Tweakable Ciphers: Constructions and Applications

Terashima, Robert Seth

07 August 2015

Tweakable ciphers are a building block used to construct a variety of cryptographic algorithms. Typically, one proves (via a reduction) that a tweakable-cipher-based algorithm is about as secure as the underlying tweakable cipher. Hence improving the security or performance of tweakable ciphers immediately provides corresponding benefits to the wide array of cryptographic algorithms that employ them. We introduce new tweakable ciphers, some of which have better security and others of which have better performance than previous designs. Moreover, we demonstrate that tweakable ciphers can be used directly (as opposed to as a building block) to provide authenticated encryption with associated data in a way that (1) is robust against common misuses and (2) can, in some cases, result in significantly shorter ciphertexts than other approaches.

Cryptography -- Mathematics

Computer security

Computer systems -- Access control

Data encryption (Computer science)

Computer Sciences

Theory and Algorithms

Performing under overload

Macpherson, Luke, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2007

This dissertation argues that admission control should be applied as early as possible within a system. To that end, this dissertation examines the benefits and trade-offs involved in applying admission control to a networked computer system at the level of the network interface hardware. Admission control has traditionally been applied in software, after significant resources have already been expended on processing a request. This design decision leads to systems whose algorithmic cost is a function of the load applied to the system, rather than the load admitted to the system. By performing admission control at the network interface, it is possible to develop systems whose algorithmic cost is a function of load admitted to the system, rather than load applied to the system. Such systems are able to deal with excessive applied loads without exhibiting performance degradation. This dissertation first examines existing admission control approaches, focussing on the cost of admission control within those systems. It then goes on to develop a model of system behaviour under overload, and the impact of admission control on that behaviour. A new class of admission control mechanisms which are able to perform load rejection using the network interface hardware are then described, along with a prototype implementation using commodity hardware. A prototype implementation in the FreeBSD operating system is evaluated for a variety of network protocols and performance is compared to the standard FreeBSD implementation. Performance and scalability under overload is significantly improved.

Computer systems -- Access control.

Network overload.

Network interface.

Admission control.

Load rejection.

Load factor design.

Performing under overload

Macpherson, Luke, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2007

This dissertation argues that admission control should be applied as early as possible within a system. To that end, this dissertation examines the benefits and trade-offs involved in applying admission control to a networked computer system at the level of the network interface hardware. Admission control has traditionally been applied in software, after significant resources have already been expended on processing a request. This design decision leads to systems whose algorithmic cost is a function of the load applied to the system, rather than the load admitted to the system. By performing admission control at the network interface, it is possible to develop systems whose algorithmic cost is a function of load admitted to the system, rather than load applied to the system. Such systems are able to deal with excessive applied loads without exhibiting performance degradation. This dissertation first examines existing admission control approaches, focussing on the cost of admission control within those systems. It then goes on to develop a model of system behaviour under overload, and the impact of admission control on that behaviour. A new class of admission control mechanisms which are able to perform load rejection using the network interface hardware are then described, along with a prototype implementation using commodity hardware. A prototype implementation in the FreeBSD operating system is evaluated for a variety of network protocols and performance is compared to the standard FreeBSD implementation. Performance and scalability under overload is significantly improved.

Computer systems -- Access control.

Network overload.

Network interface.

Admission control.

Load rejection.

Load factor design.