Mark Dolan Torgerson

Key Management for SCADA

In this paper we discuss various security aspects and requirements of the Supervisory Control and Data Acquisition (SCADA) system for the electric power grid. In particular we discuss a method of managing cryptographic keys and give sample cryptographic algorithms that are appropriate for the SCADA system. We also describe a simulated SCADA network that we have implemented and discuss the items concerning its efficiency and compatibility with the requirements of the SCADA network.

ManTiCore: Encryption with Joint Cipher-State Authentication

We describe a new mode of encryption with inexpensive authentication, which uses information from the internal state of the cipher to provide the authentication. Our algorithms have a number of benefits: The encryption has properties similar to CBC mode, yet the encipherment and authentication can be parallelized and/or pipelined; The authentication overhead is minimal; The authentication process remains resistant against some IV reuse. Our first construction is the MTC4 encryption algorithm based on cryptographic hash functions which supports variable block sizes up to twice the hash output length, and variable key lengths. A proof of security is presented for MTC4. We then generalize the construction to create the Cipher-State (CS) mode of encryption that uses the internal state of any round-based block cipher as an authenticator. We give a concrete example using AES as the encryption primitive. We provide performance measurements for all constructions.

Distributed Denial-of-Service Characterization

Distributed denial of service (DoS) attacks on cyber-resources are complex problems that are difficult to completely define, characterize, and mitigate. We recognize the process-nature of DoS attacks and view them from multiple perspectives. Identification of opportunities for mitigation and further research may result from this attempt to characterize the DoS problem space. We examine DoS attacks from the point of view of (1) a high-level that establishes common terminology and a framework for discussing the DoS process, (2) layers of the communication stack, from attack origination to the victim of the attack, (3) specific network and computer elements, and (4) attack manifestations. We also examine DoS issues associated with wireless communications. Using this collection of views, one begins to see the DoS problem in a holistic way that may lead to improved understanding, new mitigation strategies, and fruitful research.

Manticore and CS Mode: Parallelizable Encryption with Joint Cipher-State Authentication

We describe a new mode of encryption with inexpensive authentication, which uses information from the internal state of the cipher to provide the authentication. Our algorithms have a number of benefits: (1) the encryption has properties similar to CBC mode, yet the encipherment and authentication can be parallelized and/or pipelined, (2) the authentication overhead is minimal, and (3) the authentication process remains resistant against some IV reuse. We offer a Manticore class of authenticated encryption algorithms based on cryptographic hash functions, which support variable block sizes up to twice the hash output length and variable key lengths. A proof of security is presented for the MTC4 and Pepper algorithms. We then generalize the construction to create the Cipher-State (CS) mode of encryption that uses the internal state of any round-based block cipher as an authenticator. We provide hardware and software performance estimates for all of our constructions and give a concrete example of the CS mode of encryption that uses AES as the encryption primitive and adds a small speed overhead (10-15%) compared to AES alone.

The Theory of Diversity and Redundancy in Information System Security: LDRD Final Report

The goal of this research was to explore first principles associated with mixing of diverse implementations in a redundant fashion to increase the security and/or reliability of information systems. Inspired by basic results in computer science on the undecidable behavior of programs and by previous work on fault tolerance in hardware and software, we have investigated the problem and solution space for addressing potentially unknown and unknowable vulnerabilities via ensembles of implementations. We have obtained theoretical results on the degree of security and reliability benefits from particular diverse system designs, and mapped promising approaches for generating and measuring diversity. We have also empirically studied some vulnerabilities in common implementations of the Linux operating system and demonstrated the potential for diversity to mitigate these vulnerabilities. Our results provide foundational insights for further research on diversity and redundancy approaches for information systems.

Final report for LDRD Project 93633 : new hash function for data protection.

The security of the widely-used cryptographic hash function SHA1 has been impugned. We have developed two replacement hash functions. The first, SHA1X, is a drop-in replacement for SHA1. The second, SANDstorm, has been submitted as a candidate to the NIST-sponsored SHA3 Hash Function competition.

Parallelism of the SANDstorm Hash Algorithm

Mainstream cryptographic hashing algorithms are not parallelizable. This limits their speed and they are not able to take advantage of the current trend of being run on multi-core platforms. Being limited in speed limits their usefulness as an authentication mechanism in secure communications. Sandia researchers have created a new cryptographic hashing algorithm, SANDstorm, which was specifically designed to take advantage of multi-core processing and be parallelizable on a wide range of platforms. This report describes a late-start LDRD effort to verify the parallelizability claims of the SANDstorm designers. We have shown, with operating code and bench testing, that the SANDstorm algorithm may be trivially parallelized on a wide range of hardware platforms. Implementations using OpenMP demonstrates a linear speedup with multiple cores. We have also shown significant performance gains with optimized C code and the use of assembly instructions to exploit particular platform capabilities.

Interstitial Monitoring Technologies.

When developing new hardware for a computer system, bus monitors are invaluable for testing compliance and troubleshooting problems. Bus monitors can be purchased for other common system busses such as the Peripheral Component Interconnect (PCI) bus and the Universal Serial Bus (USB). However, the project team did not find any commercial bus analyzers for the Low Pin Count (LPC) bus. This report will provide a short overview of the LPC interface. Page 3 of 11 This page intentionally left blank.Page 4 of 11

Small circuits for cryptography.

This report examines a number of hardware circuit design issues associated with implementing certain functions in FPGA and ASIC technologies. Here we show circuit designs for AES and SHA-1 that have an extremely small hardware footprint, yet show reasonably good performance characteristics as compared to the state of the art designs found in the literature. Our AES performance numbers are fueled by an optimized composite field S-box design for the Stratix chipset. Our SHA-1 designs use register packing and feedback functionalities of the Stratix LE, which reduce the logic element usage by as much as 72% as compared to other SHA-1 designs.

Hybrid cryptography key management.

Wireless communication networks are highly resource-constrained; thus many security protocols which work in other settings may not be efficient enough for use in wireless environments. This report considers a variety of cryptographic techniques which enable secure, authenticated communication when resources such as processor speed, battery power, memory, and bandwidth are tightly limited.