Embedded devices are ubiquitously involved in a large variety of security applications which heavily rely on the computation of hash functions. Roughly, two alternatives for speeding up computations... Show More

Embedded devices are ubiquitously involved in a large variety of security applications which heavily rely on the computation of hash functions. Roughly, two alternatives for speeding up computations co-exist in these resource constrained devices: parallel processing and hardware acceleration. Needles to say, multi-core devices are clearly the next step in embedded systems due to clear technological limitations on single processor frequency. Hardware accelerators are long known to be a cheaper approach for costly cryptographic functions. The authors analysis is focused on the five SHA-3 finalists which are also contrasted to the previous SHA-2 standard and to the widespread MD5. On the hardware side, the authors deploy their implementations on two platforms from Freescale: a S12X core equipped with an XGATE coprocessor and a Kinetis K60 core equipped with a crypto co-processor. These platforms differ significantly in terms of computational power, the first is based on a 16-bit Freescale proprietary architecture while the former relies on a more recent 32-bit Cortex core. The authors’ experimental results show mixed performances between the old standard and the new candidates. Some of the new candidates clearly outperform the old standard in terms of both computational speed and memory requirements while others do not. Bottom line, on the 16 bit platform BLAKE and Grøstl are the top performers while on the 32-bit platform Keccak, Blake and Skein give the best results.

Replication and value selection through voting are commonly used approaches to tolerating naturally caused failures. Without considering intentionally introduced failures, such as failures caused by... Show More

Replication and value selection through voting are commonly used approaches to tolerating naturally caused failures. Without considering intentionally introduced failures, such as failures caused by attacks, having more replication or residency often makes the system more reliable. However, when both the reliability of individual replicas and the existence of attackers are taken into consideration, the number of replicas that participate in a voting process has significant impact on system reliability. In this paper, the authors study the problem of deciding the optimal number of participating voters that maximizes the reliability of voting results under two different types of attacks, i.e., random attack and targeted attack, and develop algorithms to find the optimal voting strategy. A set of experiments are performed to illustrate how the optimal voting strategy varies under different system settings and how the number of voting participants affects the system's reliability.

Critical infrastructure (CI) services are constantly consumed by the society and are not expected to fail. A common definition states that CIs are so vital to our society that a disruption would... Show More

Critical infrastructure (CI) services are constantly consumed by the society and are not expected to fail. A common definition states that CIs are so vital to our society that a disruption would have a severe impact on both the society and the economy. CI sectors include, amongst others, electricity, telecommunication and transport. CIs can be mutually dependent on each others services and a failure in one of these elements can cascade to another (inter)dependent CI. CI security modelling was introduced in previous work to enable on-line risk monitoring in CIs that depend on each other by exchanging risk alerts expressed in terms of a breach of Confidentiality, a breach of Integrity and degrading Availability (C,I,A). While generally providing a solid basis for risk monitoring, there is no way of evaluating if a risk alert received from an external CI is accurate. In this paper the authors propose a solution to this problem by adding a trust based component to the CI security model in order to improve its accuracy and resilience to inconsistent or inaccurate risk alerts provided by (inter)dependent CIs, allowing to evaluate the correctness of the received alerts. The proposed approach is validated on a realistic scenario by evaluating a dependency between the computing and the telecommunication sectors in the context of the Grid'5000 platform.