Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by Daylight

Theory and Practice of Cryptography Solu

advertisement 
xix
Preface
Information Systems (IS) play a central part in all aspects of our world, from science, medicine, and
engineering, to industry, business, law, politics, government, arts, culture, society, health, operational
support in daily life, surveillance of infrastructure and environment, and homeland protection and national security. Without proper security precautions, IS are prone to unexpected and intolerable side
effects, such as leakage of operational and confidential data, identity theft and unauthorized access, and
possibly modification of private data, services, and systems. Security services are required in order to
guarantee information security and protection of privacy, such as data confidentiality, data authentication, anonymity, entity authentication, non-repudiation of origin and receipt, access control, protection
against denial of service and phishing, and secure processing and deletion of data. In a nutshell, dependable and trustworthy security solutions based on strong cryptography are needed.
The collection of chapters in this book focuses on theory and the practice of cryptographic security
solutions for deployment in Information Systems (IS). Given the rapid progress of tools, systems, and
technologies, and the emergence of many new application areas of IS, it is essential for such solutions
to be designed, implemented, tested, and verified using sound engineering approaches as they must support the core functionality of secure information systems. The theoreticians, designers, engineers, and
practitioners of cryptography need to provide such cryptography solutions that balance the required level
of security versus costs and risks involved in deploying those solutions in their targeted applications.
Therefore, the successful deployment of cryptographic solutions requires a complete understanding of
the requirements of IS at hand, their constraints and performance characteristics, the capabilities of the
hardware and software platforms, and the nature of the network environments in which they operate. In
some cases, especially in emerging areas, new cryptographic solutions based on new approaches and
new theories may be required because off-the-shelf solutions may not work.
The editors of this collection have come together to compile and present the state-of-the-art in cryptographic security solutions from theory to implementations to applications in a comprehensive and
definitive collection. They have a long-standing reputation in cryptography and several other allied and
complementary areas of research, and have broad and recognized experience in leading international
professional media, conferences, and the organization of special issues of international journals. The
seeds of this collection were in fact laid in the ongoing cooperation of the editors in the organization
of a conference series called International Conference on Security of Information and Networks (SIN).
The SIN series was inaugurated with SIN 2007, which was held in Gazimagusa, North Cyprus, hosted
by Eastern Mediterranean University, and co-organized by İstanbul Technical University. SIN 2007 was
chaired by Atilla Elçi, one of the editors of this collection, and served by an international program committee. Although the conference topics covered all areas of information and network security as intended
from the outset, due to their critical importance and timeliness, several topical areas naturally emerged:
xx
•
•
•
Cryptography: This area featured papers on the development, design, and analysis of new cryptographic algorithms and methods, both software and hardware implementation of such algorithms and methods, and selected applications of cryptography.
Network Security: This area featured papers on authentication, authorization, access control,
privacy, intrusion detection, malware detection, and mobile and personal area networks.
IT Governance: This area featured papers on information security management systems, risk and
threat analysis, and information security guidelines and policies.
The conference main themes were supported by invited papers and talks, especially on the state-ofthe-art in cryptography, given by some of the leading international researchers. Bart Preneel, Head of
Computer Security and Industrial Cryptography (COSIC) at Katholieke Universiteit Leuven, Leuven,
Belgium, talked about Research Challenges in Cryptology. He highlighted the recent developments in
cryptography and how advanced cryptographic techniques could contribute to address future challenges
related to privacy, trusted computing, distributed trust, and ambient intelligence. Marc Joye, Thomson
R&D, France, talked about White-box cryptography techniques aimed at protecting software implementations of cryptographic algorithms against key recovery. Elisabeth Oswald, Cryptography and Information
Security Group, University of Bristol, Bristol, UK, talked about Power Analysis Attacks that allow extracting keys from cryptographic devices with low effort. Çetin Kaya Koç, İstanbul Commerce University,
Turkey, and Oregon State University, USA, gave an overview of side-channel attacks on commodity
processors, particularly for computers running as servers. Mehmet Ufuk Çağlayan, Boğaziçi University,
Turkey, delivered a survey on secure routing issues in MANETs, with a summary of the current state of
the art in secure routing protocols and their resistance to known attacks. Karthik Bhargawan, Microsoft
Research Cambridge, UK, overviewed the recent work in verifying security properties for protocols
being standardized as part of the XML Web Services framework.
What was particularly notable at SIN 2007 was the participation of both the theoreticians and the
practitioners who were interested in a holistic view of information and network security. In particular,
the practitioners were interested in finding the latest research on information and network security and
how best to benefit from that research in improving security solutions in information systems, and the
theoreticians were interested in the challenges of actual security problems and how best to study and
understand them so as to further foundational studies. The proceedings of the conference, co-edited by
Atilla Elçi, S. Berna Örs, and Bart Preneel, was published by Trafford and sold internationally both as
hardcopy and as an ebook. It was decided that the follow up conference SIN 2009 was also to be held
in Gazimagusa, North Cyprus, but with an extended international cooperation that involved researchers
from Eastern Mediterranean University, Macquarie University, and Southern Federal University. All
of the editors joined the organization of SIN 2009 under various capacities: Atilla Elçi and Mehmet A.
Orgun as conference co-chairs, Alexander Chefranov and Josef Pieprzyk as program co-chairs, and Rajan
Shankaran as workshop co-chair. Huaxiong Wang joined the Program Committee of the conference and
has been involved with the SIN series ever since.
As in SIN 2007, the conference program was supported by invited papers and talks, given by some
of the leading international researchers. Elisa Bertino, Research Director of the Center for Education
and Research in Information Assurance and Security at Purdue University, USA, who graciously agreed
to write a foreword to this book, talked about “Assured Information Sharing: Concepts and Research
Issues.” Erdal Çayırcı, NATO JWC & University of Stavanger, Norway, talked about “Deployed Sensor
Networks and Their Security Challenges in Practice.” Sorin Alexander Huss, Director CASED Research
xxi
Center for IT Security, Technical University of Darmstadt, Germany, talked about “Embedded Systems
for IT Security Applications: Properties and Design Considerations.” In line with the international
cooperation of the organizers, technical cooperation with the ACM Special Interest Group on Security,
Audit, and Control (SIGSAC) was sought, and the conference proceedings was published by ACM for
the first time and placed on the ACM Digital Library for perpetual access.
Encouraged by the successful cooperation of the organizers at SIN 2007 and 2009 and the resounding
success of the conference, the SIN Conference was intended to be an annual event from 2009 onwards.
SIN 2010 was held in Taganrog, Rostov-on-Don, Russia, organized by a team of researchers from
Southern Federal University, Eastern Mediterranean University, Macquarie University, and Technical
University of Darmstadt. Atilla Elçi and Mehmet A. Orgun served as conference co-chairs, Alexander
Chefranov as program co-chair, and Rajan Shankaran as workshop co-chair. SIN 2010 was also held in
technical cooperation with the ACM Special Interest Group on Security, Audit, and Control (SIGSAC),
and the conference proceedings was published by the ACM once more. The very areas that emerged
at previous SIN conferences were strong as ever, and several new frontier areas were also represented,
including secure ontology-based systems, security-aware software engineering, trust management and
privacy, and security standards, guidelines, and certification. Microsoft Russia and Russian Foundation for Basic Research also came to the party by providing sponsorship for the conference. As usual,
the conference main themes were supported by invited papers and talks. Josef Pieprzyk, Macquarie
University, Australia, talked about “Evolution of Cryptographic Hashing,” and Alexander Tereshkin,
Principal Researcher, Invisible Things Lab, Rostov-on-Don, Russia, talked about “Evil Maid goes after
PGP Whole Disk Encryption.”
As the research areas that underpin the SIN series continued to mature, it was felt that the time was ripe
for a journal special issue which showcased the best and the most recent research efforts presented at SIN
2010. The authors of the papers presented at SIN 2010 were invited to submit the revised and substantially
extended versions of their papers to a special issue of Security and Communication Networks (by Wiley)
on the Design and Engineering of Cryptographic Solutions for Secure Information Systems. There was
a strong interest in the special issue within the security and cryptography communities, and after several
rounds of careful reviewing, nine high quality papers were finally accepted for publication. The special
issue is scheduled to be published in early 2013. The papers which have been accepted for publication in
the special issue cover several important topics in the design and engineering of cryptographic solutions
for secure information systems, including hardware design, cryptographic fundamentals, auction design,
protocol verification, detection of collusion attacks, and policy issues. The efforts to bring the special
issue to fruition were but a prelude to a more substantial undertaking by the editors for the production
of a comprehensive and up-to-date resource on cryptographic security solutions.
In order to further the goals of a truly international conference, SIN 2011 was held in Sydney, Australia, in November 2011, organized jointly by Macquarie University, Süleyman Demirel University,
Southern Federal University, and Technical University of Darmstadt. All the editors took active roles in
the organization of SIN 2011. Atilla Elçi and Mehmet A. Orgun served as conference co-chairs; Josef
Pieprzyk, Alexander Chefranov, and Rajan Shankaran as program co-chairs; and Huaxiong Wang as the
Asia-Pacific liaison. The Air Force Office of Scientific Research (AFOSR), Asian Office of Aerospace
Research and Development (AOARD), Army International Technology Center-Pacific (ITC-PAC), and
Office of Naval Research-Global (ONRG) provided sponsorship, which contributed substantially to the
success of SIN 2011. There was yet again a strong presence of the discussion of latest cryptography
solutions at the conference. The conference main themes were supported by invited papers and talks.
xxii
Professor Vijay Varadharajan, Microsoft Chair in Innovation in Computing, Macquarie University, Sydney,
Australia, talked about “Rethinking Cyber Security”; and Dr. Kevin Kwiat, Principal Computer Engineer,
the Cyber Science Branch of the U.S. Air Force Research Laboratory (AFRL), Rome, New York, USA,
talked about “Fault Tolerance for Fight-Through: A Basis for Strategic Survival.” The proceedings of
the SIN 2011 conference was also published by the ACM and uploaded to ACM DL.
Now that the research areas represented at the SIN conferences have continued to grow and flourish,
the organisers of SIN 2011 have arranged two special issues around two of those areas. A special issue
of Concurrency and Computation: Practice and Experience (by Wiley) focussed on the theme of Trust
and Security in Wireless Sensor Networks to address the design, development, and deployment of trust
management schemes and security solutions that take into account the intrinsic features of wireless sensor networks. A special issue of Networking Science (Springer-Verlag) focussed on the theme of Next
Generation Network Architectures, Protocols, Theory, Systems, and Applications to address security
solutions for single packet switching networks that transports all kinds of information (voice, data,
multimedia) as packets. Both the special issues are under progress and scheduled to appear in late 2013.
Continuing with the internationalization of the SIN series, and encouraged by the participation of
a strong contingency of researchers from universities in India, SIN 2012 was held at Jaipur in India in
October 2012, organized by Malaviya National Institute of Technology, Aksaray University, Southern
Federal University, Macquarie University, and Indian Institute of Technology Bombay. Once again, all
the editors have taken part in SIN 2012 under various but similar capacities, with a strong local participation from Indian researchers and practitioners in the organization of the conference. The strong technical
program was supported by twelve invited speakers, seven of whom were from various institutions in India
showcasing the fine cryptography research conducted in India as well as the latest advances in security
in cloud computing. Continuing with the tradition of the past events, the proceedings of the SIN 2012
conference was also published by the ACM and uploaded to ACM DL.
After the successful conclusion of SIN 2012, it was decided that every few years the SIN series would
be held in the region where it originated. Having taken a new post at Aksaray University, in the Cappadocia region, Turkey, Atilla Elçi has been spearheading the organization of SIN 2013, which will be
held in Aksaray, Turkey, in November 2013. All the editors are looking forward to the next stage in their
fruitful cooperation and welcome cryptography and security researchers as active participants both in
the organization of the conference as well as on the conference program. They also welcome back Berna
Örs Yalçın, İstanbul Technical University, Turkey, as program co-chair, who was conference co-chair
of SIN 2007. If the resounding success and continuing growth of the past conferences is any indication,
the future of the SIN series is bright indeed.
Every now and then, it is also essential to take stock of the progress in theory and practice of cryptographic security solutions, present the contributions scattered across many diverse forums such as
conference proceedings and journal papers in a coherent way, and provide a broad picture of the recent
achievements of the area, paving the way for future progress. Given the maturity of cryptography solutions
and the recent advances in this area, these goals could not have been achieved within the time and page
limitations of journal special issues, but they could be achieved in a book which would first introduce
in an accessible style the nature of cryptography, then explore numerous established, advanced, and
frontier topics in cryptography leading to illustrations of new frontiers in secure IS. As such, it would
foster further research on the development, design, and engineering of cryptographic solutions in secure
information systems ranging from theoretical to practical issues and of course to their ultimate applica-
xxiii
tions. It would also serve the needs of advanced learners, faculty, and graduate students alike, and should
be suitable for individual learners and classroom adoption.
To this end, the editors approached IGI Global in September 2011 with a view to the publication of
such a book, which would primarily focus on cryptography and its use for security of IS in its broader
context. It would also serve as a landmark resource for information and network security in IS, providing the reader with the state-of-the-art technologies and practices of putting cryptographic solutions to
work for creating secure IS. To achieve these objectives, the book would naturally need to draw from a
broader base of research efforts in cryptography solutions, not just those represented at the SIN conferences over the past few years. We were delighted when the book proposal was approved, and we had a
worthwhile and timely challenge to bring it to its fruition.
Under the stewardship of the editors, an editorial board of international reviewers was formed, and the
call for papers was widely circulated to the participants at the SIN conferences as well as to the broader
scientific community. There was a strong response to the call for papers for the collection. Researchers
and practitioners were first invited to submit a 2-3 page chapter proposal by November 2011, clearly
explaining the contributions of the chapter and how it would address a cryptographic solution for IS.
As a result, 35 chapter proposals from researchers from all over the world were received. The submitted
chapter proposals were assessed by the editors for the significance and the originality of the proposed
cryptographic solutions and how they would fit with the main theme of the collection. The authors of
accepted proposals were duly notified and asked to submit full chapters of about 20 pages by February
2012. All the submitted full chapters were assessed by three reviewers of international standing on a
double-blind basis, and the reviews were moderated by the editors for their significance, originality,
quality, timeliness, and usefulness. The authors re-submitted full chapters after updating in response to
reviewers comments. Finally, after a second round of reviewing, 19 high quality chapter submissions
were accepted for publication in this collection.
The chapters in this collection are arranged in five sections, which can be read independently of one
another. However, the natural progression of the material is from more foundational studies towards
more applied ones at frontier areas such as e-voting, e-auctions, and health monitoring systems. In order
to get the most out of the book and also to appreciate the holistic view of how cryptography solutions
have been devised, implemented, and deployed, we strongly recommend a sampling of a few chapters
from each of the sections 1-4 at the first reading, depending of course on the interests and expertise of
the reader, followed by the chapters in section 5, which provide several case studies.
The chapters in Section 1 focus on Cryptographic Methods Analysis. Modern cryptographic methods
are based on several branches of mathematics and computer science such as algebra, number theory,
finite fields, complexity theory, algorithm design, and analysis. The implementation and application
of cryptographic methods naturally draws from technological advances, in both hardware and software
alike, which throw new challenges to theoreticians and practitioners of cryptography, literally on an
ongoing basis. Cryptographic methods are quite diverse and have different underlying assumptions
and constraints; thus, their analysis helps to ascertain inherent worth of and security expectations from
secure information systems. The chapters in this section set the basis to build essential understanding
and appreciation of cryptographic methods.
Chapter 1 proposes harmonization of tools to support the implementation of security standards in
practice based on the use of ontologies. Chapter 2 discusses approaches to analysis of GOST 2814789 encryption algorithm (also known as simply GOST), which is the basis of most secure information
systems in the Russian Federation. Chapter 3 describes those aspects of cryptography that are vital to a
xxiv
forensics investigator who is not necessarily an expert in cryptography but must understand and analyse
digital evidence. Chapter 4 presents a systematic study of Search in Encrypted Data (SED), which enables a client to have third-party server(s) to perform certain search functionalities on encrypted data.
The chapters in Section 2 focus on Cryptographic Systems. The rapid progress in hardware, such as
the availability of multi-core processors, has had a major impact on security. It has now been possible to
implement encryption algorithms in hardware aiming for faster and securer operations, while at the same
time achieving better security. On the other hand, information leakage through techniques exploiting the
physical properties of cryptosystems, such as measuring timing, power consumption, radiation emissions,
has motivated further research towards the design of more secure hardware. On the opposite side of the
coin, the wide availability of low-cost devices, such as tablets, mobile phones with weaker encryption
/ security mechanisms due to resource and processing constraints, has created further opportunities for
attacks. Hardware related considerations of security are therefore the main concern of this section.
Chapter 5 proposes a modification of Quaternion Encryption Scheme (QES) called M-QES which
is resistant to the Known Plaintext-Ciphertext Attack (KPCA) due to improper choice of the frame size
and the procedure of secret quaternion updating. Chapter 6 summarizes the side-channel techniques
based on power consumption and elaborates the issue of the design time engineering of a secure system,
through the employment of the current hardware design tools.
The chapters in Section 3 focus on Cryptographic Solutions for Distributed Systems. With the advent
of Mobile Ad-Hoc Networks (MANETs), Wireless Sensor Networks (WSNs), Body Area Networks
(BANs) and vehicular networks, security of distributed systems operating in such networks has become
a major interest to researchers and practitioners alike. Such systems usually have a dynamic, evolving
topology, they are self-organizing, and often need to operate in hostile, uncertain environments. Most
of the devices in such networks and systems often have severe communication, resource, and power
limitations. Therefore, they present new security challenges and require new solutions, as most of the
existing solutions are no longer feasible. This section provides a foundation towards understanding the
security issues involved in such systems and designing and implementing cryptography solutions to
address them adequately.
Chapter 7 presents an efficient fully secure Attribute-Based Signature (ABS) scheme in the standard
model under certain assumptions which is more practical than the generic group model used in the previous schemes. Chapter 8 evaluates the practical considerations of a SEcure Neighbor Discovery (SEND)
deployment, taking a cryptographic approach as a means of securing the IPv6 local link operations. It
reviews the remaining vulnerabilities, and gives some recommendations with which to facilitate SEND
deployment. Chapter 9 presents three offline/online authentication and key agreement schemes and one
offline/online non-repudiation scheme, all aiming at fast online computation for mobile nodes in mobile
ad hoc networks. Chapter 10 surveys attacks and their defence mechanisms in Wireless Sensor Networks
(WSNs) and also investigates the open research issues and emerging technologies on security in WSNs.
The chapters in Section 4 focus on Cryptographic Trust Solutions. Trust plays an important role in
secure IS. There is interplay between trust and cryptography towards achieving security and addressing
privacy concerns. This section provides a discussion of cryptographic trust solutions in several representative areas such as Secure Multiparty Computation (SMC), Public-Key Infrastructure (PKI) trust
models, and trusted computer architecture.
Chapter 11 surveys the significant research that has been carried out on Secure Multiparty Computation (SMC). It discusses the critical issues and challenges and the level of adaptation achieved as well as
some future research directions. Chapter 12 takes a closer look at the most prominent and widely used
xxv
Public-Key Infrastructure (PKI) trust models, and discusses related semantic issues. Chapter 13 provides
an analysis of the Petname Model and explains how a Petname System can be effectively combined
with the PKI to recognise identities and impose certainty by validating the user trust on those identities.
Chapter 14 introduces the features and foundations of Trusted Computing, an architecture that exploits
the low-cost TPM chip to monitor the integrity of a computing platform. Chapter 15 proposes a new
secure email system based on fingerprint identification to overcome the recognition of real identity of
an email sender and the receiver.
The chapters in Section 5 focus on Engineering Secure Information Systems. Security considerations
should not be add-ons, which can be incorporated into a functional system once it has been built and
deployed. The development of secure IS requires the embedding of security considerations into the
system analysis, design, implementation, and testing stages. In this way, the security requirements can
be captured, analysed, and addressed in the design stage, implemented and tested together with the
implementation and testing of the functional components, resulting in a more secure IS. This section
presents a few representative case studies of engineering secure information systems.
Chapter 16 classifies the approaches used according to the protection mechanisms provided to the
email components, and it also briefly describes these approaches. It concludes by examining how the
use of these approaches will work in IPv6 as compared to IPv4. Chapter 17 presents an analysis of the
existing e-voting solutions in both categories of homomorphic voting and shuffling-based voting. The
key security properties in these two categories are discussed, and then the existing e-voting schemes
are checked against their corresponding security properties. Chapter 18 addresses the main challenge of
designing an e-auction while protecting bid privacy without compromising other critical requirements
and properties. Chapter 19 discusses the challenges of generic security protocols and platforms for preserving the privacy of patient records in health monitoring systems.
Atilla Elçi
Aksaray University, Turkey
Mehmet A. Orgun
Macquarie University, Australia
Josef Pieprzyk
Macquarie University, Australia
Alexander G. Chefranov
Eastern Mediterranean University, North Cyprus
Huaxiong Wang
Nanyang Technological University, Singapore
Rajan Shankaran
Macquarie University, Australia
Related documents
My research interest include design and analysis algorithms
My research interest include design and analysis algorithms
Math 2250-1 Week 3 Quiz
Math 2250-1 Week 3 Quiz
An Overview of Cryptography Ying Wang-Suorsa Helsinki University of Technology
An Overview of Cryptography Ying Wang-Suorsa Helsinki University of Technology
worksheet functions domain range piecewise
worksheet functions domain range piecewise
18.022 Recitation Quiz 10 December 2014 1. Show that f (x)
18.022 Recitation Quiz 10 December 2014 1. Show that f (x)
Download
advertisement