Security bound of continuous-variable quantum key distribution with noisy coherent states and channel

Energy Technology Data Exchange (ETDEWEB)

Shen Yong; Yang Jian; Guo Hong, E-mail: hongguo@pku.edu.c [CREAM Group, State Key Laboratory of Advanced Optical Communication Systems and Networks (Peking University) and Institute of Quantum Electronics, School of Electronics Engineering and Computer Science, Peking University, Beijing 100871 (China)

2009-12-14

Security of a continuous-variable quantum key distribution protocol based on noisy coherent states and channel is analysed. Assuming that the noise of coherent states is induced by Fred, a neutral party relative to others, we prove that the prepare-and-measurement scheme (P and M) and entanglement-based scheme (E-B) are equivalent. Then, we show that this protocol is secure against Gaussian collective attacks even if the channel is lossy and noisy, and, further, a lower bound to the secure key rate is derived.

Unconditional security of quantum key distribution and the uncertainty principle

International Nuclear Information System (INIS)

Koashi, Masato

2006-01-01

An approach to the unconditional security of quantum key distribution protocols is presented, which is based on the uncertainty principle. The approach applies to every case that has been treated via the argument by Shor and Preskill, but it is not necessary to find quantum error correcting codes. It can also treat the cases with uncharacterized apparatuses. The proof can be applied to cases where the secret key rate is larger than the distillable entanglement

Experimental quantum key distribution at 1.3 gigabit-per-second secret-key rate over a 10 dB loss channel

Science.gov (United States)

Zhang, Zheshen; Chen, Changchen; Zhuang, Quntao; Wong, Franco N. C.; Shapiro, Jeffrey H.

2018-04-01

Quantum key distribution (QKD) enables unconditionally secure communication ensured by the laws of physics, opening a promising route to security infrastructure for the coming age of quantum computers. QKD’s demonstrated secret-key rates (SKRs), however, fall far short of the gigabit-per-second rates of classical communication, hindering QKD’s widespread deployment. QKD’s low SKRs are largely due to existing single-photon-based protocols’ vulnerability to channel loss. Floodlight QKD (FL-QKD) boosts SKR by transmitting many photons per encoding, while offering security against collective attacks. Here, we report an FL-QKD experiment operating at a 1.3 Gbit s‑1 SKR over a 10 dB loss channel. To the best of our knowledge, this is the first QKD demonstration that achieves a gigabit-per-second-class SKR, representing a critical advance toward high-rate QKD at metropolitan-area distances.

A secure key agreement protocol based on chaotic maps

International Nuclear Information System (INIS)

Wang Xing-Yuan; Luan Da-Peng

2013-01-01

To guarantee the security of communication in the public channel, many key agreement protocols have been proposed. Recently, Gong et al. proposed a key agreement protocol based on chaotic maps with password sharing. In this paper, Gong et al.'s protocol is analyzed, and we find that this protocol exhibits key management issues and potential security problems. Furthermore, the paper presents a new key agreement protocol based on enhanced Chebyshev polynomials to overcome these problems. Through our analysis, our key agreement protocol not only provides mutual authentication and the ability to resist a variety of common attacks, but also solve the problems of key management and security issues existing in Gong et al.'s protocol

Towards understanding the known-key security of block ciphers

DEFF Research Database (Denmark)

Andreeva, Elena; Bogdanov, Andrey; Mennink, Bart

2014-01-01

ciphers based on ideal components such as random permutations and random functions as well as propose new generic known-key attacks on generalized Feistel ciphers. We introduce the notion of known-key indifferentiability to capture the security of such block ciphers under a known key. To show its...... meaningfulness, we prove that the known-key attacks on block ciphers with ideal primitives to date violate security under known-key indifferentiability. On the other hand, to demonstrate its constructiveness, we prove the balanced Feistel cipher with random functions and the multiple Even-Mansour cipher...... with random permutations known-key indifferentiable for a sufficient number of rounds. We note that known-key indifferentiability is more quickly and tightly attained by multiple Even-Mansour which puts it forward as a construction provably secure against known-key attacks....

Triple symmetric key cryptosystem for data security

Science.gov (United States)

Fuzail, C. Md; Norman, Jasmine; Mangayarkarasi, R.

2017-11-01

As the technology is getting spreads in the macro seconds of speed and in which the trend changing era from human to robotics the security issue is also getting increased. By means of using machine attacks it is very easy to break the cryptosystems in very less amount of time. Cryptosystem is a process which provides the security in all sorts of processes, communications and transactions to be done securely with the help of electronical mechanisms. Data is one such thing with the expanded implication and possible scraps over the collection of data to secure predominance and achievement, Information Security is the process where the information is protected from invalid and unverified accessibilities and data from mishandling. So the idea of Information Security has risen. Symmetric key which is also known as private key.Whereas the private key is mostly used to attain the confidentiality of data. It is a dynamic topic which can be implemented over different applications like android, wireless censor networks, etc. In this paper, a new mathematical manipulation algorithm along with Tea cryptosystem has been implemented and it can be used for the purpose of cryptography. The algorithm which we proposed is straightforward and more powerful and it will authenticate in harder way and also it will be very difficult to break by someone without knowing in depth about its internal mechanisms.

Wireless Physical Layer Security: On the Performance Limit of Secret-Key Agreement

KAUST Repository

Zorgui, Marwen

2015-05-01

Physical layer security (PLS) is a new paradigm aiming at securing communications between legitimate parties at the physical layer. Conventionally, achieving confidentiality in communication networks relies on cryptographic techniques such as public-key cryptography, secret-key distribution and symmetric encryption. Such techniques are deemed secure based on the assumption of limited computational abilities of a wiretapper. Given the relentless progress in computational capacities and the dynamic topology and proliferation of modern wireless networks, the relevance of the previous techniques in securing communications is more and more questionable and less and less reliable. In contrast to this paradigm, PLS does not assume a specific computational power at any eavesdropper, its premise to guarantee provable security via employing channel coding techniques at the physical layer exploiting the inherent randomness in most communication systems. In this dissertation, we investigate a particular aspect of PLS, which is secret-key agreement, also known as secret-sharing. In this setup, two legitimate parties try to distill a secret-key via the observation of correlated signals through a noisy wireless channel, in the presence of an eavesdropper who must be kept ignorant of the secret-key. Additionally, a noiseless public channel is made available to the legitimate parties to exchange public messages that are also accessible to the eavesdropper. Recall that key agreement is an important aspect toward realizing secure communications in the sense that the key can be used in a one-time pad scheme to send the confidential message. In the first part, our focus is on secret-sharing over Rayleigh fading quasi-static channels. We study the fundamental relationship relating the probability of error and a given target secret-key rate in the high power regime. This is characterized through the diversity multiplexing tradeoff (DMT) concept, that we define for our model and then

Information-theoretic security proof for quantum-key-distribution protocols

International Nuclear Information System (INIS)

Renner, Renato; Gisin, Nicolas; Kraus, Barbara

2005-01-01

We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel

Information-theoretic security proof for quantum-key-distribution protocols

Science.gov (United States)

Renner, Renato; Gisin, Nicolas; Kraus, Barbara

2005-07-01

We present a technique for proving the security of quantum-key-distribution (QKD) protocols. It is based on direct information-theoretic arguments and thus also applies if no equivalent entanglement purification scheme can be found. Using this technique, we investigate a general class of QKD protocols with one-way classical post-processing. We show that, in order to analyze the full security of these protocols, it suffices to consider collective attacks. Indeed, we give new lower and upper bounds on the secret-key rate which only involve entropies of two-qubit density operators and which are thus easy to compute. As an illustration of our results, we analyze the Bennett-Brassard 1984, the six-state, and the Bennett 1992 protocols with one-way error correction and privacy amplification. Surprisingly, the performance of these protocols is increased if one of the parties adds noise to the measurement data before the error correction. In particular, this additional noise makes the protocols more robust against noise in the quantum channel.

Security analysis of the decoy method with the Bennett–Brassard 1984 protocol for finite key lengths

International Nuclear Information System (INIS)

Hayashi, Masahito; Nakayama, Ryota

2014-01-01

This paper provides a formula for the sacrifice bit-length for privacy amplification with the Bennett–Brassard 1984 protocol for finite key lengths, when we employ the decoy method. Using the formula, we can guarantee the security parameter for a realizable quantum key distribution system. The key generation rates with finite key lengths are numerically evaluated. The proposed method improves the existing key generation rate even in the asymptotic setting. (paper)

Secure quantum key distribution using squeezed states

International Nuclear Information System (INIS)

Gottesman, Daniel; Preskill, John

2001-01-01

We prove the security of a quantum key distribution scheme based on transmission of squeezed quantum states of a harmonic oscillator. Our proof employs quantum error-correcting codes that encode a finite-dimensional quantum system in the infinite-dimensional Hilbert space of an oscillator, and protect against errors that shift the canonical variables p and q. If the noise in the quantum channel is weak, squeezing signal states by 2.51 dB (a squeeze factor e r =1.34) is sufficient in principle to ensure the security of a protocol that is suitably enhanced by classical error correction and privacy amplification. Secure key distribution can be achieved over distances comparable to the attenuation length of the quantum channel

Quantum cryptography to satellites for global secure key distribution

Science.gov (United States)

Rarity, John G.; Gorman, Philip M.; Knight, Paul; Wallace, Kotska; Tapster, Paul R.

2017-11-01

We have designed and built a free space secure key exchange system using weak laser pulses with polarisation modulation by acousto-optic switching. We have used this system to exchange keys over a 1.2km ground range with absolute security. Building from this initial result we analyse the feasibility of exchanging keys to a low earth orbit satellite.

Energy-efficient key distribution using electrocardiograph biometric set for secure communications in wireless body healthcare networks.

Science.gov (United States)

Shi, Jinyang; Lam, Kwok-Yan; Gu, Ming; Li, Mingze; Chung, Siu-Leung

2011-10-01

Wireless body sensor network (WBSN) has gained significant interests as an important infrastructure for real-time biomedical healthcare systems, while the security of the sensitive health information becomes one of the main challenges. Due to the constraints of limited power, traditional cryptographic key distribution schemes are not suitable for WBSN. This paper proposes a novel energy-efficient approach, BodyKey, which can distribute the keys using the electrocardiograph biometrics. BodyKey represents the biometric features as ordered set, and deals with the biometric variations using set reconciliation. In this way, only limited necessary information needs to be communicated for key agreement, and the total energy consumption for key distribution can thus be reduced. Experiments on the PhysioBank Database show that BodyKey can perform an energy consumption rate of 0.01 mJ/bit with an equal accuracy rate of 97.28%, allowing the system to be used as an energy-efficient key distribution scheme for secure communications in WBSN.

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-01-01

Full Text Available Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010: (1 the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2 the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3 the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

Quantum-locked key distribution at nearly the classical capacity rate.

Science.gov (United States)

Lupo, Cosmo; Lloyd, Seth

2014-10-17

Quantum data locking is a protocol that allows for a small secret key to (un)lock an exponentially larger amount of information, hence yielding the strongest violation of the classical one-time pad encryption in the quantum setting. This violation mirrors a large gap existing between two security criteria for quantum cryptography quantified by two entropic quantities: the Holevo information and the accessible information. We show that the latter becomes a sensible security criterion if an upper bound on the coherence time of the eavesdropper's quantum memory is known. Under this condition, we introduce a protocol for secret key generation through a memoryless qudit channel. For channels with enough symmetry, such as the d-dimensional erasure and depolarizing channels, this protocol allows secret key generation at an asymptotic rate as high as the classical capacity minus one bit.

Key Management for Secure Multicast over IPv6 Wireless Networks

Directory of Open Access Journals (Sweden)

Siddiqi Mohammad Umar

2006-01-01

Full Text Available Multicasting is an efficient method for transmission and routing of packets to multiple destinations using fewer network resources. Along with widespread deployment of wireless networks, secure multicast over wireless networks is an important and challenging goal. In this paper, we extend the scope of a recent new key distribution scheme to a security framework that offers a novel solution for secure multicast over IPv6 wireless networks. Our key management framework includes two scenarios for securely distributing the group key and rekey messages for joining and leaving a mobile host in secure multicast group. In addition, we perform the security analysis and provide performance comparisons between our approach and two recently published scenarios. The benefits of our proposed techniques are that they minimize the number of transmissions required to rekey the multicast group and impose minimal storage requirements on the multicast group. In addition, our proposed schemes are also very desirable from the viewpoint of transmission bandwidth savings since an efficient rekeying mechanism is provided for membership changes and they significantly reduce the required bandwidth due to key updating in mobile networks. Moreover, they achieve the security and scalability requirements in wireless networks.

Anticollusion Attack Noninteractive Security Hierarchical Key Agreement Scheme in WHMS

Directory of Open Access Journals (Sweden)

Kefei Mao

2016-01-01

Full Text Available Wireless Health Monitoring Systems (WHMS have potential to change the way of health care and bring numbers of benefits to patients, physicians, hospitals, and society. However, there are crucial barriers not only to transmit the biometric information but also to protect the privacy and security of the patients’ information. The key agreement between two entities is an essential cryptography operation to clear the barriers. In particular, the noninteractive hierarchical key agreement scheme becomes an attractive direction in WHMS because each sensor node or gateway has limited resources and power. Recently, a noninteractive hierarchical key agreement scheme has been proposed by Kim for WHMS. However, we show that Kim’s cryptographic scheme is vulnerable to the collusion attack if the physicians can be corrupted. Obviously, it is a more practical security condition. Therefore, we proposed an improved key agreement scheme against the attack. Security proof, security analysis, and experimental results demonstrate that our proposed scheme gains enhanced security and more efficiency than Kim’s previous scheme while inheriting its qualities of one-round communication and security properties.

Overcoming the rate-distance limit of quantum key distribution without quantum repeaters.

Science.gov (United States)

Lucamarini, M; Yuan, Z L; Dynes, J F; Shields, A J

2018-05-01

Quantum key distribution (QKD) 1,2 allows two distant parties to share encryption keys with security based on physical laws. Experimentally, QKD has been implemented via optical means, achieving key rates of 1.26 megabits per second over 50 kilometres of standard optical fibre 3 and of 1.16 bits per hour over 404 kilometres of ultralow-loss fibre in a measurement-device-independent configuration 4 . Increasing the bit rate and range of QKD is a formidable, but important, challenge. A related target, which is currently considered to be unfeasible without quantum repeaters 5-7 , is overcoming the fundamental rate-distance limit of QKD 8 . This limit defines the maximum possible secret key rate that two parties can distil at a given distance using QKD and is quantified by the secret-key capacity of the quantum channel 9 that connects the parties. Here we introduce an alternative scheme for QKD whereby pairs of phase-randomized optical fields are first generated at two distant locations and then combined at a central measuring station. Fields imparted with the same random phase are 'twins' and can be used to distil a quantum key. The key rate of this twin-field QKD exhibits the same dependence on distance as does a quantum repeater, scaling with the square-root of the channel transmittance, irrespective of who (malicious or otherwise) is in control of the measuring station. However, unlike schemes that involve quantum repeaters, ours is feasible with current technology and presents manageable levels of noise even on 550 kilometres of standard optical fibre. This scheme is a promising step towards overcoming the rate-distance limit of QKD and greatly extending the range of secure quantum communications.

Randomness determines practical security of BB84 quantum key distribution

Science.gov (United States)

Li, Hong-Wei; Yin, Zhen-Qiang; Wang, Shuang; Qian, Yong-Jun; Chen, Wei; Guo, Guang-Can; Han, Zheng-Fu

2015-11-01

Unconditional security of the BB84 quantum key distribution protocol has been proved by exploiting the fundamental laws of quantum mechanics, but the practical quantum key distribution system maybe hacked by considering the imperfect state preparation and measurement respectively. Until now, different attacking schemes have been proposed by utilizing imperfect devices, but the general security analysis model against all of the practical attacking schemes has not been proposed. Here, we demonstrate that the general practical attacking schemes can be divided into the Trojan horse attack, strong randomness attack and weak randomness attack respectively. We prove security of BB84 protocol under randomness attacking models, and these results can be applied to guarantee the security of the practical quantum key distribution system.

Security of a practical semi-device-independent quantum key distribution protocol against collective attacks

International Nuclear Information System (INIS)

Wang Yang; Bao Wan-Su; Li Hong-Wei; Zhou Chun; Li Yuan

2014-01-01

Similar to device-independent quantum key distribution (DI-QKD), semi-device-independent quantum key distribution (SDI-QKD) provides secure key distribution without any assumptions about the internal workings of the QKD devices. The only assumption is that the dimension of the Hilbert space is bounded. But SDI-QKD can be implemented in a one-way prepare-and-measure configuration without entanglement compared with DI-QKD. We propose a practical SDI-QKD protocol with four preparation states and three measurement bases by considering the maximal violation of dimension witnesses and specific processes of a QKD protocol. Moreover, we prove the security of the SDI-QKD protocol against collective attacks based on the min-entropy and dimension witnesses. We also show a comparison of the secret key rate between the SDI-QKD protocol and the standard QKD. (general)

Reliability of Calderbank-Shor-Steane codes and security of quantum key distribution

International Nuclear Information System (INIS)

Hamada, Mitsuru

2004-01-01

After Mayers (1996 Advances in Cryptography: Proc. Crypto'96 pp 343-57; 2001 J. Assoc. Comput. Mach. 48 351-406) gave a proof of the security of the Bennett-Brassard (1984 Proc. IEEE Int. Conf. on Computers, Systems and Signal Processing (Bangalore, India) pp 175-9) (BB84) quantum key distribution protocol, Shor and Preskill (2000 Phys. Rev. Lett. 85 441-4) made a remarkable observation that a Calderbank-Shor-Steane (CSS) code had been implicitly used in the BB84 protocol, and suggested its security could be proved by bounding the fidelity, say F n , of the incorporated CSS code of length n in the form 1-F n ≤ exp[-nE + o(n)] for some positive number E. This work presents such a number E = E(R) as a function of the rate of codes R, and a threshold R 0 such that E(R) > 0 whenever R 0 , which is larger than the achievable rate based on the Gilbert-Varshamov bound that is essentially given by Shor and Preskill. The codes in the present work are robust against fluctuations of channel parameters, which fact is needed to establish the security rigorously and was not proved for rates above the Gilbert-Varshamov rate before in the literature. As a byproduct, the security of a modified BB84 protocol against any joint (coherent) attacks is proved quantitatively

Unbelievable security : Matching AES using public key systems

NARCIS (Netherlands)

Lenstra, A.K.; Boyd, C.

2001-01-01

The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finite

Secure Clustering and Symmetric Key Establishment in Heterogeneous Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Azarderskhsh Reza

2011-01-01

Full Text Available Information security in infrastructureless wireless sensor networks (WSNs is one of the most important research challenges. In these networks, sensor nodes are typically sprinkled liberally in the field in order to monitor, gather, disseminate, and provide the sensed data to the command node. Various studies have focused on key establishment schemes in homogeneous WSNs. However, recent research has shown that achieving survivability in WSNs requires a hierarchy and heterogeneous infrastructure. In this paper, to address security issues in the heterogeneous WSNs, we propose a secure clustering scheme along with a deterministic pairwise key management scheme based on public key cryptography. The proposed security mechanism guarantees that any two sensor nodes located in the same cluster and routing path can directly establish a pairwise key without disclosing any information to other nodes. Through security performance evaluation, it is shown that the proposed scheme guarantees node-to-node authentication, high resiliency against node capture, and minimum memory space requirement.

Secure multi-party communication with quantum key distribution managed by trusted authority

Science.gov (United States)

Nordholt, Jane Elizabeth; Hughes, Richard John; Peterson, Charles Glen

2013-07-09

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Secure multi-party communication with quantum key distribution managed by trusted authority

Science.gov (United States)

Hughes, Richard John; Nordholt, Jane Elizabeth; Peterson, Charles Glen

2017-06-14

Techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.

Distributed public key schemes secure against continual leakage

DEFF Research Database (Denmark)

Akavia, Adi; Goldwasser, Shafi; Hazay, Carmit

2012-01-01

-secure against continual memory leakage. Our DPKE scheme also implies a secure storage system on leaky devices, where a value s can be secretely stored on devices that continually leak information about their internal state to an external attacker. The devices go through a periodic refresh protocol......In this work we study distributed public key schemes secure against continual memory leakage. The secret key will be shared among two computing devices communicating over a public channel, and the decryption operation will be computed by a simple 2-party protocol between the devices. Similarly...... against continual memory leakage, under the Bilinear Decisional Diffie-Hellman and $2$-linear assumptions. Our schemes have the following properties: 1. Our DPKE and DIBE schemes tolerate leakage at all times, including during refresh. During refresh the tolerated leakage is a (1/2-o (1),1)-fraction...

Security of practical quantum key distribution systems

Energy Technology Data Exchange (ETDEWEB)

Jain, Nitin

2015-02-24

This thesis deals with practical security aspects of quantum key distribution (QKD) systems. At the heart of the theoretical model of any QKD system lies a quantum-mechanical security proof that guarantees perfect secrecy of messages - based on certain assumptions. However, in practice, deviations between the theoretical model and the physical implementation could be exploited by an attacker to break the security of the system. These deviations may arise from technical limitations and operational imperfections in the physical implementation and/or unrealistic assumptions and insufficient constraints in the theoretical model. In this thesis, we experimentally investigate in depth several such deviations. We demonstrate the resultant vulnerabilities via proof-of-principle attacks on a commercial QKD system from ID Quantique. We also propose countermeasures against the investigated loopholes to secure both existing and future QKD implementations.

Secure Key Management in the Cloud

DEFF Research Database (Denmark)

Damgård, Ivan Bjerre; Jakobsen, Thomas Pelle; Nielsen, Jesper Buus

2013-01-01

information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online......We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive...... and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can – and cannot – obtain in this model, propose light-weight protocols...

Virtual-optical information security system based on public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong; Niu, Hanben

2005-01-01

A virtual-optical based encryption model with the aid of public key infrastructure (PKI) is presented in this paper. The proposed model employs a hybrid architecture in which our previously published encryption method based on virtual-optics scheme (VOS) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). The whole information security model is run under the framework of international standard ITU-T X.509 PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOS security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network. Numerical experiments prove the effectiveness of the method. The security of proposed model is briefly analyzed by examining some possible attacks from the viewpoint of a cryptanalysis.

Fluctuations of Internal Transmittance in Security of Measurement-Device-Independent Quantum Key Distribution with an Untrusted Source*

International Nuclear Information System (INIS)

Wang Yang; Bao Wan-Su; Chen Rui-Ke; Zhou Chun; Jiang Mu-Sheng; Li Hong-Wei

2017-01-01

Measurement-device-independent quantum key distribution (MDI-QKD) is immune to detector side channel attacks, which is a crucial security loophole problem in traditional QKD. In order to relax a key assumption that the sources are trusted in MDI-QKD, an MDI-QKD protocol with an untrusted source has been proposed. For the security of MDI-QKD with an untrusted source, imperfections in the practical experiment should also be taken into account. In this paper, we analyze the effects of fluctuations of internal transmittance on the security of a decoy-state MDI-QKD protocol with an untrusted source. Our numerical results show that both the secret key rate and the maximum secure transmission distance decrease when taken fluctuations of internal transmittance into consideration. Especially, they are more sensitive when Charlie’s mean photon number per pulse is smaller. Our results emphasize that the stability of correlative optical devices is important for practical implementations . (paper)

The ultimate security bounds of quantum key distribution protocols

International Nuclear Information System (INIS)

Nikolopoulos, G.M.; Alber, G.

2005-01-01

Full text: Quantum key distribution (QKD) protocols exploit quantum correlations in order to establish a secure key between two legitimate users. Recent work on QKD has revealed a remarkable link between quantum and secret correlations. In this talk we report on recent results concerning the ultimate upper security bounds of various QKD schemes (i.e., the maximal disturbance up to which the two legitimate users share quantum correlations) under the assumption of general coherent attacks. In particular, we derive an analytic expression for the ultimate upper security bound of QKD schemes that use two mutually unbiased bases. As long as the two legitimate users focus on the sifted key and treat each pair of data independently during the post processing, our results are valid for arbitrary dimensions of the information carriers. The bound we have derived is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is also discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions, however, such equivalence is generally no longer valid. (author)

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network.

Science.gov (United States)

Yang, Bin; Zhang, Jianfeng

2017-06-28

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme.

Secure networking quantum key distribution schemes with Greenberger-Horne-Zeilinger states

Energy Technology Data Exchange (ETDEWEB)

Guo, Ying; Shi, Ronghua [School of Information Science and Engineering, Central South University, Changsha 410083 (China); Zeng, Guihua [Department of Electronic Engineering, Shanghai Jiaotong University, Shanghai 200030 (China)], E-mail: sdguoying@gmail.com, E-mail: rhshi@mail.edu.com, E-mail: ghzeng@sjtu.edu.cn

2010-04-15

A novel approach to quantum cryptography to be called NQKD, networking quantum key distribution, has been developed for secure quantum communication schemes on the basis of the complementary relations of entanglement Greenberger-Horne-Zeilinger (GHZ) triplet states. One scheme distributes the private key among legal participants in a probabilistic manner, while another transmits the deterministic message with some certainty. Some decoy photons are employed for preventing a potential eavesdropper from attacking quantum channels. The present schemes are efficient as there exists an elegant method for key distributions. The security of the proposed schemes is exactly guaranteed by the entanglement of the GHZ quantum system, which is illustrated in security analysis.

Secure networking quantum key distribution schemes with Greenberger-Horne-Zeilinger states

International Nuclear Information System (INIS)

Guo, Ying; Shi, Ronghua; Zeng, Guihua

2010-01-01

A novel approach to quantum cryptography to be called NQKD, networking quantum key distribution, has been developed for secure quantum communication schemes on the basis of the complementary relations of entanglement Greenberger-Horne-Zeilinger (GHZ) triplet states. One scheme distributes the private key among legal participants in a probabilistic manner, while another transmits the deterministic message with some certainty. Some decoy photons are employed for preventing a potential eavesdropper from attacking quantum channels. The present schemes are efficient as there exists an elegant method for key distributions. The security of the proposed schemes is exactly guaranteed by the entanglement of the GHZ quantum system, which is illustrated in security analysis.

Security of differential-phase-shift quantum key distribution against individual attacks

International Nuclear Information System (INIS)

Waks, Edo; Takesue, Hiroki; Yamamoto, Yoshihisa

2006-01-01

We derive a proof of security for the differential-phase-shift quantum key distribution protocol under the assumption that Eve is restricted to individual attacks. The security proof is derived by bounding the average collision probability, which leads directly to a bound on Eve's mutual information on the final key. The security proof applies to realistic sources based on pulsed coherent light. We then compare individual attacks to sequential attacks and show that individual attacks are more powerful

Provably-Secure Authenticated Group Diffie-Hellman KeyExchange

Energy Technology Data Exchange (ETDEWEB)

Bresson, Emmanuel; Chevassut, Olivier; Pointcheval, David

2007-01-01

Authenticated key exchange protocols allow two participantsA and B, communicating over a public network and each holding anauthentication means, to exchange a shared secret value. Methods designedto deal with this cryptographic problem ensure A (resp. B) that no otherparticipants aside from B (resp. A) can learn any information about theagreed value, and often also ensure A and B that their respective partnerhas actually computed this value. A natural extension to thiscryptographic method is to consider a pool of participants exchanging ashared secret value and to provide a formal treatment for it. Startingfrom the famous 2-party Diffie-Hellman (DH) key exchange protocol, andfrom its authenticated variants, security experts have extended it to themulti-party setting for over a decade and completed a formal analysis inthe framework of modern cryptography in the past few years. The presentpaper synthesizes this body of work on the provably-secure authenticatedgroup DH key exchange.

76 FR 46603 - Security Ratings

Science.gov (United States)

2011-08-03

... settled derivative securities). See Simplification of Registration of Reporting Requirements for Foreign... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 200, 229, 230, 232, 239, 240, and 249 [Release No. 33-9245; 34-64975; File No. S7-18-08] RIN 3235-AK18 Security Ratings AGENCY: Securities and Exchange...

Analysis of the differential-phase-shift-keying protocol in the quantum-key-distribution system

International Nuclear Information System (INIS)

Rong-Zhen, Jiao; Chen-Xu, Feng; Hai-Qiang, Ma

2009-01-01

The analysis is based on the error rate and the secure communication rate as functions of distance for three quantum-key-distribution (QKD) protocols: the Bennett–Brassard 1984, the Bennett–Brassard–Mermin 1992, and the coherent differential-phase-shift keying (DPSK) protocols. We consider the secure communication rate of the DPSK protocol against an arbitrary individual attack, including the most commonly considered intercept-resend and photon-number splitting attacks, and concluded that the simple and efficient differential-phase-shift-keying protocol allows for more than 200 km of secure communication distance with high communication rates. (general)

A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems

Directory of Open Access Journals (Sweden)

Mohammed Ramadan

2016-08-01

Full Text Available Mobile communication security techniques are employed to guard the communication between the network entities. Mobile communication cellular systems have become one of the most important communication systems in recent times and are used by millions of people around the world. Since the 1990s, considerable efforts have been taken to improve both the communication and security features of the mobile communications systems. However, these improvements divide the mobile communications field into different generations according to the communication and security techniques such as A3, A5 and A8 algorithms for 2G-GSM cellular system, 3G-authentication and key agreement (AKA, evolved packet system-authentication and key agreement (EPS-AKA, and long term evolution-authentication and key agreement (LTE-AKA algorithms for 3rd generation partnership project (3GPP systems. Furthermore, these generations have many vulnerabilities, and huge security work is involved to solve such problems. Some of them are in the field of the public key cryptography (PKC which requires a high computational cost and more network flexibility to be achieved. As such, the public key infrastructure (PKI is more compatible with the modern generations due to the superior communications features. This paper surveys the latest proposed works on the security of GSM, CDMA, and LTE cellular systems using PKI. Firstly, we present the security issues for each generation of mobile communication systems, then we study and analyze the latest proposed schemes and give some comparisons. Finally, we introduce some new directions for the future scope. This paper classifies the mobile communication security schemes according to the techniques used for each cellular system and covers some of the PKI-based security techniques such as authentication, key agreement, and privacy preserving.

Shor-Preskill-type security proof for quantum key distribution without public announcement of bases

International Nuclear Information System (INIS)

Hwang, Won-Young; Wang Xiangbin; Matsumoto, Keiji; Kim, Jaewan; Lee, Hai-Woong

2003-01-01

We give a Shor-Preskill-type security proof to quantum key distribution without public announcement of bases [W.Y. Hwang et al., Phys. Lett. A 244, 489 (1998)]. First, we modify the Lo-Chau protocol once more so that it finally reduces to the quantum key distribution without public announcement of bases. Then we show how we can estimate the error rate in the code bits based on that in the checked bits in the proposed protocol, which is the central point of the proof. We discuss the problem of imperfect sources and that of large deviation in the error rate distributions. We discuss when the bases sequence must be discarded

Device-independent quantum key distribution secure against collective attacks

International Nuclear Information System (INIS)

Pironio, Stefano; Gisin, Nicolas; AcIn, Antonio; Brunner, Nicolas; Massar, Serge; Scarani, Valerio

2009-01-01

Device-independent quantum key distribution (DIQKD) represents a relaxation of the security assumptions made in usual quantum key distribution (QKD). As in usual QKD, the security of DIQKD follows from the laws of quantum physics, but contrary to usual QKD, it does not rely on any assumptions about the internal working of the quantum devices used in the protocol. In this paper, we present in detail the security proof for a DIQKD protocol introduced in AcIn et al (2008 Phys. Rev. Lett. 98 230501). This proof exploits the full structure of quantum theory (as opposed to other proofs that exploit only the no-signaling principle), but only holds against collective attacks, where the eavesdropper is assumed to act on the quantum systems of the honest parties independently and identically in each round of the protocol (although she can act coherently on her systems at any time). The security of any DIQKD protocol necessarily relies on the violation of a Bell inequality. We discuss the issue of loopholes in Bell experiments in this context.

Efficient KDM-CCA Secure Public-Key Encryption via Auxiliary-Input Authenticated Encryption

Directory of Open Access Journals (Sweden)

Shuai Han

2017-01-01

Full Text Available KDM[F]-CCA security of public-key encryption (PKE ensures the privacy of key-dependent messages f(sk which are closely related to the secret key sk, where f∈F, even if the adversary is allowed to make decryption queries. In this paper, we study the design of KDM-CCA secure PKE. To this end, we develop a new primitive named Auxiliary-Input Authenticated Encryption (AIAE. For AIAE, we introduce two related-key attack (RKA security notions, including IND-RKA and weak-INT-RKA. We present a generic construction of AIAE from tag-based hash proof system (HPS and one-time secure authenticated encryption (AE and give an instantiation of AIAE under the Decisional Diffie-Hellman (DDH assumption. Using AIAE as an essential building block, we give two constructions of efficient KDM-CCA secure PKE based on the DDH and the Decisional Composite Residuosity (DCR assumptions. Specifically, (i our first PKE construction is the first one achieving KDM[Faff]-CCA security for the set of affine functions and compactness of ciphertexts simultaneously. (ii Our second PKE construction is the first one achieving KDM[Fpolyd]-CCA security for the set of polynomial functions and almost compactness of ciphertexts simultaneously. Our PKE constructions are very efficient; in particular, they are pairing-free and NIZK-free.

A Secure Key Establishment Protocol for ZigBee Wireless Sensor Networks

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2009-01-01

ZigBee is a wireless sensor network standard that defines network and application layers on top of IEEE 802.15.4’s physical and medium access control layers. In the latest version of ZigBee, enhancements are prescribed for the security sublayer but we show in this paper that problems persist....... In particular we show that the End-to-End Application Key Establishment Protocol is flawed and we propose a secure protocol instead. We do so by using formal verification techniques based on static program analysis and process algebras. We present a way of using formal methods in wireless network security......, and propose a secure key establishment protocol for ZigBee networks....

Semi-device-independent security of one-way quantum key distribution

OpenAIRE

Pawlowski, Marcin; Brunner, Nicolas

2011-01-01

By testing nonlocality, the security of entanglement-based quantum key distribution (QKD) can be enhanced to being 'device-independent'. Here we ask whether such a strong form of security could also be established for one-way (prepare and measure) QKD. While fully device-independent security is impossible, we show that security can be guaranteed against individual attacks in a semi-device-independent scenario. In the latter, the devices used by the trusted parties are non-characterized, but t...

Security of public key encryption technique based on multiple chaotic systems

International Nuclear Information System (INIS)

Wang Kai; Pei Wenjiang; Zou Liuhua; Cheung Yiuming; He Zhenya

2006-01-01

Recently, a new public key encryption technique based on multiple chaotic systems has been proposed [B. Ranjan, Phys. Rev. Lett. 95 (2005) 098702]. This scheme employs m-chaotic systems and a set of linear functions for key exchange over an insecure channel. Security of the proposed algorithm grows as (NP) m , where N, P are the size of the key and the computational complexity of the linear functions respectively. In this Letter, the fundamental weakness of the cryptosystem is pointed out and a successful attack is described. Given the public keys and the initial vector, one can calculate the secret key based on Parseval's theorem. Both theoretical and experimental results show that the attacker can access to the secret key without difficulty. The lack of security discourages the use of such algorithm for practical applications

Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks.

Science.gov (United States)

Jung, Jaewook; Moon, Jongho; Lee, Donghoon; Won, Dongho

2017-03-21

At present, users can utilize an authenticated key agreement protocol in a Wireless Sensor Network (WSN) to securely obtain desired information, and numerous studies have investigated authentication techniques to construct efficient, robust WSNs. Chang et al. recently presented an authenticated key agreement mechanism for WSNs and claimed that their authentication mechanism can both prevent various types of attacks, as well as preserve security properties. However, we have discovered that Chang et al's method possesses some security weaknesses. First, their mechanism cannot guarantee protection against a password guessing attack, user impersonation attack or session key compromise. Second, the mechanism results in a high load on the gateway node because the gateway node should always maintain the verifier tables. Third, there is no session key verification process in the authentication phase. To this end, we describe how the previously-stated weaknesses occur and propose a security-enhanced version for WSNs. We present a detailed analysis of the security and performance of our authenticated key agreement mechanism, which not only enhances security compared to that of related schemes, but also takes efficiency into consideration.

Mobility Based Key Management Technique for Multicast Security in Mobile Ad Hoc Networks

Directory of Open Access Journals (Sweden)

B. Madhusudhanan

2015-01-01

Full Text Available In MANET multicasting, forward and backward secrecy result in increased packet drop rate owing to mobility. Frequent rekeying causes large message overhead which increases energy consumption and end-to-end delay. Particularly, the prevailing group key management techniques cause frequent mobility and disconnections. So there is a need to design a multicast key management technique to overcome these problems. In this paper, we propose the mobility based key management technique for multicast security in MANET. Initially, the nodes are categorized according to their stability index which is estimated based on the link availability and mobility. A multicast tree is constructed such that for every weak node, there is a strong parent node. A session key-based encryption technique is utilized to transmit a multicast data. The rekeying process is performed periodically by the initiator node. The rekeying interval is fixed depending on the node category so that this technique greatly minimizes the rekeying overhead. By simulation results, we show that our proposed approach reduces the packet drop rate and improves the data confidentiality.

Blockchain-based Public Key Infrastructure for Inter-Domain Secure Routing

OpenAIRE

de la Rocha Gómez-Arevalillo , Alfonso; Papadimitratos , Panos

2017-01-01

International audience; A gamut of secure inter-domain routing protocols has been proposed in the literature. They use traditional PGP-like and centralized Public Key Infrastructures for trust management. In this paper, we propose our alternative approach for managing security associations, Secure Blockchain Trust Management (SBTM), a trust management system that instantiates a blockchain-based PKI for the operation of securerouting protocols. A main motivation for SBTM is to facilitate gradu...

Multi-party quantum key agreement protocol secure against collusion attacks

Science.gov (United States)

Wang, Ping; Sun, Zhiwei; Sun, Xiaoqiang

2017-07-01

The fairness of a secure multi-party quantum key agreement (MQKA) protocol requires that all involved parties are entirely peer entities and can equally influence the outcome of the protocol to establish a shared key wherein no one can decide the shared key alone. However, it is found that parts of the existing MQKA protocols are sensitive to collusion attacks, i.e., some of the dishonest participants can collaborate to predetermine the final key without being detected. In this paper, a multi-party QKA protocol resisting collusion attacks is proposed. Different from previous QKA protocol resisting N-1 coconspirators or resisting 1 coconspirators, we investigate the general circle-type MQKA protocol which can be secure against t dishonest participants' cooperation. Here, t < N. We hope the results of the presented paper will be helpful for further research on fair MQKA protocols.

Device calibration impacts security of quantum key distribution.

Science.gov (United States)

Jain, Nitin; Wittmann, Christoffer; Lydersen, Lars; Wiechers, Carlos; Elser, Dominique; Marquardt, Christoph; Makarov, Vadim; Leuchs, Gerd

2011-09-09

Characterizing the physical channel and calibrating the cryptosystem hardware are prerequisites for establishing a quantum channel for quantum key distribution (QKD). Moreover, an inappropriately implemented calibration routine can open a fatal security loophole. We propose and experimentally demonstrate a method to induce a large temporal detector efficiency mismatch in a commercial QKD system by deceiving a channel length calibration routine. We then devise an optimal and realistic strategy using faked states to break the security of the cryptosystem. A fix for this loophole is also suggested.

Information security system based on virtual-optics imaging methodology and public key infrastructure

Science.gov (United States)

Peng, Xiang; Zhang, Peng; Cai, Lilong

In this paper, we present a virtual-optical based information security system model with the aid of public-key-infrastructure (PKI) techniques. The proposed model employs a hybrid architecture in which our previously published encryption algorithm based on virtual-optics imaging methodology (VOIM) can be used to encipher and decipher data while an asymmetric algorithm, for example RSA, is applied for enciphering and deciphering the session key(s). For an asymmetric system, given an encryption key, it is computationally infeasible to determine the decryption key and vice versa. The whole information security model is run under the framework of PKI, which is on basis of public-key cryptography and digital signatures. This PKI-based VOIM security approach has additional features like confidentiality, authentication, and integrity for the purpose of data encryption under the environment of network.

Semi-device-independent security of one-way quantum key distribution

International Nuclear Information System (INIS)

Pawlowski, Marcin; Brunner, Nicolas

2011-01-01

By testing nonlocality, the security of entanglement-based quantum key distribution (QKD) can be enhanced to being ''device-independent.'' Here we ask whether such a strong form of security could also be established for one-way (prepare and measure) QKD. While fully device-independent security is impossible, we show that security can be guaranteed against individual attacks in a semi-device-independent scenario. In the latter, the devices used by the trusted parties are noncharacterized, but the dimensionality of the quantum systems used in the protocol is assumed to be bounded. Our security proof relies on the analogies between one-way QKD, dimension witnesses, and random-access codes.

Security of Color Image Data Designed by Public-Key Cryptosystem Associated with 2D-DWT

Science.gov (United States)

Mishra, D. C.; Sharma, R. K.; Kumar, Manish; Kumar, Kuldeep

2014-08-01

In present times the security of image data is a major issue. So, we have proposed a novel technique for security of color image data by public-key cryptosystem or asymmetric cryptosystem. In this technique, we have developed security of color image data using RSA (Rivest-Shamir-Adleman) cryptosystem with two-dimensional discrete wavelet transform (2D-DWT). Earlier proposed schemes for security of color images designed on the basis of keys, but this approach provides security of color images with the help of keys and correct arrangement of RSA parameters. If the attacker knows about exact keys, but has no information of exact arrangement of RSA parameters, then the original information cannot be recovered from the encrypted data. Computer simulation based on standard example is critically examining the behavior of the proposed technique. Security analysis and a detailed comparison between earlier developed schemes for security of color images and proposed technique are also mentioned for the robustness of the cryptosystem.

Understanding security failures of two authentication and key agreement schemes for telecare medicine information systems.

Science.gov (United States)

Mishra, Dheerendra

2015-03-01

Smart card based authentication and key agreement schemes for telecare medicine information systems (TMIS) enable doctors, nurses, patients and health visitors to use smart cards for secure login to medical information systems. In recent years, several authentication and key agreement schemes have been proposed to present secure and efficient solution for TMIS. Most of the existing authentication schemes for TMIS have either higher computation overhead or are vulnerable to attacks. To reduce the computational overhead and enhance the security, Lee recently proposed an authentication and key agreement scheme using chaotic maps for TMIS. Xu et al. also proposed a password based authentication and key agreement scheme for TMIS using elliptic curve cryptography. Both the schemes provide better efficiency from the conventional public key cryptography based schemes. These schemes are important as they present an efficient solution for TMIS. We analyze the security of both Lee's scheme and Xu et al.'s schemes. Unfortunately, we identify that both the schemes are vulnerable to denial of service attack. To understand the security failures of these cryptographic schemes which are the key of patching existing schemes and designing future schemes, we demonstrate the security loopholes of Lee's scheme and Xu et al.'s scheme in this paper.

Comparative study of key exchange and authentication methods in application, transport and network level security mechanisms

Science.gov (United States)

Fathirad, Iraj; Devlin, John; Jiang, Frank

2012-09-01

The key-exchange and authentication are two crucial elements of any network security mechanism. IPsec, SSL/TLS, PGP and S/MIME are well-known security approaches in providing security service to network, transport and application layers; these protocols use different methods (based on their requirements) to establish keying materials and authenticates key-negotiation and participated parties. This paper studies and compares the authenticated key negotiation methods in mentioned protocols.

A Novel Re-keying Function Protocol (NRFP For Wireless Sensor Network Security

Directory of Open Access Journals (Sweden)

Naif Alsharabi

2008-12-01

Full Text Available This paper describes a novel re-keying function protocol (NRFP for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs, covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

Science.gov (United States)

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-01-01

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

Science.gov (United States)

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-12-04

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

A General Construction of IND-CCA2 Secure Public Key Encryption

DEFF Research Database (Denmark)

Kiltz, Eike; Malone-Lee, John

2003-01-01

We propose a general construction for public key encryption schemes that are IND-CCA2 secure in the random oracle model. We show that the scheme proposed in [1, 2] fits our general framework and moreover that our method of analysis leads to a more efficient security reduction....

A fast and versatile quantum key distribution system with hardware key distillation and wavelength multiplexing

International Nuclear Information System (INIS)

Walenta, N; Gisin, N; Guinnard, O; Houlmann, R; Korzh, B; Lim, C W; Lunghi, T; Portmann, C; Thew, R T; Burg, A; Constantin, J; Caselunghe, D; Kulesza, N; Legré, M; Monat, L; Soucarros, M; Trinkler, P; Junod, P; Trolliet, G; Vannel, F

2014-01-01

We present a compactly integrated, 625 MHz clocked coherent one-way quantum key distribution system which continuously distributes secret keys over an optical fibre link. To support high secret key rates, we implemented a fast hardware key distillation engine which allows for key distillation rates up to 4 Mbps in real time. The system employs wavelength multiplexing in order to run over only a single optical fibre. Using fast gated InGaAs single photon detectors, we reliably distribute secret keys with a rate above 21 kbps over 25 km of optical fibre. We optimized the system considering a security analysis that respects finite-key-size effects, authentication costs and system errors for a security parameter of ε QKD  = 4 × 10 −9 . (paper)

An Efficient Biometric-Based Algorithm Using Heart Rate Variability for Securing Body Sensor Networks.

Science.gov (United States)

Pirbhulal, Sandeep; Zhang, Heye; Mukhopadhyay, Subhas Chandra; Li, Chunyue; Wang, Yumei; Li, Guanglin; Wu, Wanqing; Zhang, Yuan-Ting

2015-06-26

Body Sensor Network (BSN) is a network of several associated sensor nodes on, inside or around the human body to monitor vital signals, such as, Electroencephalogram (EEG), Photoplethysmography (PPG), Electrocardiogram (ECG), etc. Each sensor node in BSN delivers major information; therefore, it is very significant to provide data confidentiality and security. All existing approaches to secure BSN are based on complex cryptographic key generation procedures, which not only demands high resource utilization and computation time, but also consumes large amount of energy, power and memory during data transmission. However, it is indispensable to put forward energy efficient and computationally less complex authentication technique for BSN. In this paper, a novel biometric-based algorithm is proposed, which utilizes Heart Rate Variability (HRV) for simple key generation process to secure BSN. Our proposed algorithm is compared with three data authentication techniques, namely Physiological Signal based Key Agreement (PSKA), Data Encryption Standard (DES) and Rivest Shamir Adleman (RSA). Simulation is performed in Matlab and results suggest that proposed algorithm is quite efficient in terms of transmission time utilization, average remaining energy and total power consumption.

Password-only authenticated three-party key exchange with provable security in the standard model.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Kim, Junghwan; Kang, Hyun-Kyu; Kim, Jinsoo; Paik, Juryon; Won, Dongho

2014-01-01

Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model

Directory of Open Access Journals (Sweden)

Junghyun Nam

2014-01-01

Full Text Available Protocols for password-only authenticated key exchange (PAKE in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000, which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.

An Efficient and Secure Arbitrary N-Party Quantum Key Agreement Protocol Using Bell States

Science.gov (United States)

Liu, Wen-Jie; Xu, Yong; Yang, Ching-Nung; Gao, Pei-Pei; Yu, Wen-Bin

2018-01-01

Two quantum key agreement protocols using Bell states and Bell measurement were recently proposed by Shukla et al. (Quantum Inf. Process. 13(11), 2391-2405, 2014). However, Zhu et al. pointed out that there are some security flaws and proposed an improved version (Quantum Inf. Process. 14(11), 4245-4254, 2015). In this study, we will show Zhu et al.'s improvement still exists some security problems, and its efficiency is not high enough. For solving these problems, we utilize four Pauli operations { I, Z, X, Y} to encode two bits instead of the original two operations { I, X} to encode one bit, and then propose an efficient and secure arbitrary N-party quantum key agreement protocol. In the protocol, the channel checking with decoy single photons is introduced to avoid the eavesdropper's flip attack, and a post-measurement mechanism is used to prevent against the collusion attack. The security analysis shows the present protocol can guarantee the correctness, security, privacy and fairness of quantum key agreement.

Strategies for Overcoming Key Barriers to Development of a National Security Workforce

Energy Technology Data Exchange (ETDEWEB)

None

2008-06-30

This report documents the strategies for overcoming identified key barriers to development of an adequate national security workforce as part of the National Security Preparedness Project (NSPP) being performed under a Department of Energy (DOE) National Nuclear Security Administration (NNSA) grant. Many barriers currently exist that prevent the development of an adequate number of properly trained national security personnel. The identified strategies to address the barriers will focus on both short-term and long-term efforts, as well as strategies to capture legacy knowledge of retiring national security workforce personnel.

Identifying Regional Key Eco-Space to Maintain Ecological Security Using GIS

Directory of Open Access Journals (Sweden)

Hualin Xie

2014-02-01

Full Text Available Ecological security and environmental sustainability are the foundations of sustainable development. With the acceleration of urbanization, increasing human activities have promoted greater impacts on the eco-spaces that maintain ecological security. Regional key eco-space has become the primary need to maintain environmental sustainability and can offer society with continued ecosystem services. In this paper, considering the security of water resources, biodiversity conservation, disaster avoidance and protection and natural recreation, an integrated index of eco-space importance was established and a method for identifying key eco-space was created using GIS, with Lanzhou City, China as a case study. The results show that the area of core eco-space in the Lanzhou City is approximately 50,908.7 hm2, accounting for 40% of the region’s total area. These areas mainly consist of geological hazard protection zones and the core zones of regional river systems, wetlands, nature reserves, forest parks and scenic spots. The results of this study provide some guidance for the management of ecological security, ecological restoration and environmental sustainability.

Key-Insulated Undetachable Digital Signature Scheme and Solution for Secure Mobile Agents in Electronic Commerce

Directory of Open Access Journals (Sweden)

Yang Shi

2016-01-01

Full Text Available Considering the security of both the customers’ hosts and the eShops’ servers, we introduce the idea of a key-insulated undetachable digital signature, enabling mobile agents to generate undetachable digital signatures on remote hosts with the key-insulated property of the original signer’s signing key. From the theoretical perspective, we provide the formal definition and security notion of a key-insulated undetachable digital signature. From the practical perspective, we propose a concrete scheme to secure mobile agents in electronic commerce. The scheme is mainly focused on protecting the signing key from leakage and preventing the misuse of the signature algorithm on malicious servers. Agents do not carry the signing key when they generate digital signatures on behalf of the original signer, so the key is protected on remote servers. Furthermore, if a hacker gains the signing key of the original signer, the hacker is still unable to forge a signature for any time period other than the key being accessed. In addition, the encrypted function is combined with the original signer’s requirement to prevent the misuse of signing algorithm. The scheme is constructed on gap Diffie–Hellman groups with provable security, and the performance testing indicates that the scheme is efficient.

Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

Science.gov (United States)

Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

2017-12-01

Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

Secure Trust Based Key Management Routing Framework for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jugminder Kaur

2016-01-01

Full Text Available Security is always a major concern in wireless sensor networks (WSNs. Several trust based routing protocols are designed that play an important role in enhancing the performance of a wireless network. However they still have some disadvantages like limited energy resources, susceptibility to physical capture, and little protection against various attacks due to insecure wireless communication channels. This paper presents a secure trust based key management (STKF routing framework that establishes a secure trustworthy route depending upon the present and past node to node interactions. This route is then updated by isolating the malicious or compromised nodes from the route, if any, and a dedicated link is created between every pair of nodes in the selected route with the help of “q” composite random key predistribution scheme (RKPS to ensure data delivery from source to destination. The performance of trust aware secure routing framework (TSRF is compared with the proposed routing scheme. The results indicate that STKF provides an effective mechanism for finding out a secure route with better trustworthiness than TSRF which avoids the data dropping, thereby increasing the data delivery ratio. Also the distance required to reach the destination in the proposed protocol is less hence effectively utilizing the resources.

Practical scheme to share a secret key through a quantum channel with a 27.6% bit error rate

International Nuclear Information System (INIS)

Chau, H.F.

2002-01-01

A secret key shared through quantum key distribution between two cooperative players is secure against any eavesdropping attack allowed by the laws of physics. Yet, such a key can be established only when the quantum channel error rate due to eavesdropping or imperfect apparatus is low. Here, a practical quantum key distribution scheme by making use of an adaptive privacy amplification procedure with two-way classical communication is reported. Then, it is proven that the scheme generates a secret key whenever the bit error rate of the quantum channel is less than 0.5-0.1√(5)≅27.6%, thereby making it the most error resistant scheme known to date

Information Security Governanceas as Key Performance Indicator for Financial Institutions

OpenAIRE

Krjukovs, D; Strauss, R

2009-01-01

Due to their nature financial institutions and their performance are in constant focus of attention from different stakeholder groups. These groups according to their functions and interests are implementing different sets of key performance indicators for financial institution performance assessment. In the proposed paper authors present a hypothesis of information security governance being a financial institution key performance indicator. Authors provide high level overview of ...

Security by quantum key distribution and IPSEC (SEQKEIP): feasibility

International Nuclear Information System (INIS)

Sfaxi, M.A.; Ghernaouti-Helie, S.; Ribordy, G; Gay, O.

2005-01-01

Full text: Classical cryptography algorithms are based on mathematical functions. The robustness of a given cryptosystem is based essentially on the secrecy of its (private) key and the difficulty with which the inverse of its one-way function(s) can be calculated. Unfortunately, there is no mathematical proof that will establish whether it is not possible to find the inverse of a given one-way function. On the contrary, quantum cryptography is a method for sharing secret keys, whose security can be formally demonstrated. It is based on the laws of physics. The possible applications of quantum cryptography are mainly linked to telecommunication services that require very high level of security. Quantum cryptography could be integrated in various existing concepts and protocols. One of the possible use of quantum cryptography is within IPSEC. The aim of this paper is to analyse the feasibility of using quantum cryptography in IPSEC and to present the estimated performances of this solution. (author)

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach.

Science.gov (United States)

Sanchez-Iborra, Ramon; Sánchez-Gómez, Jesús; Pérez, Salvador; Fernández, Pedro J; Santa, José; Hernández-Ramos, José L; Skarmeta, Antonio F

2018-06-05

Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT) field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN) already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN), which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa) and its layer-two supporter LoRa Wide Area Network (LoRaWAN), which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie⁻Hellman Over COSE (EDHOC) is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Teymoori, Vahid; Nikooghadam, Morteza; Abbassi, Hassan

2015-08-01

Telecare medicine information systems (TMISs) aim to deliver appropriate healthcare services in an efficient and secure manner to patients. A secure mechanism for authentication and key agreement is required to provide proper security in these systems. Recently, Bin Muhaya demonstrated some security weaknesses of Zhu's authentication and key agreement scheme and proposed a security enhanced authentication and key agreement scheme for TMISs. However, we show that Bin Muhaya's scheme is vulnerable to off-line password guessing attacks and does not provide perfect forward secrecy. Furthermore, in order to overcome the mentioned weaknesses, we propose a new two-factor anonymous authentication and key agreement scheme using the elliptic curve cryptosystem. Security and performance analyses demonstrate that the proposed scheme not only overcomes the weaknesses of Bin Muhaya's scheme, but also is about 2.73 times faster than Bin Muhaya's scheme.

Security analysis of orthogonal-frequency-division-multiplexing-based continuous-variable quantum key distribution with imperfect modulation

Science.gov (United States)

Zhang, Hang; Mao, Yu; Huang, Duan; Li, Jiawei; Zhang, Ling; Guo, Ying

2018-05-01

We introduce a reliable scheme for continuous-variable quantum key distribution (CV-QKD) by using orthogonal frequency division multiplexing (OFDM). As a spectrally efficient multiplexing technique, OFDM allows a large number of closely spaced orthogonal subcarrier signals used to carry data on several parallel data streams or channels. We place emphasis on modulator impairments which would inevitably arise in the OFDM system and analyze how these impairments affect the OFDM-based CV-QKD system. Moreover, we also evaluate the security in the asymptotic limit and the Pirandola-Laurenza-Ottaviani-Banchi upper bound. Results indicate that although the emergence of imperfect modulation would bring about a slight decrease in the secret key bit rate of each subcarrier, the multiplexing technique combined with CV-QKD results in a desirable improvement on the total secret key bit rate which can raise the numerical value about an order of magnitude.

Continuous-variable quantum authentication of physical unclonable keys: Security against an emulation attack

Science.gov (United States)

Nikolopoulos, Georgios M.

2018-01-01

We consider a recently proposed entity authentication protocol in which a physical unclonable key is interrogated by random coherent states of light, and the quadratures of the scattered light are analyzed by means of a coarse-grained homodyne detection. We derive a sufficient condition for the protocol to be secure against an emulation attack in which an adversary knows the challenge-response properties of the key and moreover, he can access the challenges during the verification. The security analysis relies on Holevo's bound and Fano's inequality, and suggests that the protocol is secure against the emulation attack for a broad range of physical parameters that are within reach of today's technology.

An Efficient Biometric-Based Algorithm Using Heart Rate Variability for Securing Body Sensor Networks

Directory of Open Access Journals (Sweden)

Sandeep Pirbhulal

2015-06-01

Full Text Available Body Sensor Network (BSN is a network of several associated sensor nodes on, inside or around the human body to monitor vital signals, such as, Electroencephalogram (EEG, Photoplethysmography (PPG, Electrocardiogram (ECG, etc. Each sensor node in BSN delivers major information; therefore, it is very significant to provide data confidentiality and security. All existing approaches to secure BSN are based on complex cryptographic key generation procedures, which not only demands high resource utilization and computation time, but also consumes large amount of energy, power and memory during data transmission. However, it is indispensable to put forward energy efficient and computationally less complex authentication technique for BSN. In this paper, a novel biometric-based algorithm is proposed, which utilizes Heart Rate Variability (HRV for simple key generation process to secure BSN. Our proposed algorithm is compared with three data authentication techniques, namely Physiological Signal based Key Agreement (PSKA, Data Encryption Standard (DES and Rivest Shamir Adleman (RSA. Simulation is performed in Matlab and results suggest that proposed algorithm is quite efficient in terms of transmission time utilization, average remaining energy and total power consumption.

An Efficient Biometric-Based Algorithm Using Heart Rate Variability for Securing Body Sensor Networks

Science.gov (United States)

Pirbhulal, Sandeep; Zhang, Heye; Mukhopadhyay, Subhas Chandra; Li, Chunyue; Wang, Yumei; Li, Guanglin; Wu, Wanqing; Zhang, Yuan-Ting

2015-01-01

Body Sensor Network (BSN) is a network of several associated sensor nodes on, inside or around the human body to monitor vital signals, such as, Electroencephalogram (EEG), Photoplethysmography (PPG), Electrocardiogram (ECG), etc. Each sensor node in BSN delivers major information; therefore, it is very significant to provide data confidentiality and security. All existing approaches to secure BSN are based on complex cryptographic key generation procedures, which not only demands high resource utilization and computation time, but also consumes large amount of energy, power and memory during data transmission. However, it is indispensable to put forward energy efficient and computationally less complex authentication technique for BSN. In this paper, a novel biometric-based algorithm is proposed, which utilizes Heart Rate Variability (HRV) for simple key generation process to secure BSN. Our proposed algorithm is compared with three data authentication techniques, namely Physiological Signal based Key Agreement (PSKA), Data Encryption Standard (DES) and Rivest Shamir Adleman (RSA). Simulation is performed in Matlab and results suggest that proposed algorithm is quite efficient in terms of transmission time utilization, average remaining energy and total power consumption. PMID:26131666

Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts

DEFF Research Database (Denmark)

Alagic, Gorjan; Russell, Alexander

2017-01-01

Recent results of Kaplan et al., building on work by Kuwakado and Morii, have shown that a wide variety of classically-secure symmetric-key cryptosystems can be completely broken by quantum chosen-plaintext attacks (qCPA). In such an attack, the quantum adversary has the ability to query the cryp...

Security bound of two-basis quantum-key-distribution protocols using qudits

International Nuclear Information System (INIS)

Nikolopoulos, Georgios M.; Alber, Gernot

2005-01-01

We investigate the security bounds of quantum-cryptographic protocols using d-level systems. In particular, we focus on schemes that use two mutually unbiased bases, thus extending the Bennett-Brassard 1984 quantum-key-distribution scheme to higher dimensions. Under the assumption of general coherent attacks, we derive an analytic expression for the ultimate upper security bound of such quantum-cryptography schemes. This bound is well below the predictions of optimal cloning machines. The possibility of extraction of a secret key beyond entanglement distillation is discussed. In the case of qutrits we argue that any eavesdropping strategy is equivalent to a symmetric one. For higher dimensions such an equivalence is generally no longer valid

[Principles and methodology for ecological rehabilitation and security pattern design in key project construction].

Science.gov (United States)

Chen, Li-Ding; Lu, Yi-He; Tian, Hui-Ying; Shi, Qian

2007-03-01

Global ecological security becomes increasingly important with the intensive human activities. The function of ecological security is influenced by human activities, and in return, the efficiency of human activities will also be affected by the patterns of regional ecological security. Since the 1990s, China has initiated the construction of key projects "Yangtze Three Gorges Dam", "Qinghai-Tibet Railway", "West-to-East Gas Pipeline", "West-to-East Electricity Transmission" and "South-to-North Water Transfer" , etc. The interaction between these projects and regional ecological security has particularly attracted the attention of Chinese government. It is not only important for the regional environmental protection, but also of significance for the smoothly implementation of various projects aimed to develop an ecological rehabilitation system and to design a regional ecological security pattern. This paper made a systematic analysis on the types and characteristics of key project construction and their effects on the environment, and on the basis of this, brought forward the basic principles and methodology for ecological rehabilitation and security pattern design in this construction. It was considered that the following issues should be addressed in the implementation of a key project: 1) analysis and evaluation of current regional ecological environment, 2) evaluation of anthropogenic disturbances and their ecological risk, 3) regional ecological rehabilitation and security pattern design, 4) scenario analysis of environmental benefits of regional ecological security pattern, 5) re-optimization of regional ecological system framework, and 6) establishment of regional ecosystem management plan.

Enhancing LoRaWAN Security through a Lightweight and Authenticated Key Management Approach

Directory of Open Access Journals (Sweden)

Ramon Sanchez-Iborra

2018-06-01

Full Text Available Luckily, new communication technologies and protocols are nowadays designed considering security issues. A clear example of this can be found in the Internet of Things (IoT field, a quite recent area where communication technologies such as ZigBee or IPv6 over Low power Wireless Personal Area Networks (6LoWPAN already include security features to guarantee authentication, confidentiality and integrity. More recent technologies are Low-Power Wide-Area Networks (LP-WAN, which also consider security, but present initial approaches that can be further improved. An example of this can be found in Long Range (LoRa and its layer-two supporter LoRa Wide Area Network (LoRaWAN, which include a security scheme based on pre-shared cryptographic material lacking flexibility when a key update is necessary. Because of this, in this work, we evaluate the security vulnerabilities of LoRaWAN in the area of key management and propose different alternative schemes. Concretely, the application of an approach based on the recently specified Ephemeral Diffie–Hellman Over COSE (EDHOC is found as a convenient solution, given its flexibility in the update of session keys, its low computational cost and the limited message exchanges needed. A comparative conceptual analysis considering the overhead of different security schemes for LoRaWAN is carried out in order to evaluate their benefits in the challenging area of LP-WAN.

High-Speed Large-Alphabet Quantum Key Distribution Using Photonic Integrated Circuits

Science.gov (United States)

2014-01-28

polarizing beam splitter, TDC: time-to-digital converter. Extra&loss& photon/bin frame size QSER secure bpp ECC secure&key&rate& none& 0.0031 64 14...to-digital converter. photon/frame frame size QSER secure bpp ECC secure&key& rate& 1.3 16 9.5 % 2.9 layered LDPC 7.3&Mbps& Figure 24: Operating

Symmetric Link Key Management for Secure Neighbor Discovery in a Decentralized Wireless Sensor Network

Science.gov (United States)

2017-09-01

KEY MANAGEMENT FOR SECURE NEIGHBOR DISCOVERY IN A DECENTRALIZED WIRELESS SENSOR NETWORK by Kelvin T. Chew September 2017 Thesis Advisor...and to the Office of Management and Budget, Paperwork Reduction Project (0704-0188) Washington, DC 20503. 1. AGENCY USE ONLY (Leave blank) 2. REPORT...DATE September 2017 3. REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE SYMMETRIC LINK KEY MANAGEMENT FOR SECURE NEIGHBOR

Fast and secure key distribution using mesoscopic coherent states of light

International Nuclear Information System (INIS)

Barbosa, Geraldo A.

2003-01-01

This work shows how two parties A and B can securely share unlimited sequences of random bits at optical speeds. A and B possess true-random physical sources and exchange random bits by using a random sequence received to cipher the following one to be sent. A starting shared secret key is used and the method can be described as a one-time-pad unlimited extender. It is demonstrated that the minimum probability of error in signal determination by the eavesdropper can be set arbitrarily close to the pure guessing level. Being based on the M-ry encryption protocol this method also allows for optical amplification without security degradation, offering practical advantages over the Bennett-Brassard 1984 protocol for key distribution

Improved two-way six-state protocol for quantum key distribution

International Nuclear Information System (INIS)

Shaari, J.S.; Bahari, Asma' Ahmad

2012-01-01

A generalized version for a qubit based two-way quantum key distribution scheme was first proposed in the paper [Phys. Lett. A 358 (2006) 85] capitalizing on the six quantum states derived from three mutually unbiased bases. While boasting of a higher level of security, the protocol was not designed for ease of practical implementation. In this work, we propose modifications to the protocol, resulting not only in improved security but also in a more efficient and practical setup. We provide comparisons for calculated secure key rates for the protocols in noisy and lossy channels. -- Highlights: ► Modification for efficient generalized two-way QKD is proposed. ► Calculations include secure key rates in noisy and lossy channels for selected attack scenario. ► Resulting proposal provides for higher secure key rate in selected attack scheme.

Improved two-way six-state protocol for quantum key distribution

Energy Technology Data Exchange (ETDEWEB)

Shaari, J.S., E-mail: jesni_shamsul@yahoo.com [Faculty of Science, International Islamic University Malaysia (IIUM), Jalan Sultan Ahmad Shah, Bandar Indera Mahkota, 25200 Kuantan, Pahang (Malaysia); Bahari, Asma' Ahmad [Faculty of Science, International Islamic University Malaysia (IIUM), Jalan Sultan Ahmad Shah, Bandar Indera Mahkota, 25200 Kuantan, Pahang (Malaysia)

2012-10-01

A generalized version for a qubit based two-way quantum key distribution scheme was first proposed in the paper [Phys. Lett. A 358 (2006) 85] capitalizing on the six quantum states derived from three mutually unbiased bases. While boasting of a higher level of security, the protocol was not designed for ease of practical implementation. In this work, we propose modifications to the protocol, resulting not only in improved security but also in a more efficient and practical setup. We provide comparisons for calculated secure key rates for the protocols in noisy and lossy channels. -- Highlights: ► Modification for efficient generalized two-way QKD is proposed. ► Calculations include secure key rates in noisy and lossy channels for selected attack scenario. ► Resulting proposal provides for higher secure key rate in selected attack scheme.

Shared Electronic Health Record Systems: Key Legal and Security Challenges.

Science.gov (United States)

Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

2017-11-01

Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

A Dual Key-Based Activation Scheme for Secure LoRaWAN

Directory of Open Access Journals (Sweden)

Jaehyu Kim

2017-01-01

Full Text Available With the advent of the Internet of Things (IoT era, we are experiencing rapid technological progress. Billions of devices are connected to each other, and our homes, cities, hospitals, and schools are getting smarter and smarter. However, to realize the IoT, several challenging issues such as connecting resource-constrained devices to the Internet must be resolved. Recently introduced Low Power Wide Area Network (LPWAN technologies have been devised to resolve this issue. Among many LPWAN candidates, the Long Range (LoRa is one of the most promising technologies. The Long Range Wide Area Network (LoRaWAN is a communication protocol for LoRa that provides basic security mechanisms. However, some security loopholes exist in LoRaWAN’s key update and session key generation. In this paper, we propose a dual key-based activation scheme for LoRaWAN. It resolves the problem of key updates not being fully supported. In addition, our scheme facilitates each layer in generating its own session key directly, which ensures the independence of all layers. Real-world experimental results compared with the original scheme show that the proposed scheme is totally feasible in terms of delay and battery consumption.

Detector-device-independent quantum key distribution: Security analysis and fast implementation

International Nuclear Information System (INIS)

Boaron, Alberto; Korzh, Boris; Boso, Gianluca; Martin, Anthony; Zbinden, Hugo; Houlmann, Raphael; Lim, Charles Ci Wen

2016-01-01

One of the most pressing issues in quantum key distribution (QKD) is the problem of detector side-channel attacks. To overcome this problem, researchers proposed an elegant “time-reversal” QKD protocol called measurement-device-independent QKD (MDI-QKD), which is based on time-reversed entanglement swapping. However, MDI-QKD is more challenging to implement than standard point-to-point QKD. Recently, an intermediary QKD protocol called detector-device-independent QKD (DDI-QKD) has been proposed to overcome the drawbacks of MDI-QKD, with the hope that it would eventually lead to a more efficient detector side-channel-free QKD system. Here, we analyze the security of DDI-QKD and elucidate its security assumptions. We find that DDI-QKD is not equivalent to MDI-QKD, but its security can be demonstrated with reasonable assumptions. On the more practical side, we consider the feasibility of DDI-QKD and present a fast experimental demonstration (clocked at 625 MHz), capable of secret key exchange up to more than 90 km.

Security enhanced anonymous multiserver authenticated key agreement scheme using smart cards and biometrics.

Science.gov (United States)

Choi, Younsung; Nam, Junghyun; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Won, Dongho

2014-01-01

An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user's biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen's scheme.

Security Enhanced Anonymous Multiserver Authenticated Key Agreement Scheme Using Smart Cards and Biometrics

Directory of Open Access Journals (Sweden)

Younsung Choi

2014-01-01

Full Text Available An anonymous user authentication scheme allows a user, who wants to access a remote application server, to achieve mutual authentication and session key establishment with the server in an anonymous manner. To enhance the security of such authentication schemes, recent researches combined user’s biometrics with a password. However, these authentication schemes are designed for single server environment. So when a user wants to access different application servers, the user has to register many times. To solve this problem, Chuang and Chen proposed an anonymous multiserver authenticated key agreement scheme using smart cards together with passwords and biometrics. Chuang and Chen claimed that their scheme not only supports multiple servers but also achieves various security requirements. However, we show that this scheme is vulnerable to a masquerade attack, a smart card attack, a user impersonation attack, and a DoS attack and does not achieve perfect forward secrecy. We also propose a security enhanced anonymous multiserver authenticated key agreement scheme which addresses all the weaknesses identified in Chuang and Chen’s scheme.

Efficient quantum secure communication with a publicly known key

International Nuclear Information System (INIS)

Li Chunyan; Li Xihan; Deng Fuguo; Zhou Hongyu

2008-01-01

This paper presents a simple way for an eavesdropper to eavesdrop freely the secret message in the experimental realization of quantum communication protocol proposed by Beige et al (2002 Acta Phys. Pol. A 101 357). Moreover, it introduces an efficient quantum secure communication protocol based on a publicly known key with decoy photons and two biased bases by modifying the original protocol. The total efficiency of this new protocol is double that of the original one. With a low noise quantum channel, this protocol can be used for transmitting a secret message. At present, this protocol is good for generating a private key efficiently. (general)

Best-Practice Criteria for Practical Security of Self-Differencing Avalanche Photodiode Detectors in Quantum Key Distribution

Science.gov (United States)

Koehler-Sidki, A.; Dynes, J. F.; Lucamarini, M.; Roberts, G. L.; Sharpe, A. W.; Yuan, Z. L.; Shields, A. J.

2018-04-01

Fast-gated avalanche photodiodes (APDs) are the most commonly used single photon detectors for high-bit-rate quantum key distribution (QKD). Their robustness against external attacks is crucial to the overall security of a QKD system, or even an entire QKD network. We investigate the behavior of a gigahertz-gated, self-differencing (In,Ga)As APD under strong illumination, a tactic Eve often uses to bring detectors under her control. Our experiment and modeling reveal that the negative feedback by the photocurrent safeguards the detector from being blinded through reducing its avalanche probability and/or strengthening the capacitive response. Based on this finding, we propose a set of best-practice criteria for designing and operating fast-gated APD detectors to ensure their practical security in QKD.

Experimental aspects of deterministic secure quantum key distribution

Energy Technology Data Exchange (ETDEWEB)

Walenta, Nino; Korn, Dietmar; Puhlmann, Dirk; Felbinger, Timo; Hoffmann, Holger; Ostermeyer, Martin [Universitaet Potsdam (Germany). Institut fuer Physik; Bostroem, Kim [Universitaet Muenster (Germany)

2008-07-01

Most common protocols for quantum key distribution (QKD) use non-deterministic algorithms to establish a shared key. But deterministic implementations can allow for higher net key transfer rates and eavesdropping detection rates. The Ping-Pong coding scheme by Bostroem and Felbinger[1] employs deterministic information encoding in entangled states with its characteristic quantum channel from Bob to Alice and back to Bob. Based on a table-top implementation of this protocol with polarization-entangled photons fundamental advantages as well as practical issues like transmission losses, photon storage and requirements for progress towards longer transmission distances are discussed and compared to non-deterministic protocols. Modifications of common protocols towards a deterministic quantum key distribution are addressed.

Password-only authenticated three-party key exchange proven secure against insider dictionary attacks.

Science.gov (United States)

Nam, Junghyun; Choo, Kim-Kwang Raymond; Paik, Juryon; Won, Dongho

2014-01-01

While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.

Quantum key distribution with finite resources: Secret key rates via Renyi entropies

Energy Technology Data Exchange (ETDEWEB)

Abruzzo, Silvestre; Kampermann, Hermann; Mertz, Markus; Bruss, Dagmar [Institute for Theoretical Physics III, Heinrich-Heine-universitaet Duesseldorf, D-40225 Duesseldorf (Germany)

2011-09-15

A realistic quantum key distribution (QKD) protocol necessarily deals with finite resources, such as the number of signals exchanged by the two parties. We derive a bound on the secret key rate which is expressed as an optimization problem over Renyi entropies. Under the assumption of collective attacks by an eavesdropper, a computable estimate of our bound for the six-state protocol is provided. This bound leads to improved key rates in comparison to previous results.

Quantum key distribution with finite resources: Secret key rates via Renyi entropies

International Nuclear Information System (INIS)

Abruzzo, Silvestre; Kampermann, Hermann; Mertz, Markus; Bruss, Dagmar

2011-01-01

A realistic quantum key distribution (QKD) protocol necessarily deals with finite resources, such as the number of signals exchanged by the two parties. We derive a bound on the secret key rate which is expressed as an optimization problem over Renyi entropies. Under the assumption of collective attacks by an eavesdropper, a computable estimate of our bound for the six-state protocol is provided. This bound leads to improved key rates in comparison to previous results.

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

Science.gov (United States)

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Asynchronous Group Key Distribution on top of the CC2420 Security Mechanisms for Sensor Networks

DEFF Research Database (Denmark)

Hansen, Morten Tranberg

2009-01-01

scheme with no time synchronization requirements. The scheme decreases the number of key updates by providing them on an as needed basis according to the amount of network traffic. We evaluate the CC2420 radio security mechanism and show how to use it as a basis to implement secure group communication......A sensor network is a network consisting of small, inexpensive, low-powered sensor nodes that communicate to complete a common task. Sensor nodes are characterized by having limited communication and computation capabilities, energy, and storage. They often are deployed in hostile environments...... creating a demand for encryption and authentication of the messages sent between them. Due to severe resource constraints on the sensor nodes, efficient key distribution schemes and secure communication protocols with low overhead are desired. In this paper we present an asynchronous group key distribution...

Security and gain improvement of a practical quantum key distribution using a gated single-photon source and probabilistic photon-number resolution

International Nuclear Information System (INIS)

Horikiri, Tomoyuki; Sasaki, Hideki; Wang, Haibo; Kobayashi, Takayoshi

2005-01-01

We propose a high security quantum key distribution (QKD) scheme utilizing one mode of spontaneous parametric downconversion gated by a photon number resolving detector. This photon number measurement is possible by using single-photon detectors operating at room temperature and optical fibers. By post selection, the multiphoton probability in this scheme can be reduced to lower than that of a scheme using an attenuated coherent light resulting in improvement of security. Furthermore, if distillation protocol (error correction and privacy amplification) is performed, the gain will be increased. Hence a QKD system with higher security and bit rate than the laser-based QKD system can be attained using present available technologies

Securing Metering Infrastructure of Smart Grid: A Machine Learning and Localization Based Key Management Approach

Directory of Open Access Journals (Sweden)

Imtiaz Parvez

2016-08-01

Full Text Available In smart cities, advanced metering infrastructure (AMI of the smart grid facilitates automated metering, control and monitoring of power distribution by employing a wireless network. Due to this wireless nature of communication, there exist potential threats to the data privacy in AMI. Decoding the energy consumption reading, injecting false data/command signals and jamming the networks are some hazardous measures against this technology. Since a smart meter possesses limited memory and computational capability, AMI demands a light, but robust security scheme. In this paper, we propose a localization-based key management system for meter data encryption. Data are encrypted by the key associated with the coordinate of the meter and a random key index. The encryption keys are managed and distributed by a trusted third party (TTP. Localization of the meter is proposed by a method based on received signal strength (RSS using the maximum likelihood estimator (MLE. The received packets are decrypted at the control center with the key mapped with the key index and the meter’s coordinates. Additionally, we propose the k-nearest neighbors (kNN algorithm for node/meter authentication, capitalizing further on data transmission security. Finally, we evaluate the security strength of a data packet numerically for our method.

Common-signal-induced synchronization in photonic integrated circuits and its application to secure key distribution.

Science.gov (United States)

Sasaki, Takuma; Kakesu, Izumi; Mitsui, Yusuke; Rontani, Damien; Uchida, Atsushi; Sunada, Satoshi; Yoshimura, Kazuyuki; Inubushi, Masanobu

2017-10-16

We experimentally achieve common-signal-induced synchronization in two photonic integrated circuits with short external cavities driven by a constant-amplitude random-phase light. The degree of synchronization can be controlled by changing the optical feedback phase of the two photonic integrated circuits. The change in the optical feedback phase leads to a significant redistribution of the spectral energy of optical and RF spectra, which is a unique characteristic of PICs with the short external cavity. The matching of the RF and optical spectra is necessary to achieve synchronization between the two PICs, and stable synchronization can be obtained over an hour in the presence of optical feedback. We succeed in generating information-theoretic secure keys and achieving the final key generation rate of 184 kb/s using the PICs.

A secure effective dynamic group password-based authenticated key agreement scheme for the integrated EPR information system

Directory of Open Access Journals (Sweden)

Vanga Odelu

2016-01-01

Full Text Available With the rapid growth of the Internet, a lot of electronic patient records (EPRs have been developed for e-medicine systems. The security and privacy issues of EPRs are important for the patients in order to understand how the hospitals control the use of their personal information, such as name, address, e-mail, medical records, etc. of a particular patient. Recently, Lee et al. proposed a simple group password-based authenticated key agreement protocol for the integrated EPR information system (SGPAKE. However, in this paper, we show that Lee et al.’s protocol is vulnerable to the off-line weak password guessing attack and as a result, their scheme does not provide users’ privacy. To withstand this security weakness found in Lee et al.’s scheme, we aim to propose an effective dynamic group password-based authenticated key exchange scheme for the integrated EPR information system, which retains the original merits of Lee et al.’s scheme. Through the informal and formal security analysis, we show that our scheme provides users’ privacy, perfect forward security and known-key security, and also protects online and offline password guessing attacks. Furthermore, our scheme efficiently supports the dynamic group password-based authenticated key agreement for the integrated EPR information system. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications tool and show that our scheme is secure against passive and active attacks.

7 CFR 774.18 - Interest rate, terms and security requirements.

Science.gov (United States)

2010-01-01

... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms and security requirements. 774.18..., DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS EMERGENCY LOAN FOR SEED PRODUCERS PROGRAM § 774.18 Interest rate, terms and security requirements. (a) Interest rate. (1) The interest rate on the loan will be zero...

Secure quantum key distribution

Science.gov (United States)

Lo, Hoi-Kwong; Curty, Marcos; Tamaki, Kiyoshi

2014-08-01

Secure communication is crucial in the Internet Age, and quantum mechanics stands poised to revolutionize cryptography as we know it today. In this Review, we introduce the motivation and the current state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After briefly introducing recent experimental progress and challenges, we survey the latest developments in quantum hacking and countermeasures against it.

On the security of Y-00 under fast correlation and other attacks on the key

Science.gov (United States)

Yuen, Horace P.; Nair, Ranjith

2007-04-01

The security of the Y-00 direct encryption protocol under correlation attack is addressed. A Y-00 configuration that is more secure than AES under known-plaintext attack is presented. It is shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any encryption box ENC with proper deliberate signal randomization.

On the security of Y-00 under fast correlation and other attacks on the key

International Nuclear Information System (INIS)

Yuen, Horace P.; Nair, Ranjith

2007-01-01

The security of the Y-00 direct encryption protocol under correlation attack is addressed. A Y-00 configuration that is more secure than AES under known-plaintext attack is presented. It is shown that under any ciphertext-only attack, full information-theoretic security on the Y-00 seed key is obtained for any encryption box ENC with proper deliberate signal randomization

Phase-encoded measurement device independent quantum key distribution without a shared reference frame

Science.gov (United States)

Zhuo-Dan, Zhu; Shang-Hong, Zhao; Chen, Dong; Ying, Sun

2018-07-01

In this paper, a phase-encoded measurement device independent quantum key distribution (MDI-QKD) protocol without a shared reference frame is presented, which can generate secure keys between two parties while the quantum channel or interferometer introduces an unknown and slowly time-varying phase. The corresponding secret key rate and single photons bit error rate is analysed, respectively, with single photons source (SPS) and weak coherent source (WCS), taking finite-key analysis into account. The numerical simulations show that the modified phase-encoded MDI-QKD protocol has apparent superiority both in maximal secure transmission distance and key generation rate while possessing the improved robustness and practical security in the high-speed case. Moreover, the rejection of the frame-calibrating part will intrinsically reduce the consumption of resources as well as the potential security flaws of practical MDI-QKD systems.

On the security of a novel key agreement protocol based on chaotic maps

International Nuclear Information System (INIS)

Xiang Tao; Wong, K.-W.; Liao Xiaofeng

2009-01-01

Recently, Xiao et al. proposed a novel key agreement protocol based on Chebyshev chaotic map. In this paper, the security of the protocol is analyzed, and two attack methods can be found in different scenarios. The essential principle of Xiao et al.'s scheme is summarized. It is also pointed out with proof that any attempt along this line to improve the security of Chebyshev map is redundant.

Security of quantum cryptography with realistic sources

International Nuclear Information System (INIS)

Lutkenhaus, N.

1999-01-01

The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

Security of quantum cryptography with realistic sources

Energy Technology Data Exchange (ETDEWEB)

Lutkenhaus, N [Helsinki Institute of Physics, P.O. Box 9, 00014 Helsingin yliopisto (Finland)

1999-08-01

The interest in practical implementations of quantum key distribution is steadily growing. However, there is still a need to give a precise security statement which adapts to realistic implementation. In this paper I give the effective key rate we can obtain in a practical setting within scenario of security against individual attacks by an eavesdropper. It illustrates previous results that high losses together with detector dark counts can make secure quantum key distribution impossible. (Author)

7 CFR 771.9 - Interest rates, terms, security requirements, and repayment.

Science.gov (United States)

2010-01-01

... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rates, terms, security requirements, and... Interest rates, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed for the term of the loan. The rate will be established by FSA, based upon the cost of Government...

Key rate of quantum key distribution with hashed two-way classical communication

International Nuclear Information System (INIS)

Watanabe, Shun; Matsumoto, Ryutaroh; Uyematsu, Tomohiko; Kawano, Yasuhito

2007-01-01

We propose an information reconciliation protocol that uses two-way classical communication. The key rates of quantum key distribution (QKD) protocols that use our protocol are higher than those using previously known protocols for a wide range of error rates for the Bennett-Brassard 1984 and six-state protocols. We also clarify the relation between the proposed and known QKD protocols, and the relation between the proposed protocol and entanglement distillation protocols

7 CFR 773.19 - Interest rate, terms, security requirements, and repayment.

Science.gov (United States)

2010-01-01

... 7 Agriculture 7 2010-01-01 2010-01-01 false Interest rate, terms, security requirements, and... SERVICE AGENCY, DEPARTMENT OF AGRICULTURE SPECIAL PROGRAMS SPECIAL APPLE LOAN PROGRAM § 773.19 Interest rate, terms, security requirements, and repayment. (a) Interest rate. The interest rate will be fixed...

Finite-key analysis for quantum key distribution with weak coherent pulses based on Bernoulli sampling

Science.gov (United States)

Kawakami, Shun; Sasaki, Toshihiko; Koashi, Masato

2017-07-01

An essential step in quantum key distribution is the estimation of parameters related to the leaked amount of information, which is usually done by sampling of the communication data. When the data size is finite, the final key rate depends on how the estimation process handles statistical fluctuations. Many of the present security analyses are based on the method with simple random sampling, where hypergeometric distribution or its known bounds are used for the estimation. Here we propose a concise method based on Bernoulli sampling, which is related to binomial distribution. Our method is suitable for the Bennett-Brassard 1984 (BB84) protocol with weak coherent pulses [C. H. Bennett and G. Brassard, Proceedings of the IEEE Conference on Computers, Systems and Signal Processing (IEEE, New York, 1984), Vol. 175], reducing the number of estimated parameters to achieve a higher key generation rate compared to the method with simple random sampling. We also apply the method to prove the security of the differential-quadrature-phase-shift (DQPS) protocol in the finite-key regime. The result indicates that the advantage of the DQPS protocol over the phase-encoding BB84 protocol in terms of the key rate, which was previously confirmed in the asymptotic regime, persists in the finite-key regime.

One-time pad, complexity of verification of keys, and practical security of quantum cryptography

Energy Technology Data Exchange (ETDEWEB)

Molotkov, S. N., E-mail: sergei.molotkov@gmail.com [Russian Academy of Sciences, Institute of Solid State Physics (Russian Federation)

2016-11-15

A direct relation between the complexity of the complete verification of keys, which is one of the main criteria of security in classical systems, and a trace distance used in quantum cryptography is demonstrated. Bounds for the minimum and maximum numbers of verification steps required to determine the actual key are obtained.

One-time pad, complexity of verification of keys, and practical security of quantum cryptography

International Nuclear Information System (INIS)

Molotkov, S. N.

2016-01-01

A direct relation between the complexity of the complete verification of keys, which is one of the main criteria of security in classical systems, and a trace distance used in quantum cryptography is demonstrated. Bounds for the minimum and maximum numbers of verification steps required to determine the actual key are obtained.

An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

Energy Technology Data Exchange (ETDEWEB)

Zaher, Ashraf A. [Physics Department, Science College, Kuwait University, P.O. Box 5969, Safat 13060 (Kuwait)], E-mail: ashraf.zaher@ku.edu.kw

2009-12-15

In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

An improved chaos-based secure communication technique using a novel encryption function with an embedded cipher key

International Nuclear Information System (INIS)

Zaher, Ashraf A.

2009-01-01

In this paper, a secure communication technique, using a chaotic system with a single adjustable parameter and a single observable time series, is proposed. The chosen chaotic system, which is a variant of the famous Rikitake model, has a special structure for which the adjustable parameter appears in the dynamic equation of the observable time series. This particular structure is used to build a synchronization-based state observer that is decoupled from the adaptive parameter identifier. A local Lyapunov function is used to design the parameter identifier, with an adjustable convergence rate that guarantees the stability of the overall system. A two-channel transmission method is used to exemplify the suggested technique where the secret message is encoded using a nonlinear function of both the chaotic states and the adjustable parameter of the chaotic system that acts as a secret key. Simulations show that, at the receiver, the signal can be efficiently retrieved only if the secret key is known, even when both the receiver and the transmitter are in perfect synchronization. The proposed technique is demonstrated to have improved security and privacy against intruders, when compared to other techniques reported in the literature, while being simple to implement using both analog and digital hardware. In addition, the chosen chaotic system is shown to be flexible in accommodating the transmission of signals with variable bandwidths, which promotes the superiority and versatility of the suggested secure communication technique.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks.

Science.gov (United States)

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F; Schnabel, Roman

2015-10-30

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

Science.gov (United States)

Gehring, Tobias; Händchen, Vitus; Duhme, Jörg; Furrer, Fabian; Franz, Torsten; Pacher, Christoph; Werner, Reinhard F.; Schnabel, Roman

2015-10-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our implementation is based on the distribution of continuous-variable Einstein-Podolsky-Rosen entangled light. It is one-sided device independent, which means the security of the generated key is independent of any memoryfree attacks on the remote detector. Since continuous-variable encoding is compatible with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components.

Meta-Key: A Secure Data-Sharing Protocol under Blockchain-Based Decentralised Storage Architecture

OpenAIRE

Fu, Yue

2017-01-01

In this paper a secure data-sharing protocol under blockchain-based decentralised storage architecture is proposed, which fulfils users who need to share their encrypted data on-cloud. It implements a remote data-sharing mechanism that enables data owners to share their encrypted data to other users without revealing the original key. Nor do they have to download on-cloud data with re-encryption and re-uploading. Data security as well as efficiency are ensured by symmetric encryption, whose k...

Effectiveness of Taxicab Security Equipment in Reducing Driver Homicide Rates

Science.gov (United States)

Menéndez, Cammie K.C.; Amandus, Harlan E.; Damadi, Parisa; Wu, Nan; Konda, Srinivas; Hendricks, Scott A.

2015-01-01

Background Taxicab drivers historically have had one of the highest work-related homicide rates of any occupation. In 2010 the taxicab driver homicide rate was 7.4 per 100,000 drivers, compared to the overall rate of 0.37 per 100,000 workers. Purpose Evaluate the effectiveness of taxicab security cameras and partitions on citywide taxicab driver homicide rates. Methods Taxicab driver homicide rates were compared in 26 major cities in the U.S. licensing taxicabs with security cameras (n=8); bullet-resistant partitions (n=7); and cities where taxicabs were not equipped with either security cameras or partitions (n=11). News clippings of taxicab driver homicides and the number of licensed taxicabs by city were used to construct taxicab driver homicide rates spanning 15 years (1996–2010). Generalized estimating equations were constructed to model the Poisson-distributed homicide rates on city-specific safety equipment installation status, controlling for city homicide rate and the concurrent decline of homicide rates over time. Data were analyzed in 2012. Results Cities with cameras experienced a threefold reduction in taxicab driver homicides compared with control cities (RR=0.27; 95% CI=0.12, 0.61; p=0.002). There was no difference in homicide rates for cities with partitions compared with control cities (RR=1.15; 95% CI=0.80, 1.64; p=0.575). Conclusions Municipal ordinances and company policies mandating security cameras appear to be highly effective in reducing taxicab driver deaths due to workplace violence. PMID:23790983

Building Secure Public Key Encryption Scheme from Hidden Field Equations

Directory of Open Access Journals (Sweden)

Yuan Ping

2017-01-01

Full Text Available Multivariate public key cryptography is a set of cryptographic schemes built from the NP-hardness of solving quadratic equations over finite fields, amongst which the hidden field equations (HFE family of schemes remain the most famous. However, the original HFE scheme was insecure, and the follow-up modifications were shown to be still vulnerable to attacks. In this paper, we propose a new variant of the HFE scheme by considering the special equation x2=x defined over the finite field F3 when x=0,1. We observe that the equation can be used to further destroy the special structure of the underlying central map of the HFE scheme. It is shown that the proposed public key encryption scheme is secure against known attacks including the MinRank attack, the algebraic attacks, and the linearization equations attacks. The proposal gains some advantages over the original HFE scheme with respect to the encryption speed and public key size.

Finite-key-size effect in a commercial plug-and-play QKD system

Science.gov (United States)

Chaiwongkhot, Poompong; Sajeed, Shihan; Lydersen, Lars; Makarov, Vadim

2017-12-01

A security evaluation against the finite-key-size effect was performed for a commercial plug-and-play quantum key distribution (QKD) system. We demonstrate the ability of an eavesdropper to force the system to distill key from a smaller length of sifted-key. We also derive a key-rate equation that is specific for this system. This equation provides bounds above the upper bound of secure key under finite-key-size analysis. From this equation and our experimental data, we show that the keys that have been distilled from the smaller sifted-key size fall above our bound. Thus, their security is not covered by finite-key-size analysis. Experimentally, we could consistently force the system to generate the key outside of the bound. We also test manufacturer’s software update. Although all the keys after the patch fall under our bound, their security cannot be guaranteed under this analysis. Our methodology can be used for security certification and standardization of QKD systems.

Finite key analysis in quantum cryptography

International Nuclear Information System (INIS)

Meyer, T.

2007-01-01

In view of experimental realization of quantum key distribution schemes, the study of their efficiency becomes as important as the proof of their security. The latter is the subject of most of the theoretical work about quantum key distribution, and many important results such as the proof of unconditional security have been obtained. The efficiency and also the robustness of quantum key distribution protocols against noise can be measured by figures of merit such as the secret key rate (the fraction of input signals that make it into the key) and the threshold quantum bit error rate (the maximal error rate such that one can still create a secret key). It is important to determine these quantities because they tell us whether a certain quantum key distribution scheme can be used at all in a given situation and if so, how many secret key bits it can generate in a given time. However, these figures of merit are usually derived under the ''infinite key limit'' assumption, that is, one assumes that an infinite number of quantum states are send and that all sub-protocols of the scheme (in particular privacy amplification) are carried out on these infinitely large blocks. Such an assumption usually eases the analysis, but also leads to (potentially) too optimistic values for the quantities in question. In this thesis, we are explicitly avoiding the infinite key limit for the analysis of the privacy amplification step, which plays the most important role in a quantum key distribution scheme. We still assume that an optimal error correction code is applied and we do not take into account any statistical errors that might occur in the parameter estimation step. Renner and coworkers derived an explicit formula for the obtainable key rate in terms of Renyi entropies of the quantum states describing Alice's, Bob's, and Eve's systems. This results serves as a starting point for our analysis, and we derive an algorithm that efficiently computes the obtainable key rate for any

Finite key analysis in quantum cryptography

Energy Technology Data Exchange (ETDEWEB)

Meyer, T.

2007-10-31

In view of experimental realization of quantum key distribution schemes, the study of their efficiency becomes as important as the proof of their security. The latter is the subject of most of the theoretical work about quantum key distribution, and many important results such as the proof of unconditional security have been obtained. The efficiency and also the robustness of quantum key distribution protocols against noise can be measured by figures of merit such as the secret key rate (the fraction of input signals that make it into the key) and the threshold quantum bit error rate (the maximal error rate such that one can still create a secret key). It is important to determine these quantities because they tell us whether a certain quantum key distribution scheme can be used at all in a given situation and if so, how many secret key bits it can generate in a given time. However, these figures of merit are usually derived under the ''infinite key limit'' assumption, that is, one assumes that an infinite number of quantum states are send and that all sub-protocols of the scheme (in particular privacy amplification) are carried out on these infinitely large blocks. Such an assumption usually eases the analysis, but also leads to (potentially) too optimistic values for the quantities in question. In this thesis, we are explicitly avoiding the infinite key limit for the analysis of the privacy amplification step, which plays the most important role in a quantum key distribution scheme. We still assume that an optimal error correction code is applied and we do not take into account any statistical errors that might occur in the parameter estimation step. Renner and coworkers derived an explicit formula for the obtainable key rate in terms of Renyi entropies of the quantum states describing Alice's, Bob's, and Eve's systems. This results serves as a starting point for our analysis, and we derive an algorithm that efficiently computes

Secret key rates in quantum key distribution using Renyi entropies

Energy Technology Data Exchange (ETDEWEB)

Abruzzo, Silvestre; Kampermann, Hermann; Mertz, Markus; Bratzik, Sylvia; Bruss, Dagmar [Institut fuer Theoretische Physik III, Heinrich-Heine-Universitaet Duesseldorf (Germany)

2010-07-01

The secret key rate r of a quantum key distribution protocol depends on the involved number of signals and the accepted ''failure probability''. We reconsider a method to calculate r focusing on the analysis of the privacy amplification given by R. Renner and R. Koenig (2005). This approach involves an optimization problem with an objective function depending on the Renyi entropy of the density operator describing the classical outcomes and the eavesdropper system. This problem is analyzed for a generic class of QKD protocols and the current research status is presented.

Securing Body Sensor Networks with Biometric Methods: A New Key Negotiation Method and a Key Sampling Method for Linear Interpolation Encryption

OpenAIRE

Zhao, Huawei; Chen, Chi; Hu, Jiankun; Qin, Jing

2015-01-01

We present two approaches that exploit biometric data to address security problems in the body sensor networks: a new key negotiation scheme based on the fuzzy extractor technology and an improved linear interpolation encryption method. The first approach designs two attack games to give the formal definition of fuzzy negotiation that forms a new key negotiation scheme based on fuzzy extractor technology. According to the definition, we further define a concrete structure of fuzzy negotiation...

Quantum key distribution with an unknown and untrusted source

Science.gov (United States)

Zhao, Yi; Qi, Bing; Lo, Hoi-Kwong

2009-03-01

The security of a standard bi-directional ``plug & play'' quantum key distribution (QKD) system has been an open question for a long time. This is mainly because its source is equivalently controlled by an eavesdropper, which means the source is unknown and untrusted. Qualitative discussion on this subject has been made previously. In this paper, we present the first quantitative security analysis on a general class of QKD protocols whose sources are unknown and untrusted. The securities of standard BB84 protocol, weak+vacuum decoy state protocol, and one-decoy decoy state protocol, with unknown and untrusted sources are rigorously proved. We derive rigorous lower bounds to the secure key generation rates of the above three protocols. Our numerical simulation results show that QKD with an untrusted source gives a key generation rate that is close to that with a trusted source. Our work is published in [1]. [4pt] [1] Y. Zhao, B. Qi, and H.-K. Lo, Phys. Rev. A, 77:052327 (2008).

Entangled quantum key distribution with a biased basis choice

International Nuclear Information System (INIS)

Erven, Chris; Ma Xiongfeng; Laflamme, Raymond; Weihs, Gregor

2009-01-01

We investigate a quantum key distribution (QKD) scheme that utilizes a biased basis choice in order to increase the efficiency of the scheme. The optimal bias between the two measurement bases, a more refined error analysis and finite key size effects are all studied in order to assure the security of the final key generated with the system. We then implement the scheme in a local entangled QKD system that uses polarization entangled photon pairs to securely distribute the key. A 50/50 non-polarizing beamsplitter (BS) with different optical attenuators is used to simulate a variable BS in order to allow us to study the operation of the system for different biases. Over 6 h of continuous operation with a total bias of 0.9837/0.0163 (Z/X), we were able to generate 0.4567 secure key bits per raw key bit as compared to 0.2550 secure key bits per raw key bit for the unbiased case. This represents an increase in the efficiency of the key generation rate by 79%.

Fully Device-Independent Quantum Key Distribution

Science.gov (United States)

Vazirani, Umesh; Vidick, Thomas

2014-10-01

Quantum cryptography promises levels of security that are impossible to replicate in a classical world. Can this security be guaranteed even when the quantum devices on which the protocol relies are untrusted? This central question dates back to the early 1990s when the challenge of achieving device-independent quantum key distribution was first formulated. We answer this challenge by rigorously proving the device-independent security of a slight variant of Ekert's original entanglement-based protocol against the most general (coherent) attacks. The resulting protocol is robust: While assuming only that the devices can be modeled by the laws of quantum mechanics and are spatially isolated from each other and from any adversary's laboratory, it achieves a linear key rate and tolerates a constant noise rate in the devices. In particular, the devices may have quantum memory and share arbitrary quantum correlations with the eavesdropper. The proof of security is based on a new quantitative understanding of the monogamous nature of quantum correlations in the context of a multiparty protocol.

Public Key Infrastructure (PKI) Interoperability: A Security Services Approach to Support Transfer of Trust

National Research Council Canada - National Science Library

Hansen, Anthony

1999-01-01

Public key infrastructure (PKI) technology is at a primitive stage characterized by deployment of PKIs that are engineered to support the provision of security services within individual enterprises, and are not able to support...

Fully device-independent conference key agreement

Science.gov (United States)

Ribeiro, Jérémy; Murta, Gláucia; Wehner, Stephanie

2018-02-01

We present a security analysis of conference key agreement (CKA) in the most adversarial model of device independence (DI). Our protocol can be implemented by any experimental setup that is capable of performing Bell tests [specifically, the Mermin-Ardehali-Belinskii-Klyshko (MABK) inequality], and security can in principle be obtained for any violation of the MABK inequality that detects genuine multipartite entanglement among the N parties involved in the protocol. As our main tool, we derive a direct physical connection between the N -partite MABK inequality and the Clauser-Horne-Shimony-Holt (CHSH) inequality, showing that certain violations of the MABK inequality correspond to a violation of the CHSH inequality between one of the parties and the other N -1 . We compare the asymptotic key rate for device-independent conference key agreement (DICKA) to the case where the parties use N -1 device-independent quantum key distribution protocols in order to generate a common key. We show that for some regime of noise the DICKA protocol leads to better rates.

Information theoretically secure, enhanced Johnson noise based key distribution over the smart grid with switched filters.

Science.gov (United States)

Gonzalez, Elias; Kish, Laszlo B; Balog, Robert S; Enjeti, Prasad

2013-01-01

We introduce a protocol with a reconfigurable filter system to create non-overlapping single loops in the smart power grid for the realization of the Kirchhoff-Law-Johnson-(like)-Noise secure key distribution system. The protocol is valid for one-dimensional radial networks (chain-like power line) which are typical of the electricity distribution network between the utility and the customer. The speed of the protocol (the number of steps needed) versus grid size is analyzed. When properly generalized, such a system has the potential to achieve unconditionally secure key distribution over the smart power grid of arbitrary geometrical dimensions.

On distributed key distribution centers and unconditionally secure proactive verifiable secret sharing schemes based on general access structure

NARCIS (Netherlands)

Nikov, V.S.; Nikova, S.I.; Preneel, B.; Vandewalle, J.; Menezes, A.; Sarkar, P.

2002-01-01

A Key Distribution Center of a network is a server enabling private communications within groups of users. A Distributed Key Distribution Center is a set of servers that jointly realizes a Key Distribution Center. In this paper we build a robust Distributed Key Distribution Center Scheme secure

Implementation of continuous-variable quantum key distribution with composable and one-sided-device-independent security against coherent attacks

DEFF Research Database (Denmark)

Gehring, Tobias; Haendchen, Vitus; Duhme, Joerg

2015-01-01

Secret communication over public channels is one of the central pillars of a modern information society. Using quantum key distribution this is achieved without relying on the hardness of mathematical problems, which might be compromised by improved algorithms or by future quantum computers. State......-of-the-art quantum key distribution requires composable security against coherent attacks for a finite number of distributed quantum states as well as robustness against implementation side channels. Here we present an implementation of continuous-variable quantum key distribution satisfying these requirements. Our...... with conventional optical communication technology, our work is a step towards practical implementations of quantum key distribution with state-of-the-art security based solely on telecom components....

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

Science.gov (United States)

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-11

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

Science.gov (United States)

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-01

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

Device independent quantum key distribution secure against coherent attacks with memoryless measurement devices

International Nuclear Information System (INIS)

McKague, Matthew

2009-01-01

Device independent quantum key distribution (QKD) aims to provide a higher degree of security than traditional QKD schemes by reducing the number of assumptions that need to be made about the physical devices used. The previous proof of security by Pironio et al (2009 New J. Phys. 11 045021) applies only to collective attacks where the state is identical and independent and the measurement devices operate identically for each trial in the protocol. We extend this result to a more general class of attacks where the state is arbitrary and the measurement devices have no memory. We accomplish this by a reduction of arbitrary adversary strategies to qubit strategies and a proof of security for qubit strategies based on the previous proof by Pironio et al and techniques adapted from Renner.

Practical quantum key distribution with polarization-entangled photons

International Nuclear Information System (INIS)

Poppe, A.; Fedrizzi, A.; Boehm, H.; Ursin, R.; Loruenser, T.; Peev, M.; Maurhardt, O.; Suda, M.; Kurtsiefer, C.; Weinfurter, H.; Jennewein, T.; Zeilinger, A.

2005-01-01

Full text: We present an entangled-state quantum cryptography system that operated for the first time in a real-world application scenario. The full key generation protocol was performed in real-time between two distributed embedded hardware devices, which were connected by 1.45 km of optical fiber, installed for this experiment in the Vienna sewage system. A source for polarization-entangled photons delivered about 8200 entangled photon pairs per second. After transmission to the distant receivers, a mean value of 468 pairs per second remained for the generation of a raw key, which showed an average qubit error rate of 6.4 %. The raw key was sifted and subsequently processed by a classical protocol which included error correction and privacy amplification. The final secure key bit rate was about 76 bits per second. The generated quantum key was then handed over and used by a secure communication application. (author)

Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

Science.gov (United States)

Bui, Francis Minhthang; Hatzinakos, Dimitrios

2007-12-01

As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN), which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1) a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2) a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG) signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

Biometric Methods for Secure Communications in Body Sensor Networks: Resource-Efficient Key Management and Signal-Level Data Scrambling

Directory of Open Access Journals (Sweden)

Dimitrios Hatzinakos

2008-03-01

Full Text Available As electronic communications become more prevalent, mobile and universal, the threats of data compromises also accordingly loom larger. In the context of a body sensor network (BSN, which permits pervasive monitoring of potentially sensitive medical data, security and privacy concerns are particularly important. It is a challenge to implement traditional security infrastructures in these types of lightweight networks since they are by design limited in both computational and communication resources. A key enabling technology for secure communications in BSN's has emerged to be biometrics. In this work, we present two complementary approaches which exploit physiological signals to address security issues: (1 a resource-efficient key management system for generating and distributing cryptographic keys to constituent sensors in a BSN; (2 a novel data scrambling method, based on interpolation and random sampling, that is envisioned as a potential alternative to conventional symmetric encryption algorithms for certain types of data. The former targets the resource constraints in BSN's, while the latter addresses the fuzzy variability of biometric signals, which has largely precluded the direct application of conventional encryption. Using electrocardiogram (ECG signals as biometrics, the resulting computer simulations demonstrate the feasibility and efficacy of these methods for delivering secure communications in BSN's.

Decoy State Quantum Key Distribution

Science.gov (United States)

Lo, Hoi-Kwong

2005-10-01

Quantum key distribution (QKD) allows two parties to communicate in absolute security based on the fundamental laws of physics. Up till now, it is widely believed that unconditionally secure QKD based on standard Bennett-Brassard (BB84) protocol is limited in both key generation rate and distance because of imperfect devices. Here, we solve these two problems directly by presenting new protocols that are feasible with only current technology. Surprisingly, our new protocols can make fiber-based QKD unconditionally secure at distances over 100km (for some experiments, such as GYS) and increase the key generation rate from O(η2) in prior art to O(η) where η is the overall transmittance. Our method is to develop the decoy state idea (first proposed by W.-Y. Hwang in "Quantum Key Distribution with High Loss: Toward Global Secure Communication", Phys. Rev. Lett. 91, 057901 (2003)) and consider simple extensions of the BB84 protocol. This part of work is published in "Decoy State Quantum Key Distribution", . We present a general theory of the decoy state protocol and propose a decoy method based on only one signal state and two decoy states. We perform optimization on the choice of intensities of the signal state and the two decoy states. Our result shows that a decoy state protocol with only two types of decoy states--a vacuum and a weak decoy state--asymptotically approaches the theoretical limit of the most general type of decoy state protocols (with an infinite number of decoy states). We also present a one-decoy-state protocol as a special case of Vacuum+Weak decoy method. Moreover, we provide estimations on the effects of statistical fluctuations and suggest that, even for long distance (larger than 100km) QKD, our two-decoy-state protocol can be implemented with only a few hours of experimental data. In conclusion, decoy state quantum key distribution is highly practical. This part of work is published in "Practical Decoy State for Quantum Key Distribution

Security Concepts for Satellite Links

Science.gov (United States)

Tobehn, C.; Penné, B.; Rathje, R.; Weigl, A.; Gorecki, Ch.; Michalik, H.

2008-08-01

The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services. This paper describes the key points of current satellite control and operations, that are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods. For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC- DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data provides download data rates up to Nx250 Mbps. The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi- satellite system and German-French SAR-Lupe-Helios- II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES).

An adaptation method to improve secret key rates of time-frequency QKD in atmospheric turbulence channels

Science.gov (United States)

Sun, Xiaole; Djordjevic, Ivan B.; Neifeld, Mark A.

2016-03-01

Free-space optical (FSO) channels can be characterized by random power fluctuations due to atmospheric turbulence, which is known as scintillation. Weak coherent source based FSO quantum key distribution (QKD) systems suffer from the scintillation effect because during the deep channel fading the expected detection rate drops, which then gives an eavesdropper opportunity to get additional information about protocol by performing photon number splitting (PNS) attack and blocking single-photon pulses without changing QBER. To overcome this problem, in this paper, we study a large-alphabet QKD protocol, which is achieved by using pulse-position modulation (PPM)-like approach that utilizes the time-frequency uncertainty relation of the weak coherent photon state, called here TF-PPM-QKD protocol. We first complete finite size analysis for TF-PPM-QKD protocol to give practical bounds against non-negligible statistical fluctuation due to finite resources in practical implementations. The impact of scintillation under strong atmospheric turbulence regime is studied then. To overcome the secure key rate performance degradation of TF-PPM-QKD caused by scintillation, we propose an adaptation method for compensating the scintillation impact. By changing source intensity according to the channel state information (CSI), obtained by classical channel, the adaptation method improves the performance of QKD system with respect to the secret key rate. The CSI of a time-varying channel can be predicted using stochastic models, such as autoregressive (AR) models. Based on the channel state predictions, we change the source intensity to the optimal value to achieve a higher secret key rate. We demonstrate that the improvement of the adaptation method is dependent on the prediction accuracy.

Efficient secure-channel free public key encryption with keyword search for EMRs in cloud storage.

Science.gov (United States)

Guo, Lifeng; Yau, Wei-Chuen

2015-02-01

Searchable encryption is an important cryptographic primitive that enables privacy-preserving keyword search on encrypted electronic medical records (EMRs) in cloud storage. Efficiency of such searchable encryption in a medical cloud storage system is very crucial as it involves client platforms such as smartphones or tablets that only have constrained computing power and resources. In this paper, we propose an efficient secure-channel free public key encryption with keyword search (SCF-PEKS) scheme that is proven secure in the standard model. We show that our SCF-PEKS scheme is not only secure against chosen keyword and ciphertext attacks (IND-SCF-CKCA), but also secure against keyword guessing attacks (IND-KGA). Furthermore, our proposed scheme is more efficient than other recent SCF-PEKS schemes in the literature.

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

Directory of Open Access Journals (Sweden)

Le Xuan Hung

2008-12-01

Full Text Available For many sensor network applications such as military or homeland security, it is essential for users (sinks to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1 Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2 The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3 The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4 Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5 No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks

International Nuclear Information System (INIS)

Patel, K. A.; Dynes, J. F.; Lucamarini, M.; Choi, I.; Sharpe, A. W.; Yuan, Z. L.; Shields, A. J.; Penty, R. V.

2014-01-01

We demonstrate quantum key distribution (QKD) with bidirectional 10 Gb/s classical data channels in a single fiber using dense wavelength division multiplexing. Record secure key rates of 2.38 Mbps and fiber distances up to 70 km are achieved. Data channels are simultaneously monitored for error-free operation. The robustness of QKD is further demonstrated with a secure key rate of 445 kbps over 25 km, obtained in the presence of data lasers launching conventional 0 dBm power. We discuss the fundamental limit for the QKD performance in the multiplexing environment

Security Analysis of Measurement-Device-Independent Quantum Key Distribution in Collective-Rotation Noisy Environment

Science.gov (United States)

Li, Na; Zhang, Yu; Wen, Shuang; Li, Lei-lei; Li, Jian

2018-01-01

Noise is a problem that communication channels cannot avoid. It is, thus, beneficial to analyze the security of MDI-QKD in noisy environment. An analysis model for collective-rotation noise is introduced, and the information theory methods are used to analyze the security of the protocol. The maximum amount of information that Eve can eavesdrop is 50%, and the eavesdropping can always be detected if the noise level ɛ ≤ 0.68. Therefore, MDI-QKD protocol is secure as quantum key distribution protocol. The maximum probability that the relay outputs successful results is 16% when existing eavesdropping. Moreover, the probability that the relay outputs successful results when existing eavesdropping is higher than the situation without eavesdropping. The paper validates that MDI-QKD protocol has better robustness.

76 FR 8946 - Security Ratings

Science.gov (United States)

2011-02-16

... grade securities (such as foreign currency or other cash settled derivative securities). See... investment grade securities (such as foreign currency or other cash settled derivative securities). See... SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 200, 229, 230, 232, 239, 240, and 249 [Release No...

Device-independent secret-key-rate analysis for quantum repeaters

Science.gov (United States)

Holz, Timo; Kampermann, Hermann; Bruß, Dagmar

2018-01-01

The device-independent approach to quantum key distribution (QKD) aims to establish a secret key between two or more parties with untrusted devices, potentially under full control of a quantum adversary. The performance of a QKD protocol can be quantified by the secret key rate, which can be lower bounded via the violation of an appropriate Bell inequality in a setup with untrusted devices. We study secret key rates in the device-independent scenario for different quantum repeater setups and compare them to their device-dependent analogon. The quantum repeater setups under consideration are the original protocol by Briegel et al. [Phys. Rev. Lett. 81, 5932 (1998), 10.1103/PhysRevLett.81.5932] and the hybrid quantum repeater protocol by van Loock et al. [Phys. Rev. Lett. 96, 240501 (2006), 10.1103/PhysRevLett.96.240501]. For a given repeater scheme and a given QKD protocol, the secret key rate depends on a variety of parameters, such as the gate quality or the detector efficiency. We systematically analyze the impact of these parameters and suggest optimized strategies.

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

Science.gov (United States)

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-04-09

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Jiye Kim

2014-04-01

Full Text Available User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks. In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker’s own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

A Secure and Robust User Authenticated Key Agreement Scheme for Hierarchical Multi-medical Server Environment in TMIS.

Science.gov (United States)

Das, Ashok Kumar; Odelu, Vanga; Goswami, Adrijit

2015-09-01

The telecare medicine information system (TMIS) helps the patients to gain the health monitoring facility at home and access medical services over the Internet of mobile networks. Recently, Amin and Biswas presented a smart card based user authentication and key agreement security protocol usable for TMIS system using the cryptographic one-way hash function and biohashing function, and claimed that their scheme is secure against all possible attacks. Though their scheme is efficient due to usage of one-way hash function, we show that their scheme has several security pitfalls and design flaws, such as (1) it fails to protect privileged-insider attack, (2) it fails to protect strong replay attack, (3) it fails to protect strong man-in-the-middle attack, (4) it has design flaw in user registration phase, (5) it has design flaw in login phase, (6) it has design flaw in password change phase, (7) it lacks of supporting biometric update phase, and (8) it has flaws in formal security analysis. In order to withstand these security pitfalls and design flaws, we aim to propose a secure and robust user authenticated key agreement scheme for the hierarchical multi-server environment suitable in TMIS using the cryptographic one-way hash function and fuzzy extractor. Through the rigorous security analysis including the formal security analysis using the widely-accepted Burrows-Abadi-Needham (BAN) logic, the formal security analysis under the random oracle model and the informal security analysis, we show that our scheme is secure against possible known attacks. Furthermore, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. The simulation results show that our scheme is also secure. Our scheme is more efficient in computation and communication as compared to Amin-Biswas's scheme and other related schemes. In addition, our scheme supports extra functionality features as compared to

Backup key generation model for one-time password security protocol

Science.gov (United States)

Jeyanthi, N.; Kundu, Sourav

2017-11-01

The use of one-time password (OTP) has ushered new life into the existing authentication protocols used by the software industry. It introduced a second layer of security to the traditional username-password authentication, thus coining the term, two-factor authentication. One of the drawbacks of this protocol is the unreliability of the hardware token at the time of authentication. This paper proposes a simple backup key model that can be associated with the real world applications’user database, which would allow a user to circumvent the second authentication stage, in the event of unavailability of the hardware token.

Security of Continuous-Variable Quantum Key Distribution via a Gaussian de Finetti Reduction

Science.gov (United States)

Leverrier, Anthony

2017-05-01

Establishing the security of continuous-variable quantum key distribution against general attacks in a realistic finite-size regime is an outstanding open problem in the field of theoretical quantum cryptography if we restrict our attention to protocols that rely on the exchange of coherent states. Indeed, techniques based on the uncertainty principle are not known to work for such protocols, and the usual tools based on de Finetti reductions only provide security for unrealistically large block lengths. We address this problem here by considering a new type of Gaussian de Finetti reduction, that exploits the invariance of some continuous-variable protocols under the action of the unitary group U (n ) (instead of the symmetric group Sn as in usual de Finetti theorems), and by introducing generalized S U (2 ,2 ) coherent states. Crucially, combined with an energy test, this allows us to truncate the Hilbert space globally instead as at the single-mode level as in previous approaches that failed to provide security in realistic conditions. Our reduction shows that it is sufficient to prove the security of these protocols against Gaussian collective attacks in order to obtain security against general attacks, thereby confirming rigorously the widely held belief that Gaussian attacks are indeed optimal against such protocols.

One Step Quantum Key Distribution Based on EPR Entanglement.

Science.gov (United States)

Li, Jian; Li, Na; Li, Lei-Lei; Wang, Tao

2016-06-30

A novel quantum key distribution protocol is presented, based on entanglement and dense coding and allowing asymptotically secure key distribution. Considering the storage time limit of quantum bits, a grouping quantum key distribution protocol is proposed, which overcomes the vulnerability of first protocol and improves the maneuverability. Moreover, a security analysis is given and a simple type of eavesdropper's attack would introduce at least an error rate of 46.875%. Compared with the "Ping-pong" protocol involving two steps, the proposed protocol does not need to store the qubit and only involves one step.

Practical security analysis of continuous-variable quantum key distribution with jitter in clock synchronization

Science.gov (United States)

Xie, Cailang; Guo, Ying; Liao, Qin; Zhao, Wei; Huang, Duan; Zhang, Ling; Zeng, Guihua

2018-03-01

How to narrow the gap of security between theory and practice has been a notoriously urgent problem in quantum cryptography. Here, we analyze and provide experimental evidence of the clock jitter effect on the practical continuous-variable quantum key distribution (CV-QKD) system. The clock jitter is a random noise which exists permanently in the clock synchronization in the practical CV-QKD system, it may compromise the system security because of its impact on data sampling and parameters estimation. In particular, the practical security of CV-QKD with different clock jitter against collective attack is analyzed theoretically based on different repetition frequencies, the numerical simulations indicate that the clock jitter has more impact on a high-speed scenario. Furthermore, a simplified experiment is designed to investigate the influence of the clock jitter.

Simple proof of the unconditional security of the Bennett 1992 quantum key distribution protocol

International Nuclear Information System (INIS)

Zhang Quan; Tang Chaojing

2002-01-01

It is generally accepted that quantum key distribution (QKD) could supply legitimate users with unconditional security during their communication. Quite a lot of satisfactory efforts have been achieved on experimentations with quantum cryptography. However, when the eavesdropper has extra-powerful computational ability, has access to a quantum computer, for example, and can carry into execution any eavesdropping measurement that is allowed by the laws of physics, the security against such attacks has not been widely studied and rigorously proved for most QKD protocols. Quite recently, Shor and Preskill proved concisely the unconditional security of the Bennett-Brassard 1984 (BB84) protocol. Their method is highly valued for its clarity of concept and concision of form. In order to take advantage of the Shor-Preskill technique in their proof of the unconditional security of the BB84 QKD protocol, we introduced in this paper a transformation that can translate the Bennett 1992 (B92) protocol into the BB84 protocol. By proving that the transformation leaks no more information to the eavesdropper, we proved the unconditional security of the B92 protocol. We also settled the problem proposed by Lo about how to prove the unconditional security of the B92 protocol with the Shor-Preskill method

Symmetric Stream Cipher using Triple Transposition Key Method and Base64 Algorithm for Security Improvement

Science.gov (United States)

Nurdiyanto, Heri; Rahim, Robbi; Wulan, Nur

2017-12-01

Symmetric type cryptography algorithm is known many weaknesses in encryption process compared with asymmetric type algorithm, symmetric stream cipher are algorithm that works on XOR process between plaintext and key, to improve the security of symmetric stream cipher algorithm done improvisation by using Triple Transposition Key which developed from Transposition Cipher and also use Base64 algorithm for encryption ending process, and from experiment the ciphertext that produced good enough and very random.

High-capacity quantum key distribution via hyperentangled degrees of freedom

International Nuclear Information System (INIS)

Simon, David S; Sergienko, Alexander V

2014-01-01

Quantum key distribution (QKD) has long been a promising area for the application of quantum effects in solving real-world problems. However, two major obstacles have stood in the way of its widespread application: low secure key generation rates and short achievable operating distances. In this paper, a new physical mechanism for dealing with the first of these problems is proposed: the interplay between different degrees of freedom in a hyperentangled system (parametric down-conversion) is used to increase the Hilbert space dimension available for key generation while maintaining security. Polarization-based Bell tests provide security checking, while orbital angular momentum (OAM) and total angular momentum (TAM) provide a higher key generation rate. Whether to measure TAM or OAM is decided randomly in each trial. The concurrent noncommutativity of TAM with OAM and polarization provides the physical basis for quantum security. TAM measurements link polarization to OAM, so that if the legitimate participants measure OAM while the eavesdropper measures TAM (or vice-versa), then polarization entanglement is lost, revealing the eavesdropper. In contrast to other OAM-based QKD methods, complex active switching between OAM bases is not required; instead, passive switching by beam splitters combined with much simpler active switching between polarization bases makes implementation at high OAM more practical. (paper)

Security analysis of an untrusted source for quantum key distribution: passive approach

International Nuclear Information System (INIS)

Zhao Yi; Qi Bing; Lo, H-K; Qian Li

2010-01-01

We present a passive approach to the security analysis of quantum key distribution (QKD) with an untrusted source. A complete proof of its unconditional security is also presented. This scheme has significant advantages in real-life implementations as it does not require fast optical switching or a quantum random number generator. The essential idea is to use a beam splitter to split each input pulse. We show that we can characterize the source using a cross-estimate technique without active routing of each pulse. We have derived analytical expressions for the passive estimation scheme. Moreover, using simulations, we have considered four real-life imperfections: additional loss introduced by the 'plug and play' structure, inefficiency of the intensity monitor noise of the intensity monitor, and statistical fluctuation introduced by finite data size. Our simulation results show that the passive estimate of an untrusted source remains useful in practice, despite these four imperfections. Also, we have performed preliminary experiments, confirming the utility of our proposal in real-life applications. Our proposal makes it possible to implement the 'plug and play' QKD with the security guaranteed, while keeping the implementation practical.

Improving the security of a parallel keyed hash function based on chaotic maps

Energy Technology Data Exchange (ETDEWEB)

Xiao Di, E-mail: xiaodi_cqu@hotmail.co [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China); Liao Xiaofeng [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China); Wang Yong [College of Computer Science and Engineering, Chongqing University, Chongqing 400044 (China)] [College of Economy and Management, Chongqing University of Posts and Telecommunications, Chongqing 400065 (China)

2009-11-23

In this Letter, we analyze the cause of vulnerability of the original parallel keyed hash function based on chaotic maps in detail, and then propose the corresponding enhancement measures. Theoretical analysis and computer simulation indicate that the modified hash function is more secure than the original one. At the same time, it can keep the parallel merit and satisfy the other performance requirements of hash function.

Improving the security of a parallel keyed hash function based on chaotic maps

International Nuclear Information System (INIS)

Xiao Di; Liao Xiaofeng; Wang Yong

2009-01-01

In this Letter, we analyze the cause of vulnerability of the original parallel keyed hash function based on chaotic maps in detail, and then propose the corresponding enhancement measures. Theoretical analysis and computer simulation indicate that the modified hash function is more secure than the original one. At the same time, it can keep the parallel merit and satisfy the other performance requirements of hash function.

Secure anonymity-preserving password-based user authentication and session key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Sutrala, Anil Kumar; Das, Ashok Kumar; Odelu, Vanga; Wazid, Mohammad; Kumari, Saru

2016-10-01

Information and communication and technology (ICT) has changed the entire paradigm of society. ICT facilitates people to use medical services over the Internet, thereby reducing the travel cost, hospitalization cost and time to a greater extent. Recent advancements in Telecare Medicine Information System (TMIS) facilitate users/patients to access medical services over the Internet by gaining health monitoring facilities at home. Amin and Biswas recently proposed a RSA-based user authentication and session key agreement protocol usable for TMIS, which is an improvement over Giri et al.'s RSA-based user authentication scheme for TMIS. In this paper, we show that though Amin-Biswas's scheme considerably improves the security drawbacks of Giri et al.'s scheme, their scheme has security weaknesses as it suffers from attacks such as privileged insider attack, user impersonation attack, replay attack and also offline password guessing attack. A new RSA-based user authentication scheme for TMIS is proposed, which overcomes the security pitfalls of Amin-Biswas's scheme and also preserves user anonymity property. The careful formal security analysis using the two widely accepted Burrows-Abadi-Needham (BAN) logic and the random oracle models is done. Moreover, the informal security analysis of the scheme is also done. These security analyses show the robustness of our new scheme against the various known attacks as well as attacks found in Amin-Biswas's scheme. The simulation of the proposed scheme using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) tool is also done. We present a new user authentication and session key agreement scheme for TMIS, which fixes the mentioned security pitfalls found in Amin-Biswas's scheme, and we also show that the proposed scheme provides better security than other existing schemes through the rigorous security analysis and verification tool. Furthermore, we present the formal security

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

Shor-Preskill-type security proof for concatenated Bennett-Brassard 1984 quantum-key-distribution protocol

International Nuclear Information System (INIS)

Hwang, Won-Young; Matsumoto, Keiji; Imai, Hiroshi; Kim, Jaewan; Lee, Hai-Woong

2003-01-01

We discuss a long code problem in the Bennett-Brassard 1984 (BB84) quantum-key-distribution protocol and describe how it can be overcome by concatenation of the protocol. Observing that concatenated modified Lo-Chau protocol finally reduces to the concatenated BB84 protocol, we give the unconditional security of the concatenated BB84 protocol

Phase-remapping attack in practical quantum-key-distribution systems

International Nuclear Information System (INIS)

Fung, Chi-Hang Fred; Qi, Bing; Lo, Hoi-Kwong; Tamaki, Kiyoshi

2007-01-01

Quantum key distribution (QKD) can be used to generate secret keys between two distant parties. Even though QKD has been proven unconditionally secure against eavesdroppers with unlimited computation power, practical implementations of QKD may contain loopholes that may lead to the generated secret keys being compromised. In this paper, we propose a phase-remapping attack targeting two practical bidirectional QKD systems (the 'plug-and-play' system and the Sagnac system). We showed that if the users of the systems are unaware of our attack, the final key shared between them can be compromised in some situations. Specifically, we showed that, in the case of the Bennett-Brassard 1984 (BB84) protocol with ideal single-photon sources, when the quantum bit error rate (QBER) is between 14.6% and 20%, our attack renders the final key insecure, whereas the same range of QBER values has been proved secure if the two users are unaware of our attack; also, we demonstrated three situations with realistic devices where positive key rates are obtained without the consideration of Trojan horse attacks but in fact no key can be distilled. We remark that our attack is feasible with only current technology. Therefore, it is very important to be aware of our attack in order to ensure absolute security. In finding our attack, we minimize the QBER over individual measurements described by a general POVM, which has some similarity with the standard quantum state discrimination problem

Training on Transport Security of Nuclear/Radioactive Materials for Key Audiences

Energy Technology Data Exchange (ETDEWEB)

Pope, Ronald; Liu, Yung; Shuler, J.M.

2016-01-01

development of the relevant teaching materials for the course have largely been completed, tailoring the course for targeted audiences becomes a relatively easy task, requiring less effort and providing more flexibility for both the lecturers and future participants. One-day or two-day courses with focus specifically on the U.S. transport security requirements can be delivered, at locations away from Argonne, by one or two principal lecturers to targeted audiences such as regulators, shippers, carriers, state and local law enforcement personnel, and emergency responders. This paper will highlight the lessons learned in hosting previous one-week courses and discuss the development of options for detailed and/or customized courses/workshops for targeted key audiences.

Experimental demonstration of subcarrier multiplexed quantum key distribution system.

Science.gov (United States)

Mora, José; Ruiz-Alba, Antonio; Amaya, Waldimar; Martínez, Alfonso; García-Muñoz, Víctor; Calvo, David; Capmany, José

2012-06-01

We provide, to our knowledge, the first experimental demonstration of the feasibility of sending several parallel keys by exploiting the technique of subcarrier multiplexing (SCM) widely employed in microwave photonics. This approach brings several advantages such as high spectral efficiency compatible with the actual secure key rates, the sharing of the optical fainted pulse by all the quantum multiplexed channels reducing the system complexity, and the possibility of upgrading with wavelength division multiplexing in a two-tier scheme, to increase the number of parallel keys. Two independent quantum SCM channels featuring a sifted key rate of 10 Kb/s/channel over a link with quantum bit error rate <2% is reported.

Towards Comprehensive Food Security Measures: Comparing Key ...

African Journals Online (AJOL)

Food security is a multi-dimensional issue that has been difficult to measure comprehensively, given the one-dimensional focus of existing indicators. Three indicators dominate the food security measurement debate: Household Food Insecurity Access Scale (HFIAS), Dietary Diversity Score (DDS) and Coping Strategies ...

One-way quantum key distribution: Simple upper bound on the secret key rate

International Nuclear Information System (INIS)

Moroder, Tobias; Luetkenhaus, Norbert; Curty, Marcos

2006-01-01

We present a simple method to obtain an upper bound on the achievable secret key rate in quantum key distribution (QKD) protocols that use only unidirectional classical communication during the public-discussion phase. This method is based on a necessary precondition for one-way secret key distillation; the legitimate users need to prove that there exists no quantum state having a symmetric extension that is compatible with the available measurements results. The main advantage of the obtained upper bound is that it can be formulated as a semidefinite program, which can be efficiently solved. We illustrate our results by analyzing two well-known qubit-based QKD protocols: the four-state protocol and the six-state protocol

A Comparative Evaluation of Algorithms in the Implementation of an Ultra-Secure Router-to-Router Key Exchange System

Directory of Open Access Journals (Sweden)

Nishaal J. Parmar

2017-01-01

Full Text Available This paper presents a comparative evaluation of possible encryption algorithms for use in a self-contained, ultra-secure router-to-router communication system, first proposed by El Rifai and Verma. The original proposal utilizes a discrete logarithm-based encryption solution, which will be compared in this paper to RSA, AES, and ECC encryption algorithms. RSA certificates are widely used within the industry but require a trusted key generation and distribution architecture. AES and ECC provide advantages in key length, processing requirements, and storage space, also maintaining an arbitrarily high level of security. This paper modifies each of the four algorithms for use within the self-contained router-to-router environment system and then compares them in terms of features offered, storage space and data transmission needed, encryption/decryption efficiency, and key generation requirements.

Quantum-key-distribution protocol with pseudorandom bases

Science.gov (United States)

Trushechkin, A. S.; Tregubov, P. A.; Kiktenko, E. O.; Kurochkin, Y. V.; Fedorov, A. K.

2018-01-01

Quantum key distribution (QKD) offers a way for establishing information-theoretical secure communications. An important part of QKD technology is a high-quality random number generator for the quantum-state preparation and for post-processing procedures. In this work, we consider a class of prepare-and-measure QKD protocols, utilizing additional pseudorandomness in the preparation of quantum states. We study one of such protocols and analyze its security against the intercept-resend attack. We demonstrate that, for single-photon sources, the considered protocol gives better secret key rates than the BB84 and the asymmetric BB84 protocols. However, the protocol strongly requires single-photon sources.

Long-distance measurement-device-independent quantum key distribution with coherent-state superpositions.

Science.gov (United States)

Yin, H-L; Cao, W-F; Fu, Y; Tang, Y-L; Liu, Y; Chen, T-Y; Chen, Z-B

2014-09-15

Measurement-device-independent quantum key distribution (MDI-QKD) with decoy-state method is believed to be securely applied to defeat various hacking attacks in practical quantum key distribution systems. Recently, the coherent-state superpositions (CSS) have emerged as an alternative to single-photon qubits for quantum information processing and metrology. Here, in this Letter, CSS are exploited as the source in MDI-QKD. We present an analytical method that gives two tight formulas to estimate the lower bound of yield and the upper bound of bit error rate. We exploit the standard statistical analysis and Chernoff bound to perform the parameter estimation. Chernoff bound can provide good bounds in the long-distance MDI-QKD. Our results show that with CSS, both the security transmission distance and secure key rate are significantly improved compared with those of the weak coherent states in the finite-data case.

An adaptive secret key-directed cryptographic scheme for secure transmission in wireless sensor networks

International Nuclear Information System (INIS)

Muhammad, K.; Jan, Z.; Khan, Z

2015-01-01

Wireless Sensor Networks (WSNs) are memory and bandwidth limited networks whose main goals are to maximize the network lifetime and minimize the energy consumption and transmission cost. To achieve these goals, different techniques of compression and clustering have been used. However, security is an open and major issue in WSNs for which different approaches are used, both in centralized and distributed WSNs' environments. This paper presents an adaptive cryptographic scheme for secure transmission of various sensitive parameters, sensed by wireless sensors to the fusion center for further processing in WSNs such as military networks. The proposed method encrypts the sensitive captured data of sensor nodes using various encryption procedures (bitxor operation, bits shuffling, and secret key based encryption) and then sends it to the fusion center. At the fusion center, the received encrypted data is decrypted for taking further necessary actions. The experimental results with complexity analysis, validate the effectiveness and feasibility of the proposed method in terms of security in WSNs. (author)

User-Centric Key Entropy: Study of Biometric Key Derivation Subject to Spoofing Attacks

Directory of Open Access Journals (Sweden)

Lavinia Mihaela Dinca

2017-02-01

Full Text Available Biometric data can be used as input for PKI key pair generation. The concept of not saving the private key is very appealing, but the implementation of such a system shouldn’t be rushed because it might prove less secure then current PKI infrastructure. One biometric characteristic can be easily spoofed, so it was believed that multi-modal biometrics would offer more security, because spoofing two or more biometrics would be very hard. This notion, of increased security of multi-modal biometric systems, was disproved for authentication and matching, studies showing that not only multi-modal biometric systems are not more secure, but they introduce additional vulnerabilities. This paper is a study on the implications of spoofing biometric data for retrieving the derived key. We demonstrate that spoofed biometrics can yield the same key, which in turn will lead an attacker to obtain the private key. A practical implementation is proposed using fingerprint and iris as biometrics and the fuzzy extractor for biometric key extraction. Our experiments show what happens when the biometric data is spoofed for both uni-modal systems and multi-modal. In case of multi-modal system tests were performed when spoofing one biometric or both. We provide detailed analysis of every scenario in regard to successful tests and overall key entropy. Our paper defines a biometric PKI scenario and an in depth security analysis for it. The analysis can be viewed as a blueprint for implementations of future similar systems, because it highlights the main security vulnerabilities for bioPKI. The analysis is not constrained to the biometric part of the system, but covers CA security, sensor security, communication interception, RSA encryption vulnerabilities regarding key entropy, and much more.

Time–energy high-dimensional one-side device-independent quantum key distribution

International Nuclear Information System (INIS)

Bao Hai-Ze; Bao Wan-Su; Wang Yang; Chen Rui-Ke; Ma Hong-Xin; Zhou Chun; Li Hong-Wei

2017-01-01

Compared with full device-independent quantum key distribution (DI-QKD), one-side device-independent QKD (1sDI-QKD) needs fewer requirements, which is much easier to meet. In this paper, by applying recently developed novel time–energy entropic uncertainty relations, we present a time–energy high-dimensional one-side device-independent quantum key distribution (HD-QKD) and provide the security proof against coherent attacks. Besides, we connect the security with the quantum steering. By numerical simulation, we obtain the secret key rate for Alice’s different detection efficiencies. The results show that our protocol can performance much better than the original 1sDI-QKD. Furthermore, we clarify the relation among the secret key rate, Alice’s detection efficiency, and the dispersion coefficient. Finally, we simply analyze its performance in the optical fiber channel. (paper)

Multi-party Measurement-Device-Independent Quantum Key Distribution Based on Cluster States

Science.gov (United States)

Liu, Chuanqi; Zhu, Changhua; Ma, Shuquan; Pei, Changxing

2018-03-01

We propose a novel multi-party measurement-device-independent quantum key distribution (MDI-QKD) protocol based on cluster states. A four-photon analyzer which can distinguish all the 16 cluster states serves as the measurement device for four-party MDI-QKD. Any two out of four participants can build secure keys after the analyzers obtains successful outputs and the two participants perform post-processing. We derive a security analysis for the protocol, and analyze the key rates under different values of polarization misalignment. The results show that four-party MDI-QKD is feasible over 280 km in the optical fiber channel when the key rate is about 10- 6 with the polarization misalignment parameter 0.015. Moreover, our work takes an important step toward a quantum communication network.

Identifying the Key Weaknesses in Network Security at Colleges.

Science.gov (United States)

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

A Security Solution for IEEE 802.11's Ad-hoc Mode:Password-Authentication and Group Diffie-Hellman Key Exchange

Energy Technology Data Exchange (ETDEWEB)

Emmanuel, Bresson; Olivier, Chevassut; David, Pointcheval

2005-10-01

The IEEE 802 standards ease the deployment of networkinginfrastructures and enable employers to accesscorporate networks whiletraveling. These standards provide two modes of communication calledinfrastructure and ad-hoc modes. A security solution for the IEEE802.11's infrastructure mode took several years to reach maturity andfirmware are still been upgraded, yet a solution for the ad-hoc modeneeds to be specified. The present paper is a first attempt in thisdirection. It leverages the latest developments in the area ofpassword-based authentication and (group) Diffie-Hellman key exchange todevelop a provably-secure key-exchange protocol for IEEE 802.11's ad-hocmode. The protocol allows users to securely join and leave the wirelessgroup at time, accommodates either a single-shared password orpairwise-shared passwords among the group members, or at least with acentral server; achieves security against dictionary attacks in theideal-hash model (i.e. random-oracles). This is, to the best of ourknowledge, the first such protocol to appear in the cryptographicliterature.

Free-Space Quantum Key Distribution with a High Generation Rate Potassium Titanyl Phosphate Waveguide Photon-Pair Source

Science.gov (United States)

Wilson, Jeffrey D.; Chaffee, Dalton W.; Wilson, Nathaniel C.; Lekki, John D.; Tokars, Roger P.; Pouch, John J.; Roberts, Tony D.; Battle, Philip; Floyd, Bertram M.; Lind, Alexander J.;

Implementation of continuous-variable quantum key distribution with discrete modulation

Science.gov (United States)

Hirano, Takuya; Ichikawa, Tsubasa; Matsubara, Takuto; Ono, Motoharu; Oguri, Yusuke; Namiki, Ryo; Kasai, Kenta; Matsumoto, Ryutaroh; Tsurumaru, Toyohiro

2017-06-01

We have developed a continuous-variable quantum key distribution (CV-QKD) system that employs discrete quadrature-amplitude modulation and homodyne detection of coherent states of light. We experimentally demonstrated automated secure key generation with a rate of 50 kbps when a quantum channel is a 10 km optical fibre. The CV-QKD system utilises a four-state and post-selection protocol and generates a secure key against the entangling cloner attack. We used a pulsed light source of 1550 nm wavelength with a repetition rate of 10 MHz. A commercially available balanced receiver is used to realise shot-noise-limited pulsed homodyne detection. We used a non-binary LDPC code for error correction (reverse reconciliation) and the Toeplitz matrix multiplication for privacy amplification. A graphical processing unit card is used to accelerate the software-based post-processing.

Quantum key distribution with hacking countermeasures and long term field trial.

Science.gov (United States)

Dixon, A R; Dynes, J F; Lucamarini, M; Fröhlich, B; Sharpe, A W; Plews, A; Tam, W; Yuan, Z L; Tanizawa, Y; Sato, H; Kawamura, S; Fujiwara, M; Sasaki, M; Shields, A J

2017-05-16

Quantum key distribution's (QKD's) central and unique claim is information theoretic security. However there is an increasing understanding that the security of a QKD system relies not only on theoretical security proofs, but also on how closely the physical system matches the theoretical models and prevents attacks due to discrepancies. These side channel or hacking attacks exploit physical devices which do not necessarily behave precisely as the theory expects. As such there is a need for QKD systems to be demonstrated to provide security both in the theoretical and physical implementation. We report here a QKD system designed with this goal in mind, providing a more resilient target against possible hacking attacks including Trojan horse, detector blinding, phase randomisation and photon number splitting attacks. The QKD system was installed into a 45 km link of a metropolitan telecom network for a 2.5 month period, during which time the system operated continuously and distributed 1.33 Tbits of secure key data with a stable secure key rate over 200 kbit/s. In addition security is demonstrated against coherent attacks that are more general than the collective class of attacks usually considered.

Security analysis on some experimental quantum key distribution systems with imperfect optical and electrical devices

Science.gov (United States)

Liang, Lin-Mei; Sun, Shi-Hai; Jiang, Mu-Sheng; Li, Chun-Yan

2014-10-01

In general, quantum key distribution (QKD) has been proved unconditionally secure for perfect devices due to quantum uncertainty principle, quantum noncloning theorem and quantum nondividing principle which means that a quantum cannot be divided further. However, the practical optical and electrical devices used in the system are imperfect, which can be exploited by the eavesdropper to partially or totally spy the secret key between the legitimate parties. In this article, we first briefly review the recent work on quantum hacking on some experimental QKD systems with respect to imperfect devices carried out internationally, then we will present our recent hacking works in details, including passive faraday mirror attack, partially random phase attack, wavelength-selected photon-number-splitting attack, frequency shift attack, and single-photon-detector attack. Those quantum attack reminds people to improve the security existed in practical QKD systems due to imperfect devices by simply adding countermeasure or adopting a totally different protocol such as measurement-device independent protocol to avoid quantum hacking on the imperfection of measurement devices [Lo, et al., Phys. Rev. Lett., 2012, 108: 130503].

Infrared: A Key Technology for Security Systems

OpenAIRE

Corsi, Carlo

2012-01-01

Infrared science and technology has been, since the first applications, mainly dedicated to security and surveillance especially in military field, besides specialized techniques in thermal imaging for medical diagnostic and building structures and recently in energy savings and aerospace context. Till recently the security applications were mainly based on thermal imaging as surveillance and warning military systems. In all these applications the advent of room temperature, more reliable due...

Quantum cryptography for secure free-space communications

International Nuclear Information System (INIS)

Hughes, R.J.; Buttler, W.T.; Kwiat, P.G.; Lamoreaux, S.K.; Luther, G.G.; Morgan, G.L.; Nordholt, J.E.; Peterson, C.G.

1999-01-01

The secure distribution of the secret random bit sequences known as key material, is an essential precursor to their use for the encryption and decryption of confidential communications. Quantum cryptography is a new technique for secure key distribution with single-photon transmissions: Heisenberg's uncertainty principle ensures that an adversary can neither successfully tap the key transmissions, nor evade detection (eavesdropping raises the key error rate above a threshold value). The authors have developed experimental quantum cryptography systems based on the transmission of non-orthogonal photon polarization states to generate shared key material over line-of-sight optical links. Key material is built up using the transmission of a single-photon per bit of an initial secret random sequence. A quantum-mechanically random subset of this sequence is identified, becoming the key material after a data reconciliation stage with the sender. The authors have developed and tested a free-space quantum key distribution (QKD) system over an outdoor optical path of ∼1 km at Los Alamos National Laboratory under nighttime conditions. Results show that free-space QKD can provide secure real-time key distribution between parties who have a need to communicate secretly. Finally, they examine the feasibility of surface to satellite QKD

Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

Science.gov (United States)

Kish, Laszlo B; Abbott, Derek; Granqvist, Claes G

2013-01-01

Recently, Bennett and Riedel (BR) (http://arxiv.org/abs/1303.7435v1) argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN) classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive) attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional) security of the KLJN method has not been successfully challenged.

Secure PVM

Energy Technology Data Exchange (ETDEWEB)

Dunigan, T.H.; Venugopal, N.

1996-09-01

This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

Quantum key distribution with finite resources: Smooth Min entropy vs. Smooth Renyi entropy

Energy Technology Data Exchange (ETDEWEB)

Mertz, Markus; Abruzzo, Silvestre; Bratzik, Sylvia; Kampermann, Hermann; Bruss, Dagmar [Institut fuer Theoretische Physik III, Duesseldorf (Germany)

2010-07-01

We consider different entropy measures that play an important role in the analysis of the security of QKD with finite resources. The smooth min entropy leads to an optimal bound for the length of a secure key. Another bound on the secure key length was derived by using Renyi entropies. Unfortunately, it is very hard or even impossible to calculate these entropies for realistic QKD scenarios. To estimate the security rate it becomes important to find computable bounds on these entropies. Here, we compare a lower bound for the smooth min entropy with a bound using Renyi entropies. We compare these entropies for the six-state protocol with symmetric attacks.

Optimal attacks on qubit-based Quantum Key Recycling

Science.gov (United States)

Leermakers, Daan; Škorić, Boris

2018-03-01

Quantum Key Recycling (QKR) is a quantum cryptographic primitive that allows one to reuse keys in an unconditionally secure way. By removing the need to repeatedly generate new keys, it improves communication efficiency. Škorić and de Vries recently proposed a QKR scheme based on 8-state encoding (four bases). It does not require quantum computers for encryption/decryption but only single-qubit operations. We provide a missing ingredient in the security analysis of this scheme in the case of noisy channels: accurate upper bounds on the required amount of privacy amplification. We determine optimal attacks against the message and against the key, for 8-state encoding as well as 4-state and 6-state conjugate coding. We provide results in terms of min-entropy loss as well as accessible (Shannon) information. We show that the Shannon entropy analysis for 8-state encoding reduces to the analysis of quantum key distribution, whereas 4-state and 6-state suffer from additional leaks that make them less effective. From the optimal attacks we compute the required amount of privacy amplification and hence the achievable communication rate (useful information per qubit) of qubit-based QKR. Overall, 8-state encoding yields the highest communication rates.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Science.gov (United States)

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

Directory of Open Access Journals (Sweden)

Jaewook Jung

Full Text Available Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

Science.gov (United States)

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

Common Criteria for Information Technology Security Evaluation: Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness)

Science.gov (United States)

2002-03-22

may be derived from detailed inspection of the IC itself or from illicit appropriation of design information. Counterfeit smart cards can be mass...Infrastructure (PKI) as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair...interference devices (SQDIS), electrical testing, and electron beam testing. • Other attacks, such as UV or X-rays or high temperatures, could cause erasure

INFORMATION SYSTEM SECURITY (CYBER SECURITY

Directory of Open Access Journals (Sweden)

Muhammad Siddique Ansari

2016-03-01

Full Text Available Abstract - Business Organizations and Government unequivocally relies on upon data to deal with their business operations. The most unfavorable impact on association is disappointment of friendship, goodness, trustworthiness, legitimacy and probability of data and administrations. There is an approach to ensure data and to deal with the IT framework's Security inside association. Each time the new innovation is made, it presents some new difficulties for the insurance of information and data. To secure the information and data in association is imperative on the grounds that association nowadays inside and remotely joined with systems of IT frameworks. IT structures are inclined to dissatisfaction and security infringement because of slips and vulnerabilities. These slips and vulnerabilities can be brought on by different variables, for example, quickly creating headway, human slip, poor key particulars, poor movement schedules or censuring the threat. Likewise, framework changes, new deserts and new strikes are a huge piece of the time displayed, which helpers augmented vulnerabilities, disappointments and security infringement all through the IT structure life cycle. The business went to the confirmation that it is essentially difficult to ensure a slip free, risk free and secure IT structure in perspective of the disfigurement of the disavowing security parts, human pass or oversight, and part or supplies frustration. Totally secure IT frameworks don't exist; just those in which the holders may have changing degrees of certainty that security needs of a framework are fulfilled do. The key viewpoints identified with security of data outlining are examined in this paper. From the start, the paper recommends pertinent legitimate structure and their duties including open association obligation, and afterward it returns to present and future time, system limits, structure security in business division. At long last, two key inadequacy markers

Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

Directory of Open Access Journals (Sweden)

Laszlo B Kish

Full Text Available Recently, Bennett and Riedel (BR (http://arxiv.org/abs/1303.7435v1 argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional security of the KLJN method has not been successfully challenged.

Practical performance of real-time shot-noise measurement in continuous-variable quantum key distribution

Science.gov (United States)

Wang, Tao; Huang, Peng; Zhou, Yingming; Liu, Weiqi; Zeng, Guihua

2018-01-01

In a practical continuous-variable quantum key distribution (CVQKD) system, real-time shot-noise measurement (RTSNM) is an essential procedure for preventing the eavesdropper exploiting the practical security loopholes. However, the performance of this procedure itself is not analyzed under the real-world condition. Therefore, we indicate the RTSNM practical performance and investigate its effects on the CVQKD system. In particular, due to the finite-size effect, the shot-noise measurement at the receiver's side may decrease the precision of parameter estimation and consequently result in a tight security bound. To mitigate that, we optimize the block size for RTSNM under the ensemble size limitation to maximize the secure key rate. Moreover, the effect of finite dynamics of amplitude modulator in this scheme is studied and its mitigation method is also proposed. Our work indicates the practical performance of RTSNM and provides the real secret key rate under it.

Metropolitan Quantum Key Distribution with Silicon Photonics

Science.gov (United States)

Bunandar, Darius; Lentine, Anthony; Lee, Catherine; Cai, Hong; Long, Christopher M.; Boynton, Nicholas; Martinez, Nicholas; DeRose, Christopher; Chen, Changchen; Grein, Matthew; Trotter, Douglas; Starbuck, Andrew; Pomerene, Andrew; Hamilton, Scott; Wong, Franco N. C.; Camacho, Ryan; Davids, Paul; Urayama, Junji; Englund, Dirk

2018-04-01

Photonic integrated circuits provide a compact and stable platform for quantum photonics. Here we demonstrate a silicon photonics quantum key distribution (QKD) encoder in the first high-speed polarization-based QKD field tests. The systems reach composable secret key rates of 1.039 Mbps in a local test (on a 103.6-m fiber with a total emulated loss of 9.2 dB) and 157 kbps in an intercity metropolitan test (on a 43-km fiber with 16.4 dB loss). Our results represent the highest secret key generation rate for polarization-based QKD experiments at a standard telecom wavelength and demonstrate photonic integrated circuits as a promising, scalable resource for future formation of metropolitan quantum-secure communications networks.

High performance reconciliation for continuous-variable quantum key distribution with LDPC code

Science.gov (United States)

Lin, Dakai; Huang, Duan; Huang, Peng; Peng, Jinye; Zeng, Guihua

2015-03-01

Reconciliation is a significant procedure in a continuous-variable quantum key distribution (CV-QKD) system. It is employed to extract secure secret key from the resulted string through quantum channel between two users. However, the efficiency and the speed of previous reconciliation algorithms are low. These problems limit the secure communication distance and the secure key rate of CV-QKD systems. In this paper, we proposed a high-speed reconciliation algorithm through employing a well-structured decoding scheme based on low density parity-check (LDPC) code. The complexity of the proposed algorithm is reduced obviously. By using a graphics processing unit (GPU) device, our method may reach a reconciliation speed of 25 Mb/s for a CV-QKD system, which is currently the highest level and paves the way to high-speed CV-QKD.

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

Directory of Open Access Journals (Sweden)

Sumithra Alagarsamy

Full Text Available Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff Equation using an Integration Factor (DiffEIF, minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

Complex Conjugated certificateless-based signcryption with differential integrated factor for secured message communication in mobile network.

Science.gov (United States)

Alagarsamy, Sumithra; Rajagopalan, S P

2017-01-01

Certificateless-based signcryption overcomes inherent shortcomings in traditional Public Key Infrastructure (PKI) and Key Escrow problem. It imparts efficient methods to design PKIs with public verifiability and cipher text authenticity with minimum dependency. As a classic primitive in public key cryptography, signcryption performs validity of cipher text without decryption by combining authentication, confidentiality, public verifiability and cipher text authenticity much more efficiently than the traditional approach. In this paper, we first define a security model for certificateless-based signcryption called, Complex Conjugate Differential Integrated Factor (CC-DIF) scheme by introducing complex conjugates through introduction of the security parameter and improving secured message distribution rate. However, both partial private key and secret value changes with respect to time. To overcome this weakness, a new certificateless-based signcryption scheme is proposed by setting the private key through Differential (Diff) Equation using an Integration Factor (DiffEIF), minimizing computational cost and communication overhead. The scheme is therefore said to be proven secure (i.e. improving the secured message distributing rate) against certificateless access control and signcryption-based scheme. In addition, compared with the three other existing schemes, the CC-DIF scheme has the least computational cost and communication overhead for secured message communication in mobile network.

Quantum key management

Energy Technology Data Exchange (ETDEWEB)

Hughes, Richard John; Thrasher, James Thomas; Nordholt, Jane Elizabeth

2016-11-29

Innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution.

On the problem of non-zero word error rates for fixed-rate error correction codes in continuous variable quantum key distribution

International Nuclear Information System (INIS)

Johnson, Sarah J; Ong, Lawrence; Shirvanimoghaddam, Mahyar; Lance, Andrew M; Symul, Thomas; Ralph, T C

2017-01-01

The maximum operational range of continuous variable quantum key distribution protocols has shown to be improved by employing high-efficiency forward error correction codes. Typically, the secret key rate model for such protocols is modified to account for the non-zero word error rate of such codes. In this paper, we demonstrate that this model is incorrect: firstly, we show by example that fixed-rate error correction codes, as currently defined, can exhibit efficiencies greater than unity. Secondly, we show that using this secret key model combined with greater than unity efficiency codes, implies that it is possible to achieve a positive secret key over an entanglement breaking channel—an impossible scenario. We then consider the secret key model from a post-selection perspective, and examine the implications for key rate if we constrain the forward error correction codes to operate at low word error rates. (paper)

Security infrastructures: towards the INDECT system security

OpenAIRE

Stoianov, Nikolai; Urueña, Manuel; Niemiec, Marcin; Machník, Petr; Maestro, Gema

2012-01-01

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI...

Computer Security: Your iPhone as a key-logger

CERN Multimedia

Computer Security Team

2014-01-01

In the past, we have repeatedly elaborated on the computer security risk of using smartphones. Today, something new for the paranoid: did you know your smart phone can be used to spy on your PC’s keyboard?!    In fact, the tiny accelerometer, gyroscope and orientation sensors that your smartphone uses to determine its tilt and movements can also determine the letters you type on your computer. Thus, it acts as a hardware “key-logger”! It only requires your smartphone to be put close to your computer keyboard and to run a corresponding, malicious app. The rest is done by the highly precise sensors which can record keyboard vibrations and subsequently the letters you type. In a dedicated study, students of the Georgia Tech College of Computing were able to decipher complete sentences with up to 80 percent accuracy using an iPhone*. In a nice twist, the same feature can also be used to “to infer the occurrence of tap events on the touchscreen as w...

A practical two-way system of quantum key distribution with untrusted source

International Nuclear Information System (INIS)

Chen Ming-Juan; Liu Xiang

2011-01-01

The most severe problem of a two-way 'plug-and-play' (p and p) quantum key distribution system is that the source can be controlled by the eavesdropper. This kind of source is defined as an “untrusted source . This paper discusses the effects of the fluctuation of internal transmittance on the final key generation rate and the transmission distance. The security of the standard BB84 protocol, one-decoy state protocol, and weak+vacuum decoy state protocol, with untrusted sources and the fluctuation of internal transmittance are studied. It is shown that the one-decoy state is sensitive to the statistical fluctuation but weak+vacuum decoy state is only slightly affected by the fluctuation. It is also shown that both the maximum secure transmission distance and final key generation rate are reduced when Alice's laboratory transmittance fluctuation is considered. (general)

Optimizing Key Updates in Sensor Networks

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2011-01-01

Sensor networks offer the advantages of simple and low–resource communication. Nevertheless, security is of particular importance in many cases such as when sensitive data is communicated or tamper-resistance is required. Updating the security keys is one of the key points in security, which...

Physical-layer security analysis of PSK quantum-noise randomized cipher in optically amplified links

Science.gov (United States)

Jiao, Haisong; Pu, Tao; Xiang, Peng; Zheng, Jilin; Fang, Tao; Zhu, Huatao

2017-08-01

The quantitative security of quantum-noise randomized cipher (QNRC) in optically amplified links is analyzed from the perspective of physical-layer advantage. Establishing the wire-tap channel models for both key and data, we derive the general expressions of secrecy capacities for the key against ciphertext-only attack and known-plaintext attack, and that for the data, which serve as the basic performance metrics. Further, the maximal achievable secrecy rate of the system is proposed, under which secrecy of both the key and data is guaranteed. Based on the same framework, the secrecy capacities of various cases can be assessed and compared. The results indicate perfect secrecy is potentially achievable for data transmission, and an elementary principle of setting proper number of photons and bases is given to ensure the maximal data secrecy capacity. But the key security is asymptotically perfect, which tends to be the main constraint of systemic maximal secrecy rate. Moreover, by adopting cascaded optical amplification, QNRC can realize long-haul transmission with secure rate up to Gb/s, which is orders of magnitude higher than the perfect secrecy rates of other encryption systems.

76 FR 26549 - Removal of Certain References to Credit Ratings Under the Securities Exchange Act of 1934

Science.gov (United States)

2011-05-06

... related security'' and ``small business related security,'' respectively, as the Commission considers how... terms ``mortgage related security'' and ``small business related security,'' respectively, as the...),\\9\\ which defines the term ``small business related security.'' In place of the credit rating...

Security of subcarrier wave quantum key distribution against the collective beam-splitting attack.

Science.gov (United States)

Miroshnichenko, G P; Kozubov, A V; Gaidash, A A; Gleim, A V; Horoshko, D B

2018-04-30

We consider a subcarrier wave quantum key distribution (QKD) system, where quantum encoding is carried out at weak sidebands generated around a coherent optical beam as a result of electro-optical phase modulation. We study security of two protocols, B92 and BB84, against one of the most powerful attacks for this class of systems, the collective beam-splitting attack. Our analysis includes the case of high modulation index, where the sidebands are essentially multimode. We demonstrate numerically and experimentally that a subcarrier wave QKD system with realistic parameters is capable of distributing cryptographic keys over large distances in presence of collective attacks. We also show that BB84 protocol modification with discrimination of only one state in each basis performs not worse than the original BB84 protocol in this class of QKD systems, thus significantly simplifying the development of cryptographic networks using the considered QKD technique.

Robust Public Key Cryptography — A New Cryptosystem Surviving Private Key Compromise

Science.gov (United States)

Shaik, Cheman

A weakness of the present-day public key cryptosystems is that these cryptosystems do not survive private-key compromise attacks resulting from an internal breach of trust. In a competitive business environment, private key compromise is a common incident that voids the strength of public key cryptosystems such as RSA and ECC. Bribing corporate employees to disclose their secret keys and inadvertently disclosing secret information are among a plethora of practical attacks that occur at the implementation level. Once a breach of trust takes place and subsequently the private key is revealed, any public key cryptosystem fails to secure electronic data in Internet communications. The revealed key may be used by an attacker to decipher the intercepted data at an intermediary router. This weakness of public key cryptography calls for an additional security measure that enables encryptions to survive private key compromise attacks.

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System

Science.gov (United States)

Ghanti, Shaila

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack. PMID:28116350

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System.

Science.gov (United States)

Ghanti, Shaila; Naik, G M

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack.

Experimental quantum key distribution with simulated ground-to-satellite photon losses and processing limitations

Science.gov (United States)

Bourgoin, Jean-Philippe; Gigov, Nikolay; Higgins, Brendon L.; Yan, Zhizhong; Meyer-Scott, Evan; Khandani, Amir K.; Lütkenhaus, Norbert; Jennewein, Thomas

2015-11-01

Quantum key distribution (QKD) has the potential to improve communications security by offering cryptographic keys whose security relies on the fundamental properties of quantum physics. The use of a trusted quantum receiver on an orbiting satellite is the most practical near-term solution to the challenge of achieving long-distance (global-scale) QKD, currently limited to a few hundred kilometers on the ground. This scenario presents unique challenges, such as high photon losses and restricted classical data transmission and processing power due to the limitations of a typical satellite platform. Here we demonstrate the feasibility of such a system by implementing a QKD protocol, with optical transmission and full post-processing, in the high-loss regime using minimized computing hardware at the receiver. Employing weak coherent pulses with decoy states, we demonstrate the production of secure key bits at up to 56.5 dB of photon loss. We further illustrate the feasibility of a satellite uplink by generating a secure key while experimentally emulating the varying losses predicted for realistic low-Earth-orbit satellite passes at 600 km altitude. With a 76 MHz source and including finite-size analysis, we extract 3374 bits of a secure key from the best pass. We also illustrate the potential benefit of combining multiple passes together: while one suboptimal "upper-quartile" pass produces no finite-sized key with our source, the combination of three such passes allows us to extract 165 bits of a secure key. Alternatively, we find that by increasing the signal rate to 300 MHz it would be possible to extract 21 570 bits of a secure finite-sized key in just a single upper-quartile pass.

A secure smart-card based authentication and key agreement scheme for telecare medicine information systems.

Science.gov (United States)

Lee, Tian-Fu; Liu, Chuan-Ming

2013-06-01

A smart-card based authentication scheme for telecare medicine information systems enables patients, doctors, nurses, health visitors and the medicine information systems to establish a secure communication platform through public networks. Zhu recently presented an improved authentication scheme in order to solve the weakness of the authentication scheme of Wei et al., where the off-line password guessing attacks cannot be resisted. This investigation indicates that the improved scheme of Zhu has some faults such that the authentication scheme cannot execute correctly and is vulnerable to the attack of parallel sessions. Additionally, an enhanced authentication scheme based on the scheme of Zhu is proposed. The enhanced scheme not only avoids the weakness in the original scheme, but also provides users' anonymity and authenticated key agreements for secure data communications.

Metropolitan Quantum Key Distribution with Silicon Photonics

Directory of Open Access Journals (Sweden)

Darius Bunandar

2018-04-01

Full Text Available Photonic integrated circuits provide a compact and stable platform for quantum photonics. Here we demonstrate a silicon photonics quantum key distribution (QKD encoder in the first high-speed polarization-based QKD field tests. The systems reach composable secret key rates of 1.039 Mbps in a local test (on a 103.6-m fiber with a total emulated loss of 9.2 dB and 157 kbps in an intercity metropolitan test (on a 43-km fiber with 16.4 dB loss. Our results represent the highest secret key generation rate for polarization-based QKD experiments at a standard telecom wavelength and demonstrate photonic integrated circuits as a promising, scalable resource for future formation of metropolitan quantum-secure communications networks.

Adaptive spatial filtering for daytime satellite quantum key distribution

Science.gov (United States)

Gruneisen, Mark T.; Sickmiller, Brett A.; Flanagan, Michael B.; Black, James P.; Stoltenberg, Kurt E.; Duchane, Alexander W.

2014-11-01

The rate of secure key generation (SKG) in quantum key distribution (QKD) is adversely affected by optical noise and loss in the quantum channel. In a free-space atmospheric channel, the scattering of sunlight into the channel can lead to quantum bit error ratios (QBERs) sufficiently large to preclude SKG. Furthermore, atmospheric turbulence limits the degree to which spatial filtering can reduce sky noise without introducing signal losses. A system simulation quantifies the potential benefit of tracking and higher-order adaptive optics (AO) technologies to SKG rates in a daytime satellite engagement scenario. The simulations are performed assuming propagation from a low-Earth orbit (LEO) satellite to a terrestrial receiver that includes an AO system comprised of a Shack-Hartmann wave-front sensor (SHWFS) and a continuous-face-sheet deformable mirror (DM). The effects of atmospheric turbulence, tracking, and higher-order AO on the photon capture efficiency are simulated using statistical representations of turbulence and a time-domain waveoptics hardware emulator. Secure key generation rates are then calculated for the decoy state QKD protocol as a function of the receiver field of view (FOV) for various pointing angles. The results show that at FOVs smaller than previously considered, AO technologies can enhance SKG rates in daylight and even enable SKG where it would otherwise be prohibited as a consequence of either background optical noise or signal loss due to turbulence effects.

Key handling in wireless sensor networks

International Nuclear Information System (INIS)

Li, Y; Newe, T

2007-01-01

With the rapid growth of Wireless Sensor Networks (WSNs), many advanced application areas have received significant attention. However, security will be an important factor for their full adoption. Wireless sensor nodes pose unique challenges and as such traditional security protocols, used in traditional networks cannot be applied directly. Some new protocols have been published recently with the goal of providing both privacy of data and authentication of sensor nodes for WSNs. Such protocols can employ private-key and/or public key cryptographic algorithms. Public key algorithms hold the promise of simplifying the network infrastructure required to provide security services such as: privacy, authentication and non-repudiation, while symmetric algorithms require less processing power on the lower power wireless node. In this paper a selection of key establishment/agreement protocols are reviewed and they are broadly divided into two categories: group key agreement protocols and pair-wise key establishment protocols. A summary of the capabilities and security related services provided by each protocol is provided

Key handling in wireless sensor networks

Energy Technology Data Exchange (ETDEWEB)

Li, Y; Newe, T [Optical Fibre Sensors Research Centre, Department of Electronic and Computer Engineering, University of Limerick, Limerick (Ireland)

2007-07-15

With the rapid growth of Wireless Sensor Networks (WSNs), many advanced application areas have received significant attention. However, security will be an important factor for their full adoption. Wireless sensor nodes pose unique challenges and as such traditional security protocols, used in traditional networks cannot be applied directly. Some new protocols have been published recently with the goal of providing both privacy of data and authentication of sensor nodes for WSNs. Such protocols can employ private-key and/or public key cryptographic algorithms. Public key algorithms hold the promise of simplifying the network infrastructure required to provide security services such as: privacy, authentication and non-repudiation, while symmetric algorithms require less processing power on the lower power wireless node. In this paper a selection of key establishment/agreement protocols are reviewed and they are broadly divided into two categories: group key agreement protocols and pair-wise key establishment protocols. A summary of the capabilities and security related services provided by each protocol is provided.

Secret-key expansion from covert communication

Science.gov (United States)

Arrazola, Juan Miguel; Amiri, Ryan

2018-02-01

Covert communication allows the transmission of messages in such a way that it is not possible for adversaries to detect that the communication is occurring. This provides protection in situations where knowledge that two parties are talking to each other may be incriminating to them. In this work, we study how covert communication can be used for a different purpose: secret key expansion. First, we show that any message transmitted in a secure covert protocol is also secret and therefore unknown to an adversary. We then propose a covert communication protocol where the amount of key consumed in the protocol is smaller than the transmitted key, thus leading to secure secret key expansion. We derive precise conditions for secret key expansion to occur, showing that it is possible when there are sufficiently low levels of noise for a given security level. We conclude by examining how secret key expansion from covert communication can be performed in a computational security model.

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks.

Science.gov (United States)

Elgenaidi, Walid; Newe, Thomas; O'Connell, Eoin; Toal, Daniel; Dooly, Gerard

2016-12-21

There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

Fast optical source for quantum key distribution based on semiconductor optical amplifiers.

Science.gov (United States)

Jofre, M; Gardelein, A; Anzolin, G; Amaya, W; Capmany, J; Ursin, R; Peñate, L; Lopez, D; San Juan, J L; Carrasco, J A; Garcia, F; Torcal-Milla, F J; Sanchez-Brea, L M; Bernabeu, E; Perdigues, J M; Jennewein, T; Torres, J P; Mitchell, M W; Pruneri, V

2011-02-28

A novel integrated optical source capable of emitting faint pulses with different polarization states and with different intensity levels at 100 MHz has been developed. The source relies on a single laser diode followed by four semiconductor optical amplifiers and thin film polarizers, connected through a fiber network. The use of a single laser ensures high level of indistinguishability in time and spectrum of the pulses for the four different polarizations and three different levels of intensity. The applicability of the source is demonstrated in the lab through a free space quantum key distribution experiment which makes use of the decoy state BB84 protocol. We achieved a lower bound secure key rate of the order of 3.64 Mbps and a quantum bit error ratio as low as 1.14×10⁻² while the lower bound secure key rate became 187 bps for an equivalent attenuation of 35 dB. To our knowledge, this is the fastest polarization encoded QKD system which has been reported so far. The performance, reduced size, low power consumption and the fact that the components used can be space qualified make the source particularly suitable for secure satellite communication.

Key Management Laboratory

Data.gov (United States)

Federal Laboratory Consortium — FUNCTION: Provides a secure environment to research and develop advanced electronic key management and networked key distribution technologies for the Navy and DoD....

Quantum key distribution network for multiple applications

Science.gov (United States)

Tajima, A.; Kondoh, T.; Ochi, T.; Fujiwara, M.; Yoshino, K.; Iizuka, H.; Sakamoto, T.; Tomita, A.; Shimamura, E.; Asami, S.; Sasaki, M.

2017-09-01

The fundamental architecture and functions of secure key management in a quantum key distribution (QKD) network with enhanced universal interfaces for smooth key sharing between arbitrary two nodes and enabling multiple secure communication applications are proposed. The proposed architecture consists of three layers: a quantum layer, key management layer and key supply layer. We explain the functions of each layer, the key formats in each layer and the key lifecycle for enabling a practical QKD network. A quantum key distribution-advanced encryption standard (QKD-AES) hybrid system and an encrypted smartphone system were developed as secure communication applications on our QKD network. The validity and usefulness of these systems were demonstrated on the Tokyo QKD Network testbed.

Center for computer security: Computer Security Group conference. Summary

Energy Technology Data Exchange (ETDEWEB)

None

1982-06-01

Topics covered include: computer security management; detection and prevention of computer misuse; certification and accreditation; protection of computer security, perspective from a program office; risk analysis; secure accreditation systems; data base security; implementing R and D; key notarization system; DOD computer security center; the Sandia experience; inspector general's report; and backup and contingency planning. (GHT)

An advanced temporal credential-based security scheme with mutual authentication and key agreement for wireless sensor networks.

Science.gov (United States)

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2013-07-24

Wireless sensor networks (WSNs) can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs). Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.'s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users' attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.'s authentication scheme are left unchanged.

Multiparty quantum key agreement with single particles

Science.gov (United States)

Liu, Bin; Gao, Fei; Huang, Wei; Wen, Qiao-yan

2013-04-01

Two conditions must be satisfied in a secure quantum key agreement (QKA) protocol: (1) outside eavesdroppers cannot gain the generated key without introducing any error; (2) the generated key cannot be determined by any non-trivial subset of the participants. That is, a secure QKA protocol can not only prevent the outside attackers from stealing the key, but also resist the attack from inside participants, i.e. some dishonest participants determine the key alone by illegal means. How to resist participant attack is an aporia in the design of QKA protocols, especially the multi-party ones. In this paper we present the first secure multiparty QKA protocol against both outside and participant attacks. Further more, we have proved its security in detail.

Three state quantum key distribution for small keys

International Nuclear Information System (INIS)

Batuwantudawe, J.; Boileau, J.-C.

2005-01-01

Full text: Quantum key distribution (QKD) protocols allow two parties, Alice and Bob, to establish secure keys. The most well-known protocol is BB84, using four distinct states. Recently, Phoenix et al. proposed a three state protocol. We explain the protocol and discuss its security proof. The three state protocol also has an interesting structure that allows for errors estimation from the inconclusive results (i.e.. where Alice and Bob choose different bases). This eliminates the need for sampling, potentially useful when qubits are limited. We discuss the effectiveness of this approach compared to BB84 for the case where a good error estimate is required. (author)

Securing information using optically generated biometric keys

Science.gov (United States)

Verma, Gaurav; Sinha, Aloka

2016-11-01

In this paper, we present a new technique to obtain biometric keys by using the fingerprint of a person for an optical image encryption system. The key generation scheme uses the fingerprint biometric information in terms of the amplitude mask (AM) and the phase mask (PM) of the reconstructed fingerprint image that is implemented using the digital holographic technique. Statistical tests have been conducted to check the randomness of the fingerprint PM key that enables its usage as an image encryption key. To explore the utility of the generated biometric keys, an optical image encryption system has been further demonstrated based on the phase retrieval algorithm and the double random phase encoding scheme in which keys for the encryption are used as the AM and the PM key. The advantage associated with the proposed scheme is that the biometric keys’ retrieval requires the simultaneous presence of the fingerprint hologram and the correct knowledge of the reconstruction parameters at the decryption stage, which not only verifies the authenticity of the person but also protects the valuable fingerprint biometric features of the keys. Numerical results are carried out to prove the feasibility and the effectiveness of the proposed encryption system.

Cyber security awareness toolkit for national security: an approach to South Africa's cyber security policy implementation

CSIR Research Space (South Africa)

Phahlamohlaka, LJ

2011-05-01

Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives...

Effect of imperfect Faraday mirrors on the security of a Faraday–Michelson quantum cryptography system

International Nuclear Information System (INIS)

Wang, Wei-Long; Gao, Ming; Ma, Zhi

2013-01-01

The one-way Faraday–Michelson system is a very useful practical quantum cryptography system where Faraday mirrors (FMs) play an important role. In this paper we analyze the security of this system against imperfect FMs. We consider the security loophole caused by imperfect FMs in Alice’s and Bob’s security zones. Then we implement a passive FM attack in this system. By changing the values of the imperfection parameters of Alice’s FMs, we calculate the quantum bit error rate between Alice and Bob induced by Eve and the probability that Eve obtains outcomes successfully. It is shown that the imperfection of one of Alice’s two FMs makes the system sensitive to an attack. Finally we give a modified key rate as a function of the FM imperfections. The security analysis indicates that both Alice’s and Bob’s imperfect FMs can compromise the secure key. (paper)

Digital security technology simplified.

Science.gov (United States)

Scaglione, Bernard J

2007-01-01

Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

An Advanced Temporal Credential-Based Security Scheme with Mutual Authentication and Key Agreement for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Chun-Ta Li

2013-07-01

Full Text Available Wireless sensor networks (WSNs can be quickly and randomly deployed in any harsh and unattended environment and only authorized users are allowed to access reliable sensor nodes in WSNs with the aid of gateways (GWNs. Secure authentication models among the users, the sensor nodes and GWN are important research issues for ensuring communication security and data privacy in WSNs. In 2013, Xue et al. proposed a temporal-credential-based mutual authentication and key agreement scheme for WSNs. However, in this paper, we point out that Xue et al.’s scheme cannot resist stolen-verifier, insider, off-line password guessing, smart card lost problem and many logged-in users’ attacks and these security weaknesses make the scheme inapplicable to practical WSN applications. To tackle these problems, we suggest a simple countermeasure to prevent proposed attacks while the other merits of Xue et al.’s authentication scheme are left unchanged.

New Secure E-mail System Based on Bio-Chaos Key Generation and Modified AES Algorithm

Science.gov (United States)

Hoomod, Haider K.; Radi, A. M.

2018-05-01

The E-mail messages exchanged between sender’s Mailbox and recipient’s Mailbox over the open systems and insecure Networks. These messages may be vulnerable to eavesdropping and itself poses a real threat to the privacy and data integrity from unauthorized persons. The E-mail Security includes the following properties (Confidentiality, Authentication, Message integrity). We need a safe encryption algorithm to encrypt Email messages such as the algorithm Advanced Encryption Standard (AES) or Data Encryption Standard DES, as well as biometric recognition and chaotic system. The proposed E-mail system security uses modified AES algorithm and uses secret key-bio-chaos that consist of biometric (Fingerprint) and chaotic system (Lu and Lorenz). This modification makes the proposed system more sensitive and random. The execution time for both encryption and decryption of the proposed system is much less from original AES, in addition to being compatible with all Mail Servers.

Quantum key distribution with several intercept-resend attacks via a depolarizing channel

International Nuclear Information System (INIS)

Dehmani, Mustapha; Errahmani, Mohamed; Ez-Zahraouy, Hamid; Benyoussef, Abdelilah

2012-01-01

The disturbance effect of a depolarizing channel on the security of the quantum key distribution of the four-state BB84 protocol, with multiple sequential intercept-resend attacks of many eavesdroppers, has been studied. The quantum bit error rate and the mutual information are computed for an arbitrary number N of eavesdroppers. It is found that the quantum error rate decreases with increasing the depolarizing parameter p characterizing the noise of the channel. For p tr of p below which the information is secure and otherwise the information is not secure. The value of p tr decreases with increasing the number of attacks. In contrast, for p ⩾ 0.165, the information is not secure independently of the number of eavesdroppers. Phase diagrams corresponding to the secure—unsecure information are also established. (paper)

Setting best practice criteria for self-differencing avalanche photodiodes in quantum key distribution

Science.gov (United States)

Koehler-Sidki, Alexander; Dynes, James F.; Lucamarini, Marco; Roberts, George L.; Sharpe, Andrew W.; Savory, Seb J.; Yuan, Zhiliang; Shields, Andrew J.

2017-10-01

In recent years, the security of avalanche photodiodes as single photon detectors for quantum key distribution has been subjected to much scrutiny. The most prominent example of this surrounds the vulnerability of such devices to blinding under strong illumination. We focus on self-differencing avalanche photodiodes, single photon detectors that have demonstrated count rates exceeding 1 GCounts/s resulting in secure key rates over 1 MBit/s. These detectors use a passive electronic circuit to cancel any periodic signals thereby enhancing detection sensitivity. However this intrinsic feature can be exploited by adversaries to gain control of the devices using illumination of a moderate intensity. Through careful experimental examinations, we define here a set of criteria for these detectors to avoid such attacks.

Security of supply in liberated electricity markets - key issues and experiences in OECD countries (work in progress)

International Nuclear Information System (INIS)

Stridbaek, Ulrik

2005-06-01

Security of supply of electricity could in principle refer to any parts of the value chain from fuel input to delivery of electricity to the final costumer with the expected quality. Concerns about security of supply are usually focused on three aspects: Timely and adequate supply of the input fuel for electricity generation is a prerequisite - security of energy supply. There has to be timely and adequate infrastructure in place to transform the input fuel into electricity and transport it to the final costumer - adequacy of generation and transmission capacity. Finally, it is an operational challenge to make the electricity system work and deliver at the expected quality - secure operation of the electricity system. Security of supply becomes relevant in a policy context from concerns about market failures in any parts of the value chain or, indeed, from the perspective that policy will set the framework for markets to serve as an instrument to secure the supply. This paper discusses some of the experiences with security of supply concerns and market failures in these three basic segments of the value chain; fuel input, adequate generation and transmission capacity and secure operation of the system, with an emphasis on the role of the market to serve as an efficient instrument. In the aftermath of the large black outs of electricity systems in North America, Italy and Sweden/Denmark IEA initiated a project on 'Transmission Reliability and Power System Security in Competitive Electricity Markets'. The results of this work will be published towards the end of 2005. After a decade with liberalised electricity markets in some pioneer regions, IEA now also finds it timely to analyse some of the lessons in a forthcoming publication. Recent and ongoing IEA-work thereby covers all the main aspects of security of supply. This paper summarises the key findings and messages, with a focus on the work in progress on lessons from liberalisation

Intercept-resend attacks in the Bennett-Brassard 1984 quantum-key-distribution protocol with weak coherent pulses

International Nuclear Information System (INIS)

Curty, Marcos; Luetkenhaus, Norbert

2005-01-01

Unconditional security proofs of the Bennett-Brassard 1984 protocol of quantum key distribution have been obtained recently. These proofs cover also practical implementations that utilize weak coherent pulses in the four signal polarizations. Proven secure rates leave open the possibility that new proofs or new public discussion protocols will obtain larger rates over increased distance. In this paper we investigate limits to the error rate and signal losses that can be tolerated by future protocols and proofs

Field test of a continuous-variable quantum key distribution prototype

International Nuclear Information System (INIS)

Fossier, S; Debuisschert, T; Diamanti, E; Villing, A; Tualle-Brouri, R; Grangier, P

2009-01-01

We have designed and realized a prototype that implements a continuous-variable quantum key distribution (QKD) protocol based on coherent states and reverse reconciliation. The system uses time and polarization multiplexing for optimal transmission and detection of the signal and phase reference, and employs sophisticated error-correction codes for reconciliation. The security of the system is guaranteed against general coherent eavesdropping attacks. The performance of the prototype was tested over preinstalled optical fibres as part of a quantum cryptography network combining different QKD technologies. The stable and automatic operation of the prototype over 57 h yielded an average secret key distribution rate of 8 kbit s -1 over a 3 dB loss optical fibre, including the key extraction process and all quantum and classical communication. This system is therefore ideal for securing communications in metropolitan size networks with high-speed requirements.

Randomized dynamical decoupling strategies and improved one-way key rates for quantum cryptography

Energy Technology Data Exchange (ETDEWEB)

Kern, Oliver

2009-05-25

noisy preprocessing) followed by the use of a structured block code, higher secure key rates may be obtained. For the BB84 protocol it is shown that iterating the combined preprocessing leads to an even higher gain. In order to speed up the numerical evaluation of the key rates, results of representation theory come into play. If a coherent version of the protocol is considered, the block code used in the preprocessing stage becomes a concatenated stabilizer code which is obtained by concatenating an outer random code with an inner deterministic one. This concatenated stabilizer code is used to compute an improved lower bound on the quantum capacity of a certain quantum channel (the so-called qubit depolarizing channel). (orig.)

Randomized dynamical decoupling strategies and improved one-way key rates for quantum cryptography

International Nuclear Information System (INIS)

Kern, Oliver

2009-01-01

noisy preprocessing) followed by the use of a structured block code, higher secure key rates may be obtained. For the BB84 protocol it is shown that iterating the combined preprocessing leads to an even higher gain. In order to speed up the numerical evaluation of the key rates, results of representation theory come into play. If a coherent version of the protocol is considered, the block code used in the preprocessing stage becomes a concatenated stabilizer code which is obtained by concatenating an outer random code with an inner deterministic one. This concatenated stabilizer code is used to compute an improved lower bound on the quantum capacity of a certain quantum channel (the so-called qubit depolarizing channel). (orig.)

An improved and effective secure password-based authentication and key agreement scheme using smart cards for the telecare medicine information system.

Science.gov (United States)

Das, Ashok Kumar; Bruhadeshwar, Bezawada

2013-10-01

Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, their scheme still has two security weaknesses such as (1) it has design flaws in authentication phase and (2) it has design flaws in password change phase. In order to withstand these flaws found in Lee-Liu's scheme, we propose an improvement of their scheme. Our improved scheme keeps also the original merits of Lee-Liu's scheme. We show that our scheme is efficient as compared to Lee-Liu's scheme. Further, through the security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool to show that our scheme is secure against passive and active attacks.

Evaluation of 90nm 6T-SRAM as physical unclonable function for secure key generation in wireless sensor nodes

NARCIS (Netherlands)

Selimis, G.; Konijnenburg, M.; Ashouei, M.; Huisken, J.; de Groot, H.; van der Leest, V.; Schrijen, G.-J.; van Hulst, M.; Tuyls, P.

2011-01-01

Due to the unattended nature of WSN (Wireless Sensor Network) deployment, each sensor can be subject to physical capture, cloning and unauthorized device alteration. In this paper, we use the embedded SRAM, often available on a wireless sensor node, for secure data (cryptographic keys, IDs)

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Walid Elgenaidi

2016-12-01

Full Text Available There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

Rate effects on timing, key velocity, and finger kinematics in piano performance.

Science.gov (United States)

Bella, Simone Dalla; Palmer, Caroline

2011-01-01

We examined the effect of rate on finger kinematics in goal-directed actions of pianists. In addition, we evaluated whether movement kinematics can be treated as an indicator of personal identity. Pianists' finger movements were recorded with a motion capture system while they performed melodies from memory at different rates. Pianists' peak finger heights above the keys preceding keystrokes increased as tempo increased, and were attained about one tone before keypress. These rate effects were not simply due to a strategy to increase key velocity (associated with tone intensity) of the corresponding keystroke. Greater finger heights may compensate via greater tactile feedback for a speed-accuracy tradeoff that underlies the tendency toward larger temporal variability at faster tempi. This would allow pianists to maintain high temporal accuracy when playing at fast rates. In addition, finger velocity and accelerations as pianists' fingers approached keys were sufficiently unique to allow pianists' identification with a neural-network classifier. Classification success was higher in pianists with more extensive musical training. Pianists' movement "signatures" may reflect unique goal-directed movement kinematic patterns, leading to individualistic sound.

A generalized one-factor term structure model and pricing of interest rate derivative securities

NARCIS (Netherlands)

Jiang, George J.

1997-01-01

The purpose of this paper is to propose a nonparametric interest rate term structure model and investigate its implications on term structure dynamics and prices of interest rate derivative securities. The nonparametric spot interest rate process is estimated from the observed short-term interest

Two-Dimensional Key Table-Based Group Key Distribution in Advanced Metering Infrastructure

Directory of Open Access Journals (Sweden)

Woong Go

2014-01-01

Full Text Available A smart grid provides two-way communication by using the information and communication technology. In order to establish two-way communication, the advanced metering infrastructure (AMI is used in the smart grid as the core infrastructure. This infrastructure consists of smart meters, data collection units, maintenance data management systems, and so on. However, potential security problems of the AMI increase owing to the application of the public network. This is because the transmitted information is electricity consumption data for charging. Thus, in order to establish a secure connection to transmit electricity consumption data, encryption is necessary, for which key distribution is required. Further, a group key is more efficient than a pairwise key in the hierarchical structure of the AMI. Therefore, we propose a group key distribution scheme using a two-dimensional key table through the analysis result of the sensor network group key distribution scheme. The proposed scheme has three phases: group key predistribution, selection of group key generation element, and generation of group key.

Practical round-robin differential-phase-shift quantum key distribution

International Nuclear Information System (INIS)

Zhang, Zhen; Yuan, Xiao; Cao, Zhu; Ma, Xiongfeng

2017-01-01

The security of quantum key distribution (QKD) relies on the Heisenberg uncertainty principle, with which legitimate users are able to estimate information leakage by monitoring the disturbance of the transmitted quantum signals. Normally, the disturbance is reflected as bit flip errors in the sifted key; thus, privacy amplification, which removes any leaked information from the key, generally depends on the bit error rate. Recently, a round-robin differential-phase-shift QKD protocol for which privacy amplification does not rely on the bit error rate (Sasaki et al 2014 Nature 509 475) was proposed. The amount of leaked information can be bounded by the sender during the state-preparation stage and hence, is independent of the behavior of the unreliable quantum channel. In our work, we apply the tagging technique to the protocol and present a tight bound on the key rate and employ a decoy-state method. The effects of background noise and misalignment are taken into account under practical conditions. Our simulation results show that the protocol can tolerate channel error rates close to 50% within a typical experiment setting. That is, there is a negligible restriction on the error rate in practice. (paper)

Long-distance quantum key distribution with imperfect devices

International Nuclear Information System (INIS)

Lo Piparo, Nicoló; Razavi, Mohsen

2014-01-01

Quantum key distribution over probabilistic quantum repeaters is addressed. We compare, under practical assumptions, two such schemes in terms of their secure key generation rate per memory, R QKD . The two schemes under investigation are the one proposed by Duan et al. in [Nat. 414, 413 (2001)] and that of Sangouard et al. proposed in [Phys. Rev. A 76, 050301 (2007)]. We consider various sources of imperfections in the latter protocol, such as a nonzero double-photon probability for the source, dark count per pulse, channel loss and inefficiencies in photodetectors and memories, to find the rate for different nesting levels. We determine the maximum value of the double-photon probability beyond which it is not possible to share a secret key anymore. We find the crossover distance for up to three nesting levels. We finally compare the two protocols

Stable operation of a Secure QKD system in the real-world setting

Science.gov (United States)

Tomita, Akihisa

2007-06-01

Quantum Key Distribution (QKD) now steps forward from the proof of principle to the validation of the practical feasibility. Nevertheless, the QKD technology should respond to the challenges from the real-world such as stable operation against the fluctuating environment, and security proof under the practical setting. We report our recent progress on stable operation of a QKD system, and key generation with security assurance. A QKD system should robust to temperature fluctuation in a common office environment. We developed a loop-mirror, a substitution of a Faraday mirror, to allow easy compensation for the temperature dependence of the device. Phase locking technique was also employed to synchronize the system clock to the quantum signals. This technique is indispensable for the transmission system based on the installed fiber cables, which stretch and shrink due to the temperature change. The security proof of QKD, however, has assumed the ideal conditions, such as the use of a genuine single photon source and/or unlimited computational resources. It has been highly desirable to give an assurance of security for practical systems, where the ideal conditions are no longer satisfied. We have constructed a theory to estimate the leakage information on the transmitted key under the practically attainable conditions, and have developed a QKD system equipped with software for secure key distillation. The QKD system generates the final key at the rate of 2000 bps after 20 km fiber transmission. Eavesdropper's information on the final key is guaranteed to be less than 2-7 per bit. This is the first successful generation of the secure key with quantitative assurance of the upper bound of the leakage information. It will put forth the realization of highly secure metropolitan optical communication network against any types of eavesdropping.

Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

Science.gov (United States)

Kish, Laszlo B.; Horvath, Tamas

2009-08-01

We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by “multiple reflections”. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

International Nuclear Information System (INIS)

Kish, Laszlo B.; Horvath, Tamas

2009-01-01

We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange

Energy Technology Data Exchange (ETDEWEB)

Kish, Laszlo B., E-mail: Laszlo.Kish@ece.tamu.ed [Department of Electrical and Computer Engineering, Texas A and M University, College Station, TX 77843-3128 (United States); Horvath, Tamas, E-mail: tamas.horvath@iais.fraunhofer.d [Department of Computer Science, University of Bonn (Germany); Fraunhofer IAIS, Schloss Birlinghoven, D-53754 Sankt Augustin (Germany)

2009-08-03

We critically analyze the results and claims in [P.-L. Liu, Phys. Lett. A 373 (2009) 901]. We show that the strong security leak appeared in the simulations is only an artifact and not caused by 'multiple reflections'. Since no wave modes exist at cable length of 5% of the shortest wavelength of the signal, no wave is present to reflect it. In the high wave impedance limit, the conditions used in the simulations are heavily unphysical (requiring cable diameters up to 28000 times greater than the measured size of the known universe) and the results are modeling artifacts due to the unphysical values. At the low cable impedance limit, the observed artifacts are due to violating the recommended (and tested) conditions by neglecting the cable capacitance restrictions and using about 100 times longer cable than recommended without cable capacitance compensation arrangement. We implement and analyze the general circuitry of Liu's circulator [P.-L. Liu, Phys. Lett. A 373 (2009) 901] and confirm that they are conceptually secure against passive attacks. We introduce an asymmetric, more robust version without feedback loop. Then we crack all these systems by an active attack: a circulator-based man-in-the middle attack. Finally, we analyze the proposed method to increase security by dropping only high-risk bits. We point out the differences between different types of high-risk bits and show the shortage of this strategy for some simple key exchange protocols.

Key Management in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Ismail Mansour

2015-09-01

Full Text Available Wireless sensor networks are a challenging field of research when it comes to security issues. Using low cost sensor nodes with limited resources makes it difficult for cryptographic algorithms to function without impacting energy consumption and latency. In this paper, we focus on key management issues in multi-hop wireless sensor networks. These networks are easy to attack due to the open nature of the wireless medium. Intruders could try to penetrate the network, capture nodes or take control over particular nodes. In this context, it is important to revoke and renew keys that might be learned by malicious nodes. We propose several secure protocols for key revocation and key renewal based on symmetric encryption and elliptic curve cryptography. All protocols are secure, but have different security levels. Each proposed protocol is formally proven and analyzed using Scyther, an automatic verification tool for cryptographic protocols. For efficiency comparison sake, we implemented all protocols on real testbeds using TelosB motes and discussed their performances.

Rate effects on timing, key velocity, and finger kinematics in piano performance.

Directory of Open Access Journals (Sweden)

Simone Dalla Bella

Full Text Available We examined the effect of rate on finger kinematics in goal-directed actions of pianists. In addition, we evaluated whether movement kinematics can be treated as an indicator of personal identity. Pianists' finger movements were recorded with a motion capture system while they performed melodies from memory at different rates. Pianists' peak finger heights above the keys preceding keystrokes increased as tempo increased, and were attained about one tone before keypress. These rate effects were not simply due to a strategy to increase key velocity (associated with tone intensity of the corresponding keystroke. Greater finger heights may compensate via greater tactile feedback for a speed-accuracy tradeoff that underlies the tendency toward larger temporal variability at faster tempi. This would allow pianists to maintain high temporal accuracy when playing at fast rates. In addition, finger velocity and accelerations as pianists' fingers approached keys were sufficiently unique to allow pianists' identification with a neural-network classifier. Classification success was higher in pianists with more extensive musical training. Pianists' movement "signatures" may reflect unique goal-directed movement kinematic patterns, leading to individualistic sound.

A Family of Key Agreement Mechanisms for Mission Critical Communications for Secure Mobile Ad Hoc and Wireless Mesh Internetworking

Directory of Open Access Journals (Sweden)

Tryfonas Theo

2011-01-01

Full Text Available Future wireless networks like mobile ad hoc networks and wireless mesh networks are expected to play important role in demanding communications such as mission critical communications. MANETs are ideal for emergency cases where the communication infrastructure has been completely destroyed and there is a need for quick set up of communications among the rescue/emergency workers. In such emergency scenarios wireless mesh networks may be employed in a later phase for providing advanced communications and services acting as a backbone network in the affected area. Internetworking of both types of future networks will provide a broad range of mission critical applications. While offering many advantages, such as flexibility, easy of deployment and low cost, MANETs and mesh networks face important security and resilience threats, especially for such demanding applications. We introduce a family of key agreement methods based on weak to strong authentication associated with several multiparty contributory key establishment methods. We examine the attributes of each key establishment method and how each method can be better applied in different scenarios. The proposed protocols support seamlessly both types of networks and consider system and application requirements such as efficient and secure internetworking, dynamicity of network topologies and support of thin clients.

Midterm prospective evaluation of TVT-Secur reveals high failure rate.

Science.gov (United States)

Cornu, Jean-Nicolas; Sèbe, Philippe; Peyrat, Laurence; Ciofu, Calin; Cussenot, Olivier; Haab, Francois

2010-07-01

TVT-Secur has been described as a new minimally invasive sling for women's stress urinary incontinence (SUI) management, showing promising results in short-term studies. Our goal was to evaluate the outcome of this procedure after a midterm follow-up. A prospective evaluation involved 45 consecutive patients presenting SUI associated with urethral hypermobility. Fourteen patients preoperatively reported overactive bladder (OAB) symptoms, but none had objective detrusor overactivity. Eight patients had low maximal urethral closure pressure (MUCP). Four patients had pelvic organ prolapse (POP). Patients with POP were treated under general anesthesia by Prolift and TVT-Secur procedure. The 41 other patients received TVT-Secur under local anesthesia on an outpatient basis. All interventions were made by the same surgeon. Postoperative assessment included pad count, bladder diary, clinical examination with stress test, evaluation of satisfaction with the Patient Global Impression of Improvement (PGI-I) scale, and evaluation of side effects. Patients were classified as cured if they used no pads, had no leakage, and had a PGI-I score 50% and PGI-I score TVT or transobturator tape during follow-up. Age, MUCP, or OAB were not associated with failure. Side effects were limited to five cases of de novo OAB and three cases of urinary tract infection. This work is limited by the absence of a comparison group. Our experience shows that despite its good short-term efficacy, TVT-Secur is associated with a high recurrence rate of SUI. Therefore, TVT-Secur does not seem appropriate for SUI first-line management in women. Copyright 2010 European Association of Urology. Published by Elsevier B.V. All rights reserved.

Secure Wireless Sensor Networks: Problems and Solutions

Directory of Open Access Journals (Sweden)

Fei Hu

2003-08-01

Full Text Available As sensor networks edge closer towards wide-spread deployment, security issues become a central concern. So far, the main research focus has been on making sensor networks feasible and useful, and less emphasis was placed on security. This paper analyzes security challenges in wireless sensor networks and summarizes key issues that should be solved for achieving the ad hoc security. It gives an overview of the current state of solutions on such key issues as secure routing, prevention of denial-of-service and key management service. We also present some secure methods to achieve security in wireless sensor networks. Finally we present our integrated approach to securing sensor networks.

Database and applications security integrating information security and data management

CERN Document Server

Thuraisingham, Bhavani

2005-01-01

This is the first book to provide an in-depth coverage of all the developments, issues and challenges in secure databases and applications. It provides directions for data and application security, including securing emerging applications such as bioinformatics, stream information processing and peer-to-peer computing. Divided into eight sections, each of which focuses on a key concept of secure databases and applications, this book deals with all aspects of technology, including secure relational databases, inference problems, secure object databases, secure distributed databases and emerging

A Key Generation Model for Improving the Security of Cryptographic ...

African Journals Online (AJOL)

Cryptography is a mathematical technique that plays an important role in information security techniques for addressing authentication, interactive proofs, data origination, sender/receiver identity, non-repudiation, secure computation, data integrity and confidentiality, message integrity checking and digital signatures.

Optical code division multiple access secure communications systems with rapid reconfigurable polarization shift key user code

Science.gov (United States)

Gao, Kaiqiang; Wu, Chongqing; Sheng, Xinzhi; Shang, Chao; Liu, Lanlan; Wang, Jian

2015-09-01

An optical code division multiple access (OCDMA) secure communications system scheme with rapid reconfigurable polarization shift key (Pol-SK) bipolar user code is proposed and demonstrated. Compared to fix code OCDMA, by constantly changing the user code, the performance of anti-eavesdropping is greatly improved. The Pol-SK OCDMA experiment with a 10 Gchip/s user code and a 1.25 Gb/s user data of payload has been realized, which means this scheme has better tolerance and could be easily realized.

Secure key distribution by swapping quantum entanglement

International Nuclear Information System (INIS)

Song, Daegene

2004-01-01

We report two key distribution schemes achieved by swapping quantum entanglement. Using two Bell states, two bits of secret key can be shared between two distant parties that play symmetric and equal roles. We also address eavesdropping attacks against the schemes

A no-key-exchange secure image sharing scheme based on Shamir's three-pass cryptography protocol and the multiple-parameter fractional Fourier transform.

Science.gov (United States)

Lang, Jun

2012-01-30

In this paper, we propose a novel secure image sharing scheme based on Shamir's three-pass protocol and the multiple-parameter fractional Fourier transform (MPFRFT), which can safely exchange information with no advance distribution of either secret keys or public keys between users. The image is encrypted directly by the MPFRFT spectrum without the use of phase keys, and information can be shared by transmitting the encrypted image (or message) three times between users. Numerical simulation results are given to verify the performance of the proposed algorithm.

Attacking a practical quantum-key-distribution system with wavelength-dependent beam-splitter and multiwavelength sources

International Nuclear Information System (INIS)

Li, Hong-Wei; Wang, Shuang; Huang, Jing-Zheng; Chen, Wei; Yin, Zhen-Qiang; Li, Fang-Yi; Zhou, Zheng; Liu, Dong; Zhang, Yang; Guo, Guang-Can; Han, Zheng-Fu; Bao, Wan-Su

2011-01-01

It is well known that the unconditional security of quantum-key distribution (QKD) can be guaranteed by quantum mechanics. However, practical QKD systems have some imperfections, which can be controlled by the eavesdropper to attack the secret key. With current experimental technology, a realistic beam splitter, made by fused biconical technology, has a wavelength-dependent property. Based on this fatal security loophole, we propose a wavelength-dependent attacking protocol, which can be applied to all practical QKD systems with passive state modulation. Moreover, we experimentally attack a practical polarization encoding QKD system to obtain all the secret key information at the cost of only increasing the quantum bit error rate from 1.3 to 1.4%.

New directions for African security

NARCIS (Netherlands)

Haastrup, Toni; Dijkstra, Hylke

2017-01-01

African security, particularly conflict-related political violence, is a key concern in international relations. This forum seeks to advance existing research agendas by addressing four key themes: domestic politics and peacekeeping; security sector reform programs; peace enforcement; and the

A Move in the Security Measurement Stalemate: Elo-Style Ratings to Quantify Vulnerability

DEFF Research Database (Denmark)

Pieters, Wolter; van der Ven, Sanne H.G.; Probst, Christian W.

2012-01-01

One of the big problems of risk assessment in information security is the quantification of risk-related properties, such as vulnerability. Vulnerability expresses the likelihood that a threat agent acting against an asset will cause impact, for example, the likelihood that an attacker will be ab...... to its application to children solving math problems. It provides an innovative and sound way to quantify vulnerability in models of (information) security.......One of the big problems of risk assessment in information security is the quantification of risk-related properties, such as vulnerability. Vulnerability expresses the likelihood that a threat agent acting against an asset will cause impact, for example, the likelihood that an attacker will be able......-interprets security from the field of Item Response Theory. By observing the success of threat agents against assets, one can rate the strength of threats and controls, and predict the vulnerability of systems to particular threats. The application of Item Response Theory to the field of risk is new, but analogous...

Biometry, the safe key

Directory of Open Access Journals (Sweden)

María Fraile-Hurtado

2010-12-01

Full Text Available Biometry is the next step in authentication, why do not we take this stepforward in our communication security systems? Keys are the main disadvantage in the cryptography, what if we were our own key?

A Secure Dynamic Identity and Chaotic Maps Based User Authentication and Key Agreement Scheme for e-Healthcare Systems.

Science.gov (United States)

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao; Chen, Song-Jhih

2016-11-01

Secure user authentication schemes in many e-Healthcare applications try to prevent unauthorized users from intruding the e-Healthcare systems and a remote user and a medical server can establish session keys for securing the subsequent communications. However, many schemes does not mask the users' identity information while constructing a login session between two or more parties, even though personal privacy of users is a significant topic for e-Healthcare systems. In order to preserve personal privacy of users, dynamic identity based authentication schemes are hiding user's real identity during the process of network communications and only the medical server knows login user's identity. In addition, most of the existing dynamic identity based authentication schemes ignore the inputs verification during login condition and this flaw may subject to inefficiency in the case of incorrect inputs in the login phase. Regarding the use of secure authentication mechanisms for e-Healthcare systems, this paper presents a new dynamic identity and chaotic maps based authentication scheme and a secure data protection approach is employed in every session to prevent illegal intrusions. The proposed scheme can not only quickly detect incorrect inputs during the phases of login and password change but also can invalidate the future use of a lost/stolen smart card. Compared the functionality and efficiency with other authentication schemes recently, the proposed scheme satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for e-Healthcare systems.

Information security architecture an integrated approach to security in the organization

CERN Document Server

Killmeyer, Jan

2000-01-01

An information security architecture is made up of several components. Each component in the architecture focuses on establishing acceptable levels of control. These controls are then applied to the operating environment of an organization. Functionally, information security architecture combines technical, practical, and cost-effective solutions to provide an adequate and appropriate level of security.Information Security Architecture: An Integrated Approach to Security in the Organization details the five key components of an information security architecture. It provides C-level executives

Dynamic secrets in communication security

CERN Document Server

Xiao, Sheng; Towsley, Donald

2013-01-01

Dynamic secrets are constantly generated and updated from messages exchanged between two communication users. When dynamic secrets are used as a complement to existing secure communication systems, a stolen key or password can be quickly and automatically reverted to its secret status without disrupting communication. 'Dynamic Secrets in Communication Security' presents unique security properties and application studies for this technology. Password theft and key theft no longer pose serious security threats when parties frequently use dynamic secrets. This book also illustrates that a dynamic

DNA based random key generation and management for OTP encryption.

Science.gov (United States)

Zhang, Yunpeng; Liu, Xin; Sun, Manhui

2017-09-01

One-time pad (OTP) is a principle of key generation applied to the stream ciphering method which offers total privacy. The OTP encryption scheme has proved to be unbreakable in theory, but difficult to realize in practical applications. Because OTP encryption specially requires the absolute randomness of the key, its development has suffered from dense constraints. DNA cryptography is a new and promising technology in the field of information security. DNA chromosomes storing capabilities can be used as one-time pad structures with pseudo-random number generation and indexing in order to encrypt the plaintext messages. In this paper, we present a feasible solution to the OTP symmetric key generation and transmission problem with DNA at the molecular level. Through recombinant DNA technology, by using only sender-receiver known restriction enzymes to combine the secure key represented by DNA sequence and the T vector, we generate the DNA bio-hiding secure key and then place the recombinant plasmid in implanted bacteria for secure key transmission. The designed bio experiments and simulation results show that the security of the transmission of the key is further improved and the environmental requirements of key transmission are reduced. Analysis has demonstrated that the proposed DNA-based random key generation and management solutions are marked by high security and usability. Published by Elsevier B.V.

Distillation of secret-key from a class of compound memoryless quantum sources

Energy Technology Data Exchange (ETDEWEB)

Boche, H., E-mail: boche@tum.de; Janßen, G., E-mail: gisbert.janssen@tum.de [Lehrstuhl für Theoretische Informationstechnik, Technische Universität München, 80290 München (Germany)

2016-08-15

We consider secret-key distillation from tripartite compound classical-quantum-quantum (cqq) sources with free forward public communication under strong security criterion. We design protocols which are universally reliable and secure in this scenario. These are shown to achieve asymptotically optimal rates as long as a certain regularity condition is fulfilled by the set of its generating density matrices. We derive a multi-letter formula which describes the optimal forward secret-key capacity for all compound cqq sources being regular in this sense. We also determine the forward secret-key distillation capacity for situations where the legitimate sending party has perfect knowledge of his/her marginal state deriving from the source statistics. In this case regularity conditions can be dropped. Our results show that the capacities with and without the mentioned kind of state knowledge are equal as long as the source is generated by a regular set of density matrices. We demonstrate that regularity of cqq sources is not only a technical but also an operational issue. For this reason, we give an example of a source which has zero secret-key distillation capacity without sender knowledge, while achieving positive rates is possible if sender marginal knowledge is provided.

Quantum cryptography with finite resources: unconditional security bound for discrete-variable protocols with one-way postprocessing.

Science.gov (United States)

Scarani, Valerio; Renner, Renato

2008-05-23

We derive a bound for the security of quantum key distribution with finite resources under one-way postprocessing, based on a definition of security that is composable and has an operational meaning. While our proof relies on the assumption of collective attacks, unconditional security follows immediately for standard protocols such as Bennett-Brassard 1984 and six-states protocol. For single-qubit implementations of such protocols, we find that the secret key rate becomes positive when at least N approximately 10(5) signals are exchanged and processed. For any other discrete-variable protocol, unconditional security can be obtained using the exponential de Finetti theorem, but the additional overhead leads to very pessimistic estimates.

Key Distribution and Changing Key Cryptosystem Based on Phase Retrieval Algorithm and RSA Public-Key Algorithm

Directory of Open Access Journals (Sweden)

Tieyu Zhao

2015-01-01

Full Text Available The optical image encryption has attracted more and more researchers’ attention, and the various encryption schemes have been proposed. In existing optical cryptosystem, the phase functions or images are usually used as the encryption keys, and it is difficult that the traditional public-key algorithm (such as RSA, ECC, etc. is used to complete large numerical key transfer. In this paper, we propose a key distribution scheme based on the phase retrieval algorithm and the RSA public-key algorithm, which solves the problem for the key distribution in optical image encryption system. Furthermore, we also propose a novel image encryption system based on the key distribution principle. In the system, the different keys can be used in every encryption process, which greatly improves the security of the system.

Diffie-Hellman Key Exchange through Steganographied Images

Directory of Open Access Journals (Sweden)

Amine Khaldi

2018-05-01

Full Text Available Purpose – In a private key system, the major problem is the exchange of the key between the two parties. Diffie and Hellman have set up a way to share the key. However, this technique is not protected against a man-in-the-middle attack as the settings are not authenticated. The Diffie-Hellman key exchange requires the use of digital signature or creating a secure channel for data exchanging to avoid the man-in-the-middle attack. Methodology/approach/design – We present a Diffie-Hellman key exchange implementation using steganographied images. Using steganography made invisible the data exchange to a potential attacker. So, we will not need a digital signature or creating a secure channel to do our key exchange since only the two concerned parts are aware of this exchange. Findings – We generate a symmetric 128-bit key between two users without use of digital signature or secure channel. However, it works only on bitmap images, heavy images and sensitive to compression.

Preservation of a lower bound of quantum secret key rate in the presence of decoherence

Energy Technology Data Exchange (ETDEWEB)

Datta, Shounak, E-mail: shounak.datta@bose.res.in; Goswami, Suchetana, E-mail: suchetana.goswami@bose.res.in; Pramanik, Tanumoy, E-mail: tanu.pram99@bose.res.in; Majumdar, A.S., E-mail: archan@bose.res.in

2017-03-11

It is well known that the interaction of quantum systems with the environment reduces the inherent quantum correlations. Under special circumstances the effect of decoherence can be reversed, for example, the interaction modelled by an amplitude damping channel can boost the teleportation fidelity from the classical to the quantum region for a bipartite quantum state. Here, we first show that this phenomenon fails to preserve the quantum secret key rate derived under individual attack. We further show that the technique of weak measurement can be used to slow down the process of decoherence, thereby helping to preserve the quantum secret key rate when one or both systems are interacting with the environment via an amplitude damping channel. Most interestingly, in certain cases weak measurement with post-selection where one considers both success and failure of the technique is shown to be more useful than without it when both systems interact with the environment. - Highlights: • In general, decoherence has negative effect on the steerability and quantum secret key rate of a bipartite state. • Quantum key rate can be preserved against the effect of decoherence using the technique of weak measurement. • The technique of weak measurements includes a weak measurement and its reversal. • For some strength of weak measurement and environmental interaction, the average secret key rate is improved.

Preservation of a lower bound of quantum secret key rate in the presence of decoherence

International Nuclear Information System (INIS)

Datta, Shounak; Goswami, Suchetana; Pramanik, Tanumoy; Majumdar, A.S.

2017-01-01

It is well known that the interaction of quantum systems with the environment reduces the inherent quantum correlations. Under special circumstances the effect of decoherence can be reversed, for example, the interaction modelled by an amplitude damping channel can boost the teleportation fidelity from the classical to the quantum region for a bipartite quantum state. Here, we first show that this phenomenon fails to preserve the quantum secret key rate derived under individual attack. We further show that the technique of weak measurement can be used to slow down the process of decoherence, thereby helping to preserve the quantum secret key rate when one or both systems are interacting with the environment via an amplitude damping channel. Most interestingly, in certain cases weak measurement with post-selection where one considers both success and failure of the technique is shown to be more useful than without it when both systems interact with the environment. - Highlights: • In general, decoherence has negative effect on the steerability and quantum secret key rate of a bipartite state. • Quantum key rate can be preserved against the effect of decoherence using the technique of weak measurement. • The technique of weak measurements includes a weak measurement and its reversal. • For some strength of weak measurement and environmental interaction, the average secret key rate is improved.

Interferometric key readable security holograms with secrete-codes

Indian Academy of Sciences (India)

A new method is described to create secrete-codes in the security holograms for enhancing their anti-counterfeiting characteristics. ... Scientific Instruments Organisation, Sector 30, Chandigarh 160 030, India; Department of Applied Physics, Guru Jambheshwar University of Science & Technology, Hisar 125 001, India ...

Privacy amplification for quantum key distribution

International Nuclear Information System (INIS)

Watanabe, Yodai

2007-01-01

This paper examines classical privacy amplification using a universal family of hash functions. In quantum key distribution, the adversary's measurement can wait until the choice of hash functions is announced, and so the adversary's information may depend on the choice. Therefore the existing result on classical privacy amplification, which assumes the independence of the choice from the other random variables, is not applicable to this case. This paper provides a security proof of privacy amplification which is valid even when the adversary's information may depend on the choice of hash functions. The compression rate of the proposed privacy amplification can be taken to be the same as that of the existing one with an exponentially small loss in secrecy of a final key. (fast track communication)

Algorithms for Lightweight Key Exchange.

Science.gov (United States)

Alvarez, Rafael; Caballero-Gil, Cándido; Santonja, Juan; Zamora, Antonio

2017-06-27

Public-key cryptography is too slow for general purpose encryption, with most applications limiting its use as much as possible. Some secure protocols, especially those that enable forward secrecy, make a much heavier use of public-key cryptography, increasing the demand for lightweight cryptosystems that can be implemented in low powered or mobile devices. This performance requirements are even more significant in critical infrastructure and emergency scenarios where peer-to-peer networks are deployed for increased availability and resiliency. We benchmark several public-key key-exchange algorithms, determining those that are better for the requirements of critical infrastructure and emergency applications and propose a security framework based on these algorithms and study its application to decentralized node or sensor networks.

Cryptographic robustness of practical quantum cryptography: BB84 key distribution protocol

International Nuclear Information System (INIS)

Molotkov, S. N.

2008-01-01

In real fiber-optic quantum cryptography systems, the avalanche photodiodes are not perfect, the source of quantum states is not a single-photon one, and the communication channel is lossy. For these reasons, key distribution is impossible under certain conditions for the system parameters. A simple analysis is performed to find relations between the parameters of real cryptography systems and the length of the quantum channel that guarantee secure quantum key distribution when the eavesdropper's capabilities are limited only by fundamental laws of quantum mechanics while the devices employed by the legitimate users are based on current technologies. Critical values are determined for the rate of secure real-time key generation that can be reached under the current technology level. Calculations show that the upper bound on channel length can be as high as 300 km for imperfect photodetectors (avalanche photodiodes) with present-day quantum efficiency (η ∼ 20%) and dark count probability (p dark ∼ 10 -7 )

On the security of SSL/TLS-enabled applications

OpenAIRE

Das, Manik Lal; Samdaria, Navkar

2014-01-01

SSL/TLS (Secure Socket Layer/Transport Layer Security)-enabled web applications aim to provide public key certificate based authentication, secure session key establishment, and symmetric key based traffic confidentiality. A large number of electronic commerce applications, such as stock trading, banking, shopping, and gaming rely on the security strength of the SSL/TLS protocol. In recent times, a potential threat, known as main-in-the-middle (MITM) attack, has been exploited by attackers of...

Pilot-multiplexed continuous-variable quantum key distribution with a real local oscillator

Science.gov (United States)

Wang, Tao; Huang, Peng; Zhou, Yingming; Liu, Weiqi; Zeng, Guihua

2018-01-01

We propose a pilot-multiplexed continuous-variable quantum key distribution (CVQKD) scheme based on a local local oscillator (LLO). Our scheme utilizes time-multiplexing and polarization-multiplexing techniques to dramatically isolate the quantum signal from the pilot, employs two heterodyne detectors to separately detect the signal and the pilot, and adopts a phase compensation method to almost eliminate the multifrequency phase jitter. In order to analyze the performance of our scheme, a general LLO noise model is constructed. Besides the phase noise and the modulation noise, the photon-leakage noise from the reference path and the quantization noise due to the analog-to-digital converter (ADC) are also considered, which are first analyzed in the LLO regime. Under such general noise model, our scheme has a higher key rate and longer secure distance compared with the preexisting LLO schemes. Moreover, we also conduct an experiment to verify our pilot-multiplexed scheme. Results show that it maintains a low level of the phase noise and is expected to obtain a 554-Kbps secure key rate within a 15-km distance under the finite-size effect.

Evaluation of Key Dependent S-Box Based Data Security Algorithm using Hamming Distance and Balanced Output

Directory of Open Access Journals (Sweden)

Balajee Maram K.

2016-02-01

Full Text Available Data security is a major issue because of rapid evolution of data communication over unsecured internetwork. Here the proposed system is concerned with the problem of randomly generated S-box. The generation of S-box depends on Pseudo-Random-Number-Generators and shared-secret-key. The process of Pseudo-Random-Number-Generator depends on large prime numbers. All Pseudo-Random-Numbers are scrambled according to shared-secret-key. After scrambling, the S-box is generated. In this research, large prime numbers are the inputs to the Pseudo-Random-Number-Generator. The proposed S-box will reduce the complexity of S-box generation. Based on S-box parameters, it experimentally investigates the quality and robustness of the proposed algorithm which was tested. It yields better results with the S-box parameters like Hamming Distance, Balanced Output and Avalanche Effect and can be embedded to popular cryptography algorithms

Efficient and Provable Secure Pairing-Free Security-Mediated Identity-Based Identification Schemes

Directory of Open Access Journals (Sweden)

Ji-Jian Chin

2014-01-01

Full Text Available Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user’s secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Efficient and provable secure pairing-free security-mediated identity-based identification schemes.

Science.gov (United States)

Chin, Ji-Jian; Tan, Syh-Yuan; Heng, Swee-Huay; Phan, Raphael C-W

2014-01-01

Security-mediated cryptography was first introduced by Boneh et al. in 2001. The main motivation behind security-mediated cryptography was the capability to allow instant revocation of a user's secret key by necessitating the cooperation of a security mediator in any given transaction. Subsequently in 2003, Boneh et al. showed how to convert a RSA-based security-mediated encryption scheme from a traditional public key setting to an identity-based one, where certificates would no longer be required. Following these two pioneering papers, other cryptographic primitives that utilize a security-mediated approach began to surface. However, the security-mediated identity-based identification scheme (SM-IBI) was not introduced until Chin et al. in 2013 with a scheme built on bilinear pairings. In this paper, we improve on the efficiency results for SM-IBI schemes by proposing two schemes that are pairing-free and are based on well-studied complexity assumptions: the RSA and discrete logarithm assumptions.

Quantum Data Locking for Secure Communication against an Eavesdropper with Time-Limited Storage

Directory of Open Access Journals (Sweden)

Cosmo Lupo

2015-05-01

Full Text Available Quantum cryptography allows for unconditionally secure communication against an eavesdropper endowed with unlimited computational power and perfect technologies, who is only constrained by the laws of physics. We review recent results showing that, under the assumption that the eavesdropper can store quantum information only for a limited time, it is possible to enhance the performance of quantum key distribution in both a quantitative and qualitative fashion. We consider quantum data locking as a cryptographic primitive and discuss secure communication and key distribution protocols. For the case of a lossy optical channel, this yields the theoretical possibility of generating secret key at a constant rate of 1 bit per mode at arbitrarily long communication distances.

A Review of RSA and Public-Key Cryptosystems | Rabah | Botswana ...

African Journals Online (AJOL)

... study and analyze the RSA cryptosystems – a public-key cryptographic algorithm - a system that uses two sets of keys; one for encryption and the other for decryption. Key Words: Public-key cryptography, DH, RSA, Internet Security and attacks, Digital Signature, Message digest, Authentication, Secure Socket Layer (SSL)

Key Management Strategies for Safeguards Authentication and Encryption

International Nuclear Information System (INIS)

Coram, M.; Hymel, R.; McDaniel, M.; Brotz, J.

2015-01-01

Management of cryptographic keys for the authentication and encryption of safeguards data can be the critical weak link in the practical implementation of information security. Within the safeguards community, there is the need to validate that data has not been modified at any point since generation and that it was generated by the monitoring node and not an imposter. In addition, there is the need for that data to be transmitted securely between the monitoring node and the monitoring party such that it cannot be intercepted and read while in transit. Encryption and digital signatures support the required confidentiality and authenticity but challenges exist in managing the cryptographic keys they require. Technologies developed at Sandia National Laboratories have evolved in their use of an associated key management strategy. The first generation system utilized a shared secret key for digital signatures. While fast and efficient, it required that a list of keys be maintained and protected. If control of the key was lost, fraudulent data could be made to look authentic. The second generation changed to support public key / private key cryptography. The key pair is generated by the system, the public key shared, and the private key held internally. This approach eliminated the need to maintain the list of keys. It also allows the public key to be provided to anyone needing to authenticate the data without allowing them to spoof data. A third generation system, currently under development, improves upon the public key / private key approach to address a potential man-in-the-middle attack related to the sharing of the public key. In a planned fourth generation system, secure key exchange protocols will distribute session keys for encryption, eliminating another fixed set of keys utilized by the technology and allowing for periodic renegotiation of keys for enhanced security. (author)

Securing Hadoop

CERN Document Server

Narayanan, Sudheesh

2013-01-01

This book is a step-by-step tutorial filled with practical examples which will focus mainly on the key security tools and implementation techniques of Hadoop security.This book is great for Hadoop practitioners (solution architects, Hadoop administrators, developers, and Hadoop project managers) who are looking to get a good grounding in what Kerberos is all about and who wish to learn how to implement end-to-end Hadoop security within an enterprise setup. It's assumed that you will have some basic understanding of Hadoop as well as be familiar with some basic security concepts.

Information security foundations, technologies and applications

CERN Document Server

Awad, Ali Ismail; Fairhurst, Michael

2018-01-01

This book outlines key emerging trends in information security from the foundations and technologies in biometrics, cybersecurity, and big data security to applications in hardware and embedded systems security, computer forensics, the Internet of Things security, and network security.

Pro Spring security

CERN Document Server

Scarioni, Carlo

2013-01-01

Security is a key element in the development of any non-trivial application. The Spring Security Framework provides a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications. Pro Spring Security will be a reference and advanced tutorial that will do the following: Guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground-up. Demonstrates the different authentication and authorization methods to secure enterprise-level applications

Group key management

Energy Technology Data Exchange (ETDEWEB)

Dunigan, T.; Cao, C.

1997-08-01

This report describes an architecture and implementation for doing group key management over a data communications network. The architecture describes a protocol for establishing a shared encryption key among an authenticated and authorized collection of network entities. Group access requires one or more authorization certificates. The implementation includes a simple public key and certificate infrastructure. Multicast is used for some of the key management messages. An application programming interface multiplexes key management and user application messages. An implementation using the new IP security protocols is postulated. The architecture is compared with other group key management proposals, and the performance and the limitations of the implementation are described.

Spherical reconciliation for a continuous-variable quantum key distribution

International Nuclear Information System (INIS)

Lu Zhao; Shi Jian-Hong; Li Feng-Guang

2017-01-01

Information reconciliation is a significant step for a continuous-variable quantum key distribution (CV-QKD) system. We propose a reconciliation method that allows two authorized parties to extract a consistent and secure binary key in a CV-QKD protocol, which is based on Gaussian-modulated coherent states and homodyne detection. This method named spherical reconciliation is based on spherical quantization and non-binary low-density parity-check (LDPC) codes. With the suitable signal-to-noise ratio (SNR) and code rate of non-binary LDPC codes, spherical reconciliation algorithm has a high efficiency and can extend the transmission distance of CV-QKD. (paper)

Interferometric key readable security holograms with secrete-codes

Indian Academy of Sciences (India)

2Department of Applied Physics, Guru Jambheshwar University of Science & Technology,. Hisar 125 001, India. *E-mail: aka1945@rediffmail.com. MS received 21 ... A new method is described to create secrete-codes in the security holograms for enhancing ... ing, or falsification of the valuable products and documents.

Design and realization of a network security model

OpenAIRE

WANG, Jiahai; HAN, Fangxi; Tang, Zheng; TAMURA, Hiroki; Ishii, Masahiro

2002-01-01

The security of information is a key problem in the development of network technology. The basic requirements of security of information clearly include confidentiality, integrity, authentication and non-repudiation. This paper proposes a network security model that is composed of security system, security connection and communication, and key management. The model carries out encrypting, decrypting, signature and ensures confidentiality, integrity, authentication and non-repudiation. Finally...

Security of continuous-variable quantum key distribution: towards a de Finetti theorem for rotation symmetry in phase space

International Nuclear Information System (INIS)

Leverrier, A; Karpov, E; Cerf, N J; Grangier, P

2009-01-01

Proving the unconditional security of quantum key distribution (QKD) is a highly challenging task as one needs to determine the most efficient attack compatible with experimental data. This task is even more demanding for continuous-variable QKD as the Hilbert space where the protocol is described is infinite dimensional. A possible strategy to address this problem is to make an extensive use of the symmetries of the protocol. In this paper, we investigate a rotation symmetry in phase space that is particularly relevant to continuous-variable QKD, and explore the way towards a new quantum de Finetti theorem that would exploit this symmetry and provide a powerful tool to assess the security of continuous-variable protocols. As a first step, a single-party asymptotic version of this quantum de Finetti theorem in phase space is derived.

7 CFR 4290.845 - Maximum rate of amortization on Loans and Debt Securities.

Science.gov (United States)

2010-01-01

...) RURAL BUSINESS-COOPERATIVE SERVICE AND RURAL UTILITIES SERVICE, DEPARTMENT OF AGRICULTURE RURAL BUSINESS INVESTMENT COMPANY (âRBICâ) PROGRAM Financing of Enterprises by RBICs Structuring Rbic Financing of Eligible Enterprises-Types of Financings § 4290.845 Maximum rate of amortization on Loans and Debt Securities. The...

Looking beyond credit ratings : Factors investors consider In pricing European asset-backed securities

NARCIS (Netherlands)

Fabozzi, F.; Vink, D.

2012-01-01

In this paper, we empirically investigate what credit factors investors rely upon when pricing the spread at issue for European asset-backed securities. More specifically, we investigate how credit factors affect new issuance spreads after taking into account credit rating. We do so by investigating

Reconfigurable Secure Video Codec Based on DWT and AES Processor

Directory of Open Access Journals (Sweden)

Rached Tourki

2010-01-01

Full Text Available In this paper, we proposed a secure video codec based on the discrete wavelet transformation (DWT and the Advanced Encryption Standard (AES processor. Either, use of video coding with DWT or encryption using AES is well known. However, linking these two designs to achieve secure video coding is leading. The contributions of our work are as follows. First, a new method for image and video compression is proposed. This codec is a synthesis of JPEG and JPEG2000,which is implemented using Huffman coding to the JPEG and DWT to the JPEG2000. Furthermore, an improved motion estimation algorithm is proposed. Second, the encryptiondecryption effects are achieved by the AES processor. AES is aim to encrypt group of LL bands. The prominent feature of this method is an encryption of LL bands by AES-128 (128-bit keys, or AES-192 (192-bit keys, or AES-256 (256-bit keys.Third, we focus on a method that implements partial encryption of LL bands. Our approach provides considerable levels of security (key size, partial encryption, mode encryption, and has very limited adverse impact on the compression efficiency. The proposed codec can provide up to 9 cipher schemes within a reasonable software cost. Latency, correlation, PSNR and compression rate results are analyzed and shown.

Detector dead-time effects and paralyzability in high-speed quantum key distribution

International Nuclear Information System (INIS)

Rogers, Daniel J; Bienfang, Joshua C; Nakassis, Anastase; Xu Hai; Clark, Charles W

2007-01-01

Recent advances in quantum key distribution (QKD) have given rise to systems that operate at transmission periods significantly shorter than the dead times of their component single-photon detectors. As systems continue to increase in transmission rate, security concerns associated with detector dead times can limit the production rate of sifted bits. We present a model of high-speed QKD in this limit that identifies an optimum transmission rate for a system with given link loss and detector response characteristics

Key management issue in SCADA networks: A review

Directory of Open Access Journals (Sweden)

Abdalhossein Rezai

2017-02-01

Full Text Available Supervisory Control And Data Acquisition (SCADA networks have a vital role in Critical Infrastructures (CIs such as public transports, power generation systems, gas, water and oil industries, so that there are concerns on security issues in these networks. The utilized Remote Terminal Units (RTUs and Intelligence Electronic Devices (IEDs in these networks have resource limitations, which make security applications a challenging issue. Efficient key management schemes are required besides lightweight ciphers for securing the SCADA communications. Many key management schemes have been developed to address the tradeoff between SCADA constrain and security, but which scheme is the most effective is still debatable. This paper presents a review of the existing key management schemes in SCADA networks, which provides directions for further researches in this field.

Tomographic Approach in Three-Orthogonal-Basis Quantum Key Distribution

International Nuclear Information System (INIS)

Liang Wen-Ye; Yin Zhen-Qiang; Chen Hua; Li Hong-Wei; Chen Wei; Han Zheng-Fu; Wen Hao

2015-01-01

At present, there is an increasing awareness of some three-orthogonal-basis quantum key distribution protocols, such as, the reference-frame-independent (RFI) protocol and the six-state protocol. For secure key rate estimations of these protocols, there are two methods: one is the conventional approach, and another is the tomographic approach. However, a comparison between these two methods has not been given yet. In this work, with the general model of rotation channel, we estimate the key rate using conventional and tomographic methods respectively. Results show that conventional estimation approach in RFI protocol is equivalent to tomographic approach only in the case of that one of three orthogonal bases is always aligned. In other cases, tomographic approach performs much better than the respective conventional approaches of the RFI protocol and the six-state protocol. Furthermore, based on the experimental data, we illustrate the deep connections between tomography and conventional RFI approach representations. (paper)

Quantum deterministic key distribution protocols based on the authenticated entanglement channel

International Nuclear Information System (INIS)

Zhou Nanrun; Wang Lijun; Ding Jie; Gong Lihua

2010-01-01

Based on the quantum entanglement channel, two secure quantum deterministic key distribution (QDKD) protocols are proposed. Unlike quantum random key distribution (QRKD) protocols, the proposed QDKD protocols can distribute the deterministic key securely, which is of significant importance in the field of key management. The security of the proposed QDKD protocols is analyzed in detail using information theory. It is shown that the proposed QDKD protocols can safely and effectively hand over the deterministic key to the specific receiver and their physical implementation is feasible with current technology.

Quantum deterministic key distribution protocols based on the authenticated entanglement channel

Energy Technology Data Exchange (ETDEWEB)

Zhou Nanrun; Wang Lijun; Ding Jie; Gong Lihua [Department of Electronic Information Engineering, Nanchang University, Nanchang 330031 (China)], E-mail: znr21@163.com, E-mail: znr21@hotmail.com

2010-04-15

Based on the quantum entanglement channel, two secure quantum deterministic key distribution (QDKD) protocols are proposed. Unlike quantum random key distribution (QRKD) protocols, the proposed QDKD protocols can distribute the deterministic key securely, which is of significant importance in the field of key management. The security of the proposed QDKD protocols is analyzed in detail using information theory. It is shown that the proposed QDKD protocols can safely and effectively hand over the deterministic key to the specific receiver and their physical implementation is feasible with current technology.

Secure Communications over Wireless Networks Even 1-bit Feedback Helps Achieving Security

KAUST Repository

Rezki, Zouheir

2016-01-06

Recently, there have been a surge toward developing sophisticated security mechanisms based on a cross layer design. While an extensive progress has been realized toward establishing physical layer security as an important design paradigm to enhance security of existing wireless networks, only a little effort has been made toward designing practical coding schemes that achieve or approach the secrecy capacity. Most of existing results are tied to some simplifying assumptions that do not seem always reasonable (passive eavesdropper, perfect channel state information (CSI), etc.). Furthermore, it is still not very clear how to exploit physical layer security paradigms, together with existing cryptosystems, in order to add a supplementary level of protection for information transmission or to achieve key agreement. In this talk, we address the first part of the above problematic, i.e., the effect of channel uncertainty on network security. Particularly, we show that even a coarse estimate of the main channel (channel between the transmitter and the legitimate receiver) can help providing a positive secrecy rate. Specifically, we assume two types of channel uncertainty at the transmitter. The first one is a rate-limited feedback in a block fading channel where the feedback information can be proactive (at the beginning of the coherence block) or of ARQ-type. The second type of uncertainty takes the form of a noisy estimate of the main channel at the transmitter in a fast fading channel. In both cases, we provide upper and lower bounds on the secrecy capacity. We argue how our achievable schemes and upper bounding techniques extend to multi-user setting (broadcasting a single confidential message or multiple confidential messages to multiple legitimate receivers) and to multiple antenna channels.

Secure Communications over Wireless Networks Even 1-bit Feedback Helps Achieving Security

KAUST Repository

Rezki, Zouheir

2016-01-01

Recently, there have been a surge toward developing sophisticated security mechanisms based on a cross layer design. While an extensive progress has been realized toward establishing physical layer security as an important design paradigm to enhance security of existing wireless networks, only a little effort has been made toward designing practical coding schemes that achieve or approach the secrecy capacity. Most of existing results are tied to some simplifying assumptions that do not seem always reasonable (passive eavesdropper, perfect channel state information (CSI), etc.). Furthermore, it is still not very clear how to exploit physical layer security paradigms, together with existing cryptosystems, in order to add a supplementary level of protection for information transmission or to achieve key agreement. In this talk, we address the first part of the above problematic, i.e., the effect of channel uncertainty on network security. Particularly, we show that even a coarse estimate of the main channel (channel between the transmitter and the legitimate receiver) can help providing a positive secrecy rate. Specifically, we assume two types of channel uncertainty at the transmitter. The first one is a rate-limited feedback in a block fading channel where the feedback information can be proactive (at the beginning of the coherence block) or of ARQ-type. The second type of uncertainty takes the form of a noisy estimate of the main channel at the transmitter in a fast fading channel. In both cases, we provide upper and lower bounds on the secrecy capacity. We argue how our achievable schemes and upper bounding techniques extend to multi-user setting (broadcasting a single confidential message or multiple confidential messages to multiple legitimate receivers) and to multiple antenna channels.

Quantum dense key distribution

International Nuclear Information System (INIS)

Degiovanni, I.P.; Ruo Berchera, I.; Castelletto, S.; Rastello, M.L.; Bovino, F.A.; Colla, A.M.; Castagnoli, G.

2004-01-01

This paper proposes a protocol for quantum dense key distribution. This protocol embeds the benefits of a quantum dense coding and a quantum key distribution and is able to generate shared secret keys four times more efficiently than the Bennet-Brassard 1984 protocol. We hereinafter prove the security of this scheme against individual eavesdropping attacks, and we present preliminary experimental results, showing its feasibility

Characteristics of Key Update Strategies for Wireless Sensor Networks

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2011-01-01

Wireless sensor networks offer the advantages of simple and low-resource communication. Challenged by this simplicity and low-resources, security is of particular importance in many cases such as transmission of sensitive data or strict requirements of tamper-resistance. Updating the security keys...... is one of the essential points in security, which restrict the amount of data that may be exposed when a key is compromised. In this paper, we investigate key update methods that may be used in wireless sensor networks, and benefiting from stochastic model checking we derive characteristics...

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas

Directory of Open Access Journals (Sweden)

Ze Wang

2015-09-01

Full Text Available Network security is one of the most important issues in mobile sensor networks (MSNs. Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA is proposed to resist malicious attacks by using mobile nodes’ dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

Science.gov (United States)

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

Certificateless Key-Insulated Generalized Signcryption Scheme without Bilinear Pairings

Directory of Open Access Journals (Sweden)

Caixue Zhou

2017-01-01

Full Text Available Generalized signcryption (GSC can be applied as an encryption scheme, a signature scheme, or a signcryption scheme with only one algorithm and one key pair. A key-insulated mechanism can resolve the private key exposure problem. To ensure the security of cloud storage, we introduce the key-insulated mechanism into GSC and propose a concrete scheme without bilinear pairings in the certificateless cryptosystem setting. We provide a formal definition and a security model of certificateless key-insulated GSC. Then, we prove that our scheme is confidential under the computational Diffie-Hellman (CDH assumption and unforgeable under the elliptic curve discrete logarithm (EC-DL assumption. Our scheme also supports both random-access key update and secure key update. Finally, we evaluate the efficiency of our scheme and demonstrate that it is highly efficient. Thus, our scheme is more suitable for users who communicate with the cloud using mobile devices.

Breaking a chaos-noise-based secure communication scheme

Science.gov (United States)

Li, Shujun; Álvarez, Gonzalo; Chen, Guanrong; Mou, Xuanqin

2005-03-01

This paper studies the security of a secure communication scheme based on two discrete-time intermittently chaotic systems synchronized via a common random driving signal. Some security defects of the scheme are revealed: 1) The key space can be remarkably reduced; 2) the decryption is insensitive to the mismatch of the secret key; 3) the key-generation process is insecure against known/chosen-plaintext attacks. The first two defects mean that the scheme is not secure enough against brute-force attacks, and the third one means that an attacker can easily break the cryptosystem by approximately estimating the secret key once he has a chance to access a fragment of the generated keystream. Yet it remains to be clarified if intermittent chaos could be used for designing secure chaotic cryptosystems.

Breaking chaotic shift key communication via adaptive key identification

International Nuclear Information System (INIS)

Ren Haipeng; Han Chongzhao; Liu Ding

2008-01-01

This paper proposes an adaptive parameter identification method for breaking chaotic shift key communication from the transmitted signal in public channel. The sensitive dependence property of chaos on parameter mismatch is used for chaos adaptive synchronization and parameter identification. An index function about the synchronization error is defined and conjugate gradient method is used to minimize the index function and to search the transmitter's parameter (key). By using proposed method, secure key is recovered from transmitted signal generated by low dimensional chaos and hyper chaos switching communication. Multi-parameters can also be identified from the transmitted signal with noise

Simple group password-based authenticated key agreements for the integrated EPR information system.

Science.gov (United States)

Lee, Tian-Fu; Chang, I-Pin; Wang, Ching-Cheng

2013-04-01

The security and privacy are important issues for electronic patient records (EPRs). The goal of EPRs is sharing the patients' medical histories such as the diagnosis records, reports and diagnosis image files among hospitals by the Internet. So the security issue for the integrated EPR information system is essential. That is, to ensure the information during transmission through by the Internet is secure and private. The group password-based authenticated key agreement (GPAKE) allows a group of users like doctors, nurses and patients to establish a common session key by using password authentication. Then the group of users can securely communicate by using this session key. Many approaches about GAPKE employ the public key infrastructure (PKI) in order to have higher security. However, it not only increases users' overheads and requires keeping an extra equipment for storing long-term secret keys, but also requires maintaining the public key system. This investigation presents a simple group password-based authenticated key agreement (SGPAKE) protocol for the integrated EPR information system. The proposed SGPAKE protocol does not require using the server or users' public keys. Each user only remembers his weak password shared with a trusted server, and then can obtain a common session key. Then all users can securely communicate by using this session key. The proposed SGPAKE protocol not only provides users with convince, but also has higher security.

Secret Key Agreement: Fundamental Limits and Practical Challenges

KAUST Repository

Rezki, Zouheir

2017-02-15

Despite the tremendous progress made toward establishing PLS as a new paradigm to guarantee security of communication systems at the physical layerthere is a common belief among researchers and industrials that there are many practical challenges that prevent PLS from flourishing at the industrial scale. Most secure message transmission constructions available to date are tied to strong assumptions on CSI, consider simple channel models and undermine eavesdropping capabilities; thus compromising their practical interest to a big extent. Perhaps arguably, the most likely reasonable way to leverage PLS potential in securing modern wireless communication systems is via secret-key agreement. In the latter setting, the legitimate parties try to agree on a key exploiting availability of a public channel with high capacity which is also accessible to the eavesdropper. Once a key is shared by the legitimate parties, they may use it in a one-time pad encryption, for instance. In this article, we investigate two performance limits of secret-key agreement communications; namely, the secret-key diversity-multiplexing trade-off and the effect of transmit correlation on the secretkey capacity. We show via examples how secretkey agreement offers more flexibility than secure message transmissions. Finally, we explore a few challenges of secret-key agreement concept and propose a few guidelines to overturn them.

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

Science.gov (United States)

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

Science.gov (United States)

Park, Chang-Seop

2014-01-01

After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Security Analysis of Yeh-Tsai Security Mechanism

Science.gov (United States)

Yum, Dae Hyun; Shin, Jong Hoon; Lee, Pil Joong

Yeh and Tsai recently proposed an enhanced mobile commerce security mechanism. They modified the lightweight security mechanism due to Lam, Chung, Gu, and Sun to relieve the burden of mobile clients. However, this article shows that a malicious WAP gateway can successfully obtain the mobile client's PIN by sending a fake public key of a mobile commerce server and exploiting information leakage caused by addition operation. We also present a countermeasure against the proposed attack.

Key Management Schemes for Peer-to-Peer Multimedia Streaming Overlay Networks

Science.gov (United States)

Naranjo, J. A. M.; López-Ramos, J. A.; Casado, L. G.

Key distribution for multimedia live streaming peer-to-peer overlay networks is a field still in its childhood stage. A scheme designed for networks of this kind must seek security and efficiency while keeping in mind the following restrictions: limited bandwidth, continuous playing, great audience size and clients churn. This paper introduces two novel schemes that allow a trade-off between security and efficiency by allowing to dynamically vary the number of levels used in the key hierarchy. These changes are motivated by great variations in audience size, and initiated by decision of the Key Server. Additionally, a comparative study of both is presented, focusing on security and audience size. Results show that larger key hierarchies can supply bigger audiences, but offer less security against statistical attacks. The opposite happens for shorter key hierarchies.

Key Based Mutual Authentication (KBMA Mechanism for Secured Access in MobiCloud Environment

Directory of Open Access Journals (Sweden)

Donald A. Cecil

2016-01-01

Full Text Available Mobile Cloud Computing (MCC fuels innovation in Mobile Computing and opens new pathways between mobile devices and infrastructures. There are several issues in MCC environment as it integrates various technologies. Among all issues, security lies on the top where many users are not willing to adopt the cloud services. This paper focuses on the authentication. The objective of this paper is to provide a mechanism for authenticating all the entities involved in accessing the cloud services. A mechanism called Key Based Mutual Authentication (KBMA is proposed which is divided into two processes namely registration and authentication. Registration is a one-time process where the users are registered for accessing the cloud services by giving the desired unique information. Authentication process is carried out mutually to verify the identities of Device and Cloud Service Provider (CSP. Scyther tool is used for analysing the vulnerability in terms of attacks. The result claims show that the proposed mechanism is resilient against various attacks.

ZigBee-2007 Security Essentials

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

2008-01-01

ZigBee is a fairly new but promising standard for wireless networks due to its low resource requirements. As in other wireless network standards, security is an important issue and each new version of the ZigBee Specification enhances the level of the ZigBee security. In this paper, we present...... the security essentials of the latest ZigBee Specification, ZigBee-2007. We explain the key concepts, protocols, and computations. In addition, we formulate the protocols using standard protocol narrations. Finally, we identify the key challenges to be considered for consolidating ZigBee....

Calculation of key reduction for B92 QKD protocol

Science.gov (United States)

Mehic, Miralem; Partila, Pavol; Tovarek, Jaromir; Voznak, Miroslav

2015-05-01

It is well known that Quantum Key Distribution (QKD) can be used with the highest level of security for distribution of the secret key, which is further used for symmetrical encryption. B92 is one of the oldest QKD protocols. It uses only two non-orthogonal states, each one coding for one bit-value. It is much faster and simpler when compared to its predecessors, but with the idealized maximum efficiencies of 25% over the quantum channel. B92 consists of several phases in which initial key is significantly reduced: secret key exchange, extraction of the raw key (sifting), error rate estimation, key reconciliation and privacy amplification. QKD communication is performed over two channels: the quantum channel and the classical public channel. In order to prevent a man-in-the-middle attack and modification of messages on the public channel, authentication of exchanged values must be performed. We used Wegman-Carter authentication because it describes an upper bound for needed symmetric authentication key. We explained the reduction of the initial key in each of QKD phases.

Security management

International Nuclear Information System (INIS)

Adams, H.W.

1990-01-01

Technical progress is moving more and more quickly and the systems thus produced are so complex and have become so unclear to the individual that he can no longer estimate the consequences: Faith in progress has given way to deep mistrust. Companies have adjusted to this change in consciousness. An interesting tendency can be identified: technical security is already available - now the organization of security has become an important objective for companies. The key message of the book is: If outworn technical systems are no longer adequate, the organization must be thoroughly overhauled. Five chapters deal with the following themes: organization as an aspect of society; risk control; aspects of security; is there security in ADP; the broader concept of security. (orig./HP) [de

Signature Schemes Secure against Hard-to-Invert Leakage

DEFF Research Database (Denmark)

Faust, Sebastian; Hazay, Carmit; Nielsen, Jesper Buus

2012-01-01

of the secret key. As a second contribution, we construct a signature scheme that achieves security for random messages assuming that the adversary is given a polynomial-time hard to invert function. Here, polynomial-hardness is required even when given the entire public-key – so called weak auxiliary input......-theoretically reveal the entire secret key. In this work, we propose the first constructions of digital signature schemes that are secure in the auxiliary input model. Our main contribution is a digital signature scheme that is secure against chosen message attacks when given an exponentially hard-to-invert function...... security. We show that such signature schemes readily give us auxiliary input secure identification schemes...

Tight finite-key analysis for quantum cryptography.

Science.gov (United States)

Tomamichel, Marco; Lim, Charles Ci Wen; Gisin, Nicolas; Renner, Renato

2012-01-17

Despite enormous theoretical and experimental progress in quantum cryptography, the security of most current implementations of quantum key distribution is still not rigorously established. One significant problem is that the security of the final key strongly depends on the number, M, of signals exchanged between the legitimate parties. Yet, existing security proofs are often only valid asymptotically, for unrealistically large values of M. Another challenge is that most security proofs are very sensitive to small differences between the physical devices used by the protocol and the theoretical model used to describe them. Here we show that these gaps between theory and experiment can be simultaneously overcome by using a recently developed proof technique based on the uncertainty relation for smooth entropies.

Designing key-dependent chaotic S-box with larger key space

International Nuclear Information System (INIS)

Yin Ruming; Yuan Jian; Wang Jian; Shan Xiuming; Wang Xiqin

2009-01-01

The construction of cryptographically strong substitution boxes (S-boxes) is an important concern in designing secure cryptosystems. The key-dependent S-boxes designed using chaotic maps have received increasing attention in recent years. However, the key space of such S-boxes does not seem to be sufficiently large due to the limited parameter range of discretized chaotic maps. In this paper, we propose a new key-dependent S-box based on the iteration of continuous chaotic maps. We explore the continuous-valued state space of chaotic systems, and devise the discrete mapping between the input and the output of the S-box. A key-dependent S-box is constructed with the logistic map in this paper. We show that its key space could be much larger than the current key-dependent chaotic S-boxes.

General Theory of Decoy-State Quantum Cryptography with Dark Count Rate Fluctuation

International Nuclear Information System (INIS)

Xiang, Gao; Shi-Hai, Sun; Lin-Mei, Liang

2009-01-01

The existing theory of decoy-state quantum cryptography assumes that the dark count rate is a constant, but in practice there exists fluctuation. We develop a new scheme of the decoy state, achieve a more practical key generation rate in the presence of fluctuation of the dark count rate, and compare the result with the result of the decoy-state without fluctuation. It is found that the key generation rate and maximal secure distance will be decreased under the influence of the fluctuation of the dark count rate

Asset backed securities : risks, ratings and quantitative modelling

NARCIS (Netherlands)

Jönsson, B.H.B.; Schoutens, W.

2009-01-01

Asset backed securities (ABSs) are structured finance products backed by pools of assets and are created through a securitisation process. The risks in asset backed securities, such as, credit risk, prepayment risk, market risks, operational risk, and legal risks, are directly connected with the

A study of the security technology and a new security model for WiFi network

Science.gov (United States)

Huang, Jing

2013-07-01

The WiFi network is one of the most rapidly developing wireless communication networks, which makes wireless office and wireless life possible and greatly expands the application form and scope of the internet. At the same time, the WiFi network security has received wide attention, and this is also the key factor of WiFi network development. This paper makes a systematic introduction to the WiFi network and WiFi network security problems, and the WiFi network security technology are reviewed and compared. In order to solve the security problems in WiFi network, this paper presents a new WiFi network security model and the key exchange algorithm. Experiments are performed to test the performance of the model, the results show that the new security model can withstand external network attack and ensure stable and safe operation of WiFi network.

Novel secret key generation techniques using memristor devices

Science.gov (United States)

Abunahla, Heba; Shehada, Dina; Yeun, Chan Yeob; Mohammad, Baker; Jaoude, Maguy Abi

2016-02-01

This paper proposes novel secret key generation techniques using memristor devices. The approach depends on using the initial profile of a memristor as a master key. In addition, session keys are generated using the master key and other specified parameters. In contrast to existing memristor-based security approaches, the proposed development is cost effective and power efficient since the operation can be achieved with a single device rather than a crossbar structure. An algorithm is suggested and demonstrated using physics based Matlab model. It is shown that the generated keys can have dynamic size which provides perfect security. Moreover, the proposed encryption and decryption technique using the memristor based generated keys outperforms Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES) in terms of processing time. This paper is enriched by providing characterization results of a fabricated microscale Al/TiO2/Al memristor prototype in order to prove the concept of the proposed approach and study the impacts of process variations. The work proposed in this paper is a milestone towards System On Chip (SOC) memristor based security.

Wireless Physical Layer Security: On the Performance Limit of Secret-Key Agreement

KAUST Repository

Zorgui, Marwen

2015-01-01

Physical layer security (PLS) is a new paradigm aiming at securing communications between legitimate parties at the physical layer. Conventionally, achieving confidentiality in communication networks relies on cryptographic techniques such as public

Boosting up quantum key distribution by learning statistics of practical single-photon sources

International Nuclear Information System (INIS)

Adachi, Yoritoshi; Yamamoto, Takashi; Koashi, Masato; Imoto, Nobuyuki

2009-01-01

We propose a simple quantum-key-distribution (QKD) scheme for practical single-photon sources (SPSs), which works even with a moderate suppression of the second-order correlation g (2) of the source. The scheme utilizes a passive preparation of a decoy state by monitoring a fraction of the signal via an additional beam splitter and a detector at the sender's side to monitor photon-number splitting attacks. We show that the achievable distance increases with the precision with which the sub-Poissonian tendency is confirmed in higher photon-number distribution of the source, rather than with actual suppression of the multiphoton emission events. We present an example of the secure key generation rate in the case of a poor SPS with g (2) =0.19, in which no secure key is produced with the conventional QKD scheme, and show that learning the photon-number distribution up to several numbers is sufficient for achieving almost the same distance as that of an ideal SPS.

Understanding and applying cryptography and data security

CERN Document Server

Elbirt, Adam J

2009-01-01

Introduction A Brief History of Cryptography and Data Security Cryptography and Data Security in the Modern World Existing Texts Book Organization Symmetric-Key Cryptography Cryptosystem Overview The Modulo Operator Greatest Common Divisor The Ring ZmHomework ProblemsSymmetric-Key Cryptography: Substitution Ciphers Basic Cryptanalysis Shift Ciphers Affine Ciphers Homework ProblemsSymmetric-Key Cryptography: Stream Ciphers Random Numbers The One-Time Pad Key Stream GeneratorsReal-World ApplicationsHomework ProblemsSymmetric-Key Cryptography: Block Ciphers The Data Encryption StandardThe Advance

Households and food security: lessons from food secure households in East Africa.

NARCIS (Netherlands)

Silvestri, Silvia; Douxchamps, Sabine; Kristjanson, Patti; Förch, Wiebke; Radeny, Maren; Mutie, Lanetta; Quiros, F.C.; Herrero, M.; Ndungu, Anthony; Claessens, L.F.G.

2015-01-01

Background
What are the key factors that contribute to household-level food security? What lessons can we learn from food secure households? What agricultural options and management strategies are likely to benefit female-headed households in particular? This paper addresses these questions

Enhanced Key Management Protocols for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Baojiang Cui

2015-01-01

Full Text Available With rapid development and extensive use of wireless sensor networks (WSNs, it is urgent to enhance the security for WSNs, in which key management is an effective way to protect WSNs from various attacks. However, different types of messages exchanged in WSNs typically have different security requirements which cannot be satisfied by a single keying mechanism. In this study, a basic key management protocol is described for WSNs based on four kinds of keys, which can be derived from an initial master key, and an enhanced protocol is proposed based on Diffie-Hellman algorithm. The proposed scheme restricts the adverse security impact of a captured node to the rest of WSNs and meets the requirement of energy efficiency by supporting in-network processing. The master key protection, key revocation mechanism, and the authentication mechanism based on one-way hash function are, respectively, discussed. Finally, the performance of the proposed scheme is analyzed from the aspects of computational efficiency, storage requirement and communication cost, and its antiattack capability in protecting WSNs is discussed under various attack models. In this paper, promising research directions are also discussed.

Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

Directory of Open Access Journals (Sweden)

Chang-Seop Park

2014-01-01

Full Text Available After two recent security attacks against implantable medical devices (IMDs have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient’s life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician’s treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

Securing collaborative environments

Energy Technology Data Exchange (ETDEWEB)

Agarwal, Deborah [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Jackson, Keith [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Thompson, Mary [Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)

2002-05-16

The diverse set of organizations and software components involved in a typical collaboratory make providing a seamless security solution difficult. In addition, the users need support for a broad range of frequency and locations for access to the collaboratory. A collaboratory security solution needs to be robust enough to ensure that valid participants are not denied access because of its failure. There are many tools that can be applied to the task of securing collaborative environments and these include public key infrastructure, secure sockets layer, Kerberos, virtual and real private networks, grid security infrastructure, and username/password. A combination of these mechanisms can provide effective secure collaboration capabilities. In this paper, we discuss the requirements of typical collaboratories and some proposals for applying various security mechanisms to collaborative environments.

Security for multihop wireless networks

CERN Document Server

Khan, Shafiullah

2014-01-01

Security for Multihop Wireless Networks provides broad coverage of the security issues facing multihop wireless networks. Presenting the work of a different group of expert contributors in each chapter, it explores security in mobile ad hoc networks, wireless sensor networks, wireless mesh networks, and personal area networks.Detailing technologies and processes that can help you secure your wireless networks, the book covers cryptographic coprocessors, encryption, authentication, key management, attacks and countermeasures, secure routing, secure medium access control, intrusion detection, ep

SecurID

CERN Multimedia

Now called RSA SecurID, SecurID is a mechanism developed by Security Dynamics that allows two-factor authentication for a user on a network resource. It works on the principle of the unique password mode, based on a shared secret. Every sixty seconds, the component generates a new six-digit token on the screen. The latter comes from the current time (internal clock) and the seed (SecurID private key that is available on the component, and is also from the SecurID server). During an authentication request, the SecurID server will check the entered token by performing exactly the same calculation as that performed by your component. The server knows the two information required for this calculation: the current time and the seed of your component. Access is allowed if the token calculated by the server matches the token you specified.

Key distillation in quantum cryptography

Science.gov (United States)

Slutsky, Boris Aron

1998-11-01

Quantum cryptography is a technique which permits two parties to communicate over an open channel and establish a shared sequence of bits known only to themselves. This task, provably impossible in classical cryptography, is accomplished by encoding the data on quantum particles and harnessing their unique properties. It is believed that no eavesdropping attack consistent with the laws of quantum theory can compromise the secret data unknowingly to the legitimate users of the channel. Any attempt by a hostile actor to monitor the data carrying particles while in transit reveals itself through transmission errors it must inevitably introduce. Unfortunately, in practice a communication is not free of errors even when no eavesdropping is present. Key distillation is a technique that permits the parties to overcome this difficulty and establish a secret key despite channel defects, under the assumption that every particle is handled independently from other particles by the enemy. In the present work, key distillation is described and its various aspects are studied. A relationship is derived between the average error rate resulting from an eavesdropping attack and the amount of information obtained by the attacker. Formal definition is developed of the security of the final key. The net throughput of secret bits in a quantum cryptosystem employing key distillation is assessed. An overview of quantum cryptographic protocols and related information theoretical results is also given.

Cyber security awareness toolkit for national security: An approach to South Africa’s cybersecurity policy implementation

CSIR Research Space (South Africa)

Phahlamohlaka, LJ

2011-05-01

Full Text Available The aim of this paper is to propose an approach that South Africa could follow in implementing its proposed Cyber security policy. The paper proposes a Cyber Security Awareness Toolkit that is underpinned by key National Security imperatives as well...

A novel security algorithm for gsm mobile

International Nuclear Information System (INIS)

Minhas, A.A.; Mehmood, W.; Ijaz, A.

2010-01-01

Security is a crucial factor in the provision of secure mobile services. The rapid growth of harmful attacks has increased the need for higher security level, especially in the case of wireless networks. GSM security is proposed by A5/1 synchronous symmetric-key stream cipher. It has been revealed in (1), (2), and (3) that biased birthday attack, random subgraph attack and correlation attack, breach the security at the air interface. In this paper, we have proposed a high level security solution that incorporates a new Key setup routine and new feedback taps positions. We have shown that the proposed solution is more secure and efficient by simulating and application of different Statistical Tests for standard A5/1 and proposed A5/1 in MATLAB and comparing results. (author)

A STUDY ON BIOMETRIC TEMPLATE SECURITY

Directory of Open Access Journals (Sweden)

N. Radha

2010-07-01

Full Text Available The increasing popularity of biometrics and cryptography is driven by the widespread stipulation on information security. Abundant efforts have been made in developing successful methods in these areas in order to accomplish an enhanced level of information security. There are two dominant issues in information security enhancement. One is to defend the user ownership and control the access to information by authenticating an individual’s identity. The other is to make sure the privacy and integrity of information and to secure communication. Cryptography is the science of writing in secret code. Secret-key cryptography and public-key cryptography are the two most important cryptographic architectures. The security of a cryptographic system is reliant on the secrecy of the cryptographic key. Biometric authentication or simply biometrics refers to establishing automatic personal recognition based on the physical and behavioral characteristics of an individual (e.g. face, voice, fingerprint, gait, hand geometry, iris, gene, etc.. Biometrics offers superior security and easier than traditional identity authentication systems (based on passwords and cryptographic keys.Since biometrics characteristics are naturally related with a particular individual, making them insusceptible to being stolen, forgotten, lost or attached. This paper presents a survey on various techniques proposed earlier in developing an authentication system for ensuring individual’s information security by combining biometric characteristics of that particular individual and the cryptographic techniques. In addition, it provides some fundamental idea for future research that may help in eliminating the problems associated with the present authentication systems.

High-dimensional quantum key distribution with the entangled single-photon-added coherent state

Energy Technology Data Exchange (ETDEWEB)

Wang, Yang [Zhengzhou Information Science and Technology Institute, Zhengzhou, 450001 (China); Synergetic Innovation Center of Quantum Information and Quantum Physics, University of Science and Technology of China, Hefei, Anhui 230026 (China); Bao, Wan-Su, E-mail: 2010thzz@sina.com [Zhengzhou Information Science and Technology Institute, Zhengzhou, 450001 (China); Synergetic Innovation Center of Quantum Information and Quantum Physics, University of Science and Technology of China, Hefei, Anhui 230026 (China); Bao, Hai-Ze; Zhou, Chun; Jiang, Mu-Sheng; Li, Hong-Wei [Zhengzhou Information Science and Technology Institute, Zhengzhou, 450001 (China); Synergetic Innovation Center of Quantum Information and Quantum Physics, University of Science and Technology of China, Hefei, Anhui 230026 (China)

2017-04-25

High-dimensional quantum key distribution (HD-QKD) can generate more secure bits for one detection event so that it can achieve long distance key distribution with a high secret key capacity. In this Letter, we present a decoy state HD-QKD scheme with the entangled single-photon-added coherent state (ESPACS) source. We present two tight formulas to estimate the single-photon fraction of postselected events and Eve's Holevo information and derive lower bounds on the secret key capacity and the secret key rate of our protocol. We also present finite-key analysis for our protocol by using the Chernoff bound. Our numerical results show that our protocol using one decoy state can perform better than that of previous HD-QKD protocol with the spontaneous parametric down conversion (SPDC) using two decoy states. Moreover, when considering finite resources, the advantage is more obvious. - Highlights: • Implement the single-photon-added coherent state source into the high-dimensional quantum key distribution. • Enhance both the secret key capacity and the secret key rate compared with previous schemes. • Show an excellent performance in view of statistical fluctuations.

High-dimensional quantum key distribution with the entangled single-photon-added coherent state

International Nuclear Information System (INIS)

Wang, Yang; Bao, Wan-Su; Bao, Hai-Ze; Zhou, Chun; Jiang, Mu-Sheng; Li, Hong-Wei

2017-01-01

High-dimensional quantum key distribution (HD-QKD) can generate more secure bits for one detection event so that it can achieve long distance key distribution with a high secret key capacity. In this Letter, we present a decoy state HD-QKD scheme with the entangled single-photon-added coherent state (ESPACS) source. We present two tight formulas to estimate the single-photon fraction of postselected events and Eve's Holevo information and derive lower bounds on the secret key capacity and the secret key rate of our protocol. We also present finite-key analysis for our protocol by using the Chernoff bound. Our numerical results show that our protocol using one decoy state can perform better than that of previous HD-QKD protocol with the spontaneous parametric down conversion (SPDC) using two decoy states. Moreover, when considering finite resources, the advantage is more obvious. - Highlights: • Implement the single-photon-added coherent state source into the high-dimensional quantum key distribution. • Enhance both the secret key capacity and the secret key rate compared with previous schemes. • Show an excellent performance in view of statistical fluctuations.

Quantum Secure Group Communication.

Science.gov (United States)

Li, Zheng-Hong; Zubairy, M Suhail; Al-Amri, M

2018-03-01

We propose a quantum secure group communication protocol for the purpose of sharing the same message among multiple authorized users. Our protocol can remove the need for key management that is needed for the quantum network built on quantum key distribution. Comparing with the secure quantum network based on BB84, we show our protocol is more efficient and securer. Particularly, in the security analysis, we introduce a new way of attack, i.e., the counterfactual quantum attack, which can steal information by "invisible" photons. This invisible photon can reveal a single-photon detector in the photon path without triggering the detector. Moreover, the photon can identify phase operations applied to itself, thereby stealing information. To defeat this counterfactual quantum attack, we propose a quantum multi-user authorization system. It allows us to precisely control the communication time so that the attack can not be completed in time.

Secured Session-key Distribution using control Vector Encryption / Decryption Process

International Nuclear Information System (INIS)

Ismail Jabiullah, M.; Abdullah Al-Shamim; Khaleqdad Khan, ANM; Lutfar Rahman, M.

2006-01-01

Frequent key changes are very much desirable for the secret communications and are thus in high demand. A session-key distribution technique has been designed and implemented using the programming language C on which the communication between the end-users is encrypted is used for the duration of a logical connection. Each session-key is obtained from the key distribution center (KDC) over the same networking facilities used for end-user communication. The control vector is cryptographically coupled with the session-key at the time of key generation in the KDC. For this, the generated hash function, master key and the session-key are used for producing the encrypted session-key, which has to be transferred. All the operations have been performed using the C programming language. This process can be widely applicable to all sorts of electronic transactions online or offline; commercially and academically.(authors)

Novel secret key generation techniques using memristor devices

Directory of Open Access Journals (Sweden)

Heba Abunahla

2016-02-01

Full Text Available This paper proposes novel secret key generation techniques using memristor devices. The approach depends on using the initial profile of a memristor as a master key. In addition, session keys are generated using the master key and other specified parameters. In contrast to existing memristor-based security approaches, the proposed development is cost effective and power efficient since the operation can be achieved with a single device rather than a crossbar structure. An algorithm is suggested and demonstrated using physics based Matlab model. It is shown that the generated keys can have dynamic size which provides perfect security. Moreover, the proposed encryption and decryption technique using the memristor based generated keys outperforms Triple Data Encryption Standard (3DES and Advanced Encryption Standard (AES in terms of processing time. This paper is enriched by providing characterization results of a fabricated microscale Al/TiO2/Al memristor prototype in order to prove the concept of the proposed approach and study the impacts of process variations. The work proposed in this paper is a milestone towards System On Chip (SOC memristor based security.

A secure chaotic maps and smart cards based password authentication and key agreement scheme with user anonymity for telecare medicine information systems.

Science.gov (United States)

Li, Chun-Ta; Lee, Cheng-Chi; Weng, Chi-Yao

2014-09-01

Telecare medicine information system (TMIS) is widely used for providing a convenient and efficient communicating platform between patients at home and physicians at medical centers or home health care (HHC) organizations. To ensure patient privacy, in 2013, Hao et al. proposed a chaotic map based authentication scheme with user anonymity for TMIS. Later, Lee showed that Hao et al.'s scheme is in no provision for providing fairness in session key establishment and gave an efficient user authentication and key agreement scheme using smart cards, in which only few hashing and Chebyshev chaotic map operations are required. In addition, Jiang et al. discussed that Hao et al.'s scheme can not resist stolen smart card attack and they further presented an improved scheme which attempts to repair the security pitfalls found in Hao et al.'s scheme. In this paper, we found that both Lee's and Jiang et al.'s authentication schemes have a serious security problem in that a registered user's secret parameters may be intentionally exposed to many non-registered users and this problem causing the service misuse attack. Therefore, we propose a slight modification on Lee's scheme to prevent the shortcomings. Compared with previous schemes, our improved scheme not only inherits the advantages of Lee's and Jiang et al.'s authentication schemes for TMIS but also remedies the serious security weakness of not being able to withstand service misuse attack.

Obtaining better performance in the measurement-device-independent quantum key distribution with heralded single-photon sources

Science.gov (United States)

Zhou, Xing-Yu; Zhang, Chun-Hui; Zhang, Chun-Mei; Wang, Qin

2017-11-01

Measurement-device-independent quantum key distribution (MDI-QKD) has been widely investigated due to its remarkable advantages on the achievable transmission distance and practical security. However, the relative low key generation rate limits its real-life implementations. In this work, we adopt the newly proposed four-intensity decoy-state scheme [Phys. Rev. A 93, 042324 (2016), 10.1103/PhysRevA.93.042324] to study the performance of MDI-QKD with heralded single-photon sources (HSPS). Corresponding simulation results demonstrate that the four-intensity decoy-state scheme combining HSPS can drastically improve both the key generation rate and transmission distance in MDI-QKD, which may be very promising in future MDI-QKD systems.

VerSAMI: Versatile and Scalable key management for Smart Grid AMI systems

OpenAIRE

Benmalek , Mourad; Challal , Yacine; Derhab , Abdelouahid; Bouabdallah , Abdelmadjid

2018-01-01

International audience; In this paper, we propose four new key management schemes for Advanced Metering Infrastructure (AMI) to secure data communications in the Smart Grid (SG). The schemes are based on individual and batch rekeying operations using a novel multi-group key graph structure, are also versatile in the sense that they can support broadcast, unicast, as well as multicast communications. Security analysis shows that our schemes satisfy key management security properties. Furthermo...

Secure and privacy enhanced gait authentication on smart phone.

Science.gov (United States)

Hoang, Thang; Choi, Deokjai

2014-01-01

Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits.

Secure and Privacy Enhanced Gait Authentication on Smart Phone

Directory of Open Access Journals (Sweden)

Thang Hoang

2014-01-01

Full Text Available Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR and false rejection rate (FRR of 3.92% and 11.76%, respectively, in terms of key length of 50 bits.

Authenticated multi-user quantum key distribution with single particles

Science.gov (United States)

Lin, Song; Wang, Hui; Guo, Gong-De; Ye, Guo-Hua; Du, Hong-Zhen; Liu, Xiao-Fen

2016-03-01

Quantum key distribution (QKD) has been growing rapidly in recent years and becomes one of the hottest issues in quantum information science. During the implementation of QKD on a network, identity authentication has been one main problem. In this paper, an efficient authenticated multi-user quantum key distribution (MQKD) protocol with single particles is proposed. In this protocol, any two users on a quantum network can perform mutual authentication and share a secure session key with the assistance of a semi-honest center. Meanwhile, the particles, which are used as quantum information carriers, are not required to be stored, therefore the proposed protocol is feasible with current technology. Finally, security analysis shows that this protocol is secure in theory.

A simple security architecture for smart water management system

CSIR Research Space (South Africa)

Ntuli, N

2016-05-01

Full Text Available . Secure booting prevents installation of malicious code onto the device. By making sure that the booting process is secured, we can establish securely the root of trust for the device. Public key cryptography is utilized at this stage. During... Architecture 1168 Nonhlanhla Ntuli and Adnan Abu-Mahfouz / Procedia Computer Science 83 ( 2016 ) 1164 – 1169 3.2. Secure Communication While public key cryptography can be used in the first step (secure booting), it would be too heavy to use during...

Security threads: effective security devices in the past, present, and future

Science.gov (United States)

Wolpert, Gary R.

2002-04-01

Security threads were first used to secure banknotes in the mid 1800's. The key to their anti-counterfeiting success was the fact that by being embedded in the paper, they became an integral part of the banknote substrate. Today, all major currencies still utilize this effective security feature. Technological developments have allowed security threads to evolve from a feature authenticated by only visual means to devices that incorporate both visual and machine detectable components. When viewed from the perspective of a thread being a carrier of various security technologies and the fact that they can be incorporated into the core substrate of banknotes, documents, labels, packaging and some high valued articles, it is clear that security threads will remain as effective security devices well into the future. This paper discusses a brief historical background of security threads, current visual and machine authentication technologies incorporated into threads today and a look to the future of threads as effective security devices.

Cryptographic Key Management System

Energy Technology Data Exchange (ETDEWEB)

No, author

2014-02-21

This report summarizes the outcome of U.S. Department of Energy (DOE) contract DE-OE0000543, requesting the design of a Cryptographic Key Management System (CKMS) for the secure management of cryptographic keys for the energy sector infrastructure. Prime contractor Sypris Electronics, in collaboration with Oak Ridge National Laboratories (ORNL), Electric Power Research Institute (EPRI), Valicore Technologies, and Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS) and Smart Meter Integration Laboratory (SMIL), has designed, developed and evaluated the CKMS solution. We provide an overview of the project in Section 3, review the core contributions of all contractors in Section 4, and discuss bene ts to the DOE in Section 5. In Section 6 we describe the technical construction of the CKMS solution, and review its key contributions in Section 6.9. Section 7 describes the evaluation and demonstration of the CKMS solution in different environments. We summarize the key project objectives in Section 8, list publications resulting from the project in Section 9, and conclude with a discussion on commercialization in Section 10 and future work in Section 11.

A Secure Base from which to Cooperate: Security, Child and Parent Willing Stance, and Adaptive and Maladaptive Outcomes in two Longitudinal Studies.

Science.gov (United States)

Goffin, Kathryn C; Boldt, Lea J; Kochanska, Grazyna

2017-10-17

Early secure attachment plays a key role in socialization by inaugurating a long-term mutual positive, collaborative interpersonal orientation within the parent-child dyad. We report findings from Family Study (community mothers, fathers, and children, from age 2 to 12, N = 102, 51 girls) and Play Study (exclusively low-income mothers and children, from age 3.5 to 7, N = 186, 90 girls). We examined links among observed secure attachment at toddler age, child and parent receptive, willing stance to each other, observed in parent-child contexts at early school age, and developmental outcomes. The developmental outcomes included parent-rated child antisocial behavior problems and observed positive mutuality with regard to conflict issues at age 12 in Family Study, and mother-rated child antisocial behavior problems and observed child regard for rules and moral self at age 7 in Play Study. In mother-child relationships, the child's willing stance mediated indirect effects of child security on positive mutuality in Family Study and on all outcomes in Play Study. In father-child relationships, both the child's and the parent's willing stance mediated indirect effects of child security on both outcomes. Early security initiates an adaptive developmental cascade by enlisting the child and the parent as active, willingly receptive and cooperative agents in the socialization process. Implications for children's parenting interventions are noted.

Securing Cloud - The Quantum Way

OpenAIRE

Pandya, Marmik

2015-01-01

Confidentiality, Integrity, and Availability are basic goals of security architecture. To ensure CIA, many authentication scheme has been introduced in several years. Currently deployment of Public Key Infrastructure (PKI) is a most significant solution. PKI involving exchange key using certificates via a public channel to a authenticate users in the cloud infrastructure. It is exposed to widespread security threats such as eavesdropping, the man in the middle attack, masquerade et al. Quantu...

Parallel Device-Independent Quantum Key Distribution

OpenAIRE

Jain, Rahul; Miller, Carl A.; Shi, Yaoyun

2017-01-01

A prominent application of quantum cryptography is the distribution of cryptographic keys with unconditional security. Recently, such security was extended by Vazirani and Vidick (Physical Review Letters, 113, 140501, 2014) to the device-independent (DI) scenario, where the users do not need to trust the integrity of the underlying quantum devices. The protocols analyzed by them and by subsequent authors all require a sequential execution of N multiplayer games, where N is the security parame...

Enhancing implementation security of QKD

Science.gov (United States)

Tamaki, Kiyoshi

2017-10-01

Quantum key distribution (QKD) can achieve information-theoretic security, which is a provable security against any eavesdropping, given that all the devices the sender and the receiver employ operate exactly as the theory of security requires. Unfortunately, however, it is difficult for practical devices to meet all such requirements, and therefore more works have to be done toward guaranteeing information-theoretic security in practice, i.e., implementation security. In this paper, we review our recent efforts to enhance implementation security. We also have a brief look at a flaw in security proofs and present how to fix it.

Network Paradigm of Information Security

Directory of Open Access Journals (Sweden)

Alexandr Diomidovich Afanasyev

2016-03-01

Full Text Available An issue of topological analysis has been claimed as a key one while creating robust and secure network systems. Some examples of complex network applications in information security domain have been cited.

Mitigation of Control Channel Jamming via Combinatorial Key Distribution

Science.gov (United States)

Falahati, Abolfazl; Azarafrooz, Mahdi

The problem of countering control channel jamming against internal adversaries in wireless ad hoc networks is addressed. Using combinatorial key distribution, a new method to secure the control channel access is introduced. This method, utilizes the established keys in the key establishment phase to hide the location of control channels without the need for a secure BS. This is in obtained by combination of a collision free one-way function and a combinatorial key establishment method. The proposed scheme can be considered as a special case of the ALOHA random access schemes which uses the common established keys as its seeds to generate the pattern of transmission.

A Lightweight Authentication and Key Management Scheme for Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Danyang Qin

2016-01-01

Full Text Available Security problem is one of the most popular research fields in wireless sensor networks for both the application requirement and the resource-constrained essence. An effective and lightweight Authentication and Key Management Scheme (AKMS is proposed in this paper to solve the problem of malicious nodes occurring in the process of networking and to offer a high level of security with low cost. For the condition that the mobile sensor nodes need to be authenticated, the keys in AKMS will be dynamically generated and adopted for security protection. Even when the keys are being compromised or captured, the attackers can neither use the previous keys nor misuse the authenticated nodes to cheat. Simulation results show that the proposed scheme provides more efficient security with less energy consumption for wireless sensor networks especially with mobile sensors.

A Novel Key Distribution Solution for Combined Public/Secret Key ...

African Journals Online (AJOL)

Moreover, an implementation over the new IPv6 Internet protocol is presented such that the system can be ported to both wired and wireless networking environments. Keywords: cryptography, key distribution, security server. AJOL African Journals Online. HOW TO USE AJOL... for Researchers · for Librarians · for Authors ...

An improved two-way continuous-variable quantum key distribution protocol with added noise in homodyne detection

International Nuclear Information System (INIS)

Sun Maozhu; Peng Xiang; Guo Hong

2013-01-01

We propose an improved two-way continuous-variable quantum key distribution (CV QKD) protocol by adding proper random noise on the receiver’s homodyne detection, the security of which is analysed against general collective attacks. The simulation result under the collective entangling cloner attack indicates that despite the correlation between two-way channels decreasing the secret key rate relative to the uncorrelated channels slightly, the performance of the two-way protocol is still far beyond that of the one-way protocols. Importantly, the added noise in detection is beneficial for the secret key rate and the tolerable excess noise of this two-way protocol. With the reasonable reconciliation efficiency of 90%, the two-way CV QKD with added noise allows the distribution of secret keys over 60 km fibre distance. (paper)

Distributed generation of shared RSA keys in mobile ad hoc networks

Science.gov (United States)

Liu, Yi-Liang; Huang, Qin; Shen, Ying

2005-12-01

Mobile Ad Hoc Networks is a totally new concept in which mobile nodes are able to communicate together over wireless links in an independent manner, independent of fixed physical infrastructure and centralized administrative infrastructure. However, the nature of Ad Hoc Networks makes them very vulnerable to security threats. Generation and distribution of shared keys for CA (Certification Authority) is challenging for security solution based on distributed PKI(Public-Key Infrastructure)/CA. The solutions that have been proposed in the literature and some related issues are discussed in this paper. The solution of a distributed generation of shared threshold RSA keys for CA is proposed in the present paper. During the process of creating an RSA private key share, every CA node only has its own private security. Distributed arithmetic is used to create the CA's private share locally, and that the requirement of centralized management institution is eliminated. Based on fully considering the Mobile Ad Hoc network's characteristic of self-organization, it avoids the security hidden trouble that comes by holding an all private security share of CA, with which the security and robustness of system is enhanced.

Free-space measurement-device-independent quantum-key-distribution protocol using decoy states with orbital angular momentum

International Nuclear Information System (INIS)

Wang Le; Zhao Sheng-Mei; Cheng Wei-Wen; Gong Long-Yan

2015-01-01

In this paper, we propose a measurement-device-independent quantum-key-distribution (MDI-QKD) protocol using orbital angular momentum (OAM) in free space links, named the OAM-MDI-QKD protocol. In the proposed protocol, the OAM states of photons, instead of polarization states, are used as the information carriers to avoid the reference frame alignment, the decoy-state is adopted to overcome the security loophole caused by the weak coherent pulse source, and the high efficient OAM-sorter is adopted as the measurement tool for Charlie to obtain the output OAM state. Here, Charlie may be an untrusted third party. The results show that the authorized users, Alice and Bob, could distill a secret key with Charlie’s successful measurements, and the key generation performance is slightly better than that of the polarization-based MDI-QKD protocol in the two-dimensional OAM cases. Simultaneously, Alice and Bob can reduce the number of flipping the bits in the secure key distillation. It is indicated that a higher key generation rate performance could be obtained by a high dimensional OAM-MDI-QKD protocol because of the unlimited degree of freedom on OAM states. Moreover, the results show that the key generation rate and the transmission distance will decrease as the growth of the strength of atmospheric turbulence (AT) and the link attenuation. In addition, the decoy states used in the proposed protocol can get a considerable good performance without the need for an ideal source. (paper)

Cryptographic Key Management and Critical Risk Assessment

Energy Technology Data Exchange (ETDEWEB)

Abercrombie, Robert K [ORNL

2014-05-01

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system

Secure ADS-B authentication system and method

Science.gov (United States)

Viggiano, Marc J (Inventor); Valovage, Edward M (Inventor); Samuelson, Kenneth B (Inventor); Hall, Dana L (Inventor)

2010-01-01

A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signal based on the comparison result.

Passive measurement-device-independent quantum key distribution with orbital angular momentum and pulse position modulation

Science.gov (United States)

Wang, Lian; Zhou, Yuan-yuan; Zhou, Xue-jun; Chen, Xiao

2018-03-01

Based on the orbital angular momentum and pulse position modulation, we present a novel passive measurement-device-independent quantum key distribution (MDI-QKD) scheme with the two-mode source. Combining with the tight bounds of the yield and error rate of single-photon pairs given in our paper, we conduct performance analysis on the scheme with heralded single-photon source. The numerical simulations show that the performance of our scheme is significantly superior to the traditional MDI-QKD in the error rate, key generation rate and secure transmission distance, since the application of orbital angular momentum and pulse position modulation can exclude the basis-dependent flaw and increase the information content for each single photon. Moreover, the performance is improved with the rise of the frame length. Therefore, our scheme, without intensity modulation, avoids the source side channels and enhances the key generation rate. It has greatly utility value in the MDI-QKD setups.

Extended analysis of the Trojan-horse attack in quantum key distribution

Science.gov (United States)

Vinay, Scott E.; Kok, Pieter

2018-04-01

The discrete-variable quantum key distribution protocols based on the 1984 protocol of Bennett and Brassard (BB84) are known to be secure against an eavesdropper, Eve, intercepting the flying qubits and performing any quantum operation on them. However, these protocols may still be vulnerable to side-channel attacks. We investigate the Trojan-horse side-channel attack where Eve sends her own state into Alice's apparatus and measures the reflected state to estimate the key. We prove that the separable coherent state is optimal for Eve among the class of multimode Gaussian attack states, even in the presence of thermal noise. We then provide a bound on the secret key rate in the case where Eve may use any separable state.

Security and efficiency data sharing scheme for cloud storage

International Nuclear Information System (INIS)

Han, Ke; Li, Qingbo; Deng, Zhongliang

2016-01-01

With the adoption and diffusion of data sharing paradigm in cloud storage, there have been increasing demands and concerns for shared data security. Ciphertext Policy Attribute-Based Encryption (CP-ABE) is becoming a promising cryptographic solution to the security problem of shared data in cloud storage. However due to key escrow, backward security and inefficiency problems, existing CP-ABE schemes cannot be directly applied to cloud storage system. In this paper, an effective and secure access control scheme for shared data is proposed to solve those problems. The proposed scheme refines the security of existing CP-ABE based schemes. Specifically, key escrow and conclusion problem are addressed by dividing key generation center into several distributed semi-trusted parts. Moreover, secrecy revocation algorithm is proposed to address not only back secrecy but efficient problem in existing CP-ABE based scheme. Furthermore, security and performance analyses indicate that the proposed scheme is both secure and efficient for cloud storage.

Quantum photonic network and physical layer security.

Science.gov (United States)

Sasaki, Masahide; Endo, Hiroyuki; Fujiwara, Mikio; Kitamura, Mitsuo; Ito, Toshiyuki; Shimizu, Ryosuke; Toyoshima, Morio

2017-08-06

Quantum communication and quantum cryptography are expected to enhance the transmission rate and the security (confidentiality of data transmission), respectively. We study a new scheme which can potentially bridge an intermediate region covered by these two schemes, which is referred to as quantum photonic network. The basic framework is information theoretically secure communications in a free space optical (FSO) wiretap channel, in which an eavesdropper has physically limited access to the main channel between the legitimate sender and receiver. We first review a theoretical framework to quantify the optimal balance of the transmission efficiency and the security level under power constraint and at finite code length. We then present experimental results on channel characterization based on 10 MHz on-off keying transmission in a 7.8 km terrestrial FSO wiretap channel.This article is part of the themed issue 'Quantum technology for the 21st century'. © 2017 The Author(s).

Design-Efficiency in Security

DEFF Research Database (Denmark)

Yuksel, Ender; Nielson, Hanne Riis; Nielson, Flemming

In this document, we present our applied results on balancing security and performance using a running example, which is based on sensor networks. These results are forming a basis for a new approach to balance security and performance, and therefore provide design-­efficiency of key updates. We...

Iran's Security Policy in the Post-Revolutionary Era

National Research Council Canada - National Science Library

Byman, Daniel

2001-01-01

This report assesses Iran's security policy. It examines broad drivers of Iran's security policy, describes important security institutions, explores decisionmaking, and reviews Iran's relations with key countries...

Report: Improvements Needed in Key EPA Information System Security Practices

Science.gov (United States)

Report #10-P-0146, June 15, 2010. Williams Adley found that EPA program offices lacked evidence that they planned and executed tests of information system security controls as required by federal requirements.

Visitor Safety and Security in Barbados: Stakeholder Perceptions

Directory of Open Access Journals (Sweden)

Clifford Griffin

2010-12-01

Full Text Available Is information about the nature, location and incidence of crimes against tourists/visitors sufficient to develop meaningful visitor safety and security policy? Are the views of key tourism stakeholder groups useful in informing and enhancing visitor safety and security policy? To answer these questions, this study analyzes 24 years of recorded crime data against visitors to Barbados and survey data of key tourism stakeholder groups and concludes: 1 that information about the nature, location and incidence of crimes against visitors is necessary but not sufficient to inform visitor safety and security policy; and 2 that the views and input of key stakeholders are essential if destinations are to become more effective in enhancing visitor safety and security.

An SSH key management system: easing the pain of managing key/user/account associations

Science.gov (United States)