We describe a software-efficient encryption algorithm named SEAL 3.0. Computational cost on a modern 32-bit processor is about 4 clock cycles per byte of text. The cipher is a pseudorandom function family: under control of a key (first pre-processed into an internal table) it stretches a 32-bit position index into a long, pseudorandom string. This string

We relax the assumption of a synchronous distributedsystem in our Asynchronous Extrema Finding Algorithm (AEFA) and also allow the topology to change during theelection process. In AEFA, nodes can start the process of election at different times, but eventually after topologicalchanges stop long enough for the algorithm to terminate, all nodes agree on a unique leader. Our algorithm has beenproven to be "weakly " self-stabilizing.

This report proposes a security model designed to support cooperative tasks in which the security of the information used and produced is critical, and where the participants in a task are not equally trusted. This approach will support a range of security policies, including those in which the rights of participants in cooperative tasks are restricted to just those that they need in order to perform their roles - so-called `minimum privilege' policies. The model is designed to be implemented in a variety of distributed system environments, assuming a minimum of trusted system components. We describe an approach to the implementation of the security model in the context of a shared distributed object system and we outline an implementation architecture for an open distributed security system that will allow several security models to coexist in a single distributed system. The model has two levels at which access control is represented -- user level and programming level. Security poli...

Cryptographic processing is a critical component of secure networked computing systems. The protection offered by cryptographic processing, however, greatly depends on the methods employed to manage, store, and exercise a user’s cryptographic keys. In general, software-only key management schemes contain numerous security weaknesses. Thus, many systems protect keys with distributed protocols or supplementary hardware devices, such as smart cards and cryptographic coprocessors. However, these key protection mechanisms suffer from combinations of user inconvenience, inflexibility, performance penalties, and high cost. In this paper, we propose architectural enhancements for general-purpose processors that protect core secrets by facilitating virtual secure coprocessing (VSCoP). We describe modest hardware modifications and a trusted software library that allow common computing devices to perform flexible, high-performance, and protected cryptographic computation. The hardware additions include a small key store in the processor, encryption engines at the cache-memory interface, a few new instructions, and minor hardware platform modifications. With these enhancements, users can store, transport, and employ their secret keys to safely complete cryptographic operations in the presence of insecure software. In addition, we provide a foundation with which users can more securely access their secret keys on any Internetconnected computing device (that supports VSCoP) without requiring auxiliary hardware such as smart cards. 1.

Currently, state of the art peer-to-peer (P2P) lookup mechanisms actively create and manage a peer application layer overlay network to achieve scalability and efficiency. The proposed mechanism AGILE (Adaptive, Group-of-Interest-based Lookup Engine) extends this management approach, adapting the overlay network such as to bring requesting peers and desired lookup items close together, reducing the number of hops and, thus, latency as well as bandwidth requirements for a lookup. At the same time, AGILE introduces mechanisms to build a fair system.

Privacy enhanced electronic mail is a set of protocols which provide confidentiality, authenticity, and integrity for electronic mail. A version of these protocols was released in August 1989, and revised two years later. Since then, several other changes were made to the protocols, many of them minor, but some major. This note describes these changes. 1.

Certification is a common mechanism for authentic public key distribution. In order to obtain a public key, verifiers need to extract a certificate path from a network of certificates, which is called Public Key Infrastructure (PKI), and verify the certificates on this path recursively. This is the classical methodology. Nested certification is a novel methodology for efficient certificate path verification. Basic idea is to issue special certificates – called nested certificates – for other certificates. Nested certificates can be used together with classical certificates in Public Key Infrastructures (PKIs). Such a PKI, which is called Nested certificate based PKI (NPKI), is proposed in this paper as an alternative to classical PKI. The concept of “certificates for other certificates ” results in nested certificate paths in which the first certificate is verified cryptographically while others are verified by just fast hash computations. Thus, we can employ efficiently verifiable nested certificate paths instead of classical certificate paths. NPKI is a dynamic system and involves several authorities in order to add a new user to the system. This uses the authorities ’ idle time to the benefit of the verifiers. We formulate the trade-off between the nested certification overhead and the time improvement on certificate path verification. This trade-off is numerically analyzed for a 4-level 20-ary balanced tree-shaped PKI and it has been shown that the extra cost of nested certification is in acceptable limits in order to generate quickly verifiable certificate paths for certain applications. Moreover, PKI-to-NPKI transition preserves the existing

evaluation of CATS, a toolkit for indexed state storage for network services. CATS is based on a new implementation of a persistent authenticated dictionary, which integrates signed action records and cryptographic state digests into an index. This storage abstraction enables a CATS-based network service to certify its operations: any client with sufficient knowledge of the service semantics can verify that it behaves consistently and correctly. CATS is a fundamental building block for accountable network systems that can detect, isolate, and prove misbehavior or tampering.