Michel Riguidel

Using quantum key distribution for cryptographic purposes

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.

Security and trust management in opportunistic networks: a survey

As a new networking paradigm, opportunistic networking communications have great vision in animal migration tracking, mobile social networking, network communications in remote areas and intelligent transportation, and so on. Opportunistic networks are one of the evolutionary mobile ad hoc networks, whose communication links often suffer from frequent disruption and long communication delays. Therefore, many opportunistic forwarding protocols present major security issues, and the design of opportunistic networks faces serious challenges such as how to effectively protect data confidentiality and integrity and how to ensure routing security, privacy, cooperation, and trust management. In this paper, we first systematically describe the security threats and requirements in opportunistic networks; then propose a general security architecture of opportunistic networks; and then make an in-depth analysis on authentication and access control, secure routing, privacy protection, trust management, and incentive cooperation mechanisms; and at the same time, we present a comparison of various security and trust solutions for opportunistic networks. Finally, we conclude and give future research directions. Copyright

Threat model for grid security services

The grid computing paradigm involves both the availability of abundant computing resources, and the storage of increased amounts of valuable data. Such information systems heavily rely upon the provision of adequate security. It is imperative that techniques be developed to assure the trustworthiness of these environments. Formal verification provides the tools and techniques to assess whether systems are indeed trustworthy, and is an established approach for security assurance. When using formal verification for security assessment one of the most important concerns should be to be precise about the threat model. A comprehensive threat model is indispensable for the simulations of a grid security model. This article presents a survey of the various threat models and discusses how and when these threat models may be inappropriate for use in the grid computing environments. Then a fine-grained threat model for grid computing is presented.

Security Assurance Aggregation for IT Infrastructures

In the development of more extensive information systems, IT security becomes increasingly important. The need for a tool to measure current security assurance level is therefore vital in order to maintain and improve the overall security of deployed systems. In this paper, we discuss several security assurance aspects and the role of aggregation in this context. Then, we introduce a general method to combine security assurance information into system wide values. This method takes into account the fact that the relations in complex systems are non-linear and also the appearance of emergent properties. Furthermore, using patterns to simplify the process of the system security assurance assessment is presented as an enhancement.

On the performance of SDN controllers: A reality check

In the Software Defined Network (SDN) ecosystem, the controller remains the cornerstone of the architecture and the critical point of its success. That is why performance concerns have existed throughout the history of SDN and controller development. This paper aims at making a reality check on the current performance achieved by mainstream open source controllers. The measurements are carried out in a controlled environment, where each controller is tested with its own optimized configuration, on the one hand allowing measuring peak performance, while, on the other hand allowing obtaining fair and reproducible results. Furthermore, besides optimizing the controller configuration, the system wide settings have been also tuned so as to maximize performance. From this comprehensive evaluation, advice on selecting and deploying controllers in real scenarios is derived.

Distributed Trust Infrastructure and Trust-Security Articulation: Application to Heterogeneous Networks

In this paper, we propose a distributed trust infrastructure for heterogeneous networks. This infrastructure is inspired from the social trust model reflected in both mathematical heuristics and a communication protocol. It is with a view to optimize the cost of security, and therefore to use security means more effectively, that the trust infrastructure, which we distinguish from the security infrastructure, operates with the latter through the trust-security articulation. Finally, based on this articulation together with the security virtualization paradigm, we lay the foundations of a new security architecture taking into account the vertical heterogeneousness in addition to the horizontal heterogeneousness of networks

A Near Real-Time System for Security Assurance Assessment

Building systems that are guaranteed to be secure or to remain secure over time is still an unachievable goal. The need for a tool that helps to determine security assurance level of a system is therefore vital in order to maintain and improve overall security. This paper introduces our system to assess the overall security assurance of a large, networked, IT-driven system in terms of a dedicated evaluation infrastructure based on multi-agent technology. We use attack graph approach to compute an attackability metric value and define other metrics for anomaly detection to assess both the static and dynamic visions of the system under study. The implemented software system is described, and the examples of experiments for evaluating of network component, sub network and network security assurance levels are considered.

Adjustable Trust Model for Access Control

The purpose of this work is to give a service provider or a resource holder the opportunity to evaluate the trustworthiness of each potential client, react to the clients activity by adapting access policies to the actual risk level, and derive users access rights from his previous behavior, recommendations from third party and the actual circumstances. It is supposed that the system is able to observe and to log the activity of each client and use this information to estimate correspondent trust values.

Grid Security Services Simulator (G3S) - a simulation tool for the design and analysis of grid security solutions

Security services are one of the most desirable characteristics of the computational grids. Nowadays the swelling number of applications and consequent increase in the amount of critical data over the grids have considerably raised the stakes for an efficient security architecture. Establishing security solutions for computational grid remains in its initial stages, as there are a number of impediments in the way of successful implementation of these security designs on a real grid. Absence of suitable mechanism to simulate the various functionalities of grid security models is a major concern for security designers. A reliable simulator for the grid security services is indispensable so that the grid security solutions can be adequately tested before their implementation on a real grid. The available range of grid simulators does not provide any support for the security functions. This vacuity has overwhelmingly motivated us to develop the Grid Security Services Simulator (G3S)

Quantifiable Security Metrics for Large Scale Heterogeneous Systems

The exponential growth of information technology and the prospect of increased public access to the computing, communications, and storage resources have made these systems more vulnerable to attacks. Use of heterogeneous devices and communication links has become a common practice which further exacerbates the management of security services of these systems. A widely accepted management principle is that an activity cannot be managed if it cannot be measured. Security also falls in this rubric. However, the complexity of todays large scale heterogeneous systems makes it impossible to measure its security by simple examination. Moreover, for most users it is hardly possible to conduct more detailed checks, which are necessary for a qualified evaluation, as they can not afford the expenditure this would entail. The need to protect these systems is fueling the need of quantifying security metrics to determine the exact level of security assurances. In this article, we have identified those entities of a large scale heterogeneous system that enforce the security services and also those which are relevant to the security services. We have filtered out the measurable entities to simplify the metrics tree with optimal granularity. These entities serve as probes for the evaluation of the overall security assurance of the system. Based on these probes, topological and dependency graphs of the overall system are evaluated and federated for the system security cockpit that represents the interface for the administrator to perform necessary operations in order to obtain and maintain a particular security assurance level for a specified service. In order to provide a comprehensive and evaluative description of the various functions of our model, we have given a use case example of a telecommunication service