Jeffrey W. Humphries

Reputation-Based Trust for a Cooperative Agent-Based Backup Protection Scheme

This paper explores integrating a reputation-based trust mechanism with an agent-based backup protection system to help protect against malicious or byzantine failures. A distributed cooperative trust system has the potential to add an additional layer of protection designed to operate with greater autonomy. This trust component enables the agents in the system to make assessments using an estimate of the trustworthiness of cooperating protection agents based on their responsiveness and the consistency of their responses when compared with their peers. Results illustrate the improved decision-making capability of agents who incorporate this cooperative trust method in the presence of failures in neighboring relays.

Training ≠ education: putting secure software engineering back in the classroom

In the world of software engineering, security remains a critical issue. Companies lose billions each year because commercial vendors continue to produce exploitable applications. Over 8,000 vulnerabilities were cataloged by the Computer Emergency Response Team in 2006 alone. Despite this alarming statistic, companies still grip the same train-and-certify approach for cultivating security-minded programmers. However, exhibited by the prevalent vulnerabilities still appearing in cyberspace, a new ambitious plan for robust software development must be implemented. This paper addresses the inadequacy of training and encourages the academic community to adopt modern software security essentials into the undergraduate computer science curriculum. This paper also proposes a unique software engineering course targeted to senior-level computer science students that underlines design methods, tools, and standards applicable to writing secure code.

An Analysis of Error Reconciliation Protocols used in Quantum Key Distribution Systems

Quantum Key Distribution (QKD) is a revolutionary security technology that exploits the laws of quantum mechanics to achieve information-theoretic secure key exchange. QKD enables two parties to “grow” a shared secret key without placing any limits on an adversary’s computational power. Error reconciliation protocols have been developed that preserve security while allowing a sender and receiver to reconcile the errors in their respective keys. The most famous of these is the Cascade protocol, which is effective but suffers from a high communication complexity and low throughput. The Winnow protocol reduces the communication complexity over Cascade, but has the disadvantage of introducing errors. Finally, Low Density Parity Check (LDPC) codes have been shown to reconcile errors at rates higher than those of Cascade and Winnow, but with greater computational complexity. In this paper we evaluate the effectiveness of LDPC codes by comparing the runtime, throughput and communication complexity empirically with the Cascade and Winnow algorithms. The effects of inaccurate error estimation, non-uniform error distribution and varying key length on all three protocols are evaluated for identical input key strings. Analyses are performed on the results in order to characterize the strengths and weaknesses of each protocol.

An Automated Virtualization Performance Analysis Platform

This research compares three traditional categories of virtualization to a technique known as hybrid virtualization. Each technique is evaluated in terms of both capability and performance. The traditional methods of platform virtualization such as full virtualization, paravirtualization and operating system virtualization each comes with its own set of capabilities and engineering trade-offs. Hybrid virtualization attempts to leverage the benefits of full and operating system virtualization by allowing virtual machines of each type of virtualization to run simultaneously on the same host machine. This research measures the time required for each virtualization technique to perform a workload inside virtual machines as the number of virtual machines running the workload scales. This performance data will help determine the usefulness of the hybrid technique in building a military cyber warfare training simulation environment based on virtualization. The goal is to determine which technique is capable of supporting large-scale environments required by realistic network training scenarios. The capability evaluation results indicate that hybrid virtualization successfully leverages the benefits of its two virtualization components while minimizing the trade-offs of each individual technique. The performance results indicate that the performance of each virtualization technique differs significantly relative to the workload applied. Some workloads saw no significant differences in performance between techniques. However, in the workloads that did show significant difference, the hybrid technique performed as well as or better than full virtualization or operating system virtualization alone. This leads to the conclusion that hybrid virtualization is a viable candidate as the basis for a military cyber warfare simulation and training environment.

An empirical analysis of the cascade error reconciliation protocol for quantum key distribution

Abstract : Cryptography provides the means to securely communicate data between authorized entities by using mathematical transformations which utilize preshared cryptographic keys. The need to share key material with authorized entities in a secure, efficient and timely manner has driven efforts to develop new key distribution methods. The most promising method is Quantum Key Distribution (QKD) and is considered to be unconditionally secure because it relies upon the immutable laws of quantum physics rather than computational complexity. Unfortunately, the nonidealities present in actual implementations of QKD systems also result in errors manifested in the quantum data channel. As a consequence, an important component of any QKD system is the error reconciliation protocol which is used to identify and correct inconsistencies in the exchanged key material. This research provides an empirical analysis of the Cascade secret key reconciliation protocol to measure its efficacy under different error rates, sampling rates, error distributions and larger sifted key sizes. The key findings of the research are that 1) an error sampling rate of 25% provides optimal Cascade performance when using variable block sizes, 2) the choice of sifted key length directly impacts the accuracy of Cascade error estimation, 3) the Cascade algorithm performs well in burst error environments with initial permutation, and 4) a tradeoff exists between buffer size and information leaked.

A case for DoD application of public cloud computing services

Cloud computing offers tremendous opportunities for private industry, governments, and even individuals to access massive amounts of compute resources on-demand at very low cost. Recent advancements in bandwidth availability, virtualization, security services and general public awareness have contributed to this information technology (IT) business model. Cloud computing provides on-demand scalability, reduces costs, decreases barriers to entry, and enables organizations to refocus on core competencies. Despite the benefits, security concerns are still the dominant barriers to cloud service adoption. This article explores public cloud computing from a Department of Defense (DoD) perspective. The objective is to improve the general understanding, analyze security issues, and present recommendations to the DoD to help foster public cloud computing adoption.

Trust Management Approach to Satellite System Telecommanding Security

This paper is concerned with the application of trust-management theory from the distributed information system domain to satellite system telecommanding operations. New standards in satellite system architecture afford more open and efficient mission operations. With these benefits come additional security threats to critical space assets. As one method to mitigate threats to space systems, this research develops, implements, and tests the consolidated trust-management system: a novel approach to satellite system security. The proposed trust-management system is implemented in a CubeSat test environment. Experimental results show promise for the proposed approach for telecommanding security with potential applicability to large, small, and federated satellites.

Reputation-based trust for a cooperative agent-based backup protection scheme

This paper explores integrating a reputation-based trust mechanism with an agent-based backup protection system to help protect against malicious or byzantine failures. A distributed cooperative trust system has the potential to add an additional layer of protection designed to operate with greater autonomy. This trust component enables the agents in the system to make assessments using an estimate of the trustworthiness of cooperating protection agents based on their responsiveness and the consistency of their responses when compared with their peers. Results illustrate the improved decision-making capability of agents who incorporate this cooperative trust method in the presence of failures in neighboring relays.