Showing papers by "National Security Agency published in 2015"

The SIMON and SPECK lightweight block ciphers

Abstract: The Simon and Speck families of block ciphers were designed specifically to offer security on constrained devices, where simplicity of design is crucial. However, the intended use cases are diverse and demand flexibility in implementation. Simplicity, security, and flexibility are ever-present yet conflicting goals in cryptographic design. This paper outlines how these goals were balanced in the design of Simon and Speck.

Character Sum Factorizations Yield Sequences With Ideal Two-Level Autocorrelation

Abstract: We give a new existence criterion for $p$ -ary sequences which have ideal two-level autocorrelation; and we use it to obtain four general families of such sequences: one for $p=2$ , one for general odd primes $p$ and two special ones for $p=3$ The binary family turns out to be equivalent to that discovered by Dillon and Dobbertin and published in 2004 The general $p$ -ary family is equivalent to that discovered by Gong and Helleseth, by Dillon and, when $p=3$ , by Helleseth, Kumar, and Martinsen All of these $p$ -ary results were published in 2001 and 2002 The special ternary families are new and give as special cases the sequences conjectured by Alfred Lin in his 1998 PhD thesis as well as most of those conjectured in 2001 by Ludkovski and Gong Our sequences may also be used to construct (relative) difference sets, their corresponding block designs and generalized weighing matrices

A cloud-based approach to big graphs

Abstract: Data sizes in today’s Big Data age presents a profound scalability challenge to modeling networks as graphs. Historically, memory-based solutions were utilized to cope with high latency incurred by irregular data access common in many natural networks. But current data rates impose both economic and environmental challenges to continually expand the total aggregate system memory to “fit” the graph. Graph scalability has wide-reaching impact since network analysis has expanded beyond its traditional fields into many areas of research including neuroscience, genomics, bioinformatics, and social network analysis. We present a Cloud-based approach that scales with Big Data while being fault-tolerant, applying it on the largest problem size in the Graph500 benchmark to traverse a Petabyte graph consisting of over 4 trillion vertices and 70 trillion edges, a size nearly twenty times the physical memory capacity of our computing platform.

Model Checking Distributed Mandatory Access Control Policies

Abstract: This work examines the use of model checking techniques to verify system-level security properties of a collection of interacting virtual machines Specifically, we examine how local access control policies implemented in individual virtual machines and a hypervisor can be shown to satisfy global access control constraints The SAL model checker is used to model and verify a collection of stateful domains with protected resources and local MAC policies attempting to access needed resources from other domains The model is described along with verification conditions The need to control state-space explosion is motivated and techniques for writing theorems and limiting domains explored Finally, analysis results are examined along with analysis complexity

Method of validating a private-public key pair

Abstract: A key pair validation method provides for a first party to generate a seed to define a private key, a public key, a session key and a validation field for the purpose of performing a cryptographic activity with a second party. The validation field is determined by encrypting the first party seed. The second party receives the first party public key and the validation field from the first party. The second party calculates a session key and utilizing the calculated session key, decrypts a cipher text to recover the first party's seed and the first party's private and public key. The recovered first party public key is compared to the received first party public key. If the received and recovered public keys match, the private-public key pair received from the first party is validated and the second party proceeds with the cryptographic task. If the received and recovered public keys do not match, the second party simply reports to the first party that the cryptographic task failed.