Keith Alexander Harrison

Implementing the Tate Pairing

The Tate pairing has found several new applications in cryptography. This paper provides methods to quickly compute the Tate pairing, and hence enables efficient implementation of these cryptosystems. We also give division-free formulae for point tripling on a family of elliptic curves in characteristic three. Examples of the running time for these methods are given.

Applications of Multiple Trust Authorities in Pairing Based Cryptosystems

We investigate a number of issues related to the use of multiple trust authorities and multiple identities in the type of identifier based cryptography enabled by the Weil and Tate pairings. An example of such a system is the Boneh and Franklin encryption scheme. We present various applications of multiple trust authorities. In particular we focus on how one can equate a trust authority with a way to add contextual information to an identity.

From quantum multiplexing to high-performance quantum networking

Our objective was to design a quantum repeater capable of achieving one million entangled pairs per second over a distance of 1000km. We failed, but not by much. In this letter we will describe the series of developments that permitted us to approach our goal. We will describe a mechanism that permits the creation of entanglement between two qubits, connected by fibre, with probability arbitrarily close to one and in constant time. This mechanism may be extended to ensure that the entanglement has high fidelity without compromising these properties. Finally, we describe how this may be used to construct a quantum repeater that is capable of creating a linear quantum network connecting two distant qubits with high fidelity. The creation rate is shown to be a function of the maximum distance between two adjacent quantum repeaters.

Software implementation of finite fields of characteristic three, for use in pairing based cryptosystems

In this paper, the authors examine a number of ways of implementing characteristic three arithmetic for use in cryptosystems based on the Tate pairing. Three alternative representations of the field elements are examined, and the resulting algorithms for the field addition, multiplication and cubing are compared. Issues related to the arithmetic of supersingular elliptic curves over fields of characteristic three are also examined. Details of how to compute the Tate pairing itself are not covered, since these are well documented elsewhere.

Certification of Public Keys within an Identity Based System

We investigate a number of issues related to the use of multiple trust authorities in the type of identifier based cryptography enabled by the Weil and Tate pairings. An example of such a system is the Boneh and Franklin encryption scheme. We examine how to create an efficient hierarchy of multiple trust authorities and then go on to examine some application areas of pairing based cryptography.

A flexible role-based secure messaging service: exploiting IBE technology for privacy in health care

The management of private and confidential information is a major problem for dynamic organizations. Secure solutions are needed to exchange confidential documents, protect them against unauthorized accesses and cope with changes of peoples roles and permissions. Traditional cryptographic systems and PKI show their limitations, in terms of flexibility and manageability. This paper describes an innovative technical solution in the area of secure messaging that exploits identifier-based encryption (IBE) technology. It illustrates the advantages against a similar approach based on traditional cryptography and PKI. It discusses a few open issues. Our main contribution is a practical solutions based on IBE technology. A secure messaging system based on IBE has been fully implemented and it is currently used in a trial with a UK health service organization.

A Framework for Detecting Malware in Cloud by Identifying Symptoms

Security is seen as one of the major challenges of the Cloud computing. Recent malware are not only becoming more sophisticated, but have also demonstrated a trend to make use of components, which can easily be distributed through the Internet to develop newer and better malware. As a result, the key problem facing Cloud security is to cope with identifying diverse sets of malware. This paper presents a method of detecting malware by identifying the symptoms of malicious behaviour as opposed to looking for the malware itself. This can be compared to the use of symptoms in human pathology, in which study of symptoms direct physicians to diagnosis of a disease or possible causes of illnesses. The main advantage of shifting the attention to the symptoms is that a wide range of malicious behaviour can result in the same set of symptoms. We propose the creation of Forensic Virtual Machines (FVM), which are mini Virtual Machines (VM) that can monitor other VMs to discover the symptoms. In this paper, we shall present a framework to support the FVMs so that they collaborate with each other in identifying symptoms by exchanging messages via secure channels. The FVMs report to a Command & Control module that collects and correlates the information so that suitable remedial actions can take place in real-time. The Command & Control can be compared to the physician who infers possibility of an illness from the occurring symptoms. In addition, as FVMs make use of the computational resources of the system we will present an algorithm for sharing of the FVMs so that they can be guided to search for the symptoms in the VMs with higher priority.

Forensic Virtual Machines: Dynamic Defence in the Cloud via Introspection

The Cloud attempts to provide its users with automatically scalable platforms to host many applications and operating systems. To allow for quick deployment, they are often homogenised to a few images, restricting the variations used within the Cloud. An exploitable vulnerability stored within an image means that each instance will suffer from it and as a result, an attacker can be sure of a high pay-off for their time. This makes the Cloud a prime target for malicious activities. There is a clear requirement to develop an automated and computationally-inexpensive method of discovering malicious behaviour as soon as it starts, such that remedial action can be adopted before substantial damage is caused. In this paper we propose the use of Mini-OS, a virtualised operating system that uses minimal resources on the Xen virtualisation platform, for analysing the memory space of other guest virtual machines. These detectors, which we call Forensic Virtual Machines (FVMs), are lightweight such that they are inherently computationally cheap to run. Such a small footprint allows the physical host to run numerous instances to find symptoms of malicious behaviour whilst potentially limiting attack vectors. We describe our experience of developing FVMs and how they can be used to complement existing methods to combat malware. We also evaluate them in terms of performance and the resources that they require.

Security: Security through uncertainty

Like much legislation, the Computer Misuse Act 1990 was implemented to plug a hole in the law. It may have made it easier for prosecutors to punish those abusing computer systems nearly 20 years ago, but conditions have changed dramatically since then. The Police and Justice Act 2006 was passed at the end of last year, and nestled among its non-computer related measures is a raft of new rules designed to bring the terms and conditions relating to computer crime into the 21^s^t century. IT criminology expert Stefan Fafinski examines the ramifications of the law, and wonders whether its scope might cause collateral damage for legitimate security practitioners. Society is becoming increasingly reliant on electronic communications and information storage. E-commerce has really taken off and more individuals communicate, shop, bank, and search for information electronically. Governments and other institutions gather, store and communicate vast quantities of information, much of it sensitive or private, electronically. The internet enables all of us to do so much more, so much more efficiently, than we could before, but a great deal of this e-freedom relies on secure communications. This in turn requires cryptography.

Reducing risks of widespread faults and attacks for commercial software applications: towards diversity of software components

Recent IT attacks demonstrated how vulnerable consumers and enterprises are when adopting commercial and widely deployed operating systems, software applications and solutions. Diversity in software applications is fundamental to increase chances of survivability to faults and attacks. Current approaches to diversity are mainly based on the development of multiple versions of the same software, their parallel execution and the usage of voting mechanisms. Because of the high cost, they are used mainly for very critical and special cases. We introduce and discuss an alternative method to ensure diversity for common widespread software applications without requiring additional resources. We describe a few encouraging results obtained from simulations.