Ewerton R. Andrade

Lyra: password-based key derivation with tunable memory and processing costs

We present Lyra, a password-based key derivation scheme based on cryptographic sponges. Lyra was designed to be strictly sequential (i.e., not easily parallelizable), providing strong security even against attackers that use multiple processing cores (e.g., custom hardware or a powerful GPU). At the same time, it is very simple to implement in software and allows legitimate users to fine-tune its memory and processing costs according to the desired level of security against brute force password guessing. We compare Lyra with similar-purpose state-of-the-art solutions, showing how our proposal provides a higher security level and overcomes limitations of existing schemes. Specifically, we show that if we fix Lyra ’s total processing time

A framework for enabling security services collaboration across multiple domains

t

Lyra2: Password Hashing Scheme with improved security against time-memory trade-offs

t in a legitimate platform, the cost of a memory-free attack against the algorithm is exponential, while the best-known result in the literature (namely, against the scrypt algorithm) is quadratic. In addition, for an identical same processing time, Lyra allows for a higher memory usage than its counterparts, further increasing the cost of brute force attacks.

A Framework for Enabling Security Services Collaboration Across Multiple Domains

We present Lyra2, a password hashing scheme (PHS) based on cryptographic sponges. Lyra2 was designed to be strictly sequential for a given number of cores (i.e., not easily parallelizable beyond that number), providing strong security even against attackers using custom hardware or GPUs. At the same time, it is very simple to implement in software and allows legitimate users to fine tune its memory and processing costs according to the desired level of security against brute force password-guessing. Lyra2 is an improvement of the recently proposed Lyra algorithm, providing an even higher security level against different attack venues and overcoming some limitations of this and other existing schemes.

Comparison of Two Signature Schemes Based on the MQ Problem and Quartz

Network virtualization technologies are creating a new era for information security, enabling the on demand creation and deployment of security appliances (generically called security service functions – SSF) for detecting and/or mitigating attacks. However, given the increasing size and complexity of contemporary attacks, it is usually hard for a single administrative domain to deal with several malicious flows by itself, which motivates the collaboration among SSFs from multiple domains. In this paper, we present a technical demonstration of a framework that leverages SDN (Software Defined Networking) and SFC (Service Function Chaining) to enhance the collaboration among different SSFs for mitigating large scale attacks. This framework allows SSFs from different domains to negotiate and dynamically control the amount of resources allocated for collaboration, in what we call a “best-effort” collaboration mode. The demonstration hereby presented consists in a video streaming service that is targeted by a volumetric denial-of-service attack, showing basically two situations: (1) after the attack reaches a certain volume, the SSF from the streaming services domain becomes unable to handle the attack on its own, so packets are dropped and the video quality decreases; and (2) when there is a collaboration among SSFs, the amount of traffic dropped is considerably reduced, so the video quality is preserved even during the attack.