Secure Concurrency Control in Firm Real-Time Database Systems

Many real-time database applications arise in electronic financial services, safety-critical installations and military systems where enforcing security is crucial to the success of the enterprise. For real-time database systems supporting applications with firm deadlines, we investigate here the performance implications, in terms of killed transactions, of guaranteeing multilevel secrecy. In particular, we focus on the concurrency control (CC) aspects of this issue. Our main contributions are the following: First, we identify which among the previously proposed real-time CC protocols are capable of providing covert-channel-free security. Second, using a detailed simulation model, we profile the real-time performance of a representative set of these secure CC protocols for a variety of security-classified workloads and system configurations. Our experiments show that a prioritized optimistic CC protocol, OPT-WAIT, provides the best overall performance. Third, we propose and evaluate a novel "dual-CC" approach that allows the real-time database system to simultaneously use different CC mechanisms for guaranteeing security and for improving real-time performance. By appropriately choosing these different mechanisms, concurrency control protocols that provide even better performance than OPT-WAIT are designed. Finally, we propose and evaluate GUARD, an adaptive admission-control policy designed to provide fairness with respect to the distribution of killed transactions across security levels. Our experiments show that GUARD efficiently provides close to ideal fairness for real-time applications that can tolerate covert channel bandwidths of upto one bit per second.

Bicriterion differential games with qualitative outcomes

Combat games are studied as bicriterion differential games with qualitative outcomes determined by threshold values on the criterion functions. Survival and capture strategies of the players are defined using the notion of security levels. Closest approach survival strategies (CASS) and minimum risk capture strategies (MRCS) are important strategies for the players identified as solutions to four optimization problems involving security levels. These are used, in combination with the preference orderings of the qualitative outcomes by the players, to delineate the win regions and the secured draw and mutual kill regions for the players. It is shown that the secured draw regions and the secured mutual kill regions for the two players are not necessarily the same. Simple illustrative examples are given.

Recovery from DoS Attacks in MIPv6: Modelling and Validation

Denial-of-service (DoS) attacks form a very important category of security threats that are prevalent in MIPv6 (mobile internet protocol version 6) today. Many schemes have been proposed to alleviate such threats, including one of our own [9]. However, reasoning about the correctness of such protocols is not trivial. In addition, new solutions to mitigate attacks may need to be deployed in the network on a frequent basis as and when attacks are detected, as it is practically impossible to anticipate all attacks and provide solutions in advance. This makes it necessary to validate the solutions in a timely manner before deployment in the real network. However, threshold schemes needed in group protocols make analysis complex. Model checking threshold-based group protocols that employ cryptography have not been successful so far. Here, we propose a new simulation based approach for validation using a tool called FRAMOGR that supports executable specification of group protocols that use cryptography. FRAMOGR allows one to specify attackers and track probability distributions of values or paths. We believe that infrastructure such as FRAMOGR would be required in future for validating new group based threshold protocols that may be needed for making MIPv6 more robust.

A unification-based decision procedure for cryptographic protocol analysis

We present a sound and complete decision procedure for the bounded process cryptographic protocol insecurity problem, based on the notion of normal proofs [2] and classical unification. We also show a result about the existence of attacks with “high” normal cuts. Our proof of correctness provides an alternate proof and new insights into the fundamental result of Rusinowitch and Turuani [9] for the same setting.

A Flexible Crypto-system Based upon the REDEFINE Polymorphic ASIC Architecture

The highest levels of security can be achieved through the use of more than one type of cryptographic algorithm for each security function. In this paper, the REDEFINE polymorphic architecture is presented as an architecture framework that can optimally support a varied set of crypto algorithms without losing high performance. The presented solution is capable of accelerating the advanced encryption standard (AES) and elliptic curve cryptography (ECC) cryptographic protocols, while still supporting different flavors of these algorithms as well as different underlying finite field sizes. The compelling feature of this cryptosystem is the ability to provide acceleration support for new field sizes as well as new (possibly proprietary) cryptographic algorithms decided upon after the cryptosystem is deployed.

Another look at tightness

We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar deficiencies in the security assurances provided by non-tight proofs when we analyze some protocols in the literature including ones for network authentication and aggregate MACs. Our observations call into question the practical value of non-tight reductionist security proofs. We also exhibit attacks on authenticated encryption schemes, disk encryption schemes, and stream ciphers in the multi-user setting.

Assessing Indian cities for vulnerability to climate change

This paper critically evaluates the vulnerability of Indian cities to climate change in the context of sustainable development. City-scale indicators are developed for multiple dimensions of security and vulnerability. Factor analysis is employed to construct a vulnerability ranking of 46 major Indian cities. The analysis reveals that high aggregate levels of wealth do not necessarily make a city less vulnerable. Two, cities with diversified economic opportunities could adapt better to the new risks posed by climate change, than cities with unipolar opportunities. Three, highly polluted cities are more vulnerable to the health impacts of climate change, and cities with severe groundwater depletion will find it difficult to cope with increased rainfall variability. Policy and sustainability issues are discussed for these results.

Authentication using finger Knuckle prints

Automated security is one of the major concerns of modern times. Secure and reliable authentication systems are in great demand. A biometric trait like the finger knuckle print (FKP) of a person is unique and secure. Finger knuckle print is a novel biometric trait and is not explored much for real-time implementation. In this paper, three different algorithms have been proposed based on this trait. The first approach uses Radon transform for feature extraction. Two levels of security are provided here and are based on eigenvalues and the peak points of the Radon graph. In the second approach, Gabor wavelet transform is used for extracting the features. Again, two levels of security are provided based on magnitude values of Gabor wavelet and the peak points of Gabor wavelet graph. The third approach is intended to authenticate a person even if there is a damage in finger knuckle position due to injury. The FKP image is divided into modules and module-wise feature matching is done for authentication. Performance of these algorithms was found to be much better than very few existing works. Moreover, the algorithms are designed so as to implement in real-time system with minimal changes.

From Selective-ID to Full-ID IBS without Random Oracles

Since its induction, the selective-identity (sID) model for identity-based cryptosystems and its relationship with various other notions of security has been extensively studied. As a result, it is a general consensus that the sID model is much weaker than the full-identity (ID) model. In this paper, we study the sID model for the particular case of identity-based signatures (IBS). The main focus is on the problem of constructing an ID-secure IBS given an sID-secure IBS without using random oracles-the so-called standard model-and with reasonable security degradation. We accomplish this by devising a generic construction which uses as black-box: i) a chameleon hash function and ii) a weakly-secure public-key signature. We argue that the resulting IBS is ID-secure but with a tightness gap of O(q(s)), where q(s) is the upper bound on the number of signature queries that the adversary is allowed to make. To the best of our knowledge, this is the first attempt at such a generic construction.

Secure Compute-and-Forward in a Bidirectional Relay

We consider the basic bidirectional relaying problem, in which two users in a wireless network wish to exchange messages through an intermediate relay node. In the compute-and-forward strategy, the relay computes a function of the two messages using the naturally occurring sum of symbols simultaneously transmitted by user nodes in a Gaussian multiple-access channel (MAC), and the computed function value is forwarded to the user nodes in an ensuing broadcast phase. In this paper, we study the problem under an additional security constraint, which requires that each user's message be kept secure from the relay. We consider two types of security constraints: 1) perfect secrecy, in which the MAC channel output seen by the relay is independent of each user's message and 2) strong secrecy, which is a form of asymptotic independence. We propose a coding scheme based on nested lattices, the main feature of which is that given a pair of nested lattices that satisfy certain goodness properties, we can explicitly specify probability distributions for randomization at the encoders to achieve the desired security criteria. In particular, our coding scheme guarantees perfect or strong secrecy even in the absence of channel noise. The noise in the channel only affects reliability of computation at the relay, and for Gaussian noise, we derive achievable rates for reliable and secure computation. We also present an application of our methods to the multihop line network in which a source needs to transmit messages to a destination through a series of intermediate relays.

Do we see what we should see? Describing non-covalent interactions in protein structures including precision

The power of X-ray crystal structure analysis as a technique is to `see where the atoms are'. The results are extensively used by a wide variety of research communities. However, this `seeing where the atoms are' can give a false sense of security unless the precision of the placement of the atoms has been taken into account. Indeed, the presentation of bond distances and angles to a false precision (i.e. to too many decimal places) is commonplace. This article has three themes. Firstly, a basis for a proper representation of protein crystal structure results is detailed and demonstrated with respect to analyses of Protein Data Bank entries. The basis for establishing the precision of placement of each atom in a protein crystal structure is non-trivial. Secondly, a knowledge base harnessing such a descriptor of precision is presented. It is applied here to the case of salt bridges, i.e. ion pairs, in protein structures; this is the most fundamental place to start with such structure-precision representations since salt bridges are one of the tenets of protein structure stability. Ion pairs also play a central role in protein oligomerization, molecular recognition of ligands and substrates, allosteric regulation, domain motion and alpha-helix capping. A new knowledge base, SBPS (Salt Bridges in Protein Structures), takes these structural precisions into account and is the first of its kind. The third theme of the article is to indicate natural extensions of the need for such a description of precision, such as those involving metalloproteins and the determination of the protonation states of ionizable amino acids. Overall, it is also noted that this work and these examples are also relevant to protein three-dimensional structure molecular graphics software.

Una mirada a Egipto desde la Biblia Hebraica

Resumen: ¿Qué imágenes de Egipto encontramos en la Biblia Hebrea, además del éxodo? Los textos bíblicos miran a su vecina Egipto como país de refugio (del hambre o la persecución). Pero por ser grande y fuerte, Egipto es también proveedor de armamento militar. Puede tornarse una falsa seguridad para un pueblo que debe confiar solo en Yavé. La literatura sapiencial es más benévola. En la descripción de la cama lujosa a la que una mujer descarada atrae a su amante, Proverbios 7 ofrece un homenaje indirecto a la riqueza egipcia.

Gizarte-elkarrekintza eta harreman beharrizanak irakaste-ikaste prozesuetan Haur Hezkuntzan

LABURPENA: Lan hau esku-hartzearen alorrean kokatzen da: harreman beharrizanen inguruko diagnostiko bat aurkezten da. Honen helburua da Haur Hezkuntzako 3 urteko gelan edukiak irakasteko eta ikasteko antolatzen den gizarte-elkarrekintzan agertzen diren harreman beharrizan motak eta horiek noraino eta nola betetzen diren ikustea. Esku-hartzea oinarritzen da orientabide soziokulturalaren konstruktibismoak gizarte-elkarrekintzari buruz egin duen lanean eta baita Garapenaren Psikologiak eta beste diziplina batzuk atxikimenduaz eta harreman afektiboei buruz aztertutakoan ere. Diagnostikoa egiteko prozedura etnografikoak erabili dira, garrantzitsuena behaketa parte-hartzailea. Ondorioetan nabarmenena da eduki eskolarren presioak maiz harreman beharrizanei ez erantzutera eramaten duela eta baita autonomia isolamendu afektiboekin identifikatzen dela ziurtasunaren premiaren kalterako. Azkenik, lan egiteko orduan baliogarriak izan daitezkeen jarraitzeko ildo batzuk nabariak dira.

Análisis de rendimiento de aplicaciones ITS con el protocolo de gestión de movilidad de redes NeMHIP

[ES]Este estudio tiene como objetivo analizar el rendimiento de diferentes aplicaciones ITS sobre el protocolo de movilidad de redes NeMHIP, el cual garantiza un alto nivel de seguridad y de calidad de servicio. En primer lugar, se seleccionarán las diferentes aplicaciones. A continuación, se identificarán los parámetros más significativos para medir el rendimiento y se definirá un plan de pruebas y un escenario. Posteriormente se realizarán las medidas con las aplicaciones previamente seleccionadas, y por último se analizarán los resultados obtenidos para determinar la eficiencia de cada aplicación sobre el protocolo NeMHIP.

Subjektu egozgarri eta arriskutsuen tratamendu penala

[ES]El presente Trabajo de Fin de Grado analiza el tratamiento penal de los sujetos imputables peligrosos que mantienen la peligrosidad criminal tras el cumplimiento de la pena de prisión. De esta manera, se investiga la regulación jurídica española dirigida a este colectivo, poniendo de manifiesto que hasta la entrada en vigor de la Ley Orgánica 5/2010 de reforma del Código Penal no había prevista ninguna medida de seguridad enfocada a este grupo específico y concluyendo que la medida de “libertad vigilada” introducida en dicha reforma no es del todo efectiva para alcanzar la reinserción del reo. Por todo ello, se argumenta que la política criminal llevada a cabo en los últimos años ha llevado la seguridad a un extremo tal que no se han podido garantizar del todo los derechos individuales del colectivo anteriormente mencionado. Asimismo, se investiga la “custodia de seguridad” vigente en la regulación alemana, haciendo notoria la importancia de la seguridad e inocuización. En síntesis, se estudia si el delincuente ha quedado subordinado al orden jurídico y a la seguridad, esclareciendo si han sido respetados los principios y garantías inherentes a un Estado Social y Democrático de Derecho.