Marcin Niemiec

Management of security in quantum cryptography

The interest in quantum-based security methods has been growing rapidly in recent years. New implementations of quantum key distribution and new network services supported by this solution are being introduced. The reason behind the growing popularity of quantum cryptography is its unrivaled security level: all eavesdroppers can be revealed through the application of the laws of physics. First of all, the rules of quantum mechanics ensure that any measurement modifies the state of the transmitted quantum bit. This modification can be discovered by the sender and the receiver. This makes passive eavesdropping impossible. Using protocols such as BB84, network users are able to send a string of bits coded by the polarized photons. After that, they can establish secure cryptographic keys through an unsecure channel using different key distillation methods. Major ongoing challenges include the control and management of security in systems using quantum cryptography, as well as tailoring security to specific end users requirements and services.

A new symmetric block cipher based on key-dependent S-boxes

In this paper a new symmetric cryptographic algorithm which uses new S-boxes during the encryption process is proposed. The cipher ensures high-level of confidentiality due to key-dependent S-boxes. Additionally, a new method of generating S-boxes, one of the basic and commonly used cryptographic function is presented. The method is based on the Rijndael S-box that is currently used in the AES algorithm. Nevertheless, the method is more general and it can be based on any S-box.

Quantum Cryptography Protocol Simulator

This paper presents newly developed application for evaluation and testing of quantum cryptography protocols. At the beginning the reason of creation as well as basics of the quantum mechanics are provided. Successive sections of this article show the design and building blocks of application. Two use cases are proposed as well. At the end, reader is provided with short demonstration of simulator’s work in the means of exemplary results obtained through quantum protocol simulation execution.

Security Infrastructures: Towards the INDECT System Security

This paper provides an overview of the security infrastructures being deployed inside the INDECT project. These security infrastructures can be organized in five main areas: Public Key Infrastructure, Communication security, Cryptography security, Application security and Access control, based on certificates and smartcards. This paper presents the new ideas and deployed testbeds for these five areas. In particular, it explains the hierarchical architecture of the INDECT PKI, the different technologies employed in the VPN testbed, the INDECT Block Cipher (IBC) – a new cryptography algorithm that is being integrated in OpenSSL/OpenVPN libraries, and how TLS/SSL and X.509 certificates stored in smart-cards are employed to protect INDECT applications and to implement the access control of the INDECT Portal. All the proposed mechanisms have been designed to work together as the security foundation of all systems being developed by the INDECT project.

First step towards preserving the privacy of cloud-based IDS security policies

Traditional intrusion detection systems, managed by organizations themselves, have already evolved towards cloud architectures. While benefitting from all the advantages of the cloud computing paradigm, they are also suffering from one of its main drawbacks-privacy issues. As intrusion detection system security policies expose critical information regarding the organization such as vulnerabilities, sharing this information with cloud service providers raises serious privacy concerns. The following paper proposes and presents three novel solutions as a first step towards preserving the privacy of cloud-based intrusion detection system security policies. All the solutions utilize hybrid cloud architecture, as this is a leading trend in the cloud-based intrusion detection systems market, and share the concept of performing the most computationally expensive operations, which are pattern-matching operations, in the public cloud. By taking the final decision regarding network packets in the private cloud on customer premises, the desired level of privacy is provided. Experimental results, received as an output from the performed simulations, confirm that all the presented solutions are efficient enough for the deployment of cloud-based intrusion detection systems. Copyright

Taking back control of privacy: a novel framework for preserving cloud-based firewall policy confidentiality

As the cloud computing paradigm evolves, new types of cloud-based services have become available, including security services. Some of the most important and most commonly adopted security services are firewall services. These cannot be easily deployed in a cloud, however, because of a lack of mechanisms preserving firewall policy confidentiality. Even if they were provided, the customer traffic flowing through the Cloud Service Provider infrastructure would still be exposed to eavesdropping and information gaining by performing analysis. To bypass these issues, the following article introduces a novel framework, known as the Ladon Hybrid Cloud, for preserving cloud-based firewall policy confidentiality. It is shown that in this framework, a high level of privacy is provided thanks to leveraging an anonymized firewall approach and a hybrid cloud model. A number of optimization techniques, which help to further improve the Ladon Hybrid Cloud privacy level, are also introduced. Finally, analysis performed on the framework shows that it is possible to find a trade-off between the Ladon Hybrid Cloud privacy level, its congestion probability, and efficiency. This argument has been demonstrated through the results of conducted experiments.

Towards Hardware Implementation of INDECT Block Cipher

This paper presents the first steps towards hardware implementation of INDECT Block Cipher (IBC) — a new symmetric block cipher invented in INDECT project. Currently, end-users can encrypt or decrypt single files by the software implementation of IBC but migration to hardware allows to speed up the encryption and decryption processes. In the paper, the authors describe software and hardware environments (Xilinx Spartan platform and System Generator environment) where the implementation is performed. Also, the models of IBC encryptor and decryptor developed in System Generator environment are presented in detail. Additionally, some considerations and propositions of Concurrent Error Detection in the hardware IBC architecture are described. Beside the descriptions of the main achievements, future development and next steps towards final hardware implementation are also considered.

Integrated security infrastructures for law enforcement agencies

This paper provides an overview of the security architecture for Law Enforcement Agencies (LEAs) designed by the INDECT project, and in particular the security infrastructures that have been deployed so far. These security infrastructures can be organized in the following main areas: Public Key Infrastructure (PKI) and user management, communications security, and new cryptographic algorithms. This paper presents the new ideas, architectures and deployed testbeds for these areas. In particular, it explains the inner structure of the INDECT PKI employed for federated identity management, the different technologies employed in the VPN testbed, the INDECT Block Cipher (IBC) – a novel cryptographic algorithm that has being integrated into OpenSSL library, and how IBC-enabled TLS/SSL sessions and X.509 certificates are employed to protect INDECT applications. All proposed mechanisms have been designed to work in an integrated fashion as the security foundation of all systems being developed by the INDECT project for LEAs.

Quantum cryptography - The analysis of security requirements

This article describes the security requirements of communication systems from quantum cryptography point of view. The background of consideration is the model of secure communication system, presented in ITU-T recommendation X.805. The requirements are described in two sections: end-users requirements, which should be clarified at the beginning of security architecture designing and system requirements, which should be met before quantum cryptography implementation.

Federated identity in real-life applications

This paper describes scenarios and services based on Federated Identity technology. The authors emphasize the Single Sign On mechanism, in which a users single authentication credential is used to log in once without being prompted to authenticate again to other systems. The overview of Federated Identity and a Federated Identity Management System is presented first. Next, federation approaches used in different fields of human activity are discussed. A few examples of such domains are presented: E-health, E-government, E-learning, and E-business. Also, two different use cases were proposed: a federated approach for tourism which provide a better service for customers, and in the health care sector, which improves medical service quality and reduces treatment costs. The last section describes the prototype which was implemented and tested in network environment.