Catálogo de publicaciones - libros

This paper presented the smallest hardware architecture of the ARIA block cipher algorithm. A 128-bit data block was divided into eight 16-bit blocks to reduce the hardware size. The 16-bit architecture allowed two S-Boxes and 16-bit diffusion operation. We proposed a design for the substitution layer and the memory block. The proposed round key generator processed a 16-bit block of a 128-bit round key for three cycles. The proposed ARIA module with a 128-bit key comprised 6,076 equivalent gates using a 0.18-m CMOS standard cell library. It took 88 clock cycles to generate four initial values for a round key and 400 clock cycles to en/decrypt 128-bit block data. The power consumption of 16-bit ARIA was only 5.02 W at 100 kHz 1.8V.

A main obstacle in manufacturing the TWIRL device for realizing the sieving step of the Number Field Sieve is the sophisticated chip layout. Especially the logic for logging and recovering large prime factors found during sieving adds significantly to the layout complexity. We describe a device building on the Elliptic Curve Method (ECM) that for parameters of interest enables the replacement of the complete logging part in TWIRL by an off-wafer postprocessing. The postprocessing is done in real time, leaving the total sieving time basically unchanged.

The proposed device is an optimized ECM implementation building on curves chosen to cope with factor sizes as expected in the output of TWIRL. According to our preliminary analysis, for the relation collection step expected for a 1024-bit factorization our design is realizable with current fab technology at very moderate cost. The proposed ECM engine also finds the vast majority of the needed cofactor factorizations. In summary, we think the proposed device to enable a significant decrease of TWIRL’s layout complexity and therewith its cost.

The multi-stage coordinated attack (MSCA) bring many challenges to the security analysts due to their special temporal an spacial characteristics. This paper presents a two-sided model, Janus, to characterize and analyze the the behavior of attacker and defender in MSCA. Their behavior is firstly formulated as Multi-agent Partially Observable Markov Decision Process (MPO-MDP), an ANTS algorithm is then developed from the perspective of attacker to approximately search attack schemes with the minimum cost, and another backward searching algorithm APD-BS is designed from the defender’s standpoint to seek the pivots of attack schemes in order to effectively countermine them by removing those key observations associated with the system state estimates. Two case studies are conducted to show the application of our models and algorithms to practical scenarios, some preliminary analysis are also given to validate their performance and advantages.

Two major challenges regarding peer’s trust valuation in P2P systems are how to cope with strategically altering behaviors and dishonest feedbacks of malicious peers efficiently. However, the trust models employed by the existing systems do not provide adequate support to coping with quick changes in peers’ behavior and aggregating feedback information, then we present a time-frame based trust model. We incorporate time dimension using time-frame, which captures direct experiences and recommendations’ time-sensitivity, we also introduce four trust parameters in computing trustworthiness of peers, namely, trust construction factor, trust destruction factor, supervision period factor and feedback credibility. Together, these parameters are adjusted in time using feedback control mechanism, thus, trust valuation can reflect the dynamics of the trust environment. Theoretical analysis and simulation show that, our trust model has advantages in modeling dynamic trust relationship and aggregating feedback information over the existing trust metrics. It is highly effective in countering malicious peers regarding strategic altering behavior and dishonest feedbacks of malicious peers.

Controlling access to resources in location-based services and mobile applications require the definition of spatially aware access control systems. However, traditional RBAC model does not specify these requirements. In this paper, we present an extension of the RBAC model to deal with spatial and location-based information, which called LRBAC. In LRBAC, the final permission set of a user depends on the physical location in which a user is situated. The ability to specify the spatial boundary of the role allows LRBAC to be flexible and express a variety of access policies that can provide tight and just-in-time role activation. Besides a real position obtained from a specific mobile terminal, users are also assigned a logical location domain that is application dependent. Then, we extend LRBAC to deal with hierarchies and present how complex spatial role hierarchies in the location-dependent case can be generated by applying Cartesian products as an arithmetic operation over role hierarchies and logical location domain hierarchies.

This paper proposes a scheme capable of effectively detecting a malicious node that normally operates during determination of a route over a mobile ad-hoc network (MANET) but modifies or drops data during data transmission or reports wrong information regarding a normal node, using a report message and a report table that list reporter nodes and suspect nodes. In the existing schemes, a malicious node that provides wrong information can be easily identified but cannot be removed from a network. To solve this problem, the proposed scheme determines a suspect node as a malicious node when more than lists of reporter nodes and suspect nodes are recorded in the report table in case where malicious nodes are over the network. The proposed scheme is applicable to both DSR and AODV routing.

With mobile RFID technology, handheld portable devices like mobile phones and PDAs, also behave as RFID readers and RFID tags. As RFID readers, mobile phones provide an user-friendly approach to quickly and efficiently scan, access and view information about RFID tagged items. As RFID tags, mobile phones can quickly identify themselves in order to communicate with other tagged devices, which provide essential services. At the outset this paper briefly describes Mobile RFID technology and compare it with conventional RFID technology. We pioneer in categorizing Mobile RFID applications into three distinct zones, namely: Location-based Services (LBS) Zone, Enterprise Zone, and Private Zone. We describe application scenarios related to these zones and highlight various security and privacy threats. Finally, we propose a security architecture for LBS zone and describe our future work.

The Computer Forensics is a research area that finds the malicious users by collecting and analyzing the intrusion or infringement evidence of computer crimes such as hacking. Many researches about Computer Forensics have been done so far. But those researches have focused on how to collect the forensic evidence for both analysis and proofs after receiving the intrusion or infringement reports of hosts from computer users or network administrators. In this paper, we describe how to selectively collect the forensic evidence of good quality from observable and protective hosts at the time of infringement occurrence by malicious users. By correlating the event logs of Intrusion Detection Systems(IDSes) and hosts with the configuration information of hosts periodically, we calculate the value of infringement severity that implies the real infringement possibility of the hosts. Based on this severity value, we selectively collect the evidence for proofs at the time of infringement occurrence. As a result, we show that we can minimize the information damage of the evidence for both analysis and proofs, and reduce the amount of data which are used to analyze the degree of infringement severity.

A novel copy protection scheme for optical disks is proposed. Three error mechanisms – error insertion, error correction and error propagation – are included in the proposed scheme, which lead to a sharp cutoff in the detection probability of an encryption key. This cutoff behavior could be employed to effectively prevent bit-by-bit copying of optical disks. The proposed scheme can be easily implemented in common players, being a simple and effective copy protection technique.

The purpose of digital rights management (DRM) is to protect the copyrights of content providers and to enable only designated user to access digital contents. For a user to share the contents among all his devices in the home network, several domain-based approaches that group multiple devices into a domain have been proposed. In these approaches, however, each device in a domain has equivalent rights on all contents although certain contents require an access control between the devices. In this paper, a new DRM system for home networks is presented. This system enables access control on the contents by a right delegation strategy with proxy certificates. Moreover, it also provides additional functionalities, including restricted sharing and temporal sharing of contents, which are necessary for ordinary scenarios in home networks.