EYE ON SECURITY

The World of Secure Development.

August 2006

Researchers at Northwestern University and BBN Technologies have demonstrated what they say is the first truly quantum cryptographic data network.

The technique, called AlphaEta, integrates quantum noise protected data encryption (QDE) with Quantum Key Distribution (QKD), resulting in a data communication system that’s resistant to eavesdropping. It does this by using irreducible quantum noise in laser light to enhance the security of the system. Unlike most other physical encryption methods, AlphaEta maintains performance on par with traditional optical communications links and is compatible with standard fiber optical networks.

"The volume and type of sensitive information being transmitted over data networks continues to grow at a remarkable pace," said Prem Kumar, professor of electrical engineering and computer science at Northwestern and co-principal investigator on the project. "New cryptographic methods are needed to continue ensuring that the privacy and safety of each user's information is secure."

Unlike most other physical encryption methods, AlphaEta maintains performance on par with traditional optical communications links and is compatible with standard fiber optical networks.

Quantum Key Distribution exploits the unique properties of quantum mechanics to securely distribute electronic keys between two parties. Unlike traditional key distribution, the security of QKD can in theory provide quantitatively secure keys regardless of advances in technology. Typically, these ultra-secure keys would be used in traditional encryption algorithms to allow for high-speed encrypted communications.

BBN has built and demonstrated the world's first quantum network with untrusted network switches, delivering end-to-end key distribution via high-speed QKD since 2004. With the Boston Metro QKD network running 24/7, it is evident that quantum cryptography works in practice and may provide a technique for building highly secure networks.

"As secure communications require both secure key distribution and strong encryption mechanisms, the combined QKD/AlphaEta system represents the state-of-the-art in ultra-secure high-speed optical communications," said Henry Yeh, director of programs at BBN Technologies.

Posted by Jon Erickson at 08:49 AM  Permalink |

If nothing else, the promise of pervasive networks--those ubiquitous systems that integrate computation into our environment via high-speed wireless communication--is exciting. But from a security perspective, they're a nightmare.

Securing pervasive networks requires systems that support adaptive security mechanisms that automatically change in response to events. There are any number of projects that are developing such systems, including Mobius, SERENITY, and BIONETS.

The Mobius project, short for "Mobility, Ubiquity and Security," is using the ProofCarryingCode (PCC) paradigm which allows individual components to gain trust by providing verifiable certificates of their trustworthiness--an approach than can complement centralized trust mechanisms that may sometimes be difficult to deploy. PCC also supports system component downloading, which is essential for remote maintenance of network devices.

According to Mobius coordinator Gilles Barthe, "we have identified and modeled the scenarios and security requirements that must be tackled, and defined the core security architecture." He goes on to add that the project "will focus on Java-enabled global computers. This will also allow us to implement our security architecture and evaluate it on case studies from a range of application domains."

Likewise, engineers for the SERENITY project, short for "System Engineering for Security and Dependability," are developing a framework to support the automated integration, configuration, monitoring and adaptation of security and dependability (S&D) in Ambient Intelligence (AmI) ecosystems. All this is achieved by capturing the necessary knowledge about S&D solutions so that they can be selected and applied by automated means.

"The most relevant issue is that the combination of heterogeneity and dynamism will make it impossible for security engineers to foresee all the possible situations that may arise and to create solutions for them," says Antonio Mana, scientific coordinator for the SERENITY project. He adds, however, that "SERENITY does not aim at always providing the most robust security, so it is always 'best effort'. Personally, I like the term 'appropriate security' to describe a level of security that is adapted to the value of the protected element and the possibilities of attack."

Yet security issues in new networks are not about unknown problems. Networks themselves are transforming beyond all recognition. "The general rise of pervasive computing is a challenge to the traditional paradigm," says Daniele Miorandi, scientific coordinator of the BIONETS project, funded under the IST’s Future and Emerging Technologies (FET) initiative. "There are issues of scalability, complexity and heterogeneity. There is no longer any centralised control."

The BIONETS project, on the other hand, take a biologically-inspired approach based on paradigms from nature and society, for localized autonomic communication services that do not need central control. Such an approach would allow high-level services to evolve spontaneously. Autonomic services are self-configuring, self-healing, self-protecting and self-managing, much like the natural immune system of the human body. While researchers focusing on BIONETS, short for "BIOlogically inspired NETwork and Services," are mainly looking at autonomic services where networks arise so spontaneously that the idea of distinct networks and devices disappears, they are also dealing with security issues from the outset.

"In the past," says Joachim Posegga, co-lead on the BIONETS security work package, "security specialists could work only on already established systems. With dynamic networks there's no fixed infrastructure, the stable part is reduced or disappears, so we need to integrate security into the system from the very beginning." Daniel Schreckling, the second co-lead on the BIONETS security work package, adds that "we want to establish what is the minimum core required to respond to security needs."

The good news is that we're on the way of meeting the goal of mobile/ubiquitous computing--that is, to provide computing and communication services all the time, everywhere, and invisibly to users. The bad news is that there is still a lot of work to do, particularly when it comes to security.

Posted by Jon Erickson at 08:26 AM  Permalink |