pub: CSIIRW-Trustworthiness Derived from Object Identity and Behavior Paper (2010)

19 May 2012

Text Size

"But conventional security is not enough. The complexity of today's operational environment means organisations must embrace a level of business resilience that is normally associated with the protection of critical national infrastructure."

Detica, a BAE Systems Company

Read more...
“The time needed to factor an RSA integer is the same order as the time needed to use that same integer as modulus for a single RSA encryption. In other words, it takes no more time to break RSA on a quantum computer (up to a multiplicative constant) than to use it legitimately on a classical computer.”

Professor Gilles Brassard, "Quantum Information Processing: The Good, the Bad and the Ugly", 1997

Read more...
"Dropping support for a broken crypto primitive is hard in practice
- but crypto can be broken overnight
- what do we do if SHA-1 or RSA falls tomorrow?"

Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
Read more...

Home

Written by Owen McCusker, Benjamin Gittins, Joel Glanfield, Scott Brunza, Dr. Stephen Brooks

Saturday, 05 June 2010 15:45

Full Title:	The Need to Consider Both Object Identity and Behavior in Establishing the Trustworthiness of Network Devices within a Smart Grid.
Electronic Publication:	4 Page PDF, Slideshow
Authors:	Owen McCusker (1), Benjamin Gittins (2), Joel Glanfield (3), Scott Brunza (1), Dr. Stephen Brooks (3)
Organisations:	Sonalysts, Inc. Synaptic Laboratories Limited Dalhousie Univesity, Computer Science
Date:	Presented by Owen McCusker and Benjamin Gittins at CSIIRW-6 (2010) in Tennessee, USA.
Keywords:	Behavioral Trust, Cryptographic Key Management, Identity Management, IdM, CKM
Abstract:	Today's distributed computing environments, like Energy Control Systems, lack a common and adaptive notion of trust and are vulnerable to a wide range of attacks from complex threats. These threats on our control systems are distributed, decentralized, dynamic, and operate over multiple timescales. Threats may also result from structural weaknesses in system designs that permit exploitation by insiders working inside globally trusted service providers. Although approaches such as Trusted Computing are part of the solution, we argue that a layered notion of distributed trust is required to effectively address the end-to-end security needs of these systems.
Quote:
Related work:	Benjamin Gittins, "Overview of SLL's proposal in response to NIST's call for new global IdM/CKM designs without public keys." Paper, Slideshow.

Last Updated on Sunday, 06 June 2010 12:23