Sachin Vasant

Bio: Sachin Vasant is an academic researcher from Cisco Systems, Inc.. The author has contributed to research in topics: Computer security model & Security policy. The author has an hindex of 3, co-authored 8 publications receiving 108 citations. Previous affiliations of Sachin Vasant include PSG College of Technology.

Security policy unification across different security products

Abstract: A management entity receives from multiple security devices corresponding native security policies each based on a native policy model associated with the corresponding security device. Each security device controls access to resources by devices associated with the security device according to the corresponding native security policy. The management entity normalizes the received native security policies across the security devices based on a generic policy model, to produce a normalized security policy that is based on the generic policy model and representative of the native security polices.

An efficient IND-CCA2 secure variant of the niederreiter encryption scheme in the standard model

Abstract: In this paper, we propose an IND-CCA2 secure code based encryption scheme in the standard model, built on the Niederreiter encryption scheme. The security of the scheme is based on the hardness of the Syndrome Decoding problem and the Goppa Code Distinguishability problem. The system is developed according to the construction similar to IND-CCA2 secure encryption scheme by Peikert and Waters using the lossy trapdoor functions. Compared to the existing IND-CCA2 secure variants due to Dowsley et.al. and Freeman et. al. (using the κ repetition paradigm initiated by Rosen and Segev), our scheme is more efficient as it avoids κ repetitions. This can be considered as the first practical code-based encryption scheme that is IND-CCA2 secure in the standard model.

Policy block creation with context-sensitive policy line classification

Abstract: Presented herein are techniques for creating a policy block comprised of a group of lines of rules/statements across configuration files for network devices. An algorithm is provided that determines when multiple policies are to be merged together into one policy. In one embodiment, data is uploaded from a network that includes a plurality of network devices. The data represents policy rules configured on the plurality of network devices. The data representing the policy rules is compared for similarities in order to group together policy rules based on their similarities. Data is stored representing a plurality of clusters, each cluster representing a group of policy rules that have been grouped together. One or more configuration policies are generated to be applied across the plurality of network devices using the data representing each of the plurality of clusters, while maintaining context of policy rule processing.

A code-based 1-out-of-n oblivious transfer based on mceliece assumptions

Abstract: In this paper, we propose an efficient code-based 1-out-of-N oblivious transfer, OT1N, based on McEliece assumptions without invoking the OT12 several times as in the paradigm proposed in [20,6]. We also show that the protocol is computationally secure against passive and active adversaries. To our knowledge, this is the first practical code-based OT1N protocol. The proposed protocol is compared with some existing number-theoretic OT1N protocols for efficiency. Also, the passively secure 1-out-of-2 OT protocol proposed by Dowsley et al. [10] is reviewed. A formal argument of the computational security of the protocol against active adversaries is furnished.

Advances in cryptology -- EUROCRYPT 2010 : 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30-June 3, 2010 : proceedings

Abstract: Cryptosystems I.- On Ideal Lattices and Learning with Errors over Rings.- Fully Homomorphic Encryption over the Integers.- Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups.- Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption.- Obfuscation and Side Channel Security.- Secure Obfuscation for Encrypted Signatures.- Public-Key Encryption in the Bounded-Retrieval Model.- Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases.- 2-Party Protocols.- Partial Fairness in Secure Two-Party Computation.- Secure Message Transmission with Small Public Discussion.- On the Impossibility of Three-Move Blind Signature Schemes.- Efficient Device-Independent Quantum Key Distribution.- Cryptanalysis.- New Generic Algorithms for Hard Knapsacks.- Lattice Enumeration Using Extreme Pruning.- Algebraic Cryptanalysis of McEliece Variants with Compact Keys.- Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds.- IACR Distinguished Lecture.- Cryptography between Wonderland and Underland.- Automated Tools and Formal Methods.- Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers: Application to AES, Camellia, Khazad and Others.- Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR.- Computational Soundness, Co-induction, and Encryption Cycles.- Models and Proofs.- Encryption Schemes Secure against Chosen-Ciphertext Selective Opening Attacks.- Cryptographic Agility and Its Relation to Circular Encryption.- Bounded Key-Dependent Message Security.- Multiparty Protocols.- Perfectly Secure Multiparty Computation and the Computational Overhead of Cryptography.- Adaptively Secure Broadcast.- Universally Composable Quantum Multi-party Computation.- Cryptosystems II.- A Simple BGN-Type Cryptosystem from LWE.- Bonsai Trees, or How to Delegate a Lattice Basis.- Efficient Lattice (H)IBE in the Standard Model.- Hash and MAC.- Multi-property-preserving Domain Extension Using Polynomial-Based Modes of Operation.- Stam's Collision Resistance Conjecture.- Universal One-Way Hash Functions via Inaccessible Entropy.- Foundational Primitives.- Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions.- Constructing Verifiable Random Functions with Large Input Spaces.- Adaptive Trapdoor Functions and Chosen-Ciphertext Security.

Discovering and grouping application endpoints in a network environment

Abstract: An example method for discovering and grouping application endpoints in a network environment is provided and includes discovering endpoints communicating in a network environment, calculating affinity between the discovered endpoints, and grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries. In specific embodiments, the affinity includes a weighted average of network affinity, compute affinity and user specified affinity.

Enhanced Public Key Security for the McEliece Cryptosystem

Abstract: This paper studies a variant of the McEliece cryptosystem able to ensure that the code used as the public key is no longer permutation equivalent to the secret code. This increases the security level of the public key, thus opening the way for reconsidering the adoption of classical families of codes, like Reed---Solomon codes, that have been longly excluded from the McEliece cryptosystem for security reasons. It is well known that codes of these classes are able to yield a reduction in the key size or, equivalently, an increased level of security against information set decoding; so, these are the main advantages of the proposed solution. We also describe possible vulnerabilities and attacks related to the considered system and show what design choices are best suited to avoid them.

A Provably Secure Group Signature Scheme from Code-Based Assumptions

Abstract: We solve an open question in code-based cryptography by introducing the first provably secure group signature scheme from code-based assumptions. Specifically, the scheme satisfies the CPA-anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome Decoding problem. Our construction produces smaller key and signature sizes than the existing post-quantum group signature schemes from lattices, as long as the cardinality of the underlying group does not exceed the population of the Netherlands $${\approx }2^{24}$$ users. The feasibility of the scheme is supported by implementation results. Additionally, the techniques introduced in this work might be of independent interest: a new verifiable encryption protocol for the randomized McEliece encryption and a new approach to design formal security reductions from the Syndrome Decoding problem.

Cyber Vulnerability Scan Analyses with Actionable Feedback

Abstract: Embodiments of the present technology relate to cyber attack vulnerability analyses. In one embodiment, a method includes determining an external infrastructure of an entity, the external infrastructure including one or more cyber assets utilized by the entity, collecting infrastructure information regarding the one or more cyber assets, performing passive cyber security vulnerability testing on the one or more cyber assets using the collected infrastructure information, and assessing cyber security vulnerabilities of the one or more cyber assets. The method may further include calculating an association score for the one or more cyber assets based on the assessed cyber security vulnerabilities, and automatically recommending, based on the association score, computer network changes to reduce the cyber security vulnerabilities.