Carlisle Adams

Constructing Symmetric Ciphers Using the CAST Design Procedure

This paper describes the CAST design procedure for constructing a family of DES-like Substitution-Permutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (s-boxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.

The structured design of cryptographically good s-boxes

We describe a design procedure for the s-boxes of private key cryptosystems constructed as substitution-permutation networks (DES-like cryptosystems). Our procedure is proven to construct s-boxes which are bijective, are highly nonlinear, possess the strict avalanche criterion, and have output bits which act (vitually) independently when any single input bit is complemented. Furthermore, our procedure is very efficient: we have generated approximately 60 such 4 × 4 s-boxes in a few seconds of CPU time on a SUN workstation.

Generating and counting binary bent sequences

Two general classes of binary bent sequences, bent-based and linear-based, are introduced. Algorithms that allow easy generation of bent sequences from either class are given. Based on some simple computation and a computer search, the authors conjecture a lower bound on the total number of binary bent sequences of a given order. This lower bound is exact for bent sequences of order 16; a list is included from which all such sequences can be derived. >

Good S-boxes are easy to find

We describe an efficient design methodology for the s-boxes of DES-like cryptosystems. Our design guarantees that the resulting s-boxes will be bijective and nonlinear and will exhibit the strict avalanche criterion and the output bit independence criterion.

Security-related comments regarding McEliece's public-key cryptosystem

The optimal values of the parameters of the McEliece public-key cryptosystem are computed. It is shown that use of these values improves the cryptoanalytic complexity of the system and decreases its data expansion. It is shown that the likelihood of the existence of more than one trapdoor in the system is very small. >

Usability of anonymous web browsing: an examination of Tor interfaces and deployability

Tor is a popular privacy tool designed to help achieve online anonymity by anonymising web traffic. Employing cognitive walkthrough as the primary method, this paper evaluates four competing methods of deploying Tor clients, and a number of software tools designed to be used in conjunction with Tor: Vidalia, Privoxy, Torbutton, and FoxyProxy. It also considers the standalone anonymous browser TorPark. Our results show that none of the deployment options are fully satisfactory from a usability perspective, but we offer suggestions on how to incorporate the best aspects of each tool. As a framework for our usability evaluation, we also provide a set of guidelines for Tor usability compiled and adapted from existing work on usable security and human-computer interaction.

A Trust Model with Statistical Foundation

The widespread use of the Internet signals the need for a better understanding of trust as a basis for secure on-line interaction. In the face of increasing uncertainty and risk, users and machines must be allowed to reason effectively about the trustworthiness of other entities. In this paper, we propose a trust model that assists users and machines with decision-making in online interactions by using past behavior as a predictor of likely future behavior. We develop a general method to automatically compute trust based on self-experience and the recommendations of others. Furthermore, we apply our trust model to several utility models to increase the accuracy of decision-making in different contexts of Web Services.

Security-Related Comments Regarding McEliece's Public-Key Cryptosystem

The optimal values for the parameters of the McEliece public key cryptosystem are computed. Using these values improves the cryptanalytic complexity of the system and decreases its data expansion. Secondly it is shown that the likelihood of the existence of more than one trapdoor in the system is very small.

Security and privacy system architecture for an e-hospital environment

Hospitals are now using electronic medical records and computer applications in order to provide more efficient and thorough care for their patients. The Mobile Emergency Triage system provides doctors with decision support for emergency care by pulling information from a patients health record and a medical literature database. In order to achieve compliance with privacy legislations PIPEDA and PHIPA, security and privacy measures must be put in place. Encryption and access control are necessary for ensuring proper authorization and confidentiality for patient records. Strong authentication and audit logs are required to ensure access only by those allowed. We discuss differences in security technologies and detail the ones used in our MET system. A new encryption technology called policy-based encryption proves to be quite useful within a health care environment for providing both encryption and access control. We propose an extension to an existing scheme which allows for the use of this cryptography in a hospital setting.

On The Security of Key Derivation Functions

Key derivation functions are commonly used within many cryptographic schemes in order to distribute the entropy contained in an uneven way in a long stream of bits into a string that can be used directly as a symmetric key or as a seed for a pseudo-random number generator, or to convert short strings such as passwords into symmetric keys. This paper examines the common key derivation function constructions and shows that most of these have some concerning properties. In some situations, the use of these key derivation functions may actually limit the security that would otherwise be obtained. A new construction is also provided which seems to have better properties and an intuitive justification for its security is given.