Adrian Waller

Fixed-Point Arithmetic in SHE Schemes.

The purpose of this paper is to investigate fixed-point arithmetic in ring-based Somewhat Homomorphic Encryption (SHE) schemes. We provide three main contributions: firstly, we investigate the representation of fixed-point numbers. We analyse the two representations from Dowlin et al., representing a fixed-point number as a large integer (encoded as a scaled polynomial) versus a polynomial-based fractional representation. We show that these two are, in fact, isomorphic by presenting an explicit isomorphism between the two that enables us to map the parameters from one representation to another. Secondly, given a computation and a bound on the fixed-point numbers used as inputs and scalars within the computation, we achieve a way of producing lower bounds on the plaintext modulus p and the degree of the ring d needed to support complex homomorphic operations. Finally, as an application of these bounds, we investigate homomorphic image processing.

System-of-systems boundary check in a public event scenario

In any system-of-systems the potential exists for interactions between systems to occur that may affect the security of the overall system. We present a scenario that aims to highlight such problems, in particular that of security at a network boundary. This scenario considers cooperation and interactions between organisations and systems in the context of a major public event, such as a sporting or entertainment event. Based on this we present a modelling tool able to highlight potential access violations that might occur through transfer of data between multiple organisations and suggest ways to mitigate these vulnerabilities. The use of the modelling tool for network boundary checking is demonstrated, using the example scenario. Suggestions are made as to how security and effectiveness can be achieved by applying safeguards to vulnerable areas, while allowing the free flow of data between organisations where this is known to be safe.

Policy Based Management for Security in Cloud Computing

Cloud computing is one of the biggest trends in information technology, with individuals, companies and even governments moving towards their use to save costs and increase flexibility. Cloud infrastructures are typically based on virtualised environments, to allow physical infrastructure to be shared by multiple end users. These infrastructures can be very large and complex, with many end users, making their configuration difficult, error-prone and time-consuming. At the same time, the fact that diverse end users share the same physical infrastructure raises security concerns, and can lead to a significant impact from misconfiguration or being slow to react to attacks. In this paper, we focus on the use of Policy Based Management techniques to manage cloud infrastructure, identifying the requirements, surveying the state-of-the-art, identifying the challenges and proposing potential solutions.

Managing runtime re-engineering of a System-of-Systems for cyber security

Cyber security is becoming an important topic due to the increasing recognition of its potential consequences, both directly to the systems concerned and indirectly to society at large. It is currently being considered generally, however, its effect on a System-of-Systems (SoS) and its engineering in particular needs consideration, both in terms of deliberate attacks as well as accidental threats and misuse of the SoS. This paper surveys existing cyber security work that is particularly relevant to SoS engineering. The potential threats and requirements are described and the state-of-the-art framed in terms of the management and runtime re-engineering of an SoS, where we argue the key issues lie. We finish by identifying key areas for future research.

Policy templates for relationship-based access control

Social Networks were created to allow users to maintain circles of friends and acquaintances. Over time, they have come to be used to share data objects such as pictures between friends. There have been several approaches to formalize social networks in order to specify complicated access control policies for such objects. These approaches have involved a combination of existing logic with custom languages, with new operators being introduced when more complex policies needed to be expressed. In this paper we demonstrate that set theoretic notation provides a convenient syntax for specifying a social network and the associated access control policies. We demonstrate that our notation enables us to extend the range of policies that can be articulated. We also demonstrate that our notation is simpler and more concise than existing approaches.

Formal Analysis of Two Buyer-Seller Watermarking Protocols

In this paper we demonstrate how the formal model constructed in our previous work [1], can be modified in order to analyse additional Buyer-Seller Watermarking Protocols, identifying which specific sections of the CSP scripts remain identical and which require modification. First, we model the protocol proposed by Memon and Wong [2], an examplar of the Offline Watermarking Authority (OFWA) Model, defined in the framework by Poh and Martin [3]. Second, we model the Shao protocol [4] as an example of a protocol fitting the Online Watermarking Authority (ONWA) Model. Our analysis of the protocols reaffirms the unbinding attack described by Lei et al.[5] on the Memon and Wong protocol and we identify a new unbinding attack on the protocol proposed by Shao.

Using Benford’s Law Divergence and Neural Networks for Classification and Source Identification of Biometric Images

It is obvious that tampering of raw biometric samples is becoming an important security concern. The Benford’s law, which is also called the first digit law has been reported in the forensic literature to be very effective in detecting forged or tampered data. In this paper, the divergence values of Benford’s law are used as input features for a Neural Network for the classification and source identification of biometric images. Experimental analysis shows that the classification and identification of the source of the biometric images can achieve good accuracies between the range of 90.02% and 100%.

Editorial: Special issue on Identity Protection and Management

This special issue focuses on Identity Protection and Manaccess control model for cloud computing has been developed agement, and includes five papers covering the topics of anonymity, access control, single sign-on solutions, and privacyfriendly authentication. The paper “Anonymity and closely related terms in the Cyberspace: An analysis by example” by Georgios Kambourakis describes the main limitations of current solutions providing anonymity and suggests some directions for future work. This analysis is done based on several key definitions provided in the paper, the description of how two major application-level protocols in use nowadays (i.e., SIP and Kerberos) manage anonymity, and the lessons that can be learnt from the implementation of this concept in such protocols. Wen-Chung Kuo et al. in their paper entitled “An efficient and secure anonymous mobility network authentication scheme” propose an anonymous authentication scheme enabling secure roaming in mobile network scenarios. The new approach is based on hash functions and point operations instead of asymmetric or symmetric cryptography thus avoiding the use of frameworks allowing the secure management of asymmetric keys. Authors of this paper also provide an analysis of the proposed scheme regarding several security properties as well as a comparisonwith other existing approaches designed or in use nowadays in similar roaming scenarios in terms of supported features and performance. The paper “Concepts and Languages for Privacy-Preserving Attribute-Based Authentication” by Robert R. Enderlein et al. considers the complex world of privacy-friendly authentication mechanisms. Many such mechanisms exist, with differing privacy features, and often complex cryptographic protocols. This makes it hard for implementerswho are not experts in this area to make use of them. The authors describe a language framework in XML to help unify the description of features, and provide an easy to useApplication Programming Interface (API) that shields implementers from the complexity of the schemes, and at the same times allows schemes to be relatively easily exchanged for one another. Younis A Younis et al., in their paper entitled “An access control model for cloud computing” analyse the security challenges and requirements inherent to cloud computing environments and, in particular, how these affect traditional access control models, making the latter therefore ineffective within such scenarios. Moreover, a novel, secure and flexible meeting the aforementioned specific requirements. Finally, the paper “Logout in Single Sign-On Systems: Problems and Solutions” by Sanna Suoranta et al. considers the problem of how to manage “logging out” of Web Single Sign-On (SSO) systems. This may be considered a natural opposite feature to the single “logging in” provided by such systems, but, perhaps surprisingly, receives little support in existing services. The authors analyse the requirements for such a solution, proposeguidelinesandthendescribeanovelpolling-basedsolution. Usability tests were then performed on their proposed solution, the results of which can help inform other designers of such services. The Guest Editors would like to express their gratitude to the Editor in Chief Prof. Anthony T.S. Ho for giving us the opportunity to edit this special issue.We thank all the authors for submitting their work as well as the reviewers who have constructively evaluated the papers. We hope that you enjoy the articles in this special issue and that they are both informative and inspire new ideas for future research.

RECOUP: efficient reconfiguration for wireless sensor networks

In this paper, we describe RECOUP (Reliable Configuration Update), an efficient protocol for updating the configuration of a Wireless Sensor Network (WSN).

Secure architectures of future emerging cryptography SAFEcrypto

Funded under the European Unions Horizon 2020 research and innovation programme, SAFEcrypto will provide a new generation of practical, robust and physically secure post-quantum cryptographic solutions that ensure long-term security for future ICT systems, services and applications. The project will focus on the remarkably versatile field of Lattice-based cryptography as the source of computational hardness, and will deliver optimised public key security primitives for digital signatures and authentication, as well identity based encryption (IBE) and attribute based encryption (ABE). This will involve algorithmic and design optimisations, and implementations of lattice-based cryptographic schemes addressing cost, energy consumption, performance and physical robustness. As the National Institute of Standards and Technology (NIST) prepares for the transition to a post-quantum cryptographic suite B, urging organisations that build systems and infrastructures that require long-term security to consider this transition in architectural designs; the SAFEcrypto project will provide Proof-of-concept demonstrators of schemes for three practical real-world case studies with long-term security requirements, in the application areas of satellite communications, network security and cloud. The goal is to affirm Lattice-based cryptography as an effective replacement for traditional number-theoretic public-key cryptography, by demonstrating that it can address the needs of resource-constrained embedded applications, such as mobile and battery-operated devices, and of real-time high performance applications for cloud and network management infrastructures.