Abstract. In the generalized group-oriented cryptosystem, the sender can send a conditional message to a group of users such that only the specified sets of users in this group can cooperate to decrypt this message. In this paper, we will use an ElGamal cryptosystem and an elliptic curve El-Gamal cryptosystem to achieve the purposes of generalization and group-orientation, respectively. Both of our schemes are more efficient than Tsai et al.’s scheme in terms of sender’s computational complexity. Key words: Diffie–Hellman scheme, ElGamal cryptosystem, elliptic curve cryptosystem, grouporiented cryptosystem.

Abstract. Recently, Tseng et al. proposed an improvement on Peyravian and Zunic’s protected password transmission scheme and protected changing scheme to remove some security flaws. However, as we will point out in this paper, any adversary can intercept the request for changing the password sent by a legal user and modify it with a wrong password. Furthermore, we shall also propose an improved version of their protected password changing scheme to help it out of the trouble. Key words: authentication, cryptography, discrete logarithm, password. 1.

Abstract. Stream database systems are designed to support the fast on-line processing that characterizes many new emerging applications such as sensor-based environments, on-line business processing and network monitoring. Data stream processing is a highly demanding environment where streams are usually infinite, bursty, and running at high arrival rates. Due to limited buffer storage or real-time constraints, data items may be dropped out of the system and lost for ever. In many applications, sensitive stream data needs to be secured against malicious attacks. Various security mechanisms have been well studied in literature. However, these mechanisms are not tuned to work in the lossy streaming environment. Stream security mechanisms are required to provide security services and to be fault-tolerant as well. In this paper we identify the security requirements for data stream systems, focusing on Nile, a prototype query processing engine for data streams developed at Purdue University. We first propose a security architecture for data stream systems, then focus on a particular service: data integrity and confidentiality. We present a new mechanism, FT-RC4, that provides data integrity and confidentiality. We demonstrate its practicality by implementing it inside our prototype data stream system and evaluating its performance. 1

In the present brutal competitive world, security is prime factor to transmit confidential data over the internet. Cryptographic algorithms play very important role in providing the data security against the various attacks. The specific characteristics of image, like high transmission rate with limited bandwidth, correlation among pixels, redundancy and requirement of high storage capacity makes traditional algorithms unsuitable for image encryption. To cross these boundaries for real time applications, design of new algorithms that require less computational power while preserving a sufficient level of security is always a big challenge for researchers. This paper proposes an algorithm based on block based image transformation using perfect shuffle operation followed by new encryption algorithm. In this paper we compare the generated results with available algorithms like AES, RC6 and BFS on the basis of two parameters entropy and correlation.

Normally computer users use a passphrase or a password to encrypt secret values in computer systems. In this case, to prevent the brute–force attack, the password should be long enough and difficult to guess. But, such kind of passwords are also difficult for the human beings to remember. In this paper, we propose a method for protecting secret keys. A secret key means secret value like the password or passphrase that is used as a key to other secret operations. Using our scheme, we can make the brute–force attack on the secret key difficult or almost impossible. 1

Most cryptographic algorithms function more efficiently when implemented in hardware than in software running on single processor. However, systems that use hardware implementations have significant drawbacks: they are unable to respond to flaws discovered in the implemented algorithm or to changes in standards. As an alternative, it is possible to implement cryptographic algorithms in software running on multiple processors. However, most of the cryptographic algorithms like DES (Data Encryption Standard) or 3DES have some drawbacks when implemented in software: DES is no longer secure as computers get more powerful while 3DES is relatively sluggish in software. AES (Advanced Encryption Standard), which is rapidly being adopted worldwide, provides a better combination of performance and enhanced network security than DES or 3DES by being computationally more efficient than these earlier standards. Furthermore, by supporting large key sizes of 128, 192, and 256 bits, AES offers higher security against brute-force attacks. In this thesis, AES has been implemented with single processor. Then the result has

this document is part of the workpackage 1 of the PEPITO project. This workpackage aims at defining formal models for aspects of distributed computation which are central for peer-to-peer systems. Transactions fall into this category and can help to design robust and fault-tolerant distributed programs. This final report contains our results concerning the axiomatization of the properties of transactions

This paper presents PATRIOT, an optimized, policydriven security architecture for protecting the confidentiality and integrity of audit log files on wireless devices. PATRIOT is based on a set of well-known cryptographic protocols and is designed to suit the limited nature of wireless devices. It offers a policy-driven, customizable security model and specifies a flexible, multi-level, and fine-grained encryption methodology that provides the suitable security strength without compromising performance. PATRIOT is designed in a platform-neutral manner and it can be deployed on a wide range of wireless devices and operating systems.

Security protocols, such as IPSec and SSL, are being increasingly deployed in the context of networked embedded systems. The resource-constrained nature of embedded systems and, in particular, the modest capabilities of embedded processors make it challenging to achieve satisfactory performance while executing security protocols. A promising approach for improving performance in embedded systems is to use application-specific instruction set processors that are designed based on configurable and extensible processors. In this work, we perform a comprehensive performance analysis of the IPSec protocol on a state-of-the-art configurable and extensible embedded processor (Xtensa from Tensilica, Inc.). We present performance profiles of a lightweight embedded IPSec implementation running on the Xtensa processor, and examine in detail the various factors that contribute to the processing latencies, including cryptographic and protocol processing. In order to improve the efficiency of IPSec processing on embedded devices, we then study the impact of customizing an embedded processor by synergistically (a) configuring architectural parameters, such as instruction and data cache sizes, processor-memory interface width, write buffers, etc., and (b) extending the base instruction set of the processor using custom instructions for both cryptographic and protocol processing. Our experimental results demonstrate that upto 6X speedup in IPSec processing is possible over a popular embedded IPSec software implementation.

In this paper we present PLEDGE, an efficient and scalable security ProtocoL for protecting fixedcontent objects in contEnt aDdressable storaGe (CAS) architEctures. PLEDGE follows an end-to-end policy-driven security approach to secure the confidentiality, integrity, and authenticity of fixed-content entities over the enterprise network links and in the nodes of the CAS device. It utilizes a customizable and configurable extensible mark-up language (XML) security policy to provide flexible, multi-level, and fine-grained encryption and hashing methodologies to fixed content CAS entities. PLEDGE secures data objects based on their content and sensitivity and highly overcomes the performance of bulk and raw encryption protocols such as the Secure Socket Layer (SSL) and the Transport Layer Security (TLS) protocols. Moreover, PLEDGE transparently stores sensitive objects encrypted (partially or totally) in the CAS storage nodes without affecting the CAS storage system operation or performance and takes into consideration the processing load, computing power, and memory capabilities of the client devices which may be constrained by limited processing power, memory resources, or network connectivity. PLEDGE complies with regulations such as the Health Insurance Portability and Accountability Act (HIPAA) requirements and the SEC Rule 17a-4 financial standards. The protocol is implemented in a real CAS network using an EMC Centera backend storage device. The application secured by PLEDGE in the sample implementation is an X-Ray radiography scanning system in a healthcare network environment. The experimental test bed implementation conducted shows a speedup factor of three over raw encryption security mechanisms.