Oleg B. Makarevich

Symmetric Fully Homomorphic Encryption Using Decidable Matrix Equations

We propose a new fully homomorphic encryption (FHE) scheme. Unlike previous ones, our FHE scheme is effective and simple enough for practical applications. Our FHE essentially exploits mathematical body of matrix polynomials which are matrix equations of a particular form. This makes the scheme both faster and (we believe) easier to understand than ancestors. Also, the paper gives the formal definitions of new framework for secure cloud computing -- the primitive of compact symmetric fully homomorphic encryption scheme whose security relies on the difficulty of some NP-complete problem. We consider organization and infrastructure of secure cloud computations using such symmetric fully homomorphic encryption. Construction of the proposed encryption scheme introduces a new hardness assumption. Some basic ideas explain the security of such FHE against known plaintext attacks. We give theoretical evaluation of schemes overhead (both in time and size). The paper provides experimental investigation on fully homomorphic encryption of our type. Our implementation uses NTL library by Victor Shoup, and we present a real life efficiency of the encryption scheme.

Development of a secure cluster-based wireless sensor network model

In this paper we consider a clustering wireless sensor network which needs to be protected. The main aim of this article is development of a secure clustering wireless sensor network model with built-in detection and counteraction mechanisms against malicious impacts (attacks). Trust level calculation algorithm and cluster head (CH) election algorithm are introduced and secure clustering WSN model is described.

The method of the information security risk assessment in cloud computing systems

In this article the possibility of calculation of information security risks in cloud computing system is considered. The fuzzy cognitive maps and artificial neural network are used for a solution of this problem.

Corporate networks security evaluation based on attack graphs

Using attack graphs for the security analysis allows to consider the relationship of individual components and their security parameters. It gives more accurate data to assess the security of the system as a whole comparing with investigation of security properties of the individual nodes. This paper describes the calculation of attack graph, analyze the results and evaluate the effectiveness of existing countermeasures. The model allows dynamic routing, filtering on any network object, NAT. States in attack graph are detailed to confidentiality, integrity, availability triad. In constructing the attack graph takes into account both local and network vulnerability. The results of experimental evaluation of system performance presented. For the analysis of 10000 simulated hosts took an average time of about 100 seconds. The number of access control rules (from 500 to 4000 per simulated subnet) were chosen so that the maximum number of filtering rules for devices were about 1,000.

Automated method for constructing of network traffic filtering rules

This article is devoted to topical issues of constructing and assessing the quality of the network traffic filtering rules. The main problems of constructing rules are considered and automated method for constructing rules proposed. In the presented method the LAN model, the method of developing rules of differentiation of access between nodes in the model, methods and algorithms for calculation and optimization of filtering rules for a given different levels of access are defined.

Analysis of ways to secure group control for autonomous mobile robots

The aim of this paper is to analyze the ways of providing security for mobile robots groups control (MRGC) and to develop a security protocol for MRGC under limited computational and power resources away from the controlled area. The solution for this problem assumes features of group control systems and robot systems from the security point of view. The main problem connected with the development of a security system for mobile robots is the distinction of this type of the network from other networks. This demands the development of special methods and approaches that should take many specific factors such as limitations of computational resources and power into account. The proposed solution for MRGC is based on the use of trust concept for finding the validity of nodes and finding targets. In contrast to the existing approaches, this protocol uses several parameters to evaluate the trust that allows to expand the range of repelled attacks.

Trust management system for mobile cluster-based wireless sensor network

In this paper we consider a clustering wireless sensor network which needs to be protected. The main aim of this article is development of a secure clustering wireless sensor network model with built-in detection and counteraction mechanisms against malicious impacts (attacks). We develop trust management system (TMS), based on analyzing following parameters: residual energy level, send/received/forwarding data, control, routing packets, packets integrity, availability based on beacons, changing the address of the packet. System is efficient in preventing attacks and consumes less energy than analogs.

Deploying virtualization technology for verification of a network security

This article discusses the issue of increasing the security of computer networks based on the constant verification of the level of information security. Simulation of the network, based on accurate data derived from the security audit, allows for constant monitoring of the level of network security. Using hardware virtualization to build models to avoid the restrictions of the programming model and apply the full range of information resources impacts for verification of security level is proposed.

A model of a secure electronic voting system based on blind intermediaries using russian cryptographic algorithms

Information technology is being increasingly introduced into our lives. Most areas of human activity are widely associated with information technology, and electronic voting is no exception. At the moment, there are a number of ready-made solutions, but all of them are not sufficiently safe and open, and most importantly most of them are produced outside the Russian Federation. In such strategically important areas as e-government, in particular electronic elections, it is necessary to be completely confident in the algorithms, principles and systems used. The issue is raised about creating a secure and trustworthy system, and most importantly, an open one and implemented using standardized cryptographic algorithms of the Russian Federation. A model of the system is proposed based on the principle of blind intermediaries developed by the authors and using cryptographic algorithms such as the symmetric cipher GOST R 34.12-2015 (Kuznyechik), hash function GOST R 34.11-2012 (Stribog). The system model proposed by the authors is characterized by a comprehensive approach to electronic voting, namely detailing decisions at all stages of voting. The basic techniques for correct and safe conduct of electronic voting are described, such as the security of transmitted confidential data, the distribution of secret keys, the authentication of the parties, the verification of the transmitted data for integrity, the time control of the transmitted data. It shows how these techniques are implemented. Based on the developed algorithms, a model of the electronic voting system was implemented in C# .Net Framework programming language consisting of a set of window interface applications that interact with each other via network. The efficiency of the developed system is shown. Areas of improvement of the system are noted.

A model of mandatory access for current database management systems

This work is devoted to development of a formal mandatory access model, which takes into account the structure and the features of current database management systems (DBMS). We introduce the requirements of correctness and completeness. Implementation of these requirements makes it possible to prevent side-channel attacks.