Codes, Cryptology, and Information Security

The laws of quantum physics allow the design of cryptographic protocols for which the security is based on physical principles. The main cryptographic quantum protocols are key distribution schemes, in which two parties generate a shared random secret string. The privacy of the key can be checked using Bell inequalities. However, the Bell inequalities initial purpose was a fundamental one, as they showed how quantum rules are incompatible with our intuition of reality. This paper begins with an introduction about quantum information theory, Bell inequalities, quantum cryptography. Then it presents the use of qudits for Bell inequalities and cryptography. Securing the Web of Things with Role-Based Access Control Ezedine Barka, Sujith Samuel Mathew, and Yacine Atif College of IT, UAE University, Al Ain, UAE ebarka@uaeu.ac.ae Abstract. Real-world things are increasingly becoming fully qualified members of the Web. From, pacemakers and medical records to children’s toys and sneakers, things are connected over the Web and publish information that is available for the whole world to see. It is crucial that there is secure access to this Web of Things (WoT) and to the related information published by things on the Web. In this paper, we introduce an architecture that encompasses Web-enabled things in a secure and scalable manner. Our architecture utilizes the features of the wellknown role-based access control (RBAC) to specify the access control policies to the WoT, and we use cryptographic keys to enforce such policies. This approach enables prescribers to WoT services to control who can access what things and how access can continue or should terminate, thereby enabling privacy and security of large amount of data that these things are poised to flood the future Web with. Real-world things are increasingly becoming fully qualified members of the Web. From, pacemakers and medical records to children’s toys and sneakers, things are connected over the Web and publish information that is available for the whole world to see. It is crucial that there is secure access to this Web of Things (WoT) and to the related information published by things on the Web. In this paper, we introduce an architecture that encompasses Web-enabled things in a secure and scalable manner. Our architecture utilizes the features of the wellknown role-based access control (RBAC) to specify the access control policies to the WoT, and we use cryptographic keys to enforce such policies. This approach enables prescribers to WoT services to control who can access what things and how access can continue or should terminate, thereby enabling privacy and security of large amount of data that these things are poised to flood the future Web with. On the Security of Long-Lived Archiving Systems Based on the Evidence Record Syntax Matthias Geihs, Denise Demirel, and Johannes Buchmann Technische Universität Darmstadt, University in Darmstadt, Germany mgeihs@cdc.informatik.tu-darmstadt.de Abstract. The amount of security critical data that is only available in digital form is increasing constantly. The Evidence Record Syntax Specification (ERS) achieves very efficiently important security goals: integrity, authenticity, datedness, and non-repudiation. This paper supports the trustworthiness of ERS by proving ERS secure. This is done in a model presented by Canetti et al. that these authors used to establish the long-term security of the Content Integrity Service (CIS). CIS achieves the same goals as ERS but is much less efficient. We also discuss the model of Canetti et al. and propose new directions of research. The amount of security critical data that is only available in digital form is increasing constantly. The Evidence Record Syntax Specification (ERS) achieves very efficiently important security goals: integrity, authenticity, datedness, and non-repudiation. This paper supports the trustworthiness of ERS by proving ERS secure. This is done in a model presented by Canetti et al. that these authors used to establish the long-term security of the Content Integrity Service (CIS). CIS achieves the same goals as ERS but is much less efficient. We also discuss the model of Canetti et al. and propose new directions of research. Differential Attacks Against SPN: A Thorough Analysis Anne Canteaut and Joëlle Roué Inria, project-team SECRET, Rocquencourt, France {Anne.Canteaut,Joelle.Roue}@inria.fr Abstract. This work aims at determining when the two-round maximum expected differential probability in an SPN with an MDS diffusion layer is achieved by a differential having the fewest possible active Sboxes. This question arises from the fact that minimum-weight differentials include the best differentials for the AES and several variants. However, we exhibit some SPN for which the tworound MEDP is achieved by some differentials involving a number of active Sboxes which exceeds the branch number of the linear layer. On the other hand, we also prove that, for some particular families of Sboxes, the two-round MEDP is always achieved for minimum-weight differentials. This work aims at determining when the two-round maximum expected differential probability in an SPN with an MDS diffusion layer is achieved by a differential having the fewest possible active Sboxes. This question arises from the fact that minimum-weight differentials include the best differentials for the AES and several variants. However, we exhibit some SPN for which the tworound MEDP is achieved by some differentials involving a number of active Sboxes which exceeds the branch number of the linear layer. On the other hand, we also prove that, for some particular families of Sboxes, the two-round MEDP is always achieved for minimum-weight differentials. On the Properties of Vectorial Functions with Plateaued Components and Their Consequences on APN Functions

[1]  Nadia Tawbi,et al.  Extending the enforcement power of truncation monitors using static analysis , 2011, Comput. Secur..

[2]  Amin Shokrollahi,et al.  Cryptanalysis of the Sidelnikov Cryptosystem , 2007, EUROCRYPT.

[3]  Jos C. M. Baeten,et al.  A brief history of process algebra , 2005, Theor. Comput. Sci..

[4]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[5]  Paulo S. L. M. Barreto,et al.  Compact McEliece Keys from Goppa Codes , 2009, IACR Cryptol. ePrint Arch..

[6]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[7]  Hamido Fujita,et al.  Enforcing Security Policies Using Algebraic Approach , 2008, SoMeT.

[8]  Kamel Adi,et al.  Using Edit Automata for Rewriting-Based Security Enforcement , 2009, DBSec.

[9]  G. Sohn,et al.  Fault Attack on a Point Blinding Countermeasure of Pairing Algorithms , 2011 .

[10]  Christian Wieschebrink,et al.  Two NP-complete Problems in Coding Theory with an Application in Code Based Cryptography , 2006, 2006 IEEE International Symposium on Information Theory.

[11]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[12]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[13]  Christian Wieschebrink Cryptanalysis of the Niederreiter Public Key Scheme Based on GRS Subcodes , 2010, PQCrypto.

[14]  Michael Scott,et al.  Implementing Cryptographic Pairings on Smartcards , 2006, CHES.

[15]  Mohamed Mejri,et al.  FASER (Formal and Automatic Security Enforcement by Rewriting) by BPA algebra with test , 2013, Int. J. Grid Util. Comput..

[16]  A. Acín,et al.  Secure device-independent quantum key distribution with causally independent measurement devices. , 2010, Nature communications.

[17]  V. Sidelnikov,et al.  On insecurity of cryptosystems based on generalized Reed-Solomon codes , 1992 .

[18]  Marek Żukowski,et al.  Realizable higher-dimensional two-particle entanglements via multiport beam splitters , 1997 .

[19]  Michael Scott,et al.  On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves , 2009, Pairing.

[20]  Elena Trichina,et al.  Multi Fault Laser Attacks on Protected CRT-RSA , 2010, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[21]  Michael Scott,et al.  Computing the Tate Pairing , 2005, CT-RSA.

[22]  Jean-Louis Lanet,et al.  A Friendly Framework for Hidding fault enabled virus for Java Based Smartcard , 2012, DBSec.

[23]  Angelos Stavrou,et al.  Analysis of Android Applications' Permissions , 2012, 2012 IEEE Sixth International Conference on Software Security and Reliability Companion.

[24]  M. Wolf,et al.  All-multipartite Bell-correlation inequalities for two dichotomic observables per site , 2001, quant-ph/0102024.

[25]  Frederik Vercauteren,et al.  Optimal Pairings , 2010, IEEE Transactions on Information Theory.

[26]  M. Żukowski,et al.  Bell's theorem for general N-qubit states. , 2001, Physical review letters.

[27]  V. Sidelnikov,et al.  A public-key cryptosystem based on binary Reed-Muller codes , 1994 .

[28]  Mahjoub Langar,et al.  Formal enforcement of security policies on concurrent systems , 2011, J. Symb. Comput..

[29]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[30]  Nadia Tawbi,et al.  Corrective Enforcement of Security Policies , 2010, Formal Aspects in Security and Trust.