This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing non-linearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.

Many HTTP resources (pages, graphics, etc.) are exact duplicates of other resources with different URLs. If an HTTP cache contains a duplicate of a requested resource, and could detect this, it could avoid substantial network costs by returning the cached duplicate in place of the requested URL. Previous studies have shown that there is substantial duplication of content in both HTTP and FTP, and several protocols have been proposed to support efficient and safe duplicate suppression in HTTP. We use traces covering millions of HTTP requests to quantify the potential benefit of an HTTP duplicate-suppression extension. In particular, we show that the benefits vary depending on content-type, and that a small fraction of Web servers account for most of the duplicated resources.

To enhance system performance computer architectures tend to incorporate an increasing number of parallel execution units. This paper shows that the new generation of MD4-based customized hash functions (RIPEMD-128, RIPEMD-160, SHA-1) contains much more software parallelism than any of these computer architectures is currently able to provide. It is conjectured that the parallelism found in SHA-1 is a design principle. The critical path of SHA-1 is twice as short as that of its closest contender RIPEMD-160, but realizing it would require a 7-way multiple-issue architecture. It will also be shown that, due to the organization of RIPEMD-160 in two independent lines, it will probably be easier for future architectures to exploit its software parallelism.

We describe a universal hash-function family, PolyR, which hashes messages of effectively arbitrary lengths in 3.9--6.9 cycles/byte (cpb) on a Pentium II (achieving a collision probability in the range 2 -16 --2 -50 ). Unlike most proposals, PolyR actually hashes short messages faster (per byte) than long ones. At the same time, its key is only a few bytes, the output is only a few bytes, and no "preprocessing" is needed to achieve maximal effciency. Our designs have been strongly influenced by low-level considerations relevant to software speed, and experimental results are given throughout.

This work investigates the state of the art in hard disk cryptography. As the choice of the cipher mode is essential for the security of hard disk data, we discuss the recent cipher mode developments at two standardisation bodies, NIST and IEEE. It is a necessity to consider new developments, as the most common cipher mode – namely CBC – has many security problems. This work devotes a chapter to the analysis of CBC weaknesses. Next to others, the main contributions of this work are (1) efficient algorithms for series of multiplications in a finite field (Galois Field), (2) analysis of the security of password-based cryptography with respect to low entropy attacks and (3) a design template for secure key management, namely TKS1. For the latter, it is assumed that key management has to be done on regular user hardware in the absence of any special security hardware like key tokens. We solve the problems arising from magnetic storage by introducing a method called anti-forensic information splitter. This work is complemented by the presentation of a system implementing a variant

This article describes a simulation study of the performance of the current iETF approach to authenticating mobile nodes by means of an integrated Authentication, Authorization and Accounting (AAA) infrastructure. The main findings of the study are: 1) the delay experienced by a mobile node in case of a full authentication dialogue involving entities of the mobile node's home network is largely determined by the end-to-end delay between the foreign and the home network, 2) the workload of AAA servers remains moderate in case of a load- and mobility model inspired by established values of GSM networks as well as in case of a more progressive mobility model [5], and 3) the workload of AAA servers grows infinitely under both mobility models if cryptographic algorithms are used that require about 100 (30) times the processing capabilities of algorithms currently envisaged by the IETF (cryptographic hash functions and symmetric encryption). An important consequence of this finding is that the use of asymmetric cryptography would possibly lead to overload situations under the investigated conditions.

We present a new scheme called universal block chaining with sum (or chain & sum primitive (C&S) for short), and show its application to the problem of combined encryption and authentication of data. The primitive is a weak CBC-type encryption along with a summing step, and can be used as a front end to stream ciphers to encrypt pages or blocks of data (e.g., in an encrypted file system or in a video stream). Under standard assumptions, the resulting encryption scheme provably acts as a random permutation on the blocks, and has message integrity features of standard CBC encryption. The primitive also yields a very fast message authentication code (MAC), which is a multivariate polynomial evaluation hash. The multivariate feature and the summing aspect are novel parts of the design. Our tests show that the chain & sum primitive adds approximately 20 percent overhead to the fastest stream ciphers. 1

Over the last decade, clusters have become the fastest growing platforms in high-performance computing. More recently, Grids were emerging as next generation computing platforms for large-scale computation and data intensive problems in industry, academic, and government organizations. Meanwhile, an increasing number of real-time applications running on clusters and Grids have mandatory security requirements in addition to stringent timing constraints. Conventional real-time scheduling algorithms developed for clusters and Grids, however, either disregard applications ’ security needs, and thus expose the applications to security threats, or run applications at inferior security levels without optimizing security performance. In recognition that many applications running on clusters and Grids demand both real-time performance and security, in this dissertation research we investigate the problem of scheduling real-time applications with various security requirements. First, we propose a security middleware model (or SMW for short) from which security-sensitive real-time applications are enabled to exploit a variety of security

The Internet offers a best-effort service over public networks which do not guarantee privacy. Because of this the provision of secure real time audio applications has received increasing interest and was an active research area in last years. We propose an adaptive packet audio control mechanism, originally designed for controlling and adapting the audio applications to the network conditions, and now enriched with cryptographic features in order to support secure, unicast, voice-based communications over the Internet. We take advantage of the characteristics of the adaptive mechanism, which meets the real time constraints needed by audio transmission applications, in order to realize a lightweight security infrastructure which offers privacy, authenticity and integrity assurances in a simple way and at a negligible cost. Finally, we show the performance of the proposed mechanism and we contrast it with those of other well-known tools designed for the secure audio transmission over the Internet.

Parallel applications with deadline and security constraints are emerging in various areas like education, information technology, and business. However, conventional job schedulers for clusters generally do not take security requirements of realtime parallel applications into account when making allocation decisions. In this paper, we address the issue of allocating tasks of parallel applications on clusters subject to timing and security constraints in addition to precedence relationships. A task allocation scheme, or TAPADS (Task Allocation for Parallel Applications with Deadline and Security Constraints), is developed to find an optimal allocation that maximizes quality of security and the probability of meeting deadlines for parallel applications. In addition, we proposed mathematical models to describe a system framework, parallel applications with deadline and security constraints, and security overheads. Experimental results show that TAPADS significantly improves the performance of clusters in terms of quality of security and schedulability over three existing allocation schemes. 1.