No. 3 (2006)
Published:
2006-09-30
ARTICLES FROM THIS ISSUE
-
A new approach to header compression in secure communications
Abstract
The paper presents a new header compression mechanism for the IPv6 protocol. Its main benefit is the re- duction of the overhead caused by IPSec tunnel mode which enlarges datagrams in order to provide security services such as authentication and secrecy.
-
Distribution of the best nonzero differential and linear approximations of s-box functions
Abstract
In the paper the differential and the linear approximations of two classes of s-box functions are considered. The classes are the permutations and arbitrary functions with n binary inputs and m binary outputs, where 1≤n=m≤10. For randomly chosen functions from each of the classes, the two-dimensional distributions of the best nonzero approximations are investigated. The obtained results indicate that starting from some value of n, the linear approximation of s-box functions becomes more effective than the differential approximation. This advantage of the linear approximation rises with the increase of n and for DES size s-boxes is not yet visible.
-
Random generation of Boolean functions with high degree of correlation immunity
Abstract
In recent years a cryptographic community is paying a lot of attention to the constructions of so called resilient functions for use mainly in stream cipher systems. Very little work however has been devoted to random generation of such functions. This paper tries to fill that gap and presents an algorithm that can generate at random highly nonlinear resilient functions. Generated functions are analyzed and compared to the results obtained from the best know constructions and some upper bounds on nonlinearity and resiliency. It is shown that randomly generated functions achieve in most cases results equal to the best known designs, while in other cases fall just behind such constructs. It is argued that the algorithm can perhaps be used to prove the existence of some resilient functions for which no mathematical prove has been given so far.
-
End-to-end service survivability under attacks on networks
Abstract
Network survivability is a capability of a networked system to provide its services despite failures or attacks. Attacks, e.g., due to acts of war, being potentially damaging events, were basically considered in the historical definitions of a survivability phenomenon. The meaning of the term: ”network survivability” evolved in the last decade. Recently, attacks replayed the important role again. Their nature, however, including intrusions, probes, denials of service, differs from the old one. Survivability is strongly related to other fields of study. In particular, quality of service depends on network survivability. We investigate these dependencies in scale-free networks. Many networks are scale-free, i.e., their node degree distribution follows the power law. Nodes of the highest degrees, called centers, are highly vulnerable to attacks. Elimination of these nodes seriously degrades the overall performance of network services. In this paper we propose a model, which, based on traffic parameters of a demand, like delay or bit rate, allows to establish the survivable and attack proof end-to-end connections. The key idea of this model is that for the significant traffic, it establishes paths, which omit centers. The important connections become more resistant to attacks. We show that in the best case, obtained for the highest class of service, the number of broken connections is reduced even by factor 3. Example results are compared to those for the standard distance metrics. Our model is applicable to many network architectures and many classes of service.
-
New model of identity checking in telecommunication digital channels
Abstract
We proposed an OFDM and watermarking based technology system for correspondent identity verification (CIVS) in military telecommunication digital channels. Correspondent personal identity signature (CPIS) is represented by digital watermark. The main idea of this system solution is to verify the end user who sends acoustic signal, e.g., speech, music, etc., via Internet, HF/UHF radio, modem, etc. OFDM modulation scheme is used to prepare secret digital signature. This signature is a single-use secret key used for correspondent verification, thus binary sequence of that key is changing for every session. We describe transmitter and receiver block scheme. The results of experiments for both ideal and degraded signals are described in details too. The results are summarized with comments and conclusion.
-
Planning the introduction of IPv6 in NATO
Abstract
The NATO wide area network provides secure IP services to NATO commands and agencies, and offers information exchange gateways to nations and coalition operations. The IP services support the NATO-wide deployment of core automated information systems (AIS), and the placement of specific functional area services (e.g., intelligence, logistics, C2IS for the services, etc.) at commands. To maintain and improve interoperability within NATO and with partners, NATO will transition from version four of the Internet Protocol (IPv4) to version six (IPv6). The transition to IPv6 will involve the IP network, the information exchange gateways, the core AIS, the functional area services, and the supporting CIS infrastructure. The IPv6 naming and addressing plan being developed supports the NATO command structure and interoperability with NATO partners. The critical issue in the planning process is to support the incremental introduction of IPv6 whilst maintaining network security and reliable interworking with existing IPv4 systems and limiting increases in operations and maintenance costs. To minimise costs and maximise effectiveness NATO is planning the transition in a timescale that is commensurate with commercial adoption in NATO countries, the technology refreshment points for major systems, and the availability of IPv6 security components. New NATO projects will prepare for the transition by detailing their IPv6 upgrade path and procuring dual stack (IPv4 and IPv6) equipment. NATO will develop and adopt standardised approaches for IPv6 protocols and network design.
-
Simple admission control procedure for QoS packet switched military networks
Abstract
Providing quality of service (QoS) into the networks based on the packet switched technologies, as ATM and IP, is currently the challenge for the military communi cation system designers. The main element for achieving QoS capabilities is to implement effective admission control (AC) function, which regulates the volume of submitted traffic to the network. The traditional approach for the AC is that it is invoked by each call requesting QoS. As a consequence, the call set-up latency is increasing and, in addition, the signaling traffic in the network is growing. This paper proposes a simple AC method that is based on the online traffic load measurements and assumes that the AC is involved only when the load exceeds a predefined threshold. As a consequence, for most of the connections the AC is not necessary to be executed and this causes lower set-up phase duration and limits the volume of signaling traffic. The numerical results showing effectiveness of the approach are included and compared with traditional AC performing.
-
Performance evaluation of the multiple output queueing switch with different buffer arrangements strategy
Abstract
Performance evaluation of the multiple output queueing (MOQ) switch recently proposed by us is discussed in this paper. In the MOQ switch both the switch fabric and buffers can operate at the same speed as input and output ports. This solution does not need any speedup in the switch fabric as well as any matching algorithms between inputs and outputs. In this paper new performance measures for the proposed MOQ switch are evaluated. The simulation studies have been carried out for switches with different buffer arrangements strategy and of capacity 2×2, 4×4, 8×8, 16×16 and 32×32, and under selected traffic patterns. The simulations results are also compared with OQ switches of the same sizes.
-
The signal to noise ratio in the differential cryptanalysis of 9 rounds of data encryption standard
Abstract
There is presented the differential cryptanalysis method of attack on data encryption standard (DES) reduced to 9 rounds. More precise estimation than that of Biham and Shamir of the signal to noise (S/N) ratio is obtained. Also, method of using the ratio in calculation of required number of plaintexts is suggested. There are given results (time of performance) and implementation’s issues of practical realisation of this attack.
