Quantum Cryptography in Rreal-life Applications: Assumptions and Security

Zhao, Yi

03 March 2010

Quantum cryptography, or quantum key distribution (QKD), provides a means of unconditionally secure communication. The security is in principle based on the fundamental laws of physics. Security proofs show that if quantum cryptography is appropriately implemented, even the most powerful eavesdropper cannot decrypt the message from a cipher. The implementations of quantum crypto-systems in real life may not fully comply with the assumptions made in the security proofs. Such discrepancy between the experiment and the theory can be fatal to the security of a QKD system. In this thesis we address a number of these discrepancies. A perfect single-photon source is often assumed in many security proofs. However, a weak coherent source is widely used in a real-life QKD implementation. Decoy state protocols have been proposed as a novel approach to dramatically improve the performance of a weak coherent source based QKD implementation without jeopardizing its security. Here, we present the first experimental demonstrations of decoy state protocols. Our experimental scheme was later adopted by most decoy state QKD implementations. In the security proof of decoy state protocols as well as many other QKD protocols, it is widely assumed that a sender generates a phase-randomized coherent state. This assumption has been enforced in few implementations. We close this gap in two steps: First, we implement and verify the phase randomization experimentally; second, we prove the security of a QKD implementation without the coherent state assumption. In many security proofs of QKD, it is assumed that all the detectors on the receiver's side have identical detection efficiencies. We show experimentally that this assumption may be violated in a commercial QKD implementation due to an eavesdropper's malicious manipulation. Moreover, we show that the eavesdropper can learn part of the final key shared by the legitimate users as a consequence of this violation of the assumptions.

quantum information

quantum optics

quantum cryptography

communication security

0752

0544

Quantum Cryptography in Rreal-life Applications: Assumptions and Security

Zhao, Yi

03 March 2010

Quantum cryptography, or quantum key distribution (QKD), provides a means of unconditionally secure communication. The security is in principle based on the fundamental laws of physics. Security proofs show that if quantum cryptography is appropriately implemented, even the most powerful eavesdropper cannot decrypt the message from a cipher. The implementations of quantum crypto-systems in real life may not fully comply with the assumptions made in the security proofs. Such discrepancy between the experiment and the theory can be fatal to the security of a QKD system. In this thesis we address a number of these discrepancies. A perfect single-photon source is often assumed in many security proofs. However, a weak coherent source is widely used in a real-life QKD implementation. Decoy state protocols have been proposed as a novel approach to dramatically improve the performance of a weak coherent source based QKD implementation without jeopardizing its security. Here, we present the first experimental demonstrations of decoy state protocols. Our experimental scheme was later adopted by most decoy state QKD implementations. In the security proof of decoy state protocols as well as many other QKD protocols, it is widely assumed that a sender generates a phase-randomized coherent state. This assumption has been enforced in few implementations. We close this gap in two steps: First, we implement and verify the phase randomization experimentally; second, we prove the security of a QKD implementation without the coherent state assumption. In many security proofs of QKD, it is assumed that all the detectors on the receiver's side have identical detection efficiencies. We show experimentally that this assumption may be violated in a commercial QKD implementation due to an eavesdropper's malicious manipulation. Moreover, we show that the eavesdropper can learn part of the final key shared by the legitimate users as a consequence of this violation of the assumptions.

quantum information

quantum optics

quantum cryptography

communication security

0752

0544

Security in next generation air traffic communication networks

Strohmeier, Martin

January 2016

A multitude of wireless technologies are used by air traffic communication systems during different flight phases. From a conceptual perspective, all of them are insecure as security was never part of their design and the evolution of wireless security in aviation did not keep up with the state of the art. Recent contributions from academic and hacking communities have exploited this inherent vulnerability and demonstrated attacks on some of these technologies. However, these inputs revealed that a large discrepancy between the security perspective and the point of view of the aviation community exists. In this thesis, we aim to bridge this gap and combine wireless security knowledge with the perspective of aviation professionals to improve the safety of air traffic communication networks. To achieve this, we develop a comprehensive new threat model and analyse potential vulnerabilities, attacks, and countermeasures. Since not all of the required aviation knowledge is codified in academic publications, we examine the relevant aviation standards and also survey 242 international aviation experts. Besides extracting their domain knowledge, we analyse the awareness of the aviation community concerning the security of their wireless systems and collect expert opinions on the potential impact of concrete attack scenarios using insecure technologies. Based on our analysis, we propose countermeasures to secure air traffic communication that work transparently alongside existing technologies. We discuss, implement, and evaluate three different approaches based on physical and data link layer information obtained from live aircraft. We show that our countermeasures are able to defend against the injection of false data into air traffic control systems and can significantly and immediately improve the security of air traffic communication networks under the existing real-world constraints. Finally, we analyse the privacy consequences of open air traffic control protocols. We examine sensitive aircraft movements to detect large-scale events in the real world and illustrate the futility of current attempts to maintain privacy for aircraft owners.

004

Porting the MIRO Middleware to a Mobile Robot Platform

Krüger, Daniel

06 September 2005

Mobile autonomous robotics in outdoor areas is a challenging task. This domain combines many fields like computer science and electrical engineering. This diploma thesis will show how Miro (Middleware for Robots) has been ported to a new mobile robot platform developed at the Institute for Automation at Chemnitz University of Technology. Additionally, security aspects will be covered, that arise because CORBA is used as middleware, which is an open standard and by default implements no communication security between server and client. Three approaches to solve this problem will be discussed.

CORBA

Communication Security

ddc:004

Autonomer Roboter

Middleware

Mobiler Roboter

Roboter

Porting the MIRO Middleware to a Mobile Robot Platform

Krüger, Daniel

01 August 2005

Mobile autonomous robotics in outdoor areas is a challenging task. This domain combines many fields like computer science and electrical engineering. This diploma thesis will show how Miro (Middleware for Robots) has been ported to a new mobile robot platform developed at the Institute for Automation at Chemnitz University of Technology. Additionally, security aspects will be covered, that arise because CORBA is used as middleware, which is an open standard and by default implements no communication security between server and client. Three approaches to solve this problem will be discussed.

info:eu-repo/classification/ddc/004

ddc:004

Autonomer Roboter

Middleware

Mobiler Roboter

Roboter

CORBA

Communication Security

Design And Implementation Of An Unauthorized Internet Access Blocking System Validating The Source Information In Internet Access Logs

Uzunay, Yusuf

01 September 2006

Internet Access logs in a local area network are the most prominent records when the source of an Internet event is traced back. Especially in a case where an illegal activity having originated from your local area network is of concern, it is highly desirable to provide healthy records to the court including the source user and machine identity of the log record in question. To establish the validity of user and machine identity in the log records is known as source authentication. In our study, after the problem of source authentication in each layer is discussed in detail, we argue that the only way to establish a secure source authentication is to implement a system model that unifies low level and upper level defense mechanisms. Hence, in this thesis we propose an Unauthorized Internet Access Blocking System validating the Source Information in Internet Access Logs. The first version of our proposed system, UNIDES, is a proxy based system incorporating advanced switches and mostly deals with the low level source authentication problems. In the second version, we extend our system with SIACS which is an Internet access control system that deals with the user level source authentication problems. By supplementing the classical username-password authentication mechanism with SSL client authentication, SIACS integrates a robust user level authentication scheme into the proposed solution.

TA Systems Engineering 168

A data protection methodology to preserve critical information from the possible threat of information loss

Schwartzel, Taryn

03 October 2011

M.Tech. / Information is a company’s greatest asset that is continually under threat from human error, technological failure, natural disasters and other external factors. These threats need to be identified and quantified and their relevant protection techniques need to be deployed. This research will allow businesses to ascertain which of these data protection strategies to embrace and deploy, thereby highlighting the balance between cost and value for their business needs. Every commercial enterprise should understand the business value of their data and realise that protecting this data is of utmost importance. However, company data often resides on different mediums, in different locations and implementing a data protection strategy is not always cost effective in terms of the cost of storage mediums and protection methods. The challenges that businesses face is trying to distinguish between mission-critical data from other business data, excluding any non-business or invaluable data that resides on their systems. Thus a cost-effective data protection strategy can be implemented according to the different values of business data. This research provides a model to enable an organisation to: · Utilise the model as a framework or guideline in determining a strategy for protection, storage, retrieval and preservation of business critical data. · Define the data protection strategy to meet the organisation’s business requirements. · Define a cost effective data protection solution that encompasses protection, storage, retrieval and preservation of business critical data. · Make strategic decisions based on an array of best practices to ensure mission-critical data is protected accordingly. iii · Draw a conclusion between the costs of implementing these solutions against the real business value of the data that it protects.

Data protection

Computer security management

Electronic commerce - Security measures

Information protection in the digital banking environment

Redlinghuis, André Jacques

01 August 2012

M.A. / The evolution of the Internet has led to the establishment of various value-adding products and services such as Internet banking (IB). Internet banking has changed the formal banking landscape forever. Some may argue that Internet banking has positively affected the lives of many, through providing services in a more convenient, efficient and effective manner, 365 days a year. However, the growth of the Internet has lead to the increase of various Information Technology (IT) problems and challenges. Today, individuals and organisations are faced with an increasing number of attacks via computer and Internet viruses, phishing scams and Internet hackers. Individuals and organisations must place greater emphasis on ensuring that their financial well-being is protected. The investment in adequate software and hardware has become critical to conduct financial transactions securely via the Internet. The level of security awareness should also be increased and established at various levels through comprehensive educational programmes. Extensive Internet banking awareness campaigns have been launched, but the level to which these campaigns are successful is uncertain. The main focus of this dissertation is to understand Internet banking customers’ perceptions on information protection when using Internet banking services and products, as various factors influence the perceptions of trust with regards to Internet banking. Trust is formed through a variety of factors from the influence of others on our own beliefs and values, to the experiences gained by using specific technology or processes over a particular period of time. An in-depth literature review forms the basic framework for the dissertation and is followed by an empirical component. The main goal of the literature review is to provide a solid theoretical framework and basis from which to conduct the empirical research. Chapters 2 to 4 delve into the evolution and development of the Internet and provide a perspective on the South African banking landscape. The various challenges the Internet banking domain is faced with, is explored, and the various opportunities that exist are extensively discussed. Trust, the major factor influencing the adoption of Internet banking services and products, is explored, and the factors that shape and diminish trust are discussed. The empirical study consisted of a close-ended questionnaire that was completed by a sample of University of Johannesburg (UJ) alumni. The study included 138 individuals who completed the close-ended questionnaire and the results were analysed by Statistical Consultation Services (StatCon), a statistical research unit within UJ. The results indicate that more should be done to ensure that individuals and businesses are well-versed on issues pertaining to Internet banking security and safety. The results further highlight that the quality of most of the individuals’ relationships with their formal bank branch diminished due to Internet banking. An interesting finding was that 80.7% of the respondents indicated that they would make use of Internet banking services and products, even though they are aware of fraudulent activities that take place via this Internet medium. The research findings provide financial institutions with valuable guidelines on how to plan and implement effective and efficient Internet banking education and awareness strategies.

Internet banking - Security measures

Banks and banking - Security measures

Přístupová a komunikační bezpečnost v informačních systémech SAP / Access and communication security in SAP information systems

Karkošková, Soňa

January 2012

This diploma thesis deals with the methods used to ensure access and communication security in large-scale SAP information systems. It deals with the analysis of existing methods, compares them, and identifies how the methods are usable in the operation of large-scale SAP information systems, as well as it identifies methods that fail in this environment. Justification of methods usability is carried out. Attention is focused on the use and implementation of single sign-on safe authentication methods, secure sharing of user identity and secure communication within the framework of a large-scale SAP information system. In this thesis is carried out a design proposal of the architecture in order to ensure access and communication security in SAP information systems using the LDAP service, SNC Kerberos and single sign-on authentication. In the practical example is documented the detailed technical implementation of this architecture. Furthermore, this thesis deals with the specifics which exist especially in large-scale SAP information systems in the area of access and communication security and documents the appropriate ways to address them.

Databáze specifikací bezpečnostních protokolů / Specifications Database of Security Protocols

Ondráček, David

January 2008

Original protocols, which were created during early development of computer networks, no longer provide sufficient security. This is the reason why new protocols are developed and implemented. The important component of this process is formal verification, which is used to analyze the developed protocols and check whether a successful attack is possible or not. This thesis presents selected security protocols and tools for their formal verification. Further, the selected protocols are specified in LySa calculus and results of their analysis using LySatool are presented and discussed.