Alan Kaminsky

Parallel Java: A Unified API for Shared Memory and Cluster Parallel Programming in 100% Java

Parallel Java is a parallel programming API whose goals are (1) to support both shared memory (thread-based) parallel programming and cluster (message-based) parallel programming in a single unified API, allowing one to write parallel programs combining both paradigms; (2) to provide the same capabilities as OpenMP and MPI in an object oriented, 100% Java API; and (3) to be easily deployed and run in a heterogeneous computing environment of single-core CPUs, multi-core CPUs, and clusters thereof. This paper describes parallel Javas features and architecture; compares and contrasts parallel Java to other Java-based parallel middleware libraries; and reports performance measurements of parallel Java programs.

An overview of cryptanalysis research for the advanced encryption standard

Since its release in November 2001, the Advanced Encryption Standard (NIST FIPS-197) has been the subject of extensive cryptanalysis research. The importance of this research has intensified since AES was named, in 2003, by NSA as a Type-1 Suite B Encryption Algorithm (CNSSP-15). As such, AES is now authorized to protect classified and unclassified national security systems and information. This paper provides an overview of current cryptanalysis research on the AES cryptographic algorithm. Discussion is provided on the impact by each technique to the strength of the algorithm in national security applications. The paper is concluded with an attempt at a forecast of the usable life of AES in these applications.

Customizable sponge-based authenticated encryption using 16-bit S-boxes

Authenticated encryption (AE) is a symmetric key cryptographic scheme that aims to provide both confidentiality and data integrity. There are many AE algorithms in existence today. However, they are often far from ideal in terms of efficiency and ease of use. For this reason, there is ongoing effort to develop new AE algorithms that are secure, efficient, and easy to use.

A case for a parallelizable hash

On November 2, 2007, NIST (United States National Institute of Standards and Technology) announced an initiative to design a new secure hash function for this century, to be called SHA-3. The competition will be open and it is planned to conclude in 2012. These developments are quite similar to the recent history of symmetric block ciphers- breaking of the DES (Data Encryption Standard) and emergence of the AES (Advanced Encryption Standard) in 2001 as the winner of a multiyear NIST competition. In this paper we make a case that parallelizability should be one of the properties sought in the new SHA-3 design. We present a design concept for a parallelizable hash function called PHASH based on a block cipher, and we discuss PHASHpsilas performance and security.

A new framework for building secure collaborative systems in true ad hoc network

Many-to-Many Invocation (M2MI) is a new paradigm for building secure collaborative systems that run in true ad hoc networks of fixed and mobile computing devices. M2MI is useful for building a broad range of systems, including service discovery frameworks; groupware for mobile ad hoc collaboration; systems involving networked devices (printers, cameras, sensors); and collaborative middleware systems. M2MI provides an object oriented method call abstraction based on broadcasting. An M2MI invocation means “every object out there that implements this interface, call this method.” M2MI is layered on top of a new messaging protocol, the Many-to-Many Protocol (M2MP), which broadcasts messages to all nearby devices using the wireless network’s inherent broadcast nature instead of routing messages from device to device. In an M2MI-based system, central servers are not required; network administration is not required; complicated, resource-consuming ad hoc routing protocols are not required; and system development and deployment are simplified.

Implementing authenticated encryption algorithm MK-3 on FPGA

Authenticated encryption (AE) algorithms provide both data security and integrity. While a number of AE algorithms exist, they can be inefficient and difficult to use. Recent efforts have focused on the development of secure, efficient and easy to use AE algorithms. MK-3 is one such algorithm, developed through a joint effort between Rochester Institute of Technology (RIT) and Harris Corporation. It uses the duplex construction, which builds on the sponge primitive popularized by Keccak, the SHA-3 competition winner. MK-3 is intended for hardware implementations with a novelty being the use of 16-bit substitution boxes. This paper presents the first fully parallel hardware implementation of MK-3 using Field Programmable Gate Array (FPGA). We also lay the groundwork for future design optimizations.

Stochastic Analysis and Modeling of a Tree-Based Group Key Distribution Method in Tactical Wireless Networks

A number of key management challenges are encountered when operating tactical communication systems using a group-wide shared key. A large portion of such communications occurs over low bit-rate channels, and all communication channels must be available at any moment for mission action. Current over-the-air rekeying protocols consume too much channel bit-rate to be practical for large tactical radio networks. This caused an off-line pre-placed key (PPK) approach to become most commonly used key distribution method in these environments. Unfortunately, with this key management scheme, revoking group membership requires a full intra-mission rekey, which can be dangerous in a battlefield situation. This paper introduces a new group key distribution method called Viral Electronic Key Exchange (VEKE). This paper examines the protocol as an extension to the Internet Key Exchange (IKE) protocol, but any electronic key exchange protocol can be used (Ex. IKE v2). A feature of this protocol is a parallel key distribution scheme enabled by propagating the key management role to authenticated nodes while establishing security associations across the network. We performed a comprehensive stochastic analysis to develop a model for computing the expected rekey time across the entire group, taking into account the likelihood of node jamming, channel failures, and message corruption. This model was verified with a Monte-Carlo simulation. Our results confirmed that the VEKE protocol can accomplish an over-the-air rekey in a short period of time, even over low bit-rate systems, while preserving rigid security and channel availability properties of the network. It also allows for the amount of pre-placed public-key material and other preparations necessary in tactical networks to be minimized.