José L. Melús

An overview of security in Eurocrypt conditional access system

In accordance with a ruling of the European Economic Community (EEC), as from 1995, television receivers manufactured in Europe should incorporate D2-MAC decoder. One of the characteristics of this system is that it has a conditional access system (Eurocrypt) to make the services available to only those users who have previously subscribed to it. This proposed system of conditional access is described and later analyzed studying the cryptographical properties which characterise it. The encoding of the image, sound and data signals is based on stream cipher techniques. The cryptographic excellence of this type of encoding is determined by the suitable choice of encoding pseudo-random sequences. Although the system of encoding used-based on the Jennings (1980) generator is not very robust, the modifications which have been introduced and a suitable key management system, allows one to conclude that the standard D2-MAC conditional access system presents a robust cryptographic behaviour against cryptanalytical attacks, preventing fraudulent access by unauthorised users.<<ETX>>

Hardware implementation of a secure bridge in Ethernet environments

Presents a solution providing secure communications over an extended Ethernet LAN. This solution, proposed by the Applied Mathematics and Telematics Department of the Polytechnic University of Catalonia, is based on a set of secure bridges, called cryptonets, and a supervision and administration center (SAC), which takes charge of the remote management of the work of these devices. A first version of the physical and functional architecture of these secure bridges was presented previously. The present authors describe a modification of the initial architecture, in order to improve substantially its performance, both the typical functions of a classical bridge (filtering frame speed) and the specific functions of ciphering. Furthermore, it allows one to build more integrated equipment, with a larger number of functions and at a lower cost.<<ETX>>

Spreading Codes Generator for Wireless CDMA Networks

The prime characteristic of spread spectrum modulated signals is that their bandwidth is greater than the information rate. In this way a redundancy is introduced that allows the severe levels of inteference inherent in the transmission of digital information over radio and satellite links to be overcome. Current spread spectrum applications are primarily in military communications; nevertheless, there is growing interest in this technique for third generation mobile radio networks (UMTS, FPLTS, etc.) with open discussion regarding the practicality of using a multiple access system based on spread spectrum techniques (CDMA). However, in order to support as many users in the same bandwidth as other multiple access techniques such as TDMA or FDMA, it is important how to generate large families of sequences that present low cross-correlation. The aim of this paper is to describe a spreading codes generator that can produce a large number of PN sequences with good properties of auto- and cross-correlation. Moreover, the codes generated shows high unpredictability and good statistical behaviour. This also allows the implementation of some features that are common on military networks such as message privacy (increasingly important in commercial networks) without additional cost. The structure presented shows itself to be advantageous for high speed generation of codes at a low cost, low power consumption (allowing longer life for batteries), small size and simplicity of implementation, essential ingredients for commercial equipment. Another attractive feature is its structural parallelism, useful in VLSI implementations. All of these features render it potentially suitable for the implementation of channel bandwidth sharing systems in future wireless personal communications networks.

Uncorrelated PN sequences generator for spreading codes in CDMA systems

In a CDMA system each user modulates his data signal (typically with few kbits/s) onto a wideband spreading waveform. The target receiver correlates its input with the same spreading function, suitably synchronised, to recover the signal. For this, each transmit-receive pair employs a unique spreading code, that must be uncorrelated with the codes used by other transmit-recieve pairs. In this way transmission from unwanted users and also any interference (including the intermodulation products) are rejected by the despreading process in the receiver, and may be modelled as Gaussian noise. In this paper, a non linear Pseudo Noise (PN) generator is proposed that can produce a great number of uncorrelated random sequences with good properties of auto and cross-correlation. Each of these shows very good behaviour to what is expected for this type of sequence, that is, high unpredictability and very good statistical behaviour. Moreover, it shows itself to be advantageous for high speed generation of PN codes, with low cost, low power consumption, small volume and simplicity of implementation, and exhibits a structural parallelism useful for VLSI implementations. All these features makes it potentially suitable for the generation of independent spreading pseudo random codes in CDMA Systems.

Secure data transmission in extended Ethernet environments

An extended Ethernet LAN is built by connecting several Ethernet segments by means of suitable devices (repeaters, bridges, etc.). A common way to make this interconnection is through a main segment, called the backbone, that joins each of the departments (or, perhaps, building floors) within the owner premises. In this kind of network, data transmission in the backbone is very sensitive to either eavesdropping or manipulation. The implementation of a cryptographic system that protects transmission (providing for both confidentiality and integrity of transmitted data) in this kind of network is addressed. The operation of the proposed system and the specific troubles encountered in implementing it in the local network of the Polytechnic University of Catalonia are presented. An analysis of the functionality of the ciphering bridges is provided and their implementation is studied in detail. Finally, the more relevant results and conclusions are given. >

Implementation of a secure bridge in an Ethernet environment

The implementation of a security system that caters to the needs of an operating network, the UPC NET, is presented. The security services that this system offers are confidentiality and authentication (origin authentication and data integrity) of data transmitted on the main segment of an extended Ethernet network. The system has been designed to specifically function in the extended Ethernet network of the Polytechnic University of Catalonia. The security system has the following characteristics: it provides cryptographic security services, it does not interfere with the operation of unprotected systems, and it supports transparent operations for protected systems.<<ETX>>

Directory services for UMTS. Security aspects

UMTS (Universal Mobile Telecommunications System) is a mobile telephony system that is being developed within the RACE project (Research and Development in Advanced Communications Technologies in Europe). UMTS will allow the connection of any terminal by means of a common interface with different kinds of networks (BISDN, PLMN). In this paper, the security in the distributed databases and links that joins the different components of the fixed network is studied. A comparison and adaptation between the security architecture of the standard X.509 (The Directory. Authentication Framework) of the CCITT and the fixed network of UMTS is established taking into account the different peculiarities of them.<<ETX>>

Policy-based pricing for heterogeneous wireless access networks

Our cities are already covered by a myriad of diverse wireless access networks. The most ubiquitous access networks are the well organized homogeneous and centralized operator-based cellular networks that sustain their business model on a captive client basis. However, a new billing paradigm is rising, where a client can choose to connect to the provider that best comply with his/her current requirements and context. Inside this paradigm, this paper presents a distributed, rule-based pricing strategy aimed to improve the quality of service and to increase the global income of a service provider. The performance and reliability of the rule-based decisions is supported by a Finite State Transducersbased inference machine specially designed to manage networking systems. We show, with simulations, that, using our strategy, the operators can make the new billing paradigm profitable while the clients benefit from the economic advantages of competition and of the quality given by a pricing-based network balance mechanism.

A particular solution to provide secure communications in an Ethernet environment

In this paper we describe the adopted and implemented solution to provide secure communications over the extended area Ethernet network of the Polytechnic University of Catalonia (U.P.C.). The developed solution is not adapted to the current standards about security on local networks (IEEE-802.10, ISO 7498-2, etc.). This solution is based on the construction of a set of ciphering devices (CRYPTONETS), whose function is similar to the one carried out by a classic bridge, but incorporating ciphering facilities. Moreover, there is a Supervision and Administration Center (SAC), which takes care of the key renewal and System Management. The cryptographic algorithms used are the D.E.S. for the Ethernet frames ciphering, and the R.S.A., for key-management. Finally, we evaluate the degradation of the network performances due to the introduction of security services within an already working network. The prototype shown here is a second version of the one described in [16]. Although the measures carried out are only partial, it can be asserted that they substantially improve the performances obtained with the first prototype, reaching the desired values.

Implementation of a security system in a local area network environment

The development and the implementation of a security system in a local area network environment are presented. This system is based on an extended Ethernet network, but the methodology used is transferable to different kinds of LCNs and even metropolitan area networks (MANs), with some easy modifications. The adopted solution fulfills all the requirements that must fulfill any security protocol since: it provides cryptographic security services, it is an independent algorithm, it supports transparent operations for protected systems, it does not interfere with the operation of unprotected systems, it provides protocol support of key management independent of data security, and it provides optimal communication with unprotected systems. It also offers advantages such as flexibility, simplicity, low cost, and mobility.