policy engine. A network layer provides key generation across a network of nodes connected by quantum links. Scheduling and routing functionality allows quantum key material to be relayed across trusted nodes. Optimizations are performed to match the real-time host demand for key material with the capacity afforded by the infrastructure. The result is a flexible and scalable architecture that is suitable for enterprise use and independent of any specific QKD technology.

Organisational Pattern Driven Recovery Mechanisms

NASA Astrophysics Data System (ADS)

Giacomo, Valentina Di; Presenza, Domenico; Riccucci, Carlo

The process of reaction to system failures and security attacks is strongly influenced by its infrastructural, procedural and organisational settings. Analysis of reaction procedures and practices from different domains (Air Traffic Management, Response to Computer Security Incident, Response to emergencies, recovery in Chemical Process Industry) highlight three key requirements for this activity: smooth collaboration and coordination among responders, accurate monitoring and management of resources and ability to adapt pre-established reaction plans to the actual context. The SERENITY Reaction Mechanisms (SRM) is the subsystem of the SERENITY Run-time Framework aimed to provide SERENITY aware AmI settings (i.e. socio-technical systems with highly distributed dynamic services) with functionalities to implement applications specific reaction strategies. The SRM uses SERENITY Organisational S&D Patterns as run-time models to drive these three key functionalities.

Counterfactual quantum cryptography.

PubMed

Noh, Tae-Gon

2009-12-04

Quantum cryptography allows one to distribute a secret key between two remote parties using the fundamental principles of quantum mechanics. The well-known established paradigm for the quantum key distribution relies on the actual transmission of signal particle through a quantum channel. In this Letter, we show that the task of a secret key distribution can be accomplished even though a particle carrying secret information is not in fact transmitted through the quantum channel. The proposed protocols can be implemented with current technologies and provide practical security advantages by eliminating the possibility that an eavesdropper can directly access the entire quantum system of each signal particle.

Counterfactual Quantum Cryptography

NASA Astrophysics Data System (ADS)

Noh, Tae-Gon

2009-12-01

Quantum cryptography allows one to distribute a secret key between two remote parties using the fundamental principles of quantum mechanics. The well-known established paradigm for the quantum key distribution relies on the actual transmission of signal particle through a quantum channel. In this Letter, we show that the task of a secret key distribution can be accomplished even though a particle carrying secret information is not in fact transmitted through the quantum channel. The proposed protocols can be implemented with current technologies and provide practical security advantages by eliminating the possibility that an eavesdropper can directly access the entire quantum system of each signal particle.

Security Analysis of Session Initiation Protocol

DTIC Science & Technology

2010-06-01

traffic as Bob@biloxi.com), a VPN was established with OpenVPN 2.1_rc19 between all relevant entities. Configuration files used by the clients and...static key is created by running the command ’ openvpn --genkey --secret static.key.’ By 22 rerouting all SIP traffic through VPNs as needed, a network... OpenVPN , and VM 2’s routing table is modified so that all IP packets except those addressed to VM 1’s publicly facing IP are routed through the OpenVPN

Continuous variable quantum cryptography: beating the 3 dB loss limit.

PubMed

Silberhorn, Ch; Ralph, T C; Lütkenhaus, N; Leuchs, G

2002-10-14

We demonstrate that secure quantum key distribution systems based on continuous variable implementations can operate beyond the apparent 3 dB loss limit that is implied by the beam splitting attack. The loss limit was established for standard minimum uncertainty states such as coherent states. We show that, by an appropriate postselection mechanism, we can enter a region where Eve's knowledge on Alice's key falls behind the information shared between Alice and Bob, even in the presence of substantial losses.

Security Considerations for E-Mental Health Interventions

PubMed Central

Bennett, Anthony James; Griffiths, Kathleen Margaret

2010-01-01

Security considerations are an often overlooked and underfunded aspect of the development, delivery, and evaluation of e-mental health interventions although they are crucial to the overall success of any eHealth project. The credibility and reliability of eHealth scientific research and the service delivery of eHealth interventions rely on a high standard of data security. This paper describes some of the key methodological, technical, and procedural issues that need to be considered to ensure that eHealth research and intervention delivery meet adequate security standards. The paper concludes by summarizing broad strategies for addressing the major security risks associated with eHealth interventions. These include involving information technology (IT) developers in all stages of the intervention process including its development, evaluation, and ongoing delivery; establishing a wide-ranging discourse about relevant security issues; and familiarizing researchers and providers with the security measures that must be instituted in order to protect the integrity of eHealth interventions. PMID:21169173

Water security - Nation state and international security implications

USGS Publications Warehouse

Tindall, James A.; Andrew A. Campbell,

2009-01-01

A terrorist attack such as poisoning and sabotage of the national water supply and water-quality infrastructure of the continental United States or any country, could disrupt the delivery of vital human services, threaten both public health and the environment, potentially cause mass casualties and pose grave public concern for homeland security. Most significantly, an attack on water resources would weaken social cohesion and trust in government. A threat to continuity of services is a potential threat to continuity of government since both are necessary for continuity of operations. Water infrastructure is difficult to protect, as it extends over vast areas across the U.S. and for which ownership is overwhelmingly nonfederal (approximately 85 percent). Since the 9111 attacks, federal dam operators and water and wastewater utilities have established counter measures. Similar measures have been taken in countries around the world. These include enhanced physical security, improved coordination between corporate ownership, Department of Homeland Security, and local law enforcement, and research into risk assessment and vulnerability analysis to ensure greater system safety. A key issue is the proportionate additional resources directed at public and private sector specific priorities. Agencies that have the scientific and technological ability to leverage resources, exploit integrated science approaches, focus on interdisciplinary practices, utilize informatics expertise and employ a wide use of evolving technologies should play a key role in water security and related issues.

Key on demand (KoD) for software-defined optical networks secured by quantum key distribution (QKD).

PubMed

Cao, Yuan; Zhao, Yongli; Colman-Meixner, Carlos; Yu, Xiaosong; Zhang, Jie

2017-10-30

Software-defined optical networking (SDON) will become the next generation optical network architecture. However, the optical layer and control layer of SDON are vulnerable to cyberattacks. While, data encryption is an effective method to minimize the negative effects of cyberattacks, secure key interchange is its major challenge which can be addressed by the quantum key distribution (QKD) technique. Hence, in this paper we discuss the integration of QKD with WDM optical networks to secure the SDON architecture by introducing a novel key on demand (KoD) scheme which is enabled by a novel routing, wavelength and key assignment (RWKA) algorithm. The QKD over SDON with KoD model follows two steps to provide security: i) quantum key pools (QKPs) construction for securing the control channels (CChs) and data channels (DChs); ii) the KoD scheme uses RWKA algorithm to allocate and update secret keys for different security requirements. To test our model, we define a security probability index which measures the security gain in CChs and DChs. Simulation results indicate that the security performance of CChs and DChs can be enhanced by provisioning sufficient secret keys in QKPs and performing key-updating considering potential cyberattacks. Also, KoD is beneficial to achieve a positive balance between security requirements and key resource usage.

An Efficient Authenticated Key Transfer Scheme in Client-Server Networks

NASA Astrophysics Data System (ADS)

Shi, Runhua; Zhang, Shun

2017-10-01

In this paper, we presented a novel authenticated key transfer scheme in client-server networks, which can achieve two secure goals of remote user authentication and the session key establishment between the remote user and the server. Especially, the proposed scheme can subtly provide two fully different authentications: identity-base authentication and anonymous authentication, while the remote user only holds a private key. Furthermore, our scheme only needs to transmit 1-round messages from the remote user to the server, thus it is very efficient in communication complexity. In addition, the most time-consuming computation in our scheme is elliptic curve scalar point multiplication, so it is also feasible even for mobile devices.

Scalable Authenticated Tree Based Group Key Exchange for Ad-Hoc Groups

NASA Astrophysics Data System (ADS)

Desmedt, Yvo; Lange, Tanja; Burmester, Mike

Task-specific groups are often formed in an ad-hoc manner within large corporate structures, such as companies. Take the following typical scenario: A director decides to set up a task force group for some specific project. An order is passed down the hierarchy where it finally reaches a manager who selects some employees to form the group. The members should communicate in a secure way and for efficiency, a symmetric encryption system is chosen. To establish a joint secret key for the group, a group key exchange (GKE) protocol is used. We show how to use an existing Public Key Infrastructure (PKI) to achieve authenticated GKE by modifying the protocol and particularly by including signatures.

Three-step semiquantum secure direct communication protocol

NASA Astrophysics Data System (ADS)

Zou, XiangFu; Qiu, DaoWen

2014-09-01

Quantum secure direct communication is the direct communication of secret messages without need for establishing a shared secret key first. In the existing schemes, quantum secure direct communication is possible only when both parties are quantum. In this paper, we construct a three-step semiquantum secure direct communication (SQSDC) protocol based on single photon sources in which the sender Alice is classical. In a semiquantum protocol, a person is termed classical if he (she) can measure, prepare and send quantum states only with the fixed orthogonal quantum basis {|0>, |1>}. The security of the proposed SQSDC protocol is guaranteed by the complete robustness of semiquantum key distribution protocols and the unconditional security of classical one-time pad encryption. Therefore, the proposed SQSDC protocol is also completely robust. Complete robustness indicates that nonzero information acquired by an eavesdropper Eve on the secret message implies the nonzero probability that the legitimate participants can find errors on the bits tested by this protocol. In the proposed protocol, we suggest a method to check Eves disturbing in the doves returning phase such that Alice does not need to announce publicly any position or their coded bits value after the photons transmission is completed. Moreover, the proposed SQSDC protocol can be implemented with the existing techniques. Compared with many quantum secure direct communication protocols, the proposed SQSDC protocol has two merits: firstly the sender only needs classical capabilities; secondly to check Eves disturbing after the transmission of quantum states, no additional classical information is needed.

3 CFR 13526 - Executive Order 13526 of December 29, 2009. Classified National Security Information

Code of Federal Regulations, 2010 CFR

2010-01-01

... of weapons of mass destruction. Sec. 1.5. Duration of Classification. (a) At the time of original... intelligence source or key design concepts of weapons of mass destruction, the date or event shall not exceed the time frame established in paragraph (b) of this section. (b) If the original classification...

Applying your corporate compliance skills to the HIPAA security standard.

PubMed

Carter, P I

2000-01-01

Compliance programs are an increasingly hot topic among healthcare providers. These programs establish policies and procedures covering billing, referrals, gifts, confidentiality of patient records, and many other areas. The purpose is to help providers prevent and detect violations of the law. These programs are voluntary, but are also simply good business practice. Any compliance program should now incorporate the Health Insurance Portability and Accountability Act (HIPAA) security standard. Several sets of guidelines for development of compliance programs have been issued by the federal government, and each is directed toward a different type of healthcare provider. These guidelines share certain key features with the HIPAA security standard. This article examines the common areas between compliance programs and the HIPAA security standard to help you to do two very important things: (1) Leverage your resources by combining compliance with the security standard with other legal and regulatory compliance efforts, and (2) apply the lessons learned in developing your corporate compliance program to developing strategies for compliance with the HIPAA security standard.

Continuous-variable quantum cryptography with an untrusted relay: Detailed security analysis of the symmetric configuration

NASA Astrophysics Data System (ADS)

Ottaviani, Carlo; Spedalieri, Gaetana; Braunstein, Samuel L.; Pirandola, Stefano

2015-02-01

We consider the continuous-variable protocol of Pirandola et al. [arXiv:1312.4104] where the secret key is established by the measurement of an untrusted relay. In this network protocol, two authorized parties are connected to an untrusted relay by insecure quantum links. Secret correlations are generated by a continuous-variable Bell detection performed on incoming coherent states. In the present work we provide a detailed study of the symmetric configuration, where the relay is midway between the parties. We analyze symmetric eavesdropping strategies against the quantum links explicitly showing that, at fixed transmissivity and thermal noise, two-mode coherent attacks are optimal, manifestly outperforming one-mode collective attacks based on independent entangling cloners. Such an advantage is shown both in terms of security threshold and secret-key rate.

Centralized Cryptographic Key Management and Critical Risk Assessment - CRADA Final Report For CRADA Number NFE-11-03562

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, R. K.; Peters, Scott

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) Cyber Security for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing Cyber Security for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modifiedmore » and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Cryptographic Key Management and Critical Risk Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and usedmore » as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Ecology and equity: key determinants of sustainable water security.

PubMed

Swaminathan, M S

2001-01-01

Trends in water consumption indicate that demand for water for household and industrial uses in developing countries could double as a proportion of total water demand in the next 25 years. Scope for expansion of water supply will, at the same time, be limited because development of irrigation and urban water supplies is becoming increasingly expensive, and often involves high costs in terms of environmental degradation and human resettlement. Without fundamental reform of water management, the rapid growth in urban water demand will require large transfers of water from irrigated agriculture, thereby threatening food security. Hence, water supply and demand should be managed in an integrated fashion, simultaneously considering all uses and sources. This will call for the establishment of community centred food and water security systems and national water trusts. Once such systems and Trusts are established there could be a legally binding Global Water Convention on the model of the Global Convention on Climate and Biodiversity. The details of such a Global Water Conventions can be finalized at one of the future Stockholm Water Symposia. There are uncommon opportunities today for a water-secure world through synergy between technology, public policy and peoples' participation.

Multicomponent reactions provide key molecules for secret communication.

PubMed

Boukis, Andreas C; Reiter, Kevin; Frölich, Maximiliane; Hofheinz, Dennis; Meier, Michael A R

2018-04-12

A convenient and inherently more secure communication channel for encoding messages via specifically designed molecular keys is introduced by combining advanced encryption standard cryptography with molecular steganography. The necessary molecular keys require large structural diversity, thus suggesting the application of multicomponent reactions. Herein, the Ugi four-component reaction of perfluorinated acids is utilized to establish an exemplary database consisting of 130 commercially available components. Considering all permutations, this combinatorial approach can unambiguously provide 500,000 molecular keys in only one synthetic procedure per key. The molecular keys are transferred nondigitally and concealed by either adsorption onto paper, coffee, tea or sugar as well as by dissolution in a perfume or in blood. Re-isolation and purification from these disguises is simplified by the perfluorinated sidechains of the molecular keys. High resolution tandem mass spectrometry can unequivocally determine the molecular structure and thus the identity of the key for a subsequent decryption of an encoded message.

A Practitioner's Introduction to Equating with Primers on Classical Test Theory and Item Response Theory

ERIC Educational Resources Information Center

Ryan, Joseph; Brockmann, Frank

2009-01-01

Equating is an essential tool in educational assessment due the critical role it plays in several key areas: establishing validity across forms and years; fairness; test security; and, increasingly, continuity in programs that release items or require ongoing development. Although the practice of equating is rooted in long standing practices that…

Fault-tolerant Remote Quantum Entanglement Establishment for Secure Quantum Communications

NASA Astrophysics Data System (ADS)

Tsai, Chia-Wei; Lin, Jason

2016-07-01

This work presents a strategy for constructing long-distance quantum communications among a number of remote users through collective-noise channel. With the assistance of semi-honest quantum certificate authorities (QCAs), the remote users can share a secret key through fault-tolerant entanglement swapping. The proposed protocol is feasible for large-scale distributed quantum networks with numerous users. Each pair of communicating parties only needs to establish the quantum channels and the classical authenticated channels with his/her local QCA. Thus, it enables any user to communicate freely without point-to-point pre-establishing any communication channels, which is efficient and feasible for practical environments.

A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

PubMed

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

2014-09-01

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

Failure Impact Analysis of Key Management in AMI Using Cybernomic Situational Assessment (CSA)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

In earlier work, we presented a computational framework for quantifying the security of a system in terms of the average loss a stakeholder stands to sustain as a result of threats to the system. We named this system, the Cyberspace Security Econometrics System (CSES). In this paper, we refine the framework and apply it to cryptographic key management within the Advanced Metering Infrastructure (AMI) as an example. The stakeholders, requirements, components, and threats are determined. We then populate the matrices with justified values by addressing the AMI at a higher level, rather than trying to consider every piece of hardwaremore » and software involved. We accomplish this task by leveraging the recently established NISTR 7628 guideline for smart grid security. This allowed us to choose the stakeholders, requirements, components, and threats realistically. We reviewed the literature and selected an industry technical working group to select three representative threats from a collection of 29 threats. From this subset, we populate the stakes, dependency, and impact matrices, and the threat vector with realistic numbers. Each Stakeholder s Mean Failure Cost is then computed.« less

Secure and Privacy Enhanced Gait Authentication on Smart Phone

PubMed Central

Choi, Deokjai

2014-01-01

Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits. PMID:24955403

Device interoperability and authentication for telemedical appliance based on the ISO/IEEE 11073 Personal Health Device (PHD) Standards.

PubMed

Caranguian, Luther Paul R; Pancho-Festin, Susan; Sison, Luis G

2012-01-01

In this study, we focused on the interoperability and authentication of medical devices in the context of telemedical systems. A recent standard called the ISO/IEEE 11073 Personal Health Device (X73-PHD) Standards addresses the device interoperability problem by defining common protocols for agent (medical device) and manager (appliance) interface. The X73-PHD standard however has not addressed security and authentication of medical devices which is important in establishing integrity of a telemedical system. We have designed and implemented a security policy within the X73-PHD standards. The policy will enable device authentication using Asymmetric-Key Cryptography and the RSA algorithm as the digital signature scheme. We used two approaches for performing the digital signatures: direct software implementation and use of embedded security modules (ESM). The two approaches were evaluated and compared in terms of execution time and memory requirement. For the standard 2048-bit RSA, ESM calculates digital signatures only 12% of the total time for the direct implementation. Moreover, analysis shows that ESM offers more security advantage such as secure storage of keys compared to using direct implementation. Interoperability with other systems was verified by testing the system with LNI Healthlink, a manager software that implements the X73-PHD standard. Lastly, security analysis was done and the system's response to common attacks on authentication systems was analyzed and several measures were implemented to protect the system against them.

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

PubMed

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

2016-11-01

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

Healthcare public key infrastructure (HPKI) and non-profit organization (NPO): essentials for healthcare data exchange.

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Nakagawa, Katsuhiko; Teratani, Tadamasa; Qiyan, Zhang; Kusuoka, Hideo; Matsuoka, Masami

2004-01-01

To share healthcare information and to promote cooperation among healthcare providers and customers (patients) under computerized network environment, a non-profit organization (NPO), named as OCHIS, was established at Osaka, Japan in 2003. Since security and confidentiality issues on the Internet have been major concerns in the OCHIS, the system has been based on healthcare public key infrastructure (HPKI), and found that there remained problems to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority by contracting with the Ministry of Economics and Trading Industries in 2003. This paper describes the experimental design with NPO and the results of the study concerning message security and HPKI. The developed system has been operated practically in Osaka urban area.

An Authentication Protocol for Future Sensor Networks.

PubMed

Bilal, Muhammad; Kang, Shin-Gak

2017-04-28

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN-logic) and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols.

An Authentication Protocol for Future Sensor Networks

PubMed Central

Bilal, Muhammad; Kang, Shin-Gak

2017-01-01

Authentication is one of the essential security services in Wireless Sensor Networks (WSNs) for ensuring secure data sessions. Sensor node authentication ensures the confidentiality and validity of data collected by the sensor node, whereas user authentication guarantees that only legitimate users can access the sensor data. In a mobile WSN, sensor and user nodes move across the network and exchange data with multiple nodes, thus experiencing the authentication process multiple times. The integration of WSNs with Internet of Things (IoT) brings forth a new kind of WSN architecture along with stricter security requirements; for instance, a sensor node or a user node may need to establish multiple concurrent secure data sessions. With concurrent data sessions, the frequency of the re-authentication process increases in proportion to the number of concurrent connections. Moreover, to establish multiple data sessions, it is essential that a protocol participant have the capability of running multiple instances of the protocol run, which makes the security issue even more challenging. The currently available authentication protocols were designed for the autonomous WSN and do not account for the above requirements. Hence, ensuring a lightweight and efficient authentication protocol has become more crucial. In this paper, we present a novel, lightweight and efficient key exchange and authentication protocol suite called the Secure Mobile Sensor Network (SMSN) Authentication Protocol. In the SMSN a mobile node goes through an initial authentication procedure and receives a re-authentication ticket from the base station. Later a mobile node can use this re-authentication ticket when establishing multiple data exchange sessions and/or when moving across the network. This scheme reduces the communication and computational complexity of the authentication process. We proved the strength of our protocol with rigorous security analysis (including formal analysis using the BAN-logic) and simulated the SMSN and previously proposed schemes in an automated protocol verifier tool. Finally, we compared the computational complexity and communication cost against well-known authentication protocols. PMID:28452937

Security Standards and Best Practice Considerations for Quantum Key Distribution (QKD)

DTIC Science & Technology

2012-03-01

SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY DISTRIBUTION (QKD) THESIS...protection in the United States. AFIT/GSE/ENV/12-M05 SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY DISTRIBUTION (QKD...FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED. AFIT/GSE/ENV/12-M05 SECURITY STANDARDS AND BEST PRACTICE CONSIDERATIONS FOR QUANTUM KEY

Position-based quantum cryptography over untrusted networks

NASA Astrophysics Data System (ADS)

Nadeem, Muhammad

2014-08-01

In this article, we propose quantum position verification (QPV) schemes where all the channels are untrusted except the position of the prover and distant reference stations of verifiers. We review and analyze the existing QPV schemes containing some pre-shared data between the prover and verifiers. Most of these schemes are based on non-cryptographic assumptions, i.e. quantum/classical channels between the verifiers are secure. It seems impractical in an environment fully controlled by adversaries and would lead to security compromise in practical implementations. However, our proposed formula for QPV is more robust, secure and according to the standard assumptions of cryptography. Furthermore, once the position of the prover is verified, our schemes establish secret keys in parallel and can be used for authentication and secret communication between the prover and verifiers.

Nuclear Arms Control, Nonproliferation, and Counterterrorism: Impacts on Public Health

PubMed Central

Pregenzer, Arian

2014-01-01

Reducing the risks of nuclear war, limiting the spread of nuclear weapons, and reducing global nuclear weapons stockpiles are key national and international security goals. They are pursued through a variety of international arms control, nonproliferation, and counterterrorism treaties and agreements. These legally binding and political commitments, together with the institutional infrastructure that supports them, work to establish global norms of behavior and have limited the spread of weapons of mass destruction. Beyond the primary security objectives, reducing the likelihood of the use of nuclear weapons, preventing environmental releases of radioactive material, increasing the availability of safe and secure nuclear technology for peaceful purposes, and providing scientific data relevant to predicting and managing the consequences of natural or human-caused disasters worldwide provide significant benefits to global public health. PMID:24524501

Towards a Scalable Group Vehicle-based Security System

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carter, Jason M

2016-01-01

In August 2014, the National Highway Traffic Safety Administration (NHTSA) proposed new rulemaking to require V2V communication in light vehicles. To establish trust in the basic safety messages (BSMs) that are exchanged by vehicles to improve driver safety, a vehicle public key infrastructure (VPKI) is required. We outline a system where a group or groups of vehicles manage and generate their own BSM signing keys and authenticating certificates -- a Vehicle-Based Security System (VBSS). Based on our preliminary examination, we assert the mechanisms exist to implement a VBSS that supports V2V communications; however, maintaining uniform trust throughout the system whilemore » protecting individual privacy does require reliance on nascent group signature technology which may require a significant amount of communication overhead for trust maintenance. To better evaluate the VBSS approach, we compare it to the proposed Security Credential Management System (SCMS) in four major areas including bootstrapping, pseudonym provisioning, BSM signing and authentication, and revocation. System scale, driver privacy, and the distribution and dynamics of participants make designing an effective VPKI an interesting and challenging problem; no clear-cut strategy exists to satisfy the security and privacy expectations in a highly efficient way. More work is needed in VPKI research, so the life-saving promise of V2V technology can be achieved.« less

Performance of device-independent quantum key distribution

NASA Astrophysics Data System (ADS)

Cao, Zhu; Zhao, Qi; Ma, Xiongfeng

2016-07-01

Quantum key distribution provides information-theoretically-secure communication. In practice, device imperfections may jeopardise the system security. Device-independent quantum key distribution solves this problem by providing secure keys even when the quantum devices are untrusted and uncharacterized. Following a recent security proof of the device-independent quantum key distribution, we improve the key rate by tightening the parameter choice in the security proof. In practice where the system is lossy, we further improve the key rate by taking into account the loss position information. From our numerical simulation, our method can outperform existing results. Meanwhile, we outline clear experimental requirements for implementing device-independent quantum key distribution. The maximal tolerable error rate is 1.6%, the minimal required transmittance is 97.3%, and the minimal required visibility is 96.8 % .

A Key Establishment Protocol for RFID User in IPTV Environment

NASA Astrophysics Data System (ADS)

Jeong, Yoon-Su; Kim, Yong-Tae; Sohn, Jae-Min; Park, Gil-Cheol; Lee, Sang-Ho

In recent years, the usage of IPTV (Internet Protocol Television) has been increased. The reason is a technological convergence of broadcasting and telecommunication delivering interactive applications and multimedia content through high speed Internet connections. The main critical point of IPTV security requirements is subscriber authentication. That is, IPTV service should have the capability to identify the subscribers to prohibit illegal access. Currently, IPTV service does not provide a sound authentication mechanism to verify the identity of its wireless users (or devices). This paper focuses on a lightweight authentication and key establishment protocol based on the use of hash functions. The proposed approach provides effective authentication for a mobile user with a RFID tag whose authentication information is communicated back and forth with the IPTV authentication server via IPTV set-top box (STB). That is, the proposed protocol generates user's authentication information that is a bundle of two public keys derived from hashing user's private keys and RFID tag's session identifier, and adds 1bit to this bundled information for subscriber's information confidentiality before passing it to the authentication server.

Key Exchange Trust Evaluation in Peer-to-Peer Sensor Networks With Unconditionally Secure Key Exchange

NASA Astrophysics Data System (ADS)

Gonzalez, Elias; Kish, Laszlo B.

2016-03-01

As the utilization of sensor networks continue to increase, the importance of security becomes more profound. Many industries depend on sensor networks for critical tasks, and a malicious entity can potentially cause catastrophic damage. We propose a new key exchange trust evaluation for peer-to-peer sensor networks, where part of the network has unconditionally secure key exchange. For a given sensor, the higher the portion of channels with unconditionally secure key exchange the higher the trust value. We give a brief introduction to unconditionally secured key exchange concepts and mention current trust measures in sensor networks. We demonstrate the new key exchange trust measure on a hypothetical sensor network using both wired and wireless communication channels.

Towards secure quantum key distribution protocol for wireless LANs: a hybrid approach

NASA Astrophysics Data System (ADS)

Naik, R. Lalu; Reddy, P. Chenna

2015-12-01

The primary goals of security such as authentication, confidentiality, integrity and non-repudiation in communication networks can be achieved with secure key distribution. Quantum mechanisms are highly secure means of distributing secret keys as they are unconditionally secure. Quantum key distribution protocols can effectively prevent various attacks in the quantum channel, while classical cryptography is efficient in authentication and verification of secret keys. By combining both quantum cryptography and classical cryptography, security of communications over networks can be leveraged. Hwang, Lee and Li exploited the merits of both cryptographic paradigms for provably secure communications to prevent replay, man-in-the-middle, and passive attacks. In this paper, we propose a new scheme with the combination of quantum cryptography and classical cryptography for 802.11i wireless LANs. Since quantum cryptography is premature in wireless networks, our work is a significant step forward toward securing communications in wireless networks. Our scheme is known as hybrid quantum key distribution protocol. Our analytical results revealed that the proposed scheme is provably secure for wireless networks.

All about Eve: Secret Sharing using Quantum Effects

NASA Technical Reports Server (NTRS)

Jackson, Deborah J.

2005-01-01

This document discusses the nature of light (including classical light and photons), encryption, quantum key distribution (QKD), light polarization and beamsplitters and their application to information communication. A quantum of light represents the smallest possible subdivision of radiant energy (light) and is called a photon. The QKD key generation sequence is outlined including the receiver broadcasting the initial signal indicating reception availability, timing pulses from the sender to provide reference for gated detection of photons, the sender generating photons through random polarization while the receiver detects photons with random polarization and communicating via data link to mutually establish random keys. The QKD network vision includes inter-SATCOM, point-to-point Gnd Fiber and SATCOM-fiber nodes. QKD offers an unconditionally secure method of exchanging encryption keys. Ongoing research will focus on how to increase the key generation rate.

Exploring the Human Fabric through an Analyst's Eyes

NASA Astrophysics Data System (ADS)

Belov, Nadya; Patti, Jeff; Wilcox, Saki; Almanzar, Rafael; Kim, Janet; Kellogg, Jennifer; Dang, Steven

The nature and type of conflicts drastically changed in the last half of the twentieth century. Wars are no longer limited to the field; they are supplemented with guerrilla warfare and other asymmetric warfare tactics including domestic terrorism. Domestic terrorism has demonstrated a need for improved homeland security capabilities. Establishing and maintaining the understanding of the key players and the underlying social networks is essential to combating asynchronous warfare tactics. Herein, we identify the key challenges addressed by our Collection/Exploitation Decision System (CEDS) that assist analysts in maintaining an up-to-date understanding of dynamic human networks.

Two-party quantum key agreement with five-particle entangled states

NASA Astrophysics Data System (ADS)

He, Ye-Feng; Ma, Wen-Ping

A two-party quantum key agreement protocol is proposed with five-particle entangled states and the delayed measurement technique. According to the measurement correlation property of five-particle entangled states, two participants can deduce the measurement results of each other’s initial quantum states. As a result, two parties can extract the secret keys of each other by using the publicly announced value or by performing the delayed measurement, respectively. Thus, a shared key is fairly established. Since each particle is transmitted only once in quantum channel, the protocol is congenitally free from the Trojan horse attacks. It is shown that the protocol not only is secure against both participant and outsider attacks but also has no information leakage problem. Moreover, it has high qubit efficiency.

12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Establishing Information Security Standards Table of Contents I. Introduction A. Scope B. Preservation of... Security Program B. Objectives III. Development and Implementation of Customer Information Security Program.... Introduction The Interagency Guidelines Establishing Information Security Standards (Guidelines) set forth...

Securing non-volatile memory regions

DOE Office of Scientific and Technical Information (OSTI.GOV)

Faraboschi, Paolo; Ranganathan, Parthasarathy; Muralimanohar, Naveen

Methods, apparatus and articles of manufacture to secure non-volatile memory regions are disclosed. An example method disclosed herein comprises associating a first key pair and a second key pair different than the first key pair with a process, using the first key pair to secure a first region of a non-volatile memory for the process, and using the second key pair to secure a second region of the non-volatile memory for the same process, the second region being different than the first region.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting.

PubMed

Lin, Tsung-Hung; Tsung, Chen-Kun; Lee, Tian-Fu; Wang, Zeng-Bo

2017-12-03

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie-Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions.

Design of Secure and Lightweight Authentication Protocol for Wearable Devices Environment.

PubMed

Das, Ashok Kumar; Wazid, Mohammad; Kumar, Neeraj; Khan, Muhammad Khurram; Choo, Kim-Kwang Raymond; Park, YoungHo

2017-09-18

Wearable devices are used in various applications to collect information including step information, sleeping cycles, workout statistics, and health related information. Due to the nature and richness of the data collected by such devices, it is important to ensure the security of the collected data. This paper presents a new lightweight authentication scheme suitable for wearable device deployment. The scheme allows a user to mutually authenticate his/her wearable device(s) and the mobile terminal (e.g., Android and iOS device) and establish a session key among these devices (worn and carried by the same user) for secure communication between the wearable device and the mobile terminal. The security of the proposed scheme is then demonstrated through the broadly-accepted Real-Or-Random model, as well as using the popular formal security verification tool, known as the Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, we present a comparative summary of the proposed scheme in terms of the overheads such as computation and communication costs, security and functionality features of the proposed scheme and related schemes, and also the evaluation findings from the NS2 simulation.

Fundamental quantitative security in quantum key generation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yuen, Horace P.

2010-12-15

We analyze the fundamental security significance of the quantitative criteria on the final generated key K in quantum key generation including the quantum criterion d, the attacker's mutual information on K, and the statistical distance between her distribution on K and the uniform distribution. For operational significance a criterion has to produce a guarantee on the attacker's probability of correctly estimating some portions of K from her measurement, in particular her maximum probability of identifying the whole K. We distinguish between the raw security of K when the attacker just gets at K before it is used in a cryptographicmore » context and its composition security when the attacker may gain further information during its actual use to help get at K. We compare both of these securities of K to those obtainable from conventional key expansion with a symmetric key cipher. It is pointed out that a common belief in the superior security of a quantum generated K is based on an incorrect interpretation of d which cannot be true, and the security significance of d is uncertain. Generally, the quantum key distribution key K has no composition security guarantee and its raw security guarantee from concrete protocols is worse than that of conventional ciphers. Furthermore, for both raw and composition security there is an exponential catch-up problem that would make it difficult to quantitatively improve the security of K in a realistic protocol. Some possible ways to deal with the situation are suggested.« less

Practical device-independent quantum cryptography via entropy accumulation.

PubMed

Arnon-Friedman, Rotem; Dupuis, Frédéric; Fawzi, Omar; Renner, Renato; Vidick, Thomas

2018-01-31

Device-independent cryptography goes beyond conventional quantum cryptography by providing security that holds independently of the quality of the underlying physical devices. Device-independent protocols are based on the quantum phenomena of non-locality and the violation of Bell inequalities. This high level of security could so far only be established under conditions which are not achievable experimentally. Here we present a property of entropy, termed "entropy accumulation", which asserts that the total amount of entropy of a large system is the sum of its parts. We use this property to prove the security of cryptographic protocols, including device-independent quantum key distribution, while achieving essentially optimal parameters. Recent experimental progress, which enabled loophole-free Bell tests, suggests that the achieved parameters are technologically accessible. Our work hence provides the theoretical groundwork for experimental demonstrations of device-independent cryptography.

Nuclear Arms Control, Nonproliferation, and Counterterrorism: Impacts on Public Health

DOE PAGES

Dreicer, Mona; Pregenzer, Arian

2014-04-01

Reducing the risks of nuclear war, limiting the spread of nuclear weapons and reducing global nuclear weapons stockpiles are key national and international security goals. They are pursued through a variety of international arms control, nonproliferation and counter-terrorism treaties and agreements. These legally binding and political commitments, together with the institutional infrastructure that supports them, work to establish global norms of behavior and have limited the spread of weapons of mass destruction. Beyond the primary security objectives, reducing the likelihood of the use of nuclear weapons, preventing environmental releases of radioactive material, increasing the availability of safe and secure nuclearmore » technology for peaceful purposes, and providing scientific data relevant to predicting and managing the consequences of natural or human-caused disasters world-wide provide significant benefits to global public health.« less

Cryptography in the Bounded-Quantum-Storage Model

NASA Astrophysics Data System (ADS)

Schaffner, Christian

2007-09-01

This thesis initiates the study of cryptographic protocols in the bounded-quantum-storage model. On the practical side, simple protocols for Rabin Oblivious Transfer, 1-2 Oblivious Transfer and Bit Commitment are presented. No quantum memory is required for honest players, whereas the protocols can only be broken by an adversary controlling a large amount of quantum memory. The protocols are efficient, non-interactive and can be implemented with today's technology. On the theoretical side, new entropic uncertainty relations involving min-entropy are established and used to prove the security of protocols according to new strong security definitions. For instance, in the realistic setting of Quantum Key Distribution (QKD) against quantum-memory-bounded eavesdroppers, the uncertainty relation allows to prove the security of QKD protocols while tolerating considerably higher error rates compared to the standard model with unbounded adversaries.

How to Train an Army of Intelligence Analysts

DTIC Science & Technology

2005-09-01

united during one moment in time by: the mutual need to empower indigenous security forces amidst crisis , the need to establish or improve a bilateral...will demonstrate the difference between the execution of a short- term, short- sighted commitment in a country engulfed in crisis and the use of...key terrain and the conduits of transnational and transcultural issues. Likewise, intelligence professionals in current and future nation building

Report on Progress Toward Security and Stability in Afghanistan

DTIC Science & Technology

2010-11-01

National Governance Policy The Sub National Governance ( SNG ) Policy establishes a framework for instituting government reforms over the next 15 years.34...governance and development initiatives, such as the National Solidarity Program and the Afghan Social Outreach Program, align with the new SNG policy...review implementation progress from a financing perspective. 4. Municipal governance - A key component of the SNG policy reform will be to draft a

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

2015-08-01

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

Secure SCADA communication by using a modified key management scheme.

PubMed

Rezai, Abdalhossein; Keshavarzi, Parviz; Moravej, Zahra

2013-07-01

This paper presents and evaluates a new cryptographic key management scheme which increases the efficiency and security of the Supervisory Control And Data Acquisition (SCADA) communication. In the proposed key management scheme, two key update phases are used: session key update and master key update. In the session key update phase, session keys are generated in the master station. In the master key update phase, the Elliptic Curve Diffie-Hellman (ECDH) protocol is used. The Poisson process is also used to model the Security Index (SI) and Quality of Service (QoS). Our analysis shows that the proposed key management not only supports the required speed in the MODBUS implementation but also has several advantages compared to other key management schemes for secure communication in SCADA networks. Copyright © 2013 ISA. Published by Elsevier Ltd. All rights reserved.

Security of Color Image Data Designed by Public-Key Cryptosystem Associated with 2D-DWT

NASA Astrophysics Data System (ADS)

Mishra, D. C.; Sharma, R. K.; Kumar, Manish; Kumar, Kuldeep

2014-08-01

In present times the security of image data is a major issue. So, we have proposed a novel technique for security of color image data by public-key cryptosystem or asymmetric cryptosystem. In this technique, we have developed security of color image data using RSA (Rivest-Shamir-Adleman) cryptosystem with two-dimensional discrete wavelet transform (2D-DWT). Earlier proposed schemes for security of color images designed on the basis of keys, but this approach provides security of color images with the help of keys and correct arrangement of RSA parameters. If the attacker knows about exact keys, but has no information of exact arrangement of RSA parameters, then the original information cannot be recovered from the encrypted data. Computer simulation based on standard example is critically examining the behavior of the proposed technique. Security analysis and a detailed comparison between earlier developed schemes for security of color images and proposed technique are also mentioned for the robustness of the cryptosystem.

A Round-Efficient Authenticated Key Agreement Scheme Based on Extended Chaotic Maps for Group Cloud Meeting

PubMed Central

Lee, Tian-Fu; Wang, Zeng-Bo

2017-01-01

The security is a critical issue for business purposes. For example, the cloud meeting must consider strong security to maintain the communication privacy. Considering the scenario with cloud meeting, we apply extended chaotic map to present passwordless group authentication key agreement, termed as Passwordless Group Authentication Key Agreement (PL-GAKA). PL-GAKA improves the computation efficiency for the simple group password-based authenticated key agreement (SGPAKE) proposed by Lee et al. in terms of computing the session key. Since the extended chaotic map has equivalent security level to the Diffie–Hellman key exchange scheme applied by SGPAKE, the security of PL-GAKA is not sacrificed when improving the computation efficiency. Moreover, PL-GAKA is a passwordless scheme, so the password maintenance is not necessary. Short-term authentication is considered, hence the communication security is stronger than other protocols by dynamically generating session key in each cloud meeting. In our analysis, we first prove that each meeting member can get the correct information during the meeting. We analyze common security issues for the proposed PL-GAKA in terms of session key security, mutual authentication, perfect forward security, and data integrity. Moreover, we also demonstrate that communicating in PL-GAKA is secure when suffering replay attacks, impersonation attacks, privileged insider attacks, and stolen-verifier attacks. Eventually, an overall comparison is given to show the performance between PL-GAKA, SGPAKE and related solutions. PMID:29207509

High-Speed Large-Alphabet Quantum Key Distribution Using Photonic Integrated Circuits

DTIC Science & Technology

2014-01-28

polarizing beam splitter, TDC: time-to-digital converter. Extra&loss& photon/bin frame size QSER secure bpp ECC secure&key&rate& none& 0.0031 64 14...to-digital converter. photon/frame frame size QSER secure bpp ECC secure&key& rate& 1.3 16 9.5 % 2.9 layered LDPC 7.3&Mbps& Figure 24: Operating

An enhanced biometric authentication scheme for telecare medicine information systems with nonce using chaotic hash function.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2014-06-01

Recently, Awasthi and Srivastava proposed a novel biometric remote user authentication scheme for the telecare medicine information system (TMIS) with nonce. Their scheme is very efficient as it is based on efficient chaotic one-way hash function and bitwise XOR operations. In this paper, we first analyze Awasthi-Srivastava's scheme and then show that their scheme has several drawbacks: (1) incorrect password change phase, (2) fails to preserve user anonymity property, (3) fails to establish a secret session key beween a legal user and the server, (4) fails to protect strong replay attack, and (5) lacks rigorous formal security analysis. We then a propose a novel and secure biometric-based remote user authentication scheme in order to withstand the security flaw found in Awasthi-Srivastava's scheme and enhance the features required for an idle user authentication scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against passive and active attacks, including the replay and man-in-the-middle attacks. Our scheme is also efficient as compared to Awasthi-Srivastava's scheme.

Context matters: the structure of task goals affects accuracy in multiple-target visual search.

PubMed

Clark, Kait; Cain, Matthew S; Adcock, R Alison; Mitroff, Stephen R

2014-05-01

Career visual searchers such as radiologists and airport security screeners strive to conduct accurate visual searches, but despite extensive training, errors still occur. A key difference between searches in radiology and airport security is the structure of the search task: Radiologists typically scan a certain number of medical images (fixed objective), and airport security screeners typically search X-rays for a specified time period (fixed duration). Might these structural differences affect accuracy? We compared performance on a search task administered either under constraints that approximated radiology or airport security. Some displays contained more than one target because the presence of multiple targets is an established source of errors for career searchers, and accuracy for additional targets tends to be especially sensitive to contextual conditions. Results indicate that participants searching within the fixed objective framework produced more multiple-target search errors; thus, adopting a fixed duration framework could improve accuracy for career searchers. Copyright © 2013 Elsevier Ltd and The Ergonomics Society. All rights reserved.

Verifier-based three-party authentication schemes using extended chaotic maps for data exchange in telecare medicine information systems.

PubMed

Lee, Tian-Fu

2014-12-01

Telecare medicine information systems provide a communicating platform for accessing remote medical resources through public networks, and help health care workers and medical personnel to rapidly making correct clinical decisions and treatments. An authentication scheme for data exchange in telecare medicine information systems enables legal users in hospitals and medical institutes to establish a secure channel and exchange electronic medical records or electronic health records securely and efficiently. This investigation develops an efficient and secure verified-based three-party authentication scheme by using extended chaotic maps for data exchange in telecare medicine information systems. The proposed scheme does not require server's public keys and avoids time-consuming modular exponential computations and scalar multiplications on elliptic curve used in previous related approaches. Additionally, the proposed scheme is proven secure in the random oracle model, and realizes the lower bounds of messages and rounds in communications. Compared to related verified-based approaches, the proposed scheme not only possesses higher security, but also has lower computational cost and fewer transmissions. Copyright © 2014 Elsevier Ireland Ltd. All rights reserved.

Finite-key analysis for measurement-device-independent quantum key distribution.

PubMed

Curty, Marcos; Xu, Feihu; Cui, Wei; Lim, Charles Ci Wen; Tamaki, Kiyoshi; Lo, Hoi-Kwong

2014-04-29

Quantum key distribution promises unconditionally secure communications. However, as practical devices tend to deviate from their specifications, the security of some practical systems is no longer valid. In particular, an adversary can exploit imperfect detectors to learn a large part of the secret key, even though the security proof claims otherwise. Recently, a practical approach--measurement-device-independent quantum key distribution--has been proposed to solve this problem. However, so far its security has only been fully proven under the assumption that the legitimate users of the system have unlimited resources. Here we fill this gap and provide a rigorous security proof against general attacks in the finite-key regime. This is obtained by applying large deviation theory, specifically the Chernoff bound, to perform parameter estimation. For the first time we demonstrate the feasibility of long-distance implementations of measurement-device-independent quantum key distribution within a reasonable time frame of signal transmission.

On the complexity of search for keys in quantum cryptography

NASA Astrophysics Data System (ADS)

Molotkov, S. N.

2016-03-01

The trace distance is used as a security criterion in proofs of security of keys in quantum cryptography. Some authors doubted that this criterion can be reduced to criteria used in classical cryptography. The following question has been answered in this work. Let a quantum cryptography system provide an ɛ-secure key such that ½‖ρ XE - ρ U ⊗ ρ E ‖1 < ɛ, which will be repeatedly used in classical encryption algorithms. To what extent does the ɛ-secure key reduce the number of search steps (guesswork) as compared to the use of ideal keys? A direct relation has been demonstrated between the complexity of the complete consideration of keys, which is one of the main security criteria in classical systems, and the trace distance used in quantum cryptography. Bounds for the minimum and maximum numbers of search steps for the determination of the actual key have been presented.

Simple proof of security of the BB84 quantum key distribution protocol

PubMed

Shor; Preskill

2000-07-10

We prove that the 1984 protocol of Bennett and Brassard (BB84) for quantum key distribution is secure. We first give a key distribution protocol based on entanglement purification, which can be proven secure using methods from Lo and Chau's proof of security for a similar protocol. We then show that the security of this protocol implies the security of BB84. The entanglement purification based protocol uses Calderbank-Shor-Steane codes, and properties of these codes are used to remove the use of quantum computation from the Lo-Chau protocol.

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks

PubMed Central

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-01-01

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al’s method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration. PMID:28335572

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

PubMed

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-03-21

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

DNA based random key generation and management for OTP encryption.

PubMed

Zhang, Yunpeng; Liu, Xin; Sun, Manhui

2017-09-01

One-time pad (OTP) is a principle of key generation applied to the stream ciphering method which offers total privacy. The OTP encryption scheme has proved to be unbreakable in theory, but difficult to realize in practical applications. Because OTP encryption specially requires the absolute randomness of the key, its development has suffered from dense constraints. DNA cryptography is a new and promising technology in the field of information security. DNA chromosomes storing capabilities can be used as one-time pad structures with pseudo-random number generation and indexing in order to encrypt the plaintext messages. In this paper, we present a feasible solution to the OTP symmetric key generation and transmission problem with DNA at the molecular level. Through recombinant DNA technology, by using only sender-receiver known restriction enzymes to combine the secure key represented by DNA sequence and the T vector, we generate the DNA bio-hiding secure key and then place the recombinant plasmid in implanted bacteria for secure key transmission. The designed bio experiments and simulation results show that the security of the transmission of the key is further improved and the environmental requirements of key transmission are reduced. Analysis has demonstrated that the proposed DNA-based random key generation and management solutions are marked by high security and usability. Published by Elsevier B.V.

Design principles in the development of (public) health information infrastructures.

PubMed

Neame, Roderick

2012-01-01

In this article the author outlines the key issues in the development of a regional health information infrastructure suitable for public health data collections. A set of 10 basic design and development principles as used and validated in the development of the successful New Zealand National Health Information Infrastructure in 1993 are put forward as a basis for future developments. The article emphasises the importance of securing clinical input into any health data that is collected, and suggests strategies whereby this may be achieved, including creating an information economy alongside the care economy. It is suggested that the role of government in such developments is to demonstrate leadership, to work with the sector to develop data, messaging and security standards, to establish key online indexes, to develop data warehouses and to create financial incentives for adoption of the infrastructure and the services it delivers to users. However experience suggests that government should refrain from getting involved in local care services data infrastructure, technology and management issues.

Partially Key Distribution with Public Key Cryptosystem Based on Error Control Codes

NASA Astrophysics Data System (ADS)

Tavallaei, Saeed Ebadi; Falahati, Abolfazl

Due to the low level of security in public key cryptosystems based on number theory, fundamental difficulties such as "key escrow" in Public Key Infrastructure (PKI) and a secure channel in ID-based cryptography, a new key distribution cryptosystem based on Error Control Codes (ECC) is proposed . This idea is done by some modification on McEliece cryptosystem. The security of ECC cryptosystem obtains from the NP-Completeness of block codes decoding. The capability of generating public keys with variable lengths which is suitable for different applications will be provided by using ECC. It seems that usage of these cryptosystems because of decreasing in the security of cryptosystems based on number theory and increasing the lengths of their keys would be unavoidable in future.

Secure Multicast Tree Structure Generation Method for Directed Diffusion Using A* Algorithms

NASA Astrophysics Data System (ADS)

Kim, Jin Myoung; Lee, Hae Young; Cho, Tae Ho

The application of wireless sensor networks to areas such as combat field surveillance, terrorist tracking, and highway traffic monitoring requires secure communication among the sensor nodes within the networks. Logical key hierarchy (LKH) is a tree based key management model which provides secure group communication. When a sensor node is added or evicted from the communication group, LKH updates the group key in order to ensure the security of the communications. In order to efficiently update the group key in directed diffusion, we propose a method for secure multicast tree structure generation, an extension to LKH that reduces the number of re-keying messages by considering the addition and eviction ratios of the history data. For the generation of the proposed key tree structure the A* algorithm is applied, in which the branching factor at each level can take on different value. The experiment results demonstrate the efficiency of the proposed key tree structure against the existing key tree structures of fixed branching factors.

On the security of a simple three-party key exchange protocol without server's public keys.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Park, Minkyu; Paik, Juryon; Won, Dongho

2014-01-01

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

On the Security of a Simple Three-Party Key Exchange Protocol without Server's Public Keys

PubMed Central

Nam, Junghyun; Choo, Kim-Kwang Raymond; Park, Minkyu; Paik, Juryon; Won, Dongho

2014-01-01

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients' passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol. PMID:25258723

The Challenges of Internetworking Unattended Autonomous Sensors

DTIC Science & Technology

2006-12-01

number of nodes that can hear the broadcast by a squared factor. The establishment of path keys for multi-hop range extension should however be used...Conf. on Info. Sci. and Syst. (CISS 󈧅), Baltimore, 21-23 March 2001 [9] R . Ramanathan, “On the Performance of Ad Hoc Networks with Beamforming...Computing”, Prentice Hall PTR, 2002 [12] S. Slijepcevic, M. Potkonjak, V. Tsiatsis, S. Zimbeck, M.B. Srivastava “On Communication Security inWireless Ad

Security of quantum key distribution with multiphoton components

PubMed Central

Yin, Hua-Lei; Fu, Yao; Mao, Yingqiu; Chen, Zeng-Bing

2016-01-01

Most qubit-based quantum key distribution (QKD) protocols extract the secure key merely from single-photon component of the attenuated lasers. However, with the Scarani-Acin-Ribordy-Gisin 2004 (SARG04) QKD protocol, the unconditionally secure key can be extracted from the two-photon component by modifying the classical post-processing procedure in the BB84 protocol. Employing the merits of SARG04 QKD protocol and six-state preparation, one can extract secure key from the components of single photon up to four photons. In this paper, we provide the exact relations between the secure key rate and the bit error rate in a six-state SARG04 protocol with single-photon, two-photon, three-photon, and four-photon sources. By restricting the mutual information between the phase error and bit error, we obtain a higher secure bit error rate threshold of the multiphoton components than previous works. Besides, we compare the performances of the six-state SARG04 with other prepare-and-measure QKD protocols using decoy states. PMID:27383014

Enhancing Heart-Beat-Based Security for mHealth Applications.

PubMed

Seepers, Robert M; Strydis, Christos; Sourdis, Ioannis; De Zeeuw, Chris I

2017-01-01

In heart-beat-based security, a security key is derived from the time difference between consecutive heart beats (the inter-pulse interval, IPI), which may, subsequently, be used to enable secure communication. While heart-beat-based security holds promise in mobile health (mHealth) applications, there currently exists no work that provides a detailed characterization of the delivered security in a real system. In this paper, we evaluate the strength of IPI-based security keys in the context of entity authentication. We investigate several aspects that should be considered in practice, including subjects with reduced heart-rate variability (HRV), different sensor-sampling frequencies, intersensor variability (i.e., how accurate each entity may measure heart beats) as well as average and worst-case-authentication time. Contrary to the current state of the art, our evaluation demonstrates that authentication using multiple, less-entropic keys may actually increase the key strength by reducing the effects of intersensor variability. Moreover, we find that the maximal key strength of a 60-bit key varies between 29.2 bits and only 5.7 bits, depending on the subject's HRV. To improve security, we introduce the inter-multi-pulse interval (ImPI), a novel method of extracting entropy from the heart by considering the time difference between nonconsecutive heart beats. Given the same authentication time, using the ImPI for key generation increases key strength by up to 3.4 × (+19.2 bits) for subjects with limited HRV, at the cost of an extended key-generation time of 4.8 × (+45 s).

A Security Proof of Measurement Device Independent Quantum Key Distribution: From the View of Information Theory

NASA Astrophysics Data System (ADS)

Li, Fang-Yi; Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Wang, Shuang; Wen, Hao; Zhao, Yi-Bo; Han, Zheng-Fu

2014-07-01

Although some ideal quantum key distribution protocols have been proved to be secure, there have been some demonstrations that practical quantum key distribution implementations were hacked due to some real-life imperfections. Among these attacks, detector side channel attacks may be the most serious. Recently, a measurement device independent quantum key distribution protocol [Phys. Rev. Lett. 108 (2012) 130503] was proposed and all detector side channel attacks are removed in this scheme. Here a new security proof based on quantum information theory is given. The eavesdropper's information of the sifted key bits is bounded. Then with this bound, the final secure key bit rate can be obtained.

Quantum cryptography to satellites for global secure key distribution

NASA Astrophysics Data System (ADS)

Rarity, John G.; Gorman, Philip M.; Knight, Paul; Wallace, Kotska; Tapster, Paul R.

2017-11-01

We have designed and built a free space secure key exchange system using weak laser pulses with polarisation modulation by acousto-optic switching. We have used this system to exchange keys over a 1.2km ground range with absolute security. Building from this initial result we analyse the feasibility of exchanging keys to a low earth orbit satellite.

Continuous-variable protocol for oblivious transfer in the noisy-storage model.

PubMed

Furrer, Fabian; Gehring, Tobias; Schaffner, Christian; Pacher, Christoph; Schnabel, Roman; Wehner, Stephanie

2018-04-13

Cryptographic protocols are the backbone of our information society. This includes two-party protocols which offer protection against distrustful players. Such protocols can be built from a basic primitive called oblivious transfer. We present and experimentally demonstrate here a quantum protocol for oblivious transfer for optical continuous-variable systems, and prove its security in the noisy-storage model. This model allows us to establish security by sending more quantum signals than an attacker can reliably store during the protocol. The security proof is based on uncertainty relations which we derive for continuous-variable systems, that differ from the ones used in quantum key distribution. We experimentally demonstrate in a proof-of-principle experiment the proposed oblivious transfer protocol for various channel losses by using entangled two-mode squeezed states measured with balanced homodyne detection. Our work enables the implementation of arbitrary two-party quantum cryptographic protocols with continuous-variable communication systems.

High speed and adaptable error correction for megabit/s rate quantum key distribution.

PubMed

Dixon, A R; Sato, H

2014-12-02

Quantum Key Distribution is moving from its theoretical foundation of unconditional security to rapidly approaching real world installations. A significant part of this move is the orders of magnitude increases in the rate at which secure key bits are distributed. However, these advances have mostly been confined to the physical hardware stage of QKD, with software post-processing often being unable to support the high raw bit rates. In a complete implementation this leads to a bottleneck limiting the final secure key rate of the system unnecessarily. Here we report details of equally high rate error correction which is further adaptable to maximise the secure key rate under a range of different operating conditions. The error correction is implemented both in CPU and GPU using a bi-directional LDPC approach and can provide 90-94% of the ideal secure key rate over all fibre distances from 0-80 km.

High speed and adaptable error correction for megabit/s rate quantum key distribution

PubMed Central

Dixon, A. R.; Sato, H.

2014-01-01

Quantum Key Distribution is moving from its theoretical foundation of unconditional security to rapidly approaching real world installations. A significant part of this move is the orders of magnitude increases in the rate at which secure key bits are distributed. However, these advances have mostly been confined to the physical hardware stage of QKD, with software post-processing often being unable to support the high raw bit rates. In a complete implementation this leads to a bottleneck limiting the final secure key rate of the system unnecessarily. Here we report details of equally high rate error correction which is further adaptable to maximise the secure key rate under a range of different operating conditions. The error correction is implemented both in CPU and GPU using a bi-directional LDPC approach and can provide 90–94% of the ideal secure key rate over all fibre distances from 0–80 km. PMID:25450416

Federal Plan for Cyber Security and Information Assurance Research and Development

DTIC Science & Technology

2006-04-01

Security Systems 103 varieties of the BB84 scheme have been developed, and other forms of quantum key distribution have been proposed. Rapid progress has led... key . Capability Gaps Existing quantum cryptographic protocols may also have weaknesses. Although BB84 is generally regarded as secure , researchers...complement agency-specific prioritization and R&D planning efforts in cyber security and information assurance. The Plan also describes the key Federal

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

PubMed

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

An Anti-Electromagnetic Attack PUF Based on a Configurable Ring Oscillator for Wireless Sensor Networks

PubMed Central

Lu, Zhaojun; Li, Dongfang; Liu, Hailong; Gong, Mingyang; Liu, Zhenglin

2017-01-01

Wireless sensor networks (WSNs) are an emerging technology employed in some crucial applications. However, limited resources and physical exposure to attackers make security a challenging issue for a WSN. Ring oscillator-based physical unclonable function (RO PUF) is a potential option to protect the security of sensor nodes because it is able to generate random responses efficiently for a key extraction mechanism, which prevents the non-volatile memory from storing secret keys. In order to deploy RO PUF in a WSN, hardware efficiency, randomness, uniqueness, and reliability should be taken into account. Besides, the resistance to electromagnetic (EM) analysis attack is important to guarantee the security of RO PUF itself. In this paper, we propose a novel architecture of configurable RO PUF based on exclusive-or (XOR) gates. First, it dramatically increases the hardware efficiency compared with other types of RO PUFs. Second, it mitigates the vulnerability to EM analysis attack by placing the adjacent RO arrays in accordance with the cosine wave and sine wave so that the frequency of each RO cannot be detected. We implement our proposal in XINLINX A-7 field programmable gate arrays (FPGAs) and conduct a set of experiments to evaluate the quality of the responses. The results show that responses pass the National Institute of Standards and Technology (NIST) statistical test and have good uniqueness and reliability under different environments. Therefore, the proposed configurable RO PUF is suitable to establish a key extraction mechanism in a WSN. PMID:28914756

An Anti-Electromagnetic Attack PUF Based on a Configurable Ring Oscillator for Wireless Sensor Networks.

PubMed

Lu, Zhaojun; Li, Dongfang; Liu, Hailong; Gong, Mingyang; Liu, Zhenglin

2017-09-15

Wireless sensor networks (WSNs) are an emerging technology employed in some crucial applications. However, limited resources and physical exposure to attackers make security a challenging issue for a WSN. Ring oscillator-based physical unclonable function (RO PUF) is a potential option to protect the security of sensor nodes because it is able to generate random responses efficiently for a key extraction mechanism, which prevents the non-volatile memory from storing secret keys. In order to deploy RO PUF in a WSN, hardware efficiency, randomness, uniqueness, and reliability should be taken into account. Besides, the resistance to electromagnetic (EM) analysis attack is important to guarantee the security of RO PUF itself. In this paper, we propose a novel architecture of configurable RO PUF based on exclusive-or (XOR) gates. First, it dramatically increases the hardware efficiency compared with other types of RO PUFs. Second, it mitigates the vulnerability to EM analysis attack by placing the adjacent RO arrays in accordance with the cosine wave and sine wave so that the frequency of each RO cannot be detected. We implement our proposal in XINLINX A-7 field programmable gate arrays (FPGAs) and conduct a set of experiments to evaluate the quality of the responses. The results show that responses pass the National Institute of Standards and Technology (NIST) statistical test and have good uniqueness and reliability under different environments. Therefore, the proposed configurable RO PUF is suitable to establish a key extraction mechanism in a WSN.

Distinguishability of quantum states and shannon complexity in quantum cryptography

NASA Astrophysics Data System (ADS)

Arbekov, I. M.; Molotkov, S. N.

2017-07-01

The proof of the security of quantum key distribution is a rather complex problem. Security is defined in terms different from the requirements imposed on keys in classical cryptography. In quantum cryptography, the security of keys is expressed in terms of the closeness of the quantum state of an eavesdropper after key distribution to an ideal quantum state that is uncorrelated to the key of legitimate users. A metric of closeness between two quantum states is given by the trace metric. In classical cryptography, the security of keys is understood in terms of, say, the complexity of key search in the presence of side information. In quantum cryptography, side information for the eavesdropper is given by the whole volume of information on keys obtained from both quantum and classical channels. The fact that the mathematical apparatuses used in the proof of key security in classical and quantum cryptography are essentially different leads to misunderstanding and emotional discussions [1]. Therefore, one should be able to answer the question of how different cryptographic robustness criteria are related to each other. In the present study, it is shown that there is a direct relationship between the security criterion in quantum cryptography, which is based on the trace distance determining the distinguishability of quantum states, and the criterion in classical cryptography, which uses guesswork on the determination of a key in the presence of side information.

SSeCloud: Using secret sharing scheme to secure keys

NASA Astrophysics Data System (ADS)

Hu, Liang; Huang, Yang; Yang, Disheng; Zhang, Yuzhen; Liu, Hengchang

2017-08-01

With the use of cloud storage services, one of the concerns is how to protect sensitive data securely and privately. While users enjoy the convenience of data storage provided by semi-trusted cloud storage providers, they are confronted with all kinds of risks at the same time. In this paper, we present SSeCloud, a secure cloud storage system that improves security and usability by applying secret sharing scheme to secure keys. The system encrypts uploading files on the client side and splits encrypted keys into three shares. Each of them is respectively stored by users, cloud storage providers and the alternative third trusted party. Any two of the parties can reconstruct keys. Evaluation results of prototype system show that SSeCloud provides high security without too much performance penalty.

Authenticated Quantum Key Distribution with Collective Detection using Single Photons

NASA Astrophysics Data System (ADS)

Huang, Wei; Xu, Bing-Jie; Duan, Ji-Tong; Liu, Bin; Su, Qi; He, Yuan-Hang; Jia, Heng-Yue

2016-10-01

We present two authenticated quantum key distribution (AQKD) protocols by utilizing the idea of collective (eavesdropping) detection. One is a two-party AQKD protocol, the other is a multiparty AQKD protocol with star network topology. In these protocols, the classical channels need not be assumed to be authenticated and the single photons are used as the quantum information carriers. To achieve mutual identity authentication and establish a random key in each of the proposed protocols, only one participant should be capable of preparing and measuring single photons, and the main quantum ability that the rest of the participants should have is just performing certain unitary operations. Security analysis shows that these protocols are free from various kinds of attacks, especially the impersonation attack and the man-in-the-middle (MITM) attack.

Multiparty quantum key agreement with single particles

NASA Astrophysics Data System (ADS)

Liu, Bin; Gao, Fei; Huang, Wei; Wen, Qiao-yan

2013-04-01

Two conditions must be satisfied in a secure quantum key agreement (QKA) protocol: (1) outside eavesdroppers cannot gain the generated key without introducing any error; (2) the generated key cannot be determined by any non-trivial subset of the participants. That is, a secure QKA protocol can not only prevent the outside attackers from stealing the key, but also resist the attack from inside participants, i.e. some dishonest participants determine the key alone by illegal means. How to resist participant attack is an aporia in the design of QKA protocols, especially the multi-party ones. In this paper we present the first secure multiparty QKA protocol against both outside and participant attacks. Further more, we have proved its security in detail.

Study on the security of the authentication scheme with key recycling in QKD

NASA Astrophysics Data System (ADS)

Li, Qiong; Zhao, Qiang; Le, Dan; Niu, Xiamu

2016-09-01

In quantum key distribution (QKD), the information theoretically secure authentication is necessary to guarantee the integrity and authenticity of the exchanged information over the classical channel. In order to reduce the key consumption, the authentication scheme with key recycling (KR), in which a secret but fixed hash function is used for multiple messages while each tag is encrypted with a one-time pad (OTP), is preferred in QKD. Based on the assumption that the OTP key is perfect, the security of the authentication scheme has be proved. However, the OTP key of authentication in a practical QKD system is not perfect. How the imperfect OTP affects the security of authentication scheme with KR is analyzed thoroughly in this paper. In a practical QKD, the information of the OTP key resulting from QKD is partially leaked to the adversary. Although the information leakage is usually so little to be neglected, it will lead to the increasing degraded security of the authentication scheme as the system runs continuously. Both our theoretical analysis and simulation results demonstrate that the security level of authentication scheme with KR, mainly indicated by its substitution probability, degrades exponentially in the number of rounds and gradually diminishes to zero.

East African Crisis Response: Shaping Ethiopian Peace Force for Better Participation in Future Peace Operations

DTIC Science & Technology

2006-12-01

security policy and the need for establishment of a single continental army were stressed during the Inaugural Summit of the AU held in Durban...equipment and orientation" as key issues in interoperability within ECOMOG, stressing the need for bilingual language training in the region, as...hexed them as if they were fighting the superhuman. The Ethiopian left no tracks shed no blood and spoke always in an unknown tongue. Lack of

A specialist team of A&E doctors and nurses establish emergency care units in Kosovo.

PubMed

Hodgetts, Lieutenant Colonel Tim; Kenward, Gary

2000-02-01

On June 12, 1999 NATO troops led by British paratroopers of 5 Airborne Brigade entered Kosovo and secured key military sites. This multinational operation (code named 'OP AGRICOLA') was in response to the ethnic cleansing of Kosovo-Albanians, and followed a sustained period of aerial attack in Kosovo and Serbia. The ground operation required substantial medical support, and the British hospital element was provided by 22 Field Hospital RAMC.

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks.

PubMed

Park, YoHan; Park, YoungHo

2016-12-14

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.'s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment.

An Energy Efficient Mutual Authentication and Key Agreement Scheme Preserving Anonymity for Wireless Sensor Networks.

PubMed

Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

2016-06-08

WSNs (Wireless sensor networks) are nowadays viewed as a vital portion of the IoTs (Internet of Things). Security is a significant issue in WSNs, especially in resource-constrained environments. AKA (Authentication and key agreement) enhances the security of WSNs against adversaries attempting to get sensitive sensor data. Various AKA schemes have been developed for verifying the legitimate users of a WSN. Firstly, we scrutinize Amin-Biswas's currently scheme and demonstrate the major security loopholes in their works. Next, we propose a lightweight AKA scheme, using symmetric key cryptography based on smart card, which is resilient against all well known security attacks. Furthermore, we prove the scheme accomplishes mutual handshake and session key agreement property securely between the participates involved under BAN (Burrows, Abadi and Needham) logic. Moreover, formal security analysis and simulations are also conducted using AVISPA(Automated Validation of Internet Security Protocols and Applications) to show that our scheme is secure against active and passive attacks. Additionally, performance analysis shows that our proposed scheme is secure and efficient to apply for resource-constrained WSNs.

An Energy Efficient Mutual Authentication and Key Agreement Scheme Preserving Anonymity for Wireless Sensor Networks

PubMed Central

Lu, Yanrong; Li, Lixiang; Peng, Haipeng; Yang, Yixian

2016-01-01

WSNs (Wireless sensor networks) are nowadays viewed as a vital portion of the IoTs (Internet of Things). Security is a significant issue in WSNs, especially in resource-constrained environments. AKA (Authentication and key agreement) enhances the security of WSNs against adversaries attempting to get sensitive sensor data. Various AKA schemes have been developed for verifying the legitimate users of a WSN. Firstly, we scrutinize Amin-Biswas’s currently scheme and demonstrate the major security loopholes in their works. Next, we propose a lightweight AKA scheme, using symmetric key cryptography based on smart card, which is resilient against all well known security attacks. Furthermore, we prove the scheme accomplishes mutual handshake and session key agreement property securely between the participates involved under BAN (Burrows, Abadi and Needham) logic. Moreover, formal security analysis and simulations are also conducted using AVISPA(Automated Validation of Internet Security Protocols and Applications) to show that our scheme is secure against active and passive attacks. Additionally, performance analysis shows that our proposed scheme is secure and efficient to apply for resource-constrained WSNs. PMID:27338382

Three-Factor User Authentication and Key Agreement Using Elliptic Curve Cryptosystem in Wireless Sensor Networks

PubMed Central

Park, YoHan; Park, YoungHo

2016-01-01

Secure communication is a significant issue in wireless sensor networks. User authentication and key agreement are essential for providing a secure system, especially in user-oriented mobile services. It is also necessary to protect the identity of each individual in wireless environments to avoid personal privacy concerns. Many authentication and key agreement schemes utilize a smart card in addition to a password to support security functionalities. However, these schemes often fail to provide security along with privacy. In 2015, Chang et al. analyzed the security vulnerabilities of previous schemes and presented the two-factor authentication scheme that provided user privacy by using dynamic identities. However, when we cryptanalyzed Chang et al.’s scheme, we found that it does not provide sufficient security for wireless sensor networks and fails to provide accurate password updates. This paper proposes a security-enhanced authentication and key agreement scheme to overcome these security weaknesses using biometric information and an elliptic curve cryptosystem. We analyze the security of the proposed scheme against various attacks and check its viability in the mobile environment. PMID:27983616

Quantum key distribution network for multiple applications

NASA Astrophysics Data System (ADS)

Tajima, A.; Kondoh, T.; Ochi, T.; Fujiwara, M.; Yoshino, K.; Iizuka, H.; Sakamoto, T.; Tomita, A.; Shimamura, E.; Asami, S.; Sasaki, M.

2017-09-01

The fundamental architecture and functions of secure key management in a quantum key distribution (QKD) network with enhanced universal interfaces for smooth key sharing between arbitrary two nodes and enabling multiple secure communication applications are proposed. The proposed architecture consists of three layers: a quantum layer, key management layer and key supply layer. We explain the functions of each layer, the key formats in each layer and the key lifecycle for enabling a practical QKD network. A quantum key distribution-advanced encryption standard (QKD-AES) hybrid system and an encrypted smartphone system were developed as secure communication applications on our QKD network. The validity and usefulness of these systems were demonstrated on the Tokyo QKD Network testbed.

Secure content objects

DOEpatents

Evans, William D [Cupertino, CA

2009-02-24

A secure content object protects electronic documents from unauthorized use. The secure content object includes an encrypted electronic document, a multi-key encryption table having at least one multi-key component, an encrypted header and a user interface device. The encrypted document is encrypted using a document encryption key associated with a multi-key encryption method. The encrypted header includes an encryption marker formed by a random number followed by a derivable variation of the same random number. The user interface device enables a user to input a user authorization. The user authorization is combined with each of the multi-key components in the multi-key encryption key table and used to try to decrypt the encrypted header. If the encryption marker is successfully decrypted, the electronic document may be decrypted. Multiple electronic documents or a document and annotations may be protected by the secure content object.

Information security system based on virtual-optics imaging methodology and public key infrastructure

NASA Astrophysics Data System (ADS)

Peng, Xiang; Zhang, Peng; Cai, Lilong

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks.

PubMed

Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

2015-11-30

Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost.

Implementing Diffie-Hellman key exchange using quantum EPR pairs

NASA Astrophysics Data System (ADS)

Mandal, Sayonnha; Parakh, Abhishek

2015-05-01

This paper implements the concepts of perfect forward secrecy and the Diffie-Hellman key exchange using EPR pairs to establish and share a secret key between two non-authenticated parties and transfer messages between them without the risk of compromise. Current implementations of quantum cryptography are based on the BB84 protocol, which is susceptible to siphoning attacks on the multiple photons emitted by practical laser sources. This makes BB84-based quantum cryptography protocol unsuitable for network computing environments. Diffie-Hellman does not require the two parties to be mutually authenticated to each other, yet it can provide a basis for a number of authenticated protocols, most notably the concept of perfect forward secrecy. The work proposed in this paper provides a new direction in utilizing quantum EPR pairs in quantum key exchange. Although, classical cryptography boasts of efficient and robust protocols like the Diffie-Hellman key exchange, in the current times, with the advent of quantum computing they are very much vulnerable to eavesdropping and cryptanalytic attacks. Using quantum cryptographic principles, however, these classical encryption algorithms show more promise and a more robust and secure structure for applications. The unique properties of quantum EPR pairs also, on the other hand, go a long way in removing attacks like eavesdropping by their inherent nature of one particle of the pair losing its state if a measurement occurs on the other. The concept of perfect forward secrecy is revisited in this paper to attribute tighter security to the proposed protocol.

An Indoor Positioning-Based Mobile Payment System Using Bluetooth Low Energy Technology

PubMed Central

Winata, Doni

2018-01-01

The development of information technology has paved the way for faster and more convenient payment process flows and new methodology for the design and implementation of next generation payment systems. The growth of smartphone usage nowadays has fostered a new and popular mobile payment environment. Most of the current generation smartphones support Bluetooth Low Energy (BLE) technology to communicate with nearby BLE-enabled devices. It is plausible to construct an Over-the-Air BLE-based mobile payment system as one of the payment methods for people living in modern societies. In this paper, a secure indoor positioning-based mobile payment authentication protocol with BLE technology and the corresponding mobile payment system design are proposed. The proposed protocol consists of three phases: initialization phase, session key construction phase, and authentication phase. When a customer moves toward the POS counter area, the proposed mobile payment system will automatically detect the position of the customer to confirm whether the customer is ready for the checkout process. Once the system has identified the customer is standing within the payment-enabled area, the payment system will invoke authentication process between POS and the customer’s smartphone through BLE communication channel to generate a secure session key and establish an authenticated communication session to perform the payment transaction accordingly. A prototype is implemented to assess the performance of the proposed design for mobile payment system. In addition, security analysis is conducted to evaluate the security strength of the proposed protocol. PMID:29587399

An Indoor Positioning-Based Mobile Payment System Using Bluetooth Low Energy Technology.

PubMed

Yohan, Alexander; Lo, Nai-Wei; Winata, Doni

2018-03-25

The development of information technology has paved the way for faster and more convenient payment process flows and new methodology for the design and implementation of next generation payment systems. The growth of smartphone usage nowadays has fostered a new and popular mobile payment environment. Most of the current generation smartphones support Bluetooth Low Energy (BLE) technology to communicate with nearby BLE-enabled devices. It is plausible to construct an Over-the-Air BLE-based mobile payment system as one of the payment methods for people living in modern societies. In this paper, a secure indoor positioning-based mobile payment authentication protocol with BLE technology and the corresponding mobile payment system design are proposed. The proposed protocol consists of three phases: initialization phase, session key construction phase, and authentication phase. When a customer moves toward the POS counter area, the proposed mobile payment system will automatically detect the position of the customer to confirm whether the customer is ready for the checkout process. Once the system has identified the customer is standing within the payment-enabled area, the payment system will invoke authentication process between POS and the customer's smartphone through BLE communication channel to generate a secure session key and establish an authenticated communication session to perform the payment transaction accordingly. A prototype is implemented to assess the performance of the proposed design for mobile payment system. In addition, security analysis is conducted to evaluate the security strength of the proposed protocol.

Randomness determines practical security of BB84 quantum key distribution.

PubMed

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-10

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

Randomness determines practical security of BB84 quantum key distribution

PubMed Central

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-01-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system. PMID:26552359

Randomness determines practical security of BB84 quantum key distribution

NASA Astrophysics Data System (ADS)

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 7 Agriculture 10 2010-01-01 2010-01-01 false Performance security. 1494.401 Section 1494.401... Program Operations § 1494.401 Performance security. (a) Requirement to establish performance security... establish performance security, in a form which is acceptable to CCC, in order to guarantee the eligible...

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 7 Agriculture 10 2011-01-01 2011-01-01 false Performance security. 1494.401 Section 1494.401... Program Operations § 1494.401 Performance security. (a) Requirement to establish performance security... establish performance security, in a form which is acceptable to CCC, in order to guarantee the eligible...

Symmetric Key Services Markup Language (SKSML)

NASA Astrophysics Data System (ADS)

Noor, Arshad

Symmetric Key Services Markup Language (SKSML) is the eXtensible Markup Language (XML) being standardized by the OASIS Enterprise Key Management Infrastructure Technical Committee for requesting and receiving symmetric encryption cryptographic keys within a Symmetric Key Management System (SKMS). This protocol is designed to be used between clients and servers within an Enterprise Key Management Infrastructure (EKMI) to secure data, independent of the application and platform. Building on many security standards such as XML Signature, XML Encryption, Web Services Security and PKI, SKSML provides standards-based capability to allow any application to use symmetric encryption keys, while maintaining centralized control. This article describes the SKSML protocol and its capabilities.

A Scenario-Based Protocol Checker for Public-Key Authentication Scheme

NASA Astrophysics Data System (ADS)

Saito, Takamichi

Security protocol provides communication security for the internet. One of the important features of it is authentication with key exchange. Its correctness is a requirement of the whole of the communication security. In this paper, we introduce three attack models realized as their attack scenarios, and provide an authentication-protocol checker for applying three attack-scenarios based on the models. We also utilize it to check two popular security protocols: Secure SHell (SSH) and Secure Socket Layer/Transport Layer Security (SSL/TLS).

A Low Cost Key Agreement Protocol Based on Binary Tree for EPCglobal Class 1 Generation 2 RFID Protocol

NASA Astrophysics Data System (ADS)

Jeng, Albert; Chang, Li-Chung; Chen, Sheng-Hui

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity and privacy. In practice, the use of RFID technology often has a short lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing a long-term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e. g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e. g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this paper, we propose a new effective generic binary tree based key agreement protocol (called BKAP) and its variations, and show how it can be applied to secure the low cost and resource constraint RFID system. This BKAP is not a general purpose key agreement protocol rather it is a special purpose protocol to protect privacy, un-traceability and anonymity in a single RFID closed system domain.

14 CFR 1203.900 - Establishment.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program Committee § 1203.900 Establishment. Pursuant to Executive Order 12958, “National Security Information,” and the National Aeronautics and Space Act of 1958, as amended, there is established...

14 CFR 1203.900 - Establishment.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION INFORMATION SECURITY PROGRAM NASA Information Security Program Committee § 1203.900 Establishment. Pursuant to Executive Order 12958, “National Security Information,” and the National Aeronautics and Space Act of 1958, as amended, there is established...

Providing integrity, authenticity, and confidentiality for header and pixel data of DICOM images.

PubMed

Al-Haj, Ali

2015-04-01

Exchange of medical images over public networks is subjected to different types of security threats. This has triggered persisting demands for secured telemedicine implementations that will provide confidentiality, authenticity, and integrity for the transmitted images. The medical image exchange standard (DICOM) offers mechanisms to provide confidentiality for the header data of the image but not for the pixel data. On the other hand, it offers mechanisms to achieve authenticity and integrity for the pixel data but not for the header data. In this paper, we propose a crypto-based algorithm that provides confidentially, authenticity, and integrity for the pixel data, as well as for the header data. This is achieved by applying strong cryptographic primitives utilizing internally generated security data, such as encryption keys, hashing codes, and digital signatures. The security data are generated internally from the header and the pixel data, thus a strong bond is established between the DICOM data and the corresponding security data. The proposed algorithm has been evaluated extensively using DICOM images of different modalities. Simulation experiments show that confidentiality, authenticity, and integrity have been achieved as reflected by the results we obtained for normalized correlation, entropy, PSNR, histogram analysis, and robustness.

Secure detection in quantum key distribution by real-time calibration of receiver

NASA Astrophysics Data System (ADS)

Marøy, Øystein; Makarov, Vadim; Skaar, Johannes

2017-12-01

The single-photon detectionefficiency of the detector unit is crucial for the security of common quantum key distribution protocols like Bennett-Brassard 1984 (BB84). A low value for the efficiency indicates a possible eavesdropping attack that exploits the photon receiver’s imperfections. We present a method for estimating the detection efficiency, and calculate the corresponding secure key generation rate. The estimation is done by testing gated detectors using a randomly activated photon source inside the receiver unit. This estimate gives a secure rate for any detector with non-unity single-photon detection efficiency, both inherit or due to blinding. By adding extra optical components to the receiver, we make sure that the key is extracted from photon states for which our estimate is valid. The result is a quantum key distribution scheme that is secure against any attack that exploits detector imperfections.

Quantum key distribution with delayed privacy amplification and its application to the security proof of a two-way deterministic protocol

NASA Astrophysics Data System (ADS)

Fung, Chi-Hang Fred; Ma, Xiongfeng; Chau, H. F.; Cai, Qing-Yu

2012-03-01

Privacy amplification (PA) is an essential postprocessing step in quantum key distribution (QKD) for removing any information an eavesdropper may have on the final secret key. In this paper, we consider delaying PA of the final key after its use in one-time pad encryption and prove its security. We prove that the security and the key generation rate are not affected by delaying PA. Delaying PA has two applications: it serves as a tool for significantly simplifying the security proof of QKD with a two-way quantum channel, and also it is useful in QKD networks with trusted relays. To illustrate the power of the delayed PA idea, we use it to prove the security of a qubit-based two-way deterministic QKD protocol which uses four states and four encoding operations.

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 7 Agriculture 10 2013-01-01 2013-01-01 false Performance security. 1494.401 Section 1494.401... Performance security. (a) Requirement to establish performance security. Prior to the submission of an offer to CCC in response to an Invitation, an eligible exporter must establish performance security, in a...

7 CFR 1494.401 - Performance security.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 7 Agriculture 10 2012-01-01 2012-01-01 false Performance security. 1494.401 Section 1494.401... Performance security. (a) Requirement to establish performance security. Prior to the submission of an offer to CCC in response to an Invitation, an eligible exporter must establish performance security, in a...

Secret-key expansion from covert communication

NASA Astrophysics Data System (ADS)

Arrazola, Juan Miguel; Amiri, Ryan

2018-02-01

Covert communication allows the transmission of messages in such a way that it is not possible for adversaries to detect that the communication is occurring. This provides protection in situations where knowledge that two parties are talking to each other may be incriminating to them. In this work, we study how covert communication can be used for a different purpose: secret key expansion. First, we show that any message transmitted in a secure covert protocol is also secret and therefore unknown to an adversary. We then propose a covert communication protocol where the amount of key consumed in the protocol is smaller than the transmitted key, thus leading to secure secret key expansion. We derive precise conditions for secret key expansion to occur, showing that it is possible when there are sufficiently low levels of noise for a given security level. We conclude by examining how secret key expansion from covert communication can be performed in a computational security model.

Input from Key Stakeholders in the National Security Technology Incubator

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

This report documents the input from key stakeholders of the National Security Technology Incubator (NSTI) in developing a new technology incubator and related programs for southern New Mexico. The technology incubator is being developed as part of the National Security Preparedness Project (NSPP), funded by a Department of Energy (DOE)/National Nuclear Security Administration (NNSA) grant. This report includes identification of key stakeholders as well as a description and analysis of their input for the development of an incubator.

Field test of quantum key distribution in the Tokyo QKD Network.

PubMed

Sasaki, M; Fujiwara, M; Ishizuka, H; Klaus, W; Wakui, K; Takeoka, M; Miki, S; Yamashita, T; Wang, Z; Tanaka, A; Yoshino, K; Nambu, Y; Takahashi, S; Tajima, A; Tomita, A; Domeki, T; Hasegawa, T; Sakai, Y; Kobayashi, H; Asai, T; Shimizu, K; Tokura, T; Tsurumaru, T; Matsui, M; Honjo, T; Tamaki, K; Takesue, H; Tokura, Y; Dynes, J F; Dixon, A R; Sharpe, A W; Yuan, Z L; Shields, A J; Uchikoga, S; Legré, M; Robyr, S; Trinkler, P; Monat, L; Page, J-B; Ribordy, G; Poppe, A; Allacher, A; Maurhart, O; Länger, T; Peev, M; Zeilinger, A

2011-05-23

A secure communication network with quantum key distribution in a metropolitan area is reported. Six different QKD systems are integrated into a mesh-type network. GHz-clocked QKD links enable us to demonstrate the world-first secure TV conferencing over a distance of 45km. The network includes a commercial QKD product for long-term stable operation, and application interface to secure mobile phones. Detection of an eavesdropper, rerouting into a secure path, and key relay via trusted nodes are demonstrated in this network.

On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals

NASA Astrophysics Data System (ADS)

Masi, Massimiliano; Pugliese, Rosario; Tiezzi, Francesco

The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties such as confidentiality, authentication and authorization are the key for the success for these projects. The Integrating the Healthcare Enterprise (IHE) initiative promotes the coordinated use of established standards for authenticated and secure EHR exchanges among clinics and hospitals. In particular, the IHE integration profile named XUA permits to attest user identities by relying on SAML assertions, i.e. XML documents containing authentication statements. In this paper, we provide a formal model for the secure issuance of such an assertion. We first specify the scenario using the process calculus COWS and then analyse it using the model checker CMC. Our analysis reveals a potential flaw in the XUA profile when using a SAML assertion in an unprotected network. We then suggest a solution for this flaw, and model check and implement this solution to show that it is secure and feasible.

[Assessment and early warning of land ecological security in rapidly urbanizing coastal area: A case study of Caofeidian new district, Hebei, China].

PubMed

Zhang, Li; Chen, Ying; Wang, Shu-tao; Men, Ming-xin; Xu, Hao

2015-08-01

Assessment and early warning of land ecological security (LES) in rapidly urbanizing coastal area is an important issue to ensure sustainable land use and effective maintenance of land ecological security. In this study, an index system for the land ecological security of Caofeidian new district was established based on the Pressure-State-Response (P-S-R) model. Initial assessment units of 1 km x 1 km created with the remote sensing data and GIS methods were spatially interpolated to a fine pixel size of 30 m x 30 m, which were combined with the early warning method (using classification tree method) to evaluate the land ecological security of Caofeidian in 2005 and 2013. The early warning level was classed into four categories: security with degradation potential, sub-security with slow degradation, sub-security with rapid degradation, and insecurity. Result indicated that, from 2005 to 2013, the average LES of Caofeidian dropped from 0.55 to 0.52, indicating a degradation of land ecological security from medium security level to medium-low security level. The areas at the levels of insecurity with rapid degradation were mainly located in the rapid urbanization areas, illustrating that rapid expansion of urban construction land was the key factor to the deterioration of the regional land ecological security. Industrial District, Shilihai town and Nanpu saltern, in which the lands at the levels of insecurity and sub-security with rapid degradation or slow degradation accounted for 58.3%, 98.9% and 81.2% of their respective districts, were at the stage of high early warning. Thus, land ecological security regulation for these districts should be strengthened in near future. The study could provide a reference for land use planning and ecological protection of Caofeidian new district.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Coleman, Jody Rustyn; Poland, Richard W.

A system and method for the secure storage and transmission of data is provided. A data aggregate device can be configured to receive secure data from a data source, such as a sensor, and encrypt the secure data using a suitable encryption technique, such as a shared private key technique, a public key encryption technique, a Diffie-Hellman key exchange technique, or other suitable encryption technique. The encrypted secure data can be provided from the data aggregate device to different remote devices over a plurality of segregated or isolated data paths. Each of the isolated data paths can include an optoisolatormore » that is configured to provide one-way transmission of the encrypted secure data from the data aggregate device over the isolated data path. External data can be received through a secure data filter which, by validating the external data, allows for key exchange and other various adjustments from an external source.« less

Continuous-variable measurement-device-independent quantum key distribution: Composable security against coherent attacks

NASA Astrophysics Data System (ADS)

Lupo, Cosmo; Ottaviani, Carlo; Papanastasiou, Panagiotis; Pirandola, Stefano

2018-05-01

We present a rigorous security analysis of continuous-variable measurement-device-independent quantum key distribution (CV MDI QKD) in a finite-size scenario. The security proof is obtained in two steps: by first assessing the security against collective Gaussian attacks, and then extending to the most general class of coherent attacks via the Gaussian de Finetti reduction. Our result combines recent state-of-the-art security proofs for CV QKD with findings about min-entropy calculus and parameter estimation. In doing so, we improve the finite-size estimate of the secret key rate. Our conclusions confirm that CV MDI protocols allow for high rates on the metropolitan scale, and may achieve a nonzero secret key rate against the most general class of coherent attacks after 107-109 quantum signal transmissions, depending on loss and noise, and on the required level of security.

Authenticated sensor interface device

DOE Office of Scientific and Technical Information (OSTI.GOV)

Coleman, Jody Rustyn; Poland, Richard W.

A system and method for the secure storage and transmission of data is provided. A data aggregate device can be configured to receive secure data from a data source, such as a sensor, and encrypt the secure data using a suitable encryption technique, such as a shared private key technique, a public key encryption technique, a Diffie-Hellman key exchange technique, or other suitable encryption technique. The encrypted secure data can be provided from the data aggregate device to different remote devices over a plurality of segregated or isolated data paths. Each of the isolated data paths can include an optoisolatormore » that is configured to provide one-way transmission of the encrypted secure data from the data aggregate device over the isolated data path. External data can be received through a secure data filter which, by validating the external data, allows for key exchange and other various adjustments from an external source.« less

Security of Y-00 and Similar Quantum Cryptographic Protocols

DTIC Science & Technology

2004-11-16

security of Y-00 type protocols is clarified. Key words: Quantum cryptography PACS: 03.67.Dd Anew approach to quantum cryptog- raphy called KCQ, ( keyed ...classical- noise key generation [2] or the well known BB84 quantum protocol [3]. A special case called αη (or Y-00 in Japan) has been experimentally in... quantum noise for typical op- erating parameters. It weakens both the data and key security , possibly information-theoretically and cer- tainly

Key Factors in the Success of an Organization's Information Security Culture: A Quantitative Study and Analysis

ERIC Educational Resources Information Center

Pierce, Robert E.

2012-01-01

This research study reviewed relative literature on information security and information security culture within organizations to determine what factors potentially assist an organization in implementing, integrating, and maintaining a successful organizational information security culture. Based on this review of literature, five key factors were…

Key Management Scheme Based on Route Planning of Mobile Sink in Wireless Sensor Networks.

PubMed

Zhang, Ying; Liang, Jixing; Zheng, Bingxin; Jiang, Shengming; Chen, Wei

2016-01-29

In many wireless sensor network application scenarios the key management scheme with a Mobile Sink (MS) should be fully investigated. This paper proposes a key management scheme based on dynamic clustering and optimal-routing choice of MS. The concept of Traveling Salesman Problem with Neighbor areas (TSPN) in dynamic clustering for data exchange is proposed, and the selection probability is used in MS route planning. The proposed scheme extends static key management to dynamic key management by considering the dynamic clustering and mobility of MSs, which can effectively balance the total energy consumption during the activities. Considering the different resources available to the member nodes and sink node, the session key between cluster head and MS is established by modified an ECC encryption with Diffie-Hellman key exchange (ECDH) algorithm and the session key between member node and cluster head is built with a binary symmetric polynomial. By analyzing the security of data storage, data transfer and the mechanism of dynamic key management, the proposed scheme has more advantages to help improve the resilience of the key management system of the network on the premise of satisfying higher connectivity and storage efficiency.

Practical issues in quantum-key-distribution postprocessing

NASA Astrophysics Data System (ADS)

Fung, Chi-Hang Fred; Ma, Xiongfeng; Chau, H. F.

2010-01-01

Quantum key distribution (QKD) is a secure key generation method between two distant parties by wisely exploiting properties of quantum mechanics. In QKD, experimental measurement outcomes on quantum states are transformed by the two parties to a secret key. This transformation is composed of many logical steps (as guided by security proofs), which together will ultimately determine the length of the final secret key and its security. We detail the procedure for performing such classical postprocessing taking into account practical concerns (including the finite-size effect and authentication and encryption for classical communications). This procedure is directly applicable to realistic QKD experiments and thus serves as a recipe that specifies what postprocessing operations are needed and what the security level is for certain lengths of the keys. Our result is applicable to the BB84 protocol with a single or entangled photon source.

Key Management Schemes for Peer-to-Peer Multimedia Streaming Overlay Networks

NASA Astrophysics Data System (ADS)

Naranjo, J. A. M.; López-Ramos, J. A.; Casado, L. G.

Key distribution for multimedia live streaming peer-to-peer overlay networks is a field still in its childhood stage. A scheme designed for networks of this kind must seek security and efficiency while keeping in mind the following restrictions: limited bandwidth, continuous playing, great audience size and clients churn. This paper introduces two novel schemes that allow a trade-off between security and efficiency by allowing to dynamically vary the number of levels used in the key hierarchy. These changes are motivated by great variations in audience size, and initiated by decision of the Key Server. Additionally, a comparative study of both is presented, focusing on security and audience size. Results show that larger key hierarchies can supply bigger audiences, but offer less security against statistical attacks. The opposite happens for shorter key hierarchies.

Quantum cryptography and applications in the optical fiber network

NASA Astrophysics Data System (ADS)

Luo, Yuhui

2005-09-01

Quantum cryptography, as part of quantum information and communications, can provide absolute security for information transmission because it is established on the fundamental laws of quantum theory, such as the principle of uncertainty, No-cloning theorem and quantum entanglement. In this thesis research, a novel scheme to implement quantum key distribution based on multiphoton entanglement with a new protocol is proposed. Its advantages are: a larger information capacity can be obtained with a longer transmission distance and the detection of multiple photons is easier than that of a single photon. The security and attacks pertaining to such a system are also studied. Next, a quantum key distribution over wavelength division multiplexed (WDM) optical fiber networks is realized. Quantum key distribution in networks is a long-standing problem for practical applications. Here we combine quantum cryptography and WDM to solve this problem because WDM technology is universally deployed in the current and next generation fiber networks. The ultimate target is to deploy quantum key distribution over commercial networks. The problems arising from the networks are also studied in this part. Then quantum key distribution in multi-access networks using wavelength routing technology is investigated in this research. For the first time, quantum cryptography for multiple individually targeted users has been successfully implemented in sharp contrast to that using the indiscriminating broadcasting structure. It overcomes the shortcoming that every user in the network can acquire the quantum key signals intended to be exchanged between only two users. Furthermore, a more efficient scheme of quantum key distribution is adopted, hence resulting in a higher key rate. Lastly, a quantum random number generator based on quantum optics has been experimentally demonstrated. This device is a key component for quantum key distribution as it can create truly random numbers, which is an essential requirement to perform quantum key distribution. This new generator is composed of a single optical fiber coupler with fiber pigtails, which can be easily used in optical fiber communications.

Rules And A Rubric Could Be Used To Assess The Openness Of A Homeland Security Enterprise Social Network

DTIC Science & Technology

2016-12-01

HSE BoK. Rule One —Allow cultural change over time. Using the Mastering Group and the Creating column (six points), the objective would be, “ Design ...is designed to address these topics. This introduction is followed by a literature review to establish some background on the demands for information...relies on key components of large group dynamics. The first is playful creation or a “loose, playful atmosphere and fun at work” that makes wikis

Tomographic quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liang, Yeong Cherng; Kaszlikowski, Dagomir; Englert, Berthold-Georg

2003-08-01

We present a protocol for quantum cryptography in which the data obtained for mismatched bases are used in full for the purpose of quantum state tomography. Eavesdropping on the quantum channel is seriously impeded by requiring that the outcome of the tomography is consistent with unbiased noise in the channel. We study the incoherent eavesdropping attacks that are still permissible and establish under which conditions a secure cryptographic key can be generated. The whole analysis is carried out for channels that transmit quantum systems of any finite dimension.

Experimental quantum key distribution with simulated ground-to-satellite photon losses and processing limitations

NASA Astrophysics Data System (ADS)

Bourgoin, Jean-Philippe; Gigov, Nikolay; Higgins, Brendon L.; Yan, Zhizhong; Meyer-Scott, Evan; Khandani, Amir K.; Lütkenhaus, Norbert; Jennewein, Thomas

2015-11-01

Quantum key distribution (QKD) has the potential to improve communications security by offering cryptographic keys whose security relies on the fundamental properties of quantum physics. The use of a trusted quantum receiver on an orbiting satellite is the most practical near-term solution to the challenge of achieving long-distance (global-scale) QKD, currently limited to a few hundred kilometers on the ground. This scenario presents unique challenges, such as high photon losses and restricted classical data transmission and processing power due to the limitations of a typical satellite platform. Here we demonstrate the feasibility of such a system by implementing a QKD protocol, with optical transmission and full post-processing, in the high-loss regime using minimized computing hardware at the receiver. Employing weak coherent pulses with decoy states, we demonstrate the production of secure key bits at up to 56.5 dB of photon loss. We further illustrate the feasibility of a satellite uplink by generating a secure key while experimentally emulating the varying losses predicted for realistic low-Earth-orbit satellite passes at 600 km altitude. With a 76 MHz source and including finite-size analysis, we extract 3374 bits of a secure key from the best pass. We also illustrate the potential benefit of combining multiple passes together: while one suboptimal "upper-quartile" pass produces no finite-sized key with our source, the combination of three such passes allows us to extract 165 bits of a secure key. Alternatively, we find that by increasing the signal rate to 300 MHz it would be possible to extract 21 570 bits of a secure finite-sized key in just a single upper-quartile pass.

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network

PubMed Central

Yang, Bin; Zhang, Jianfeng

2017-01-01

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme. PMID:28657588

Final report for the Integrated and Robust Security Infrastructure (IRSI) laboratory directed research and development project

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hutchinson, R.L.; Hamilton, V.A.; Istrail, G.G.

1997-11-01

This report describes the results of a Sandia-funded laboratory-directed research and development project titled {open_quotes}Integrated and Robust Security Infrastructure{close_quotes} (IRSI). IRSI was to provide a broad range of commercial-grade security services to any software application. IRSI has two primary goals: application transparency and manageable public key infrastructure. IRSI must provide its security services to any application without the need to modify the application to invoke the security services. Public key mechanisms are well suited for a network with many end users and systems. There are many issues that make it difficult to deploy and manage a public key infrastructure. IRSImore » addressed some of these issues to create a more manageable public key infrastructure.« less

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network.

PubMed

Yang, Bin; Zhang, Jianfeng

2017-06-28

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme.

Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks

PubMed Central

Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

2015-01-01

Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost. PMID:26633396

Physical Unclonable Function Hardware Keys Utilizing Kirchhoff-Law Secure Key Exchange and Noise-Based Logic

NASA Astrophysics Data System (ADS)

Kish, Laszlo B.; Kwan, Chiman

Weak unclonable function (PUF) encryption key means that the manufacturer of the hardware can clone the key but not anybody else. Strong unclonable function (PUF) encryption key means that even the manufacturer of the hardware is unable to clone the key. In this paper, first we introduce an "ultra" strong PUF with intrinsic dynamical randomness, which is not only unclonable but also gets renewed to an independent key (with fresh randomness) during each use via the unconditionally secure key exchange. The solution utilizes the Kirchhoff-law-Johnson-noise (KLJN) method for dynamical key renewal and a one-time-pad secure key for the challenge/response process. The secure key is stored in a flash memory on the chip to provide tamper-resistance and nonvolatile storage with zero power requirements in standby mode. Simplified PUF keys are shown: a strong PUF utilizing KLJN protocol during the first run and noise-based logic (NBL) hyperspace vector string verification method for the challenge/response during the rest of its life or until it is re-initialized. Finally, the simplest PUF utilizes NBL without KLJN thus it can be cloned by the manufacturer but not by anybody else.

Password-only authenticated three-party key exchange with provable security in the standard model.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Distributed generation of shared RSA keys in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Liu, Yi-Liang; Huang, Qin; Shen, Ying

2005-12-01

Mobile Ad Hoc Networks is a totally new concept in which mobile nodes are able to communicate together over wireless links in an independent manner, independent of fixed physical infrastructure and centralized administrative infrastructure. However, the nature of Ad Hoc Networks makes them very vulnerable to security threats. Generation and distribution of shared keys for CA (Certification Authority) is challenging for security solution based on distributed PKI(Public-Key Infrastructure)/CA. The solutions that have been proposed in the literature and some related issues are discussed in this paper. The solution of a distributed generation of shared threshold RSA keys for CA is proposed in the present paper. During the process of creating an RSA private key share, every CA node only has its own private security. Distributed arithmetic is used to create the CA's private share locally, and that the requirement of centralized management institution is eliminated. Based on fully considering the Mobile Ad Hoc network's characteristic of self-organization, it avoids the security hidden trouble that comes by holding an all private security share of CA, with which the security and robustness of system is enhanced.

Hardening Logic Encryption against Key Extraction Attacks with Circuit Camouflage

DTIC Science & Technology

2017-03-01

camouflage; obfuscation; SAT; key extraction; reverse engineering; security; trusted electronics Introduction Integrated Circuit (IC) designs are...Encryption Algorithms”, Hardware Oriented Security and Trust , 2015. 3. Rajendran J., Pino, Y., Sinanoglu, O., Karri, R., “Security Analysis of Logic

An assessment of PKI and networked electronic patient record system: lessons learned from real patient data exchange at the platform of OCHIS (Osaka Community Healthcare Information System).

PubMed

Takeda, Hiroshi; Matsumura, Yasushi; Kuwata, Shigeki; Nakano, Hirohiko; Shanmai, Ji; Qiyan, Zhang; Yufen, Chen; Kusuoka, Hideo; Matsuoka, Masaki

2004-03-31

To enhance medical cooperation between the hospitals and clinics around Osaka local area, the healthcare network system, named Osaka Community Healthcare Information System (OCHIS), was established with support of a supplementary budget from the Japanese government in fiscal year 2002. Although the system has been based on healthcare public key infrastructure (PKI), there remain security issues to be solved technically and operationally. An experimental study was conducted to elucidate the central and the local function in terms of a registration authority and a time stamp authority in contract with the Japanese Medical Information Systems Organization (MEDIS) in 2003. This paper describes the experimental design and the results of the study concerning message security.

Stable operation of a Secure QKD system in the real-world setting

NASA Astrophysics Data System (ADS)

Tomita, Akihisa

2007-06-01

Quantum Key Distribution (QKD) now steps forward from the proof of principle to the validation of the practical feasibility. Nevertheless, the QKD technology should respond to the challenges from the real-world such as stable operation against the fluctuating environment, and security proof under the practical setting. We report our recent progress on stable operation of a QKD system, and key generation with security assurance. A QKD system should robust to temperature fluctuation in a common office environment. We developed a loop-mirror, a substitution of a Faraday mirror, to allow easy compensation for the temperature dependence of the device. Phase locking technique was also employed to synchronize the system clock to the quantum signals. This technique is indispensable for the transmission system based on the installed fiber cables, which stretch and shrink due to the temperature change. The security proof of QKD, however, has assumed the ideal conditions, such as the use of a genuine single photon source and/or unlimited computational resources. It has been highly desirable to give an assurance of security for practical systems, where the ideal conditions are no longer satisfied. We have constructed a theory to estimate the leakage information on the transmitted key under the practically attainable conditions, and have developed a QKD system equipped with software for secure key distillation. The QKD system generates the final key at the rate of 2000 bps after 20 km fiber transmission. Eavesdropper's information on the final key is guaranteed to be less than 2-7 per bit. This is the first successful generation of the secure key with quantitative assurance of the upper bound of the leakage information. It will put forth the realization of highly secure metropolitan optical communication network against any types of eavesdropping.

Phase-encoded measurement device independent quantum key distribution without a shared reference frame

NASA Astrophysics Data System (ADS)

Zhuo-Dan, Zhu; Shang-Hong, Zhao; Chen, Dong; Ying, Sun

2018-07-01

In this paper, a phase-encoded measurement device independent quantum key distribution (MDI-QKD) protocol without a shared reference frame is presented, which can generate secure keys between two parties while the quantum channel or interferometer introduces an unknown and slowly time-varying phase. The corresponding secret key rate and single photons bit error rate is analysed, respectively, with single photons source (SPS) and weak coherent source (WCS), taking finite-key analysis into account. The numerical simulations show that the modified phase-encoded MDI-QKD protocol has apparent superiority both in maximal secure transmission distance and key generation rate while possessing the improved robustness and practical security in the high-speed case. Moreover, the rejection of the frame-calibrating part will intrinsically reduce the consumption of resources as well as the potential security flaws of practical MDI-QKD systems.

Biometrics based key management of double random phase encoding scheme using error control codes

NASA Astrophysics Data System (ADS)

Saini, Nirmala; Sinha, Aloka

2013-08-01

In this paper, an optical security system has been proposed in which key of the double random phase encoding technique is linked to the biometrics of the user to make it user specific. The error in recognition due to the biometric variation is corrected by encoding the key using the BCH code. A user specific shuffling key is used to increase the separation between genuine and impostor Hamming distance distribution. This shuffling key is then further secured using the RSA public key encryption to enhance the security of the system. XOR operation is performed between the encoded key and the feature vector obtained from the biometrics. The RSA encoded shuffling key and the data obtained from the XOR operation are stored into a token. The main advantage of the present technique is that the key retrieval is possible only in the simultaneous presence of the token and the biometrics of the user which not only authenticates the presence of the original input but also secures the key of the system. Computational experiments showed the effectiveness of the proposed technique for key retrieval in the decryption process by using the live biometrics of the user.

Unconditional security proof of a deterministic quantum key distribution with a two-way quantum channel

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lu Hua; Department of Mathematics and Physics, Hubei University of Technology, Wuhan 430068; Fung, Chi-Hang Fred

2011-10-15

In a deterministic quantum key distribution (DQKD) protocol with a two-way quantum channel, Bob sends a qubit to Alice who then encodes a key bit onto the qubit and sends it back to Bob. After measuring the returned qubit, Bob can obtain Alice's key bit immediately, without basis reconciliation. Since an eavesdropper may attack the qubits traveling on either the Bob-Alice channel or the Alice-Bob channel, the security analysis of DQKD protocol with a two-way quantum channel is complicated and its unconditional security has been controversial. This paper presents a security proof of a single-photon four-state DQKD protocol against generalmore » attacks.« less

Public key infrastructure for DOE security research

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aiken, R.; Foster, I.; Johnston, W.E.

This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-keymore » infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.« less

Self-Assembled Resonance Energy Transfer Keys for Secure Communication over Classical Channels.

PubMed

Nellore, Vishwa; Xi, Sam; Dwyer, Chris

2015-12-22

Modern authentication and communication protocols increasingly use physical keys in lieu of conventional software-based keys for security. This shift is primarily driven by the ability to derive a unique, unforgeable signature from a physical key. The sole demonstration of an unforgeable key, thus far, has been through quantum key distribution, which suffers from limited communication distances and expensive infrastructure requirements. Here, we show a method for creating unclonable keys by molecular self-assembly of resonance energy transfer (RET) devices. It is infeasible to clone the RET-key due to the inability to characterize the key using current technology, the large number of input-output combinations per key, and the variation of the key's response with time. However, the manufacturer can produce multiple identical devices, which enables inexpensive, secure authentication and communication over classical channels, and thus any distance. Through a detailed experimental survey of the nanoscale keys, we demonstrate that legitimate users are successfully authenticated 99.48% of the time and the false-positives are only 0.39%, over two attempts. We estimate that a legitimate user would have a computational advantage of more than 10(340) years over an attacker. Our method enables the discovery of physical key based multiparty authentication and communication schemes that are both practical and possess unprecedented security.

Efficient bit sifting scheme of post-processing in quantum key distribution

NASA Astrophysics Data System (ADS)

Li, Qiong; Le, Dan; Wu, Xianyan; Niu, Xiamu; Guo, Hong

2015-10-01

Bit sifting is an important step in the post-processing of quantum key distribution (QKD). Its function is to sift out the undetected original keys. The communication traffic of bit sifting has essential impact on the net secure key rate of a practical QKD system. In this paper, an efficient bit sifting scheme is presented, of which the core is a lossless source coding algorithm. Both theoretical analysis and experimental results demonstrate that the performance of the scheme is approaching the Shannon limit. The proposed scheme can greatly decrease the communication traffic of the post-processing of a QKD system, which means the proposed scheme can decrease the secure key consumption for classical channel authentication and increase the net secure key rate of the QKD system, as demonstrated by analyzing the improvement on the net secure key rate. Meanwhile, some recommendations on the application of the proposed scheme to some representative practical QKD systems are also provided.

Designing and Operating Through Compromise: Architectural Analysis of CKMS for the Advanced Metering Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duren, Mike; Aldridge, Hal; Abercrombie, Robert K

2013-01-01

Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution andmore » management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.« less

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network

PubMed Central

Rajagopalan, S. P.

2017-01-01

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network. PMID:29040290

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

PubMed

Alagarsamy, Sumithra; Rajagopalan, S P

2017-01-01

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

Quantum key distribution with an efficient countermeasure against correlated intensity fluctuations in optical pulses

NASA Astrophysics Data System (ADS)

Yoshino, Ken-ichiro; Fujiwara, Mikio; Nakata, Kensuke; Sumiya, Tatsuya; Sasaki, Toshihiko; Takeoka, Masahiro; Sasaki, Masahide; Tajima, Akio; Koashi, Masato; Tomita, Akihisa

2018-03-01

Quantum key distribution (QKD) allows two distant parties to share secret keys with the proven security even in the presence of an eavesdropper with unbounded computational power. Recently, GHz-clock decoy QKD systems have been realized by employing ultrafast optical communication devices. However, security loopholes of high-speed systems have not been fully explored yet. Here we point out a security loophole at the transmitter of the GHz-clock QKD, which is a common problem in high-speed QKD systems using practical band-width limited devices. We experimentally observe the inter-pulse intensity correlation and modulation pattern-dependent intensity deviation in a practical high-speed QKD system. Such correlation violates the assumption of most security theories. We also provide its countermeasure which does not require significant changes of hardware and can generate keys secure over 100 km fiber transmission. Our countermeasure is simple, effective and applicable to wide range of high-speed QKD systems, and thus paves the way to realize ultrafast and security-certified commercial QKD systems.

An Efficient and Secure Arbitrary N-Party Quantum Key Agreement Protocol Using Bell States

NASA Astrophysics Data System (ADS)

Liu, Wen-Jie; Xu, Yong; Yang, Ching-Nung; Gao, Pei-Pei; Yu, Wen-Bin

2018-01-01

Two quantum key agreement protocols using Bell states and Bell measurement were recently proposed by Shukla et al. (Quantum Inf. Process. 13(11), 2391-2405, 2014). However, Zhu et al. pointed out that there are some security flaws and proposed an improved version (Quantum Inf. Process. 14(11), 4245-4254, 2015). In this study, we will show Zhu et al.'s improvement still exists some security problems, and its efficiency is not high enough. For solving these problems, we utilize four Pauli operations { I, Z, X, Y} to encode two bits instead of the original two operations { I, X} to encode one bit, and then propose an efficient and secure arbitrary N-party quantum key agreement protocol. In the protocol, the channel checking with decoy single photons is introduced to avoid the eavesdropper's flip attack, and a post-measurement mechanism is used to prevent against the collusion attack. The security analysis shows the present protocol can guarantee the correctness, security, privacy and fairness of quantum key agreement.

Experimental realization of equiangular three-state quantum key distribution

PubMed Central

Schiavon, Matteo; Vallone, Giuseppe; Villoresi, Paolo

2016-01-01

Quantum key distribution using three states in equiangular configuration combines a security threshold comparable with the one of the Bennett-Brassard 1984 protocol and a quantum bit error rate (QBER) estimation that does not need to reveal part of the key. We implement an entanglement-based version of the Renes 2004 protocol, using only passive optic elements in a linear scheme for the positive-operator valued measure (POVM), generating an asymptotic secure key rate of more than 10 kbit/s, with a mean QBER of 1.6%. We then demonstrate its security in the case of finite key and evaluate the key rate for both collective and general attacks. PMID:27465643

12 CFR Appendix B to Part 364 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2011 CFR

2011-01-01

... Part 364—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of Customer Information Security Program A. Involve the Board of Directors B. Assess Risk C. Manage and...

Three-factor anonymous authentication and key agreement scheme for Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Nikooghadam, Morteza

2014-12-01

Nowadays, with comprehensive employment of the internet, healthcare delivery services is provided remotely by telecare medicine information systems (TMISs). A secure mechanism for authentication and key agreement is one of the most important security requirements for TMISs. Recently, Tan proposed a user anonymity preserving three-factor authentication scheme for TMIS. The present paper shows that Tan's scheme is vulnerable to replay attacks and Denial-of-Service attacks. In order to overcome these security flaws, a new and efficient three-factor anonymous authentication and key agreement scheme for TMIS is proposed. Security and performance analysis shows superiority of the proposed scheme in comparison with previously proposed schemes that are related to security of TMISs.

Building a highly available and intrusion tolerant Database Security and Protection System (DSPS).

PubMed

Cai, Liang; Yang, Xiao-Hu; Dong, Jin-Xiang

2003-01-01

Database Security and Protection System (DSPS) is a security platform for fighting malicious DBMS. The security and performance are critical to DSPS. The authors suggested a key management scheme by combining the server group structure to improve availability and the key distribution structure needed by proactive security. This paper detailed the implementation of proactive security in DSPS. After thorough performance analysis, the authors concluded that the performance difference between the replicated mechanism and proactive mechanism becomes smaller and smaller with increasing number of concurrent connections; and that proactive security is very useful and practical for large, critical applications.

Digital security technology simplified.

PubMed

Scaglione, Bernard J

2007-01-01

Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

Security of Distributed-Phase-Reference Quantum Key Distribution

NASA Astrophysics Data System (ADS)

Moroder, Tobias; Curty, Marcos; Lim, Charles Ci Wen; Thinh, Le Phuc; Zbinden, Hugo; Gisin, Nicolas

2012-12-01

Distributed-phase-reference quantum key distribution stands out for its easy implementation with present day technology. For many years, a full security proof of these schemes in a realistic setting has been elusive. We solve this long-standing problem and present a generic method to prove the security of such protocols against general attacks. To illustrate our result, we provide lower bounds on the key generation rate of a variant of the coherent-one-way quantum key distribution protocol. In contrast to standard predictions, it appears to scale quadratically with the system transmittance.

Career planning and mentorship: a few key considerations for trainees.

PubMed

Badawy, Sherif M

2017-01-01

Publishing and securing funding are considered our "academic currency", and therefore, both should be emphasized during training, both residency and fellowship. Trainees should make an effort to find funding opportunities at or outside of their institutions and try to identify their short- and long-term goals. Establishing a track record of publications can help trainees get hired, funded, and promoted as junior faculty, and effective networking and mentorship are critical determinants of academic success. Given the positive effects of mentorship, trainees should understand what comprises a good mentor-mentee relationship and how to optimize the mentoring process. The objective of this article is to discuss few key considerations for trainees in residency or fellowship regarding mentorship and career planning in academic medicine.

Secure image retrieval with multiple keys

NASA Astrophysics Data System (ADS)

Liang, Haihua; Zhang, Xinpeng; Wei, Qiuhan; Cheng, Hang

2018-03-01

This article proposes a secure image retrieval scheme under a multiuser scenario. In this scheme, the owner first encrypts and uploads images and their corresponding features to the cloud; then, the user submits the encrypted feature of the query image to the cloud; next, the cloud compares the encrypted features and returns encrypted images with similar content to the user. To find the nearest neighbor in the encrypted features, an encryption with multiple keys is proposed, in which the query feature of each user is encrypted by his/her own key. To improve the key security and space utilization, global optimization and Gaussian distribution are, respectively, employed to generate multiple keys. The experiments show that the proposed encryption can provide effective and secure image retrieval for each user and ensure confidentiality of the query feature of each user.

Entropy uncertainty relations and stability of phase-temporal quantum cryptography with finite-length transmitted strings

DOE Office of Scientific and Technical Information (OSTI.GOV)

Molotkov, S. N., E-mail: sergei.molotkov@gmail.com

2012-12-15

Any key-generation session contains a finite number of quantum-state messages, and it is there-fore important to understand the fundamental restrictions imposed on the minimal length of a string required to obtain a secret key with a specified length. The entropy uncertainty relations for smooth min and max entropies considerably simplify and shorten the proof of security. A proof of security of quantum key distribution with phase-temporal encryption is presented. This protocol provides the maximum critical error compared to other protocols up to which secure key distribution is guaranteed. In addition, unlike other basic protocols (of the BB84 type), which aremore » vulnerable with respect to an attack by 'blinding' of avalanche photodetectors, this protocol is stable with respect to such an attack and guarantees key security.« less

Orthogonal-state-based cryptography in quantum mechanics and local post-quantum theories

NASA Astrophysics Data System (ADS)

Aravinda, S.; Banerjee, Anindita; Pathak, Anirban; Srikanth, R.

2014-02-01

We introduce the concept of cryptographic reduction, in analogy with a similar concept in computational complexity theory. In this framework, class A of crypto-protocols reduces to protocol class B in a scenario X, if for every instance a of A, there is an instance b of B and a secure transformation X that reproduces a given b, such that the security of b guarantees the security of a. Here we employ this reductive framework to study the relationship between security in quantum key distribution (QKD) and quantum secure direct communication (QSDC). We show that replacing the streaming of independent qubits in a QKD scheme by block encoding and transmission (permuting the order of particles block by block) of qubits, we can construct a QSDC scheme. This forms the basis for the block reduction from a QSDC class of protocols to a QKD class of protocols, whereby if the latter is secure, then so is the former. Conversely, given a secure QSDC protocol, we can of course construct a secure QKD scheme by transmitting a random key as the direct message. Then the QKD class of protocols is secure, assuming the security of the QSDC class which it is built from. We refer to this method of deduction of security for this class of QKD protocols, as key reduction. Finally, we propose an orthogonal-state-based deterministic key distribution (KD) protocol which is secure in some local post-quantum theories. Its security arises neither from geographic splitting of a code state nor from Heisenberg uncertainty, but from post-measurement disturbance.

Assessing staff attitudes towards information security in a European healthcare establishment.

PubMed

Furnell, S M; Gaunt, P N; Holben, R F; Sanders, P W; Stockel, C T; Warren, M J

1996-01-01

Information security is now recognized as an important consideration in modern healthcare establishments (HCEs), with a variety of guidelines and standards currently available to enable the environments to be properly protected. However, financial and operational constraints often exist which influence the practicality of these recommendations. This paper establishes that the staff culture of the organization is of particular importance in determining the level and types of security that will be accepted. This culture will be based upon staff awareness of and attitudes towards security and it is, therefore, important to have a clear idea of what these attitudes are. To this end, two surveys have been conducted within a reference environment to establish the attitudes of general users and technical staff, allowing the results to be fed back to HCE management to enable security policy to be appropriately defined. These results indicated that, although the establishment had participated in a European healthcare security initiative, staff attitudes and awareness were still weak in some areas.

78 FR 4365 - Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-22

... 3235-AL12 Capital, Margin, and Segregation Requirements for Security-Based Swap Dealers and Major... public comment to establish capital, margin, and segregation requirements for security-based swap dealers... soliciting comment on proposed rules and rule amendments establishing capital, margin, and segregation...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

12 CFR Appendix B to Part 170 - Interagency Guidelines Establishing Information Security Standards

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security Standards B Appendix B to Part 170 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF... Part 170—Interagency Guidelines Establishing Information Security Standards Table of Contents I... Customer Information A. Information Security Program B. Objectives III. Development and Implementation of...

Enhancement of security using structured phase masked in optical image encryption on Fresnel transform domain

NASA Astrophysics Data System (ADS)

Yadav, Poonam Lata; Singh, Hukum

2018-05-01

To enhance the security in optical image encryption system and to protect it from the attackers, this paper proposes new digital spiral phase mask based on Fresnel Transform. In this cryptosystem the Spiral Phase Mask (SPM) used is a hybrid of Fresnel Zone Plate (FZP) and Radial Hilbert Mask (RHM) which makes the key strong and enhances the security. The different keys used for encryption and decryption purposed make the system much more secure. Proposed scheme uses various structured phase mask which increases the key space also it increases the number of parameters which makes it difficult for the attackers to exactly find the key to recover the original image. We have also used different keys for encryption and decryption purpose to make the system much more secure. The strength of the proposed cryptosystem has been analyzed by simulating on MATLAB 7.9.0(R2008a). Mean Square Errors (MSE) and Peak Signal to Noise Ratio (PSNR) are calculated for the proposed algorithm. The experimental results are provided to highlight the effectiveness and sustainability of proposed cryptosystem and to prove that the cryptosystem is secure for usage.

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

PubMed Central

Nam, Junghyun; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks. PMID:24977229

Experimental quantum key distribution with source flaws

NASA Astrophysics Data System (ADS)

Xu, Feihu; Wei, Kejin; Sajeed, Shihan; Kaiser, Sarah; Sun, Shihai; Tang, Zhiyuan; Qian, Li; Makarov, Vadim; Lo, Hoi-Kwong

2015-09-01

Decoy-state quantum key distribution (QKD) is a standard technique in current quantum cryptographic implementations. Unfortunately, existing experiments have two important drawbacks: the state preparation is assumed to be perfect without errors and the employed security proofs do not fully consider the finite-key effects for general attacks. These two drawbacks mean that existing experiments are not guaranteed to be proven to be secure in practice. Here, we perform an experiment that shows secure QKD with imperfect state preparations over long distances and achieves rigorous finite-key security bounds for decoy-state QKD against coherent attacks in the universally composable framework. We quantify the source flaws experimentally and demonstrate a QKD implementation that is tolerant to channel loss despite the source flaws. Our implementation considers more real-world problems than most previous experiments, and our theory can be applied to general discrete-variable QKD systems. These features constitute a step towards secure QKD with imperfect devices.

Symmetric Link Key Management for Secure Neighbor Discovery in a Decentralized Wireless Sensor Network

DTIC Science & Technology

2017-09-01

and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT...KEY MANAGEMENT FOR SECURE NEIGHBOR DISCOVERY IN A DECENTRALIZED WIRELESS SENSOR NETWORK by Kelvin T. Chew September 2017 Thesis Advisor...DATE September 2017 3. REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SYMMETRIC LINK KEY MANAGEMENT FOR SECURE NEIGHBOR

Modeling, Simulation and Analysis of Public Key Infrastructure

NASA Technical Reports Server (NTRS)

Liu, Yuan-Kwei; Tuey, Richard; Ma, Paul (Technical Monitor)

1998-01-01

Security is an essential part of network communication. The advances in cryptography have provided solutions to many of the network security requirements. Public Key Infrastructure (PKI) is the foundation of the cryptography applications. The main objective of this research is to design a model to simulate a reliable, scalable, manageable, and high-performance public key infrastructure. We build a model to simulate the NASA public key infrastructure by using SimProcess and MatLab Software. The simulation is from top level all the way down to the computation needed for encryption, decryption, digital signature, and secure web server. The application of secure web server could be utilized in wireless communications. The results of the simulation are analyzed and confirmed by using queueing theory.

Measurement-Device-Independent Quantum Key Distribution over 200 km

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Chen, Si-Jing; Liu, Yang; Zhang, Wei-Jun; Jiang, Xiao; Zhang, Lu; Wang, Jian; You, Li-Xing; Guan, Jian-Yu; Yang, Dong-Xu; Wang, Zhen; Liang, Hao; Zhang, Zhen; Zhou, Nan; Ma, Xiongfeng; Chen, Teng-Yun; Zhang, Qiang; Pan, Jian-Wei

2014-11-01

Measurement-device-independent quantum key distribution (MDIQKD) protocol is immune to all attacks on detection and guarantees the information-theoretical security even with imperfect single-photon detectors. Recently, several proof-of-principle demonstrations of MDIQKD have been achieved. Those experiments, although novel, are implemented through limited distance with a key rate less than 0.1 bit /s . Here, by developing a 75 MHz clock rate fully automatic and highly stable system and superconducting nanowire single-photon detectors with detection efficiencies of more than 40%, we extend the secure transmission distance of MDIQKD to 200 km and achieve a secure key rate 3 orders of magnitude higher. These results pave the way towards a quantum network with measurement-device-independent security.

The application of data encryption technology in computer network communication security

NASA Astrophysics Data System (ADS)

Gong, Lina; Zhang, Li; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

2017-04-01

With the rapid development of Intemet and the extensive application of computer technology, the security of information becomes more and more serious, and the information security technology with data encryption technology as the core has also been developed greatly. Data encryption technology not only can encrypt and decrypt data, but also can realize digital signature, authentication and authentication and other functions, thus ensuring the confidentiality, integrity and confirmation of data transmission over the network. In order to improve the security of data in network communication, in this paper, a hybrid encryption system is used to encrypt and decrypt the triple DES algorithm with high security, and the two keys are encrypted with RSA algorithm, thus ensuring the security of the triple DES key and solving the problem of key management; At the same time to realize digital signature using Java security software, to ensure data integrity and non-repudiation. Finally, the data encryption system is developed by Java language. The data encryption system is simple and effective, with good security and practicality.

Intermediate experimental vehicle, ESA program aerodynamics-aerothermodynamics key technologies for spacecraft design and successful flight

NASA Astrophysics Data System (ADS)

Dutheil, Sylvain; Pibarot, Julien; Tran, Dac; Vallee, Jean-Jacques; Tribot, Jean-Pierre

2016-07-01

With the aim of placing Europe among the world's space players in the strategic area of atmospheric re-entry, several studies on experimental vehicle concepts and improvements of critical re-entry technologies have paved the way for the flight of an experimental space craft. The successful flight of the Intermediate eXperimental Vehicle (IXV), under ESA's Future Launchers Preparatory Programme (FLPP), is definitively a significant step forward from the Atmospheric Reentry Demonstrator flight (1998), establishing Europe as a key player in this field. The IXV project objectives were the design, development, manufacture and ground and flight verification of an autonomous European lifting and aerodynamically controlled reentry system, which is highly flexible and maneuverable. The paper presents, the role of aerodynamics aerothermodynamics as part of the key technologies for designing an atmospheric re-entry spacecraft and securing a successful flight.

33 CFR 165.767 - Security Zone; Manbirtee Key, Port of Manatee, Florida.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY REGULATED NAVIGATION AREAS AND LIMITED ACCESS AREAS Specific Regulated Navigation Areas and Limited Access Areas Seventh Coast Guard District § 165.767 Security Zone; Manbirtee Key, Port of Manatee, Florida. (a) Regulated area. The following area...

Long-distance entanglement-based quantum key distribution experiment using practical detectors.

PubMed

Takesue, Hiroki; Harada, Ken-Ichi; Tamaki, Kiyoshi; Fukuda, Hiroshi; Tsuchizawa, Tai; Watanabe, Toshifumi; Yamada, Koji; Itabashi, Sei-Ichi

2010-08-02

We report an entanglement-based quantum key distribution experiment that we performed over 100 km of optical fiber using a practical source and detectors. We used a silicon-based photon-pair source that generated high-purity time-bin entangled photons, and high-speed single photon detectors based on InGaAs/InP avalanche photodiodes with the sinusoidal gating technique. To calculate the secure key rate, we employed a security proof that validated the use of practical detectors. As a result, we confirmed the successful generation of sifted keys over 100 km of optical fiber with a key rate of 4.8 bit/s and an error rate of 9.1%, with which we can distill secure keys with a key rate of 0.15 bit/s.

Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

PubMed Central

Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

2014-01-01

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

Security analysis and improvements of authentication and access control in the Internet of Things.

PubMed

Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

2014-08-13

Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

Final LDRD Report: Using Linkography of Cyber Attack Patterns to Inform Honeytoken Placement.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mitchell, Robert; Jarocki, John Charles; Fisher, Andrew N

The war to establish cyber supremacy continues, and the literature is crowded with strictly technical cyber security measures. We present the results of a three year LDRD project using Linkography, a methodology new to the field of cyber security, we establish the foundation neces- sary to track and profile the microbehavior of humans attacking cyber systems. We also propose ways to leverage this understanding to influence and deceive these attackers. We studied the sci- ence of linkography, applied it to the cyber security domain, implemented a software package to manage linkographs, generated the preprocessing blocks necessary to ingest raw data,more » produced machine learning models, created ontology refinement algorithms and prototyped a web applica- tion for researchers and practitioners to apply linkography. Machine learning produced some of our key results: We trained and validated multinomial classifiers with a real world data set and predicted the attacker's next category of action with 86 to 98% accuracy; dimension reduction techniques indicated that the linkography-based features were among the most powerful. We also discovered ontology refinement algorithms that advanced the state of the art in linkography in general and cyber security in particular. We conclude that linkography is a viable tool for cyber security; we look forward to expanding our work to other data sources and using our prediction results to enable adversary deception techniques. Acknowledgements Thanks to Phil Bennett, Michael Bernard, Jeffrey Bigg, Marshall Daniels, Tyler Dean, David Dug- gan, Carson Kent, Josh Maine, Marci McBride, Nick Peterson, Katie Rodhouse, Asael Sorenson, Roger Suppona, Scott Watson and David Zage. We acknowledge support for this work by the LDRD Program at Sandia National Laboratories. Sandia National Laboratories is a multi-mission laboratory operated by Sandia Corporation for the United States Department of Energy's National Nuclear Security Administration under Contract DE-AC04-94AL85000. This page intentionally left blank.« less

On the security of compressed encryption with partial unitary sensing matrices embedding a secret keystream

NASA Astrophysics Data System (ADS)

Yu, Nam Yul

2017-12-01

The principle of compressed sensing (CS) can be applied in a cryptosystem by providing the notion of security. In this paper, we study the computational security of a CS-based cryptosystem that encrypts a plaintext with a partial unitary sensing matrix embedding a secret keystream. The keystream is obtained by a keystream generator of stream ciphers, where the initial seed becomes the secret key of the CS-based cryptosystem. For security analysis, the total variation distance, bounded by the relative entropy and the Hellinger distance, is examined as a security measure for the indistinguishability. By developing upper bounds on the distance measures, we show that the CS-based cryptosystem can be computationally secure in terms of the indistinguishability, as long as the keystream length for each encryption is sufficiently large with low compression and sparsity ratios. In addition, we consider a potential chosen plaintext attack (CPA) from an adversary, which attempts to recover the key of the CS-based cryptosystem. Associated with the key recovery attack, we show that the computational security of our CS-based cryptosystem is brought by the mathematical intractability of a constrained integer least-squares (ILS) problem. For a sub-optimal, but feasible key recovery attack, we consider a successive approximate maximum-likelihood detection (SAMD) and investigate the performance by developing an upper bound on the success probability. Through theoretical and numerical analyses, we demonstrate that our CS-based cryptosystem can be secure against the key recovery attack through the SAMD.

Secure password-based authenticated key exchange for web services

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liang, Fang; Meder, Samuel; Chevassut, Olivier

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options inmore » the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.« less

Finite-key security analysis of quantum key distribution with imperfect light sources

DOE PAGES

Mizutani, Akihiro; Curty, Marcos; Lim, Charles Ci Wen; ...

2015-09-09

In recent years, the gap between theory and practice in quantum key distribution (QKD) has been significantly narrowed, particularly for QKD systems with arbitrarily flawed optical receivers. The status for QKD systems with imperfect light sources is however less satisfactory, in the sense that the resulting secure key rates are often overly dependent on the quality of state preparation. This is especially the case when the channel loss is high. Very recently, to overcome this limitation, Tamaki et al proposed a QKD protocol based on the so-called 'rejected data analysis', and showed that its security in the limit of infinitelymore » long keys is almost independent of any encoding flaw in the qubit space, being this protocol compatible with the decoy state method. Here, as a step towards practical QKD, we show that a similar conclusion is reached in the finite-key regime, even when the intensity of the light source is unstable. More concretely, we derive security bounds for a wide class of realistic light sources and show that the bounds are also efficient in the presence of high channel loss. Our results strongly suggest the feasibility of long distance provably secure communication with imperfect light sources.« less

Practical challenges in quantum key distribution

DOE PAGES

Diamanti, Eleni; Lo, Hoi -Kwong; Qi, Bing; ...

2016-11-08

Here, quantum key distribution (QKD) promises unconditional security in data communication and is currently being deployed in commercial applications. Nonetheless, before QKD can be widely adopted, it faces a number of important challenges such as secret key rate, distance, size, cost and practical security. Here, we survey those key challenges and the approaches that are currently being taken to address them.

Practical challenges in quantum key distribution

DOE Office of Scientific and Technical Information (OSTI.GOV)

Diamanti, Eleni; Lo, Hoi -Kwong; Qi, Bing

Here, quantum key distribution (QKD) promises unconditional security in data communication and is currently being deployed in commercial applications. Nonetheless, before QKD can be widely adopted, it faces a number of important challenges such as secret key rate, distance, size, cost and practical security. Here, we survey those key challenges and the approaches that are currently being taken to address them.

100 km differential phase shift quantum key distribution experiment with low jitter up-conversion detectors

NASA Astrophysics Data System (ADS)

Diamanti, Eleni; Takesue, Hiroki; Langrock, Carsten; Fejer, M. M.; Yamamoto, Yoshihisa

2006-12-01

We present a quantum key distribution experiment in which keys that were secure against all individual eavesdropping attacks allowed by quantum mechanics were distributed over 100 km of optical fiber. We implemented the differential phase shift quantum key distribution protocol and used low timing jitter 1.55 µm single-photon detectors based on frequency up-conversion in periodically poled lithium niobate waveguides and silicon avalanche photodiodes. Based on the security analysis of the protocol against general individual attacks, we generated secure keys at a practical rate of 166 bit/s over 100 km of fiber. The use of the low jitter detectors also increased the sifted key generation rate to 2 Mbit/s over 10 km of fiber.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

PubMed

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

PubMed Central

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein–Podolsky–Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components. PMID:26514280

Virtual-optical information security system based on public key infrastructure

NASA Astrophysics Data System (ADS)

Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

2005-01-01

A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

On the security of Y-00 under fast correlation and other attacks on the key

NASA Astrophysics Data System (ADS)

Yuen, Horace P.; Nair, Ranjith

2007-04-01

The security of the Y-00 direct encryption protocol under correlation attack is addressed. A Y-00 configuration that is more secure than AES under known-plaintext attack is presented. It is shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any encryption box ENC with proper deliberate signal randomization.

An Extended Chaotic Maps-Based Three-Party Password-Authenticated Key Agreement with User Anonymity

PubMed Central

Lu, Yanrong; Li, Lixiang; Zhang, Hao; Yang, Yixian

2016-01-01

User anonymity is one of the key security features of an authenticated key agreement especially for communicating messages via an insecure network. Owing to the better properties and higher performance of chaotic theory, the chaotic maps have been introduced into the security schemes, and hence numerous key agreement schemes have been put forward under chaotic-maps. Recently, Xie et al. released an enhanced scheme under Farash et al.’s scheme and claimed their improvements could withstand the security loopholes pointed out in the scheme of Farash et al., i.e., resistance to the off-line password guessing and user impersonation attacks. Nevertheless, through our careful analysis, the improvements were released by Xie et al. still could not solve the problems troubled in Farash et al‥ Besides, Xie et al.’s improvements failed to achieve the user anonymity and the session key security. With the purpose of eliminating the security risks of the scheme of Xie et al., we design an anonymous password-based three-party authenticated key agreement under chaotic maps. Both the formal analysis and the formal security verification using AVISPA are presented. Also, BAN logic is used to show the correctness of the enhancements. Furthermore, we also demonstrate that the design thwarts most of the common attacks. We also make a comparison between the recent chaotic-maps based schemes and our enhancements in terms of performance. PMID:27101305

Quantum key distribution with hacking countermeasures and long term field trial.

PubMed

Dixon, A R; Dynes, J F; Lucamarini, M; Fröhlich, B; Sharpe, A W; Plews, A; Tam, W; Yuan, Z L; Tanizawa, Y; Sato, H; Kawamura, S; Fujiwara, M; Sasaki, M; Shields, A J

2017-05-16

Quantum key distribution's (QKD's) central and unique claim is information theoretic security. However there is an increasing understanding that the security of a QKD system relies not only on theoretical security proofs, but also on how closely the physical system matches the theoretical models and prevents attacks due to discrepancies. These side channel or hacking attacks exploit physical devices which do not necessarily behave precisely as the theory expects. As such there is a need for QKD systems to be demonstrated to provide security both in the theoretical and physical implementation. We report here a QKD system designed with this goal in mind, providing a more resilient target against possible hacking attacks including Trojan horse, detector blinding, phase randomisation and photon number splitting attacks. The QKD system was installed into a 45 km link of a metropolitan telecom network for a 2.5 month period, during which time the system operated continuously and distributed 1.33 Tbits of secure key data with a stable secure key rate over 200 kbit/s. In addition security is demonstrated against coherent attacks that are more general than the collective class of attacks usually considered.

Three-pass protocol scheme for bitmap image security by using vernam cipher algorithm

NASA Astrophysics Data System (ADS)

Rachmawati, D.; Budiman, M. A.; Aulya, L.

2018-02-01

Confidentiality, integrity, and efficiency are the crucial aspects of data security. Among the other digital data, image data is too prone to abuse of operation like duplication, modification, etc. There are some data security techniques, one of them is cryptography. The security of Vernam Cipher cryptography algorithm is very dependent on the key exchange process. If the key is leaked, security of this algorithm will collapse. Therefore, a method that minimizes key leakage during the exchange of messages is required. The method which is used, is known as Three-Pass Protocol. This protocol enables message delivery process without the key exchange. Therefore, the sending messages process can reach the receiver safely without fear of key leakage. The system is built by using Java programming language. The materials which are used for system testing are image in size 200×200 pixel, 300×300 pixel, 500×500 pixel, 800×800 pixel and 1000×1000 pixel. The result of experiments showed that Vernam Cipher algorithm in Three-Pass Protocol scheme could restore the original image.

Information Security Scheme Based on Computational Temporal Ghost Imaging.

PubMed

Jiang, Shan; Wang, Yurong; Long, Tao; Meng, Xiangfeng; Yang, Xiulun; Shu, Rong; Sun, Baoqing

2017-08-09

An information security scheme based on computational temporal ghost imaging is proposed. A sequence of independent 2D random binary patterns are used as encryption key to multiply with the 1D data stream. The cipher text is obtained by summing the weighted encryption key. The decryption process can be realized by correlation measurement between the encrypted information and the encryption key. Due to the instinct high-level randomness of the key, the security of this method is greatly guaranteed. The feasibility of this method and robustness against both occlusion and additional noise attacks are discussed with simulation, respectively.

An Improved and Secure Biometric Authentication Scheme for Telecare Medicine Information Systems Based on Elliptic Curve Cryptography.

PubMed

Chaudhry, Shehzad Ashraf; Mahmood, Khalid; Naqvi, Husnain; Khan, Muhammad Khurram

2015-11-01

Telecare medicine information system (TMIS) offers the patients convenient and expedite healthcare services remotely anywhere. Patient security and privacy has emerged as key issues during remote access because of underlying open architecture. An authentication scheme can verify patient's as well as TMIS server's legitimacy during remote healthcare services. To achieve security and privacy a number of authentication schemes have been proposed. Very recently Lu et al. (J. Med. Syst. 39(3):1-8, 2015) proposed a biometric based three factor authentication scheme for TMIS to confiscate the vulnerabilities of Arshad et al.'s (J. Med. Syst. 38(12):136, 2014) scheme. Further, they emphasized the robustness of their scheme against several attacks. However, in this paper we establish that Lu et al.'s scheme is vulnerable to numerous attacks including (1) Patient anonymity violation attack, (2) Patient impersonation attack, and (3) TMIS server impersonation attack. Furthermore, their scheme does not provide patient untraceability. We then, propose an improvement of Lu et al.'s scheme. We have analyzed the security of improved scheme using popular automated tool ProVerif. The proposed scheme while retaining the plusses of Lu et al.'s scheme is also robust against known attacks.

Securing electronic health records with novel mobile encryption schemes.

PubMed

Weerasinghe, Dasun; Elmufti, Kalid; Rajarajan, Muttukrishnan; Rakocevic, Veselin

2007-01-01

Mobile devices have penetrated the healthcare sector due to their increased functionality, low cost, high reliability and easy-to-use nature. However, in healthcare applications the privacy and security of the transmitted information must be preserved. Therefore applications require a concrete security framework based on long-term security keys, such as the security key that can be found in a mobile Subscriber Identity Module (SIM). The wireless nature of communication links in mobile networks presents a major challenge in this respect. This paper presents a novel protocol that will send the information securely while including the access privileges to the authorized recipient.

Key Considerations for Irregular Security Forces in Counterinsurgency

DTIC Science & Technology

2011-06-10

wounded and one slightly. It was decided to move to virgin ground two miles away. The other moves went without a hitch and both Firqats and civilians...using the area for years as a sort of holiday camp for rest and recuperation.‖ 121Sibley, 304. 122Akehurst, 75. ―New positions were established at...Regiment and called ―Hammer.‖ It was almost due north of Raysut and a major blow to the enemy who had been using the area for years as a sort of holiday

Across the Atlantic cooperation to address international challenges in eHealth and health IT: managing toward a common goal.

PubMed

Friedman, Charles P; Iakovidis, Ilias; Debenedetti, Laurent; Lorenzi, Nancy M

2009-11-01

Countries on both sides of the Atlantic Ocean have invested in health information and communication technologies. Since eHealth challenges cross borders a European Union-United States of America conference on public policies relating to health IT and eHealth was held October 20-21, 2008 in Paris, France. The conference was organized around the four themes: (1) privacy and security, (2) health IT interoperability, (3) deployment and adoption of health IT, and (4) Public Private Collaborative Governance. The four key themes framed the discussion over the two days of plenary sessions and workshops. Key findings of the conference were organized along the four themes. (1) Privacy and security: Patients' access to their own data and key elements of a patient identification management framework were discussed. (2) Health IT interoperability: Three significant and common interoperability challenges emerged: (a) the need to establish common or compatible standards and clear guidelines for their implementation, (b) the desirability for shared certification criteria and (c) the need for greater awareness of the importance of interoperability. (3) Deployment and adoption of health IT: Three major areas of need emerged: (a) a shared knowledge base and assessment framework, (b) public-private collaboration and (c) and effective organizational change strategies. (4) Public Private Collaborative Governance: Sharing and communication are central to success in this area. Nations can learn from one another about ways to develop harmonious, effective partnerships. Three areas that were identified as highest priority for collaboration included: (1) health data security, (2) developing effective strategies to ensure healthcare professionals' acceptance of health IT tools, and (3) interoperability.

A Secure Group Communication Architecture for a Swarm of Autonomous Unmanned Aerial Vehicles

DTIC Science & Technology

2008-03-01

members to use the same decryption key. This shared decryption key is called the Session Encryption Key ( SEK ) or Traffic Encryption Key (TEK...Since everyone shares the SEK , members need to hold additional Key Encryption Keys (KEK) that are used to securely distribute the SEK to each valid...managing this process. To preserve the secrecy of the multicast data, the SEK needs to be updated upon certain events such as a member joining and

Continuous variable quantum key distribution: finite-key analysis of composable security against coherent attacks.

PubMed

Furrer, F; Franz, T; Berta, M; Leverrier, A; Scholz, V B; Tomamichel, M; Werner, R F

2012-09-07

We provide a security analysis for continuous variable quantum key distribution protocols based on the transmission of two-mode squeezed vacuum states measured via homodyne detection. We employ a version of the entropic uncertainty relation for smooth entropies to give a lower bound on the number of secret bits which can be extracted from a finite number of runs of the protocol. This bound is valid under general coherent attacks, and gives rise to keys which are composably secure. For comparison, we also give a lower bound valid under the assumption of collective attacks. For both scenarios, we find positive key rates using experimental parameters reachable today.

Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks

PubMed Central

Castillo, Encarnación; López-Ramos, Juan A.; Morales, Diego P.

2018-01-01

Security is a critical challenge for the effective expansion of all new emerging applications in the Internet of Things paradigm. Therefore, it is necessary to define and implement different mechanisms for guaranteeing security and privacy of data interchanged within the multiple wireless sensor networks being part of the Internet of Things. However, in this context, low power and low area are required, limiting the resources available for security and thus hindering the implementation of adequate security protocols. Group keys can save resources and communications bandwidth, but should be combined with public key cryptography to be really secure. In this paper, a compact and unified co-processor for enabling Elliptic Curve Cryptography along to Advanced Encryption Standard with low area requirements and Group-Key support is presented. The designed co-processor allows securing wireless sensor networks with independence of the communications protocols used. With an area occupancy of only 2101 LUTs over Spartan 6 devices from Xilinx, it requires 15% less area while achieving near 490% better performance when compared to cryptoprocessors with similar features in the literature. PMID:29337921

Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks.

PubMed

Parrilla, Luis; Castillo, Encarnación; López-Ramos, Juan A; Álvarez-Bermejo, José A; García, Antonio; Morales, Diego P

2018-01-16

Security is a critical challenge for the effective expansion of all new emerging applications in the Internet of Things paradigm. Therefore, it is necessary to define and implement different mechanisms for guaranteeing security and privacy of data interchanged within the multiple wireless sensor networks being part of the Internet of Things. However, in this context, low power and low area are required, limiting the resources available for security and thus hindering the implementation of adequate security protocols. Group keys can save resources and communications bandwidth, but should be combined with public key cryptography to be really secure. In this paper, a compact and unified co-processor for enabling Elliptic Curve Cryptography along to Advanced Encryption Standard with low area requirements and Group-Key support is presented. The designed co-processor allows securing wireless sensor networks with independence of the communications protocols used. With an area occupancy of only 2101 LUTs over Spartan 6 devices from Xilinx, it requires 15% less area while achieving near 490% better performance when compared to cryptoprocessors with similar features in the literature.

Energy-Efficient Implementation of ECDH Key Exchange for Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Lederer, Christian; Mader, Roland; Koschuch, Manuel; Großschädl, Johann; Szekely, Alexander; Tillich, Stefan

Wireless Sensor Networks (WSNs) are playing a vital role in an ever-growing number of applications ranging from environmental surveillance over medical monitoring to home automation. Since WSNs are often deployed in unattended or even hostile environments, they can be subject to various malicious attacks, including the manipulation and capture of nodes. The establishment of a shared secret key between two or more individual nodes is one of the most important security services needed to guarantee the proper functioning of a sensor network. Despite some recent advances in this field, the efficient implementation of cryptographic key establishment for WSNs remains a challenge due to the resource constraints of small sensor nodes such as the MICAz mote. In this paper we present a lightweight implementation of the elliptic curve Diffie-Hellman (ECDH) key exchange for ZigBee-compliant sensor nodes equipped with an ATmega128 processor running the TinyOS operating system. Our implementation uses a 192-bit prime field specified by the NIST as underlying algebraic structure and requires only 5.20 ·106 clock cycles to compute a scalar multiplication if the base point is fixed and known a priori. A scalar multiplication using a random base point takes about 12.33 ·106 cycles. Our results show that a full ECDH key exchange between two MICAz motes consumes an energy of 57.33 mJ (including radio communication), which is significantly better than most previously reported ECDH implementations on comparable platforms.

Secure Cryptographic Key Management System (CKMS) Considerations for Smart Grid Devices

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Aldridge, Hal

2011-01-01

In this paper, we examine some unique challenges associated with key management in the Smart Grid and concomitant research initiatives: 1) effectively model security requirements and their implementations, and 2) manage keys and key distribution for very large scale deployments such as Smart Meters over a long period of performance. This will set the stage to: 3) develop innovative, low cost methods to protect keying material, and 4) provide high assurance authentication services. We will present our perspective on key management and will discuss some key issues within the life cycle of a cryptographic key designed to achieve the following:more » 1) control systems designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function, and 2) widespread implementation of methods for secure communication between remote access devices and control centers that are scalable and cost-effective to deploy.« less

Unconditional security of quantum key distribution over arbitrarily long distances

PubMed

Lo; Chau

1999-03-26

Quantum key distribution is widely thought to offer unconditional security in communication between two users. Unfortunately, a widely accepted proof of its security in the presence of source, device, and channel noises has been missing. This long-standing problem is solved here by showing that, given fault-tolerant quantum computers, quantum key distribution over an arbitrarily long distance of a realistic noisy channel can be made unconditionally secure. The proof is reduced from a noisy quantum scheme to a noiseless quantum scheme and then from a noiseless quantum scheme to a noiseless classical scheme, which can then be tackled by classical probability theory.

Collective attacks and unconditional security in continuous variable quantum key distribution.

PubMed

Grosshans, Frédéric

2005-01-21

We present here an information theoretic study of Gaussian collective attacks on the continuous variable key distribution protocols based on Gaussian modulation of coherent states. These attacks, overlooked in previous security studies, give a finite advantage to the eavesdropper in the experimentally relevant lossy channel, but are not powerful enough to reduce the range of the reverse reconciliation protocols. Secret key rates are given for the ideal case where Bob performs optimal collective measurements, as well as for the realistic cases where he performs homodyne or heterodyne measurements. We also apply the generic security proof of Christiandl et al. to obtain unconditionally secure rates for these protocols.

78 FR 23969 - Ewan 1, INC. n/k/a AccessKey IP, Inc.; Order of Suspension of Trading

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-23

... SECURITIES AND EXCHANGE COMMISSION [File No. 500-1] Ewan 1, INC. n/k/a AccessKey IP, Inc.; Order of Suspension of Trading April 19, 2013. It appears to the Securities and Exchange Commission that... AccessKey IP, Inc. (``AccessKey'') because it has not filed a periodic report since it filed its...

Tomographic quantum cryptography: equivalence of quantum and classical key distillation.

PubMed

Bruss, Dagmar; Christandl, Matthias; Ekert, Artur; Englert, Berthold-Georg; Kaszlikowski, Dagomir; Macchiavello, Chiara

2003-08-29

The security of a cryptographic key that is generated by communication through a noisy quantum channel relies on the ability to distill a shorter secure key sequence from a longer insecure one. For an important class of protocols, which exploit tomographically complete measurements on entangled pairs of any dimension, we show that the noise threshold for classical advantage distillation is identical with the threshold for quantum entanglement distillation. As a consequence, the two distillation procedures are equivalent: neither offers a security advantage over the other.

Road Map for National Security: Imperative for Change The Phase III Report of the U.S. Commission on National Security/21st Century

DTIC Science & Technology

2001-01-31

before the nation, and to produce organizational competence capable of addressing those problems creatively. The key to our vision is the need for...influence and critical leadership role. We offer recommendations for organizational change in five key areas: ● ensuring the security of the American...homeland; ● recapitalizing America’s strengths in science and education; ● redesigning key institutions of the Executive Branch; ● overhauling the

A Secure Authenticated Key Exchange Protocol for Credential Services

NASA Astrophysics Data System (ADS)

Shin, Seonghan; Kobara, Kazukuni; Imai, Hideki

In this paper, we propose a leakage-resilient and proactive authenticated key exchange (called LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. And we show that the LRP-AKE protocol is provably secure in the random oracle model with the reduction to the computational Difie-Hellman problem. In addition, we discuss about some possible applications of the LRP-AKE protocol.

Security of counterfactual quantum cryptography

NASA Astrophysics Data System (ADS)

Yin, Zhen-Qiang; Li, Hong-Wei; Chen, Wei; Han, Zheng-Fu; Guo, Guang-Can

2010-10-01

Recently, a “counterfactual” quantum-key-distribution scheme was proposed by T.-G. Noh [Phys. Rev. Lett.PRLTAO0031-900710.1103/PhysRevLett.103.230501 103, 230501 (2009)]. In this scheme, two legitimate distant peers may share secret keys even when the information carriers are not traveled in the quantum channel. We find that this protocol is equivalent to an entanglement distillation protocol. According to this equivalence, a strict security proof and the asymptotic key bit rate are both obtained when a perfect single-photon source is applied and a Trojan horse attack can be detected. We also find that the security of this scheme is strongly related to not only the bit error rate but also the yields of photons. And our security proof may shed light on the security of other two-way protocols.

Security of counterfactual quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yin Zhenqiang; Li Hongwei; Chen Wei

2010-10-15

Recently, a 'counterfactual' quantum-key-distribution scheme was proposed by T.-G. Noh [Phys. Rev. Lett. 103, 230501 (2009)]. In this scheme, two legitimate distant peers may share secret keys even when the information carriers are not traveled in the quantum channel. We find that this protocol is equivalent to an entanglement distillation protocol. According to this equivalence, a strict security proof and the asymptotic key bit rate are both obtained when a perfect single-photon source is applied and a Trojan horse attack can be detected. We also find that the security of this scheme is strongly related to not only the bitmore » error rate but also the yields of photons. And our security proof may shed light on the security of other two-way protocols.« less

Quantum cryptography for secure free-space communications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hughes, R.J.; Buttler, W.T.; Kwiat, P.G.

1999-03-01

The secure distribution of the secret random bit sequences known as key material, is an essential precursor to their use for the encryption and decryption of confidential communications. Quantum cryptography is a new technique for secure key distribution with single-photon transmissions: Heisenberg`s uncertainty principle ensures that an adversary can neither successfully tap the key transmissions, nor evade detection (eavesdropping raises the key error rate above a threshold value). The authors have developed experimental quantum cryptography systems based on the transmission of non-orthogonal photon polarization states to generate shared key material over line-of-sight optical links. Key material is built up usingmore » the transmission of a single-photon per bit of an initial secret random sequence. A quantum-mechanically random subset of this sequence is identified, becoming the key material after a data reconciliation stage with the sender. The authors have developed and tested a free-space quantum key distribution (QKD) system over an outdoor optical path of {approximately}1 km at Los Alamos National Laboratory under nighttime conditions. Results show that free-space QKD can provide secure real-time key distribution between parties who have a need to communicate secretly. Finally, they examine the feasibility of surface to satellite QKD.« less

Secure communications using quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hughes, R.J.; Buttler, W.T.; Kwiat, P.G.

1997-08-01

The secure distribution of the secret random bit sequences known as {open_quotes}key{close_quotes} material, is an essential precursor to their use for the encryption and decryption of confidential communications. Quantum cryptography is an emerging technology for secure key distribution with single-photon transmissions, nor evade detection (eavesdropping raises the key error rate above a threshold value). We have developed experimental quantum cryptography systems based on the transmission of non-orthogonal single-photon states to generate shared key material over multi-kilometer optical fiber paths and over line-of-sight links. In both cases, key material is built up using the transmission of a single-photon per bit ofmore » an initial secret random sequence. A quantum-mechanically random subset of this sequence is identified, becoming the key material after a data reconciliation stage with the sender. In our optical fiber experiment we have performed quantum key distribution over 24-km of underground optical fiber using single-photon interference states, demonstrating that secure, real-time key generation over {open_quotes}open{close_quotes} multi-km node-to-node optical fiber communications links is possible. We have also constructed a quantum key distribution system for free-space, line-of-sight transmission using single-photon polarization states, which is currently undergoing laboratory testing. 7 figs.« less

Method and apparatus for free-space quantum key distribution in daylight

DOEpatents

Hughes, Richard J.; Buttler, William T.; Lamoreaux, Steve K.; Morgan, George L.; Nordholt, Jane E.; Peterson, C. Glen; Kwiat, Paul G.

2004-06-08

A quantum cryptography apparatus securely generates a key to be used for secure transmission between a sender and a receiver connected by an atmospheric transmission link. A first laser outputs a timing bright light pulse; other lasers output polarized optical data pulses after having been enabled by a random bit generator. Output optics transmit output light from the lasers that is received by receiving optics. A first beam splitter receives light from the receiving optics, where a received timing bright light pulse is directed to a delay circuit for establishing a timing window for receiving light from the lasers and where an optical data pulse from one of the lasers has a probability of being either transmitted by the beam splitter or reflected by the beam splitter. A first polarizer receives transmitted optical data pulses to output one data bit value and a second polarizer receives reflected optical data pulses to output a second data bit value. A computer receives pulses representing receipt of a timing bright timing pulse and the first and second data bit values, where receipt of the first and second data bit values is indexed by the bright timing pulse.

Provably secure and high-rate quantum key distribution with time-bin qudits

DOE PAGES

Islam, Nurul T.; Lim, Charles Ci Wen; Cahall, Clinton; ...

2017-11-24

The security of conventional cryptography systems is threatened in the forthcoming era of quantum computers. Quantum key distribution (QKD) features fundamentally proven security and offers a promising option for quantum-proof cryptography solution. Although prototype QKD systems over optical fiber have been demonstrated over the years, the key generation rates remain several orders of magnitude lower than current classical communication systems. In an effort toward a commercially viable QKD system with improved key generation rates, we developed a discrete-variable QKD system based on time-bin quantum photonic states that can generate provably secure cryptographic keys at megabit-per-second rates over metropolitan distances. Wemore » use high-dimensional quantum states that transmit more than one secret bit per received photon, alleviating detector saturation effects in the superconducting nanowire single-photon detectors used in our system that feature very high detection efficiency (of more than 70%) and low timing jitter (of less than 40 ps). Our system is constructed using commercial off-the-shelf components, and the adopted protocol can be readily extended to free-space quantum channels. In conclusion, the security analysis adopted to distill the keys ensures that the demonstrated protocol is robust against coherent attacks, finite-size effects, and a broad class of experimental imperfections identified in our system.« less

Provably secure and high-rate quantum key distribution with time-bin qudits

PubMed Central

Islam, Nurul T.; Lim, Charles Ci Wen; Cahall, Clinton; Kim, Jungsang; Gauthier, Daniel J.

2017-01-01

The security of conventional cryptography systems is threatened in the forthcoming era of quantum computers. Quantum key distribution (QKD) features fundamentally proven security and offers a promising option for quantum-proof cryptography solution. Although prototype QKD systems over optical fiber have been demonstrated over the years, the key generation rates remain several orders of magnitude lower than current classical communication systems. In an effort toward a commercially viable QKD system with improved key generation rates, we developed a discrete-variable QKD system based on time-bin quantum photonic states that can generate provably secure cryptographic keys at megabit-per-second rates over metropolitan distances. We use high-dimensional quantum states that transmit more than one secret bit per received photon, alleviating detector saturation effects in the superconducting nanowire single-photon detectors used in our system that feature very high detection efficiency (of more than 70%) and low timing jitter (of less than 40 ps). Our system is constructed using commercial off-the-shelf components, and the adopted protocol can be readily extended to free-space quantum channels. The security analysis adopted to distill the keys ensures that the demonstrated protocol is robust against coherent attacks, finite-size effects, and a broad class of experimental imperfections identified in our system. PMID:29202028

Provably secure and high-rate quantum key distribution with time-bin qudits.

PubMed

Islam, Nurul T; Lim, Charles Ci Wen; Cahall, Clinton; Kim, Jungsang; Gauthier, Daniel J

2017-11-01

The security of conventional cryptography systems is threatened in the forthcoming era of quantum computers. Quantum key distribution (QKD) features fundamentally proven security and offers a promising option for quantum-proof cryptography solution. Although prototype QKD systems over optical fiber have been demonstrated over the years, the key generation rates remain several orders of magnitude lower than current classical communication systems. In an effort toward a commercially viable QKD system with improved key generation rates, we developed a discrete-variable QKD system based on time-bin quantum photonic states that can generate provably secure cryptographic keys at megabit-per-second rates over metropolitan distances. We use high-dimensional quantum states that transmit more than one secret bit per received photon, alleviating detector saturation effects in the superconducting nanowire single-photon detectors used in our system that feature very high detection efficiency (of more than 70%) and low timing jitter (of less than 40 ps). Our system is constructed using commercial off-the-shelf components, and the adopted protocol can be readily extended to free-space quantum channels. The security analysis adopted to distill the keys ensures that the demonstrated protocol is robust against coherent attacks, finite-size effects, and a broad class of experimental imperfections identified in our system.

Provably secure and high-rate quantum key distribution with time-bin qudits

DOE Office of Scientific and Technical Information (OSTI.GOV)

Islam, Nurul T.; Lim, Charles Ci Wen; Cahall, Clinton

The security of conventional cryptography systems is threatened in the forthcoming era of quantum computers. Quantum key distribution (QKD) features fundamentally proven security and offers a promising option for quantum-proof cryptography solution. Although prototype QKD systems over optical fiber have been demonstrated over the years, the key generation rates remain several orders of magnitude lower than current classical communication systems. In an effort toward a commercially viable QKD system with improved key generation rates, we developed a discrete-variable QKD system based on time-bin quantum photonic states that can generate provably secure cryptographic keys at megabit-per-second rates over metropolitan distances. Wemore » use high-dimensional quantum states that transmit more than one secret bit per received photon, alleviating detector saturation effects in the superconducting nanowire single-photon detectors used in our system that feature very high detection efficiency (of more than 70%) and low timing jitter (of less than 40 ps). Our system is constructed using commercial off-the-shelf components, and the adopted protocol can be readily extended to free-space quantum channels. In conclusion, the security analysis adopted to distill the keys ensures that the demonstrated protocol is robust against coherent attacks, finite-size effects, and a broad class of experimental imperfections identified in our system.« less

[Analysis of fundamental chains of family planning systematic engineering in the countryside].

PubMed

Liu, S

1991-02-01

Establishment of a system for old age support in rural areas of China is an important aspect to ensure the success of a family planning (FP) program. The necessity of such a system was examined from the following perspective. 1st, children are sources of old age support due to lack of social security and pension systems in rural areas. This had been the key reason motivating some rural farmers to ignore FP regulations and continue to have children. Unless the livelihood of a rural population is ensured in some way, it is difficult to achieve FP program objectives. 2nd, the increasing life expectancy and declining fertility made the population age process occur rapidly, e.g., the population aged 65 and over will increase from 7% at the end of the century to 17% in the 2030s. Living and health care of the old age population at that time would be an important need for the society. 3rd, changes in family patterns from extended to nuclear families have gradually changed the position of old people in the family which made it unfeasible to rely entirely on children for old age support. Several systems of old age support have been suggested. Government and the community should take responsibility for establishing a social security system. The role of the government will be in educating the public on the importance of social security programs, training professionals to work in these programs, formulating laws and regulations on social security, and supporting a social security system through taxation and welfare programs. The communities may help set up the organizational structure and make financial contributions to the social security system. Insurance companies or commercial banks may set up special coverage or saving programs for old age support. The role of children to support parents would still be important for a certain period of time. The current pilot projects on a rural social security system in 270 countries were an important starting point for helping the rural population to reduce the need for children and to reduce the opposition to family planning programs.

Counterfactual attack on counterfactual quantum key distribution

NASA Astrophysics Data System (ADS)

Zhang, Sheng; Wnang, Jian; Tang, Chao Jing

2012-05-01

It is interesting that counterfactual quantum cryptography protocols allow two remotely separated parties to share a secret key without transmitting any signal particles. Generally, these protocols, expected to provide security advantages, base their security on a translated no-cloning theorem. Therefore, they potentially exhibit unconditional security in theory. In this letter, we propose a new Trojan horse attack, by which an eavesdropper Eve can gain full information about the key without being noticed, to real implementations of a counterfactual quantum cryptography system. Most importantly, the presented attack is available even if the system has negligible imperfections. Therefore, it shows that the present realization of counterfactual quantum key distribution is vulnerable.

Multivariate Cryptography Based on Clipped Hopfield Neural Network.

PubMed

Wang, Jia; Cheng, Lee-Ming; Su, Tong

2018-02-01

Designing secure and efficient multivariate public key cryptosystems [multivariate cryptography (MVC)] to strengthen the security of RSA and ECC in conventional and quantum computational environment continues to be a challenging research in recent years. In this paper, we will describe multivariate public key cryptosystems based on extended Clipped Hopfield Neural Network (CHNN) and implement it using the MVC (CHNN-MVC) framework operated in space. The Diffie-Hellman key exchange algorithm is extended into the matrix field, which illustrates the feasibility of its new applications in both classic and postquantum cryptography. The efficiency and security of our proposed new public key cryptosystem CHNN-MVC are simulated and found to be NP-hard. The proposed algorithm will strengthen multivariate public key cryptosystems and allows hardware realization practicality.

Optimized decoy state QKD for underwater free space communication

NASA Astrophysics Data System (ADS)

Lopes, Minal; Sarwade, Nisha

Quantum cryptography (QC) is envisioned as a solution for global key distribution through fiber optic, free space and underwater optical communication due to its unconditional security. In view of this, this paper investigates underwater free space quantum key distribution (QKD) model for enhanced transmission distance, secret key rates and security. It is reported that secure underwater free space QKD is feasible in the clearest ocean water with the sifted key rates up to 207kbps. This paper extends this work by testing performance of optimized decoy state QKD protocol with underwater free space communication model. The attenuation of photons, quantum bit error rate and the sifted key generation rate of underwater quantum communication is obtained with vector radiative transfer theory and Monte Carlo method. It is observed from the simulations that optimized decoy state QKD evidently enhances the underwater secret key transmission distance as well as secret key rates.

Efficient biometric authenticated key agreements based on extended chaotic maps for telecare medicine information systems.

PubMed

Lou, Der-Chyuan; Lee, Tian-Fu; Lin, Tsung-Hung

2015-05-01

Authenticated key agreements for telecare medicine information systems provide patients, doctors, nurses and health visitors with accessing medical information systems and getting remote services efficiently and conveniently through an open network. In order to have higher security, many authenticated key agreement schemes appended biometric keys to realize identification except for using passwords and smartcards. Due to too many transmissions and computational costs, these authenticated key agreement schemes are inefficient in communication and computation. This investigation develops two secure and efficient authenticated key agreement schemes for telecare medicine information systems by using biometric key and extended chaotic maps. One scheme is synchronization-based, while the other nonce-based. Compared to related approaches, the proposed schemes not only retain the same security properties with previous schemes, but also provide users with privacy protection and have fewer transmissions and lower computational cost.

78 FR 48029 - Improving Chemical Facility Safety and Security

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-07

... responding to risks in chemical facilities (including during pre-inspection, inspection execution, post.... Sec. 2. Establishment of the Chemical Facility Safety and Security Working Group. (a) There is established a Chemical Facility Safety and Security Working Group (Working Group) co-chaired by the Secretary...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2013 CFR

2013-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2014 CFR

2014-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

32 CFR 322.6 - Establishing exemptions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM NATIONAL SECURITY AGENCY/CENTRAL SECURITY SERVICES PRIVACY ACT PROGRAM § 322.6 Establishing... the National Security Agency shall be prohibited to the extent authorized by Pub. L. No. 86-36 (1959...

Unconditional security proof of long-distance continuous-variable quantum key distribution with discrete modulation.

PubMed

Leverrier, Anthony; Grangier, Philippe

2009-05-08

We present a continuous-variable quantum key distribution protocol combining a discrete modulation and reverse reconciliation. This protocol is proven unconditionally secure and allows the distribution of secret keys over long distances, thanks to a reverse reconciliation scheme efficient at very low signal-to-noise ratio.

Logistic Map for Cancellable Biometrics

NASA Astrophysics Data System (ADS)

Supriya, V. G., Dr; Manjunatha, Ramachandra, Dr

2017-08-01

This paper presents design and implementation of secured biometric template protection system by transforming the biometric template using binary chaotic signals and 3 different key streams to obtain another form of template and demonstrating its efficiency by the results and investigating on its security through analysis including, key space analysis, information entropy and key sensitivity analysis.

A noise immunity controlled quantum teleportation protocol

NASA Astrophysics Data System (ADS)

Li, Dong-fen; Wang, Rui-jin; Zhang, Feng-li; Baagyere, Edward; Qin, Zhen; Xiong, Hu; Zhan, Huayi

2016-11-01

With the advent of the Internet and information and communication technology, quantum teleportation has become an important field in information security and its application areas. This is because quantum teleportation has the ability to attain a timely secret information delivery and offers unconditional security. And as such, the field of quantum teleportation has become a hot research topic in recent years. However, noise has serious effect on the safety of quantum teleportation within the aspects of information fidelity, channel capacity and information transfer. Therefore, the main purpose of this paper is to address these problems of quantum teleportation. Firstly, in order to resist collective noise, we construct a decoherence-free subspace under different noise scenarios to establish a two-dimensional fidelity quantum teleportation models. And also create quantum teleportation of multiple degree of freedom, and these models ensure the accuracy and availability of the exchange of information and in multiple degree of freedom. Secondly, for easy preparation, measurement and implementation, we use super dense coding features to build an entangled quantum secret exchange channel. To improve the channel utilization and capacity, an efficient super dense coding method based on ultra-entanglement exchange is used. Thirdly, continuous variables of the controlled quantum key distribution were designed for quantum teleportation; in addition, we perform Bell-basis measurement under the collective noise and also prepare the storage technology of quantum states to achieve one-bit key by three-photon encoding to improve its security and efficiency. We use these two methods because they conceal information, resist a third party attack and can detect eavesdropping. Our proposed methods, according to the security analysis, are able to solve the problems associated with the quantum teleportation under various noise environments.

Extending key sharing: how to generate a key tightly coupled to a network security policy

NASA Astrophysics Data System (ADS)

Kazantzidis, Matheos

2006-04-01

Current state of the art security policy technologies, besides the small scale limitation and largely manual nature of accompanied management methods, are lacking a) in real-timeliness of policy implementation and b) vulnerabilities and inflexibility stemming from the centralized policy decision making; even if, for example, a policy description or access control database is distributed, the actual decision is often a centralized action and forms a system single point of failure. In this paper we are presenting a new fundamental concept that allows implement a security policy by a systematic and efficient key distribution procedure. Specifically, we extend the polynomial Shamir key splitting. According to this, a global key is split into n parts, any k of which can re-construct the original key. In this paper we present a method that instead of having "any k parts" be able to re-construct the original key, the latter can only be reconstructed if keys are combined as any access control policy describes. This leads into an easily deployable key generation procedure that results a single key per entity that "knows" its role in the specific access control policy from which it was derived. The system is considered efficient as it may be used to avoid expensive PKI operations or pairwise key distributions as well as provides superior security due to its distributed nature, the fact that the key is tightly coupled to the policy, and that policy change may be implemented easier and faster.

Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack

NASA Astrophysics Data System (ADS)

Nikolopoulos, Georgios M.

2018-01-01

We consider a recently proposed entity authentication protocol in which a physical unclonable key is interrogated by random coherent states of light, and the quadratures of the scattered light are analyzed by means of a coarse-grained homodyne detection. We derive a sufficient condition for the protocol to be secure against an emulation attack in which an adversary knows the challenge-response properties of the key and moreover, he can access the challenges during the verification. The security analysis relies on Holevo's bound and Fano's inequality, and suggests that the protocol is secure against the emulation attack for a broad range of physical parameters that are within reach of today's technology.

The QKD network: model and routing scheme

NASA Astrophysics Data System (ADS)

Yang, Chao; Zhang, Hongqi; Su, Jinhai

2017-11-01

Quantum key distribution (QKD) technology can establish unconditional secure keys between two communicating parties. Although this technology has some inherent constraints, such as the distance and point-to-point mode limits, building a QKD network with multiple point-to-point QKD devices can overcome these constraints. Considering the development level of current technology, the trust relaying QKD network is the first choice to build a practical QKD network. However, the previous research didn't address a routing method on the trust relaying QKD network in detail. This paper focuses on the routing issues, builds a model of the trust relaying QKD network for easily analysing and understanding this network, and proposes a dynamical routing scheme for this network. From the viewpoint of designing a dynamical routing scheme in classical network, the proposed scheme consists of three components: a Hello protocol helping share the network topology information, a routing algorithm to select a set of suitable paths and establish the routing table and a link state update mechanism helping keep the routing table newly. Experiments and evaluation demonstrates the validity and effectiveness of the proposed routing scheme.

Interagency Biological Restoration Demonstration (IBRD): a collaborative approach to biological incident recovery.

PubMed

Crockett, Katie

2011-09-01

Following the terrorist attacks in 2001, much time and effort has been put toward improving catastrophic incident response. But recovery--the period following initial response that focuses on the long-term viability of the affected area--has received less attention. Recognizing the importance of being able to recover an area following a catastrophic incident, the Department of Defense, through its Defense Threat Reduction Agency (DTRA), and the Department of Homeland Security, through its Science and Technology Directorate (DHS S&T), created the Interagency Biological Restoration Demonstration (IBRD) program. IBRD was a 4-year program jointly managed and funded by DTRA and DHS S&T, the goal of which was to reduce the time and resources necessary to recover a wide urban area from an intentional release of Bacillus anthracis. Specific program objectives included understanding the social, economic, and operational interdependencies that affect recovery; establishing long-term coordination between the Departments of Defense and Homeland Security; developing strategic recovery/restoration plans; identifying and demonstrating technologies that support recovery; and exercising recovery activities and technology solutions. IBRD has made important first steps toward improving national preparedness in the area biological incident recovery. Specifically, IBRD has helped enhance the efficacy and efficiency of recovering large urban areas by developing consequence management guidance; identifying key S&T capabilities and integrating them with planning and guidance documents; and establishing key relationships across the federal interagency, federal-to-regional, civilian-to-military, and public-to-private stakeholders. Upon completion of IBRD in fall 2010, both DTRA and DHS S&T planned follow-on programs.

Security of a semi-quantum protocol where reflections contribute to the secret key

NASA Astrophysics Data System (ADS)

Krawec, Walter O.

2016-05-01

In this paper, we provide a proof of unconditional security for a semi-quantum key distribution protocol introduced in a previous work. This particular protocol demonstrated the possibility of using X basis states to contribute to the raw key of the two users (as opposed to using only direct measurement results) even though a semi-quantum participant cannot directly manipulate such states. In this work, we provide a complete proof of security by deriving a lower bound of the protocol's key rate in the asymptotic scenario. Using this bound, we are able to find an error threshold value such that for all error rates less than this threshold, it is guaranteed that A and B may distill a secure secret key; for error rates larger than this threshold, A and B should abort. We demonstrate that this error threshold compares favorably to several fully quantum protocols. We also comment on some interesting observations about the behavior of this protocol under certain noise scenarios.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

PubMed

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Aviation security : TSA has completed key activities associated with implementing secure flight, but additional actions are needed to mitigate risks.

DOT National Transportation Integrated Search

2009-05-01

To enhance aviation security, the Department of Homeland Securitys (DHS) Transportation Security Administration (TSA) developed a programknown as Secure Flightto assume from air carriers the function of matching passenger information against...

Secure information transmission in filter bank multi-carrier spread spectrum systems

DOE PAGES

Majid, Arslan; Moradi, Hussein; Farhang-Boroujeny, Behrouz

2015-12-17

This report discusses the issue of secure information transmission for a spread-spectrum system, which in our case is Filter-Bank Multi-Carrier spread spectrum (FB-MC SS). We develop a novel method for generating a secret key to augment the security of the spread spectrum system. The proposed key generation takes advantage of the channel reciprocity exhibited between two communicating parties.We validate the key generation aspect of our system by using real-world measurements. It is found that our augmentation of strongest path cancellation (SPC) is shown to be highly effective in our measurement scenarios where the adversary’s key would otherwise be significantly correlatedmore » with the legitimate nodes. Our approach in using the proposed key generation method as a part of FB-MC SS allows for it to be fault tolerant and it is not necessarily limited to FB-MC SS or spread-spectrum system in general. However, the advantage that our approach has in the domain of spread-spectrum security is that it significantly decorrelates the adversary’s key from the authentic parties. This aspect is crucial because if the adversary’s key is similar to the legitamate parties, then the adversary obtains a sizable advantage due to the fault tolerance nature of the developed spread spectrum key.« less

Secure information transmission in filter bank multi-carrier spread spectrum systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Majid, Arslan; Moradi, Hussein; Farhang-Boroujeny, Behrouz

This report discusses the issue of secure information transmission for a spread-spectrum system, which in our case is Filter-Bank Multi-Carrier spread spectrum (FB-MC SS). We develop a novel method for generating a secret key to augment the security of the spread spectrum system. The proposed key generation takes advantage of the channel reciprocity exhibited between two communicating parties.We validate the key generation aspect of our system by using real-world measurements. It is found that our augmentation of strongest path cancellation (SPC) is shown to be highly effective in our measurement scenarios where the adversary’s key would otherwise be significantly correlatedmore » with the legitimate nodes. Our approach in using the proposed key generation method as a part of FB-MC SS allows for it to be fault tolerant and it is not necessarily limited to FB-MC SS or spread-spectrum system in general. However, the advantage that our approach has in the domain of spread-spectrum security is that it significantly decorrelates the adversary’s key from the authentic parties. This aspect is crucial because if the adversary’s key is similar to the legitamate parties, then the adversary obtains a sizable advantage due to the fault tolerance nature of the developed spread spectrum key.« less

An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles

NASA Astrophysics Data System (ADS)

Moriyama, Daisuke; Okamoto, Tatsuaki

This paper presents a (PKI-based) two-pass authenticated key exchange (AKE) protocol that is secure in the extended Canetti-Krawczyk (eCK) security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and relies on no implementation techniques such as a trick by LaMacchia, Lauter and Mityagin (so-called the NAXOS trick). Since an AKE protocol that is eCK-secure under a NAXOS-like implementation trick will be no more eCK-secure if some realistic information leakage occurs through side-channel attacks, it has been an important open problem how to realize an eCK-secure AKE protocol without using the NAXOS tricks (and without random oracles).

75 FR 21689 - Self-Regulatory Organizations; NASDAQ OMX PHLX, Inc.; Order Granting Accelerated Approval of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-26

... To Establish Strike Price Intervals and Trading Hours for Options on Index-Linked Securities April 20... establish strike-price intervals for options on Index-Linked Securities and to establish trading hours for... exchange-traded notes (``ETN'')), Phlx has proposed to establish strike price intervals and trading hours...

Device-independent two-party cryptography secure against sequential attacks

NASA Astrophysics Data System (ADS)

Kaniewski, Jędrzej; Wehner, Stephanie

2016-05-01

The goal of two-party cryptography is to enable two parties, Alice and Bob, to solve common tasks without the need for mutual trust. Examples of such tasks are private access to a database, and secure identification. Quantum communication enables security for all of these problems in the noisy-storage model by sending more signals than the adversary can store in a certain time frame. Here, we initiate the study of device-independent (DI) protocols for two-party cryptography in the noisy-storage model. Specifically, we present a relatively easy to implement protocol for a cryptographic building block known as weak string erasure and prove its security even if the devices used in the protocol are prepared by the dishonest party. DI two-party cryptography is made challenging by the fact that Alice and Bob do not trust each other, which requires new techniques to establish security. We fully analyse the case of memoryless devices (for which sequential attacks are optimal) and the case of sequential attacks for arbitrary devices. The key ingredient of the proof, which might be of independent interest, is an explicit (and tight) relation between the violation of the Clauser-Horne-Shimony-Holt inequality observed by Alice and Bob and uncertainty generated by Alice against Bob who is forced to measure his system before finding out Alice’s setting (guessing with postmeasurement information). In particular, we show that security is possible for arbitrarily small violation.

Hawaii energy strategy project 2: Fossil energy review. Task 2: Fossil energy in Hawaii

DOE Office of Scientific and Technical Information (OSTI.GOV)

Breazeale, K.; Yamaguchi, N.D.; Keeville, H.

1993-12-01

In Task 2, the authors establish a baseline for evaluating energy use in Hawaii, and examine key energy and economic indicators. They provide a detailed look at fossil energy imports by type, current and possible sources of oil, gas and coal, quality considerations, and processing/transformation. They present time series data on petroleum product consumption by end-use sector, though they caution the reader that the data is imperfect. They discuss fuel substitutability to identify those end-use categories that are most easily switched to other fuels. They then define and analyze sequential scenarios of fuel substitution in Hawaii and their impacts onmore » patterns of demand. They also discuss energy security--what it means to Hawaii, what it means to neighboring economies, whether it is possible to achieve energy security. 95 figs., 48 tabs.« less

Establishing end-to-end security in a nationwide network for telecooperation.

PubMed

Staemmler, Martin; Walz, Michael; Weisser, Gerald; Engelmann, Uwe; Weininger, Robert; Ernstberger, Antonio; Sturm, Johannes

2012-01-01

Telecooperation is used to support care for trauma patients by facilitating a mutual exchange of treatment and image data in use-cases such as emergency consultation, second-opinion, transfer, rehabilitation and out-patient aftertreatment. To comply with data protection legislation a two-factor authentication using ownership and knowledge has been implemented to assure personalized access rights. End-to-end security is achieved by symmetric encryption in combination with external trusted services which provide the symmetric key solely at runtime. Telecooperation partners may be chosen at departmental level but only individuals of that department, as a result of checking the organizational assignments maintained by LDAP services, are granted access. Data protection officers of a federal state have accepted the data protection means. The telecooperation platform is in routine operation and designed to serve for up to 800 trauma centers in Germany, organized in more than 50 trauma networks.

Adaptive real time selection for quantum key distribution in lossy and turbulent free-space channels

NASA Astrophysics Data System (ADS)

Vallone, Giuseppe; Marangon, Davide G.; Canale, Matteo; Savorgnan, Ilaria; Bacco, Davide; Barbieri, Mauro; Calimani, Simon; Barbieri, Cesare; Laurenti, Nicola; Villoresi, Paolo

2015-04-01

The unconditional security in the creation of cryptographic keys obtained by quantum key distribution (QKD) protocols will induce a quantum leap in free-space communication privacy in the same way that we are beginning to realize secure optical fiber connections. However, free-space channels, in particular those with long links and the presence of atmospheric turbulence, are affected by losses, fluctuating transmissivity, and background light that impair the conditions for secure QKD. Here we introduce a method to contrast the atmospheric turbulence in QKD experiments. Our adaptive real time selection (ARTS) technique at the receiver is based on the selection of the intervals with higher channel transmissivity. We demonstrate, using data from the Canary Island 143-km free-space link, that conditions with unacceptable average quantum bit error rate which would prevent the generation of a secure key can be used once parsed according to the instantaneous scintillation using the ARTS technique.

Quantum key distribution with an unknown and untrusted source

NASA Astrophysics Data System (ADS)

Zhao, Yi; Qi, Bing; Lo, Hoi-Kwong

2008-05-01

The security of a standard bidirectional “plug-and-play” quantum key distribution (QKD) system has been an open question for a long time. This is mainly because its source is equivalently controlled by an eavesdropper, which means the source is unknown and untrusted. Qualitative discussion on this subject has been made previously. In this paper, we solve this question directly by presenting the quantitative security analysis on a general class of QKD protocols whose sources are unknown and untrusted. The securities of standard Bennett-Brassard 1984 protocol, weak+vacuum decoy state protocol, and one-decoy state protocol, with unknown and untrusted sources are rigorously proved. We derive rigorous lower bounds to the secure key generation rates of the above three protocols. Our numerical simulation results show that QKD with an untrusted source gives a key generation rate that is close to that with a trusted source.

10 CFR 1016.23 - Establishment of security areas.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 4 2010-01-01 2010-01-01 false Establishment of security areas. 1016.23 Section 1016.23 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016... safeguard documents and material containing Restricted Data in accordance with the provisions of §§ 1016.21...

10 CFR 1016.23 - Establishment of security areas.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 4 2011-01-01 2011-01-01 false Establishment of security areas. 1016.23 Section 1016.23 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016... safeguard documents and material containing Restricted Data in accordance with the provisions of §§ 1016.21...

One-time pad, complexity of verification of keys, and practical security of quantum cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Molotkov, S. N., E-mail: sergei.molotkov@gmail.com

2016-11-15

A direct relation between the complexity of the complete verification of keys, which is one of the main criteria of security in classical systems, and a trace distance used in quantum cryptography is demonstrated. Bounds for the minimum and maximum numbers of verification steps required to determine the actual key are obtained.

Efficient security mechanisms for mHealth applications using wireless body sensor networks.

PubMed

Sahoo, Prasan Kumar

2012-01-01

Recent technological advances in wireless communications and physiological sensing allow miniature, lightweight, ultra-low power, intelligent monitoring devices, which can be integrated into a Wireless Body Sensor Network (WBSN) for health monitoring. Physiological signals of humans such as heartbeats, temperature and pulse can be monitored from a distant location using tiny biomedical wireless sensors. Hence, it is highly essential to combine the ubiquitous computing with mobile health technology using wireless sensors and smart phones to monitor the well-being of chronic patients such as cardiac, Parkinson and epilepsy patients. Since physiological data of a patient are highly sensitive, maintaining its confidentiality is highly essential. Hence, security is a vital research issue in mobile health (mHealth) applications, especially if a patient has an embarrassing disease. In this paper a three tier security architecture for the mHealth application is proposed, in which light weight data confidentiality and authentication protocols are proposed to maintain the privacy of a patient. Moreover, considering the energy and hardware constraints of the wireless body sensors, low complexity data confidential and authentication schemes are designed. Performance evaluation of the proposed architecture shows that they can satisfy the energy and hardware limitations of the sensors and still can maintain the secure fabrics of the wireless body sensor networks. Besides, the proposed schemes can outperform in terms of energy consumption, memory usage and computation time over standard key establishment security scheme.

Efficient Security Mechanisms for mHealth Applications Using Wireless Body Sensor Networks

PubMed Central

Sahoo, Prasan Kumar

2012-01-01

Recent technological advances in wireless communications and physiological sensing allow miniature, lightweight, ultra-low power, intelligent monitoring devices, which can be integrated into a Wireless Body Sensor Network (WBSN) for health monitoring. Physiological signals of humans such as heartbeats, temperature and pulse can be monitored from a distant location using tiny biomedical wireless sensors. Hence, it is highly essential to combine the ubiquitous computing with mobile health technology using wireless sensors and smart phones to monitor the well-being of chronic patients such as cardiac, Parkinson and epilepsy patients. Since physiological data of a patient are highly sensitive, maintaining its confidentiality is highly essential. Hence, security is a vital research issue in mobile health (mHealth) applications, especially if a patient has an embarrassing disease. In this paper a three tier security architecture for the mHealth application is proposed, in which light weight data confidentiality and authentication protocols are proposed to maintain the privacy of a patient. Moreover, considering the energy and hardware constraints of the wireless body sensors, low complexity data confidential and authentication schemes are designed. Performance evaluation of the proposed architecture shows that they can satisfy the energy and hardware limitations of the sensors and still can maintain the secure fabrics of the wireless body sensor networks. Besides, the proposed schemes can outperform in terms of energy consumption, memory usage and computation time over standard key establishment security scheme. PMID:23112734

Secure remote synchronization and secure key distribution in electro-optic networks revealed by symmetries

NASA Astrophysics Data System (ADS)

Xu, Mingfeng; Pan, Wei; Zhang, Liyue

2018-07-01

Despite the intuition that synchronization of different nodes in coupled oscillator networks results from information exchange between them, it has recently been shown that remote nodes could be partially synchronous even when they are separated by intermediately unsynchronized nodes. Here based on electro-optic system, we report on a more stronger form of such synchronization pattern that is termed as secure remote synchronization, in which two remotely separated nodes could have identically synchronized dynamical behaviors while the rest of the network are both statistically and information-theoretically incoherent relative to the two synchronized nodes. The generalized form of mirror symmetry in the network structure is identified to be a key mechanism allowing for secure remote synchronization. Moreover, this synchronization mode is robust against a wild range of system parameters and noise perturbing the intermediary dynamics. The lack of information about the synchronized dynamics in the rest of the network suggests that our results could potentially lead to network-based solutions for secure key distribution and secure communication.

Management of the Defense Technology Security Administration Year 2000 Program

DTIC Science & Technology

1998-11-03

caller is fully protected Acronyms DTSA Defense Technology Security Administration Y2K Year 2000 INSPECTOR GENERAL DEPARTMENT OF DEFENSE 400 ARMY NAVY...accordance with the DoD Management Plan Defense Technology Security Administration. The Defense Technology Security Administration ( DTSA ) was established...in 1985 as a field activity of the Office of the Secretary of Defense By establishing DTSA , the DoD role in export controls was centralized and

Practical Quantum Private Database Queries Based on Passive Round-Robin Differential Phase-shift Quantum Key Distribution.

PubMed

Li, Jian; Yang, Yu-Guang; Chen, Xiu-Bo; Zhou, Yi-Hua; Shi, Wei-Min

2016-08-19

A novel quantum private database query protocol is proposed, based on passive round-robin differential phase-shift quantum key distribution. Compared with previous quantum private database query protocols, the present protocol has the following unique merits: (i) the user Alice can obtain one and only one key bit so that both the efficiency and security of the present protocol can be ensured, and (ii) it does not require to change the length difference of the two arms in a Mach-Zehnder interferometer and just chooses two pulses passively to interfere with so that it is much simpler and more practical. The present protocol is also proved to be secure in terms of the user security and database security.

Composable security proof for continuous-variable quantum key distribution with coherent States.

PubMed

Leverrier, Anthony

2015-02-20

We give the first composable security proof for continuous-variable quantum key distribution with coherent states against collective attacks. Crucially, in the limit of large blocks the secret key rate converges to the usual value computed from the Holevo bound. Combining our proof with either the de Finetti theorem or the postselection technique then shows the security of the protocol against general attacks, thereby confirming the long-standing conjecture that Gaussian attacks are optimal asymptotically in the composable security framework. We expect that our parameter estimation procedure, which does not rely on any assumption about the quantum state being measured, will find applications elsewhere, for instance, for the reliable quantification of continuous-variable entanglement in finite-size settings.

KeySlinger and StarSlinger: Secure Key Exchange and Encrypted File Transfer on Smartphones

DTIC Science & Technology

2011-05-01

format data to exchange because contact information can be exported to V- Cards using existing APIs. For these reasons it was chosen as the medium to... Card format allows customization of this field. The service provider field serves to identify the app the key is for and the username field stores the...public key data. A sample V- Card field looks like Listing 1 below. IMPP;TextSecure

Secure ADS-B authentication system and method

NASA Technical Reports Server (NTRS)

Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

2010-01-01

A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

A fast key generation method based on dynamic biometrics to secure wireless body sensor networks for p-health.

PubMed

Zhang, G H; Poon, Carmen C Y; Zhang, Y T

2010-01-01

Body sensor networks (BSNs) have emerged as a new technology for healthcare applications, but the security of communication in BSNs remains a formidable challenge yet to be resolved. The paper discusses the typical attacks faced by BSNs and proposes a fast biometric based approach to generate keys for ensuing confidentiality and authentication in BSN communications. The approach was tested on 900 segments of electrocardiogram. Each segment was 4 seconds long and used to generate a 128-bit key. The results of the study found that entropy of 96% of the keys were above 0.95 and 99% of the hamming distances calculated from any two keys were above 50 bits. Based on the randomness and distinctiveness of these keys, it is concluded that the fast biometric based approach has great potential to be used to secure communication in BSNs for health applications.

Triple symmetric key cryptosystem for data security

NASA Astrophysics Data System (ADS)

Fuzail, C. Md; Norman, Jasmine; Mangayarkarasi, R.

2017-11-01

As the technology is getting spreads in the macro seconds of speed and in which the trend changing era from human to robotics the security issue is also getting increased. By means of using machine attacks it is very easy to break the cryptosystems in very less amount of time. Cryptosystem is a process which provides the security in all sorts of processes, communications and transactions to be done securely with the help of electronical mechanisms. Data is one such thing with the expanded implication and possible scraps over the collection of data to secure predominance and achievement, Information Security is the process where the information is protected from invalid and unverified accessibilities and data from mishandling. So the idea of Information Security has risen. Symmetric key which is also known as private key.Whereas the private key is mostly used to attain the confidentiality of data. It is a dynamic topic which can be implemented over different applications like android, wireless censor networks, etc. In this paper, a new mathematical manipulation algorithm along with Tea cryptosystem has been implemented and it can be used for the purpose of cryptography. The algorithm which we proposed is straightforward and more powerful and it will authenticate in harder way and also it will be very difficult to break by someone without knowing in depth about its internal mechanisms.

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

PubMed

Sanchez-Iborra, Ramon; Sánchez-Gómez, Jesús; Pérez, Salvador; Fernández, Pedro J; Santa, José; Hernández-Ramos, José L; Skarmeta, Antonio F

2018-06-05

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

32 CFR 2001.71 - Coverage.

Code of Federal Regulations, 2010 CFR

2010-07-01

..., specialized training, and termination briefings. This subpart establishes fundamental security education and... authorities, security managers, classification management officers, security specialists, and all other.... Classification management officers, security managers, security specialists, declassification authorities, and...

Mali and Nigeria Should be Established as Key Regional Partners of the United States to Further Mutual Interests for Ensuring Long-Term Security and Stability in the Sahel Region

DTIC Science & Technology

2016-06-10

7. PERFORMING ORGANIZATION NAME( S ) AND ADDRESS(ES) U.S. Army Command and General Staff College ATTN: ATZL-SWD-GD Fort Leavenworth, KS 66027-2301...AND STABILITY IN THE SAHEL REGION A thesis presented to the Faculty of the U.S. Army Command and General Staff College in partial...5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR( S ) Bekaye Samake, MAJ 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER

Deterministic and efficient quantum cryptography based on Bell's theorem

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen Zengbing; Pan Jianwei; Physikalisches Institut, Universitaet Heidelberg, Philosophenweg 12, 69120 Heidelberg

2006-05-15

We propose a double-entanglement-based quantum cryptography protocol that is both efficient and deterministic. The proposal uses photon pairs with entanglement both in polarization and in time degrees of freedom; each measurement in which both of the two communicating parties register a photon can establish one and only one perfect correlation, and thus deterministically create a key bit. Eavesdropping can be detected by violation of local realism. A variation of the protocol shows a higher security, similar to the six-state protocol, under individual attacks. Our scheme allows a robust implementation under the current technology.

26 CFR 1.884-5 - Qualified resident.

Code of Federal Regulations, 2014 CFR

2014-04-01

... established securities market (within the meaning of paragraph (d) of this section) in that country or the... securities market (within the meaning of paragraph (d) of this section) in the United States; (D) A not-for... class of stock is listed on an established securities market in the United States or in the country of...

26 CFR 1.884-5 - Qualified resident.

Code of Federal Regulations, 2013 CFR

2013-04-01

... established securities market (within the meaning of paragraph (d) of this section) in that country or the... securities market (within the meaning of paragraph (d) of this section) in the United States; (D) A not-for... class of stock is listed on an established securities market in the United States or in the country of...

26 CFR 1.884-5 - Qualified resident.

Code of Federal Regulations, 2012 CFR

2012-04-01

... established securities market (within the meaning of paragraph (d) of this section) in that country or the... securities market (within the meaning of paragraph (d) of this section) in the United States; (D) A not-for... class of stock is listed on an established securities market in the United States or in the country of...

33 CFR 103.300 - Area Maritime Security (AMS) Committee.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Area Maritime Security (AMS... SECURITY MARITIME SECURITY MARITIME SECURITY: AREA MARITIME SECURITY Area Maritime Security (AMS) Committee § 103.300 Area Maritime Security (AMS) Committee. (a) The AMS Committee is established under the...

Key Considerations of Community, Scalability, Supportability, Security, and Functionality in Selecting Open-Source Software in California Universities as Perceived by Technology Leaders

ERIC Educational Resources Information Center

Britton, Todd Alan

2014-01-01

Purpose: The purpose of this study was to examine the key considerations of community, scalability, supportability, security, and functionality for selecting open-source software in California universities as perceived by technology leaders. Methods: After a review of the cogent literature, the key conceptual framework categories were identified…

E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks

PubMed Central

Kumar, Pardeep; Lee, Sang-Gon; Lee, Hoon-Jae

2012-01-01

A wireless medical sensor network (WMSN) can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs. PMID:22438729

E-SAP: efficient-strong authentication protocol for healthcare applications using wireless medical sensor networks.

PubMed

Kumar, Pardeep; Lee, Sang-Gon; Lee, Hoon-Jae

2012-01-01

A wireless medical sensor network (WMSN) can sense humans' physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals' hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients' medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.

Implementation of a Wireless Time Distribution Testbed Protected with Quantum Key Distribution

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bonior, Jason D; Evans, Philip G; Sheets, Gregory S

2017-01-01

Secure time transfer is critical for many timesensitive applications. the Global Positioning System (GPS) which is often used for this purpose has been shown to be susceptible to spoofing attacks. Quantum Key Distribution offers a way to securely generate encryption keys at two locations. Through careful use of this information it is possible to create a system that is more resistant to spoofing attacks. In this paper we describe our work to create a testbed which utilizes QKD and traditional RF links. This testbed will be used for the development of more secure and spoofing resistant time distribution protocols.

A new image encryption algorithm based on the fractional-order hyperchaotic Lorenz system

NASA Astrophysics Data System (ADS)

Wang, Zhen; Huang, Xia; Li, Yu-Xia; Song, Xiao-Na

2013-01-01

We propose a new image encryption algorithm on the basis of the fractional-order hyperchaotic Lorenz system. While in the process of generating a key stream, the system parameters and the derivative order are embedded in the proposed algorithm to enhance the security. Such an algorithm is detailed in terms of security analyses, including correlation analysis, information entropy analysis, run statistic analysis, mean-variance gray value analysis, and key sensitivity analysis. The experimental results demonstrate that the proposed image encryption scheme has the advantages of large key space and high security for practical image encryption.

Generalized Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange system using arbitrary resistors.

PubMed

Vadai, Gergely; Mingesz, Robert; Gingl, Zoltan

2015-09-03

The Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange system has been introduced as a simple, very low cost and efficient classical physical alternative to quantum key distribution systems. The ideal system uses only a few electronic components-identical resistor pairs, switches and interconnecting wires-in order to guarantee perfectly protected data transmission. We show that a generalized KLJN system can provide unconditional security even if it is used with significantly less limitations. The more universal conditions ease practical realizations considerably and support more robust protection against attacks. Our theoretical results are confirmed by numerical simulations.

Securing Wireless Communications of the Internet of Things from the Physical Layer, An Overview

NASA Astrophysics Data System (ADS)

Zhang, Junqing; Duong, Trung; Woods, Roger; Marshall, Alan

2017-08-01

The security of the Internet of Things (IoT) is receiving considerable interest as the low power constraints and complexity features of many IoT devices are limiting the use of conventional cryptographic techniques. This article provides an overview of recent research efforts on alternative approaches for securing IoT wireless communications at the physical layer, specifically the key topics of key generation and physical layer encryption. These schemes can be implemented and are lightweight, and thus offer practical solutions for providing effective IoT wireless security. Future research to make IoT-based physical layer security more robust and pervasive is also covered.

Development of protected endorsement for online banking using mobile phones

NASA Astrophysics Data System (ADS)

Narayana, Galla; Venkateswarlu, Tammineni; Kumar, G. S. P.; Padmavathamma, Mokkala; Sreekanth, G.; Delhibabu, K.; Prasad, A. R.

2013-03-01

Securing Online Banking transactions for customer is the primary goal of financial institutions that provides Internet banking facility. Mobile phones play an important role in our society as more and more functions having been integrated within mobile phones, such as Internet browsing, mobile banking, and shopping. Mobiles phones can be used to secure ATM card pins by sending to the customer directly rather than in emails or by other means which has a possibility of hacking. In this paper we have proposed method of generating a Private Key Security Token by bank authentication servers which uses IMSI registers and IMEI number of client's mobile registered. The key is generated by implementing RIPE MD160 and Hex Encode Algorithm. Token received is valid only for that client mobile only and can be generated upon request by customer dynamically. The client is given a PIN and a Master Key when registered to the Online Banking Services. If in case a client's mobile is lost, authentication is done using Unique Master Key, else the Private Key Token is used there by making transactions secured and simple without the need of carrying any USB Tokens. The additional functionality provides the client more security on their transactions. Due to this Phishing attacks by the hackers is avoided.

Experimental Demonstration of Counterfactual Quantum Communication

NASA Astrophysics Data System (ADS)

Liu, Yang; Ju, Lei; Liang, Xiao-Lei; Tang, Shi-Biao; Tu, Guo-Liang Shen; Zhou, Lei; Peng, Cheng-Zhi; Chen, Kai; Chen, Teng-Yun; Chen, Zeng-Bing; Pan, Jian-Wei

2012-07-01

Quantum effects, besides offering substantial superiority in many tasks over classical methods, are also expected to provide interesting ways to establish secret keys between remote parties. A striking scheme called “counterfactual quantum cryptography” proposed by Noh [Phys. Rev. Lett. 103, 230501 (2009).PRLTAO0031-900710.1103/PhysRevLett.103.230501] allows one to maintain secure key distributions, in which particles carrying secret information are seemingly not being transmitted through quantum channels. We have experimentally demonstrated, for the first time, a faithful implementation for such a scheme with an on-table realization operating at telecom wavelengths. To verify its feasibility for extension over a long distance, we have furthermore reported an illustration on a 1 km fiber. In both cases, high visibilities of more than 98% are achieved through active stabilization of interferometers. Our demonstration is crucial as a direct verification of such a remarkable application, and this procedure can become a key communication module for revealing fundamental physics through counterfactuals.

Changes to Quantum Cryptography

NASA Astrophysics Data System (ADS)

Sakai, Yasuyuki; Tanaka, Hidema

Quantum cryptography has become a subject of widespread interest. In particular, quantum key distribution, which provides a secure key agreement by using quantum systems, is believed to be the most important application of quantum cryptography. Quantum key distribution has the potential to achieve the “unconditionally” secure infrastructure. We also have many cryptographic tools that are based on “modern cryptography” at the present time. They are being used in an effort to guarantee secure communication over open networks such as the Internet. Unfortunately, their ultimate efficacy is in doubt. Quantum key distribution systems are believed to be close to practical and commercial use. In this paper, we discuss what we should do to apply quantum cryptography to our communications. We also discuss how quantum key distribution can be combined with or used to replace cryptographic tools based on modern cryptography.

Hacking on decoy-state quantum key distribution system with partial phase randomization

NASA Astrophysics Data System (ADS)

Sun, Shi-Hai; Jiang, Mu-Sheng; Ma, Xiang-Chun; Li, Chun-Yan; Liang, Lin-Mei

2014-04-01

Quantum key distribution (QKD) provides means for unconditional secure key transmission between two distant parties. However, in practical implementations, it suffers from quantum hacking due to device imperfections. Here we propose a hybrid measurement attack, with only linear optics, homodyne detection, and single photon detection, to the widely used vacuum + weak decoy state QKD system when the phase of source is partially randomized. Our analysis shows that, in some parameter regimes, the proposed attack would result in an entanglement breaking channel but still be able to trick the legitimate users to believe they have transmitted secure keys. That is, the eavesdropper is able to steal all the key information without discovered by the users. Thus, our proposal reveals that partial phase randomization is not sufficient to guarantee the security of phase-encoding QKD systems with weak coherent states.

Hacking on decoy-state quantum key distribution system with partial phase randomization.

PubMed

Sun, Shi-Hai; Jiang, Mu-Sheng; Ma, Xiang-Chun; Li, Chun-Yan; Liang, Lin-Mei

2014-04-23

Quantum key distribution (QKD) provides means for unconditional secure key transmission between two distant parties. However, in practical implementations, it suffers from quantum hacking due to device imperfections. Here we propose a hybrid measurement attack, with only linear optics, homodyne detection, and single photon detection, to the widely used vacuum + weak decoy state QKD system when the phase of source is partially randomized. Our analysis shows that, in some parameter regimes, the proposed attack would result in an entanglement breaking channel but still be able to trick the legitimate users to believe they have transmitted secure keys. That is, the eavesdropper is able to steal all the key information without discovered by the users. Thus, our proposal reveals that partial phase randomization is not sufficient to guarantee the security of phase-encoding QKD systems with weak coherent states.

Practical Quantum Cryptography for Secure Free-Space Communications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Buttler, W.T.; Hughes, R.J.; Kwiat, P.G.

1999-02-01

Quantum cryptography is an emerging technology in which two parties may simultaneously generate shared, secret cryptographic key material using the transmission of quantum states of light. The security of these transmissions is based on the inviolability of the laws of quantum mechanics and information-theoretically secure post-processing methods. An adversary can neither successfully tap the quantum transmissions, nor evade detection, owing to Heisenberg's uncertainty principle. In this paper we describe the theory of quantum cryptography, and the most recent results from our experimental free-space system with which we have demonstrated for the first time the feasibility of quantum key generation overmore » a point-to-point outdoor atmospheric path in daylight. We achieved a transmission distance of 0.5 km, which was limited only by the length of the test range. Our results provide strong evidence that cryptographic key material could be generated on demand between a ground station and a satellite (or between two satellites), allowing a satellite to be securely re-keyed on orbit. We present a feasibility analysis of surface-to-satellite quantum key generation.« less

Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

NASA Astrophysics Data System (ADS)

Bui, Francis Minhthang; Hatzinakos, Dimitrios

2007-12-01

As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN), which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1) a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2) a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG) signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

Remote software upload techniques in future vehicles and their performance analysis

NASA Astrophysics Data System (ADS)

Hossain, Irina

Updating software in vehicle Electronic Control Units (ECUs) will become a mandatory requirement for a variety of reasons, for examples, to update/fix functionality of an existing system, add new functionality, remove software bugs and to cope up with ITS infrastructure. Software modules of advanced vehicles can be updated using Remote Software Upload (RSU) technique. The RSU employs infrastructure-based wireless communication technique where the software supplier sends the software to the targeted vehicle via a roadside Base Station (BS). However, security is critically important in RSU to avoid any disasters due to malfunctions of the vehicle or to protect the proprietary algorithms from hackers, competitors or people with malicious intent. In this thesis, a mechanism of secure software upload in advanced vehicles is presented which employs mutual authentication of the software provider and the vehicle using a pre-shared authentication key before sending the software. The software packets are sent encrypted with a secret key along with the Message Digest (MD). In order to increase the security level, it is proposed the vehicle to receive more than one copy of the software along with the MD in each copy. The vehicle will install the new software only when it receives more than one identical copies of the software. In order to validate the proposition, analytical expressions of average number of packet transmissions for successful software update is determined. Different cases are investigated depending on the vehicle's buffer size and verification methods. The analytical and simulation results show that it is sufficient to send two copies of the software to the vehicle to thwart any security attack while uploading the software. The above mentioned unicast method for RSU is suitable when software needs to be uploaded to a single vehicle. Since multicasting is the most efficient method of group communication, updating software in an ECU of a large number of vehicles could benefit from it. However, like the unicast RSU, the security requirements of multicast communication, i.e., authenticity, confidentiality and integrity of the software transmitted and access control of the group members is challenging. In this thesis, an infrastructure-based mobile multicasting for RSU in vehicle ECUs is proposed where an ECU receives the software from a remote software distribution center using the road side BSs as gateways. The Vehicular Software Distribution Network (VSDN) is divided into small regions administered by a Regional Group Manager (RGM). Two multicast Group Key Management (GKM) techniques are proposed based on the degree of trust on the BSs named Fully-trusted (FT) and Semi-trusted (ST) systems. Analytical models are developed to find the multicast session establishment latency and handover latency for these two protocols. The average latency to perform mutual authentication of the software vendor and a vehicle, and to send the multicast session key by the software provider during multicast session initialization, and the handoff latency during multicast session is calculated. Analytical and simulation results show that the link establishment latency per vehicle of our proposed schemes is in the range of few seconds and the ST system requires few ms higher time than the FT system. The handoff latency is also in the range of few seconds and in some cases ST system requires less handoff time than the FT system. Thus, it is possible to build an efficient GKM protocol without putting too much trust on the BSs.

Experimental Measurement-Device-Independent Quantum Key Distribution

NASA Astrophysics Data System (ADS)

Liu, Yang; Chen, Teng-Yun; Wang, Liu-Jun; Liang, Hao; Shentu, Guo-Liang; Wang, Jian; Cui, Ke; Yin, Hua-Lei; Liu, Nai-Le; Li, Li; Ma, Xiongfeng; Pelc, Jason S.; Fejer, M. M.; Peng, Cheng-Zhi; Zhang, Qiang; Pan, Jian-Wei

2013-09-01

Quantum key distribution is proven to offer unconditional security in communication between two remote users with ideal source and detection. Unfortunately, ideal devices never exist in practice and device imperfections have become the targets of various attacks. By developing up-conversion single-photon detectors with high efficiency and low noise, we faithfully demonstrate the measurement-device-independent quantum-key-distribution protocol, which is immune to all hacking strategies on detection. Meanwhile, we employ the decoy-state method to defend attacks on a nonideal source. By assuming a trusted source scenario, our practical system, which generates more than a 25 kbit secure key over a 50 km fiber link, serves as a stepping stone in the quest for unconditionally secure communications with realistic devices.

Experimental measurement-device-independent quantum key distribution.

PubMed

Liu, Yang; Chen, Teng-Yun; Wang, Liu-Jun; Liang, Hao; Shentu, Guo-Liang; Wang, Jian; Cui, Ke; Yin, Hua-Lei; Liu, Nai-Le; Li, Li; Ma, Xiongfeng; Pelc, Jason S; Fejer, M M; Peng, Cheng-Zhi; Zhang, Qiang; Pan, Jian-Wei

2013-09-27

Quantum key distribution is proven to offer unconditional security in communication between two remote users with ideal source and detection. Unfortunately, ideal devices never exist in practice and device imperfections have become the targets of various attacks. By developing up-conversion single-photon detectors with high efficiency and low noise, we faithfully demonstrate the measurement-device-independent quantum-key-distribution protocol, which is immune to all hacking strategies on detection. Meanwhile, we employ the decoy-state method to defend attacks on a nonideal source. By assuming a trusted source scenario, our practical system, which generates more than a 25 kbit secure key over a 50 km fiber link, serves as a stepping stone in the quest for unconditionally secure communications with realistic devices.

Authenticated multi-user quantum key distribution with single particles

NASA Astrophysics Data System (ADS)

Lin, Song; Wang, Hui; Guo, Gong-De; Ye, Guo-Hua; Du, Hong-Zhen; Liu, Xiao-Fen

2016-03-01

Quantum key distribution (QKD) has been growing rapidly in recent years and becomes one of the hottest issues in quantum information science. During the implementation of QKD on a network, identity authentication has been one main problem. In this paper, an efficient authenticated multi-user quantum key distribution (MQKD) protocol with single particles is proposed. In this protocol, any two users on a quantum network can perform mutual authentication and share a secure session key with the assistance of a semi-honest center. Meanwhile, the particles, which are used as quantum information carriers, are not required to be stored, therefore the proposed protocol is feasible with current technology. Finally, security analysis shows that this protocol is secure in theory.

Quantum cryptography over underground optical fibers

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hughes, R.J.; Luther, G.G.; Morgan, G.L.

1996-05-01

Quantum cryptography is an emerging technology in which two parties may simultaneously generated shared, secret cryptographic key material using the transmission of quantum states of light whose security is based on the inviolability of the laws of quantum mechanics. An adversary can neither successfully tap the key transmissions, nor evade detection, owing to Heisenberg`s uncertainty principle. In this paper the authors describe the theory of quantum cryptography, and the most recent results from their experimental system with which they are generating key material over 14-km of underground optical fiber. These results show that optical-fiber based quantum cryptography could allow secure,more » real-time key generation over ``open`` multi-km node-to-node optical fiber communications links between secure ``islands.``« less

A study of the security technology and a new security model for WiFi network

NASA Astrophysics Data System (ADS)

Huang, Jing

2013-07-01

The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

Practical Quantum Private Database Queries Based on Passive Round-Robin Differential Phase-shift Quantum Key Distribution

PubMed Central

Li, Jian; Yang, Yu-Guang; Chen, Xiu-Bo; Zhou, Yi-Hua; Shi, Wei-Min

2016-01-01

A novel quantum private database query protocol is proposed, based on passive round-robin differential phase-shift quantum key distribution. Compared with previous quantum private database query protocols, the present protocol has the following unique merits: (i) the user Alice can obtain one and only one key bit so that both the efficiency and security of the present protocol can be ensured, and (ii) it does not require to change the length difference of the two arms in a Mach-Zehnder interferometer and just chooses two pulses passively to interfere with so that it is much simpler and more practical. The present protocol is also proved to be secure in terms of the user security and database security. PMID:27539654

A biometric method to secure telemedicine systems.

PubMed

Zhang, G H; Poon, Carmen C Y; Li, Ye; Zhang, Y T

2009-01-01

Security and privacy are among the most crucial issues for data transmission in telemedicine systems. This paper proposes a solution for securing wireless data transmission in telemedicine systems, i.e. within a body sensor network (BSN), between the BSN and server as well as between the server and professionals who have assess to the server. A unique feature of this solution is the generation of random keys by physiological data (i.e. a biometric approach) for securing communication at all 3 levels. In the performance analysis, inter-pulse interval of photoplethysmogram is used as an example to generate these biometric keys to protect wireless data transmission. The results of statistical analysis and computational complexity suggest that this type of key is random enough to make telemedicine systems resistant to attacks.

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

PubMed Central

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-01-01

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully. PMID:27873956

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge.

PubMed

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-12-03

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODE plus . It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODE plus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

A broadcast-based key agreement scheme using set reconciliation for wireless body area networks.

PubMed

Ali, Aftab; Khan, Farrukh Aslam

2014-05-01

Information and communication technologies have thrived over the last few years. Healthcare systems have also benefited from this progression. A wireless body area network (WBAN) consists of small, low-power sensors used to monitor human physiological values remotely, which enables physicians to remotely monitor the health of patients. Communication security in WBANs is essential because it involves human physiological data. Key agreement and authentication are the primary issues in the security of WBANs. To agree upon a common key, the nodes exchange information with each other using wireless communication. This information exchange process must be secure enough or the information exchange should be minimized to a certain level so that if information leak occurs, it does not affect the overall system. Most of the existing solutions for this problem exchange too much information for the sake of key agreement; getting this information is sufficient for an attacker to reproduce the key. Set reconciliation is a technique used to reconcile two similar sets held by two different hosts with minimal communication complexity. This paper presents a broadcast-based key agreement scheme using set reconciliation for secure communication in WBANs. The proposed scheme allows the neighboring nodes to agree upon a common key with the personal server (PS), generated from the electrocardiogram (EKG) feature set of the host body. Minimal information is exchanged in a broadcast manner, and even if every node is missing a different subset, by reconciling these feature sets, the whole network will still agree upon a single common key. Because of the limited information exchange, if an attacker gets the information in any way, he/she will not be able to reproduce the key. The proposed scheme mitigates replay, selective forwarding, and denial of service attacks using a challenge-response authentication mechanism. The simulation results show that the proposed scheme has a great deal of adoptability in terms of security, communication overhead, and running time complexity, as compared to the existing EKG-based key agreement scheme.

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment

PubMed Central

Muthurajan, Vinothkumar; Narayanasamy, Balaji

2016-01-01

Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation. PMID:26981584

An Elliptic Curve Based Schnorr Cloud Security Model in Distributed Environment.

PubMed

Muthurajan, Vinothkumar; Narayanasamy, Balaji

2016-01-01

Cloud computing requires the security upgrade in data transmission approaches. In general, key-based encryption/decryption (symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices. The symmetric key mechanisms (pseudorandom function) provide minimum protection level compared to asymmetric key (RSA, AES, and ECC) schemes. The presence of expired content and the irrelevant resources cause unauthorized data access adversely. This paper investigates how the integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme. This paper proposes a virtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content. The HCSA-based auditing improves the malicious activity prediction during the data transfer. The duplication in the cloud server degrades the performance of EC-Schnorr based encryption schemes. This paper utilizes the blooming filter concept to avoid the cloud server duplication. The combination of EC-Schnorr and blooming filter efficiently improves the security performance. The comparative analysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time, computational overhead, and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security model creation.

Securing While Sampling in Wireless Body Area Networks With Application to Electrocardiography.

PubMed

Dautov, Ruslan; Tsouri, Gill R

2016-01-01

Stringent resource constraints and broadcast transmission in wireless body area network raise serious security concerns when employed in biomedical applications. Protecting data transmission where any minor alteration is potentially harmful is of significant importance in healthcare. Traditional security methods based on public or private key infrastructure require considerable memory and computational resources, and present an implementation obstacle in compact sensor nodes. This paper proposes a lightweight encryption framework augmenting compressed sensing with wireless physical layer security. Augmenting compressed sensing to secure information is based on the use of the measurement matrix as an encryption key, and allows for incorporating security in addition to compression at the time of sampling an analog signal. The proposed approach eliminates the need for a separate encryption algorithm, as well as the predeployment of a key thereby conserving sensor node's limited resources. The proposed framework is evaluated using analysis, simulation, and experimentation applied to a wireless electrocardiogram setup consisting of a sensor node, an access point, and an eavesdropper performing a proximity attack. Results show that legitimate communication is reliable and secure given that the eavesdropper is located at a reasonable distance from the sensor node and the access point.

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Li, Xiong

2015-11-01

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

Security Concepts for Satellite Links

NASA Astrophysics Data System (ADS)

Tobehn, C.; Penné, B.; Rathje, R.; Weigl, A.; Gorecki, Ch.; Michalik, H.

2008-08-01

The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services. This paper describes the key points of current satellite control and operations, that are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods. For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC- DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data provides download data rates up to Nx250 Mbps. The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi- satellite system and German-French SAR-Lupe-Helios- II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES).

Bit-Oriented Quantum Public-Key Cryptosystem Based on Bell States

NASA Astrophysics Data System (ADS)

Wu, WanQing; Cai, QingYu; Zhang, HuanGuo; Liang, XiaoYan

2018-02-01

Quantum public key encryption system provides information confidentiality using quantum mechanics. This paper presents a quantum public key cryptosystem (Q P K C) based on the Bell states. By H o l e v o's theorem, the presented scheme provides the security of the secret key using one-wayness during the QPKC. While the QPKC scheme is information theoretic security under chosen plaintext attack (C P A). Finally some important features of presented QPKC scheme can be compared with other QPKC scheme.

Bit-Oriented Quantum Public-Key Cryptosystem Based on Bell States

NASA Astrophysics Data System (ADS)

Wu, WanQing; Cai, QingYu; Zhang, HuanGuo; Liang, XiaoYan

2018-06-01

Quantum public key encryption system provides information confidentiality using quantum mechanics. This paper presents a quantum public key cryptosystem ( Q P K C) based on the Bell states. By H o l e v o' s theorem, the presented scheme provides the security of the secret key using one-wayness during the QPKC. While the QPKC scheme is information theoretic security under chosen plaintext attack ( C P A). Finally some important features of presented QPKC scheme can be compared with other QPKC scheme.

A security proof of the round-robin differential phase shift quantum key distribution protocol based on the signal disturbance

NASA Astrophysics Data System (ADS)

Sasaki, Toshihiko; Koashi, Masato

2017-06-01

The round-robin differential phase shift (RRDPS) quantum key distribution (QKD) protocol is a unique QKD protocol whose security has not been understood through an information-disturbance trade-off relation, and a sufficient amount of privacy amplification was given independently of signal disturbance. Here, we discuss the security of the RRDPS protocol in the asymptotic regime when a good estimate of the bit error rate is available as a measure of signal disturbance. The uniqueness of the RRDPS protocol shows up as a peculiar form of information-disturbance trade-off curve. When the length of a block of pulses used for encoding and the signal disturbance are both small, it provides a significantly better key rate than that from the original security proof. On the other hand, when the block length is large, the use of the signal disturbance makes little improvement in the key rate. Our analysis will bridge a gap between the RRDPS protocol and the conventional QKD protocols.

Quantum key distribution with an unknown and untrusted source

NASA Astrophysics Data System (ADS)

Zhao, Yi; Qi, Bing; Lo, Hoi-Kwong

2009-03-01

The security of a standard bi-directional ``plug & play'' quantum key distribution (QKD) system has been an open question for a long time. This is mainly because its source is equivalently controlled by an eavesdropper, which means the source is unknown and untrusted. Qualitative discussion on this subject has been made previously. In this paper, we present the first quantitative security analysis on a general class of QKD protocols whose sources are unknown and untrusted. The securities of standard BB84 protocol, weak+vacuum decoy state protocol, and one-decoy decoy state protocol, with unknown and untrusted sources are rigorously proved. We derive rigorous lower bounds to the secure key generation rates of the above three protocols. Our numerical simulation results show that QKD with an untrusted source gives a key generation rate that is close to that with a trusted source. Our work is published in [1]. [4pt] [1] Y. Zhao, B. Qi, and H.-K. Lo, Phys. Rev. A, 77:052327 (2008).

A semi-symmetric image encryption scheme based on the function projective synchronization of two hyperchaotic systems

PubMed Central

Li, Jinqing; Qi, Hui; Cong, Ligang; Yang, Huamin

2017-01-01

Both symmetric and asymmetric color image encryption have advantages and disadvantages. In order to combine their advantages and try to overcome their disadvantages, chaos synchronization is used to avoid the key transmission for the proposed semi-symmetric image encryption scheme. Our scheme is a hybrid chaotic encryption algorithm, and it consists of a scrambling stage and a diffusion stage. The control law and the update rule of function projective synchronization between the 3-cell quantum cellular neural networks (QCNN) response system and the 6th-order cellular neural network (CNN) drive system are formulated. Since the function projective synchronization is used to synchronize the response system and drive system, Alice and Bob got the key by two different chaotic systems independently and avoid the key transmission by some extra security links, which prevents security key leakage during the transmission. Both numerical simulations and security analyses such as information entropy analysis, differential attack are conducted to verify the feasibility, security, and efficiency of the proposed scheme. PMID:28910349

Quantum Dialogue with Authentication Based on Bell States

NASA Astrophysics Data System (ADS)

Shen, Dongsu; Ma, Wenping; Yin, Xunru; Li, Xiaoping

2013-06-01

We propose an authenticated quantum dialogue protocol, which is based on a shared private quantum entangled channel. In this protocol, the EPR pairs are randomly prepared in one of the four Bell states for communication. By performing four Pauli operations on the shared EPR pairs to encode their shared authentication key and secret message, two legitimate users can implement mutual identity authentication and quantum dialogue without the help from the third party authenticator. Furthermore, due to the EPR pairs which are used for secure communication are utilized to implement authentication and the whole authentication process is included in the direct secure communication process, it does not require additional particles to realize authentication in this protocol. The updated authentication key provides the counterparts with a new authentication key for the next authentication and direct communication. Compared with other secure communication with authentication protocols, this one is more secure and efficient owing to the combination of authentication and direct communication. Security analysis shows that it is secure against the eavesdropping attack, the impersonation attack and the man-in-the-middle (MITM) attack.

A novel and lightweight system to secure wireless medical sensor networks.

PubMed

He, Daojing; Chan, Sammy; Tang, Shaohua

2014-01-01

Wireless medical sensor networks (MSNs) are a key enabling technology in e-healthcare that allows the data of a patient's vital body parameters to be collected by the wearable or implantable biosensors. However, the security and privacy protection of the collected data is a major unsolved issue, with challenges coming from the stringent resource constraints of MSN devices, and the high demand for both security/privacy and practicality. In this paper, we propose a lightweight and secure system for MSNs. The system employs hash-chain based key updating mechanism and proxy-protected signature technique to achieve efficient secure transmission and fine-grained data access control. Furthermore, we extend the system to provide backward secrecy and privacy preservation. Our system only requires symmetric-key encryption/decryption and hash operations and is thus suitable for the low-power sensor nodes. This paper also reports the experimental results of the proposed system in a network of resource-limited motes and laptop PCs, which show its efficiency in practice. To the best of our knowledge, this is the first secure data transmission and access control system for MSNs until now.

12 CFR 326.3 - Security program.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Security program. 326.3 Section 326.3 Banks and... SECURITY DEVICES AND PROCEDURES AND BANK SECRECY ACT 1 COMPLIANCE Minimum Security Procedures § 326.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures...

12 CFR 326.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Security program. 326.3 Section 326.3 Banks and... SECURITY DEVICES AND PROCEDURES AND BANK SECRECY ACT 1 COMPLIANCE Minimum Security Procedures § 326.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures...

Measurement-Device-Independent Quantum Cryptography

NASA Astrophysics Data System (ADS)

Tang, Zhiyuan

Quantum key distribution (QKD) enables two legitimate parties to share a secret key even in the presence of an eavesdropper. The unconditional security of QKD is based on the fundamental laws of quantum physics. Original security proofs of QKD are based on a few assumptions, e.g., perfect single photon sources and perfect single-photon detectors. However, practical implementations of QKD systems do not fully comply with such assumptions due to technical limitations. The gap between theory and implementations leads to security loopholes in most QKD systems, and several attacks have been launched on sophisticated QKD systems. Particularly, the detectors have been found to be the most vulnerable part of QKD. Much effort has been put to build side-channel-free QKD systems. Solutions such as security patches and device-independent QKD have been proposed. However, the former are normally ad-hoc, and cannot close unidentified loopholes. The latter, while having the advantages of removing all assumptions on devices, is impractical to implement today. Measurement-device-independent QKD (MDI-QKD) turns out to be a promising solution to the security problem of QKD. In MDI-QKD, all security loopholes, including those yet-to-be discovered, have been removed from the detectors, the most critical part in QKD. In this thesis, we investigate issues related to the practical implementation and security of MDI-QKD. We first present a demonstration of polarization-encoding MDI-QKD. Taking finite key effect into account, we achieve a secret key rate of 0.005 bit per second (bps) over 10 km spooled telecom fiber, and a 1600-bit key is distributed. This work, together with other demonstrations, shows the practicality of MDI-QKD. Next we investigate a critical assumption of MDI-QKD: perfect state preparation. We apply the loss-tolerant QKD protocol and adapt it to MDI-QKD to quantify information leakage due to imperfect state preparation. We then present an experimental demonstration of MDI-QKD over 10 km and 40 km of spooled fiber, which for the first time considers the impact of inaccurate polarization state preparation on the secret key rate. This would not have been possible under previous security proofs, given the same amount of state preparation flaws.

The European Union Joint Procurement Agreement for cross-border health threats: what is the potential for this new mechanism of health system collaboration?

PubMed

Azzopardi-Muscat, Natasha; Schroder-Bäck, Peter; Brand, Helmut

2017-01-01

The Joint Procurement Agreement (JPA) is an innovative instrument for multi-country procurement of medical countermeasures against cross-border health threats. This paper aims to assess its potential performance. A literature review was conducted to identify key features of successful joint procurement programmes. Documentary analysis and a key informants' interview were carried out to analyse the European Union (EU) JPA. Ownership, equity, transparency, stable central financing, standardisation, flexibility and gradual development were identified as important prerequisites for successful establishment of multi-country joint procurement programmes in the literature while security of supply, favourable prices, reduction of operational costs and administrative burden and creation of professional expert networks were identified as desirable outcomes. The EU JPA appears to fulfil the criteria of ownership, transparency, equity, flexibility and gradual development. Standardisation is only partly fulfilled and central EU level financing is not provided. Security of supply is an important outcome for all EU Member States (MS). Price savings, reduction in administrative burden and creation of professional networks may be particularly attractive for the smaller MS. The JPA has the potential to increase health system collaboration and efficiency at EU level provided that the incentives for sustained commitment of larger MS are sufficiently attractive.

Information Theoretically Secure, Enhanced Johnson Noise Based Key Distribution over the Smart Grid with Switched Filters

PubMed Central

2013-01-01

We introduce a protocol with a reconfigurable filter system to create non-overlapping single loops in the smart power grid for the realization of the Kirchhoff-Law-Johnson-(like)-Noise secure key distribution system. The protocol is valid for one-dimensional radial networks (chain-like power line) which are typical of the electricity distribution network between the utility and the customer. The speed of the protocol (the number of steps needed) versus grid size is analyzed. When properly generalized, such a system has the potential to achieve unconditionally secure key distribution over the smart power grid of arbitrary geometrical dimensions. PMID:23936164

Information theoretically secure, enhanced Johnson noise based key distribution over the smart grid with switched filters.

PubMed

Gonzalez, Elias; Kish, Laszlo B; Balog, Robert S; Enjeti, Prasad

2013-01-01

We introduce a protocol with a reconfigurable filter system to create non-overlapping single loops in the smart power grid for the realization of the Kirchhoff-Law-Johnson-(like)-Noise secure key distribution system. The protocol is valid for one-dimensional radial networks (chain-like power line) which are typical of the electricity distribution network between the utility and the customer. The speed of the protocol (the number of steps needed) versus grid size is analyzed. When properly generalized, such a system has the potential to achieve unconditionally secure key distribution over the smart power grid of arbitrary geometrical dimensions.

75 FR 77925 - Self-Regulatory Organizations; NASDAQ OMX BX, Inc.; Notice of Filing and Immediate Effectiveness...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-14

... Establish Strike Price Intervals and Trading Hours for Options on Index-Linked Securities December 8, 2010... Business) of the Rules of the Boston Options Exchange Group, LLC (``BOX'') to establish strike price... proposing to establish strike price intervals and trading hours for these products. The Securities and...

A more secure parallel keyed hash function based on chaotic neural network

NASA Astrophysics Data System (ADS)

Huang, Zhongquan

2011-08-01

Although various hash functions based on chaos or chaotic neural network were proposed, most of them can not work efficiently in parallel computing environment. Recently, an algorithm for parallel keyed hash function construction based on chaotic neural network was proposed [13]. However, there is a strict limitation in this scheme that its secret keys must be nonce numbers. In other words, if the keys are used more than once in this scheme, there will be some potential security flaw. In this paper, we analyze the cause of vulnerability of the original one in detail, and then propose the corresponding enhancement measures, which can remove the limitation on the secret keys. Theoretical analysis and computer simulation indicate that the modified hash function is more secure and practical than the original one. At the same time, it can keep the parallel merit and satisfy the other performance requirements of hash function, such as good statistical properties, high message and key sensitivity, and strong collision resistance, etc.

The security energy encryption in wireless power transfer

NASA Astrophysics Data System (ADS)

Sadzali, M. N.; Ali, A.; Azizan, M. M.; Albreem, M. A. M.

2017-09-01

This paper presents a concept of security in wireless power transfer (WPT) by applying chaos theory. Chaos theory is applied as a security system in order to safeguard the transfer of energy from a transmitter to the intended receiver. The energy encryption of the wireless power transfer utilizes chaos theory to generate the possibility of a logistic map for the chaotic security key. The simulation for energy encryption wireless power transfer system was conducted by using MATLAB and Simulink. By employing chaos theory, the chaotic key ensures the transmission of energy from transmitter to its intended receiver.

Security evaluation of the quantum key distribution system with two-mode squeezed states

DOE Office of Scientific and Technical Information (OSTI.GOV)

Osaki, M.; Ban, M.

2003-08-01

The quantum key distribution (QKD) system with two-mode squeezed states has been demonstrated by Pereira et al. [Phys. Rev. A 62, 042311 (2000)]. They evaluate the security of the system based on the signal to noise ratio attained by a homodyne detector. In this paper, we discuss its security based on the error probability individually attacked by eavesdropper with the unambiguous or the error optimum detection. The influence of the energy loss at transmission channels is also taken into account. It will be shown that the QKD system is secure under these conditions.

Transparent Proxy for Secure E-Mail

NASA Astrophysics Data System (ADS)

Michalák, Juraj; Hudec, Ladislav

2010-05-01

The paper deals with the security of e-mail messages and e-mail server implementation by means of a transparent SMTP proxy. The security features include encryption and signing of transported messages. The goal is to design and implement a software proxy for secure e-mail including its monitoring, administration, encryption and signing keys administration. In particular, we focus on automatic public key on-the-fly encryption and signing of e-mail messages according to S/MIME standard by means of an embedded computer system whose function can be briefly described as a brouter with transparent SMTP proxy.

Privacy-enhanced electronic mail

NASA Astrophysics Data System (ADS)

Bishop, Matt

1990-06-01

The security of electronic mail sent through the Internet may be described in exactly three words: there is none. The Privacy and Security Research Group has recommended implementing mechanisms designed to provide security enhancements. The first set of mechanisms provides a protocol to provide privacy, integrity, and authentication for electronic mail; the second provides a certificate-based key management infrastructure to support key distribution throughout the internet, to support the first set of mechanisms. These mechanisms are described, as well as the reasons behind their selection and how these mechanisms can be used to provide some measure of security in the exchange of electronic mail.

Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication

DTIC Science & Technology

2004-11-01

the context of, e.g., a smart home (Section 7). Our implementation is detailed in Section 8, with a security analysis is Section 9. Section 10...establishment of security parame- ters [17]. This work considers a smart home , where a user may want to establish a security context for controlling...appliances or other devices in a smart - home . We refer to the security property discussed in this work as presence, where it is desirable that only users or

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

Security on Cloud Revocation Authority using Identity Based Encryption

NASA Astrophysics Data System (ADS)

Rajaprabha, M. N.

2017-11-01

As due to the era of cloud computing most of the people are saving there documents, files and other things on cloud spaces. Due to this security over the cloud is also important because all the confidential things are there on the cloud. So to overcome private key infrastructure (PKI) issues some revocable Identity Based Encryption (IBE) techniques are introduced which eliminates the demand of PKI. The technique introduced is key update cloud service provider which is having two issues in it and they are computation and communication cost is high and second one is scalability issue. So to overcome this problem we come along with the system in which the Cloud Revocation Authority (CRA) is there for the security which will only hold the secret key for each user. And the secret key was send with the help of advanced encryption standard security. The key is encrypted and send to the CRA for giving the authentication to the person who wants to share the data or files or for the communication purpose. Through that key only the other user will able to access that file and if the user apply some invalid key on the particular file than the information of that user and file is send to the administrator and administrator is having rights to block that person of black list that person to use the system services.

Security, privacy, and confidentiality issues on the Internet

PubMed Central

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

Security, privacy, and confidentiality issues on the Internet.

PubMed

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

Secure communications using nonlinear silicon photonic keys.

PubMed

Grubel, Brian C; Bosworth, Bryan T; Kossey, Michael R; Cooper, A Brinton; Foster, Mark A; Foster, Amy C

2018-02-19

We present a secure communication system constructed using pairs of nonlinear photonic physical unclonable functions (PUFs) that harness physical chaos in integrated silicon micro-cavities. Compared to a large, electronically stored one-time pad, our method provisions large amounts of information within the intrinsically complex nanostructure of the micro-cavities. By probing a micro-cavity with a rapid sequence of spectrally-encoded ultrafast optical pulses and measuring the lightwave responses, we experimentally demonstrate the ability to extract 2.4 Gb of key material from a single micro-cavity device. Subsequently, in a secure communication experiment with pairs of devices, we achieve bit error rates below 10 -5 at code rates of up to 0.1. The PUFs' responses are never transmitted over the channel or stored in digital memory, thus enhancing the security of the system. Additionally, the micro-cavity PUFs are extremely small, inexpensive, robust, and fully compatible with telecommunications infrastructure, components, and electronic fabrication. This approach can serve one-time pad or public key exchange applications where high security is required.

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

PubMed

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

Secret Key Crypto Implementations

NASA Astrophysics Data System (ADS)

Bertoni, Guido Marco; Melzani, Filippo

This chapter presents the algorithm selected in 2001 as the Advanced Encryption Standard. This algorithm is the base for implementing security and privacy based on symmetric key solutions in almost all new applications. Secret key algorithms are used in combination with modes of operation to provide different security properties. The most used modes of operation are presented in this chapter. Finally an overview of the different techniques of software and hardware implementations is given.

A Secure Key Distribution System of Quantum Cryptography Based on the Coherent State

NASA Technical Reports Server (NTRS)

Guo, Guang-Can; Zhang, Xiao-Yu

1996-01-01

The cryptographic communication has a lot of important applications, particularly in the magnificent prospects of private communication. As one knows, the security of cryptographic channel depends crucially on the secrecy of the key. The Vernam cipher is the only cipher system which has guaranteed security. In that system the key must be as long as the message and most be used only once. Quantum cryptography is a method whereby key secrecy can be guaranteed by a physical law. So it is impossible, even in principle, to eavesdrop on such channels. Quantum cryptography has been developed in recent years. Up to now, many schemes of quantum cryptography have been proposed. Now one of the main problems in this field is how to increase transmission distance. In order to use quantum nature of light, up to now proposed schemes all use very dim light pulses. The average photon number is about 0.1. Because of the loss of the optical fiber, it is difficult for the quantum cryptography based on one photon level or on dim light to realize quantum key-distribution over long distance. A quantum key distribution based on coherent state is introduced in this paper. Here we discuss the feasibility and security of this scheme.

The Great Game redux: Energy security and the emergence of tripolarity in Eurasia

NASA Astrophysics Data System (ADS)

Ozdamar, Ibrahim Ozgur

Securing energy resources has become a key aspect of foreign policy-making since the 1970s. States have used military and economic foreign policy tools to secure the supply of energy to their domestic markets. With the fall of the USSR in 1991, political and economic competition for penetration into energy-rich regions spread through Eurasia. Inspired from the nineteenth century term to describe Russian-British rivalry in the region, the current rivalry among great powers and their allies is called the "New Great Game". This project analyzes three political conflicts that are shaped by such rivalry that can threaten global energy security. Empirical results from the expected utility model (Bueno de Mesquita 1985) suggest the rivalry among the Western (i.e. EU, US) and Eastern (i.e. Russia, China) powers about the Iranian nuclear program, Nagorno-Karabakh and South Ossetia conflicts is likely to continue and shows some Cold War characteristics. I have also found out the expected outcomes of these conflicts and foreign policy tools and obvious and unseen strategic moves available to actors. The major conclusion of the study is that the EU and US should pursue a coordinated foreign policy and balance the Russian and Chinese influence in the region to secure access to energy resources. Most effective foreign policy tools to achieve such aim appear to be the use of economic relations as leverage against Russia and China and support economic and democratic developments of the newly established republics in Eurasia.

Privacy Protection for Telecare Medicine Information Systems Using a Chaotic Map-Based Three-Factor Authenticated Key Agreement Scheme.

PubMed

Zhang, Liping; Zhu, Shaohui; Tang, Shanyu

2017-03-01

Telecare medicine information systems (TMIS) provide flexible and convenient e-health care. However, the medical records transmitted in TMIS are exposed to unsecured public networks, so TMIS are more vulnerable to various types of security threats and attacks. To provide privacy protection for TMIS, a secure and efficient authenticated key agreement scheme is urgently needed to protect the sensitive medical data. Recently, Mishra et al. proposed a biometrics-based authenticated key agreement scheme for TMIS by using hash function and nonce, they claimed that their scheme could eliminate the security weaknesses of Yan et al.'s scheme and provide dynamic identity protection and user anonymity. In this paper, however, we demonstrate that Mishra et al.'s scheme suffers from replay attacks, man-in-the-middle attacks and fails to provide perfect forward secrecy. To overcome the weaknesses of Mishra et al.'s scheme, we then propose a three-factor authenticated key agreement scheme to enable the patient to enjoy the remote healthcare services via TMIS with privacy protection. The chaotic map-based cryptography is employed in the proposed scheme to achieve a delicate balance of security and performance. Security analysis demonstrates that the proposed scheme resists various attacks and provides several attractive security properties. Performance evaluation shows that the proposed scheme increases efficiency in comparison with other related schemes.

Novel secret key generation techniques using memristor devices

NASA Astrophysics Data System (ADS)

Abunahla, Heba; Shehada, Dina; Yeun, Chan Yeob; Mohammad, Baker; Jaoude, Maguy Abi

2016-02-01

This paper proposes novel secret key generation techniques using memristor devices. The approach depends on using the initial profile of a memristor as a master key. In addition, session keys are generated using the master key and other specified parameters. In contrast to existing memristor-based security approaches, the proposed development is cost effective and power efficient since the operation can be achieved with a single device rather than a crossbar structure. An algorithm is suggested and demonstrated using physics based Matlab model. It is shown that the generated keys can have dynamic size which provides perfect security. Moreover, the proposed encryption and decryption technique using the memristor based generated keys outperforms Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES) in terms of processing time. This paper is enriched by providing characterization results of a fabricated microscale Al/TiO2/Al memristor prototype in order to prove the concept of the proposed approach and study the impacts of process variations. The work proposed in this paper is a milestone towards System On Chip (SOC) memristor based security.

Phase-Reference-Free Experiment of Measurement-Device-Independent Quantum Key Distribution

NASA Astrophysics Data System (ADS)

Wang, Chao; Song, Xiao-Tian; Yin, Zhen-Qiang; Wang, Shuang; Chen, Wei; Zhang, Chun-Mei; Guo, Guang-Can; Han, Zheng-Fu

2015-10-01

Measurement-device-independent quantum key distribution (MDI QKD) is a substantial step toward practical information-theoretic security for key sharing between remote legitimate users (Alice and Bob). As with other standard device-dependent quantum key distribution protocols, such as BB84, MDI QKD assumes that the reference frames have been shared between Alice and Bob. In practice, a nontrivial alignment procedure is often necessary, which requires system resources and may significantly reduce the secure key generation rate. Here, we propose a phase-coding reference-frame-independent MDI QKD scheme that requires no phase alignment between the interferometers of two distant legitimate parties. As a demonstration, a proof-of-principle experiment using Faraday-Michelson interferometers is presented. The experimental system worked at 1 MHz, and an average secure key rate of 8.309 bps was obtained at a fiber length of 20 km between Alice and Bob. The system can maintain a positive key generation rate without phase compensation under normal conditions. The results exhibit the feasibility of our system for use in mature MDI QKD devices and its value for network scenarios.

Secure NFV Orchestration Over an SDN-Controlled Optical Network With Time-Shared Quantum Key Distribution Resources

NASA Astrophysics Data System (ADS)

Aguado, Alejandro; Hugues-Salas, Emilio; Haigh, Paul Anthony; Marhuenda, Jaume; Price, Alasdair B.; Sibson, Philip; Kennard, Jake E.; Erven, Chris; Rarity, John G.; Thompson, Mark Gerard; Lord, Andrew; Nejabati, Reza; Simeonidou, Dimitra

2017-04-01

We demonstrate, for the first time, a secure optical network architecture that combines NFV orchestration and SDN control with quantum key distribution (QKD) technology. A novel time-shared QKD network design is presented as a cost-effective solution for practical networks.

Under Lock and Key: Preventing Campus Theft of Electronic Equipment.

ERIC Educational Resources Information Center

Harrison, J. Phil

1996-01-01

A discussion of computer theft prevention on college campuses looks at a variety of elements in electronic equipment security, including the extent of the problem, physical antitheft products, computerized access, control of key access, alarm systems, competent security personnel, lighting, use of layers of protection, and increasing…

75 FR 36642 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-28

... relating to the issue, return, and accountability of keys to secure areas. Records may contain name, Social... disposing of records in the system: Storage: Paper records in file folders and electronic storage media. Retrievability: By name, Social Security Number (SSN), key number, personal identification number (PIN), Magnetic...

Securing Digital Audio using Complex Quadratic Map

NASA Astrophysics Data System (ADS)

Suryadi, MT; Satria Gunawan, Tjandra; Satria, Yudi

2018-03-01

In This digital era, exchanging data are common and easy to do, therefore it is vulnerable to be attacked and manipulated from unauthorized parties. One data type that is vulnerable to attack is digital audio. So, we need data securing method that is not vulnerable and fast. One of the methods that match all of those criteria is securing the data using chaos function. Chaos function that is used in this research is complex quadratic map (CQM). There are some parameter value that causing the key stream that is generated by CQM function to pass all 15 NIST test, this means that the key stream that is generated using this CQM is proven to be random. In addition, samples of encrypted digital sound when tested using goodness of fit test are proven to be uniform, so securing digital audio using this method is not vulnerable to frequency analysis attack. The key space is very huge about 8.1×l031 possible keys and the key sensitivity is very small about 10-10, therefore this method is also not vulnerable against brute-force attack. And finally, the processing speed for both encryption and decryption process on average about 450 times faster that its digital audio duration.

Three-party authenticated key agreements for optimal communication

PubMed Central

Lee, Tian-Fu; Hwang, Tzonelih

2017-01-01

Authenticated key agreements enable users to determine session keys, and to securely communicate with others over an insecure channel via the session keys. This study investigates the lower bounds on communications for three-party authenticated key agreements and considers whether or not the sub-keys for generating a session key can be revealed in the channel. Since two clients do not share any common secret key, they require the help of the server to authenticate their identities and exchange confidential and authenticated information over insecure networks. However, if the session key security is based on asymmetric cryptosystems, then revealing the sub-keys cannot compromise the session key. The clients can directly exchange the sub-keys and reduce the transmissions. In addition, authenticated key agreements were developed by using the derived results of the lower bounds on communications. Compared with related approaches, the proposed protocols had fewer transmissions and realized the lower bounds on communications. PMID:28355253

A game-theoretical approach to multimedia social networks security.

PubMed

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

A Game-Theoretical Approach to Multimedia Social Networks Security

PubMed Central

Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

2014-01-01

The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

Analysis to determine the maximum dimensions of flexible apertures in sensored security netting products.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Murton, Mark; Bouchier, Francis A.; vanDongen, Dale T.

2013-08-01

Although technological advances provide new capabilities to increase the robustness of security systems, they also potentially introduce new vulnerabilities. New capability sometimes requires new performance requirements. This paper outlines an approach to establishing a key performance requirement for an emerging intrusion detection sensor: the sensored net. Throughout the security industry, the commonly adopted standard for maximum opening size through barriers is a requirement based on square inchestypically 96 square inches. Unlike standard rigid opening, the dimensions of a flexible aperture are not fixed, but variable and conformable. It is demonstrably simple for a human intruder to move through a 96-square-inchmore » opening that is conformable to the human body. The longstanding 96-square-inch requirement itself, though firmly embedded in policy and best practice, lacks a documented empirical basis. This analysis concluded that the traditional 96-square-inch standard for openings is insufficient for flexible openings that are conformable to the human body. Instead, a circumference standard is recommended for these newer types of sensored barriers. The recommended maximum circumference for a flexible opening should be no more than 26 inches, as measured on the inside of the netting material.« less

Implementation of data security and data privacy provisions will bring sweeping changes to laboratory service providers.

PubMed

Boothe, J F

2000-01-01

The Health Insurance Portability and Accountability Act included substantial changes involving handling of health information by establishing national standards for electronic transactions, data privacy, and data security. The first final rule for electronic transaction standards was published August 17, 2000. The remaining final rules are expected to be published in Winter 2000. Providers, such as clinical laboratories, will have 26 months from the data of publication to comply. The civil monetary fines for noncompliance are substantial. This article will review the key provisions of the data security and data privacy proposed rules. These provisions will touch virtually every aspect of electronic claims submissions, electronic data transactions, and the electronic storage of medical information. The proposed rules will require a coordinated approach by providers to develop the policies and procedures, and the technical and physical infrastructure to protect health information. Moreover, providers will need to identify a privacy officer, to review existing privacy policies to compare the proposed rule with any existing state laws to determine which may be more stringent, and to develop new policies to address the particular requirements of the final rule.

Key exchange using biometric identity based encryption for sharing encrypted data in cloud environment

NASA Astrophysics Data System (ADS)

Hassan, Waleed K.; Al-Assam, Hisham

2017-05-01

The main problem associated with using symmetric/ asymmetric keys is how to securely store and exchange the keys between the parties over open networks particularly in the open environment such as cloud computing. Public Key Infrastructure (PKI) have been providing a practical solution for session key exchange for loads of web services. The key limitation of PKI solution is not only the need for a trusted third partly (e.g. certificate authority) but also the absent link between data owner and the encryption keys. The latter is arguably more important where accessing data needs to be linked with identify of the owner. Currently available key exchange protocols depend on using trusted couriers or secure channels, which can be subject to man-in-the-middle attack and various other attacks. This paper proposes a new protocol for Key Exchange using Biometric Identity Based Encryption (KE-BIBE) that enables parties to securely exchange cryptographic keys even an adversary is monitoring the communication channel between the parties. The proposed protocol combines biometrics with IBE in order to provide a secure way to access symmetric keys based on the identity of the users in unsecure environment. In the KE-BIOBE protocol, the message is first encrypted by the data owner using a traditional symmetric key before migrating it to a cloud storage. The symmetric key is then encrypted using public biometrics of the users selected by data owner to decrypt the message based on Fuzzy Identity-Based Encryption. Only the selected users will be able to decrypt the message by providing a fresh sample of their biometric data. The paper argues that the proposed solution eliminates the needs for a key distribution centre in traditional cryptography. It will also give data owner the power of finegrained sharing of encrypted data by control who can access their data.

12 CFR 168.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 1 2014-01-01 2014-01-01 false Security program. 168.3 Section 168.3 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY SECURITY PROCEDURES § 168.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for...

12 CFR 568.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 6 2014-01-01 2012-01-01 true Security program. 568.3 Section 568.3 Banks and Banking OFFICE OF THRIFT SUPERVISION, DEPARTMENT OF THE TREASURY SECURITY PROCEDURES § 568.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for...

12 CFR 391.3 - Security program.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 5 2013-01-01 2013-01-01 false Security program. 391.3 Section 391.3 Banks and... OF THRIFT SUPERVISION REGULATIONS Security Procedures § 391.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for opening and closing for business...

12 CFR 168.3 - Security program.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 12 Banks and Banking 1 2013-01-01 2013-01-01 false Security program. 168.3 Section 168.3 Banks and Banking COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY SECURITY PROCEDURES § 168.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for...

12 CFR 391.3 - Security program.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 12 Banks and Banking 5 2014-01-01 2014-01-01 false Security program. 391.3 Section 391.3 Banks and... OF THRIFT SUPERVISION REGULATIONS Security Procedures § 391.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for opening and closing for business...

75 FR 27608 - Self-Regulatory Organizations; NYSE Arca, Inc.; Notice of Filing and Immediate Effectiveness of...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-17

... Change To Establish Strike Price Intervals and Trading Hours for Options on Index Linked Securities May....4 Commentary .05 to establish strike price intervals for options on Index Linked Securities,\\3\\ and... Rule 7.1 Commentary .02 to establish strike price intervals and trading hours for options on Index...

20 CFR 416.941 - Establishment and use of referral and monitoring agencies.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Establishment and use of referral and monitoring agencies. 416.941 Section 416.941 Employees' Benefits SOCIAL SECURITY ADMINISTRATION SUPPLEMENTAL SECURITY INCOME FOR THE AGED, BLIND, AND DISABLED Determining Disability and Blindness Drug Addiction and Alcoholism § 416.941 Establishment and us...

A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care.

PubMed

Das, Ashok Kumar; Goswami, Adrijit

2013-06-01

Connected health care has several applications including telecare medicine information system, personally controlled health records system, and patient monitoring. In such applications, user authentication can ensure the legality of patients. In user authentication for such applications, only the legal user/patient himself/herself is allowed to access the remote server, and no one can trace him/her according to transmitted data. Chang et al. proposed a uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care (Chang et al., J Med Syst 37:9902, 2013). Their scheme uses the user's personal biometrics along with his/her password with the help of the smart card. The user's biometrics is verified using BioHashing. Their scheme is efficient due to usage of one-way hash function and exclusive-or (XOR) operations. In this paper, we show that though their scheme is very efficient, their scheme has several security weaknesses such as (1) it has design flaws in login and authentication phases, (2) it has design flaws in password change phase, (3) it fails to protect privileged insider attack, (4) it fails to protect the man-in-the middle attack, and (5) it fails to provide proper authentication. In order to remedy these security weaknesses in Chang et al.'s scheme, we propose an improvement of their scheme while retaining the original merit of their scheme. We show that our scheme is efficient as compared to Chang et al.'s scheme. Through the security analysis, we show that our scheme is secure against possible attacks. Further, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to ensure that our scheme is secure against passive and active attacks. In addition, after successful authentication between the user and the server, they establish a secret session key shared between them for future secure communication.

Fundamental limits of repeaterless quantum communications

PubMed Central

Pirandola, Stefano; Laurenza, Riccardo; Ottaviani, Carlo; Banchi, Leonardo

2017-01-01

Quantum communications promises reliable transmission of quantum information, efficient distribution of entanglement and generation of completely secure keys. For all these tasks, we need to determine the optimal point-to-point rates that are achievable by two remote parties at the ends of a quantum channel, without restrictions on their local operations and classical communication, which can be unlimited and two-way. These two-way assisted capacities represent the ultimate rates that are reachable without quantum repeaters. Here, by constructing an upper bound based on the relative entropy of entanglement and devising a dimension-independent technique dubbed ‘teleportation stretching', we establish these capacities for many fundamental channels, namely bosonic lossy channels, quantum-limited amplifiers, dephasing and erasure channels in arbitrary dimension. In particular, we exactly determine the fundamental rate-loss tradeoff affecting any protocol of quantum key distribution. Our findings set the limits of point-to-point quantum communications and provide precise and general benchmarks for quantum repeaters. PMID:28443624

Fundamental limits of repeaterless quantum communications.

PubMed

Pirandola, Stefano; Laurenza, Riccardo; Ottaviani, Carlo; Banchi, Leonardo

2017-04-26

Quantum communications promises reliable transmission of quantum information, efficient distribution of entanglement and generation of completely secure keys. For all these tasks, we need to determine the optimal point-to-point rates that are achievable by two remote parties at the ends of a quantum channel, without restrictions on their local operations and classical communication, which can be unlimited and two-way. These two-way assisted capacities represent the ultimate rates that are reachable without quantum repeaters. Here, by constructing an upper bound based on the relative entropy of entanglement and devising a dimension-independent technique dubbed 'teleportation stretching', we establish these capacities for many fundamental channels, namely bosonic lossy channels, quantum-limited amplifiers, dephasing and erasure channels in arbitrary dimension. In particular, we exactly determine the fundamental rate-loss tradeoff affecting any protocol of quantum key distribution. Our findings set the limits of point-to-point quantum communications and provide precise and general benchmarks for quantum repeaters.

Employing a Secure Virtual Private Network (VPN) Infrastructure as a Global Command and Control Gateway to Dynamically Connect and Disconnect Diverse Forces an a Task-Force-By-Task-Force Basis

DTIC Science & Technology

2009-09-01

DIFFIE-HELLMAN KEY EXCHANGE .......................14 III. GHOSTNET SETUP .........................................15 A. INSTALLATION OF OPENVPN FOR...16 3. Verifying the Secure Connection ..............16 B. RUNNING OPENVPN AS A SERVER ON WINDOWS ............17 1. Creating...Generating Server and Client Keys ............20 5. Keys to Transfer to the Client ...............21 6. Configuring OpenVPN to Use Certificates

Secure Communication via Key Generation with Quantum Measurement Advantage in the Telecom Band

DTIC Science & Technology

2013-10-30

II: Summary of Project In this basic research program we proposed to investigate the use of keyed communication in quantum noise as a key generation...implement quantum limited detection in our running-code OCDMA experiment to demonstrate (a) quantum measurement advantage creation between two users, (b...neither is adequate against known-plaintext attacks. This is a serious security problem facing the whole field of quantum cryptography in regard to both

One Step Quantum Key Distribution Based on EPR Entanglement.

PubMed

Li, Jian; Li, Na; Li, Lei-Lei; Wang, Tao

2016-06-30

A novel quantum key distribution protocol is presented, based on entanglement and dense coding and allowing asymptotically secure key distribution. Considering the storage time limit of quantum bits, a grouping quantum key distribution protocol is proposed, which overcomes the vulnerability of first protocol and improves the maneuverability. Moreover, a security analysis is given and a simple type of eavesdropper's attack would introduce at least an error rate of 46.875%. Compared with the "Ping-pong" protocol involving two steps, the proposed protocol does not need to store the qubit and only involves one step.

Attribute based encryption for secure sharing of E-health data

NASA Astrophysics Data System (ADS)

Charanya, R.; Nithya, S.; Manikandan, N.

2017-11-01

Distributed computing is one of the developing innovations in IT part and information security assumes a real part. It includes sending gathering of remote server and programming that permit the unified information and online access to PC administrations. Distributed computing depends on offering of asset among different clients are additionally progressively reallocated on interest. Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. The reasons for security and protection issues, which rise on the grounds that the health information possessed by distinctive clients are put away in some cloud servers rather than under their own particular control”z. To deal with security problems, various schemes based on the Attribute-Based Encryption have been proposed. In this paper, in order to make ehealth data’s more secure we use multi party in cloud computing system. Where the health data is encrypted using attributes and key policy. And the user with a particular attribute and key policy alone will be able to decrypt the health data after it is verified by “key distribution centre” and the “secure data distributor”. This technique can be used in medical field for secure storage of patient details and limiting to particular doctor access. To make data’s scalable secure we need to encrypt the health data before outsourcing.

Quantum cryptography with finite resources: unconditional security bound for discrete-variable protocols with one-way postprocessing.

PubMed

Scarani, Valerio; Renner, Renato

2008-05-23

We derive a bound for the security of quantum key distribution with finite resources under one-way postprocessing, based on a definition of security that is composable and has an operational meaning. While our proof relies on the assumption of collective attacks, unconditional security follows immediately for standard protocols such as Bennett-Brassard 1984 and six-states protocol. For single-qubit implementations of such protocols, we find that the secret key rate becomes positive when at least N approximately 10(5) signals are exchanged and processed. For any other discrete-variable protocol, unconditional security can be obtained using the exponential de Finetti theorem, but the additional overhead leads to very pessimistic estimates.

Efficient and Provable Secure Pairing-Free Security-Mediated Identity-Based Identification Schemes

PubMed Central

Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C.-W.

2014-01-01

Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions. PMID:25207333

Efficient and provable secure pairing-free security-mediated identity-based identification schemes.

PubMed

Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C-W

2014-01-01

Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

PubMed

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Combination of Rivest-Shamir-Adleman Algorithm and End of File Method for Data Security

NASA Astrophysics Data System (ADS)

Rachmawati, Dian; Amalia, Amalia; Elviwani

2018-03-01

Data security is one of the crucial issues in the delivery of information. One of the ways which used to secure the data is by encoding it into something else that is not comprehensible by human beings by using some crypto graphical techniques. The Rivest-Shamir-Adleman (RSA) cryptographic algorithm has been proven robust to secure messages. Since this algorithm uses two different keys (i.e., public key and private key) at the time of encryption and decryption, it is classified as asymmetric cryptography algorithm. Steganography is a method that is used to secure a message by inserting the bits of the message into a larger media such as an image. One of the known steganography methods is End of File (EoF). In this research, the cipher text resulted from the RSA algorithm is compiled into an array form and appended to the end of the image. The result of the EoF is the image which has a line with black gradations under it. This line contains the secret message. This combination of cryptography and steganography in securing the message is expected to increase the security of the message, since the message encryption technique (RSA) is mixed with the data hiding technique (EoF).

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Evaluation research of small and medium-sized enterprise informatization on big data

NASA Astrophysics Data System (ADS)

Yang, Na

2017-09-01

Under the background of big data, key construction of small and medium-sized enterprise informationization level was needed, but information construction cost was large, while information cost of inputs can bring benefit to small and medium-sized enterprises. This paper established small and medium-sized enterprise informatization evaluation system from hardware and software security level, information organization level, information technology application and the profit level, and information ability level. The rough set theory was used to brief indexes, and then carry out evaluation by support vector machine (SVM) model. At last, examples were used to verify the theory in order to prove the effectiveness of the method.

Image encryption based on a delayed fractional-order chaotic logistic system

NASA Astrophysics Data System (ADS)

Wang, Zhen; Huang, Xia; Li, Ning; Song, Xiao-Na

2012-05-01

A new image encryption scheme is proposed based on a delayed fractional-order chaotic logistic system. In the process of generating a key stream, the time-varying delay and fractional derivative are embedded in the proposed scheme to improve the security. Such a scheme is described in detail with security analyses including correlation analysis, information entropy analysis, run statistic analysis, mean-variance gray value analysis, and key sensitivity analysis. Experimental results show that the newly proposed image encryption scheme possesses high security.

Long-distance continuous-variable quantum key distribution by controlling excess noise

NASA Astrophysics Data System (ADS)

Huang, Duan; Huang, Peng; Lin, Dakai; Zeng, Guihua

2016-01-01

Quantum cryptography founded on the laws of physics could revolutionize the way in which communication information is protected. Significant progresses in long-distance quantum key distribution based on discrete variables have led to the secure quantum communication in real-world conditions being available. However, the alternative approach implemented with continuous variables has not yet reached the secure distance beyond 100 km. Here, we overcome the previous range limitation by controlling system excess noise and report such a long distance continuous-variable quantum key distribution experiment. Our result paves the road to the large-scale secure quantum communication with continuous variables and serves as a stepping stone in the quest for quantum network.

Long-distance continuous-variable quantum key distribution by controlling excess noise.

PubMed

Huang, Duan; Huang, Peng; Lin, Dakai; Zeng, Guihua

2016-01-13

Quantum cryptography founded on the laws of physics could revolutionize the way in which communication information is protected. Significant progresses in long-distance quantum key distribution based on discrete variables have led to the secure quantum communication in real-world conditions being available. However, the alternative approach implemented with continuous variables has not yet reached the secure distance beyond 100 km. Here, we overcome the previous range limitation by controlling system excess noise and report such a long distance continuous-variable quantum key distribution experiment. Our result paves the road to the large-scale secure quantum communication with continuous variables and serves as a stepping stone in the quest for quantum network.

Long-distance continuous-variable quantum key distribution by controlling excess noise

PubMed Central

Huang, Duan; Huang, Peng; Lin, Dakai; Zeng, Guihua

2016-01-01

Quantum cryptography founded on the laws of physics could revolutionize the way in which communication information is protected. Significant progresses in long-distance quantum key distribution based on discrete variables have led to the secure quantum communication in real-world conditions being available. However, the alternative approach implemented with continuous variables has not yet reached the secure distance beyond 100 km. Here, we overcome the previous range limitation by controlling system excess noise and report such a long distance continuous-variable quantum key distribution experiment. Our result paves the road to the large-scale secure quantum communication with continuous variables and serves as a stepping stone in the quest for quantum network. PMID:26758727

High performance reconciliation for continuous-variable quantum key distribution with LDPC code

NASA Astrophysics Data System (ADS)

Lin, Dakai; Huang, Duan; Huang, Peng; Peng, Jinye; Zeng, Guihua

2015-03-01

Reconciliation is a significant procedure in a continuous-variable quantum key distribution (CV-QKD) system. It is employed to extract secure secret key from the resulted string through quantum channel between two users. However, the efficiency and the speed of previous reconciliation algorithms are low. These problems limit the secure communication distance and the secure key rate of CV-QKD systems. In this paper, we proposed a high-speed reconciliation algorithm through employing a well-structured decoding scheme based on low density parity-check (LDPC) code. The complexity of the proposed algorithm is reduced obviously. By using a graphics processing unit (GPU) device, our method may reach a reconciliation speed of 25 Mb/s for a CV-QKD system, which is currently the highest level and paves the way to high-speed CV-QKD.

Application of homomorphism to secure image sharing

NASA Astrophysics Data System (ADS)

Islam, Naveed; Puech, William; Hayat, Khizar; Brouzet, Robert

2011-09-01

In this paper, we present a new approach for sharing images between l players by exploiting the additive and multiplicative homomorphic properties of two well-known public key cryptosystems, i.e. RSA and Paillier. Contrary to the traditional schemes, the proposed approach employs secret sharing in a way that limits the influence of the dealer over the protocol and allows each player to participate with the help of his key-image. With the proposed approach, during the encryption step, each player encrypts his own key-image using the dealer's public key. The dealer encrypts the secret-to-be-shared image with the same public key and then, the l encrypted key-images plus the encrypted to-be shared image are multiplied homomorphically to get another encrypted image. After this step, the dealer can safely get a scrambled image which corresponds to the addition or multiplication of the l + 1 original images ( l key-images plus the secret image) because of the additive homomorphic property of the Paillier algorithm or multiplicative homomorphic property of the RSA algorithm. When the l players want to extract the secret image, they do not need to use keys and the dealer has no role. Indeed, with our approach, to extract the secret image, the l players need only to subtract their own key-image with no specific order from the scrambled image. Thus, the proposed approach provides an opportunity to use operators like multiplication on encrypted images for the development of a secure privacy preserving protocol in the image domain. We show that it is still possible to extract a visible version of the secret image with only l-1 key-images (when one key-image is missing) or when the l key-images used for the extraction are different from the l original key-images due to a lossy compression for example. Experimental results and security analysis verify and prove that the proposed approach is secure from cryptographic viewpoint.

Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

NASA Astrophysics Data System (ADS)

Choudhury, Debesh

2016-04-01

We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

Physical key-protected one-time pad

PubMed Central

Horstmeyer, Roarke; Judkewitz, Benjamin; Vellekoop, Ivo M.; Assawaworrarit, Sid; Yang, Changhuei

2013-01-01

We describe an encrypted communication principle that forms a secure link between two parties without electronically saving either of their keys. Instead, random cryptographic bits are kept safe within the unique mesoscopic randomness of two volumetric scattering materials. We demonstrate how a shared set of patterned optical probes can generate 10 gigabits of statistically verified randomness between a pair of unique 2 mm3 scattering objects. This shared randomness is used to facilitate information-theoretically secure communication following a modified one-time pad protocol. Benefits of volumetric physical storage over electronic memory include the inability to probe, duplicate or selectively reset any bits without fundamentally altering the entire key space. Our ability to securely couple the randomness contained within two unique physical objects can extend to strengthen hardware required by a variety of cryptographic protocols, which is currently a critically weak link in the security pipeline of our increasingly mobile communication culture. PMID:24345925

Quantum communication for satellite-to-ground networks with partially entangled states

NASA Astrophysics Data System (ADS)

Chen, Na; Quan, Dong-Xiao; Pei, Chang-Xing; Yang-Hong

2015-02-01

To realize practical wide-area quantum communication, a satellite-to-ground network with partially entangled states is developed in this paper. For efficiency and security reasons, the existing method of quantum communication in distributed wireless quantum networks with partially entangled states cannot be applied directly to the proposed quantum network. Based on this point, an efficient and secure quantum communication scheme with partially entangled states is presented. In our scheme, the source node performs teleportation only after an end-to-end entangled state has been established by entanglement swapping with partially entangled states. Thus, the security of quantum communication is guaranteed. The destination node recovers the transmitted quantum bit with the help of an auxiliary quantum bit and specially defined unitary matrices. Detailed calculations and simulation analyses show that the probability of successfully transferring a quantum bit in the presented scheme is high. In addition, the auxiliary quantum bit provides a heralded mechanism for successful communication. Based on the critical components that are presented in this article an efficient, secure, and practical wide-area quantum communication can be achieved. Project supported by the National Natural Science Foundation of China (Grant Nos. 61072067 and 61372076), the 111 Project (Grant No. B08038), the Fund from the State Key Laboratory of Integrated Services Networks (Grant No. ISN 1001004), and the Fundamental Research Funds for the Central Universities (Grant Nos. K5051301059 and K5051201021).

Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

PubMed

Park, Chang-Seop

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

PubMed Central

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

Immigration and Schools: Supporting Success for Undocumented Unaccompanied Homeless Youth

ERIC Educational Resources Information Center

National Association for the Education of Homeless Children and Youth, 2010

2010-01-01

Attending school and securing lawful status in the United States are two keys to safety and security for undocumented unaccompanied homeless youth. This brief is designed to provide young people, immigration attorneys and advocates, McKinney-Vento liaisons and educators with basic information to help them access these keys. After describing some…

33 CFR 165.767 - Security Zone; Manbirtee Key, Port of Manatee, Florida.

Code of Federal Regulations, 2012 CFR

2012-07-01

..., Port of Manatee, Florida. 165.767 Section 165.767 Navigation and Navigable Waters COAST GUARD... § 165.767 Security Zone; Manbirtee Key, Port of Manatee, Florida. (a) Regulated area. The following area... extending 500 yards from the island's shoreline, in all directions, not to include the Port Manatee Channel...

33 CFR 165.767 - Security Zone; Manbirtee Key, Port of Manatee, Florida.

Code of Federal Regulations, 2014 CFR

2014-07-01

..., Port of Manatee, Florida. 165.767 Section 165.767 Navigation and Navigable Waters COAST GUARD... § 165.767 Security Zone; Manbirtee Key, Port of Manatee, Florida. (a) Regulated area. The following area... extending 500 yards from the island's shoreline, in all directions, not to include the Port Manatee Channel...

33 CFR 165.767 - Security Zone; Manbirtee Key, Port of Manatee, Florida.

Code of Federal Regulations, 2013 CFR

2013-07-01

..., Port of Manatee, Florida. 165.767 Section 165.767 Navigation and Navigable Waters COAST GUARD... § 165.767 Security Zone; Manbirtee Key, Port of Manatee, Florida. (a) Regulated area. The following area... extending 500 yards from the island's shoreline, in all directions, not to include the Port Manatee Channel...

33 CFR 165.767 - Security Zone; Manbirtee Key, Port of Manatee, Florida.

Code of Federal Regulations, 2011 CFR

2011-07-01

..., Port of Manatee, Florida. 165.767 Section 165.767 Navigation and Navigable Waters COAST GUARD... § 165.767 Security Zone; Manbirtee Key, Port of Manatee, Florida. (a) Regulated area. The following area... extending 500 yards from the island's shoreline, in all directions, not to include the Port Manatee Channel...

Maize lethal necrosis (MLN), an emerging threat to maize-based food security in sub-Saharan Africa

USDA-ARS?s Scientific Manuscript database

In sub-Saharan Africa, maize is a staple food and key determinant of food security for smallholder farming communities. Pest and disease outbreaks are key constraints to maize productivity. In September 2011, a serious disease outbreak, later diagnosed as maize lethal necrosis (MLN), was reported on...

Application Mail Tracking Using RSA Algorithm As Security Data and HOT-Fit a Model for Evaluation System

NASA Astrophysics Data System (ADS)

Permadi, Ginanjar Setyo; Adi, Kusworo; Gernowo, Rahmad

2018-02-01

RSA algorithm give security in the process of the sending of messages or data by using 2 key, namely private key and public key .In this research to ensure and assess directly systems are made have meet goals or desire using a comprehensive evaluation methods HOT-Fit system .The purpose of this research is to build a information system sending mail by applying methods of security RSA algorithm and to evaluate in uses the method HOT-Fit to produce a system corresponding in the faculty physics. Security RSA algorithm located at the difficulty of factoring number of large coiled factors prima, the results of the prime factors has to be done to obtain private key. HOT-Fit has three aspects assessment, in the aspect of technology judging from the system status, the quality of system and quality of service. In the aspect of human judging from the use of systems and satisfaction users while in the aspect of organization judging from the structure and environment. The results of give a tracking system sending message based on the evaluation acquired.

Secure polarization-independent subcarrier quantum key distribution in optical fiber channel using BB84 protocol with a strong reference.

PubMed

Gleim, A V; Egorov, V I; Nazarov, Yu V; Smirnov, S V; Chistyakov, V V; Bannik, O I; Anisimov, A A; Kynev, S M; Ivanova, A E; Collins, R J; Kozlov, S A; Buller, G S

2016-02-08

A quantum key distribution system based on the subcarrier wave modulation method has been demonstrated which employs the BB84 protocol with a strong reference to generate secure bits at a rate of 16.5 kbit/s with an error of 0.5% over an optical channel of 10 dB loss, and 18 bits/s with an error of 0.75% over 25 dB of channel loss. To the best of our knowledge, these results represent the highest channel loss reported for secure quantum key distribution using the subcarrier wave approach. A passive unidirectional scheme has been used to compensate for the polarization dependence of the phase modulators in the receiver module, which resulted in a high visibility of 98.8%. The system is thus fully insensitive to polarization fluctuations and robust to environmental changes, making the approach promising for use in optical telecommunication networks. Further improvements in secure key rate and transmission distance can be achieved by implementing the decoy states protocol or by optimizing the mean photon number used in line with experimental parameters.

Afghanistan: Key Oversight Issues

DTIC Science & Technology

2013-02-01

2012. Afghan Security : Renewed Sharing of Biometric Data Could Strengthen U.S. Efforts to Protect U.S. Personnel from Afghan Security Force Attacks...SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT Same as Report (SAR) 18. NUMBER OF PAGES 59 19a. NAME OF RESPONSIBLE PERSON...Afghanistan’s Security Environment 17 Enclosure II Transition of Lead Security to Afghan Security Forces 19 Enclosure III Future Cost and

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... will be open to the public. The ISPAB was established by the Computer Security Act of 1987 (Pub. L. 100..., --Presentation on Science of Security relating to computer security research, --Presentation on Access of..., --A panel of Inspector Generals regarding privacy and security, and --Update on NIST Computer Security...

5 CFR 9701.101 - Purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

... Administrative Personnel DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES MANAGEMENT SYSTEM (DEPARTMENT OF HOMELAND SECURITY-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF HOMELAND SECURITY HUMAN RESOURCES... establishment of a new human resources management system within the Department of Homeland Security (DHS), as...

Security enhancement of optical encryption based on biometric array keys

NASA Astrophysics Data System (ADS)

Yan, Aimin; Wei, Yang; Zhang, Jingtao

2018-07-01

A novel optical image encryption method is proposed by using Dammann grating and biometric array keys. Dammann grating is utilized to create a 2D finite uniform-intensity spot array. In encryption, a fingerprint array is used as private encryption keys. An original image can be encrypted by a scanning Fresnel zone plate array. Encrypted signals are processed by an optical coherent heterodyne detection system. Biometric array keys and optical scanning cryptography are integrated with each other to enhance information security greatly. Numerical simulations are performed to demonstrate the feasibility and validity of this method. Analyses on key sensitivity and the resistance against to possible attacks are provided.

Application of PKI in health care--needs, ambitions, prospects.

PubMed

Suselj, Marjan; Marcun, Tomaz; Trcek, Denis; Kandus, Gorazd

2003-01-01

Through continual development and considerable investment over the past years, Slovenia has established an information infrastructure providing efficient data links between all the health care actors. This includes furnishing all the citizens and health workers with microprocessor cards--health insurance card and health professional card. These tools have significantly simplified different procedures in the health care and brought services closer to insured persons. The know-how and experiences gathered to day have given rise to vivid discussions of further development steps: introduction of new contents on the infrastructure in place and technological upgrading, in particular progressive incorporation of the PKI concept and thereby integration of card and network solutions to provide an efficient and secure communication environment. This paper outlines key perspectives of the future developments in this segment. With the volume of health care data communications through internet growing steeply, and with the paramount importance of patient--doctor trust and confidence, security tools and solutions in the health care are a critical need.

A secure transmission scheme of streaming media based on the encrypted control message

NASA Astrophysics Data System (ADS)

Li, Bing; Jin, Zhigang; Shu, Yantai; Yu, Li

2007-09-01

As the use of streaming media applications increased dramatically in recent years, streaming media security becomes an important presumption, protecting the privacy. This paper proposes a new encryption scheme in view of characteristics of streaming media and the disadvantage of the living method: encrypt the control message in the streaming media with the high security lever and permute and confuse the data which is non control message according to the corresponding control message. Here the so-called control message refers to the key data of the streaming media, including the streaming media header and the header of the video frame, and the seed key. We encrypt the control message using the public key encryption algorithm which can provide high security lever, such as RSA. At the same time we make use of the seed key to generate key stream, from which the permutation list P responding to GOP (group of picture) is derived. The plain text of the non-control message XORs the key stream and gets the middle cipher text. And then obtained one is permutated according to P. In contrast the decryption process is the inverse process of the above. We have set up a testbed for the above scheme and found our scheme is six to eight times faster than the conventional method. It can be applied not only between PCs but also between handheld devices.

Design for Security Workshop

DTIC Science & Technology

2014-09-30

fingerprint sensor etc.  Secure application execution  Trust established outwards  With normal world apps  With internet/cloud apps...Xilinx Zynq Security Components and Capabilities © Copyright 2014 Xilinx . Security Features Inherited from FPGAs Zynq Secure Boot TrustZone...2014 Xilinx . Security Features Inherited from FPGAs Zynq Secure Boot TrustZone Integration 4 Agenda © Copyright 2014 Xilinx . Device DNA and User

Quantum Cryptography for Secure Communications to Low-Earth Orbit Satellites

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hughes, R.J.; Buttler, W.T.; Kwiat, P.G.

1999-06-03

This is the final report of a three-year, Laboratory Directed Research and Development (LDRD) project at Los Alamos National Laboratory (LANL). Quantum cryptography is an emerging technology in which two parties may simultaneously generate shared, secret cryptographic key material using the transmission of quantum states of light. The security of these transmissions is based on the inviolability of the laws of quantum mechanics. An adversary can neither successfully tap the quantum transmissions, nor evade detection. Key material is built up using the transmission of a single-photon per bit. We have developed an experimental quantum cryptography system based on the transmissionmore » of non-orthogonal single-photon polarization states to generate shared key material over line-of-sight optical links. Our results provide strong evidence that cryptographic key material could be generated on demand between a ground station and a satellite (or between two satellites), allowing a satellite to be securely re-keyed on in orbit.« less

Effective user management with high strength crypto -key in dynamic group environment in cloud

NASA Astrophysics Data System (ADS)

Kumar, P. J.; Suganya, P.; Karthik, G.

2017-11-01

Cloud Clusters consists of various collections of files which are being accessed by multiple users of Cloud. The users are managed as a group and the association of the user to a particular group is dynamic in nature. Every group has a manager who handles the membership of a user to a particular group by issuing keys for encryption and decryption. Due to the dynamic nature of a user he/she may leave the group very frequently. But an attempt can be made by the user who has recently left the group to access a file maintained by that group. Key distribution becomes a critical issue while the behavior of the user is dynamic. Existing techniques to manage the users of group in terms of security and key distribution has been investigated so that to arrive at an objective to identify the scopes to increase security and key management scheme in cloud. The usage of various key combinations to measure the strength of security and efficiency of user management in dynamic cloud environment has been investigated.

76 FR 34240 - Chemical Transportation Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-13

... DEPARTMENT OF HOMELAND SECURITY Coast Guard [Docket No. USCG-2011-0225] Chemical Transportation... Establishment. SUMMARY: The Secretary of Homeland Security has determined that the establishment of the Chemical... performance of duties of the U. S. Coast Guard. Name of Committee: Chemical Transportation Advisory Committee...

Quantum key management

DOEpatents

Hughes, Richard John; Thrasher, James Thomas; Nordholt, Jane Elizabeth

2016-11-29

Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution.

ESS-FH: Enhanced Security Scheme for Fast Handover in Hierarchical Mobile IPv6

NASA Astrophysics Data System (ADS)

You, Ilsun; Lee, Jong-Hyouk; Sakurai, Kouichi; Hori, Yoshiaki

Fast Handover for Hierarchical Mobile IPv6 (F-HMIPv6) that combines advantages of Fast Handover for Mobile IPv6 (FMIPv6) and Hierarchical Mobile IPv6 (HMIPv6) achieves the superior performance in terms of handover latency and signaling overhead compared with previously developed mobility protocols. However, without being secured, F-HMIPv6 is vulnerable to various security threats. In 2007, Kang and Park proposed a security scheme, which is seamlessly integrated into F-HMIPv6. In this paper, we reveal that Kang-Park's scheme cannot defend against the Denial of Service (DoS) and redirect attacks while largely relying on the group key. Then, we propose an Enhanced Security Scheme for F-HMIPv6 (ESS-FH) that achieves the strong key exchange and the key independence as well as addresses the weaknesses of Kang-Park's scheme. More importantly, it enables fast handover between different MAP domains. The proposed scheme is formally verified based on BAN-logic, and its handover latency is analyzed and compared with that of Kang-Park's scheme.

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

PubMed

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

Aviation security : vulnerabilities still exist in the aviation security system

DOT National Transportation Integrated Search

2000-04-06

The testimony today discusses the Federal Aviation Administration's (FAA) efforts to implement and improve security in two key areas: air traffic control computer systems and airport passenger screening checkpoints. Computer systems-and the informati...

Genomics-Based Security Protocols: From Plaintext to Cipherprotein

NASA Technical Reports Server (NTRS)

Shaw, Harry; Hussein, Sayed; Helgert, Hermann

2011-01-01

The evolving nature of the internet will require continual advances in authentication and confidentiality protocols. Nature provides some clues as to how this can be accomplished in a distributed manner through molecular biology. Cryptography and molecular biology share certain aspects and operations that allow for a set of unified principles to be applied to problems in either venue. A concept for developing security protocols that can be instantiated at the genomics level is presented. A DNA (Deoxyribonucleic acid) inspired hash code system is presented that utilizes concepts from molecular biology. It is a keyed-Hash Message Authentication Code (HMAC) capable of being used in secure mobile Ad hoc networks. It is targeted for applications without an available public key infrastructure. Mechanics of creating the HMAC are presented as well as a prototype HMAC protocol architecture. Security concepts related to the implementation differences between electronic domain security and genomics domain security are discussed.